libsoup-2.4: fix CVE-2025-4476

Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/440 (From OE-Core rev: 2be01469687f30f33b768164f66916b081cc8c62) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Changqing Li <changqing.li@windriver.com> 2025-06-18 10:59:45 +0800
committer: Steve Sakoman <steve@sakoman.com> 2025-06-25 08:11:58 -0700
commit: b4284b3eb2c29e00f9cf22113bfd4b165f76dff9 (patch)
tree: 6f18067cef2e8125238087c4a77c964f13ce325a /meta/recipes-support
parent: 09407f375dd9b1b6a3684f4a18f70c6ee7e4b5dd (diff)
download: poky-b4284b3eb2c29e00f9cf22113bfd4b165f76dff9.tar.gz
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch
new file mode 100644
index 0000000000..874f62e7ad
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch
@@ -0,0 +1,38 @@
+From 52a0f9234d384b9dab368835b22e5a5a01542168 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Fri, 16 May 2025 14:16:10 +0800
+Subject: [PATCH] auth-digest: fix crash in
+ soup_auth_digest_get_protection_space()
+We need to validate the Domain parameter in the WWW-Authenticate header.
+Unfortunately this crash only occurs when listening on default ports 80
+and 443, so there's no good way to test for this. The test would require
+running as root.
+Fixes #440
+CVE: CVE-2025-4476
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c?merge_request_iid=457]
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-auth-digest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index f1621ec..a2dc560 100644
+--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
+@@ -229,7 +229,7 @@ soup_auth_digest_get_protection_space (SoupAuth *auth, SoupURI *source_uri)
+                        uri = soup_uri_new (d);
+                        if (uri && uri->scheme == source_uri->scheme &&
+                            uri->port == source_uri->port &&
+-                           !strcmp (uri->host, source_uri->host))
+                           !g_strcmp0 (uri->host, source_uri->host))
+                                dir = g_strdup (uri->path);
+                        else
+                                dir = NULL;
+-- 
+2.34.1
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
index aa2903030d..686e3b6720 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
@@ -41,6 +41,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
           file://CVE-2025-32907.patch \
           file://CVE-2025-46421.patch \
           file://CVE-2025-4948.patch \
+           file://CVE-2025-4476.patch \
          "
 SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159"
author	Changqing Li <changqing.li@windriver.com>	2025-06-18 10:59:45 +0800
committer	Steve Sakoman <steve@sakoman.com>	2025-06-25 08:11:58 -0700
commit	b4284b3eb2c29e00f9cf22113bfd4b165f76dff9 (patch)
tree	6f18067cef2e8125238087c4a77c964f13ce325a /meta/recipes-support
parent	09407f375dd9b1b6a3684f4a18f70c6ee7e4b5dd (diff)
download	poky-b4284b3eb2c29e00f9cf22113bfd4b165f76dff9.tar.gz

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch new file mode 100644 index 0000000000..874f62e7ad --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch
@@ -0,0 +1,38 @@
		1	From 52a0f9234d384b9dab368835b22e5a5a01542168 Mon Sep 17 00:00:00 2001
		2	From: Changqing Li <changqing.li@windriver.com>
		3	Date: Fri, 16 May 2025 14:16:10 +0800
		4	Subject: [PATCH] auth-digest: fix crash in
		5	soup_auth_digest_get_protection_space()
		6
		7	We need to validate the Domain parameter in the WWW-Authenticate header.
		8
		9	Unfortunately this crash only occurs when listening on default ports 80
		10	and 443, so there's no good way to test for this. The test would require
		11	running as root.
		12
		13	Fixes #440
		14
		15	CVE: CVE-2025-4476
		16	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c?merge_request_iid=457]
		17
		18	Signed-off-by: Changqing Li <changqing.li@windriver.com>
		19	---
		20	libsoup/soup-auth-digest.c \| 2 +-
		21	1 file changed, 1 insertion(+), 1 deletion(-)
		22
		23	diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
		24	index f1621ec..a2dc560 100644
		25	--- a/libsoup/soup-auth-digest.c
		26	+++ b/libsoup/soup-auth-digest.c
		27	@@ -229,7 +229,7 @@ soup_auth_digest_get_protection_space (SoupAuth auth, SoupURI source_uri)
		28	uri = soup_uri_new (d);
		29	if (uri && uri->scheme == source_uri->scheme &&
		30	uri->port == source_uri->port &&
		31	- !strcmp (uri->host, source_uri->host))
		32	+ !g_strcmp0 (uri->host, source_uri->host))
		33	dir = g_strdup (uri->path);
		34	else
		35	dir = NULL;
		36	--
		37	2.34.1
		38


diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb index aa2903030d..686e3b6720 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
@@ -41,6 +41,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
41	file://CVE-2025-32907.patch \	41	file://CVE-2025-32907.patch \
42	file://CVE-2025-46421.patch \	42	file://CVE-2025-46421.patch \
43	file://CVE-2025-4948.patch \	43	file://CVE-2025-4948.patch \
		44	file://CVE-2025-4476.patch \
44	"	45	"
45	SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159"	46	SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159"
46		47