diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-11021.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-11021.patch new file mode 100644 index 0000000000..9bba0929b7 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-11021.patch @@ -0,0 +1,57 @@ +From 9e1a427d2f047439d0320defe1593e6352595788 Mon Sep 17 00:00:00 2001 +From: Alynx Zhou +Date: Sat, 11 Oct 2025 15:52:47 +0800 +Subject: [PATCH] cookies: Avoid expires attribute if date is invalid + +According to CVE-2025-11021, we may get invalid on processing date +string with timezone offset, this commit will ignore it. + +Closes #459 + +CVE: CVE-2025-11021 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9e1a427d2f047439d0320defe1593e6352595788] +Signed-off-by: Hitendra Prajapati +--- + libsoup/cookies/soup-cookie.c | 9 +++++---- + libsoup/soup-date-utils.c | 3 +++ + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/libsoup/cookies/soup-cookie.c b/libsoup/cookies/soup-cookie.c +index 7c41b1d..5af154d 100644 +--- a/libsoup/cookies/soup-cookie.c ++++ b/libsoup/cookies/soup-cookie.c +@@ -726,12 +726,13 @@ serialize_cookie (SoupCookie *cookie, GString *header, gboolean set_cookie) + + if (cookie->expires) { + char *timestamp; +- +- g_string_append (header, "; expires="); + timestamp = soup_date_time_to_string (cookie->expires, + SOUP_DATE_COOKIE); +- g_string_append (header, timestamp); +- g_free (timestamp); ++ if (timestamp) { ++ g_string_append (header, "; expires="); ++ g_string_append (header, timestamp); ++ g_free (timestamp); ++ } + } + if (cookie->path) { + g_string_append (header, "; path="); +diff --git a/libsoup/soup-date-utils.c b/libsoup/soup-date-utils.c +index 34ca995..ae5504d 100644 +--- a/libsoup/soup-date-utils.c ++++ b/libsoup/soup-date-utils.c +@@ -95,6 +95,9 @@ soup_date_time_to_string (GDateTime *date, + char *date_format; + char *formatted_date; + ++ if (!utcdate) ++ return NULL; ++ + // We insert days/months ourselves to avoid locale specific formatting + if (format == SOUP_DATE_HTTP) { + /* "Sun, 06 Nov 1994 08:49:37 GMT" */ +-- +2.50.1 + diff --git a/meta/recipes-support/libsoup/libsoup_3.4.4.bb b/meta/recipes-support/libsoup/libsoup_3.4.4.bb index fc4a286dcf..8fe3775e1e 100644 --- a/meta/recipes-support/libsoup/libsoup_3.4.4.bb +++ b/meta/recipes-support/libsoup/libsoup_3.4.4.bb @@ -51,6 +51,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-32049-2.patch \ file://CVE-2025-32049-3.patch \ file://CVE-2025-32049-4.patch \ + file://CVE-2025-11021.patch \ " SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa"