Backport an upstream patch for CVE-2018-12910
This commit is contained in:
Kalev Lember
parent
42c717870a
commit
7af4d29cc4
29
0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch
Normal file
29
0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001
|
||||
From: Michael Catanzaro <mcatanzaro@igalia.com>
|
||||
Date: Sun, 24 Jun 2018 19:46:19 -0500
|
||||
Subject: [PATCH] cookie-jar: bail if hostname is an empty string
|
||||
|
||||
There are several other ways to fix the problem with this function, but
|
||||
skipping over all of the code is probably the simplest.
|
||||
|
||||
Fixes #3
|
||||
---
|
||||
libsoup/soup-cookie-jar.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
|
||||
index 2369c8a..b2b7890 100644
|
||||
--- a/libsoup/soup-cookie-jar.c
|
||||
+++ b/libsoup/soup-cookie-jar.c
|
||||
@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
|
||||
|
||||
priv = soup_cookie_jar_get_instance_private (jar);
|
||||
|
||||
- if (!uri->host)
|
||||
+ if (!uri->host || !uri->host[0])
|
||||
return NULL;
|
||||
|
||||
/* The logic here is a little weird, but the plan is that if
|
||||
--
|
||||
2.17.1
|
||||
|
||||
@ -2,12 +2,14 @@
|
||||
|
||||
Name: libsoup
|
||||
Version: 2.62.2
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: Soup, an HTTP library implementation
|
||||
|
||||
License: LGPLv2
|
||||
URL: https://wiki.gnome.org/Projects/libsoup
|
||||
Source0: https://download.gnome.org/sources/%{name}/2.62/%{name}-%{version}.tar.xz
|
||||
# Backported from upstream
|
||||
Patch0: 0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch
|
||||
|
||||
BuildRequires: chrpath
|
||||
BuildRequires: glib2-devel >= %{glib2_version}
|
||||
@ -42,7 +44,7 @@ Libsoup is an HTTP library implementation in C. This package allows
|
||||
you to develop applications that use the libsoup library.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
%configure --disable-static
|
||||
@ -81,6 +83,9 @@ chrpath --delete $RPM_BUILD_ROOT%{_libdir}/*.so
|
||||
%{_datadir}/vala/vapi/libsoup-2.4.vapi
|
||||
|
||||
%changelog
|
||||
* Thu Jun 28 2018 Kalev Lember <klember@redhat.com> - 2.62.2-2
|
||||
- Backport an upstream patch for CVE-2018-12910
|
||||
|
||||
* Tue May 08 2018 Kalev Lember <klember@redhat.com> - 2.62.2-1
|
||||
- Update to 2.62.2
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user