mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-04 23:02:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

libsoup: fix CVE-2025-32051

Browse Source 
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/401

(From OE-Core rev: 4af9a40f53a6a9607999f0f4b28d2ce1eaf325a2)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Changqing Li
2025-06-18 10:59:38 +08:00
committed by Steve Sakoman
parent 3fc748ecd7
commit f9ae7a93d4
3 changed files with 88 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
meta/recipes-support/libsoup/libsoup/CVE-2025-32051-1.patch Normal file
View File

@@ -0,0 +1,29 @@
From dc5db30989f385303c79ec3188c52e33f6f5886e Mon Sep 17 00:00:00 2001
From: Ar Jun <pkillarjun@protonmail.com>
Date: Sat, 16 Nov 2024 11:50:09 -0600
Subject: [PATCH 1/2] Fix possible NULL deref in soup_uri_decode_data_uri
CVE: CVE-2025-32051
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/0713ba4a719da938dc8facc89fca99cd0aa3069f]
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
libsoup/soup-uri-utils.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libsoup/soup-uri-utils.c b/libsoup/soup-uri-utils.c
index be2b79b..0251279 100644
--- a/libsoup/soup-uri-utils.c
+++ b/libsoup/soup-uri-utils.c
@@ -303,6 +303,8 @@ soup_uri_decode_data_uri (const char *uri,
uri_string = g_uri_to_string (soup_uri);
g_uri_unref (soup_uri);
+ if (!uri_string)
+ return NULL;
start = uri_string + 5;
comma = strchr (start, ',');
--
2.34.1

57
meta/recipes-support/libsoup/libsoup/CVE-2025-32051-2.patch Normal file
View File

@@ -0,0 +1,57 @@
From 7d1557a60145927806c88d321e8322a9d9f49bb2 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Fri, 22 Nov 2024 13:39:51 -0600
Subject: [PATCH 2/2] soup_uri_decode_data_uri(): Handle URIs with a path
starting with //
CVE: CVE-2025-32051
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/79cfd65c9bd8024cd45dd725c284766329873709]
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
libsoup/soup-uri-utils.c | 8 ++++++++
tests/uri-parsing-test.c | 2 ++
2 files changed, 10 insertions(+)
diff --git a/libsoup/soup-uri-utils.c b/libsoup/soup-uri-utils.c
index 0251279..1ff11cd 100644
--- a/libsoup/soup-uri-utils.c
+++ b/libsoup/soup-uri-utils.c
@@ -286,6 +286,7 @@ soup_uri_decode_data_uri (const char *uri,
gboolean base64 = FALSE;
char *uri_string;
GBytes *bytes;
+ const char *path;
g_return_val_if_fail (uri != NULL, NULL);
@@ -301,6 +302,13 @@ soup_uri_decode_data_uri (const char *uri,
if (content_type)
*content_type = NULL;
+ /* g_uri_to_string() is picky about paths that start with `//` and will assert. */
+ path = g_uri_get_path (soup_uri);
+ if (path[0] == '/' && path[1] == '/') {
+ g_uri_unref (soup_uri);
+ return NULL;
+ }
+
uri_string = g_uri_to_string (soup_uri);
g_uri_unref (soup_uri);
if (!uri_string)
diff --git a/tests/uri-parsing-test.c b/tests/uri-parsing-test.c
index 1f16273..418391e 100644
--- a/tests/uri-parsing-test.c
+++ b/tests/uri-parsing-test.c
@@ -141,6 +141,8 @@ static struct {
{ "data:text/plain;base64,aGVsbG8=", "hello", "text/plain" },
{ "data:text/plain;base64,invalid=", "", "text/plain" },
{ "data:,", "", CONTENT_TYPE_DEFAULT },
+ { "data:.///", NULL, NULL },
+ { "data:/.//", NULL, NULL },
};
static void
--
2.34.1

2
meta/recipes-support/libsoup/libsoup_3.0.7.bb
View File

@@ -40,6 +40,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2025-4969.patch \
file://CVE-2025-32907-1.patch \
file://CVE-2025-32907-2.patch \
file://CVE-2025-32051-1.patch \
file://CVE-2025-32051-2.patch \
"
SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"