| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
The last user in OE-Core was gst-examples. This has been upgraded and the dependency
dropped, all other users can use libsoup3 instead. Therefore remove the obsolete and
deprecated version.
(From OE-Core rev: 94ebc5b798aed6eea642c5e2a4df24b386520636)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-52532:
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption.
during the reading of certain patterns of WebSocket data from clients.
Refer:
https://nvd.nist.gov/vuln/detail/CVE-2024-52532
(From OE-Core rev: 4efb2f03cf47382bf79aec333109c78e309c337b)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Backport 2 patches to fix build failures
(From OE-Core rev: 31ddbed4155f36ff8cda5fcf7e6c301ae63cd62f)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2025-32911:
A use-after-free type vulnerability was found in libsoup, in the
soup_message_headers_get_content_disposition() function. This flaw
allows a malicious HTTP client to cause memory corruption in the libsoup
server.
Backport patches to fix it
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-32911
[2] https://gitlab.gnome.org/GNOME/libsoup/-/issues/433
(From OE-Core rev: 839d93bbb1ca7a51b659b8cb9def9b354a99518f)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 1dd0e731d5a02105633dc67ccbc04b3dd0d0a873)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Drop backported patch.
tls-check merely checks at configure time whether glib-networking has tls
support enabled (by running a target executable which doesn't work for us);
it does not affect the actual build.
(From OE-Core rev: 2537fcf3143153e272630c42fc1d7ce85b463590)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This has been merged to master now, so mark as a backport.
(From OE-Core rev: bf8a5c92f2c2a40150159b811fa9d0a12919d43e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 8e9e352a0c16296cd8a530a8bccfa138b9f04040)
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: df6dbc1ba37937c3338f6d842af99f1f1c1a626d)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Freeze-breaking upgrade for a security bug fix involving cookie URLs, and a
number of static analysis fixes.
Drop CVE-2018-12910.patch as this is merged in 2.62.3.
(From OE-Core rev: a8098782fab87498026a09c06716b631c77c5ad6)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
(From OE-Core rev: 112683815ed1f63a96e845f264a2fd3390c6d01b)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
