Changqing Li
a4841fb5a2
libsoup: fix CVE-2025-12105
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/481
(From OE-Core rev: 1ac9ad3faf022684ae709f4494a430aee5fb9906)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2026-01-02 06:56:54 -08:00
Changqing Li
60f859e4be
libsoup: fix CVE-2025-4945
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/448
(From OE-Core rev: 6455484a26edc69be806c1356314c018d1940294)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-07-11 08:11:53 -07:00
Changqing Li
7ec28bad4d
libsoup-2.4: fix CVE-2025-4945
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/448
(From OE-Core rev: 92039926b164fae418eed988f6fa172c3554b9e7)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-07-11 08:11:53 -07:00
Changqing Li
e9cf2ef270
libsoup-2.4: refresh CVE-2025-4969.patch
...
refresh CVE-2025-4969.patch to fix the following build failure for
libsoup-2.4-native on fedora40/41:
../libsoup-2.74.3/tests/multipart-test.c:578:63: error: passing argument 2 of ‘soup_multipart_new_from_message’ from incompatible pointer type [-Wincompatible-pointer-types]
578 | multipart = soup_multipart_new_from_message (headers, bytes);
| ^~~~~
| |
| GBytes * {aka struct _GBytes *}
(From OE-Core rev: aaeea20b5c0f0c5a9d6554dd5e9693a9432cfa54)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-07-11 08:11:53 -07:00
Changqing Li
5e4f229917
libsoup: fix CVE-2025-2784
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
(From OE-Core rev: 504d92b01ac9a227e8e57b677f016fdfeccd5666)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-13 08:58:01 -07:00
Changqing Li
8d4c3eb106
libsoup-2.4: fix CVE-2025-2784
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
(From OE-Core rev: 9c014c1b96f4ebeb0f6f504b6c7c0d8063b6a6b7)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-13 08:58:01 -07:00
Changqing Li
47bb754e27
libsoup-2.4: fix CVE-2025-4476
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/440
(From OE-Core rev: ebb87904c97f4b27a023b2347622519c702d4d2d)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-13 08:58:01 -07:00
Changqing Li
859504c475
libsoup: fix CVE-2025-4948
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
(From OE-Core rev: 737d50288a37f51f17cf3fef0422e27dbd115cce)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-13 08:58:01 -07:00
Changqing Li
e21b122523
libsoup-2.4: fix CVE-2025-4948
...
Refer:
http://gitlab.gnome.org/GNOME/libsoup/-/issues/449
(From OE-Core rev: b4fb5cd0d3385989842ad5a84d34cf451679c59a)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-13 08:58:00 -07:00
Changqing Li
2f3419c598
libsoup: fix CVE-2025-46421
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
(From OE-Core rev: f1450eea34202a9cc46294e3d8244c829556c369)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-13 08:58:00 -07:00
Changqing Li
8944014e5c
libsoup-2.4: fix CVE-2025-46421
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
(From OE-Core rev: 9e32f4fd761b591ea2f5ce26381135e9a8db94ce)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-13 08:58:00 -07:00
Changqing Li
e4ebf3effd
libsoup: fix CVE-2025-32050
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/424
(From OE-Core rev: 563a34faae35e4587fe2740c26c4bc149555a5de)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-13 08:58:00 -07:00
Changqing Li
a7a45d58e0
libsoup-2.4: fix CVE-2025-32050
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/424
(From OE-Core rev: d16627901125854f5346711e96d635c704438705)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-13 08:58:00 -07:00
Changqing Li
ee5c55b631
libsoup: fix CVE-2025-32051
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/401
(From OE-Core rev: dd92cad39759b7ad105d8bcd42672847a273bccc)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-13 08:58:00 -07:00
Changqing Li
df0e54f6ab
libsoup: fix CVE-2025-32052
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/425
(From OE-Core rev: 9a8a5072969a326e296d840296cb475fb3c0e2ff)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-13 08:58:00 -07:00
Changqing Li
d81430958e
libsoup-2.4: fix CVE-2025-32052
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/425
(From OE-Core rev: f3890f25cc036fd184578d7b85e6410ee97dc3ad)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-13 08:58:00 -07:00
Changqing Li
bf752e4e25
libsoup: fix CVE-2025-32053
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/426
(From OE-Core rev: 7ce73ed9b7125d02abcf8ec34c80270c2e340d55)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-11 08:17:34 -07:00
Changqing Li
ad1d671be0
libsoup-2.4: fix CVE-2025-32053
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/426
(From OE-Core rev: d6fba14b2e98928bbf2736494e571389892da6b4)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-11 08:17:34 -07:00
Changqing Li
dd4312d080
libsoup-2.4: fix do_compile failure
...
Remove test code for fixing do_compile failure:
../libsoup-2.74.3/tests/auth-test.c:1554:39: error: unknown type name 'SoupServerMessage'; did you mean 'SoupServerClass'?
1554 | SoupServerMessage *msg,
|
(From OE-Core rev: f14a6c98e4cbf4ee2a243387b018e29beab3b56a)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-11 08:17:34 -07:00
Changqing Li
24f024f042
libsoup-2.4: fix CVE-2025-32907
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/428
(From OE-Core rev: de53b2272919b97719e2b7f704154283caebc59f)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-11 08:17:34 -07:00
Changqing Li
33fc8121c9
libsoup: fix CVE-2025-32907
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/429
(From OE-Core rev: a729b18103081acf17420cf91ec202e86cc6be0d)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-11 08:17:34 -07:00
Changqing Li
c04a6271a4
libsoup: fix CVE-2025-32908
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/429
(From OE-Core rev: ff7440fddf5ada072f60cc25f3670cbb74f58167)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-11 08:17:34 -07:00
Hitendra Prajapati
d56536a618
libsoup-2.4: Fix CVE-2025-4969
...
Upstream-Status: Backport from 07b94e27afhprajapati@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-05 08:41:15 -07:00
Hitendra Prajapati
edc0010d0d
libsoup-3.4.4: Fix CVE-2025-4969
...
Upstream-Status: Backport from 07b94e27afhprajapati@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-05 08:41:15 -07:00
Ashish Sharma
474ee8d5de
libsoup: patch CVE-2025-4476
...
Upstream-Status: Backport [e64c221f9casharma@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-02 07:12:34 -07:00
Vijay Anusuri
53ab80ae8f
libsoup-2.4: Fix CVE-2025-32914
...
import patch from debian to fix
CVE-2025-32914
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit 5bfcf81575https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/450
https://security-tracker.debian.org/tracker/CVE-2025-32914
(From OE-Core rev: 8eba970123aca651cbce13e52d43ddaddd76a7cc)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-02 07:12:34 -07:00
Vijay Anusuri
a6c55c0bd7
libsoup-2.4: Fix CVE-2025-32912
...
Upstream-Status: Backport from
cd077513f2910ebdcd3dvanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-02 07:12:34 -07:00
Vijay Anusuri
a0e298a849
libsoup-2.4: Fix CVE-2025-32911 & CVE-2025-32913
...
Upstream-Status: Backport from
7b4ef0e004f4a761fb66vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-02 07:12:34 -07:00
Vijay Anusuri
cca757c461
libsoup-2.4: Fix CVE-2025-32910
...
import patch from debian to fix
CVE-2025-32910
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit e40df6d48a405a8a3459ea16eeacb0https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417
https://security-tracker.debian.org/tracker/CVE-2025-32910
(From OE-Core rev: 0fc936f23e6f70021acf4e711ef49d3a5cc966fe)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-02 07:12:34 -07:00
Ashish Sharma
79babbe58a
libsoup-2.4: Fix CVE-2025-46420
...
Upstream-Status: Backport [c9083869ecasharma@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-27 09:38:57 -07:00
Vijay Anusuri
c418c7ec51
libsoup: Fix CVE-2025-32914
...
Upstream-Status: Backport
[5bfcf81575vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-14 09:08:58 -07:00
Vijay Anusuri
e4df627b22
libsoup-2.4: Fix CVE-2025-32909
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92
(From OE-Core rev: 90359036300731b6c26b646afbf3d66127b72fa2)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-14 09:08:57 -07:00
Vijay Anusuri
adc945c074
libsoup-2.4: Fix CVE-2025-32906
...
Upstream-Status: Backport from
1f509f31b6af5b9a4a39vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-14 09:08:57 -07:00
Vijay Anusuri
929989c6c3
libsoup-2.4: Fix CVE-2024-52532
...
Upstream-Status: Backport from 6adc0e3eb729b96fab254c9e75c667vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-14 09:08:57 -07:00
Vijay Anusuri
e2e65311f8
libsoup-2.4: Fix CVE-2024-52531
...
import patch from ubuntu to fix
CVE-2024-52531
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit
a35222dd0b825fda3425https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/
https://ubuntu.com/security/CVE-2024-52531
(From OE-Core rev: c7ab8b45b1f533ca1b27b07c30f44b7b64a3cfde)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-14 09:08:57 -07:00
Vijay Anusuri
ecdb5e1785
libsoup-2.4: Fix CVE-2024-52530
...
Upstream-Status: Backport from
04df03bc09vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-14 09:08:57 -07:00
Ashish Sharma
2e1dd3c3d6
libsoup: patch CVE-2025-46420
...
Upstream-Status: Backport [c9083869ecasharma@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-08 13:37:29 -07:00
Vijay Anusuri
92701ca3e3
libsoup: Fix CVE-2025-32906
...
Upstream-Status: Backport from
1f509f31b6af5b9a4a39vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-04-28 08:18:52 -07:00
Vijay Anusuri
83671ce4eb
libsoup: Fix CVE-2025-32912
...
Upstream-Status: Backport from
cd077513f2910ebdcd3dvanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-04-28 08:18:52 -07:00
Vijay Anusuri
9927baf245
libsoup: Fix CVE-2025-32911 & CVE-2025-32913
...
Upstream-Status: Backport from
7b4ef0e004f4a761fb66vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-04-28 08:18:52 -07:00
Vijay Anusuri
ef68583826
libsoup: Fix CVE-2025-32909
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92
(From OE-Core rev: 9eba43f18664a20d7f5dc8942eb39cfbd83c066e)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-04-28 08:18:52 -07:00
Vijay Anusuri
1ec178a3cb
libsoup: Fix CVE-2025-32910
...
Upstream-Status: Backport from
e40df6d48a405a8a3459ea16eeacb0vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-04-28 08:18:52 -07:00
Changqing Li
51dbc10084
libsoup: fix CVE-2024-52530, CVE-2024-52531
...
CVE-2024-52531:
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that
perform conversion to UTF-8 in soup_header_parse_param_list_strict.
Input received over the network cannot trigger this.
Refer:
https://nvd.nist.gov/vuln/detail/CVE-2024-52531
CVE-2024-52530:
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some
configurations because '\0' characters at the end of header names are
ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the
same as a "Transfer-Encoding: chunked" header.
Refer:
https://nvd.nist.gov/vuln/detail/CVE-2024-52530
(From OE-Core rev: 0af9ac076cdbab70f526520acbbb0c38d237c407)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-12-06 05:50:25 -08:00
Hitendra Prajapati
a0e25e6652
libsoup: fix CVE-2024-52532
...
Upstream-Status: Backport from 6adc0e3eb729b96fab25hprajapati@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-11-26 06:11:29 -08:00
Markus Volk
7588fe77a1
libsoup: enable vapi support
...
without vapi gnome-calculator-46.0 will fail with:
| ../gnome-calculator-46.0/lib/currency-provider.vala:161.19-161.47:
error: The name `send_and_splice_async' does not exist in the context
of `Soup.Session' (libsoup-3.0)
(From OE-Core rev: cce5c9db1f19fd4638c19c70fd99f065dd93f15b)
Signed-off-by: Markus Volk <f_l_k@t-online.de >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2024-03-20 18:20:38 +00:00
Khem Raj
9f57bfb74e
libsoup-2.4: Fix build with clang-17 and libxml2-2.12
...
(From OE-Core rev: 1dd0e731d5a02105633dc67ccbc04b3dd0d0a873)
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-11-30 08:43:04 +00:00
Khem Raj
f62010de21
libsoup: Upgrade to 3.4.2 -> 3.4.4
...
(From OE-Core rev: 55481d5e40965894f9521474b7db479b02b01ce0)
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-11-13 11:38:03 +00:00
Peter Kjellerstedt
084c70344f
libsoup: Only specify --cross-file when building for target
...
The soup.cross file is only created when building for target so only
tell meson to read it when it exists. This allows libsoup-native to be
built again.
(From OE-Core rev: ae1893565bdd2597a08df6ac41db40641da66712)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-09-20 08:57:26 +01:00
Peter Kjellerstedt
90b51331ad
libsoup-2.4: Only specify --cross-file when building for target
...
The soup.cross file is only created when building for target so only
tell meson to read it when it exists. This allows libsoup-2.4-native to
be built again.
(From OE-Core rev: 4acbd2269931b500846d56885c3304d244e514f8)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-09-20 08:57:26 +01:00
Ross Burton
a5f386f7de
libsoup: update PACKAGECONFIG
...
Add explicit PACKAGECONFIGs for brotli,ntlm, and sysprof.
libsoup needs to be told where ntlm_auth will be on the target, so write
a cross file to do so.
Also explicitly disable more of the test suites as we don't build them
yet.
(From OE-Core rev: 945071cc31280d3bd164478b50e2970b6a42fd02)
Signed-off-by: Ross Burton <ross.burton@arm.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-09-07 14:36:30 +01:00
