From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 12/27] libsoup: Fix CVE-2025-46420
Date: Tue, 17 Jun 2025 14:20:09 -0700 [thread overview]
Message-ID: <cb3a01ba6535b129608fb8d07261069f1fb4b84a.1750195103.git.steve@sakoman.com> (raw)
In-Reply-To: <cover.1750195103.git.steve@sakoman.com>
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsoup/libsoup/CVE-2025-46420.patch | 60 +++++++++++++++++++
meta/recipes-support/libsoup/libsoup_3.0.7.bb | 1 +
2 files changed, 61 insertions(+)
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-46420.patch
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-46420.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-46420.patch
new file mode 100644
index 0000000000..dbaec12f7d
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-46420.patch
@@ -0,0 +1,60 @@
+From c9083869ec2a3037e6df4bd86b45c419ba295f8e Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Thu, 26 Dec 2024 18:31:42 -0600
+Subject: [PATCH] soup_header_parse_quality_list: Fix leak
+
+When iterating over the parsed list we now steal the allocated strings that we want and then free_full the list which may contain remaining strings.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e]
+CVE: CVE-2025-46420
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index a5f7a7f6..85385cea 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -530,7 +530,7 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+ GSList *unsorted;
+ QualityItem *array;
+ GSList *sorted, *iter;
+- char *item, *semi;
++ char *semi;
+ const char *param, *equal, *value;
+ double qval;
+ int n;
+@@ -543,9 +543,8 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+ unsorted = soup_header_parse_list (header);
+ array = g_new0 (QualityItem, g_slist_length (unsorted));
+ for (iter = unsorted, n = 0; iter; iter = iter->next) {
+- item = iter->data;
+ qval = 1.0;
+- for (semi = strchr (item, ';'); semi; semi = strchr (semi + 1, ';')) {
++ for (semi = strchr (iter->data, ';'); semi; semi = strchr (semi + 1, ';')) {
+ param = skip_lws (semi + 1);
+ if (*param != 'q')
+ continue;
+@@ -577,15 +576,15 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+ if (qval == 0.0) {
+ if (unacceptable) {
+ *unacceptable = g_slist_prepend (*unacceptable,
+- item);
++ g_steal_pointer (&iter->data));
+ }
+ } else {
+- array[n].item = item;
++ array[n].item = g_steal_pointer (&iter->data);
+ array[n].qval = qval;
+ n++;
+ }
+ }
+- g_slist_free (unsorted);
++ g_slist_free_full (unsorted, g_free);
+
+ qsort (array, n, sizeof (QualityItem), sort_by_qval);
+ sorted = NULL;
+--
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index a90f683cb8..67aa180612 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -35,6 +35,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2025-32050.patch \
file://CVE-2025-32052.patch \
file://CVE-2025-32053.patch \
+ file://CVE-2025-46420.patch \
"
SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
--
2.43.0
next prev parent reply other threads:[~2025-06-17 21:20 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
2025-06-17 21:19 ` [OE-core][kirkstone 01/27] Glibc: Fix for CVE-2025-4802 Steve Sakoman
2025-06-17 21:19 ` [OE-core][kirkstone 02/27] python3-requests: fix CVE-2024-47081 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 03/27] net-tools: patch CVE-2025-46836 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 04/27] libsoup-2.4: Fix CVE-2025-2784 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 05/27] libsoup: " Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 06/27] libsoup-2.4: Fix CVE-2025-32050 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 07/27] libsoup: " Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 08/27] libsoup-2.4: Fix CVE-2025-32052 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 09/27] libsoup: " Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 10/27] libsoup-2.4: Fix CVE-2025-32053 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 11/27] libsoup: " Steve Sakoman
2025-06-17 21:20 ` Steve Sakoman [this message]
2025-06-17 21:20 ` [OE-core][kirkstone 13/27] ffmpeg: fix CVE-2025-1373 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 14/27] ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 15/27] scripts/install-buildtools: Update to 4.0.27 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 16/27] babeltrace/libatomic-ops: correct the SRC_URI Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 17/27] libpng: Improve ptest Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 18/27] xz: Update LICENSE variable for xz packages Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 19/27] e2fsprogs: removed 'sed -u' option Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 20/27] glibc: pthreads NPTL lost wakeup fix 2 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 21/27] glibc: nptl Update comments and indentation for new condvar implementation Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 22/27] glibc: nptl Remove unnecessary catch-all-wake in condvar group switch Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 23/27] glibc: nptl Remove unnecessary quadruple check in pthread_cond_wait Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 24/27] glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested loop Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 25/27] glibc: nptl Fix indentation Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 26/27] glibc: nptl rename __condvar_quiesce_and_switch_g1 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 27/27] glibc: nptl Use all of g1_start and g_signals Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cb3a01ba6535b129608fb8d07261069f1fb4b84a.1750195103.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox