rpms/libsoup
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport an upstream patch for CVE-2018-12910

Browse Source
This commit is contained in:
Kalev Lember 2018-06-28 19:46:44 +02:00
parent 42c717870a
commit 7af4d29cc4
2 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch Normal file
View File

@ -0,0 +1,29 @@
From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Sun, 24 Jun 2018 19:46:19 -0500
Subject: [PATCH] cookie-jar: bail if hostname is an empty string
There are several other ways to fix the problem with this function, but
skipping over all of the code is probably the simplest.
Fixes #3
---
libsoup/soup-cookie-jar.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
index 2369c8a..b2b7890 100644
--- a/libsoup/soup-cookie-jar.c
+++ b/libsoup/soup-cookie-jar.c
@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
priv = soup_cookie_jar_get_instance_private (jar);
- if (!uri->host)
+ if (!uri->host || !uri->host[0])
return NULL;
/* The logic here is a little weird, but the plan is that if
--
2.17.1

9
libsoup.spec
View File

@ -2,12 +2,14 @@
Name: libsoup Name: libsoup
Version: 2.62.2 Version: 2.62.2
Release: 1%{?dist} Release: 2%{?dist}
Summary: Soup, an HTTP library implementation Summary: Soup, an HTTP library implementation
License: LGPLv2 License: LGPLv2
URL: https://wiki.gnome.org/Projects/libsoup URL: https://wiki.gnome.org/Projects/libsoup
Source0: https://download.gnome.org/sources/%{name}/2.62/%{name}-%{version}.tar.xz Source0: https://download.gnome.org/sources/%{name}/2.62/%{name}-%{version}.tar.xz
# Backported from upstream
Patch0: 0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch
BuildRequires: chrpath BuildRequires: chrpath
BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: glib2-devel >= %{glib2_version}
@ -42,7 +44,7 @@ Libsoup is an HTTP library implementation in C. This package allows
you to develop applications that use the libsoup library. you to develop applications that use the libsoup library.
%prep %prep
%setup -q %autosetup -p1
%build %build
%configure --disable-static %configure --disable-static
@ -81,6 +83,9 @@ chrpath --delete $RPM_BUILD_ROOT%{_libdir}/*.so
%{_datadir}/vala/vapi/libsoup-2.4.vapi %{_datadir}/vala/vapi/libsoup-2.4.vapi
%changelog %changelog
* Thu Jun 28 2018 Kalev Lember <klember@redhat.com> - 2.62.2-2
- Backport an upstream patch for CVE-2018-12910
* Tue May 08 2018 Kalev Lember <klember@redhat.com> - 2.62.2-1 * Tue May 08 2018 Kalev Lember <klember@redhat.com> - 2.62.2-1
- Update to 2.62.2 - Update to 2.62.2