From: Changqing Li Date: Fri, 6 Jun 2025 06:50:02 +0000 (+0800) Subject: libsoup-2.4: fix CVE-2025-2784 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c014c1b96f4ebeb0f6f504b6c7c0d8063b6a6b7;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git libsoup-2.4: fix CVE-2025-2784 Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/422 Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch new file mode 100644 index 0000000000..106f907168 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch @@ -0,0 +1,56 @@ +From 2eacbd762332795e00692ddab2515c6da23198d3 Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Mon, 12 May 2025 14:06:41 +0800 +Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space() + +CVE: CVE-2025-2784 +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435/diffs?commit_id=242a10fbb12dbdc12d254bd8fc8669a0ac055304; + https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/442/diffs?commit_id=c415ad0b6771992e66c70edf373566c6e247089d] + +Test code is not added since it uses some functions not defined in +version 2.74. These tests are not used now, so just ignore them. + +Signed-off-by: Changqing Li +--- + libsoup/soup-content-sniffer.c | 9 +++---- + 1 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c +index 5f2896e..9554636 100644 +--- a/libsoup/soup-content-sniffer.c ++++ b/libsoup/soup-content-sniffer.c +@@ -612,8 +612,10 @@ sniff_text_or_binary (SoupContentSniffer *sniffer, SoupBuffer *buffer) + } + + static gboolean +-skip_insignificant_space (const char *resource, int *pos, int resource_length) ++skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length) + { ++ if (*pos >= resource_length) ++ return TRUE; + while ((resource[*pos] == '\x09') || + (resource[*pos] == '\x20') || + (resource[*pos] == '\x0A') || +@@ -632,7 +634,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer) + { + const char *resource = (const char *)buffer->data; + int resource_length = MIN (512, buffer->length); +- int pos = 0; ++ gsize pos = 0; + + if (resource_length < 3) + goto text_html; +@@ -642,9 +644,6 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer) + pos = 3; + + look_for_tag: +- if (pos > resource_length) +- goto text_html; +- + if (skip_insignificant_space (resource, &pos, resource_length)) + goto text_html; + +-- +2.34.1 + diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb index 8f0b706276..0da309ebd8 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb @@ -39,6 +39,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-46421.patch \ file://CVE-2025-4948.patch \ file://CVE-2025-4476.patch \ + file://CVE-2025-2784.patch \ " SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"