sources/poky/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch

From 85716d2769b3e1acda024d2c7cbfb68139c5d90b Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Tue, 13 May 2025 14:20:46 +0200
Subject: [PATCH 2/2] server-mem-limit-test: Limit memory usage only when not
 built witha sanitizer

A build with -Db_sanitize=address crashes with failed mmap(), which is done
inside libasan. The test requires 20.0TB of virtual memory when running with
the sanitizer, which is beyond unsigned integer limits and may not trigger
the bug anyway.

Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>

CVE: CVE-2025-32907
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits]

Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
 meson.build                   |  4 ++++
 tests/server-mem-limit-test.c | 13 +++++++++----
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/meson.build b/meson.build
index 73a9fa0..a9531a4 100644
--- a/meson.build
+++ b/meson.build
@@ -374,6 +374,10 @@ configinc = include_directories('.')
 
 prefix = get_option('prefix')
 
+if get_option('b_sanitize') != 'none'
+  cdata.set_quoted('B_SANITIZE_OPTION', get_option('b_sanitize'))
+endif
+
 cdata.set_quoted('PACKAGE_VERSION', soup_version)
 cdata.set_quoted('LOCALEDIR', join_paths(prefix, get_option('localedir')))
 cdata.set_quoted('GETTEXT_PACKAGE', libsoup_api_name)
diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c
index 98f1c40..65dc875 100644
--- a/tests/server-mem-limit-test.c
+++ b/tests/server-mem-limit-test.c
@@ -126,14 +126,19 @@ main (int argc, char **argv)
 {
 	int ret;
 
-	test_init (argc, argv, NULL);
-
-	#ifndef G_OS_WIN32
-	struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 };
+	/* a build with an address sanitizer may crash on mmap() with the limit,
+	   thus skip the limit set in such case, even it may not necessarily
+	   trigger the bug if it regresses */
+	#if !defined(G_OS_WIN32) && !defined(B_SANITIZE_OPTION)
+	struct rlimit new_rlimit = { 1024UL * 1024UL * 1024UL * 2UL, 1024UL * 1024UL * 1024UL * 2UL };
 	/* limit memory usage, to trigger too large memory allocation abort */
 	g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0);
+	#else
+	g_message ("server-mem-limit-test: Running without memory limit");
 	#endif
 
+	test_init (argc, argv, NULL);
+
 	g_test_add ("/server-mem/range-overlaps", ServerData, NULL,
 		    server_setup, do_ranges_overlaps_test, server_teardown);
 
-- 
2.34.1
Complete Yocto mirror with license table for TQMa6UL (2038-compliance) - 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16) 2026-03-01 20:58:18 +00:00			`From 85716d2769b3e1acda024d2c7cbfb68139c5d90b Mon Sep 17 00:00:00 2001`
			`From: Milan Crha <mcrha@redhat.com>`
			`Date: Tue, 13 May 2025 14:20:46 +0200`
			`Subject: [PATCH 2/2] server-mem-limit-test: Limit memory usage only when not`
			`built witha sanitizer`

			`A build with -Db_sanitize=address crashes with failed mmap(), which is done`
			`inside libasan. The test requires 20.0TB of virtual memory when running with`
			`the sanitizer, which is beyond unsigned integer limits and may not trigger`
			`the bug anyway.`

			`Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>`

			`CVE: CVE-2025-32907`
			`Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits]`

			`Signed-off-by: Changqing Li <changqing.li@windriver.com>`
			`---`
			`meson.build \| 4 ++++`
			`tests/server-mem-limit-test.c \| 13 +++++++++----`
			`2 files changed, 13 insertions(+), 4 deletions(-)`

			`diff --git a/meson.build b/meson.build`
			`index 73a9fa0..a9531a4 100644`
			`--- a/meson.build`
			`+++ b/meson.build`
			`@@ -374,6 +374,10 @@ configinc = include_directories('.')`

			`prefix = get_option('prefix')`

			`+if get_option('b_sanitize') != 'none'`
			`+ cdata.set_quoted('B_SANITIZE_OPTION', get_option('b_sanitize'))`
			`+endif`
			`+`
			`cdata.set_quoted('PACKAGE_VERSION', soup_version)`
			`cdata.set_quoted('LOCALEDIR', join_paths(prefix, get_option('localedir')))`
			`cdata.set_quoted('GETTEXT_PACKAGE', libsoup_api_name)`
			`diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c`
			`index 98f1c40..65dc875 100644`
			`--- a/tests/server-mem-limit-test.c`
			`+++ b/tests/server-mem-limit-test.c`
			`@@ -126,14 +126,19 @@ main (int argc, char **argv)`
			`{`
			`int ret;`

			`- test_init (argc, argv, NULL);`
			`-`
			`- #ifndef G_OS_WIN32`
			`- struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 };`
			`+ /* a build with an address sanitizer may crash on mmap() with the limit,`
			`+ thus skip the limit set in such case, even it may not necessarily`
			`+ trigger the bug if it regresses */`
			`+ #if !defined(G_OS_WIN32) && !defined(B_SANITIZE_OPTION)`
			`+ struct rlimit new_rlimit = { 1024UL * 1024UL * 1024UL * 2UL, 1024UL * 1024UL * 1024UL * 2UL };`
			`/* limit memory usage, to trigger too large memory allocation abort */`
			`g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0);`
			`+ #else`
			`+ g_message ("server-mem-limit-test: Running without memory limit");`
			`#endif`

			`+ test_init (argc, argv, NULL);`
			`+`
			`g_test_add ("/server-mem/range-overlaps", ServerData, NULL,`
			`server_setup, do_ranges_overlaps_test, server_teardown);`

			`--`
			`2.34.1`