Commit Graph

25 Commits

Author SHA1 Message Date
Changqing Li
95cfdc68bf libsoup: fix CVE-2025-32049
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/390

(From OE-Core rev: 3c2f2b6f7af2bb743655859b64faae4786080cb9)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
2026-05-12 21:31:34 +01:00
Changqing Li
ad166a6de2 libsoup: fix CVE-2025-14523
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/work_items/472

(From OE-Core rev: 277297409dbf0bdb17653419e2d5e4a5ee8f33d5)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
2026-05-12 21:31:34 +01:00
Changqing Li
a4841fb5a2 libsoup: fix CVE-2025-12105
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/481

(From OE-Core rev: 1ac9ad3faf022684ae709f4494a430aee5fb9906)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2026-01-02 06:56:54 -08:00
Changqing Li
60f859e4be libsoup: fix CVE-2025-4945
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/448

(From OE-Core rev: 6455484a26edc69be806c1356314c018d1940294)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-11 08:11:53 -07:00
Changqing Li
5e4f229917 libsoup: fix CVE-2025-2784
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422

(From OE-Core rev: 504d92b01ac9a227e8e57b677f016fdfeccd5666)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:01 -07:00
Changqing Li
859504c475 libsoup: fix CVE-2025-4948
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/449

(From OE-Core rev: 737d50288a37f51f17cf3fef0422e27dbd115cce)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:01 -07:00
Changqing Li
2f3419c598 libsoup: fix CVE-2025-46421
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/439

(From OE-Core rev: f1450eea34202a9cc46294e3d8244c829556c369)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:00 -07:00
Changqing Li
e4ebf3effd libsoup: fix CVE-2025-32050
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/424

(From OE-Core rev: 563a34faae35e4587fe2740c26c4bc149555a5de)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:00 -07:00
Changqing Li
ee5c55b631 libsoup: fix CVE-2025-32051
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/401

(From OE-Core rev: dd92cad39759b7ad105d8bcd42672847a273bccc)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:00 -07:00
Changqing Li
df0e54f6ab libsoup: fix CVE-2025-32052
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/425

(From OE-Core rev: 9a8a5072969a326e296d840296cb475fb3c0e2ff)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:00 -07:00
Changqing Li
bf752e4e25 libsoup: fix CVE-2025-32053
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/426

(From OE-Core rev: 7ce73ed9b7125d02abcf8ec34c80270c2e340d55)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-11 08:17:34 -07:00
Changqing Li
24f024f042 libsoup-2.4: fix CVE-2025-32907
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/428

(From OE-Core rev: de53b2272919b97719e2b7f704154283caebc59f)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-11 08:17:34 -07:00
Changqing Li
33fc8121c9 libsoup: fix CVE-2025-32907
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/429

(From OE-Core rev: a729b18103081acf17420cf91ec202e86cc6be0d)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-11 08:17:34 -07:00
Changqing Li
c04a6271a4 libsoup: fix CVE-2025-32908
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/429

(From OE-Core rev: ff7440fddf5ada072f60cc25f3670cbb74f58167)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-11 08:17:34 -07:00
Hitendra Prajapati
edc0010d0d libsoup-3.4.4: Fix CVE-2025-4969
Upstream-Status: Backport from 07b94e27af

(From OE-Core rev: 9716cdacb4378e0274246c39c5fb808e4d86b4ce)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-05 08:41:15 -07:00
Ashish Sharma
474ee8d5de libsoup: patch CVE-2025-4476
Upstream-Status: Backport [e64c221f9c]

(From OE-Core rev: 91231813d04680f93a08cb29540073bb4749e22f)

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-02 07:12:34 -07:00
Vijay Anusuri
c418c7ec51 libsoup: Fix CVE-2025-32914
Upstream-Status: Backport
[5bfcf81575]

(From OE-Core rev: 6dd125b619974c8102b3050900781c22c2db4b10)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-14 09:08:58 -07:00
Ashish Sharma
2e1dd3c3d6 libsoup: patch CVE-2025-46420
Upstream-Status: Backport [c9083869ec]

(From OE-Core rev: 0e4a77c928e2eb0e8b012f2bba13b2ef3929cb34)

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-08 13:37:29 -07:00
Vijay Anusuri
92701ca3e3 libsoup: Fix CVE-2025-32906
Upstream-Status: Backport from
1f509f31b6
& af5b9a4a39

(From OE-Core rev: c3ba6b665a907b8f8340aedcbf51bef79f1048b8)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-04-28 08:18:52 -07:00
Vijay Anusuri
83671ce4eb libsoup: Fix CVE-2025-32912
Upstream-Status: Backport from
cd077513f2
& 910ebdcd3d

(From OE-Core rev: f18f762edd7ffa02ead1f382856066d2157015ed)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-04-28 08:18:52 -07:00
Vijay Anusuri
9927baf245 libsoup: Fix CVE-2025-32911 & CVE-2025-32913
Upstream-Status: Backport from
7b4ef0e004
& f4a761fb66

(From OE-Core rev: c1bf4fca316c67b9ce1134c7e5bdc9c0ac9ab878)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-04-28 08:18:52 -07:00
Vijay Anusuri
ef68583826 libsoup: Fix CVE-2025-32909
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92

(From OE-Core rev: 9eba43f18664a20d7f5dc8942eb39cfbd83c066e)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-04-28 08:18:52 -07:00
Vijay Anusuri
1ec178a3cb libsoup: Fix CVE-2025-32910
Upstream-Status: Backport from
e40df6d48a
&
405a8a3459
& ea16eeacb0

(From OE-Core rev: c9c6c8c5be4df8cb2c44f1e6fe0954c9ee666e5a)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-04-28 08:18:52 -07:00
Changqing Li
51dbc10084 libsoup: fix CVE-2024-52530, CVE-2024-52531
CVE-2024-52531:
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that
perform conversion to UTF-8 in soup_header_parse_param_list_strict.
Input received over the network cannot trigger this.

Refer:
https://nvd.nist.gov/vuln/detail/CVE-2024-52531

CVE-2024-52530:
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some
configurations because '\0' characters at the end of header names are
ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the
same as a "Transfer-Encoding: chunked" header.

Refer:
https://nvd.nist.gov/vuln/detail/CVE-2024-52530

(From OE-Core rev: 0af9ac076cdbab70f526520acbbb0c38d237c407)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-12-06 05:50:25 -08:00
Hitendra Prajapati
a0e25e6652 libsoup: fix CVE-2024-52532
Upstream-Status: Backport from 6adc0e3eb7 && 29b96fab25

(From OE-Core rev: 5a28744c74270905d4b29285589a399df4c9cb68)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-11-26 06:11:29 -08:00