libsoup: fix for CVE-2025-11021

Pick patch from [1] also mentioned at Debian report in [2]

[1] 9e1a427d2f
[2] https://security-tracker.debian.org/tracker/CVE-2025-11021

(From OE-Core rev: f360fdedfb500cecf6d4e860d599c57b11d6e31d)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
[YC: The CVE fixing patch is d010b0bbd in 3.6.6 (current master/wrynose)]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Hitendra Prajapati
2026-06-10 11:52:02 +05:30
committed by Paul Barker
parent e9dcaec506
commit 8820ef32b5
2 changed files with 58 additions and 0 deletions

View File

@@ -0,0 +1,57 @@
From 9e1a427d2f047439d0320defe1593e6352595788 Mon Sep 17 00:00:00 2001
From: Alynx Zhou <alynx.zhou@gmail.com>
Date: Sat, 11 Oct 2025 15:52:47 +0800
Subject: [PATCH] cookies: Avoid expires attribute if date is invalid
According to CVE-2025-11021, we may get invalid on processing date
string with timezone offset, this commit will ignore it.
Closes #459
CVE: CVE-2025-11021
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9e1a427d2f047439d0320defe1593e6352595788]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
libsoup/cookies/soup-cookie.c | 9 +++++----
libsoup/soup-date-utils.c | 3 +++
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/libsoup/cookies/soup-cookie.c b/libsoup/cookies/soup-cookie.c
index 7c41b1d..5af154d 100644
--- a/libsoup/cookies/soup-cookie.c
+++ b/libsoup/cookies/soup-cookie.c
@@ -726,12 +726,13 @@ serialize_cookie (SoupCookie *cookie, GString *header, gboolean set_cookie)
if (cookie->expires) {
char *timestamp;
-
- g_string_append (header, "; expires=");
timestamp = soup_date_time_to_string (cookie->expires,
SOUP_DATE_COOKIE);
- g_string_append (header, timestamp);
- g_free (timestamp);
+ if (timestamp) {
+ g_string_append (header, "; expires=");
+ g_string_append (header, timestamp);
+ g_free (timestamp);
+ }
}
if (cookie->path) {
g_string_append (header, "; path=");
diff --git a/libsoup/soup-date-utils.c b/libsoup/soup-date-utils.c
index 34ca995..ae5504d 100644
--- a/libsoup/soup-date-utils.c
+++ b/libsoup/soup-date-utils.c
@@ -95,6 +95,9 @@ soup_date_time_to_string (GDateTime *date,
char *date_format;
char *formatted_date;
+ if (!utcdate)
+ return NULL;
+
// We insert days/months ourselves to avoid locale specific formatting
if (format == SOUP_DATE_HTTP) {
/* "Sun, 06 Nov 1994 08:49:37 GMT" */
--
2.50.1

View File

@@ -51,6 +51,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2025-32049-2.patch \
file://CVE-2025-32049-3.patch \
file://CVE-2025-32049-4.patch \
file://CVE-2025-11021.patch \
"
SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa"