1 files changed, 68 insertions, 0 deletions
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch
new file mode 100644
index 0000000000..9c838a55af
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch
@@ -0,0 +1,68 @@
+From f31dfc357ffdd8d18d3593a06cd4acb888eaba70 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 13 May 2025 14:20:46 +0200
+Subject: [PATCH 2/2] server-mem-limit-test: Limit memory usage only when not
+ built witha sanitizer
+A build with -Db_sanitize=address crashes with failed mmap(), which is done
+inside libasan. The test requires 20.0TB of virtual memory when running with
+the sanitizer, which is beyond unsigned integer limits and may not trigger
+the bug anyway.
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
+CVE: CVE-2025-32907
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits]
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ meson.build                   |  4 ++++
+ tests/server-mem-limit-test.c | 13 +++++++++----
+ 2 files changed, 13 insertions(+), 4 deletions(-)
+diff --git a/meson.build b/meson.build
+index d4110da..74323ea 100644
+--- a/meson.build
+++ b/meson.build
+@@ -357,6 +357,10 @@ configinc = include_directories('.')
+ 
+ prefix = get_option('prefix')
+ 
+if get_option('b_sanitize') != 'none'
+  cdata.set_quoted('B_SANITIZE_OPTION', get_option('b_sanitize'))
+endif
+
+ cdata.set_quoted('PACKAGE_VERSION', soup_version)
+ cdata.set_quoted('LOCALEDIR', join_paths(prefix, get_option('localedir')))
+ cdata.set_quoted('GETTEXT_PACKAGE', libsoup_api_name)
+diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c
+index 98f1c40..65dc875 100644
+--- a/tests/server-mem-limit-test.c
+++ b/tests/server-mem-limit-test.c
+@@ -126,14 +126,19 @@ main (int argc, char **argv)
+ {
+        int ret;
+ 
+-       test_init (argc, argv, NULL);
+-
+-       #ifndef G_OS_WIN32
+-       struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 };
+       /* a build with an address sanitizer may crash on mmap() with the limit,
+          thus skip the limit set in such case, even it may not necessarily
+          trigger the bug if it regresses */
+       #if !defined(G_OS_WIN32) && !defined(B_SANITIZE_OPTION)
+       struct rlimit new_rlimit = { 1024UL * 1024UL * 1024UL * 2UL, 1024UL * 1024UL * 1024UL * 2UL };
+        /* limit memory usage, to trigger too large memory allocation abort */
+        g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0);
+       #else
+       g_message ("server-mem-limit-test: Running without memory limit");
+        #endif
+ 
+       test_init (argc, argv, NULL);
+
+        g_test_add ("/server-mem/range-overlaps", ServerData, NULL,
+                    server_setup, do_ranges_overlaps_test, server_teardown);
+ 
+-- 
+2.34.1

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch new file mode 100644 index 0000000000..9c838a55af --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch
@@ -0,0 +1,68 @@
	1	From f31dfc357ffdd8d18d3593a06cd4acb888eaba70 Mon Sep 17 00:00:00 2001
	2	From: Milan Crha <mcrha@redhat.com>
	3	Date: Tue, 13 May 2025 14:20:46 +0200
	4	Subject: [PATCH 2/2] server-mem-limit-test: Limit memory usage only when not
	5	built witha sanitizer
	6
	7	A build with -Db_sanitize=address crashes with failed mmap(), which is done
	8	inside libasan. The test requires 20.0TB of virtual memory when running with
	9	the sanitizer, which is beyond unsigned integer limits and may not trigger
	10	the bug anyway.
	11
	12	Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
	13
	14	CVE: CVE-2025-32907
	15	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits]
	16
	17	Signed-off-by: Changqing Li <changqing.li@windriver.com>
	18	---
	19	meson.build \| 4 ++++
	20	tests/server-mem-limit-test.c \| 13 +++++++++----
	21	2 files changed, 13 insertions(+), 4 deletions(-)
	22
	23	diff --git a/meson.build b/meson.build
	24	index d4110da..74323ea 100644
	25	--- a/meson.build
	26	+++ b/meson.build
	27	@@ -357,6 +357,10 @@ configinc = include_directories('.')
	28
	29	prefix = get_option('prefix')
	30
	31	+if get_option('b_sanitize') != 'none'
	32	+ cdata.set_quoted('B_SANITIZE_OPTION', get_option('b_sanitize'))
	33	+endif
	34	+
	35	cdata.set_quoted('PACKAGE_VERSION', soup_version)
	36	cdata.set_quoted('LOCALEDIR', join_paths(prefix, get_option('localedir')))
	37	cdata.set_quoted('GETTEXT_PACKAGE', libsoup_api_name)
	38	diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c
	39	index 98f1c40..65dc875 100644
	40	--- a/tests/server-mem-limit-test.c
	41	+++ b/tests/server-mem-limit-test.c
	42	@@ -126,14 +126,19 @@ main (int argc, char **argv)
	43	{
	44	int ret;
	45
	46	- test_init (argc, argv, NULL);
	47	-
	48	- #ifndef G_OS_WIN32
	49	- struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 };
	50	+ /* a build with an address sanitizer may crash on mmap() with the limit,
	51	+ thus skip the limit set in such case, even it may not necessarily
	52	+ trigger the bug if it regresses */
	53	+ #if !defined(G_OS_WIN32) && !defined(B_SANITIZE_OPTION)
	54	+ struct rlimit new_rlimit = { 1024UL * 1024UL * 1024UL * 2UL, 1024UL * 1024UL * 1024UL * 2UL };
	55	/* limit memory usage, to trigger too large memory allocation abort */
	56	g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0);
	57	+ #else
	58	+ g_message ("server-mem-limit-test: Running without memory limit");
	59	#endif
	60
	61	+ test_init (argc, argv, NULL);
	62	+
	63	g_test_add ("/server-mem/range-overlaps", ServerData, NULL,
	64	server_setup, do_ranges_overlaps_test, server_teardown);
	65
	66	--
	67	2.34.1
	68