MIRRORS/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2025-12-15 06:45:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

libsoup-2.4: fix CVE-2025-2784

Browse Source 
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Changqing Li 2025-06-13 14:54:25 +08:00 committed by Khem Raj
parent f7b0f9cd33
commit 4b861e84d9
No known key found for this signature in database
GPG Key ID: BB053355919D3314
2 changed files with 57 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch Normal file
View File

@ -0,0 +1,56 @@
From 2eacbd762332795e00692ddab2515c6da23198d3 Mon Sep 17 00:00:00 2001
From: Changqing Li <changqing.li@windriver.com>
Date: Mon, 12 May 2025 14:06:41 +0800
Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space()
CVE: CVE-2025-2784
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435/diffs?commit_id=242a10fbb12dbdc12d254bd8fc8669a0ac055304;
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/442/diffs?commit_id=c415ad0b6771992e66c70edf373566c6e247089d]
Test code is not added since it uses some functions not defined in
version 2.74. These tests are not used now, so just ignore them.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
libsoup/soup-content-sniffer.c | 9 +++----
1 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
index 5f2896e..9554636 100644
--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -612,8 +612,10 @@ sniff_text_or_binary (SoupContentSniffer *sniffer, SoupBuffer *buffer)
}
static gboolean
-skip_insignificant_space (const char *resource, int *pos, int resource_length)
+skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length)
{
+ if (*pos >= resource_length)
+ return TRUE;
while ((resource[*pos] == '\x09') ||
(resource[*pos] == '\x20') ||
(resource[*pos] == '\x0A') ||
@@ -632,7 +634,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
{
const char *resource = (const char *)buffer->data;
int resource_length = MIN (512, buffer->length);
- int pos = 0;
+ gsize pos = 0;
if (resource_length < 3)
goto text_html;
@@ -642,9 +644,6 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
pos = 3;
look_for_tag:
- if (pos > resource_length)
- goto text_html;
-
if (skip_insignificant_space (resource, &pos, resource_length))
goto text_html;
--
2.34.1

1
meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
View File

@ -20,6 +20,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2024-52532-2.patch \
file://CVE-2024-52532-3.patch \
file://CVE-2025-32053.patch \
file://CVE-2025-2784.patch \
"
SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"