Changqing Li
d35837e3cd
libsoup: fix CVE-2025-12105
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/481
(From OE-Core rev: caa6f192df558d5f46c8a0968f72f08c6e59df1d)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-12-31 07:24:54 -08:00
Changqing Li
def97edcef
libsoup: fix CVE-2025-4945
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/448
(From OE-Core rev: cd589717c05b887986b9d61f5193e764f4deb3ee)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-07-14 08:37:40 -07:00
Changqing Li
65b1587627
libsoup-2.4: fix CVE-2025-4945
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/448
(From OE-Core rev: 2169742d4b88f9072501819b5842efbed04939f2)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-07-14 08:37:40 -07:00
Changqing Li
bfcca9e202
libsoup-2.4: refresh CVE-2025-4969.patch
...
refresh CVE-2025-4969.patch to fix the following build failure for
libsoup-2.4-native on fedora40/41:
../libsoup-2.74.3/tests/multipart-test.c:578:63: error: passing argument 2 of ‘soup_multipart_new_from_message’ from incompatible pointer type [-Wincompatible-pointer-types]
578 | multipart = soup_multipart_new_from_message (headers, bytes);
| ^~~~~
| |
| GBytes * {aka struct _GBytes *}
(From OE-Core rev: 4a0135992778110f2b523f436538c1197ef971b8)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-07-14 08:37:40 -07:00
Changqing Li
b4284b3eb2
libsoup-2.4: fix CVE-2025-4476
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/440
(From OE-Core rev: 2be01469687f30f33b768164f66916b081cc8c62)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-25 08:11:58 -07:00
Changqing Li
09407f375d
libsoup-2.4: fix CVE-2025-4948
...
Refer:
http://gitlab.gnome.org/GNOME/libsoup/-/issues/449
(From OE-Core rev: d5af0295d26f8967dfe49a53ffa6f275e249d087)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-25 08:11:58 -07:00
Changqing Li
3aa44948cb
libsoup-2.4: fix CVE-2025-46421
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
(From OE-Core rev: 33bf900bcb563c5769b75e69059751f969a8771f)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-25 08:11:58 -07:00
Changqing Li
6a19b931f0
libsoup-2.4: fix CVE-2025-32907
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/428
(From OE-Core rev: e6d9dd16d9b70cc8d3a9ca8b2fc542d547b456b9)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-25 08:11:57 -07:00
Hitendra Prajapati
467cc32439
libsoup-2.4: Fix CVE-2025-4969
...
Upstream-Status: Backport from 07b94e27afhprajapati@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-25 08:11:57 -07:00
Changqing Li
16168960c4
libsoup: fix CVE-2025-4948
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
(From OE-Core rev: 95383d7d95631a4c3b385a073ce1deff744bf725)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-25 08:11:57 -07:00
Changqing Li
f9f25b4fd6
libsoup: fix CVE-2025-46421
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
(From OE-Core rev: 388453296c32759623ed35a8142c6af2df7f30b0)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-25 08:11:57 -07:00
Changqing Li
f9ae7a93d4
libsoup: fix CVE-2025-32051
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/401
(From OE-Core rev: 4af9a40f53a6a9607999f0f4b28d2ce1eaf325a2)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-25 08:11:57 -07:00
Changqing Li
3fc748ecd7
libsoup: fix CVE-2025-32907
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/429
(From OE-Core rev: e31c9f12193d040480eca6a4be6a9ec6675b19f8)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-25 08:11:57 -07:00
Hitendra Prajapati
64327d7000
libsoup: Fix CVE-2025-4969
...
Upstream-Status: Backport from 07b94e27afhprajapati@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-25 08:11:57 -07:00
Ashish Sharma
41197b0df6
libsoup: patch CVE-2025-4476
...
Upstream-Status: Backport [e64c221f9casharma@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-25 08:11:57 -07:00
Vijay Anusuri
bb706cfe48
libsoup: Fix CVE-2025-46420
...
Upstream-Status: Backport
[c9083869ecvanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-20 08:06:29 -07:00
Vijay Anusuri
cecdcf3428
libsoup: Fix CVE-2025-32053
...
Upstream-Status: Backport
[eaed42ca8dvanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-20 08:06:29 -07:00
Vijay Anusuri
dd4d1b28e3
libsoup-2.4: Fix CVE-2025-32053
...
Upstream-Status: Backport
[eaed42ca8dvanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-20 08:06:29 -07:00
Vijay Anusuri
c2489908d7
libsoup: Fix CVE-2025-32052
...
Upstream-Status: Backport
[f182429e5bvanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-20 08:06:29 -07:00
Vijay Anusuri
4976dc40af
libsoup-2.4: Fix CVE-2025-32052
...
Upstream-Status: Backport
[f182429e5bvanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-20 08:06:29 -07:00
Vijay Anusuri
8bce7467dc
libsoup: Fix CVE-2025-32050
...
Upstream-Status: Backport
[9bb0a55de5vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-20 08:06:29 -07:00
Vijay Anusuri
ca51d99bf3
libsoup-2.4: Fix CVE-2025-32050
...
Upstream-Status: Backport
[9bb0a55de5vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-20 08:06:29 -07:00
Vijay Anusuri
07f522869c
libsoup: Fix CVE-2025-2784
...
Upstream-Status: Backport
[242a10fbb1c415ad0b67https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435
(From OE-Core rev: b51135e1f7eaa20c97e54f5c52b98963819127e9)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-20 08:06:29 -07:00
Vijay Anusuri
f49fc9966d
libsoup-2.4: Fix CVE-2025-2784
...
Upstream-Status: Backport
[242a10fbb1c415ad0b67https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435
(From OE-Core rev: 5cea727e87489b144cba9b2aa491d0c90f34f93d)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-20 08:06:29 -07:00
Vijay Anusuri
9a368c7b92
libsoup-2.4: Backport auth tests for CVE-2025-32910
...
libsoup-2.74.2/tests/auth-test.c:1554:39: error: unknown type name 'SoupServerMessage'; did you mean 'SoupServerClass'?
Fix auth-test.c compilation failure caused by CVE-2025-32910 patch
Link: 9af7d0fc75vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-06-13 08:42:34 -07:00
Vijay Anusuri
ef632f4693
libsoup-2.4: Fix CVE-2025-32914
...
import patch from debian to fix
CVE-2025-32914
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit 5bfcf81575https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/450
https://security-tracker.debian.org/tracker/CVE-2025-32914
(From OE-Core rev: 8996e178264cf6bf9b69365172f43a5ee8e9f727)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
Vijay Anusuri
cbbea14280
libsoup-2.4: Fix CVE-2025-32912
...
Upstream-Status: Backport from
cd077513f2910ebdcd3dvanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
Vijay Anusuri
d8278fd9f9
libsoup-2.4: Fix CVE-2025-32911 & CVE-2025-32913
...
Upstream-Status: Backport from
7b4ef0e004f4a761fb66vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
Vijay Anusuri
21bb9c063b
libsoup-2.4: Fix CVE-2025-32910
...
import patch from debian to fix
CVE-2025-32910
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit e40df6d48a405a8a3459ea16eeacb0https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417
https://security-tracker.debian.org/tracker/CVE-2025-32910
(From OE-Core rev: b65e3d3a4dc2375d9bb81c7a91c84139cc667a47)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
Ashish Sharma
0f58759f1b
libsoup-2.4: Fix CVE-2025-46420
...
Upstream-Status: Backport [c9083869ecasharma@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
Vijay Anusuri
45c3cde26b
libsoup: Fix CVE-2025-32914
...
Upstream-Status: Backport
[5bfcf81575vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
3f1cc96cb9
libsoup: Fix CVE-2025-32912
...
Upstream-Status: Backport from
cd077513f2910ebdcd3dvanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
d8c4c5ea04
libsoup: Fix CVE-2025-32911 & CVE-2025-32913
...
Upstream-Status: Backport from
7b4ef0e004f4a761fb66vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
fe91f67d38
libsoup: Fix CVE-2025-32910
...
Upstream-Status: Backport from
e40df6d48a405a8a3459ea16eeacb0vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
cc7f7f1c29
libsoup: Fix CVE-2025-32909
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92
(From OE-Core rev: 491373828c1c66030fb41687f9a42b9e4deb010b)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
dc621121b1
libsoup: Fix CVE-2025-32906
...
Upstream-Status: Backport from
1f509f31b6af5b9a4a39vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
14f293eecf
libsoup: update fix CVE-2024-52532
...
Upstream-Status: Backport from 4c9e75c667vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
e07ed2059c
libsoup-2.4: Fix CVE-2025-32909
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92
(From OE-Core rev: ad1244ee75b4169eab21c2c8744b86342b32dd07)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
6b27d84c2c
libsoup-2.4: Fix CVE-2025-32906
...
Upstream-Status: Backport from
1f509f31b6af5b9a4a39vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
02c2876c5e
libsoup-2.4: Update fix CVE-2024-52532
...
Upstream-Status: Backport from 4c9e75c667vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
880002d47c
libsoup-2.4: Backport fix for CVE-2024-52531
...
import patch from ubuntu to fix
CVE-2024-52531
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit
a35222dd0b825fda3425https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/
https://ubuntu.com/security/CVE-2024-52531
(From OE-Core rev: 763af055ccb1cbcc4f8fa0944815ec02e3bff87c)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-12-09 07:54:03 -08:00
Changqing Li
e8c505f7a4
libsoup: fix CVE-2024-52531
...
CVE-2024-52531:
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that
perform conversion to UTF-8 in soup_header_parse_param_list_strict.
Input received over the network cannot trigger this.
Refer:
https://nvd.nist.gov/vuln/detail/CVE-2024-52531
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/
(From OE-Core rev: 1159c7ef071fa2849f44e921c9b7c27fcbb6bfb3)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-12-09 07:54:03 -08:00
Vijay Anusuri
c1d55bc349
libsoup-2.4: Backport fix for CVE-2024-52530 and CVE-2024-52532
...
Upstream-Status: Backport from
04df03bc096adc0e3eb729b96fab25vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-11-27 06:27:25 -08:00
Vijay Anusuri
bac0039c98
libsoup: Fix for CVE-2024-52530 and CVE-2024-52532
...
Upstream-Status: Backport from
04df03bc096adc0e3eb729b96fab25vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-11-27 06:27:25 -08:00
Guocai He
2b5ca6638e
libsoup: fix compile error on centos7
...
Backport a patch [1] to fix the below build failure.
FAILED: libsoup/libsoup-2.4.so.1.11.0.p/soup-address.c.o
In file included from /usr/include/glib-2.0/gio/gnetworking.h:40,
from ../libsoup-2.72.0/libsoup/soup-address.c:14:
/usr/include/resolv.h:75:15: error: unknown type name ‘u_char’
const u_char **__query,
^~~~~~
[1] 5c3d431bdbguocai.he.cn@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-08-28 06:49:22 -07:00
Alexander Kanavin
e8af53db95
libsoup: upgrade 3.0.6 -> 3.0.7
...
Changes in libsoup from 3.0.6 to 3.0.7:
* Fix leak in SoupAuthNTLM [Milan Crha]
* Fix constructing SoupAuthNTLM objects [Milan Crha]
* Disable mutual negotiation in SoupAuthNegotiate [Michael Catanzaro]
* http2: Do not advertise the `h2` protocool for proxy connections [Carlos Garcia Campos]
* http2: Remove left-over headers when HTTP/1 redirects to HTTP/2 [Carlos Garcia Campos]
* http2: Handle HTTP_1_1_REQUIRED error [Carlos Garcia Campos]
* http2: Read request bodies synchronously for sync requests [Carlos Garcia Campos]
* http2: Properly handle server sending shut down GOAWAY [Carlos Garcia Campos]
* tests: Remove dependency on Apache's PHP module [Carlos Garcia Campos]
* tests: Depend upon Apache's http2 module [Carlos Garcia Campos]
(From OE-Core rev: a4bfb5ceb5cf8c0c6d27225b27ef10c0b9dceccb)
Signed-off-by: Alexander Kanavin <alex@linutronix.de >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit 800e0d32db86dccfe1b54111d01034e4a315cce9)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-07-16 06:52:45 +01:00
wangmy
7eada90a66
libsoup: upgrade 3.0.5 -> 3.0.6
...
Changelog:
=========
* Misc HTTP/2 fixes
* Add PUT/POST support to examples/get
* Add `--user-agent` option to examples/get
* Misc meson improvements
* Fix build with Visual Studio
(From OE-Core rev: 11beef012a0c7605b5ede04b9135692a993e0038)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit 0ee1c748af7520f50275b8dfb32f41de7f5e14c7)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-04-28 17:07:18 +01:00
wangmy
55ccfd804f
libsoup: upgrade 3.0.4 -> 3.0.5
...
(From OE-Core rev: 8f71ba57db3eb7ba7e6a4e835751a3329bde114d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-29 15:59:29 +01:00
Richard Purdie
b0130fcf91
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
...
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-02-20 16:45:25 +00:00
Alexander Kanavin
9afbfa3226
libsoup: upgrade 3.0.3 -> 3.0.4
...
(From OE-Core rev: b8abf4ebfe90099e3ca69f3f7ccf4e6efba5084e)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-01-20 11:57:29 +00:00
