From 8ac0b4e8911af1c7073ea867cf46f28fd41002a3 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Mon, 12 Jan 2026 02:54:54 +0000 Subject: [PATCH] import UBI libsoup-2.72.0-12.el9_7.3 --- SOURCES/CVE-2025-14523.patch | 74 ++++++++++++++++++++++++++++++++++++ SPECS/libsoup.spec | 10 ++++- 2 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 SOURCES/CVE-2025-14523.patch diff --git a/SOURCES/CVE-2025-14523.patch b/SOURCES/CVE-2025-14523.patch new file mode 100644 index 0000000..32d2cba --- /dev/null +++ b/SOURCES/CVE-2025-14523.patch @@ -0,0 +1,74 @@ +From 02a207c3667a1e00be0d63aacb8427de71962008 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Wed, 7 Jan 2026 14:50:33 -0600 +Subject: [PATCH] Reject duplicate Host headers (for libsoup 2) + +This is a simplified version of my patch for libsoup 3: + +https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/491 +--- + libsoup/soup-headers.c | 3 +++ + libsoup/soup-message-headers.c | 3 +++ + tests/header-parsing-test.c | 18 ++++++++++++++++++ + 3 files changed, 24 insertions(+) + +diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c +index ea2f986b..6cd3dad9 100644 +--- a/libsoup/soup-headers.c ++++ b/libsoup/soup-headers.c +@@ -138,6 +138,9 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest) + for (p = strchr (value, '\r'); p; p = strchr (p, '\r')) + *p = ' '; + ++ if (g_ascii_strcasecmp (name, "Host") == 0 && soup_message_headers_get_one (dest, "Host")) ++ goto done; ++ + soup_message_headers_append (dest, name, value); + } + success = TRUE; +diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c +index f612bff1..bb20bbb2 100644 +--- a/libsoup/soup-message-headers.c ++++ b/libsoup/soup-message-headers.c +@@ -220,6 +220,9 @@ soup_message_headers_append (SoupMessageHeaders *hdrs, + } + #endif + ++ if (g_ascii_strcasecmp (name, "Host") == 0 && soup_message_headers_get_one (hdrs, "Host")) ++ return; ++ + header.name = intern_header_name (name, &setter); + header.value = g_strdup (value); + g_array_append_val (hdrs->array, header); +diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c +index 206f1f2c..e823a68b 100644 +--- a/tests/header-parsing-test.c ++++ b/tests/header-parsing-test.c +@@ -468,6 +468,24 @@ static struct RequestTest { + SOUP_STATUS_BAD_REQUEST, + NULL, NULL, -1, + { { NULL } } ++ }, ++ ++ { "Duplicate Host headers", ++ "https://gitlab.gnome.org/GNOME/libsoup/-/issues/472", ++ "GET / HTTP/1.1\r\nHost: example.com\r\nHost: example.org\r\n", ++ -1, ++ SOUP_STATUS_BAD_REQUEST, ++ NULL, NULL, -1, ++ { { NULL } } ++ }, ++ ++ { "Duplicate Host headers (case insensitive)", ++ "https://gitlab.gnome.org/GNOME/libsoup/-/issues/472", ++ "GET / HTTP/1.1\r\nHost: example.com\r\nhost: example.org\r\n", ++ -1, ++ SOUP_STATUS_BAD_REQUEST, ++ NULL, NULL, -1, ++ { { NULL } } + } + }; + static const int num_reqtests = G_N_ELEMENTS (reqtests); +-- +2.52.0 + diff --git a/SPECS/libsoup.spec b/SPECS/libsoup.spec index 0f7c904..dd3cb14 100644 --- a/SPECS/libsoup.spec +++ b/SPECS/libsoup.spec @@ -5,7 +5,7 @@ Name: libsoup Version: 2.72.0 -Release: 12%{?dist}.1 +Release: 12%{?dist}.3 Summary: Soup, an HTTP library implementation License: LGPLv2 @@ -52,6 +52,8 @@ Patch: CVE-2025-2784.patch Patch: CVE-2025-4948.patch # https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/473 Patch: CVE-2025-4945-CVE-2025-11021.patch +# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/491 +Patch: CVE-2025-14523.patch BuildRequires: gettext BuildRequires: glib2-devel >= %{glib2_version} @@ -156,6 +158,12 @@ This package contains developer documentation for %{name}. %endif %changelog +* Thu Jan 08 2026 Michael Catanzaro - 2.72.0-12.3 +- Fix patch for CVE-2025-14523 to handle comparison case-insensitively + +* Wed Jan 07 2026 Michael Catanzaro - 2.72.0-12.2 +- Backport patch for CVE-2025-14523 + * Thu Oct 30 2025 Michael Catanzaro - 2.72.0-12.1 - Backport patch for CVE-2025-4945 and CVE-2025-11021