1 files changed, 97 insertions, 0 deletions
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch
new file mode 100644
index 0000000000..de4faf5380
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch
@@ -0,0 +1,97 @@
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Sun, 8 Dec 2024 20:00:35 -0600
+Subject: auth-digest: Handle missing realm in authenticate header
+(cherry picked from commit e40df6d48a1cbab56f5d15016cc861a503423cfe)
+Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/blob/debian/bullseye/debian/patches/CVE-2025-32910-1.patch?ref_type=heads
+Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe]
+CVE: CVE-2025-32910
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-auth-digest.c |  3 +++
+ tests/auth-test.c          | 50 ++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 53 insertions(+)
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index e8ba990..263a15a 100644
+--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
+@@ -142,6 +142,9 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+        guint qop_options;
+        gboolean ok = TRUE;
+ 
+        if (!soup_auth_get_realm (auth))
+                return FALSE;
+
+        g_free (priv->domain);
+        g_free (priv->nonce);
+        g_free (priv->opaque);
+diff --git a/tests/auth-test.c b/tests/auth-test.c
+index 8295ec3..dfc6b09 100644
+--- a/tests/auth-test.c
+++ b/tests/auth-test.c
+@@ -1549,6 +1549,55 @@ do_cancel_after_retry_test (void)
+         soup_test_session_abort_unref (session);
+ }
+ 
+static void
+on_request_read_for_missing_realm (SoupServer        *server,
+                                   SoupServerMessage *msg,
+                                   gpointer           user_data)
+{
+        SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg);
+        soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\"");
+}
+
+static void
+do_missing_realm_test (void)
+{
+        SoupSession *session;
+        SoupMessage *msg;
+        SoupServer *server;
+        SoupAuthDomain *digest_auth_domain;
+        gint status;
+        GUri *uri;
+
+        server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
+       soup_server_add_handler (server, NULL,
+                                server_callback, NULL, NULL);
+       uri = soup_test_server_get_uri (server, "http", NULL);
+
+       digest_auth_domain = soup_auth_domain_digest_new (
+               "realm", "auth-test",
+               "auth-callback", server_digest_auth_callback,
+               NULL);
+        soup_auth_domain_add_path (digest_auth_domain, "/");
+       soup_server_add_auth_domain (server, digest_auth_domain);
+        g_object_unref (digest_auth_domain);
+
+        g_signal_connect (server, "request-read",
+                          G_CALLBACK (on_request_read_for_missing_realm),
+                          NULL);
+
+        session = soup_test_session_new (NULL);
+        msg = soup_message_new_from_uri ("GET", uri);
+        g_signal_connect (msg, "authenticate",
+                          G_CALLBACK (on_digest_authenticate),
+                          NULL);
+
+        status = soup_test_session_send_message (session, msg);
+
+        g_assert_cmpint (status, ==, SOUP_STATUS_UNAUTHORIZED);
+       g_uri_unref (uri);
+       soup_test_server_quit_unref (server);
+}
+
+ int
+ main (int argc, char **argv)
+ {
+@@ -1576,6 +1625,7 @@ main (int argc, char **argv)
+        g_test_add_func ("/auth/async-message-do-not-use-auth-cache", do_async_message_do_not_use_auth_cache_test);
+        g_test_add_func ("/auth/authorization-header-request", do_message_has_authorization_header_test);
+        g_test_add_func ("/auth/cancel-after-retry", do_cancel_after_retry_test);
+        g_test_add_func ("/auth/missing-realm", do_missing_realm_test);
+ 
+        ret = g_test_run ();
+

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch new file mode 100644 index 0000000000..de4faf5380 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch
@@ -0,0 +1,97 @@
	1	From: Patrick Griffis <pgriffis@igalia.com>
	2	Date: Sun, 8 Dec 2024 20:00:35 -0600
	3	Subject: auth-digest: Handle missing realm in authenticate header
	4
	5	(cherry picked from commit e40df6d48a1cbab56f5d15016cc861a503423cfe)
	6
	7	Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/blob/debian/bullseye/debian/patches/CVE-2025-32910-1.patch?ref_type=heads
	8	Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe]
	9	CVE: CVE-2025-32910
	10	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	11	---
	12	libsoup/soup-auth-digest.c \| 3 +++
	13	tests/auth-test.c \| 50 ++++++++++++++++++++++++++++++++++++++++++++++
	14	2 files changed, 53 insertions(+)
	15
	16	diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
	17	index e8ba990..263a15a 100644
	18	--- a/libsoup/soup-auth-digest.c
	19	+++ b/libsoup/soup-auth-digest.c
	20	@@ -142,6 +142,9 @@ soup_auth_digest_update (SoupAuth auth, SoupMessage msg,
	21	guint qop_options;
	22	gboolean ok = TRUE;
	23
	24	+ if (!soup_auth_get_realm (auth))
	25	+ return FALSE;
	26	+
	27	g_free (priv->domain);
	28	g_free (priv->nonce);
	29	g_free (priv->opaque);
	30	diff --git a/tests/auth-test.c b/tests/auth-test.c
	31	index 8295ec3..dfc6b09 100644
	32	--- a/tests/auth-test.c
	33	+++ b/tests/auth-test.c
	34	@@ -1549,6 +1549,55 @@ do_cancel_after_retry_test (void)
	35	soup_test_session_abort_unref (session);
	36	}
	37
	38	+static void
	39	+on_request_read_for_missing_realm (SoupServer *server,
	40	+ SoupServerMessage *msg,
	41	+ gpointer user_data)
	42	+{
	43	+ SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg);
	44	+ soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\"");
	45	+}
	46	+
	47	+static void
	48	+do_missing_realm_test (void)
	49	+{
	50	+ SoupSession *session;
	51	+ SoupMessage *msg;
	52	+ SoupServer *server;
	53	+ SoupAuthDomain *digest_auth_domain;
	54	+ gint status;
	55	+ GUri *uri;
	56	+
	57	+ server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
	58	+ soup_server_add_handler (server, NULL,
	59	+ server_callback, NULL, NULL);
	60	+ uri = soup_test_server_get_uri (server, "http", NULL);
	61	+
	62	+ digest_auth_domain = soup_auth_domain_digest_new (
	63	+ "realm", "auth-test",
	64	+ "auth-callback", server_digest_auth_callback,
	65	+ NULL);
	66	+ soup_auth_domain_add_path (digest_auth_domain, "/");
	67	+ soup_server_add_auth_domain (server, digest_auth_domain);
	68	+ g_object_unref (digest_auth_domain);
	69	+
	70	+ g_signal_connect (server, "request-read",
	71	+ G_CALLBACK (on_request_read_for_missing_realm),
	72	+ NULL);
	73	+
	74	+ session = soup_test_session_new (NULL);
	75	+ msg = soup_message_new_from_uri ("GET", uri);
	76	+ g_signal_connect (msg, "authenticate",
	77	+ G_CALLBACK (on_digest_authenticate),
	78	+ NULL);
	79	+
	80	+ status = soup_test_session_send_message (session, msg);
	81	+
	82	+ g_assert_cmpint (status, ==, SOUP_STATUS_UNAUTHORIZED);
	83	+ g_uri_unref (uri);
	84	+ soup_test_server_quit_unref (server);
	85	+}
	86	+
	87	int
	88	main (int argc, char **argv)
	89	{
	90	@@ -1576,6 +1625,7 @@ main (int argc, char **argv)
	91	g_test_add_func ("/auth/async-message-do-not-use-auth-cache", do_async_message_do_not_use_auth_cache_test);
	92	g_test_add_func ("/auth/authorization-header-request", do_message_has_authorization_header_test);
	93	g_test_add_func ("/auth/cancel-after-retry", do_cancel_after_retry_test);
	94	+ g_test_add_func ("/auth/missing-realm", do_missing_realm_test);
	95
	96	ret = g_test_run ();
	97