diff --git a/fix-ssl-test.patch b/fix-ssl-test.patch new file mode 100644 index 0000000..97d4ae7 --- /dev/null +++ b/fix-ssl-test.patch @@ -0,0 +1,123 @@ +From c720f9c696b3b39d8c386abf8c8a9ddad447cda0 Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Wed, 9 Sep 2020 14:44:25 +0200 +Subject: [PATCH 1/2] tests: fix SSL test with glib-networking >= 2.65.90 + +To make SSL tests fail with our testing certificate we create and empty +GTlsDatabase passing /dev/null to g_tls_file_database_new(). This no +longer works with newer glib-networking, since an empty file is +considered an error by gnutls and +g_tls_file_database_gnutls_populate_trust_list() now handles gnutls +errors properly. Instead, we can just use the system CA file that won't +contain our testing certificate for sure. + +Fixes #201 +--- + tests/ssl-test.c | 12 +++--------- + 1 file changed, 3 insertions(+), 9 deletions(-) + +diff --git a/tests/ssl-test.c b/tests/ssl-test.c +index 735ba416..2c93ca85 100644 +--- a/tests/ssl-test.c ++++ b/tests/ssl-test.c +@@ -3,7 +3,6 @@ + #include "test-utils.h" + + SoupURI *uri; +-GTlsDatabase *null_tlsdb; + + static void + do_properties_test_for_session (SoupSession *session) +@@ -37,7 +36,7 @@ do_async_properties_tests (void) + + session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL); + g_object_set (G_OBJECT (session), +- SOUP_SESSION_TLS_DATABASE, null_tlsdb, ++ SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, + SOUP_SESSION_SSL_STRICT, FALSE, + NULL); + do_properties_test_for_session (session); +@@ -53,7 +52,7 @@ do_sync_properties_tests (void) + + session = soup_test_session_new (SOUP_TYPE_SESSION_SYNC, NULL); + g_object_set (G_OBJECT (session), +- SOUP_SESSION_TLS_DATABASE, null_tlsdb, ++ SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, + SOUP_SESSION_SSL_STRICT, FALSE, + NULL); + do_properties_test_for_session (session); +@@ -106,7 +105,7 @@ do_strictness_test (gconstpointer data) + } + if (!test->with_ca_list) { + g_object_set (G_OBJECT (session), +- SOUP_SESSION_TLS_DATABASE, null_tlsdb, ++ SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, + NULL); + } + +@@ -433,7 +432,6 @@ main (int argc, char **argv) + { + SoupServer *server = NULL; + int i, ret; +- GError *error = NULL; + + test_init (argc, argv, NULL); + +@@ -441,9 +439,6 @@ main (int argc, char **argv) + server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD); + soup_server_add_handler (server, NULL, server_handler, NULL, NULL); + uri = soup_test_server_get_uri (server, "https", "127.0.0.1"); +- +- null_tlsdb = g_tls_file_database_new ("/dev/null", &error); +- g_assert_no_error (error); + } else + uri = NULL; + +@@ -463,7 +458,6 @@ main (int argc, char **argv) + if (tls_available) { + soup_uri_free (uri); + soup_test_server_quit_unref (server); +- g_object_unref (null_tlsdb); + } + + test_cleanup (); +-- +2.43.5 + + +From 0fbc7e8220c32f4848d6f1407efe81cc13ab18ef Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Sat, 18 Jan 2025 01:20:24 -0600 +Subject: [PATCH 2/2] Add workaround for flaky ssl-test connection failures + +--- + tests/ssl-test.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/tests/ssl-test.c b/tests/ssl-test.c +index 2c93ca85..1b48c6aa 100644 +--- a/tests/ssl-test.c ++++ b/tests/ssl-test.c +@@ -348,6 +348,19 @@ got_connection (GThreadedSocketService *service, + g_clear_error (&error); + } + ++ // Work around a race condition where do_tls_interaction_test's call to ++ // soup_session_send_message() fails due to the server having closed the ++ // connection: ++ // ++ // ERROR:../tests/ssl-test.c:405:do_tls_interaction_test: Unexpected status 7 Connection terminated unexpectedly (expected 200 OK) ++ // ++ // This bug is already fixed upstream, so no sense in spending a bunch ++ // of time trying to find a proper fix. ++ // ++ // I'm not certain, but I suspect it's fixed by: ++ // https://gitlab.gnome.org/GNOME/libsoup/-/commit/bd6de90343839125bd07c43c97e1000deb0b40c3 ++ sleep (1); ++ + g_io_stream_close (tls, NULL, &error); + g_assert_no_error (error); + +-- +2.43.5 + diff --git a/libsoup.spec b/libsoup.spec index 1cb2331..cf0ebb7 100644 --- a/libsoup.spec +++ b/libsoup.spec @@ -5,13 +5,18 @@ Name: libsoup Version: 2.72.0 -Release: 9%{?dist} +Release: 10%{?dist} Summary: Soup, an HTTP library implementation License: LGPLv2 URL: https://wiki.gnome.org/Projects/libsoup Source0: https://download.gnome.org/sources/%{name}/2.72/%{name}-%{version}.tar.xz +# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/426 +Patch: test-timeouts.patch +# https://issues.redhat.com/browse/RHEL-76426 +Patch: fix-ssl-test.patch + # https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/402 Patch: CVE-2024-52530.patch # https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407 @@ -87,6 +92,9 @@ This package contains developer documentation for %{name}. %install %meson_install +%check +%meson_test + %find_lang libsoup %files -f libsoup.lang @@ -120,6 +128,10 @@ This package contains developer documentation for %{name}. %endif %changelog +* Mon Jan 28 2025 Michael Catanzaro - 2.72.0-10 +- Enable tests in check, and add patches to fix tests + Resolves: RHEL-76426 + * Fri Jan 10 2025 Michael Catanzaro - 2.72.0-9 - Add patches for CVE-2024-52530, CVE-2024-52531, and CVE-2024-52532 Resolves: RHEL-67069 diff --git a/test-timeouts.patch b/test-timeouts.patch new file mode 100644 index 0000000..5a96389 --- /dev/null +++ b/test-timeouts.patch @@ -0,0 +1,14 @@ +diff --git a/tests/meson.build b/tests/meson.build +index 5482aa86..bd90df15 100644 +--- a/tests/meson.build ++++ b/tests/meson.build +@@ -190,7 +190,7 @@ foreach test: tests + ) + # Increase the timeout as on some architectures the tests could be slower + # than the default 30 seconds. +- test(test_name, test_target, env : env, is_parallel : test[1], timeout : 60) ++ test(test_name, test_target, env : env, is_parallel : test[1], timeout : 300) + endforeach + + executable('ntlm-test-helper', 'ntlm-test-helper.c', +