import libsoup-2.74.3-7.el10

i10ce changed/i10ce/libsoup-2.74.3-7.el10
Arkady L. Shane 3 days ago
parent 57ff7af363
commit 3d26265c77
Signed by: tigro
GPG Key ID: 1EC08A25C9DB2503

2
.gitignore vendored

@ -1 +1 @@
SOURCES/libsoup-2.72.0.tar.xz SOURCES/libsoup-2.74.3.tar.xz

@ -1 +1 @@
6aaed6b49b13e287b7c3bba546ba49fec4ea72a5 SOURCES/libsoup-2.72.0.tar.xz 657ce6cbfacbc7ab175de5207f80c1235d2f8092 SOURCES/libsoup-2.74.3.tar.xz

@ -1,145 +0,0 @@
From 04df03bc092ac20607f3e150936624d4f536e68b Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Mon, 8 Jul 2024 12:33:15 -0500
Subject: [PATCH] headers: Strictly don't allow NUL bytes
In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem.
---
libsoup/soup-headers.c | 15 +++------
tests/header-parsing-test.c | 62 +++++++++++++++++--------------------
2 files changed, 32 insertions(+), 45 deletions(-)
diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
index a0cf351a..f30ee467 100644
--- a/libsoup/soup-headers.c
+++ b/libsoup/soup-headers.c
@@ -51,13 +51,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
* ignorable trailing whitespace.
*/
+ /* No '\0's are allowed */
+ if (memchr (str, '\0', len))
+ return FALSE;
+
/* Skip over the Request-Line / Status-Line */
headers_start = memchr (str, '\n', len);
if (!headers_start)
return FALSE;
- /* No '\0's in the Request-Line / Status-Line */
- if (memchr (str, '\0', headers_start - str))
- return FALSE;
/* We work on a copy of the headers, which we can write '\0's
* into, so that we don't have to individually g_strndup and
@@ -69,14 +70,6 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
headers_copy[copy_len] = '\0';
value_end = headers_copy;
- /* There shouldn't be any '\0's in the headers already, but
- * this is the web we're talking about.
- */
- while ((p = memchr (headers_copy, '\0', copy_len))) {
- memmove (p, p + 1, copy_len - (p - headers_copy));
- copy_len--;
- }
-
while (*(value_end + 1)) {
name = value_end + 1;
name_end = strchr (name, ':');
diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
index edf8eebb..715c2c6f 100644
--- a/tests/header-parsing-test.c
+++ b/tests/header-parsing-test.c
@@ -358,24 +358,6 @@ static struct RequestTest {
}
},
- { "NUL in header name", "760832",
- "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
- SOUP_STATUS_OK,
- "GET", "/", SOUP_HTTP_1_1,
- { { "Host", "example.com" },
- { NULL }
- }
- },
-
- { "NUL in header value", "760832",
- "GET / HTTP/1.1\r\nHost: example\x00" "com\r\n", 35,
- SOUP_STATUS_OK,
- "GET", "/", SOUP_HTTP_1_1,
- { { "Host", "examplecom" },
- { NULL }
- }
- },
-
/************************/
/*** INVALID REQUESTS ***/
/************************/
@@ -448,6 +430,21 @@ static struct RequestTest {
SOUP_STATUS_EXPECTATION_FAILED,
NULL, NULL, -1,
{ { NULL } }
+ },
+
+ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
+ { "NUL in header name", NULL,
+ "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
+ SOUP_STATUS_BAD_REQUEST,
+ NULL, NULL, -1,
+ { { NULL } }
+ },
+
+ { "NUL in header value", NULL,
+ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+ SOUP_STATUS_BAD_REQUEST,
+ NULL, NULL, -1,
+ { { NULL } }
}
};
static const int num_reqtests = G_N_ELEMENTS (reqtests);
@@ -620,22 +617,6 @@ static struct ResponseTest {
{ NULL } }
},
- { "NUL in header name", "760832",
- "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
- { { "Foo", "bar" },
- { NULL }
- }
- },
-
- { "NUL in header value", "760832",
- "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
- { { "Foo", "bar" },
- { NULL }
- }
- },
-
/********************************/
/*** VALID CONTINUE RESPONSES ***/
/********************************/
@@ -768,6 +749,19 @@ static struct ResponseTest {
{ { NULL }
}
},
+
+ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
+ { "NUL in header name", NULL,
+ "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
+ -1, 0, NULL,
+ { { NULL } }
+ },
+
+ { "NUL in header value", "760832",
+ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+ -1, 0, NULL,
+ { { NULL } }
+ },
};
static const int num_resptests = G_N_ELEMENTS (resptests);
--
2.45.2

@ -1,15 +0,0 @@
diff -up libsoup-2.62.3/libsoup/soup-websocket-connection.c.cve-2024-52532 libsoup-2.62.3/libsoup/soup-websocket-connection.c
--- libsoup-2.62.3/libsoup/soup-websocket-connection.c.cve-2024-52532 2024-11-12 12:00:27.183570627 +0100
+++ libsoup-2.62.3/libsoup/soup-websocket-connection.c 2024-11-12 12:01:02.334987409 +0100
@@ -1041,9 +1041,9 @@ soup_websocket_connection_read (SoupWebs
}
pv->incoming->len = len + count;
- } while (count > 0);
+ process_incoming (self);
+ } while (count > 0 && !pv->close_sent && !pv->io_closing);
- process_incoming (self);
if (end) {
if (!pv->close_sent || !pv->close_received) {

@ -1,38 +0,0 @@
From 29b96fab2512666d7241e46c98cc45b60b795c0c Mon Sep 17 00:00:00 2001
From: Ignacio Casal Quinteiro <qignacio@amazon.com>
Date: Wed, 2 Oct 2024 11:17:19 +0200
Subject: [PATCH 2/2] websocket-test: disconnect error copy after the test ends
Otherwise the server will have already sent a few more wrong
bytes and the client will continue getting errors to copy
but the error is already != NULL and it will assert
---
tests/websocket-test.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tests/websocket-test.c b/tests/websocket-test.c
index 06c443bb..6a48c1f9 100644
--- a/tests/websocket-test.c
+++ b/tests/websocket-test.c
@@ -1539,8 +1539,9 @@ test_receive_invalid_encode_length_64 (Test *test,
GError *error = NULL;
InvalidEncodeLengthTest context = { test, NULL };
guint i;
+ guint error_id;
- g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
+ error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received);
/* We use 127(\x7f) as payload length with 65535 extended length */
@@ -1553,6 +1554,7 @@ test_receive_invalid_encode_length_64 (Test *test,
WAIT_UNTIL (error != NULL || received != NULL);
g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR);
g_clear_error (&error);
+ g_signal_handler_disconnect (test->client, error_id);
g_assert_null (received);
g_thread_join (thread);
--
2.45.2

@ -0,0 +1,43 @@
From ced3c5d8cad0177b297666343f1561799dfefb0d Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Wed, 22 Nov 2023 18:49:10 -0800
Subject: [PATCH] Fix build with libxml2-2.12.0 and clang-17
Fixes build errors about missing function prototypes with clang-17
Fixes
| ../libsoup-2.74.3/libsoup/soup-xmlrpc-old.c:512:8: error: call to undeclared function 'xmlParseMemory'; ISO C99 and later do not support implicit function declarations
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
libsoup/soup-xmlrpc-old.c | 1 +
libsoup/soup-xmlrpc.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/libsoup/soup-xmlrpc-old.c b/libsoup/soup-xmlrpc-old.c
index c57086b6a..527e3b235 100644
--- a/libsoup/soup-xmlrpc-old.c
+++ b/libsoup/soup-xmlrpc-old.c
@@ -11,6 +11,7 @@
#include <string.h>
+#include <libxml/parser.h>
#include <libxml/tree.h>
#include "soup-xmlrpc-old.h"
diff --git a/libsoup/soup-xmlrpc.c b/libsoup/soup-xmlrpc.c
index 42dcda9c7..e991cbf01 100644
--- a/libsoup/soup-xmlrpc.c
+++ b/libsoup/soup-xmlrpc.c
@@ -17,6 +17,7 @@
#include <string.h>
#include <errno.h>
+#include <libxml/parser.h>
#include <libxml/tree.h>
#include "soup-xmlrpc.h"
#include "soup.h"
--
GitLab

@ -4,20 +4,18 @@
%{!?with_docs: %global with_docs 1} %{!?with_docs: %global with_docs 1}
Name: libsoup Name: libsoup
Version: 2.72.0 Version: 2.74.3
Release: 8%{?dist}.2 Release: 7%{?dist}
Summary: Soup, an HTTP library implementation Summary: Soup, an HTTP library implementation
License: LGPLv2 License: LGPL-2.0-only
URL: https://wiki.gnome.org/Projects/libsoup URL: https://wiki.gnome.org/Projects/libsoup
Source0: https://download.gnome.org/sources/%{name}/2.72/%{name}-%{version}.tar.xz Source0: https://download.gnome.org/sources/%{name}/2.74/%{name}-%{version}.tar.xz
# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/385
Patch: 0001-headers-Strictly-don-t-allow-NUL-bytes.patch Patch: libsoup-2.74.3-libxml2-2.12.0-includes.patch
Patch: 0001-websocket-process-the-frame-as-soon-as-we-read-data.patch
Patch: 0002-websocket-test-disconnect-error-copy-after-the-test-.patch
BuildRequires: gettext BuildRequires: gettext
BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version}
BuildRequires: glib-networking BuildRequires: glib-networking
%if %{with_docs} %if %{with_docs}
BuildRequires: gtk-doc BuildRequires: gtk-doc
@ -116,20 +114,47 @@ This package contains developer documentation for %{name}.
%endif %endif
%changelog %changelog
* Tue Nov 12 2024 Tomas Popela <tpopela@redhat.com> - 2.72.0-8.el9_5.2 * Tue Dec 24 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 2.74.3-7
- Backport upstream patch for CVE-2024-52532 - infinite loop while reading websocket data - Rebuilt for MSVSphere 10
- Resolves: RHEL-67068
* Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.74.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.74.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.74.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Nov 29 2023 David King <amigadave@amigadave.com> - 2.74.3-4
- Fix building against libxml2 2.12.0
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.74.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.74.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Oct 28 2022 David King <amigadave@amigadave.com> - 2.74.3-1
- Update to 2.74.3
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.74.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.74.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Dec 07 2021 Kalev Lember <klember@redhat.com> - 2.74.2-1
- Update to 2.74.2
* Tue Nov 12 2024 Tomas Popela <tpopela@redhat.com> - 2.72.0-8.el9_5.1 * Wed Oct 27 2021 Kalev Lember <klember@redhat.com> - 2.74.1-1
- Backport upstream patch for CVE-2024-52530 - HTTP request smuggling via stripping null bytes from the ends of header names - Update to 2.74.1
- Resolves: RHEL-67080
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.72.0-8 * Wed Sep 08 2021 Kalev Lember <klember@redhat.com> - 2.74.0-1
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Update to 2.74.0
Related: rhbz#1991688
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.72.0-7 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.72.0-7
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Mar 26 2021 Kalev Lember <klember@redhat.com> - 2.72.0-6 * Fri Mar 26 2021 Kalev Lember <klember@redhat.com> - 2.72.0-6
- Rebuild to fix sysprof-capture symbols leaking into libraries consuming it - Rebuild to fix sysprof-capture symbols leaking into libraries consuming it

Loading…
Cancel
Save