libsoup-2.4: refresh CVE-2025-4969.patch

author Changqing Li <changqing.li@windriver.com>

Mon, 7 Jul 2025 05:58:33 +0000 (13:58 +0800)

committer Steve Sakoman <steve@sakoman.com>

Tue, 8 Jul 2025 21:45:39 +0000 (14:45 -0700)
author Changqing Li <changqing.li@windriver.com>
Mon, 7 Jul 2025 05:58:33 +0000 (13:58 +0800)
committer Steve Sakoman <steve@sakoman.com>
Tue, 8 Jul 2025 21:45:39 +0000 (14:45 -0700)
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch

index d45b2a2cb06446e4243a2d36c0dd826e74a79bfe..c1936b0b0cffa6404a83e3de9c92438a886688ee 100644 (file)
--- a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch
@@ -13,10 +13,20 @@ Closes https://gitlab.gnome.org/GNOME/libsoup/-/issues/447
  Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/07b94e27afafebf31ef3cd868866a1e383750086]
  CVE: CVE-2025-4969
  Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+
+Refresh the patch, remove the test part, following commit in libsoup3 has a
+type refactor, which make the test is not suitable for libsoup2
+[0d7e672e forms: Use GBytes instead of SoupMessageBody]
+The test part will cause libsoup-2.3-native build failed on fedora40/41:
+../libsoup-2.74.3/tests/multipart-test.c:578:63: error: passing argument 2 of ‘soup_multipart_new_from_message’ from incompatible pointer type [-Wincompatible-pointer-types]
+  578 |         multipart = soup_multipart_new_from_message (headers, bytes);
+      |                                                               ^~~~~
+      |                                                               |
+      |                                                               GBytes * {aka struct _GBytes *}
+
  ---
   libsoup/soup-multipart.c |  2 +-
- tests/multipart-test.c   | 22 ++++++++++++++++++++++
- 2 files changed, 23 insertions(+), 1 deletion(-)
+ 1 files changed, 1 insertions(+), 1 deletion(-)
  
  diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
  index dd93973..b3611db 100644
@@ -31,46 +41,6 @@ index dd93973..b3611db 100644
                         continue;
   
                 /* Check for "--" or "\r\n" after boundary */
-diff --git a/tests/multipart-test.c b/tests/multipart-test.c
-index 834b181..980eb68 100644
---- a/tests/multipart-test.c
-+++ b/tests/multipart-test.c
-@@ -562,6 +562,27 @@ test_multipart_bounds_bad (void)
-       g_bytes_unref (bytes);
- }
- 
-+static void
-+test_multipart_bounds_bad_2 (void)
-+{
-+      SoupMultipart *multipart;
-+      SoupMessageHeaders *headers;
-+      GBytes *bytes;
-+      const char *raw_data = "\n--123\r\nline\r\n--123--\r";
-+
-+      headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
-+      soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
-+
-+      bytes = g_bytes_new (raw_data, strlen (raw_data));
-+
-+      multipart = soup_multipart_new_from_message (headers, bytes);
-+      g_assert_nonnull (multipart);
-+
-+      soup_multipart_free (multipart);
-+      soup_message_headers_free (headers);
-+      g_bytes_unref (bytes);
-+}
-+
- int
- main (int argc, char **argv)
- {
-@@ -593,6 +614,7 @@ main (int argc, char **argv)
-       g_test_add_data_func ("/multipart/async-small-reads", GINT_TO_POINTER (ASYNC_MULTIPART_SMALL_READS), test_multipart);
-       g_test_add_func ("/multipart/bounds-good", test_multipart_bounds_good);
-       g_test_add_func ("/multipart/bounds-bad", test_multipart_bounds_bad);
-+      g_test_add_func ("/multipart/bounds-bad-2", test_multipart_bounds_bad_2);
- 
-       ret = g_test_run ();
- 
  -- 
  2.49.0
author	Changqing Li <changqing.li@windriver.com>
	Mon, 7 Jul 2025 05:58:33 +0000 (13:58 +0800)
committer	Steve Sakoman <steve@sakoman.com>
	Tue, 8 Jul 2025 21:45:39 +0000 (14:45 -0700)