summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorChangqing Li <changqing.li@windriver.com>2025-06-06 14:49:56 +0800
committerSteve Sakoman <steve@sakoman.com>2025-06-13 08:58:00 -0700
commite4ebf3effd8125761f9dfd88ad290db6cae99971 (patch)
tree4b4016e3914a93d62f712bc90f8c1770a6fa9a07 /meta
parenta7a45d58e0feda6803b3d76a2ee71e39a52e752e (diff)
downloadpoky-e4ebf3effd8125761f9dfd88ad290db6cae99971.tar.gz
libsoup: fix CVE-2025-32050
Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/424 (From OE-Core rev: 563a34faae35e4587fe2740c26c4bc149555a5de) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32050.patch29
-rw-r--r--meta/recipes-support/libsoup/libsoup_3.4.4.bb1
2 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32050.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32050.patch
new file mode 100644
index 0000000000..e5a4d747a1
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32050.patch
@@ -0,0 +1,29 @@
1From 30c86c9a284cf6f366ac87df0bca3e18a5de8671 Mon Sep 17 00:00:00 2001
2From: Patrick Griffis <pgriffis@igalia.com>
3Date: Mon, 28 Oct 2024 12:29:48 -0500
4Subject: [PATCH] Fix using int instead of size_t for strcspn return
5
6CVE: CVE-2025-32050
7Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323]
8
9Signed-off-by: Changqing Li <changqing.li@windriver.com>
10---
11 libsoup/soup-headers.c | 2 +-
12 1 file changed, 1 insertion(+), 1 deletion(-)
13
14diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
15index 5fb32c2..52ef2ec 100644
16--- a/libsoup/soup-headers.c
17+++ b/libsoup/soup-headers.c
18@@ -906,7 +906,7 @@ append_param_quoted (GString *string,
19 const char *name,
20 const char *value)
21 {
22- int len;
23+ gsize len;
24
25 g_string_append (string, name);
26 g_string_append (string, "=\"");
27--
282.34.1
29
diff --git a/meta/recipes-support/libsoup/libsoup_3.4.4.bb b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
index 9af7de192f..23d44d1572 100644
--- a/meta/recipes-support/libsoup/libsoup_3.4.4.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
@@ -40,6 +40,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
40 file://CVE-2025-32052.patch \ 40 file://CVE-2025-32052.patch \
41 file://CVE-2025-32051-1.patch \ 41 file://CVE-2025-32051-1.patch \
42 file://CVE-2025-32051-2.patch \ 42 file://CVE-2025-32051-2.patch \
43 file://CVE-2025-32050.patch \
43" 44"
44SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa" 45SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa"
45 46
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-01-31 04:50:09 +0000