sources/poky/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch

From 825fda3425546847b42ad5270544e9388ff349fe Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Tue, 27 Aug 2024 13:52:08 -0500
Subject: [PATCH 2/2] tests: Add test for passing invalid UTF-8 to
 soup_header_parse_semi_param_list()

Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches/CVE-2024-52531-2.patch?h=ubuntu/jammy-security
Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/825fda3425546847b42ad5270544e9388ff349fe]
CVE: CVE-2024-52531
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 tests/header-parsing-test.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

Index: libsoup2.4-2.74.2/tests/header-parsing-test.c
===================================================================
--- libsoup2.4-2.74.2.orig/tests/header-parsing-test.c
+++ libsoup2.4-2.74.2/tests/header-parsing-test.c
@@ -825,6 +825,17 @@ static struct ParamListTest {
 	    { "filename", "t\xC3\xA9st.txt" },
 	  },
 	},
+
+        /* This tests invalid UTF-8 data which *should* never be passed here but it was designed to be robust against it. */
+        { TRUE,
+              "invalid*=\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; filename*=iso-8859-1''\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; foo",
+              {
+                    { "filename", "i''\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" },
+                    { "invalid", "\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" },
+                    { "foo", NULL },
+
+                },
+        }
 };
 static const int num_paramlisttests = G_N_ELEMENTS (paramlisttests);
Complete Yocto mirror with license table for TQMa6UL (2038-compliance) - 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16) 2026-03-01 20:58:18 +00:00			`From 825fda3425546847b42ad5270544e9388ff349fe Mon Sep 17 00:00:00 2001`
			`From: Patrick Griffis <pgriffis@igalia.com>`
			`Date: Tue, 27 Aug 2024 13:52:08 -0500`
			`Subject: [PATCH 2/2] tests: Add test for passing invalid UTF-8 to`
			`soup_header_parse_semi_param_list()`

			`Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches/CVE-2024-52531-2.patch?h=ubuntu/jammy-security`
			`Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/825fda3425546847b42ad5270544e9388ff349fe]`
			`CVE: CVE-2024-52531`
			`Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>`
			`---`
			`tests/header-parsing-test.c \| 11 +++++++++++`
			`1 file changed, 11 insertions(+)`

			`Index: libsoup2.4-2.74.2/tests/header-parsing-test.c`
			`===================================================================`
			`--- libsoup2.4-2.74.2.orig/tests/header-parsing-test.c`
			`+++ libsoup2.4-2.74.2/tests/header-parsing-test.c`
			`@@ -825,6 +825,17 @@ static struct ParamListTest {`
			`{ "filename", "t\xC3\xA9st.txt" },`
			`},`
			`},`
			`+`
			`+ /* This tests invalid UTF-8 data which should never be passed here but it was designed to be robust against it. */`
			`+ { TRUE,`
			`+ "invalid=\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; filename=iso-8859-1''\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; foo",`
			`+ {`
			`+ { "filename", "i''\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" },`
			`+ { "invalid", "\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" },`
			`+ { "foo", NULL },`
			`+`
			`+ },`
			`+ }`
			`};`
			`static const int num_paramlisttests = G_N_ELEMENTS (paramlisttests);`