[PATCH v3 2/4] libsoup: actually apply patches for CVE-2025-32049 and CVE-2026-1539

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: Ross Burton <ross.burton@arm.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH v3 2/4] libsoup: actually apply patches for CVE-2025-32049 and CVE-2026-1539
Date: Thu, 16 Apr 2026 11:30:58 +0100	[thread overview]
Message-ID: <20260416103100.3152304-2-ross.burton@arm.com> (raw)
In-Reply-To: <20260416103100.3152304-1-ross.burton@arm.com>

The patches were added to SRC_URI before inheriting gnomebase, which
does SRC_URI = "...". This means the patches were never actually part of
SRC_URI, so never applied.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta/recipes-support/libsoup/libsoup_3.6.6.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/libsoup/libsoup_3.6.6.bb b/meta/recipes-support/libsoup/libsoup_3.6.6.bb
index 981e74d8160..b51368adb64 100644
--- a/meta/recipes-support/libsoup/libsoup_3.6.6.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.6.6.bb
@@ -9,6 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
 
 DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2"
 
+inherit gettext gnomebase upstream-version-is-even gobject-introspection gi-docgen vala
+
 SRC_URI[archive.sha256sum] = "51ed0ae06f9d5a40f401ff459e2e5f652f9a510b7730e1359ee66d14d4872740"
 
 SRC_URI += "file://CVE-2025-32049-1.patch \
@@ -20,8 +22,6 @@ SRC_URI += "file://CVE-2025-32049-1.patch \
 
 PROVIDES = "libsoup-3.0"
 
-inherit gettext gnomebase upstream-version-is-even gobject-introspection gi-docgen vala
-
 GIR_MESON_ENABLE_FLAG = 'enabled'
 GIR_MESON_DISABLE_FLAG = 'disabled'
 
-- 
2.43.0

next prev parent reply	other threads:[~2026-04-16 10:31 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-16 10:30 [PATCH v3 1/4] glib-networking: backport fix for CVE-2026-2574 Ross Burton
2026-04-16 10:30 ` Ross Burton [this message]
2026-04-16 10:30 ` [PATCH v3 3/4] libsoup: mark CVEs which have been resolved upstream Ross Burton
2026-04-16 10:31 ` [PATCH v3 4/4] python3-requests: backport fix for CVE-2026-25645 Ross Burton

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:981e74d816 dfblob:b51368adb6 )
 OR (
bs:"[PATCH v3 2/4] libsoup: actually apply patches for CVE-2025-32049 and CVE-2026-1539" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260416103100.3152304-2-ross.burton@arm.com \
    --to=ross.burton@arm.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox