packages/libsoup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:d2bce70c3fb51a895499b93c9aa1630e68fe1c54
Branches Tags
packages:main
...
compare: packages:911f2e687890888cb77b5e1f80ce4e5e35942ec6
Branches Tags
packages:main

10 Commits
d2bce70c3f ... 911f2e6878

Author SHA1 Message Date
openeuler-ci-bot
911f2e6878
!98 fix CVE-2025-46420 CVE-2025-46421 
From: @zppzhangpan 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
 2025-05-06 07:02:52 +00:00
zppzhangpan
af23346d3e fix CVE-2025-46420 CVE-2025-46421 2025-04-29 18:45:33 +08:00
openeuler-ci-bot
156fbfb8ed
!89 fix CVE-2025-32907 CVE-2025-32914 
From: @zppzhangpan 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
 2025-04-24 06:51:27 +00:00
zppzhangpan
5eaf0ca38c fix CVE-2025-32907 CVE-2025-32914 2025-04-23 15:57:40 +08:00
openeuler-ci-bot
302f07fbdb
!79 fix CVE-2025-32906 CVE-2025-32909 CVE-2025-32910 CVE-2025-32911 CVE-2025-32912 CVE-2025-32913 
From: @zppzhangpan 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
 2025-04-22 08:28:35 +00:00
zhangpan
9bf8c22134 fix CVE-2025-32906 CVE-2025-32909 CVE-2025-32910 CVE-2025-32911 CVE-2025-32912 CVE-2025-32913 2025-04-21 07:19:28 +00:00
openeuler-ci-bot
b9db14476d
!74 [sync] PR-73: fix CVE-2025-32912 
From: @openeuler-sync-bot 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl
 2025-04-18 07:50:30 +00:00
maoyanping
a48aa9ed70 fix CVE-2025-32912 
reference:ea16eeacb0

Signed-off-by: maoyanping <maoyanping@xfusion.com>
(cherry picked from commit e6061ce3e16c118d97dae5056796e6853ed1af0f)
 2025-04-18 14:36:11 +08:00
openeuler-ci-bot
ddd69632b7
!67 fix CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-2784 
From: @zppzhangpan 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
 2025-04-11 08:10:29 +00:00
zhangpan
3286e06be1 fix CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-2784 2025-04-10 06:41:33 +00:00
25 changed files with 1534 additions and 40 deletions
Show Stats Expand all files Collapse all files

48
backport-0001-CVE-2024-52532.patch
View File

@ -9,26 +9,28 @@ validating the data until the all the data was read.
Fixes #391
Conflict: context adapt and libsoup/websocket/soup-websocket-connection.c -> libsoup/soup-websocket-connection.c
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be
---
libsoup/soup-websocket-connection.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
index a4095e1..9d5f4f8 100644
--- a/libsoup/soup-websocket-connection.c
+++ b/libsoup/soup-websocket-connection.c
@@ -1140,9 +1140,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self)
}
pv->incoming->len = len + count;
- } while (count > 0);
- process_incoming (self);
+ process_incoming (self);
+ } while (count > 0 && !pv->close_sent && !pv->io_closing);
if (end) {
if (!pv->close_sent || !pv->close_received) {
--
2.33.0
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be
---
libsoup/soup-websocket-connection.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
index a4095e1..ed54e6b 100644
--- a/libsoup/soup-websocket-connection.c
+++ b/libsoup/soup-websocket-connection.c
@@ -1140,9 +1140,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self)
}
pv->incoming->len = len + count;
- } while (count > 0);
- process_incoming (self);
+ process_incoming (self);
+ } while (count > 0 && !pv->close_sent && !pv->io_closing);
if (end) {
if (!pv->close_sent || !pv->close_received) {
--
2.46.0

38
backport-0001-CVE-2025-32053.patch Normal file
View File

@ -0,0 +1,38 @@
From eaed42ca8d40cd9ab63764e3d63641180505f40a Mon Sep 17 00:00:00 2001
From: Ar Jun <pkillarjun@protonmail.com>
Date: Mon, 18 Nov 2024 14:59:51 -0600
Subject: [PATCH] Fix heap buffer overflow in
soup-content-sniffer.c:sniff_feed_or_html()
Conflict: Modify file path adaptation: libsoup/content-sniffer/soup-content-sniffer.c->libsoup/soup-content-sniffer.c
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a
---
libsoup/soup-content-sniffer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
index b62e4888..5a181ff1 100644
--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -641,7 +641,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length)
(resource[*pos] == '\x0D')) {
*pos = *pos + 1;
- if (*pos > resource_length)
+ if (*pos >= resource_length)
return TRUE;
}
@@ -704,7 +704,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
do {
pos++;
- if (pos > resource_length)
+ if ((pos + 1) > resource_length)
goto text_html;
} while (resource[pos] != '>');
--
GitLab

61
backport-0001-CVE-2025-32906.patch Normal file
View File

@ -0,0 +1,61 @@
From 1f509f31b6f8420a3661c3f990424ab7b9164931 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Tue, 11 Feb 2025 14:36:26 -0600
Subject: [PATCH] headers: Handle parsing edge case
This version number is specifically crafted to pass sanity checks allowing it to go one byte out of bounds.
Conflict: NA
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/1f509f31b6f8420a3661c3f990424ab7b9164931
---
libsoup/soup-headers.c | 2 +-
tests/header-parsing-test.c | 12 ++++++++++++
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
index 85385cea..9d6d00a3 100644
--- a/libsoup/soup-headers.c
+++ b/libsoup/soup-headers.c
@@ -225,7 +225,7 @@ soup_headers_parse_request (const char *str,
!g_ascii_isdigit (version[5]))
return SOUP_STATUS_BAD_REQUEST;
major_version = strtoul (version + 5, &p, 10);
- if (*p != '.' || !g_ascii_isdigit (p[1]))
+ if (p + 1 >= str + len || *p != '.' || !g_ascii_isdigit (p[1]))
return SOUP_STATUS_BAD_REQUEST;
minor_version = strtoul (p + 1, &p, 10);
version_end = p;
diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
index 07ea2866..10ddb684 100644
--- a/tests/header-parsing-test.c
+++ b/tests/header-parsing-test.c
@@ -6,6 +6,10 @@ typedef struct {
const char *name, *value;
} Header;
+static char unterminated_http_version[] = {
+ 'G','E','T',' ','/',' ','H','T','T','P','/','1', '0', '0', '.'
+};
+
static struct RequestTest {
const char *description;
const char *bugref;
@@ -383,6 +387,14 @@ static struct RequestTest {
{ { NULL } }
},
+ /* This couldn't be a C string as going one byte over would have been safe. */
+ { "Long HTTP version terminating at missing minor version", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/404",
+ unterminated_http_version, sizeof (unterminated_http_version),
+ SOUP_STATUS_BAD_REQUEST,
+ NULL, NULL, -1,
+ { { NULL } }
+ },
+
{ "Non-HTTP request", NULL,
"GET / SOUP/1.1\r\nHost: example.com\r\n", -1,
SOUP_STATUS_BAD_REQUEST,
--
GitLab

98
backport-0001-CVE-2025-32910-CVE-2025-32912.patch Normal file
View File

@ -0,0 +1,98 @@
From e40df6d48a1cbab56f5d15016cc861a503423cfe Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Sun, 8 Dec 2024 20:00:35 -0600
Subject: [PATCH] auth-digest: Handle missing realm in authenticate header
Conflict: tests/auth-test.c file context adaptation and modify file path adaptation: libsoup/auth/soup-auth-digest.c->libsoup/soup-auth-digest.c
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe
---
libsoup/soup-auth-digest.c | 3 +++
tests/auth-test.c | 50 ++++++++++++++++++++++++++++++++++++++
2 files changed, 53 insertions(+)
diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
index e8ba990..263a15a 100644
--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
@@ -142,6 +142,9 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
guint qop_options;
gboolean ok = TRUE;
+ if (!soup_auth_get_realm (auth))
+ return FALSE;
+
g_free (priv->domain);
g_free (priv->nonce);
g_free (priv->opaque);
diff --git a/tests/auth-test.c b/tests/auth-test.c
index 8295ec3..dfc6b09 100644
--- a/tests/auth-test.c
+++ b/tests/auth-test.c
@@ -1549,6 +1549,55 @@ do_cancel_after_retry_test (void)
soup_test_session_abort_unref (session);
}
+static void
+on_request_read_for_missing_realm (SoupServer *server,
+ SoupServerMessage *msg,
+ gpointer user_data)
+{
+ SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg);
+ soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\"");
+}
+
+static void
+do_missing_realm_test (void)
+{
+ SoupSession *session;
+ SoupMessage *msg;
+ SoupServer *server;
+ SoupAuthDomain *digest_auth_domain;
+ gint status;
+ GUri *uri;
+
+ server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
+ soup_server_add_handler (server, NULL,
+ server_callback, NULL, NULL);
+ uri = soup_test_server_get_uri (server, "http", NULL);
+
+ digest_auth_domain = soup_auth_domain_digest_new (
+ "realm", "auth-test",
+ "auth-callback", server_digest_auth_callback,
+ NULL);
+ soup_auth_domain_add_path (digest_auth_domain, "/");
+ soup_server_add_auth_domain (server, digest_auth_domain);
+ g_object_unref (digest_auth_domain);
+
+ g_signal_connect (server, "request-read",
+ G_CALLBACK (on_request_read_for_missing_realm),
+ NULL);
+
+ session = soup_test_session_new (NULL);
+ msg = soup_message_new_from_uri ("GET", uri);
+ g_signal_connect (msg, "authenticate",
+ G_CALLBACK (on_digest_authenticate),
+ NULL);
+
+ status = soup_test_session_send_message (session, msg);
+
+ g_assert_cmpint (status, ==, SOUP_STATUS_UNAUTHORIZED);
+ g_uri_unref (uri);
+ soup_test_server_quit_unref (server);
+}
+
int
main (int argc, char **argv)
{
@@ -1576,6 +1625,7 @@ main (int argc, char **argv)
g_test_add_func ("/auth/async-message-do-not-use-auth-cache", do_async_message_do_not_use_auth_cache_test);
g_test_add_func ("/auth/authorization-header-request", do_message_has_authorization_header_test);
g_test_add_func ("/auth/cancel-after-retry", do_cancel_after_retry_test);
+ g_test_add_func ("/auth/missing-realm", do_missing_realm_test);
ret = g_test_run ();
--
2.48.1

72
backport-0001-CVE-2025-32911-CVE-2025-32913.patch Normal file
View File

@ -0,0 +1,72 @@
From 7b4ef0e004ece3a308ccfaa714c284f4c96ade34 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Fri, 27 Dec 2024 17:53:50 -0600
Subject: [PATCH] soup_message_headers_get_content_disposition: Fix NULL deref
Conflict: tests/header-parsing-test.c file context adaptation
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/7b4ef0e004ece3a308ccfaa714c284f4c96ade34
---
libsoup/soup-message-headers.c | 13 +++++++++----
tests/header-parsing-test.c | 14 ++++++++++++++
2 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
index 39ad14a..a577169 100644
--- a/libsoup/soup-message-headers.c
+++ b/libsoup/soup-message-headers.c
@@ -1454,10 +1454,15 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders *hdrs,
*/
if (params && g_hash_table_lookup_extended (*params, "filename",
&orig_key, &orig_value)) {
- char *filename = strrchr (orig_value, '/');
-
- if (filename)
- g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
+ if (orig_value) {
+ char *filename = strrchr (orig_value, '/');
+
+ if (filename)
+ g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
+ } else {
+ /* filename with no value isn't valid. */
+ g_hash_table_remove (*params, "filename");
+ }
}
return TRUE;
}
diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
index 03ea34d..45316c5 100644
--- a/tests/header-parsing-test.c
+++ b/tests/header-parsing-test.c
@@ -1062,6 +1062,7 @@ do_param_list_tests (void)
#define RFC5987_TEST_HEADER_FALLBACK "attachment; filename*=Unknown''t%FF%FF%FFst.txt; filename=\"test.txt\""
#define RFC5987_TEST_HEADER_NO_TYPE "filename=\"test.txt\""
#define RFC5987_TEST_HEADER_NO_TYPE_2 "filename=\"test.txt\"; foo=bar"
+#define RFC5987_TEST_HEADER_EMPTY_FILENAME ";filename"
static void
do_content_disposition_tests (void)
@@ -1163,6 +1164,19 @@ do_content_disposition_tests (void)
g_assert_cmpstr (parameter2, ==, "bar");
g_hash_table_destroy (params);
+ /* Empty filename */
+ soup_message_headers_clear (hdrs);
+ soup_message_headers_append (hdrs, "Content-Disposition",
+ RFC5987_TEST_HEADER_EMPTY_FILENAME);
+ if (!soup_message_headers_get_content_disposition (hdrs,
+ &disposition,
+ &params)) {
+ soup_test_assert (FALSE, "empty filename decoding FAILED");
+ return;
+ }
+ g_assert_false (g_hash_table_contains (params, "filename"));
+ g_hash_table_destroy (params);
+
soup_message_headers_free (hdrs);
/* Ensure that soup-multipart always quotes filename */
--
2.48.1

29
backport-0002-CVE-2024-52532.patch
View File

@ -1,23 +1,24 @@
From 29b96fab2512666d7241e46c98cc45b60b795c0c Mon Sep 17 00:00:00 2001
From: Ignacio Casal Quinteiro <qignacio@amazon.com>
Date: Wed, 2 Oct 2024 11:17:19 +0200
Subject: [PATCH] websocket-test: disconnect error copy after the test ends
Otherwise the server will have already sent a few more wrong
bytes and the client will continue getting errors to copy
but the error is already != NULL and it will assert
Conflict: NA
From 29b96fab2512666d7241e46c98cc45b60b795c0c Mon Sep 17 00:00:00 2001
From: Ignacio Casal Quinteiro <qignacio@amazon.com>
Date: Wed, 2 Oct 2024 11:17:19 +0200
Subject: [PATCH] websocket-test: disconnect error copy after the test ends
Otherwise the server will have already sent a few more wrong
bytes and the client will continue getting errors to copy
but the error is already != NULL and it will assert
Conflict: NA
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c
---
tests/websocket-test.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tests/websocket-test.c b/tests/websocket-test.c
index 06c443bb5..6a48c1f9b 100644
index 5e40cf3..30a1f36 100644
--- a/tests/websocket-test.c
+++ b/tests/websocket-test.c
@@ -1539,8 +1539,9 @@ test_receive_invalid_encode_length_64 (Test *test,
@@ -1331,8 +1331,9 @@ test_receive_invalid_encode_length_64 (Test *test,
GError *error = NULL;
InvalidEncodeLengthTest context = { test, NULL };
guint i;
@ -28,7 +29,7 @@ index 06c443bb5..6a48c1f9b 100644
g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received);
/* We use 127(\x7f) as payload length with 65535 extended length */
@@ -1553,6 +1554,7 @@ test_receive_invalid_encode_length_64 (Test *test,
@@ -1345,6 +1346,7 @@ test_receive_invalid_encode_length_64 (Test *test,
WAIT_UNTIL (error != NULL || received != NULL);
g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR);
g_clear_error (&error);
@ -37,5 +38,5 @@ index 06c443bb5..6a48c1f9b 100644
g_thread_join (thread);
--
GitLab
2.46.0

69
backport-0002-CVE-2025-32053.patch Normal file
View File

@ -0,0 +1,69 @@
From 242a10fbb12dbdc12d254bd8fc8669a0ac055304 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Wed, 5 Feb 2025 14:39:42 -0600
Subject: [PATCH] sniffer: Fix potential overflow
Conflict: Modify file path adaptation: libsoup/content-sniffer/soup-content-sniffer.c->libsoup/soup-content-sniffer.c
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/242a10fbb12dbdc12d254bd8fc8669a0ac055304
---
libsoup/soup-content-sniffer.c | 2 +-
tests/resources/whitespace.html | Bin 0 -> 512 bytes
tests/sniffing-test.c | 5 +++++
tests/soup-tests.gresource.xml | 1 +
4 files changed, 7 insertions(+), 1 deletions(-)
create mode 100644 tests/resources/whitespace.html
diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
index aeee2e25c..da94e60c3 100644
--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -669,7 +669,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
pos = 3;
look_for_tag:
- if (pos > resource_length)
+ if (pos >= resource_length)
goto text_html;
if (skip_insignificant_space (resource, &pos, resource_length))
diff --git a/tests/resources/whitespace.html b/tests/resources/whitespace.html
new file mode 100644
index 0000000000000000000000000000000000000000..7f07a0e639a102284d6f7c0c5d5560170f994553
GIT binary patch
literal 512
TcmcCf)YWAe1tT*Abam|ja4Z2(
literal 0
HcmV?d00001
diff --git a/tests/sniffing-test.c b/tests/sniffing-test.c
index 6116719ae..b5428177f 100644
--- a/tests/sniffing-test.c
+++ b/tests/sniffing-test.c
@@ -512,6 +512,11 @@ main (int argc, char **argv)
"type/text_html; charset=UTF-8/test.html => text/html; charset=UTF-8",
do_sniffing_test);
+ /* Test hitting skip_insignificant_space() with number of bytes equaling resource_length. */
+ g_test_add_data_func ("/sniffing/whitespace",
+ "type/text_html/whitespace.html => text/html",
+ do_sniffing_test);
+
/* Test that disabling the sniffer works correctly */
g_test_add_data_func ("/sniffing/disabled",
"/text_or_binary/home.gif",
diff --git a/tests/soup-tests.gresource.xml b/tests/soup-tests.gresource.xml
index 9c08d170e..cbef1d402 100644
--- a/tests/soup-tests.gresource.xml
+++ b/tests/soup-tests.gresource.xml
@@ -25,5 +25,6 @@
<file>resources/text.txt</file>
<file>resources/text_binary.txt</file>
<file>resources/tux.webp</file>
+ <file>resources/whitespace.html</file>
</gresource>
</gresources>
--
GitLab

83
backport-0002-CVE-2025-32906.patch Normal file
View File

@ -0,0 +1,83 @@
From af5b9a4a3945c52b940d5ac181ef51bb12011f1f Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Wed, 12 Feb 2025 11:30:02 -0600
Subject: [PATCH] headers: Handle parsing only newlines
Closes #404
Closes #407
Conflict: NA
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f
---
libsoup/soup-headers.c | 4 ++--
tests/header-parsing-test.c | 13 ++++++++++++-
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
index 9d6d00a3..52ef2ece 100644
--- a/libsoup/soup-headers.c
+++ b/libsoup/soup-headers.c
@@ -186,7 +186,7 @@ soup_headers_parse_request (const char *str,
/* RFC 2616 4.1 "servers SHOULD ignore any empty line(s)
* received where a Request-Line is expected."
*/
- while ((*str == '\r' || *str == '\n') && len > 0) {
+ while (len > 0 && (*str == '\r' || *str == '\n')) {
str++;
len--;
}
@@ -371,7 +371,7 @@ soup_headers_parse_response (const char *str,
* after a response, which we then see prepended to the next
* response on that connection.
*/
- while ((*str == '\r' || *str == '\n') && len > 0) {
+ while (len > 0 && (*str == '\r' || *str == '\n')) {
str++;
len--;
}
diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
index 10ddb684..4faafbd6 100644
--- a/tests/header-parsing-test.c
+++ b/tests/header-parsing-test.c
@@ -6,10 +6,15 @@ typedef struct {
const char *name, *value;
} Header;
+/* These are not C strings to ensure going one byte over is not safe. */
static char unterminated_http_version[] = {
'G','E','T',' ','/',' ','H','T','T','P','/','1', '0', '0', '.'
};
+static char only_newlines[] = {
+ '\n', '\n', '\n', '\n'
+};
+
static struct RequestTest {
const char *description;
const char *bugref;
@@ -387,7 +392,6 @@ static struct RequestTest {
{ { NULL } }
},
- /* This couldn't be a C string as going one byte over would have been safe. */
{ "Long HTTP version terminating at missing minor version", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/404",
unterminated_http_version, sizeof (unterminated_http_version),
SOUP_STATUS_BAD_REQUEST,
@@ -457,6 +461,13 @@ static struct RequestTest {
SOUP_STATUS_BAD_REQUEST,
NULL, NULL, -1,
{ { NULL } }
+ },
+
+ { "Only newlines", NULL,
+ only_newlines, sizeof (only_newlines),
+ SOUP_STATUS_BAD_REQUEST,
+ NULL, NULL, -1,
+ { { NULL } }
}
};
static const int num_reqtests = G_N_ELEMENTS (reqtests);
--
GitLab

149
backport-0002-CVE-2025-32910-CVE-2025-32912.patch Normal file
View File

@ -0,0 +1,149 @@
From 405a8a34597a44bd58c4759e7d5e23f02c3b556a Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Thu, 26 Dec 2024 18:18:35 -0600
Subject: [PATCH] auth-digest: Handle missing nonce
Conflict: tests/auth-test.c file context adaptation and modify file path adaptation: libsoup/auth/soup-auth-digest.c->libsoup/soup-auth-digest.c
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/405a8a34597a44bd58c4759e7d5e23f02c3b556a
---
libsoup/soup-auth-digest.c | 45 +++++++++++++++++++++++++++++---------
tests/auth-test.c | 19 +++++++++-------
2 files changed, 46 insertions(+), 18 deletions(-)
diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
index 263a15a..a97e4bb 100644
--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
@@ -132,6 +132,19 @@ soup_auth_digest_get_qop (SoupAuthDigestQop qop)
return g_string_free (out, FALSE);
}
+static gboolean
+validate_params (SoupAuthDigest *auth_digest)
+{
+ SoupAuthDigestPrivate *priv = soup_auth_digest_get_instance_private (auth_digest);
+
+ if (priv->qop || priv->algorithm == SOUP_AUTH_DIGEST_ALGORITHM_MD5_SESS) {
+ if (!priv->nonce)
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
static gboolean
soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
GHashTable *auth_params)
@@ -169,16 +182,21 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
if (priv->algorithm == -1)
ok = FALSE;
- stale = g_hash_table_lookup (auth_params, "stale");
- if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
- recompute_hex_a1 (priv);
- else {
- g_free (priv->user);
- priv->user = NULL;
- g_free (priv->cnonce);
- priv->cnonce = NULL;
- memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
- memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
+ if (!validate_params (auth_digest))
+ ok = FALSE;
+
+ if (ok) {
+ stale = g_hash_table_lookup (auth_params, "stale");
+ if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
+ recompute_hex_a1 (priv);
+ else {
+ g_free (priv->user);
+ priv->user = NULL;
+ g_free (priv->cnonce);
+ priv->cnonce = NULL;
+ memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
+ memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
+ }
}
return ok;
@@ -269,6 +287,8 @@ soup_auth_digest_compute_hex_a1 (const char *hex_urp,
/* In MD5-sess, A1 is hex_urp:nonce:cnonce */
+ g_assert (nonce && cnonce);
+
checksum = g_checksum_new (G_CHECKSUM_MD5);
g_checksum_update (checksum, (guchar *)hex_urp, strlen (hex_urp));
g_checksum_update (checksum, (guchar *)":", 1);
@@ -359,6 +379,8 @@ soup_auth_digest_compute_response (const char *method,
if (qop) {
char tmp[9];
+ g_assert (cnonce);
+
g_snprintf (tmp, 9, "%.8x", nc);
g_checksum_update (checksum, (guchar *)tmp, strlen (tmp));
g_checksum_update (checksum, (guchar *)":", 1);
@@ -422,6 +444,9 @@ soup_auth_digest_get_authorization (SoupAuth *auth, SoupMessage *msg)
g_return_val_if_fail (uri != NULL, NULL);
url = soup_uri_to_string (uri, TRUE);
+ g_assert (priv->nonce);
+ g_assert (!priv->qop || priv->cnonce);
+
soup_auth_digest_compute_response (msg->method, url, priv->hex_a1,
priv->qop, priv->nonce,
priv->cnonce, priv->nc,
diff --git a/tests/auth-test.c b/tests/auth-test.c
index dfc6b09..6fb1e4a 100644
--- a/tests/auth-test.c
+++ b/tests/auth-test.c
@@ -1550,16 +1550,17 @@ do_cancel_after_retry_test (void)
}
static void
-on_request_read_for_missing_realm (SoupServer *server,
- SoupServerMessage *msg,
- gpointer user_data)
+on_request_read_for_missing_params (SoupServer *server,
+ SoupServerMessage *msg,
+ gpointer user_data)
{
+ const char *auth_header = user_data;
SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg);
- soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\"");
+ soup_message_headers_replace (response_headers, "WWW-Authenticate", auth_header);
}
static void
-do_missing_realm_test (void)
+do_missing_params_test (gconstpointer auth_header)
{
SoupSession *session;
SoupMessage *msg;
@@ -1582,8 +1583,8 @@ do_missing_realm_test (void)
g_object_unref (digest_auth_domain);
g_signal_connect (server, "request-read",
- G_CALLBACK (on_request_read_for_missing_realm),
- NULL);
+ G_CALLBACK (on_request_read_for_missing_params),
+ (gpointer)auth_header);
session = soup_test_session_new (NULL);
msg = soup_message_new_from_uri ("GET", uri);
@@ -1625,7 +1626,9 @@ main (int argc, char **argv)
g_test_add_func ("/auth/async-message-do-not-use-auth-cache", do_async_message_do_not_use_auth_cache_test);
g_test_add_func ("/auth/authorization-header-request", do_message_has_authorization_header_test);
g_test_add_func ("/auth/cancel-after-retry", do_cancel_after_retry_test);
- g_test_add_func ("/auth/missing-realm", do_missing_realm_test);
+ g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test);
+ g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test);
+ g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test);
ret = g_test_run ();
--
2.48.1

44
backport-0002-CVE-2025-32911-CVE-2025-32913.patch Normal file
View File

@ -0,0 +1,44 @@
From f4a761fb66512fff59798765e8ac5b9e57dceef0 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Fri, 27 Dec 2024 18:00:39 -0600
Subject: [PATCH] soup_message_headers_get_content_disposition: strdup
truncated filenames
This table frees the strings it contains.
Conflict: NA
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0
---
libsoup/soup-message-headers.c | 2 +-
tests/header-parsing-test.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
index a577169..81e7cea 100644
--- a/libsoup/soup-message-headers.c
+++ b/libsoup/soup-message-headers.c
@@ -1458,7 +1458,7 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders *hdrs,
char *filename = strrchr (orig_value, '/');
if (filename)
- g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
+ g_hash_table_insert (*params, g_strdup (orig_key), g_strdup (filename + 1));
} else {
/* filename with no value isn't valid. */
g_hash_table_remove (*params, "filename");
diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
index 45316c5..c3a62f9 100644
--- a/tests/header-parsing-test.c
+++ b/tests/header-parsing-test.c
@@ -1174,6 +1174,7 @@ do_content_disposition_tests (void)
soup_test_assert (FALSE, "empty filename decoding FAILED");
return;
}
+ g_free (disposition);
g_assert_false (g_hash_table_contains (params, "filename"));
g_hash_table_destroy (params);
--
2.48.1

27
backport-0003-CVE-2025-32910-CVE-2025-32912.patch Normal file
View File

@ -0,0 +1,27 @@
From ea16eeacb052e423eb5c3b0b705e5eab34b13832 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Fri, 27 Dec 2024 13:52:52 -0600
Subject: [PATCH] auth-digest: Fix leak
Conflict: Modify file path adaptation: libsoup/auth/soup-auth-digest.c->libsoup/soup-auth-digest.c
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/ea16eeacb052e423eb5c3b0b705e5eab34b13832
---
libsoup/soup-auth-digest.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
index 350bfde6..9eb7fa0e 100644
--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
@@ -72,6 +72,7 @@ soup_auth_digest_finalize (GObject *object)
g_free (priv->nonce);
g_free (priv->domain);
g_free (priv->cnonce);
+ g_free (priv->opaque);
memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
--
GitLab

41
backport-0004-CVE-2025-32912.patch Normal file
View File

@ -0,0 +1,41 @@
From cd077513f267e43ce4b659eb18a1734d8a369992 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Wed, 5 Feb 2025 14:03:05 -0600
Subject: [PATCH] auth-digest: Handle missing nonce
Conflict: Modify file path adaptation: libsoup/auth/soup-auth-digest.c->libsoup/soup-auth-digest.c
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992
---
libsoup/soup-auth-digest.c | 2 +-
tests/auth-test.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
index 83069ef..b79e6f8 100644
--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
@@ -156,7 +156,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
guint qop_options;
gboolean ok = TRUE;
- if (!soup_auth_get_realm (auth))
+ if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce"))
return FALSE;
g_free (priv->domain);
diff --git a/tests/auth-test.c b/tests/auth-test.c
index 6fb1e4a..548ac94 100644
--- a/tests/auth-test.c
+++ b/tests/auth-test.c
@@ -1629,6 +1629,7 @@ main (int argc, char **argv)
g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test);
g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test);
g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test);
+ g_test_add_data_func ("/auth/missing-params/nonce-and-qop", "Digest realm=\"auth-test\"", do_missing_params_test);
ret = g_test_run ();
--
2.48.1

30
backport-0005-CVE-2025-32912.patch Normal file
View File

@ -0,0 +1,30 @@
From 910ebdcd3dd82386717a201c13c834f3a63eed7f Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Sat, 8 Feb 2025 12:30:13 -0600
Subject: [PATCH] digest-auth: Handle NULL nonce
`contains` only handles a missing nonce, `lookup` handles both missing and empty.
Conflict: Modify file path adaptation: libsoup/auth/soup-auth-digest.c->libsoup/soup-auth-digest.c
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f
---
libsoup/soup-auth-digest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
index d69a4013..dc4dbfc5 100644
--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
@@ -162,7 +162,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
guint qop_options;
gboolean ok = TRUE;
- if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce"))
+ if (!soup_auth_get_realm (auth) || !g_hash_table_lookup (auth_params, "nonce"))
return FALSE;
g_free (priv->domain);
--
GitLab

51
backport-0006-CVE-2025-32912.patch Normal file
View File

@ -0,0 +1,51 @@
From e2e3d1cf16a15d725289e3f5a8a6503de08fc63f Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Tue, 11 Feb 2025 10:32:39 -0600
Subject: [PATCH] Remove redundant function
The nonce is validated earlier now.
Conflict: Modify file path adaptation: libsoup/auth/soup-auth-digest.c->libsoup/soup-auth-digest.c
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/e2e3d1cf16a15d725289e3f5a8a6503de08fc63f
---
libsoup/soup-auth-digest.c | 16 ----------------
1 file changed, 16 deletions(-)
diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
index 40b470b..318ebe2 100644
--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
@@ -133,19 +133,6 @@ soup_auth_digest_get_qop (SoupAuthDigestQop qop)
return g_string_free (out, FALSE);
}
-static gboolean
-validate_params (SoupAuthDigest *auth_digest)
-{
- SoupAuthDigestPrivate *priv = soup_auth_digest_get_instance_private (auth_digest);
-
- if (priv->qop || priv->algorithm == SOUP_AUTH_DIGEST_ALGORITHM_MD5_SESS) {
- if (!priv->nonce)
- return FALSE;
- }
-
- return TRUE;
-}
-
static gboolean
soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
GHashTable *auth_params)
@@ -183,9 +170,6 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
if (priv->algorithm == -1)
ok = FALSE;
- if (!validate_params (auth_digest))
- ok = FALSE;
-
if (ok) {
stale = g_hash_table_lookup (auth_params, "stale");
if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
--
2.48.1

152
backport-CVE-2025-2784.patch Normal file
View File

@ -0,0 +1,152 @@
From c415ad0b6771992e66c70edf373566c6e247089d Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Tue, 18 Feb 2025 14:29:50 -0600
Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space()
Conflict: context adaptation and Modify file path adaptation: libsoup/content-sniffer/soup-content-sniffer.c->libsoup/soup-content-sniffer.c
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/c415ad0b6771992e66c70edf373566c6e247089d
---
libsoup/soup-content-sniffer.c | 10 +++---
tests/resources/whitespace.html | Bin 512 -> 0 bytes
tests/sniffing-test.c | 53 +++++++++++++++++++++++++++++---
tests/soup-tests.gresource.xml | 1 -
4 files changed, 53 insertions(+), 11 deletions(-)
delete mode 100644 tests/resources/whitespace.html
diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
index c52d2d0..3fb29ad 100644
--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -612,8 +612,11 @@ sniff_text_or_binary (SoupContentSniffer *sniffer, SoupBuffer *buffer)
}
static gboolean
-skip_insignificant_space (const char *resource, int *pos, int resource_length)
+skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length)
{
+ if (*pos >= resource_length)
+ return TRUE;
+
while ((resource[*pos] == '\x09') ||
(resource[*pos] == '\x20') ||
(resource[*pos] == '\x0A') ||
@@ -632,7 +635,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
{
const char *resource = (const char *)buffer->data;
int resource_length = MIN (512, buffer->length);
- int pos = 0;
+ gsize pos = 0;
if (resource_length < 3)
goto text_html;
@@ -642,9 +645,6 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
pos = 3;
look_for_tag:
- if (pos >= resource_length)
- goto text_html;
-
if (skip_insignificant_space (resource, &pos, resource_length))
goto text_html;
diff --git a/tests/resources/whitespace.html b/tests/resources/whitespace.html
deleted file mode 100644
index 7f07a0e639a102284d6f7c0c5d5560170f994553..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 512
TcmcCf)YWAe1tT*Abam|ja4Z2(
diff --git a/tests/sniffing-test.c b/tests/sniffing-test.c
index 0a4569a..e2dfed4 100644
--- a/tests/sniffing-test.c
+++ b/tests/sniffing-test.c
@@ -436,6 +436,52 @@ test_disabled (gconstpointer data)
soup_uri_free (uri);
}
+static const gsize MARKUP_LENGTH = strlen ("<!--") + strlen ("-->");
+
+static void
+do_skip_whitespace_test (void)
+{
+ SoupContentSniffer *sniffer = soup_content_sniffer_new ();
+ SoupMessage *msg = soup_message_new (SOUP_METHOD_GET, "http://example.org");
+ const char *test_cases[] = {
+ "",
+ "<rdf:RDF",
+ "<rdf:RDFxmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\"",
+ "<rdf:RDFxmlns=\"http://purl.org/rss/1.0/\"",
+ };
+
+ soup_message_headers_set_content_type (msg->response_headers, "text/html", NULL);
+
+ for (guint i = 0; i < G_N_ELEMENTS (test_cases); i++) {
+ const char *trailing_data = test_cases[i];
+ gsize leading_zeros = 512 - MARKUP_LENGTH - strlen (trailing_data);
+ gsize testsize = MARKUP_LENGTH + leading_zeros + strlen (trailing_data);
+ guint8 *data = g_malloc0 (testsize);
+ guint8 *p = data;
+ char *content_type;
+ GBytes *buffer;
+
+ // Format of <!--[0x00 * $leading_zeros]-->$trailing_data
+ memcpy (p, "<!--", strlen ("<!--"));
+ p += strlen ("<!--");
+ p += leading_zeros;
+ memcpy (p, "-->", strlen ("-->"));
+ p += strlen ("-->");
+ if (strlen (trailing_data))
+ memcpy (p, trailing_data, strlen (trailing_data));
+ // Purposefully not NUL terminated.
+
+ buffer = g_bytes_new_take (g_steal_pointer (&data), testsize);
+ content_type = soup_content_sniffer_sniff (sniffer, msg, buffer, NULL);
+
+ g_free (content_type);
+ g_bytes_unref (buffer);
+ }
+
+ g_object_unref (msg);
+ g_object_unref (sniffer);
+}
+
int
main (int argc, char **argv)
{
@@ -605,16 +651,13 @@ main (int argc, char **argv)
"type/text_html; charset=UTF-8/test.html => text/html; charset=UTF-8",
do_sniffing_test);
- /* Test hitting skip_insignificant_space() with number of bytes equaling resource_length. */
- g_test_add_data_func ("/sniffing/whitespace",
- "type/text_html/whitespace.html => text/html",
- do_sniffing_test);
-
/* Test that disabling the sniffer works correctly */
g_test_add_data_func ("/sniffing/disabled",
"/text_or_binary/home.gif",
test_disabled);
+ g_test_add_func ("/sniffing/whitespace", do_skip_whitespace_test);
+
ret = g_test_run ();
soup_uri_free (base_uri);
diff --git a/tests/soup-tests.gresource.xml b/tests/soup-tests.gresource.xml
index cbef1d4..9c08d17 100644
--- a/tests/soup-tests.gresource.xml
+++ b/tests/soup-tests.gresource.xml
@@ -25,6 +25,5 @@
<file>resources/text.txt</file>
<file>resources/text_binary.txt</file>
<file>resources/tux.webp</file>
- <file>resources/whitespace.html</file>
</gresource>
</gresources>
--
2.46.0

28
backport-CVE-2025-32050.patch Normal file
View File

@ -0,0 +1,28 @@
From 9bb0a55de55c6940ced811a64fbca82fe93a9323 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Mon, 28 Oct 2024 12:29:48 -0500
Subject: [PATCH] Fix using int instead of size_t for strcspn return
Conflict: NA
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323
---
libsoup/soup-headers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
index 613e1905..a5f7a7f6 100644
--- a/libsoup/soup-headers.c
+++ b/libsoup/soup-headers.c
@@ -907,7 +907,7 @@ append_param_quoted (GString *string,
const char *name,
const char *value)
{
- int len;
+ gsize len;
g_string_append (string, name);
g_string_append (string, "=\"");
--
GitLab

30
backport-CVE-2025-32052.patch Normal file
View File

@ -0,0 +1,30 @@
From f182429e5b1fc034050510da20c93256c4fa9652 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Sat, 16 Nov 2024 12:07:30 -0600
Subject: [PATCH] Fix heap buffer overflow in soup_content_sniffer_sniff
Co-Author: Ar Jun <pkillarjun@protonmail.com>
Conflict: Modify file path adaptation: libsoup/content-sniffer/soup-content-sniffer.c->libsoup/soup-content-sniffer.c
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652
---
libsoup/soup-content-sniffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
index de0985eac..b62e48889 100644
--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -524,7 +524,7 @@ sniff_unknown (SoupContentSniffer *sniffer, GBytes *buffer,
guint index_pattern = 0;
gboolean skip_row = FALSE;
- while ((index_stream < resource_length) &&
+ while ((index_stream < resource_length - 1) &&
(index_pattern <= type_row->pattern_length)) {
/* Skip insignificant white space ("WS" in the spec) */
if (type_row->pattern[index_pattern] == ' ') {
--
GitLab

32
backport-CVE-2025-32907.patch Normal file
View File

@ -0,0 +1,32 @@
From 446b2e0a97ac1c241e9c58545f1b0f5f962d98e2 Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Tue, 15 Apr 2025 12:17:39 +0200
Subject: [PATCH] soup-message-headers: Correct merge of ranges
It had been skipping every second range, which generated an array
of a lot of insane ranges, causing large memory usage by the server.
Closes #428
Conflict: The new test case community is still in discussion and it is recommended not to merge
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/446b2e0a97ac1c241e9c58545f1b0f5f962d98e2
---
libsoup/soup-message-headers.c | 1 +
1 files changed, 1 insertions(+)
diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
index ee7a3cb1..f101d4b4 100644
--- a/libsoup/soup-message-headers.c
+++ b/libsoup/soup-message-headers.c
@@ -1244,6 +1244,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders *hdrs,
if (cur->start <= prev->end) {
prev->end = MAX (prev->end, cur->end);
g_array_remove_index (array, i);
+ i--;
}
}
}
--
GitLab

36
backport-CVE-2025-32909.patch Normal file
View File

@ -0,0 +1,36 @@
From ba4c3a6f988beff59e45801ab36067293d24ce92 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Wed, 8 Jan 2025 16:30:17 -0600
Subject: [PATCH] content-sniffer: Handle sniffing resource shorter than 4
bytes
Conflict: context adaptation and modify file path adaptation: libsoup/content-sniffer/soup-content-sniffer.c->libsoup/soup-content-sniffer.c
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92
---
libsoup/soup-content-sniffer.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
index c52d2d0..ee32971 100644
--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -227,9 +227,14 @@ sniff_mp4 (SoupContentSniffer *sniffer, SoupBuffer *buffer)
{
const char *resource = (const char *)buffer->data;
guint resource_length = MIN (512, buffer->length);
- guint32 box_size = *((guint32*)resource);
+ guint32 box_size;
guint i;
+ if (resource_length < sizeof (guint32))
+ return FALSE;
+
+ box_size = *((guint32*)resource);
+
#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
box_size = ((box_size >> 24) |
((box_size << 8) & 0x00FF0000) |
--
2.48.1

115
backport-CVE-2025-32914.patch Normal file
View File

@ -0,0 +1,115 @@
From 5bfcf8157597f2d327050114fb37ff600004dbcf Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Tue, 15 Apr 2025 09:03:00 +0200
Subject: [PATCH] multipart: Fix read out of buffer bounds under
soup_multipart_new_from_message()
This is CVE-2025-32914, special crafted input can cause read out of buffer bounds
of the body argument.
Closes #436
Conflict: Context Adaptation and Test Case Adaptation
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/5bfcf8157597f2d327050114fb37ff600004dbcf
---
libsoup/soup-multipart.c | 2 +-
tests/multipart-test.c | 62 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 63 insertions(+), 1 deletion(-)
diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
index a7e550f..dd93973 100644
--- a/libsoup/soup-multipart.c
+++ b/libsoup/soup-multipart.c
@@ -181,7 +181,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
return NULL;
}
- split = strstr (start, "\r\n\r\n");
+ split = g_strstr_len (start, body_end - start, "\r\n\r\n");
if (!split || split > end) {
soup_multipart_free (multipart);
soup_buffer_free (flattened);
diff --git a/tests/multipart-test.c b/tests/multipart-test.c
index 64a5ebf..79c2190 100644
--- a/tests/multipart-test.c
+++ b/tests/multipart-test.c
@@ -479,6 +479,66 @@ test_multipart (gconstpointer data)
g_main_loop_unref (loop);
}
+static void
+test_multipart_bounds_good (void)
+{
+ #define TEXT "line1\r\nline2"
+ SoupMultipart *multipart;
+ SoupMessageHeaders *headers, *set_headers = NULL;
+ SoupBuffer *set_bytes = NULL;
+ const char *raw_data = "--123\r\nContent-Type: text/plain;\r\n\r\n" TEXT "\r\n--123--\r\n";
+ gboolean success;
+
+ headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
+ soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
+
+
+ SoupMessageBody *message_body = soup_message_body_new ();
+ SoupBuffer *part_body = soup_buffer_new (SOUP_MEMORY_COPY, raw_data, strlen(raw_data));
+ soup_message_body_append_buffer (message_body, part_body);
+ multipart = soup_multipart_new_from_message (headers, message_body);
+
+ g_assert_nonnull (multipart);
+ g_assert_cmpint (soup_multipart_get_length (multipart), ==, 1);
+ success = soup_multipart_get_part (multipart, 0, &set_headers, &set_bytes);
+ g_assert_true (success);
+ g_assert_nonnull (set_headers);
+ g_assert_nonnull (set_bytes);
+ g_assert_cmpint (strlen (TEXT), ==, set_bytes->length);
+ g_assert_cmpstr ("text/plain", ==, soup_message_headers_get_content_type (set_headers, NULL));
+ g_assert_cmpmem (TEXT, strlen (TEXT), set_bytes->data, set_bytes->length);
+
+ soup_message_headers_free (headers);
+ soup_message_body_free (message_body);
+ soup_buffer_free (part_body);
+ soup_multipart_free (multipart);
+
+ #undef TEXT
+}
+
+static void
+test_multipart_bounds_bad (void)
+{
+ SoupMultipart *multipart;
+ SoupMessageHeaders *headers;
+ const char *raw_data = "--123\r\nContent-Type: text/plain;\r\nline1\r\nline2\r\n--123--\r\n";
+
+ headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
+ soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
+
+ SoupMessageBody *message_body = soup_message_body_new ();
+ SoupBuffer *part_body = soup_buffer_new (SOUP_MEMORY_COPY, raw_data, strlen(raw_data));
+ soup_message_body_append_buffer (message_body, part_body);
+ /* it did read out of raw_data/bytes bounds */
+ multipart = soup_multipart_new_from_message (headers, message_body);
+
+ g_assert_null (multipart);
+
+ soup_message_headers_free (headers);
+ soup_message_body_free (message_body);
+ soup_buffer_free (part_body);
+}
+
int
main (int argc, char **argv)
{
@@ -508,6 +568,8 @@ main (int argc, char **argv)
g_test_add_data_func ("/multipart/sync", GINT_TO_POINTER (SYNC_MULTIPART), test_multipart);
g_test_add_data_func ("/multipart/async", GINT_TO_POINTER (ASYNC_MULTIPART), test_multipart);
g_test_add_data_func ("/multipart/async-small-reads", GINT_TO_POINTER (ASYNC_MULTIPART_SMALL_READS), test_multipart);
+ g_test_add_func ("/multipart/bounds-good", test_multipart_bounds_good);
+ g_test_add_func ("/multipart/bounds-bad", test_multipart_bounds_bad);
ret = g_test_run ();
--
2.33.0

60
backport-CVE-2025-46420.patch Normal file
View File

@ -0,0 +1,60 @@
From c9083869ec2a3037e6df4bd86b45c419ba295f8e Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Thu, 26 Dec 2024 18:31:42 -0600
Subject: [PATCH] soup_header_parse_quality_list: Fix leak
When iterating over the parsed list we now steal the allocated strings that we want and then free_full the list which may contain remaining strings.
Conflict: NA
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e
---
libsoup/soup-headers.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
index a5f7a7f6..85385cea 100644
--- a/libsoup/soup-headers.c
+++ b/libsoup/soup-headers.c
@@ -530,7 +530,7 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
GSList *unsorted;
QualityItem *array;
GSList *sorted, *iter;
- char *item, *semi;
+ char *semi;
const char *param, *equal, *value;
double qval;
int n;
@@ -543,9 +543,8 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
unsorted = soup_header_parse_list (header);
array = g_new0 (QualityItem, g_slist_length (unsorted));
for (iter = unsorted, n = 0; iter; iter = iter->next) {
- item = iter->data;
qval = 1.0;
- for (semi = strchr (item, ';'); semi; semi = strchr (semi + 1, ';')) {
+ for (semi = strchr (iter->data, ';'); semi; semi = strchr (semi + 1, ';')) {
param = skip_lws (semi + 1);
if (*param != 'q')
continue;
@@ -577,15 +576,15 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
if (qval == 0.0) {
if (unacceptable) {
*unacceptable = g_slist_prepend (*unacceptable,
- item);
+ g_steal_pointer (&iter->data));
}
} else {
- array[n].item = item;
+ array[n].item = g_steal_pointer (&iter->data);
array[n].qval = qval;
n++;
}
}
- g_slist_free (unsorted);
+ g_slist_free_full (unsorted, g_free);
qsort (array, n, sizeof (QualityItem), sort_by_qval);
sorted = NULL;
--
GitLab

138
backport-CVE-2025-46421.patch Normal file
View File

@ -0,0 +1,138 @@
From 3e5c26415811f19e7737238bb23305ffaf96f66b Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Wed, 5 Feb 2025 16:18:10 -0600
Subject: [PATCH] session: Strip authentication credentails on cross-origin
redirect
This should match the behavior of Firefox and Safari but not of Chromium.
Conflict: Context Adaptation and Test Case Adaptation and soup_message_headers_remove_common->soup_message_headers_remove,soup_message_get_request_headers (msg)->msg->request_headers,SOUP_HEADER_AUTHORIZATION->"Authorization"
Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/3e5c26415811f19e7737238bb23305ffaf96f66b
---
libsoup/soup-session.c | 6 ++++
tests/auth-test.c | 77 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 83 insertions(+)
diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c
index 83421ef..7ff53ab 100644
--- a/libsoup/soup-session.c
+++ b/libsoup/soup-session.c
@@ -1189,6 +1189,12 @@ soup_session_redirect_message (SoupSession *session, SoupMessage *msg)
SOUP_ENCODING_NONE);
}
+ /* Strip all credentials on cross-origin redirect. */
+ if (!soup_uri_host_equal (soup_message_get_uri (msg), new_uri)) {
+ soup_message_headers_remove (msg->request_headers, "Authorization");
+ soup_message_set_auth (msg, NULL);
+ }
+
soup_message_set_uri (msg, new_uri);
soup_uri_free (new_uri);
diff --git a/tests/auth-test.c b/tests/auth-test.c
index 548ac94..e71f986 100644
--- a/tests/auth-test.c
+++ b/tests/auth-test.c
@@ -1,6 +1,7 @@
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
#include "test-utils.h"
+#include "soup-uri-utils-private.h"
static const char *base_uri;
static GMainLoop *loop;
@@ -1599,6 +1600,81 @@ do_missing_params_test (gconstpointer auth_header)
soup_test_server_quit_unref (server);
}
+static void
+redirect_server_callback (SoupServer *server,
+ SoupServerMessage *msg,
+ const char *path,
+ GHashTable *query,
+ gpointer user_data)
+{
+ static gboolean redirected = FALSE;
+
+ if (!redirected) {
+ char *redirect_uri = g_uri_to_string (user_data);
+ soup_server_message_set_redirect (msg, SOUP_STATUS_MOVED_PERMANENTLY, redirect_uri);
+ g_free (redirect_uri);
+ redirected = TRUE;
+ return;
+ }
+
+ g_assert_not_reached ();
+}
+
+static gboolean
+auth_for_redirect_callback (SoupMessage *msg, SoupAuth *auth, gboolean retrying, gpointer user_data)
+{
+ GUri *known_server_uri = user_data;
+
+ if (!soup_uri_host_equal (known_server_uri, soup_message_get_uri (msg)))
+ return FALSE;
+
+ soup_auth_authenticate (auth, "user", "good-basic");
+
+ return TRUE;
+}
+
+static void
+do_strip_on_crossorigin_redirect (void)
+{
+ SoupSession *session;
+ SoupMessage *msg;
+ SoupServer *server1, *server2;
+ SoupAuthDomain *auth_domain;
+ GUri *uri;
+ gint status;
+
+ server1 = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
+ server2 = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
+
+ /* Both servers have the same credentials. */
+ auth_domain = soup_auth_domain_basic_new ("realm", "auth-test", "auth-callback", server_basic_auth_callback, NULL);
+ soup_auth_domain_add_path (auth_domain, "/");
+ soup_server_add_auth_domain (server1, auth_domain);
+ soup_server_add_auth_domain (server2, auth_domain);
+ g_object_unref (auth_domain);
+
+ /* Server 1 asks for auth, then redirects to Server 2. */
+ soup_server_add_handler (server1, NULL,
+ redirect_server_callback,
+ soup_test_server_get_uri (server2, "http", NULL), (GDestroyNotify)g_uri_unref);
+ /* Server 2 requires auth. */
+ soup_server_add_handler (server2, NULL, server_callback, NULL, NULL);
+
+ session = soup_test_session_new (NULL);
+ uri = soup_test_server_get_uri (server1, "http", NULL);
+ msg = soup_message_new_from_uri ("GET", uri);
+ /* The client only sends credentials for the host it knows. */
+ g_signal_connect (msg, "authenticate", G_CALLBACK (auth_for_redirect_callback), uri);
+
+ status = soup_test_session_send_message (session, msg);
+
+ g_assert_cmpint (status, ==, SOUP_STATUS_UNAUTHORIZED);
+
+ g_uri_unref (uri);
+ soup_test_server_quit_unref (server1);
+ soup_test_server_quit_unref (server2);
+}
+
int
main (int argc, char **argv)
{
@@ -1626,6 +1702,7 @@ main (int argc, char **argv)
g_test_add_func ("/auth/async-message-do-not-use-auth-cache", do_async_message_do_not_use_auth_cache_test);
g_test_add_func ("/auth/authorization-header-request", do_message_has_authorization_header_test);
g_test_add_func ("/auth/cancel-after-retry", do_cancel_after_retry_test);
+ g_test_add_func ("/auth/strip-on-crossorigin-redirect", do_strip_on_crossorigin_redirect);
g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test);
g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test);
g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test);
--
2.33.0

25
backport-Handle-sniffing-bytes-with-0-size.patch Normal file
View File

@ -0,0 +1,25 @@
From b0fd7e1f65049b7efdf50febe6765039de4289ed Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Wed, 16 Dec 2020 15:54:32 -0600
Subject: [PATCH] Handle sniffing bytes with 0 size
---
libsoup/soup-content-sniffer.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
index cb4255ade..cf5da7e1f 100644
--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -507,6 +507,9 @@ sniff_unknown (SoupContentSniffer *sniffer, GBytes *buffer,
guint resource_length = MIN (512, buffer->length);
guint i;
+ if (resource_length == 0)
+ return g_strdup ("application/octet-stream");
+
for (i = 0; i < G_N_ELEMENTS (types_table); i++) {
SoupContentSnifferPattern *type_row = &(types_table[i]);
--
GitLab

60
backport-content-sniffer-empty-resources-should-be-considered-text-plain.patch Normal file
View File

@ -0,0 +1,60 @@
From f7df4e4e1f7314ff309e4d26fcd7f352c33870ef Mon Sep 17 00:00:00 2001
From: Carlos Garcia Campos <cgarcia@igalia.com>
Date: Wed, 17 Feb 2021 14:08:40 +0100
Subject: [PATCH] content-sniffer: empty resources should be considered
text/plain
Instead of application/octet-stream according to the HTML5 spec
---
libsoup/soup-content-sniffer.c | 2 +-
tests/sniffing-test.c | 13 +++++++++----
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
index f5a13d18c..948dc182d 100644
--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -507,7 +507,7 @@ sniff_unknown (SoupContentSniffer *sniffer, GBytes *buffer,
guint i;
if (resource_length == 0)
- return g_strdup ("application/octet-stream");
+ return g_strdup ("text/plain");
for (i = 0; i < G_N_ELEMENTS (types_table); i++) {
SoupContentSnifferPattern *type_row = &(types_table[i]);
diff --git a/tests/sniffing-test.c b/tests/sniffing-test.c
index 1f2bb9115..23e05c1a3 100644
--- a/tests/sniffing-test.c
+++ b/tests/sniffing-test.c
@@ -79,11 +79,13 @@ server_callback (SoupServer *server,
}
if (g_str_has_prefix (path, "/unknown/")) {
- char *base_name = g_path_get_basename (path);
+ if (!empty_response) {
+ char *base_name = g_path_get_basename (path);
- response = soup_test_load_resource (base_name, &error);
- g_assert_no_error (error);
- g_free (base_name);
+ response = soup_test_load_resource (base_name, &error);
+ g_assert_no_error (error);
+ g_free (base_name);
+ }
soup_message_headers_append (msg->response_headers,
"Content-Type", "UNKNOWN/unknown");
@@ -439,6 +441,9 @@ main (int argc, char **argv)
g_test_add_data_func ("/sniffing/type/unknown-mbox",
"unknown/mbox => text/plain",
do_sniffing_test);
+ g_test_add_data_func ("/sniffing/type/unknown-empty",
+ "unknown/mbox?empty_response=yes => text/plain",
+ do_sniffing_test);
g_test_add_data_func ("/sniffing/type/unknown-binary",
"unknown/text_binary.txt => application/octet-stream",
do_sniffing_test);
--
GitLab

58
libsoup.spec
View File

@ -1,13 +1,13 @@
Name: libsoup
Version: 2.74.3
Release: 4
Release: 9
Summary: An HTTP library implementation
License: LGPLv2
URL: https://wiki.gnome.org/Projects/libsoup
Source0: https://download.gnome.org/sources/%{name}/2.74/%{name}-%{version}.tar.xz
BuildRequires: glib2-devel glib-networking krb5-devel gobject-introspection-devel gettext
BuildRequires: libxml2-devel libpsl-devel sqlite-devel vala gtk-doc meson libxslt
BuildRequires: samba-winbind-clients brotli-devel
BuildRequires: samba-winbind-clients brotli-devel git
BuildRequires: pkgconfig(sysprof-capture-4)
Requires: glib2 glib-networking
@ -18,6 +18,28 @@ Patch6002: backport-0001-CVE-2024-52531.patch
Patch6003: backport-0002-CVE-2024-52531.patch
Patch6004: backport-0001-CVE-2024-52532.patch
Patch6005: backport-0002-CVE-2024-52532.patch
Patch6007: backport-CVE-2025-32050.patch
Patch6008: backport-CVE-2025-32052.patch
Patch6009: backport-0001-CVE-2025-32053.patch
Patch6010: backport-0002-CVE-2025-32053.patch
Patch6011: backport-CVE-2025-2784.patch
Patch6012: backport-0001-CVE-2025-32906.patch
Patch6013: backport-0002-CVE-2025-32906.patch
Patch6014: backport-0001-CVE-2025-32910-CVE-2025-32912.patch
Patch6015: backport-0002-CVE-2025-32910-CVE-2025-32912.patch
Patch6016: backport-0003-CVE-2025-32910-CVE-2025-32912.patch
Patch6017: backport-0001-CVE-2025-32911-CVE-2025-32913.patch
Patch6018: backport-0002-CVE-2025-32911-CVE-2025-32913.patch
Patch6019: backport-0004-CVE-2025-32912.patch
Patch6020: backport-0005-CVE-2025-32912.patch
Patch6021: backport-0006-CVE-2025-32912.patch
Patch6022: backport-Handle-sniffing-bytes-with-0-size.patch
Patch6023: backport-content-sniffer-empty-resources-should-be-considered-text-plain.patch
Patch6024: backport-CVE-2025-32909.patch
Patch6025: backport-CVE-2025-32914.patch
Patch6026: backport-CVE-2025-32907.patch
Patch6027: backport-CVE-2025-46420.patch
Patch6028: backport-CVE-2025-46421.patch
%description
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop,
@ -34,7 +56,7 @@ The %{name}-devel package contains libraries and header files for %{name}.
%package_help
%prep
%autosetup -n %{name}-%{version} -p1
%autosetup -n %{name}-%{version} -p1 -S git
%build
%meson -Dgtk_doc=true
@ -69,6 +91,36 @@ sed -i 's/idm[0-9]\{5,32\}/idm12345678912345/g' %{buildroot}%{_datadir}/gtk-doc/
%{_datadir}/gtk-doc/html/libsoup-2.4/*
%changelog
* Tue Apr 29 2025 zhangpan <zhangpan103@h-partners.com> - 2.74.3-9
- Type:cves
- ID:CVE-2025-46420 CVE-2025-46421
- SUG:NA
- DESC:fix CVE-2025-46420 CVE-2025-46421
* Wed Apr 23 2025 zhangpan <zhangpan103@h-partners.com> - 2.74.3-8
- Type:cves
- ID:CVE-2025-32907 CVE-2025-32914
- SUG:NA
- DESC:fix CVE-2025-32907 CVE-2025-32914
* Mon Apr 21 2025 zhangpan <zhangpan103@h-partners.com> - 2.74.3-7
- Type:cves
- ID:CVE-2025-32906 CVE-2025-32909 CVE-2025-32910 CVE-2025-32911 CVE-2025-32912 CVE-2025-32913
- SUG:NA
- DESC:fix CVE-2025-32906 CVE-2025-32909 CVE-2025-32910 CVE-2025-32911 CVE-2025-32912 CVE-2025-32913
* Thu Apr 17 2025 maoyanping <maoyanping@xfusion.com> - 2.74.3-6
- Type:cves
- ID:CVE-2025-32912
- SUG:NA
- DESC:fix CVE-2025-32912
* Tue Apr 8 2025 zhangpan <zhangpan103@h-partners.com> - 2.74.3-5
- Type:cves
- ID:CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-2784
- SUG:NA
- DESC:fix CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-2784
* Thu Nov 14 2024 xinghe <xinghe2@h-partners.com> - 2.74.3-4
- Type:cves
- ID:CVE-2024-52530 CVE-2024-52531 CVE-2024-52532