2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch
new file mode 100644
index 0000000000..874f62e7ad
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch
@@ -0,0 +1,38 @@
+From 52a0f9234d384b9dab368835b22e5a5a01542168 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Fri, 16 May 2025 14:16:10 +0800
+Subject: [PATCH] auth-digest: fix crash in
+ soup_auth_digest_get_protection_space()
+We need to validate the Domain parameter in the WWW-Authenticate header.
+Unfortunately this crash only occurs when listening on default ports 80
+and 443, so there's no good way to test for this. The test would require
+running as root.
+Fixes #440
+CVE: CVE-2025-4476
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c?merge_request_iid=457]
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-auth-digest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index f1621ec..a2dc560 100644
+--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
+@@ -229,7 +229,7 @@ soup_auth_digest_get_protection_space (SoupAuth *auth, SoupURI *source_uri)
+                        uri = soup_uri_new (d);
+                        if (uri && uri->scheme == source_uri->scheme &&
+                            uri->port == source_uri->port &&
+-                           !strcmp (uri->host, source_uri->host))
+                           !g_strcmp0 (uri->host, source_uri->host))
+                                dir = g_strdup (uri->path);
+                        else
+                                dir = NULL;
+-- 
+2.34.1
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 089a032a4f..45add2e3e0 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -33,6 +33,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
           file://CVE-2025-32912.patch \
           file://CVE-2024-52531-1.patch \
           file://CVE-2024-52531-2.patch \
+           file://CVE-2025-4476.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch new file mode 100644 index 0000000000..874f62e7ad --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch
@@ -0,0 +1,38 @@
		1	From 52a0f9234d384b9dab368835b22e5a5a01542168 Mon Sep 17 00:00:00 2001
		2	From: Changqing Li <changqing.li@windriver.com>
		3	Date: Fri, 16 May 2025 14:16:10 +0800
		4	Subject: [PATCH] auth-digest: fix crash in
		5	soup_auth_digest_get_protection_space()
		6
		7	We need to validate the Domain parameter in the WWW-Authenticate header.
		8
		9	Unfortunately this crash only occurs when listening on default ports 80
		10	and 443, so there's no good way to test for this. The test would require
		11	running as root.
		12
		13	Fixes #440
		14
		15	CVE: CVE-2025-4476
		16	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c?merge_request_iid=457]
		17
		18	Signed-off-by: Changqing Li <changqing.li@windriver.com>
		19	---
		20	libsoup/soup-auth-digest.c \| 2 +-
		21	1 file changed, 1 insertion(+), 1 deletion(-)
		22
		23	diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
		24	index f1621ec..a2dc560 100644
		25	--- a/libsoup/soup-auth-digest.c
		26	+++ b/libsoup/soup-auth-digest.c
		27	@@ -229,7 +229,7 @@ soup_auth_digest_get_protection_space (SoupAuth auth, SoupURI source_uri)
		28	uri = soup_uri_new (d);
		29	if (uri && uri->scheme == source_uri->scheme &&
		30	uri->port == source_uri->port &&
		31	- !strcmp (uri->host, source_uri->host))
		32	+ !g_strcmp0 (uri->host, source_uri->host))
		33	dir = g_strdup (uri->path);
		34	else
		35	dir = NULL;
		36	--
		37	2.34.1
		38


diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb index 089a032a4f..45add2e3e0 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -33,6 +33,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
33	file://CVE-2025-32912.patch \	33	file://CVE-2025-32912.patch \
34	file://CVE-2024-52531-1.patch \	34	file://CVE-2024-52531-1.patch \
35	file://CVE-2024-52531-2.patch \	35	file://CVE-2024-52531-2.patch \
		36	file://CVE-2025-4476.patch \
36	"	37	"
37	SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"	38	SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
38		39