rpms/libsoup
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c9
rpms:c8s
rpms:c9s
rpms:c9-beta
rpms:c8-beta
rpms:c10s
rpms:imports/c9/libsoup-2.72.0-12.el9_7.1
rpms:imports/c9/libsoup-2.72.0-10.el9_6.3
rpms:imports/c8/libsoup-2.62.3-10.el8_10
rpms:imports/c8/libsoup-2.62.3-9.el8_10
rpms:imports/c9/libsoup-2.72.0-10.el9_6.2
rpms:imports/c9/libsoup-2.72.0-10.el9_6.1
rpms:imports/c8/libsoup-2.62.3-8.el8_10
rpms:imports/c9-beta/libsoup-2.72.0-10.el9
rpms:imports/c8/libsoup-2.62.3-7.el8_10
rpms:imports/c9/libsoup-2.72.0-8.el9_5.3
rpms:imports/c8/libsoup-2.62.3-6.el8_10
rpms:imports/c9/libsoup-2.72.0-8.el9_5.2
rpms:imports/c8/libsoup-2.62.3-5.el8
rpms:imports/c8/libsoup-2.62.3-4.el8
rpms:imports/c8-beta/libsoup-2.62.3-4.el8
rpms:imports/c8/libsoup-2.62.3-3.el8
rpms:imports/c8-beta/libsoup-2.62.3-3.el8
rpms:imports/c8s/libsoup-2.62.3-3.el8
rpms:imports/c9/libsoup-2.72.0-8.el9
rpms:imports/c9-beta/libsoup-2.72.0-8.el9
rpms:imports/c8-beta/libsoup-2.62.3-2.el8
rpms:imports/c8-beta/libsoup-2.62.3-1.el8
rpms:imports/c8s/libsoup-2.62.3-2.el8
rpms:imports/c8/libsoup-2.62.3-2.el8
rpms:imports/c8/libsoup-2.62.3-1.el8
...
pull from: rpms:c8-beta
Branches Tags
rpms:c9
rpms:c8
rpms:c8s
rpms:c9s
rpms:c9-beta
rpms:c8-beta
rpms:c10s
rpms:imports/c9/libsoup-2.72.0-12.el9_7.1
rpms:imports/c9/libsoup-2.72.0-10.el9_6.3
rpms:imports/c8/libsoup-2.62.3-10.el8_10
rpms:imports/c8/libsoup-2.62.3-9.el8_10
rpms:imports/c9/libsoup-2.72.0-10.el9_6.2
rpms:imports/c9/libsoup-2.72.0-10.el9_6.1
rpms:imports/c8/libsoup-2.62.3-8.el8_10
rpms:imports/c9-beta/libsoup-2.72.0-10.el9
rpms:imports/c8/libsoup-2.62.3-7.el8_10
rpms:imports/c9/libsoup-2.72.0-8.el9_5.3
rpms:imports/c8/libsoup-2.62.3-6.el8_10
rpms:imports/c9/libsoup-2.72.0-8.el9_5.2
rpms:imports/c8/libsoup-2.62.3-5.el8
rpms:imports/c8/libsoup-2.62.3-4.el8
rpms:imports/c8-beta/libsoup-2.62.3-4.el8
rpms:imports/c8/libsoup-2.62.3-3.el8
rpms:imports/c8-beta/libsoup-2.62.3-3.el8
rpms:imports/c8s/libsoup-2.62.3-3.el8
rpms:imports/c9/libsoup-2.72.0-8.el9
rpms:imports/c9-beta/libsoup-2.72.0-8.el9
rpms:imports/c8-beta/libsoup-2.62.3-2.el8
rpms:imports/c8-beta/libsoup-2.62.3-1.el8
rpms:imports/c8s/libsoup-2.62.3-2.el8
rpms:imports/c8/libsoup-2.62.3-2.el8
rpms:imports/c8/libsoup-2.62.3-1.el8

No commits in common. "c8" and "c8-beta" have entirely different histories.
c8 ... c8-beta

19 changed files with 1 additions and 1931 deletions
Show Stats Expand all files Collapse all files

129
SOURCES/CVE-2024-52530.patch
View File

@ -1,129 +0,0 @@
diff -up libsoup-2.62.2/libsoup/soup-headers.c.cve-2024-52530 libsoup-2.62.2/libsoup/soup-headers.c
--- libsoup-2.62.2/libsoup/soup-headers.c.cve-2024-52530 2018-03-23 14:44:54.000000000 +0100
+++ libsoup-2.62.2/libsoup/soup-headers.c 2024-11-12 10:23:16.693272087 +0100
@@ -50,13 +50,14 @@ soup_headers_parse (const char *str, int
* ignorable trailing whitespace.
*/
+ /* No '\0's are allowed */
+ if (memchr (str, '\0', len))
+ return FALSE;
+
/* Skip over the Request-Line / Status-Line */
headers_start = memchr (str, '\n', len);
if (!headers_start)
return FALSE;
- /* No '\0's in the Request-Line / Status-Line */
- if (memchr (str, '\0', headers_start - str))
- return FALSE;
/* We work on a copy of the headers, which we can write '\0's
* into, so that we don't have to individually g_strndup and
@@ -68,14 +69,6 @@ soup_headers_parse (const char *str, int
headers_copy[copy_len] = '\0';
value_end = headers_copy;
- /* There shouldn't be any '\0's in the headers already, but
- * this is the web we're talking about.
- */
- while ((p = memchr (headers_copy, '\0', copy_len))) {
- memmove (p, p + 1, copy_len - (p - headers_copy));
- copy_len--;
- }
-
while (*(value_end + 1)) {
name = value_end + 1;
name_end = strchr (name, ':');
diff -up libsoup-2.62.2/tests/header-parsing.c.cve-2024-52530 libsoup-2.62.2/tests/header-parsing.c
--- libsoup-2.62.2/tests/header-parsing.c.cve-2024-52530 2024-11-12 10:25:26.452447520 +0100
+++ libsoup-2.62.2/tests/header-parsing.c 2024-11-12 10:28:05.738158891 +0100
@@ -358,24 +358,6 @@ static struct RequestTest {
}
},
- { "NUL in header name", "760832",
- "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
- SOUP_STATUS_OK,
- "GET", "/", SOUP_HTTP_1_1,
- { { "Host", "example.com" },
- { NULL }
- }
- },
-
- { "NUL in header value", "760832",
- "GET / HTTP/1.1\r\nHost: example\x00" "com\r\n", 35,
- SOUP_STATUS_OK,
- "GET", "/", SOUP_HTTP_1_1,
- { { "Host", "examplecom" },
- { NULL }
- }
- },
-
/************************/
/*** INVALID REQUESTS ***/
/************************/
@@ -448,6 +430,21 @@ static struct RequestTest {
SOUP_STATUS_EXPECTATION_FAILED,
NULL, NULL, -1,
{ { NULL } }
+ },
+
+ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
+ { "NUL in header name", NULL,
+ "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
+ SOUP_STATUS_BAD_REQUEST,
+ NULL, NULL, -1,
+ { { NULL } }
+ },
+
+ { "NUL in header value", NULL,
+ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+ SOUP_STATUS_BAD_REQUEST,
+ NULL, NULL, -1,
+ { { NULL } }
}
};
static const int num_reqtests = G_N_ELEMENTS (reqtests);
@@ -620,22 +617,6 @@ static struct ResponseTest {
{ NULL } }
},
- { "NUL in header name", "760832",
- "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
- { { "Foo", "bar" },
- { NULL }
- }
- },
-
- { "NUL in header value", "760832",
- "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
- { { "Foo", "bar" },
- { NULL }
- }
- },
-
/********************************/
/*** VALID CONTINUE RESPONSES ***/
/********************************/
@@ -768,6 +749,19 @@ static struct ResponseTest {
{ { NULL }
}
},
+
+ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
+ { "NUL in header name", NULL,
+ "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
+ -1, 0, NULL,
+ { { NULL } }
+ },
+
+ { "NUL in header value", "760832",
+ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+ -1, 0, NULL,
+ { { NULL } }
+ },
};
static const int num_resptests = G_N_ELEMENTS (resptests);

121
SOURCES/CVE-2024-52531.patch
View File

@ -1,121 +0,0 @@
From bbeb7d59f98d0073291ca4a7ee9ce1a946842734 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Tue, 27 Aug 2024 13:53:26 -0500
Subject: [PATCH] headers: Be more robust against invalid input when parsing
params
If you pass invalid input to a function such as soup_header_parse_param_list_strict()
it can cause an overflow if it decodes the input to UTF-8.
This should never happen with valid UTF-8 input which libsoup's client API
ensures, however it's server API does not currently.
---
libsoup/soup-headers.c | 46 +++++++++++++++++++++---------------------
1 file changed, 23 insertions(+), 23 deletions(-)
diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
index 271d2a63..8657483f 100644
--- a/libsoup/soup-headers.c
+++ b/libsoup/soup-headers.c
@@ -650,8 +650,9 @@ soup_header_contains (const char *header, const char *token)
}
static void
-decode_quoted_string (char *quoted_string)
+decode_quoted_string_inplace (GString *quoted_gstring)
{
+ char *quoted_string = quoted_gstring->str;
char *src, *dst;
src = quoted_string + 1;
@@ -665,10 +666,11 @@ decode_quoted_string (char *quoted_string)
}
static gboolean
-decode_rfc5987 (char *encoded_string)
+decode_rfc5987_inplace (GString *encoded_gstring)
{
char *q, *decoded;
gboolean iso_8859_1 = FALSE;
+ const char *encoded_string = encoded_gstring->str;
q = strchr (encoded_string, '\'');
if (!q)
@@ -697,14 +699,7 @@ decode_rfc5987 (char *encoded_string)
decoded = utf8;
}
- /* If encoded_string was UTF-8, then each 3-character %-escape
- * will be converted to a single byte, and so decoded is
- * shorter than encoded_string. If encoded_string was
- * iso-8859-1, then each 3-character %-escape will be
- * converted into at most 2 bytes in UTF-8, and so it's still
- * shorter.
- */
- strcpy (encoded_string, decoded);
+ g_string_assign (encoded_gstring, decoded);
g_free (decoded);
return TRUE;
}
@@ -714,15 +709,17 @@ parse_param_list (const char *header, char delim)
{
GHashTable *params;
GSList *list, *iter;
- char *item, *eq, *name_end, *value;
- gboolean override;
params = g_hash_table_new_full (soup_str_case_hash,
soup_str_case_equal,
- g_free, NULL);
+ g_free, g_free);
list = parse_list (header, delim);
for (iter = list; iter; iter = iter->next) {
+ char *item, *eq, *name_end;
+ gboolean override, duplicated;
+ GString *parsed_value = NULL;
+
item = iter->data;
override = FALSE;
@@ -737,24 +734,27 @@ parse_param_list (const char *header, char delim)
*name_end = '\0';
- value = (char *)skip_lws (eq + 1);
+ parsed_value = g_string_new ((char *)skip_lws (eq + 1));
if (name_end[-1] == '*' && name_end > item + 1) {
name_end[-1] = '\0';
- if (!decode_rfc5987 (value)) {
+ if (!decode_rfc5987_inplace (parsed_value)) {
+ g_string_free (parsed_value, TRUE);
g_free (item);
continue;
}
override = TRUE;
- } else if (*value == '"')
- decode_quoted_string (value);
- } else
- value = NULL;
-
- if (override || !g_hash_table_lookup (params, item))
- g_hash_table_replace (params, item, value);
- else
+ } else if (parsed_value->str[0] == '"')
+ decode_quoted_string_inplace (parsed_value);
+ }
+
+ if (override || !g_hash_table_lookup (params, item)) {
+ g_hash_table_replace (params, item, parsed_value ? g_string_free (parsed_value, FALSE) : NULL);
+ } else {
+ if (parsed_value)
+ g_string_free (parsed_value, TRUE);
g_free (item);
+ }
}
g_slist_free (list);
--
2.48.1

15
SOURCES/CVE-2024-52532.patch
View File

@ -1,15 +0,0 @@
diff -up libsoup-2.62.3/libsoup/soup-websocket-connection.c.cve-2024-52532 libsoup-2.62.3/libsoup/soup-websocket-connection.c
--- libsoup-2.62.3/libsoup/soup-websocket-connection.c.cve-2024-52532 2024-11-12 12:00:27.183570627 +0100
+++ libsoup-2.62.3/libsoup/soup-websocket-connection.c 2024-11-12 12:01:02.334987409 +0100
@@ -1041,9 +1041,9 @@ soup_websocket_connection_read (SoupWebs
}
pv->incoming->len = len + count;
- } while (count > 0);
+ process_incoming (self);
+ } while (count > 0 && !pv->close_sent && !pv->io_closing);
- process_incoming (self);
if (end) {
if (!pv->close_sent || !pv->close_received) {

48
SOURCES/CVE-2025-2784.patch
View File

@ -1,48 +0,0 @@
From b7213fc6c639b5ca6c91e215aee18cea36d9dc95 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Tue, 18 Feb 2025 14:29:50 -0600
Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space()
---
libsoup/soup-content-sniffer.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
index 698d05e4..3fb29adf 100644
--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -612,8 +612,11 @@ sniff_text_or_binary (SoupContentSniffer *sniffer, SoupBuffer *buffer)
}
static gboolean
-skip_insignificant_space (const char *resource, int *pos, int resource_length)
+skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length)
{
+ if (*pos >= resource_length)
+ return TRUE;
+
while ((resource[*pos] == '\x09') ||
(resource[*pos] == '\x20') ||
(resource[*pos] == '\x0A') ||
@@ -632,7 +635,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
{
const char *resource = (const char *)buffer->data;
int resource_length = MIN (512, buffer->length);
- int pos = 0;
+ gsize pos = 0;
if (resource_length < 3)
goto text_html;
@@ -642,9 +645,6 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
pos = 3;
look_for_tag:
- if (pos > resource_length)
- goto text_html;
-
if (skip_insignificant_space (resource, &pos, resource_length))
goto text_html;
--
2.49.0

30
SOURCES/CVE-2025-32049.patch
View File

@ -1,30 +0,0 @@
From 6ec7c5be50b48d6ce0a09aa3468f2c5725406a97 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Wed, 21 May 2025 10:42:51 -0500
Subject: [PATCH] Add size limit for total message size
This size limit could break applications, but it will close the denial
of service issue.
---
libsoup/soup-websocket-connection.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
index 36524d04..f8764aff 100644
--- a/libsoup/soup-websocket-connection.c
+++ b/libsoup/soup-websocket-connection.c
@@ -913,6 +913,11 @@ process_contents (SoupWebsocketConnection *self,
switch (pv->message_opcode) {
case 0x01:
case 0x02:
+ /* Safety valve */
+ if (pv->message_data->len + payload_len > pv->max_incoming_payload_size) {
+ too_big_error_and_close (self, (pv->message_data->len + payload_len));
+ return;
+ }
g_byte_array_append (pv->message_data, payload, payload_len);
break;
default:
--
2.49.0

25
SOURCES/CVE-2025-32050.patch
View File

@ -1,25 +0,0 @@
From 9bb0a55de55c6940ced811a64fbca82fe93a9323 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Mon, 28 Oct 2024 12:29:48 -0500
Subject: [PATCH] Fix using int instead of size_t for strcspn return
---
libsoup/soup-headers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
index 613e1905..a5f7a7f6 100644
--- a/libsoup/soup-headers.c
+++ b/libsoup/soup-headers.c
@@ -907,7 +907,7 @@ append_param_quoted (GString *string,
const char *name,
const char *value)
{
- int len;
+ gsize len;
g_string_append (string, name);
g_string_append (string, "=\"");
--
GitLab

26
SOURCES/CVE-2025-32052.patch
View File

@ -1,26 +0,0 @@
From 1542173d11df64e39e71367f10596e8160481290 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Sat, 16 Nov 2024 12:07:30 -0600
Subject: [PATCH] Fix heap buffer overflow in soup_content_sniffer_sniff
Co-Author: Ar Jun <pkillarjun@protonmail.com>
---
libsoup/soup-content-sniffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
index 967ec614..26c65bbd 100644
--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -504,7 +504,7 @@ sniff_unknown (SoupContentSniffer *sniffer, SoupBuffer *buffer,
guint index_pattern = 0;
gboolean skip_row = FALSE;
- while ((index_stream < resource_length) &&
+ while ((index_stream < resource_length - 1) &&
(index_pattern <= type_row->pattern_length)) {
/* Skip insignificant white space ("WS" in the spec) */
if (type_row->pattern[index_pattern] == ' ') {
--
2.49.0

35
SOURCES/CVE-2025-32053.patch
View File

@ -1,35 +0,0 @@
From 8e1793e2ddd8c2648b9a28f06bf21fd13bd12b39 Mon Sep 17 00:00:00 2001
From: Ar Jun <pkillarjun@protonmail.com>
Date: Mon, 18 Nov 2024 14:59:51 -0600
Subject: [PATCH] Fix heap buffer overflow in
soup-content-sniffer.c:sniff_feed_or_html()
---
libsoup/soup-content-sniffer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
index 26c65bbd..698d05e4 100644
--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -620,7 +620,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length)
(resource[*pos] == '\x0D')) {
*pos = *pos + 1;
- if (*pos > resource_length)
+ if (*pos >= resource_length)
return TRUE;
}
@@ -682,7 +682,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
do {
pos++;
- if (pos > resource_length)
+ if ((pos + 1) > resource_length)
goto text_html;
} while (resource[pos] != '>');
--
2.49.0

65
SOURCES/CVE-2025-32906.patch
View File

@ -1,65 +0,0 @@
From 1f509f31b6f8420a3661c3f990424ab7b9164931 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Tue, 11 Feb 2025 14:36:26 -0600
Subject: [PATCH 1/2] headers: Handle parsing edge case
This version number is specifically crafted to pass sanity checks allowing it to go one byte out of bounds.
---
libsoup/soup-headers.c | 2 +-
tests/header-parsing-test.c | 12 ++++++++++++
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
index 85385cea..9d6d00a3 100644
--- a/libsoup/soup-headers.c
+++ b/libsoup/soup-headers.c
@@ -225,7 +225,7 @@ soup_headers_parse_request (const char *str,
!g_ascii_isdigit (version[5]))
return SOUP_STATUS_BAD_REQUEST;
major_version = strtoul (version + 5, &p, 10);
- if (*p != '.' || !g_ascii_isdigit (p[1]))
+ if (p + 1 >= str + len || *p != '.' || !g_ascii_isdigit (p[1]))
return SOUP_STATUS_BAD_REQUEST;
minor_version = strtoul (p + 1, &p, 10);
version_end = p;
--
GitLab
From af5b9a4a3945c52b940d5ac181ef51bb12011f1f Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Wed, 12 Feb 2025 11:30:02 -0600
Subject: [PATCH 2/2] headers: Handle parsing only newlines
Closes #404
Closes #407
---
libsoup/soup-headers.c | 4 ++--
tests/header-parsing-test.c | 13 ++++++++++++-
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
index 9d6d00a3..52ef2ece 100644
--- a/libsoup/soup-headers.c
+++ b/libsoup/soup-headers.c
@@ -186,7 +186,7 @@ soup_headers_parse_request (const char *str,
/* RFC 2616 4.1 "servers SHOULD ignore any empty line(s)
* received where a Request-Line is expected."
*/
- while ((*str == '\r' || *str == '\n') && len > 0) {
+ while (len > 0 && (*str == '\r' || *str == '\n')) {
str++;
len--;
}
@@ -371,7 +371,7 @@ soup_headers_parse_response (const char *str,
* after a response, which we then see prepended to the next
* response on that connection.
*/
- while ((*str == '\r' || *str == '\n') && len > 0) {
+ while (len > 0 && (*str == '\r' || *str == '\n')) {
str++;
len--;
}
--
GitLab

67
SOURCES/CVE-2025-32911-CVE-2025-32913.patch
View File

@ -1,67 +0,0 @@
From f2d316341c00a343d0b46edd590efa8c102521c3 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Fri, 27 Dec 2024 17:53:50 -0600
Subject: [PATCH 1/2] soup_message_headers_get_content_disposition: Fix NULL
deref
---
libsoup/soup-message-headers.c | 13 +++++++++----
tests/header-parsing-test.c | 13 +++++++++++++
2 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
index 5c8c7cb9..ccf31233 100644
--- a/libsoup/soup-message-headers.c
+++ b/libsoup/soup-message-headers.c
@@ -1443,10 +1443,15 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders *hdrs,
*/
if (params && g_hash_table_lookup_extended (*params, "filename",
&orig_key, &orig_value)) {
- char *filename = strrchr (orig_value, '/');
-
- if (filename)
- g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
+ if (orig_value) {
+ char *filename = strrchr (orig_value, '/');
+
+ if (filename)
+ g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
+ } else {
+ /* filename with no value isn't valid. */
+ g_hash_table_remove (*params, "filename");
+ }
}
return TRUE;
}
--
2.49.0
From dd3a245941f117832dd1fdda4f8bc68b44e2810d Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Fri, 27 Dec 2024 18:00:39 -0600
Subject: [PATCH 2/2] soup_message_headers_get_content_disposition: strdup
truncated filenames
This table frees the strings it contains.
---
libsoup/soup-message-headers.c | 2 +-
tests/header-parsing-test.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
index ccf31233..64847e30 100644
--- a/libsoup/soup-message-headers.c
+++ b/libsoup/soup-message-headers.c
@@ -1447,7 +1447,7 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders *hdrs,
char *filename = strrchr (orig_value, '/');
if (filename)
- g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
+ g_hash_table_insert (*params, g_strdup (orig_key), g_strdup (filename + 1));
} else {
/* filename with no value isn't valid. */
g_hash_table_remove (*params, "filename");
--
2.49.0

30
SOURCES/CVE-2025-32914.patch
View File

@ -1,30 +0,0 @@
From 51c25f470f85b485818c253718594a4d59b39931 Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Tue, 15 Apr 2025 09:03:00 +0200
Subject: [PATCH] multipart: Fix read out of buffer bounds under
soup_multipart_new_from_message()
This is CVE-2025-32914, special crafted input can cause read out of buffer bounds
of the body argument.
Closes #436
---
libsoup/soup-multipart.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
index a7e550f1..dd939739 100644
--- a/libsoup/soup-multipart.c
+++ b/libsoup/soup-multipart.c
@@ -181,7 +181,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
return NULL;
}
- split = strstr (start, "\r\n\r\n");
+ split = g_strstr_len (start, body_end - start, "\r\n\r\n");
if (!split || split > end) {
soup_multipart_free (multipart);
soup_buffer_free (flattened);
--
2.49.0

56
SOURCES/CVE-2025-46420.patch
View File

@ -1,56 +0,0 @@
From 355d7979ac27c6a83684e079d5bc6cf148e7bc16 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Thu, 26 Dec 2024 18:31:42 -0600
Subject: [PATCH] soup_header_parse_quality_list: Fix leak
When iterating over the parsed list we now steal the allocated strings that we want and then free_full the list which may contain remaining strings.
---
libsoup/soup-headers.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
index eec28adf..3e922816 100644
--- a/libsoup/soup-headers.c
+++ b/libsoup/soup-headers.c
@@ -535,7 +535,7 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
GSList *unsorted;
QualityItem *array;
GSList *sorted, *iter;
- char *item, *semi;
+ char *semi;
const char *param, *equal, *value;
double qval;
int n;
@@ -548,9 +548,8 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
unsorted = soup_header_parse_list (header);
array = g_new0 (QualityItem, g_slist_length (unsorted));
for (iter = unsorted, n = 0; iter; iter = iter->next) {
- item = iter->data;
qval = 1.0;
- for (semi = strchr (item, ';'); semi; semi = strchr (semi + 1, ';')) {
+ for (semi = strchr (iter->data, ';'); semi; semi = strchr (semi + 1, ';')) {
param = skip_lws (semi + 1);
if (*param != 'q')
continue;
@@ -582,15 +581,15 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
if (qval == 0.0) {
if (unacceptable) {
*unacceptable = g_slist_prepend (*unacceptable,
- item);
+ g_steal_pointer (&iter->data));
}
} else {
- array[n].item = item;
+ array[n].item = g_steal_pointer (&iter->data);
array[n].qval = qval;
n++;
}
}
- g_slist_free (unsorted);
+ g_slist_free_full (unsorted, g_free);
qsort (array, n, sizeof (QualityItem), sort_by_qval);
sorted = NULL;
--
2.49.0

32
SOURCES/CVE-2025-46421.patch
View File

@ -1,32 +0,0 @@
From 4329a7e88c72079ae3eedbb1558b929851507464 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Wed, 5 Feb 2025 16:18:10 -0600
Subject: [PATCH] session: Strip authentication credentails on cross-origin
redirect
This should match the behavior of Firefox and Safari but not of Chromium.
---
libsoup/soup-session.c | 6 ++++
tests/auth-test.c | 77 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 83 insertions(+)
diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c
index dd3cdc46..82ca8bf9 100644
--- a/libsoup/soup-session.c
+++ b/libsoup/soup-session.c
@@ -1187,6 +1187,12 @@ soup_session_redirect_message (SoupSession *session, SoupMessage *msg)
SOUP_ENCODING_NONE);
}
+ /* Strip all credentials on cross-origin redirect. */
+ if (!soup_uri_host_equal (soup_message_get_uri (msg), new_uri)) {
+ soup_message_headers_remove (msg->request_headers, "Authorization");
+ soup_message_set_auth (msg, NULL);
+ }
+
soup_message_set_uri (msg, new_uri);
soup_uri_free (new_uri);
--
2.49.0

931
SOURCES/CVE-2025-4945-CVE-2025-11021.patch
View File

@ -1,931 +0,0 @@
From 52825c2eb7043698d7a0668cfe6bb5a23da87cf5 Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Thu, 15 May 2025 07:59:14 +0200
Subject: [PATCH 1/2] soup-date-utils: Add value checks for date/time parsing
Reject date/time when it does not represent a valid value.
Closes https://gitlab.gnome.org/GNOME/libsoup/-/issues/448
---
libsoup/soup-date.c | 23 ++-
tests/cookies-test.c | 10 +
tests/date-test.c | 434 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 459 insertions(+), 8 deletions(-)
create mode 100644 tests/date-test.c
diff --git a/libsoup/soup-date.c b/libsoup/soup-date.c
index dabae9d4..8b2beea4 100644
--- a/libsoup/soup-date.c
+++ b/libsoup/soup-date.c
@@ -284,7 +284,7 @@ parse_day (SoupDate *date, const char **date_string)
while (*end == ' ' || *end == '-')
end++;
*date_string = end;
- return TRUE;
+ return date->day >= 1 && date->day <= 31;
}
static inline gboolean
@@ -324,7 +324,7 @@ parse_year (SoupDate *date, const char **date_string)
while (*end == ' ' || *end == '-')
end++;
*date_string = end;
- return TRUE;
+ return date->year > 0 && date->year < 9999;
}
static inline gboolean
@@ -348,7 +348,7 @@ parse_time (SoupDate *date, const char **date_string)
while (*p == ' ')
p++;
*date_string = p;
- return TRUE;
+ return date->hour >= 0 && date->hour < 24 && date->minute >= 0 && date->minute < 60 && date->second >= 0 && date->second < 60;
}
static inline gboolean
@@ -361,9 +361,14 @@ parse_timezone (SoupDate *date, const char **date_string)
gulong val;
int sign = (**date_string == '+') ? -1 : 1;
val = strtoul (*date_string + 1, (char **)date_string, 10);
- if (**date_string == ':')
- val = 60 * val + strtoul (*date_string + 1, (char **)date_string, 10);
- else
+ if (val > 9999)
+ return FALSE;
+ if (**date_string == ':') {
+ gulong val2 = strtoul (*date_string + 1, (char **)date_string, 10);
+ if (val > 99 || val2 > 99)
+ return FALSE;
+ val = 60 * val + val2;
+ } else
val = 60 * (val / 100) + (val % 100);
date->offset = sign * val;
date->utc = (sign == -1) && !val;
@@ -407,7 +412,8 @@ parse_textual_date (SoupDate *date, const char *date_string)
if (!parse_month (date, &date_string) ||
!parse_day (date, &date_string) ||
!parse_time (date, &date_string) ||
- !parse_year (date, &date_string))
+ !parse_year (date, &date_string) ||
+ !g_date_valid_dmy (date->day, date->month, date->year))
return FALSE;
/* There shouldn't be a timezone, but check anyway */
@@ -419,7 +425,8 @@ parse_textual_date (SoupDate *date, const char *date_string)
if (!parse_day (date, &date_string) ||
!parse_month (date, &date_string) ||
!parse_year (date, &date_string) ||
- !parse_time (date, &date_string))
+ !parse_time (date, &date_string) ||
+ !g_date_valid_dmy (date->day, date->month, date->year))
return FALSE;
/* This time there *should* be a timezone, but we
diff --git a/tests/cookies-test.c b/tests/cookies-test.c
index 17b77f29..61adfac5 100644
--- a/tests/cookies-test.c
+++ b/tests/cookies-test.c
@@ -288,6 +288,15 @@ do_cookies_parsing_nopath_nullorigin (void)
soup_cookie_free (cookie);
}
+static void
+do_cookies_parsing_int32_overflow (void)
+{
+ SoupCookie *cookie = soup_cookie_parse ("Age=1;expires=3Mar9 999:9:9+ 999999999-age=main=gne=", NULL);
+ g_assert_nonnull (cookie);
+ g_assert_null (soup_cookie_get_expires (cookie));
+ soup_cookie_free (cookie);
+}
+
int
main (int argc, char **argv)
{
@@ -309,6 +318,7 @@ main (int argc, char **argv)
g_test_add_func ("/cookies/accept-policy-subdomains", do_cookies_subdomain_policy_test);
g_test_add_func ("/cookies/parsing", do_cookies_parsing_test);
g_test_add_func ("/cookies/parsing/no-path-null-origin", do_cookies_parsing_nopath_nullorigin);
+ g_test_add_func ("/cookies/parsing/int32-overflow", do_cookies_parsing_int32_overflow);
ret = g_test_run ();
diff --git a/tests/date-test.c b/tests/date-test.c
new file mode 100644
index 00000000..38f27335
--- /dev/null
+++ b/tests/date-test.c
@@ -0,0 +1,434 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
+/*
+ * Copyright (C) 2005 Novell, Inc.
+ */
+
+#include "test-utils.h"
+
+static void check_ok (gconstpointer data);
+
+static SoupDate *
+make_date (const char *strdate)
+{
+ char *dup;
+ SoupDate *date;
+
+ /* We do it this way so that if soup_date_new_from_string()
+ * reads off the end of the string, it will trigger an error
+ * when valgrinding, rather than just reading the start of the
+ * next const string.
+ */
+ dup = g_strdup (strdate);
+ date = soup_date_new_from_string (dup);
+ g_free (dup);
+ return date;
+}
+
+static SoupDate *
+check_correct_date (const char *strdate)
+{
+ SoupDate *date;
+
+ date = make_date (strdate);
+ if (!date) {
+ g_assert_nonnull (date);
+ return NULL;
+ }
+
+ g_assert_cmpint (date->year, ==, 2004);
+ g_assert_cmpint (date->month, ==, 11);
+ g_assert_cmpint (date->day, ==, 6);
+ g_assert_cmpint (date->hour, ==, 8);
+ g_assert_cmpint (date->minute, ==, 9);
+ g_assert_cmpint (date->second, ==, 7);
+
+ return date;
+}
+
+typedef struct {
+ SoupDateFormat format;
+ const char *date;
+ const char *bugref;
+} GoodDate;
+
+static const GoodDate good_dates[] = {
+ { SOUP_DATE_HTTP, "Sat, 06 Nov 2004 08:09:07 GMT", NULL },
+ { SOUP_DATE_COOKIE, "Sat, 06-Nov-2004 08:09:07 GMT", NULL },
+ { SOUP_DATE_RFC2822, "Sat, 6 Nov 2004 08:09:07 -0430", "579055" },
+ { SOUP_DATE_ISO8601_COMPACT, "20041106T080907", NULL },
+ { SOUP_DATE_ISO8601_FULL, "2004-11-06T08:09:07", NULL },
+ { SOUP_DATE_ISO8601_XMLRPC, "20041106T08:09:07", NULL }
+};
+
+static void
+check_good (gconstpointer data)
+{
+ GoodDate *good = (GoodDate *)data;
+ SoupDate *date;
+ char *strdate2;
+
+ if (good->bugref)
+ g_test_bug (good->bugref);
+
+ date = check_correct_date (good->date);
+ if (!date)
+ return;
+
+ strdate2 = soup_date_to_string (date, good->format);
+ soup_date_free (date);
+
+ soup_test_assert (strcmp (good->date, strdate2) == 0,
+ "restringification failed: '%s' -> '%s'\n",
+ good->date, strdate2);
+ g_free (strdate2);
+}
+
+typedef struct {
+ const char *date;
+ const char *bugref;
+} OkDate;
+
+static const OkDate ok_dates[] = {
+ /* rfc1123-date, and broken variants */
+ { "Sat, 06 Nov 2004 08:09:07 GMT", NULL },
+ { "Sat, 6 Nov 2004 08:09:07 GMT", NULL },
+ { "Sat, 6 Nov 2004 08:09:07 GMT", NULL },
+ { "Sat, 06 Nov 2004 08:09:07", NULL },
+ { "06 Nov 2004 08:09:07 GMT", NULL },
+ { "SAT, 06 NOV 2004 08:09:07 +1000", "644048" },
+ { "Sat, 06-Nov-2004 08:09:07 -10000", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/448" },
+ { "Sat, 06-Nov-2004 08:09:07 +01:30", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/448" },
+ { "Sat, 06-Nov-2004 08:09:07 +0:180", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/448" },
+ { "Sat, 06-Nov-2004 08:09:07 +100:100", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/448" },
+ { "Sat, 06-Nov-2004 08:09:07 Z", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/448" },
+
+ /* rfc850-date, and broken variants */
+ { "Saturday, 06-Nov-04 08:09:07 GMT", NULL },
+ { "Saturday, 6-Nov-04 08:09:07 GMT", NULL },
+ { "Saturday, 6-Nov-04 08:09:07 GMT", NULL },
+ { "Saturday, 06-Nov-104 08:09:07 GMT", NULL },
+ { "Saturday, 06-Nov-2004 08:09:07 GMT", NULL },
+ { "Saturday, 6-Nov-2004 08:09:07 GMT", NULL },
+ { "Saturday, 6-Nov-2004 08:09:07 GMT", NULL },
+ { "Saturday, 06-Nov-04 08:09:07", NULL },
+ { "06-Nov-04 08:09:07 GMT", NULL },
+
+ /* asctime-date, and broken variants */
+ { "Sat Nov 6 08:09:07 2004", NULL },
+ { "Sat Nov 06 08:09:07 2004", NULL },
+ { "Sat Nov 6 08:09:07 2004", NULL },
+ { "Sat Nov 6 08:09:07 2004 GMT", NULL },
+ { "Sat Nov 6 08:09:07 2004 NoZone", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/448" },
+ { "Sat Nov 6 08:09:07 2004 UTC", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/448" },
+
+ /* ISO 8601 */
+ { "2004-11-06T08:09:07Z", NULL },
+ { "20041106T08:09:07Z", NULL },
+ { "20041106T08:09:07+00:00", NULL },
+ { "20041106T080907+00:00", NULL },
+
+ /* Netscape cookie spec date, and broken variants */
+ { "Sat, 06-Nov-2004 08:09:07 GMT", NULL },
+ { "Sat, 6-Nov-2004 08:09:07 GMT", NULL },
+ { "Sat, 6-Nov-2004 08:09:07 GMT", NULL },
+ { "Sat, 06-Nov-2004 08:09:07", NULL },
+
+ /* Original version of Netscape cookie spec, and broken variants */
+ { "Sat, 06-Nov-04 08:09:07 GMT", NULL },
+ { "Sat, 6-Nov-04 08:09:07 GMT", NULL },
+ { "Sat, 6-Nov-04 08:09:07 GMT", NULL },
+ { "Sat, 06-Nov-104 08:09:07 GMT", NULL },
+ { "Sat, 06-Nov-04 08:09:07", NULL },
+
+ /* Miscellaneous broken formats seen on the web */
+ { "Sat 06-Nov-2004 08:9:07", NULL },
+ { "Saturday, 06-Nov-04 8:9:07 GMT", NULL },
+ { "Sat, 06 Nov 2004 08:09:7 GMT", NULL }
+};
+
+static void
+check_ok (gconstpointer data)
+{
+ OkDate *ok = (OkDate *)data;
+ SoupDate *date;
+
+ if (ok->bugref)
+ g_test_bug (ok->bugref);
+
+ date = check_correct_date (ok->date);
+ if (!date)
+ return;
+ soup_date_free (date);
+}
+
+#define TIME_T 1099728547L
+#define TIME_T_STRING "1099728547"
+
+static void
+check_ok_time_t (void)
+{
+ SoupDate *date;
+
+ date = soup_date_new_from_time_t (TIME_T);
+
+ g_assert_cmpint (date->year, ==, 2004);
+ g_assert_cmpint (date->month, ==, 11);
+ g_assert_cmpint (date->day, ==, 6);
+ g_assert_cmpint (date->hour, ==, 8);
+ g_assert_cmpint (date->minute, ==, 9);
+ g_assert_cmpint (date->second, ==, 7);
+
+ g_assert_cmpuint (TIME_T, ==, soup_date_to_time_t (date));
+
+ soup_date_free (date);
+}
+
+typedef struct {
+ const char *date;
+ const char *bugref;
+} BadDate;
+
+static const BadDate bad_dates[] = {
+ /* broken rfc1123-date */
+ { ", 06 Nov 2004 08:09:07 GMT", NULL },
+ { "Sat, Nov 2004 08:09:07 GMT", NULL },
+ { "Sat, 06 2004 08:09:07 GMT", NULL },
+ { "Sat, 06 Nov 08:09:07 GMT", NULL },
+ { "Sat, 06 Nov 2004 :09:07 GMT", NULL },
+ { "Sat, 06 Nov 2004 09:07 GMT", NULL },
+ { "Sat, 06 Nov 2004 08::07 GMT", NULL },
+ { "Sat, 06 Nov 2004 08:09: GMT", NULL },
+
+ /* broken rfc850-date */
+ { ", 06-Nov-04 08:09:07 GMT", NULL },
+ { "Saturday, -Nov-04 08:09:07 GMT", NULL },
+ { "Saturday, Nov-04 08:09:07 GMT", NULL },
+ { "Saturday, 06-04 08:09:07 GMT", NULL },
+ { "Saturday, 06--04 08:09:07 GMT", NULL },
+ { "Saturday, 06-Nov- 08:09:07 GMT", NULL },
+ { "Saturday, 06-Nov 08:09:07 GMT", NULL },
+ { "Saturday, 06-Nov-04 :09:07 GMT", NULL },
+ { "Saturday, 06-Nov-04 09:07 GMT", NULL },
+ { "Saturday, 06-Nov-04 08::07 GMT", NULL },
+ { "Saturday, 06-Nov-04 08:09: GMT", NULL },
+
+ /* broken asctime-date */
+ { "Nov 6 08:09:07 2004", NULL },
+ { "Sat 6 08:09:07 2004", NULL },
+ { "Sat Nov 08:09:07 2004", NULL },
+ { "Sat Nov 6 :09:07 2004", NULL },
+ { "Sat Nov 6 09:07 2004", NULL },
+ { "Sat Nov 6 08::07 2004", NULL },
+ { "Sat Nov 6 08:09: 2004", NULL },
+ { "Sat Nov 6 08:09:07", NULL },
+ { "Sat Nov 6 08:09:07 GMT 2004", NULL },
+
+ /* range constraints added "https://gitlab.gnome.org/GNOME/libsoup/-/issues/448" */
+ { "Sat, 00-Nov-2004 08:09:07 GMT", NULL },
+ { "Sat, 32-Nov-2004 08:09:07 GMT", NULL },
+ { "Sat, 06-Nov-0 08:09:07 GMT", NULL },
+ { "Sat, 06-Nov-9999 08:09:07 GMT", NULL },
+ { "Sat, 06-Nov-2004 0-1:09:07 GMT", NULL },
+ { "(Sat), Nov 6 -1:09:07 2004", NULL },
+ { "Sat, 06-Nov-2004 24:09:07 GMT", NULL },
+ { "Sat, 06-Nov-2004 08:-1:07 GMT", NULL },
+ { "Sat, 06-Nov-2004 08:60:07 GMT", NULL },
+ { "Sat, 06-Nov-2004 08:09:-10 GMT", NULL },
+ { "Sat, 06-Nov-2004 08:09:60 GMT", NULL },
+ { "Sat, 06-Nov-71 08:09:99 UTC", NULL },
+ { "Sat, 31-Feb-2004 08:09:07 UTC", NULL },
+};
+
+static void
+check_bad (gconstpointer data)
+{
+ BadDate *bad = (BadDate *)data;
+ SoupDate *date;
+
+ if (bad->bugref)
+ g_test_bug (bad->bugref);
+
+ date = make_date (bad->date);
+ soup_test_assert (date == NULL,
+ "date parsing succeeded for '%s': %d %d %d - %d %d %d",
+ bad->date,
+ date->year, date->month, date->day,
+ date->hour, date->minute, date->second);
+ g_clear_pointer (&date, soup_date_free);
+}
+
+typedef struct {
+ const char *source;
+ const char *http, *cookie, *rfc2822, *compact, *full, *xmlrpc;
+} DateConversion;
+
+static const DateConversion conversions[] = {
+ /* SOUP_DATE_HTTP */
+ { "Sat, 06 Nov 2004 08:09:07 GMT",
+
+ "Sat, 06 Nov 2004 08:09:07 GMT",
+ "Sat, 06-Nov-2004 08:09:07 GMT",
+ "Sat, 6 Nov 2004 08:09:07 +0000",
+ "20041106T080907Z",
+ "2004-11-06T08:09:07Z",
+ "20041106T08:09:07" },
+
+ /* RFC2822 GMT */
+ { "Sat, 6 Nov 2004 08:09:07 +0000",
+
+ "Sat, 06 Nov 2004 08:09:07 GMT",
+ "Sat, 06-Nov-2004 08:09:07 GMT",
+ "Sat, 6 Nov 2004 08:09:07 +0000",
+ "20041106T080907Z",
+ "2004-11-06T08:09:07Z",
+ "20041106T08:09:07" },
+
+ /* RFC2822 with positive offset */
+ { "Sat, 6 Nov 2004 08:09:07 +0430",
+
+ "Sat, 06 Nov 2004 04:39:07 GMT",
+ "Sat, 06-Nov-2004 04:39:07 GMT",
+ "Sat, 6 Nov 2004 08:09:07 +0430",
+ "20041106T080907+0430",
+ "2004-11-06T08:09:07+04:30",
+ "20041106T08:09:07" },
+
+ /* RFC2822 with negative offset */
+ { "Sat, 6 Nov 2004 08:09:07 -0430",
+
+ "Sat, 06 Nov 2004 12:39:07 GMT",
+ "Sat, 06-Nov-2004 12:39:07 GMT",
+ "Sat, 6 Nov 2004 08:09:07 -0430",
+ "20041106T080907-0430",
+ "2004-11-06T08:09:07-04:30",
+ "20041106T08:09:07" },
+
+ /* RFC2822 floating */
+ { "Sat, 6 Nov 2004 08:09:07 -0000",
+
+ "Sat, 06 Nov 2004 08:09:07 GMT",
+ "Sat, 06-Nov-2004 08:09:07 GMT",
+ "Sat, 6 Nov 2004 08:09:07 -0000",
+ "20041106T080907",
+ "2004-11-06T08:09:07",
+ "20041106T08:09:07" },
+
+ /* ISO GMT */
+ { "2004-11-06T08:09:07Z",
+
+ "Sat, 06 Nov 2004 08:09:07 GMT",
+ "Sat, 06-Nov-2004 08:09:07 GMT",
+ "Sat, 6 Nov 2004 08:09:07 +0000",
+ "20041106T080907Z",
+ "2004-11-06T08:09:07Z",
+ "20041106T08:09:07" },
+
+ /* ISO with positive offset */
+ { "2004-11-06T08:09:07+04:30",
+
+ "Sat, 06 Nov 2004 04:39:07 GMT",
+ "Sat, 06-Nov-2004 04:39:07 GMT",
+ "Sat, 6 Nov 2004 08:09:07 +0430",
+ "20041106T080907+0430",
+ "2004-11-06T08:09:07+04:30",
+ "20041106T08:09:07" },
+
+ /* ISO with negative offset */
+ { "2004-11-06T08:09:07-04:30",
+
+ "Sat, 06 Nov 2004 12:39:07 GMT",
+ "Sat, 06-Nov-2004 12:39:07 GMT",
+ "Sat, 6 Nov 2004 08:09:07 -0430",
+ "20041106T080907-0430",
+ "2004-11-06T08:09:07-04:30",
+ "20041106T08:09:07" },
+
+ /* ISO floating */
+ { "2004-11-06T08:09:07",
+
+ "Sat, 06 Nov 2004 08:09:07 GMT",
+ "Sat, 06-Nov-2004 08:09:07 GMT",
+ "Sat, 6 Nov 2004 08:09:07 -0000",
+ "20041106T080907",
+ "2004-11-06T08:09:07",
+ "20041106T08:09:07" }
+};
+
+static void
+check_conversion (gconstpointer data)
+{
+ const DateConversion *conv = data;
+ SoupDate *date;
+ char *str;
+
+ date = make_date (conv->source);
+ if (!date) {
+ soup_test_assert (FALSE, "date parsing failed for '%s'.", conv->source);
+ return;
+ }
+
+ str = soup_date_to_string (date, SOUP_DATE_HTTP);
+ g_assert_cmpstr (str, ==, conv->http);
+ g_free (str);
+
+ str = soup_date_to_string (date, SOUP_DATE_COOKIE);
+ g_assert_cmpstr (str, ==, conv->cookie);
+ g_free (str);
+
+ str = soup_date_to_string (date, SOUP_DATE_RFC2822);
+ g_assert_cmpstr (str, ==, conv->rfc2822);
+ g_free (str);
+
+ str = soup_date_to_string (date, SOUP_DATE_ISO8601_COMPACT);
+ g_assert_cmpstr (str, ==, conv->compact);
+ g_free (str);
+
+ str = soup_date_to_string (date, SOUP_DATE_ISO8601_FULL);
+ g_assert_cmpstr (str, ==, conv->full);
+ g_free (str);
+
+ str = soup_date_to_string (date, SOUP_DATE_ISO8601_XMLRPC);
+ g_assert_cmpstr (str, ==, conv->xmlrpc);
+ g_free (str);
+
+ soup_date_free (date);
+}
+
+int
+main (int argc, char **argv)
+{
+ int i, ret;
+ char *path;
+
+ test_init (argc, argv, NULL);
+
+ for (i = 0; i < G_N_ELEMENTS (good_dates); i++) {
+ path = g_strdup_printf ("/date/good/%s", good_dates[i].date);
+ g_test_add_data_func (path, &good_dates[i], check_good);
+ g_free (path);
+ }
+
+ for (i = 0; i < G_N_ELEMENTS (ok_dates); i++) {
+ path = g_strdup_printf ("/date/ok/%s", ok_dates[i].date);
+ g_test_add_data_func (path, &ok_dates[i], check_ok);
+ g_free (path);
+ }
+ g_test_add_func ("/date/ok/" TIME_T_STRING, check_ok_time_t);
+
+ for (i = 0; i < G_N_ELEMENTS (bad_dates); i++) {
+ path = g_strdup_printf ("/date/bad/%s", bad_dates[i].date);
+ g_test_add_data_func (path, &bad_dates[i], check_bad);
+ g_free (path);
+ }
+
+ for (i = 0; i < G_N_ELEMENTS (conversions); i++) {
+ path = g_strdup_printf ("/date/conversions/%s", conversions[i].source);
+ g_test_add_data_func (path, &conversions[i], check_conversion);
+ g_free (path);
+ }
+
+ ret = g_test_run ();
+
+ test_cleanup ();
+ return ret;
+}
--
2.51.0
From 724efae52bcf2c0b8a247f736103285ad68d1b15 Mon Sep 17 00:00:00 2001
From: Brian Yurko <155515-byurko@users.noreply.gitlab.gnome.org>
Date: Wed, 11 Jun 2025 11:00:56 -0400
Subject: [PATCH 2/2] tests: Add tests for date-time including timezone
validation work
These tests are built on top of earlier work in a related pull request.
Closes #448
---
libsoup/soup-date-utils.c | 339 ++++++++++++++++++++++++++++++++++++++
tests/cookies-test.c | 1 +
2 files changed, 340 insertions(+)
create mode 100644 libsoup/soup-date-utils.c
diff --git a/libsoup/soup-date-utils.c b/libsoup/soup-date-utils.c
new file mode 100644
index 00000000..73f80ab6
--- /dev/null
+++ b/libsoup/soup-date-utils.c
@@ -0,0 +1,339 @@
+/*
+ * Copyright (C) 2020 Igalia, S.L.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdlib.h>
+
+#include "soup-date-utils.h"
+#include "soup-date-utils-private.h"
+
+/**
+ * soup_date_time_is_past:
+ * @date: a #GDateTime
+ *
+ * Determines if @date is in the past.
+ *
+ * Returns: %TRUE if @date is in the past
+ */
+gboolean
+soup_date_time_is_past (GDateTime *date)
+{
+ g_return_val_if_fail (date != NULL, TRUE);
+
+ /* optimization */
+ if (g_date_time_get_year (date) < 2025)
+ return TRUE;
+
+ return g_date_time_to_unix (date) < time (NULL);
+}
+
+/**
+ * SoupDateFormat:
+ * @SOUP_DATE_HTTP: RFC 1123 format, used by the HTTP "Date" header. Eg
+ * "Sun, 06 Nov 1994 08:49:37 GMT".
+ * @SOUP_DATE_COOKIE: The format for the "Expires" timestamp in the
+ * Netscape cookie specification. Eg, "Sun, 06-Nov-1994 08:49:37 GMT".
+ *
+ * Date formats that [func@date_time_to_string] can use.
+ *
+ * @SOUP_DATE_HTTP and @SOUP_DATE_COOKIE always coerce the time to
+ * UTC.
+ *
+ * This enum may be extended with more values in future releases.
+ **/
+
+/* Do not internationalize */
+static const char *const months[] = {
+ "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+};
+
+/* Do not internationalize */
+static const char *const days[] = {
+ "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"
+};
+
+/**
+ * soup_date_time_to_string:
+ * @date: a #GDateTime
+ * @format: the format to generate the date in
+ *
+ * Converts @date to a string in the format described by @format.
+ *
+ * Returns: (transfer full): @date as a string or %NULL
+ **/
+char *
+soup_date_time_to_string (GDateTime *date,
+ SoupDateFormat format)
+{
+ g_return_val_if_fail (date != NULL, NULL);
+
+ if (format == SOUP_DATE_HTTP || format == SOUP_DATE_COOKIE) {
+ /* HTTP and COOKIE formats require UTC timestamp, so coerce
+ * @date if it's non-UTC.
+ */
+ GDateTime *utcdate = g_date_time_to_utc (date);
+ char *date_format;
+ char *formatted_date;
+
+ // We insert days/months ourselves to avoid locale specific formatting
+ if (format == SOUP_DATE_HTTP) {
+ /* "Sun, 06 Nov 1994 08:49:37 GMT" */
+ date_format = g_strdup_printf ("%s, %%d %s %%Y %%T GMT",
+ days[g_date_time_get_day_of_week (utcdate) - 1],
+ months[g_date_time_get_month (utcdate) - 1]);
+ } else {
+ /* "Sun, 06-Nov-1994 08:49:37 GMT" */
+ date_format = g_strdup_printf ("%s, %%d-%s-%%Y %%T GMT",
+ days[g_date_time_get_day_of_week (utcdate) - 1],
+ months[g_date_time_get_month (utcdate) - 1]);
+ }
+
+ formatted_date = g_date_time_format (utcdate, (const char*)date_format);
+ g_date_time_unref (utcdate);
+ g_free (date_format);
+ return formatted_date;
+ }
+
+ g_return_val_if_reached (NULL);
+}
+
+static inline gboolean
+parse_day (int *day, const char **date_string)
+{
+ char *end;
+
+ *day = strtoul (*date_string, &end, 10);
+ if (end == (char *)*date_string)
+ return FALSE;
+
+ while (*end == ' ' || *end == '-')
+ end++;
+ *date_string = end;
+ return *day >= 1 && *day <= 31;
+}
+
+static inline gboolean
+parse_month (int *month, const char **date_string)
+{
+ int i;
+
+ for (i = 0; i < G_N_ELEMENTS (months); i++) {
+ if (!g_ascii_strncasecmp (*date_string, months[i], 3)) {
+ *month = i + 1;
+ *date_string += 3;
+ while (**date_string == ' ' || **date_string == '-')
+ (*date_string)++;
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+static inline gboolean
+parse_year (int *year, const char **date_string)
+{
+ char *end;
+
+ *year = strtoul (*date_string, &end, 10);
+ if (end == (char *)*date_string)
+ return FALSE;
+
+ if (end == (char *)*date_string + 2) {
+ if (*year < 70)
+ *year += 2000;
+ else
+ *year += 1900;
+ } else if (end == (char *)*date_string + 3)
+ *year += 1900;
+
+ while (*end == ' ' || *end == '-')
+ end++;
+ *date_string = end;
+ return *year > 0 && *year < 9999;
+}
+
+static inline gboolean
+parse_time (int *hour, int *minute, int *second, const char **date_string)
+{
+ char *p, *end;
+
+ *hour = strtoul (*date_string, &end, 10);
+ if (end == (char *)*date_string || *end++ != ':')
+ return FALSE;
+ p = end;
+ *minute = strtoul (p, &end, 10);
+ if (end == p || *end++ != ':')
+ return FALSE;
+ p = end;
+ *second = strtoul (p, &end, 10);
+ if (end == p)
+ return FALSE;
+ p = end;
+
+ while (*p == ' ')
+ p++;
+ *date_string = p;
+ return *hour >= 0 && *hour < 24 && *minute >= 0 && *minute < 60 && *second >= 0 && *second < 60;
+}
+
+static inline gboolean
+parse_timezone (GTimeZone **timezone, const char **date_string)
+{
+ gint32 offset_minutes;
+ gboolean utc;
+
+ if (!**date_string) {
+ utc = FALSE;
+ offset_minutes = 0;
+ } else if (**date_string == '+' || **date_string == '-') {
+ gulong val;
+ int sign = (**date_string == '+') ? 1 : -1;
+ val = strtoul (*date_string + 1, (char **)date_string, 10);
+ if (val > 9999)
+ return FALSE;
+ if (**date_string == ':') {
+ gulong val2 = strtoul (*date_string + 1, (char **)date_string, 10);
+ if (val > 99 || val2 > 99)
+ return FALSE;
+ val = 60 * val + val2;
+ } else
+ val = 60 * (val / 100) + (val % 100);
+ offset_minutes = sign * val;
+ utc = (sign == -1) && !val;
+ } else if (**date_string == 'Z') {
+ offset_minutes = 0;
+ utc = TRUE;
+ (*date_string)++;
+ } else if (!strcmp (*date_string, "GMT") ||
+ !strcmp (*date_string, "UTC")) {
+ offset_minutes = 0;
+ utc = TRUE;
+ (*date_string) += 3;
+ } else if (strchr ("ECMP", **date_string) &&
+ ((*date_string)[1] == 'D' || (*date_string)[1] == 'S') &&
+ (*date_string)[2] == 'T') {
+ offset_minutes = -60 * (5 * strcspn ("ECMP", *date_string));
+ if ((*date_string)[1] == 'D')
+ offset_minutes += 60;
+ utc = FALSE;
+ } else
+ return FALSE;
+
+ if (utc)
+ *timezone = g_time_zone_new_utc ();
+ else
+ *timezone = g_time_zone_new_offset (offset_minutes * 60);
+ return TRUE;
+}
+
+static GDateTime *
+parse_textual_date (const char *date_string)
+{
+ int month, day, year, hour, minute, second;
+ GTimeZone *tz = NULL;
+ GDateTime *date;
+
+ /* If it starts with a word, it must be a weekday, which we skip */
+ if (g_ascii_isalpha (*date_string)) {
+ while (g_ascii_isalpha (*date_string))
+ date_string++;
+ if (*date_string == ',')
+ date_string++;
+ while (g_ascii_isspace (*date_string))
+ date_string++;
+ }
+
+ /* If there's now another word, this must be an asctime-date */
+ if (g_ascii_isalpha (*date_string)) {
+ /* (Sun) Nov 6 08:49:37 1994 */
+ if (!parse_month (&month, &date_string) ||
+ !parse_day (&day, &date_string) ||
+ !parse_time (&hour, &minute, &second, &date_string) ||
+ !parse_year (&year, &date_string) ||
+ !g_date_valid_dmy (day, month, year))
+ return NULL;
+
+ /* There shouldn't be a timezone, but check anyway */
+ parse_timezone (&tz, &date_string);
+ } else {
+ /* Non-asctime date, so some variation of
+ * (Sun,) 06 Nov 1994 08:49:37 GMT
+ */
+ if (!parse_day (&day, &date_string) ||
+ !parse_month (&month, &date_string) ||
+ !parse_year (&year, &date_string) ||
+ !parse_time (&hour, &minute, &second, &date_string) ||
+ !g_date_valid_dmy (day, month, year))
+ return NULL;
+
+ /* This time there *should* be a timezone, but we
+ * survive if there isn't.
+ */
+ parse_timezone (&tz, &date_string);
+ }
+
+ if (!tz)
+ tz = g_time_zone_new_utc ();
+
+ date = g_date_time_new (tz, year, month, day, hour, minute, second);
+ g_time_zone_unref (tz);
+
+ return date;
+}
+
+/**
+ * soup_date_time_new_from_http_string:
+ * @date_string: The date as a string
+ *
+ * Parses @date_string and tries to extract a date from it.
+ *
+ * This recognizes all of the "HTTP-date" formats from RFC 2616, RFC 2822 dates,
+ * and reasonable approximations thereof. (Eg, it is lenient about whitespace,
+ * leading "0"s, etc.)
+ *
+ * Returns: (nullable): a new #GDateTime, or %NULL if @date_string
+ * could not be parsed.
+ **/
+GDateTime *
+soup_date_time_new_from_http_string (const char *date_string)
+{
+ g_return_val_if_fail (date_string != NULL, NULL);
+
+ while (g_ascii_isspace (*date_string))
+ date_string++;
+
+ /* If it starts with a digit, it's either an ISO 8601 date, or
+ * an RFC2822 date without the optional weekday; in the later
+ * case, there will be a month name later on, so look for one
+ * of the month-start letters.
+ * Previous versions of this library supported parsing iso8601 strings
+ * however g_date_time_new_from_iso8601() should be used now. Just
+ * catch those in case for testing.
+ */
+ if (G_UNLIKELY (g_ascii_isdigit (*date_string) && !strpbrk (date_string, "JFMASOND"))) {
+ g_debug ("Unsupported format passed to soup_date_time_new_from_http_string(): %s", date_string);
+ return NULL;
+ }
+
+ return parse_textual_date (date_string);
+}
diff --git a/tests/cookies-test.c b/tests/cookies-test.c
index 61adfac5..aa719cdc 100644
--- a/tests/cookies-test.c
+++ b/tests/cookies-test.c
@@ -292,6 +292,7 @@ static void
do_cookies_parsing_int32_overflow (void)
{
SoupCookie *cookie = soup_cookie_parse ("Age=1;expires=3Mar9 999:9:9+ 999999999-age=main=gne=", NULL);
+ g_test_bug ("https://gitlab.gnome.org/GNOME/libsoup/-/issues/448");
g_assert_nonnull (cookie);
g_assert_null (soup_cookie_get_expires (cookie));
soup_cookie_free (cookie);
--
2.51.0

30
SOURCES/CVE-2025-4948.patch
View File

@ -1,30 +0,0 @@
From 592db079bc2dfea75708751ed0b7533ac9fd36df Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Thu, 15 May 2025 17:49:11 +0200
Subject: [PATCH] soup-multipart: Verify boundary limits for multipart body
It could happen that the boundary started at a place which resulted into
a negative number, which in an unsigned integer is a very large value.
Check the body size is not a negative value before setting it.
Closes https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
---
libsoup/soup-multipart.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
index dd939739..ce2fc109 100644
--- a/libsoup/soup-multipart.c
+++ b/libsoup/soup-multipart.c
@@ -214,7 +214,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
*/
part_body = soup_buffer_new_subbuffer (flattened,
split - flattened->data,
- end - 2 - split);
+ end - 2 >= split ? end - 2 - split : 0);
g_ptr_array_add (multipart->bodies, part_body);
start = end;
--
2.49.0

123
SOURCES/fix-ssl-test.patch
View File

@ -1,123 +0,0 @@
From c720f9c696b3b39d8c386abf8c8a9ddad447cda0 Mon Sep 17 00:00:00 2001
From: Carlos Garcia Campos <cgarcia@igalia.com>
Date: Wed, 9 Sep 2020 14:44:25 +0200
Subject: [PATCH 1/2] tests: fix SSL test with glib-networking >= 2.65.90
To make SSL tests fail with our testing certificate we create and empty
GTlsDatabase passing /dev/null to g_tls_file_database_new(). This no
longer works with newer glib-networking, since an empty file is
considered an error by gnutls and
g_tls_file_database_gnutls_populate_trust_list() now handles gnutls
errors properly. Instead, we can just use the system CA file that won't
contain our testing certificate for sure.
Fixes #201
---
tests/ssl-test.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/tests/ssl-test.c b/tests/ssl-test.c
index 735ba416..2c93ca85 100644
--- a/tests/ssl-test.c
+++ b/tests/ssl-test.c
@@ -3,7 +3,6 @@
#include "test-utils.h"
SoupURI *uri;
-GTlsDatabase *null_tlsdb;
static void
do_properties_test_for_session (SoupSession *session)
@@ -37,7 +36,7 @@ do_async_properties_tests (void)
session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
g_object_set (G_OBJECT (session),
- SOUP_SESSION_TLS_DATABASE, null_tlsdb,
+ SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
SOUP_SESSION_SSL_STRICT, FALSE,
NULL);
do_properties_test_for_session (session);
@@ -53,7 +52,7 @@ do_sync_properties_tests (void)
session = soup_test_session_new (SOUP_TYPE_SESSION_SYNC, NULL);
g_object_set (G_OBJECT (session),
- SOUP_SESSION_TLS_DATABASE, null_tlsdb,
+ SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
SOUP_SESSION_SSL_STRICT, FALSE,
NULL);
do_properties_test_for_session (session);
@@ -106,7 +105,7 @@ do_strictness_test (gconstpointer data)
}
if (!test->with_ca_list) {
g_object_set (G_OBJECT (session),
- SOUP_SESSION_TLS_DATABASE, null_tlsdb,
+ SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
NULL);
}
@@ -433,7 +432,6 @@ main (int argc, char **argv)
{
SoupServer *server = NULL;
int i, ret;
- GError *error = NULL;
test_init (argc, argv, NULL);
@@ -441,9 +439,6 @@ main (int argc, char **argv)
server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
soup_server_add_handler (server, NULL, server_handler, NULL, NULL);
uri = soup_test_server_get_uri (server, "https", "127.0.0.1");
-
- null_tlsdb = g_tls_file_database_new ("/dev/null", &error);
- g_assert_no_error (error);
} else
uri = NULL;
@@ -463,7 +458,6 @@ main (int argc, char **argv)
if (tls_available) {
soup_uri_free (uri);
soup_test_server_quit_unref (server);
- g_object_unref (null_tlsdb);
}
test_cleanup ();
--
2.43.5
From 0fbc7e8220c32f4848d6f1407efe81cc13ab18ef Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Sat, 18 Jan 2025 01:20:24 -0600
Subject: [PATCH 2/2] Add workaround for flaky ssl-test connection failures
---
tests/ssl-test.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/tests/ssl-test.c b/tests/ssl-test.c
index 2c93ca85..1b48c6aa 100644
--- a/tests/ssl-test.c
+++ b/tests/ssl-test.c
@@ -348,6 +348,19 @@ got_connection (GThreadedSocketService *service,
g_clear_error (&error);
}
+ // Work around a race condition where do_tls_interaction_test's call to
+ // soup_session_send_message() fails due to the server having closed the
+ // connection:
+ //
+ // ERROR:../tests/ssl-test.c:405:do_tls_interaction_test: Unexpected status 7 Connection terminated unexpectedly (expected 200 OK)
+ //
+ // This bug is already fixed upstream, so no sense in spending a bunch
+ // of time trying to find a proper fix.
+ //
+ // I'm not certain, but I suspect it's fixed by:
+ // https://gitlab.gnome.org/GNOME/libsoup/-/commit/bd6de90343839125bd07c43c97e1000deb0b40c3
+ sleep (1);
+
g_io_stream_close (tls, NULL, &error);
g_assert_no_error (error);
--
2.43.5

44
SOURCES/server-test-timeouts.patch
View File

@ -1,44 +0,0 @@
From 9ff306aa714efd06ceeafacee03298a3665055b1 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Wed, 30 Apr 2025 14:13:41 -0500
Subject: [PATCH] test-utils: fix deadlock in add_listener_in_thread()
The mutex is locked in the wrong place here.
Hopefully fixes #379
---
tests/test-utils.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tests/test-utils.c b/tests/test-utils.c
index df4cee44..5c1e316c 100644
--- a/tests/test-utils.c
+++ b/tests/test-utils.c
@@ -607,9 +607,11 @@ static gboolean
add_listener_in_thread (gpointer user_data)
{
AddListenerData *data = user_data;
+ SoupURI *uri;
- data->uri = add_listener (data->server, data->scheme, data->host);
+ uri = add_listener (data->server, data->scheme, data->host);
g_mutex_lock (&data->mutex);
+ data->uri = uri;
g_cond_signal (&data->cond);
g_mutex_unlock (&data->mutex);
@@ -641,9 +643,9 @@ soup_test_server_get_uri (SoupServer *server,
data.host = host;
data.uri = NULL;
- g_mutex_lock (&data.mutex);
soup_add_completion (context, add_listener_in_thread, &data);
+ g_mutex_lock (&data.mutex);
while (!data.uri)
g_cond_wait (&data.cond, &data.mutex);
--
GitLab

60
SOURCES/test-cert-expiration.patch
View File

@ -1,60 +0,0 @@
From 2dafd907586f52291b38c46362e72c7379558626 Mon Sep 17 00:00:00 2001
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
Date: Thu, 18 Feb 2021 09:13:40 +0100
Subject: [PATCH] Extend test cert to 2049
used certtool -u \
--load-ca-privkey ./tests/test-key.pem \
--load-ca-certificate ./tests/test-cert.pem \
--load-certificate ./tests/test-cert.pem
Without this patch, 3 tests failed in 2027
11/29 misc-test FAIL 0.67s (exit status 1)
21/29 server-test FAIL 0.12s (exit status 1)
25/29 timeout-test FAIL 4.08s (killed by signal 5 SIGTRAP)
Background:
As part of my work on reproducible builds for openSUSE, I check that software still gives identical build results in the future.
The usual offset is +15 years, because that is how long I expect some software will be used in some places.
This showed up failing tests in our package build.
See https://reproducible-builds.org/ for why this matters.
(cherry picked from commit 38a65f080a3168e8af78bdd3e4928debeea2dbd8)
---
tests/test-cert.pem | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/tests/test-cert.pem b/tests/test-cert.pem
index ff863b4d1..4b8b180dc 100644
--- a/tests/test-cert.pem
+++ b/tests/test-cert.pem
@@ -1,6 +1,6 @@
-----BEGIN CERTIFICATE-----
MIIC2zCCAcOgAwIBAgIJALRbg2WnuAAqMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
-BAMMCTEyNy4wLjAuMTAeFw0xNzA2MjAxNDI3MzBaFw0yNzA2MTgxNDI3MzBaMBQx
+BAMMCTEyNy4wLjAuMTAeFw0yMTAyMTgwODA3MzBaFw00OTEyMzEwODA3MzRaMBQx
EjAQBgNVBAMMCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKs4fuRuW77nORhOT9kbbU6BsjKW3GEsMc+ZSmXjINQWpfkES2hV+DQyzhm5
qh4OLi1vYtXoSbdQNDCbA8ybZJqR8m9F3ed8vobdSSQGxWpPdXTgz27x+TpiAc9P
@@ -8,11 +8,11 @@ w83UuPvlu/0AxHJBFXVAg+id0yFu3wmGWYJHoAtvFi2xeRtAXurNuPtjZyO+gfM9
BKTRCkGsRSmPpJyGbU2Q96fjxnVfV9oYvQXeugUcSx/pTUCM/kDgD9QZCxG2rflX
NWcqDFY3uO6ZR68Qwi/KouOa8rzrgAcwhFUI6Wz0Zwi1rzRtWK5WqC24aBUYz/tK
hl8i88UDXSMh7spChdYDBGLhZyUCAwEAAaMwMC4wLAYDVR0RBCUwI4IJbG9jYWxo
-b3N0hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQBj
-+U8tebwg5/pof5Rht6TMHqeg6Fcr4OJkL2ph2g+T/AMTS7kEGeFIKJN5AZ+S/qIY
-cdoDKHwc8+bCK/mG6DPmJ4z/2Eamb85YhplOLVrLRwfxRebTK9CtnjcjnflAiU9H
-7vPVwXIvkwebhBSQNKTdkBlPXKaTNWXuygeFG2OVQkPf/KAxSdtg2R+owv/s802Z
-HISk26wY9oFIQz6AiXWdrY1QqNOltZ7rlU5iofAH7X+9ryZlxPWj/gHg2YQRvvLl
-dq6nCF+ED0ke7h0lg5nU0beKEygwli8DlLVbu0JK0PkARFp5t7wUtzC9DCjzvfOc
-gxR44PyZX7/2oaTDm4PS
+b3N0hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQAz
+/qYTUuBGHgp7T1cfaJPnhx6U1SMfdJRtFoWOXDx+MNCK9GYkdMEabzRGUP5uNHO+
+PiZP/bMIHlpsbRA5AyyVf9Xv8JCujvYh24qYcBbwgZrfvNTm0D52P9JJm0SalTXS
+kwwTj00DWGVfVzJR+wiwYGHRIlyXbHqQSRzv6+z9f/xY5gXw/KpCNYTuOJcXW7w6
+JfMrUnc9pphRUpcLkuuzOMKuB0dtWRc0mZIr7PZHt+0gitNZWA0bDYI3JI9tlK17
+nxBUSpGtJwDgH//b8ek/P0P9a5VzQbBC6lXtQUMdxg7ovfAI//IS8ekBoRKI0Wde
+r2IpM9hKSBU3c2gGXcJC
-----END CERTIFICATE-----
--
GitLab

65
SPECS/libsoup.spec
View File

@ -2,7 +2,7 @@
Name: libsoup
Version: 2.62.3
Release: 10%{?dist}
Release: 5%{?dist}
Summary: Soup, an HTTP library implementation
License: LGPLv2
@ -14,37 +14,6 @@ Patch0002: 0002-WebSockets-allow-null-characters-in-text-messages-da.patch
Patch0003: 0003-WebSockets-only-poll-IO-stream-when-needed.patch
Patch0004: 0004-ntlmv2.patch
Patch0005: 0005-WebSockets-do-not-start-the-input-source-when-IO-is-closing.patch
Patch0006: CVE-2024-52530.patch
Patch0007: CVE-2024-52531.patch
Patch0008: CVE-2024-52532.patch
# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/446
Patch0009: test-cert-expiration.patch
# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/415
Patch0010: CVE-2025-32050.patch
Patch0011: CVE-2025-32052.patch
Patch0012: CVE-2025-32053.patch
# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/440
Patch0013: CVE-2025-32906.patch
# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/422
Patch0014: CVE-2025-32911-CVE-2025-32913.patch
# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/421
Patch0015: CVE-2025-46420.patch
# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/436
Patch0016: CVE-2025-46421.patch
# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408 (simplified)
Patch0017: CVE-2025-32049.patch
# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/450
Patch0018: CVE-2025-32914.patch
# https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
Patch0019: CVE-2025-2784.patch
# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463
Patch0020: CVE-2025-4948.patch
# https://issues.redhat.com/browse/RHEL-76426
Patch0021: fix-ssl-test.patch
# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/454
Patch0022: server-test-timeouts.patch
# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/473
Patch0023: CVE-2025-4945-CVE-2025-11021.patch
BuildRequires: chrpath
BuildRequires: glib2-devel >= %{glib2_version}
@ -119,38 +88,6 @@ chrpath --delete $RPM_BUILD_ROOT%{_libdir}/*.so
%{_datadir}/vala/vapi/libsoup-2.4.vapi
%changelog
* Thu Oct 30 2025 Michael Catanzaro <mcatanzaro@redhat.com> - 2.62.3-10
- Backport patch for CVE-2025-4945 and CVE-2025-11021
* Thu May 22 2025 Michael Catanzaro <mcatanzaro@redhat.com> - 2.62.3-9
- Add patches to improve test reliability
- Backport patches for various CVEs
Resolves: RHEL-85879
Resolves: RHEL-92280
Resolves: RHEL-93031
Resolves: RHEL-93032
* Thu May 01 2025 Michael Catanzaro <mcatanzaro@redhat.com> - 2.62.3-8
- Backport patches for various CVEs, plus test improvements
Resolves: RHEL-85887
Resolves: RHEL-85900
Resolves: RHEL-85901
Resolves: RHEL-87039
Resolves: RHEL-87094
Resolves: RHEL-87114
Resolves: RHEL-88348
Resolves: RHEL-88351
* Tue Jan 28 2025 Michael Catanzaro <mcatanzaro@redhat.com> - 2.62.3-7
- Backport upstream patch for CVE-2024-52531 - buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict
Resolves: RHEL-76376
* Tue Nov 12 2024 Tomas Popela <tpopela@redhat.com> - 2.62.3-6
- Backport upstream patch for CVE-2024-52530 - HTTP request smuggling via stripping null bytes from the ends of header names
- Backport upstream patch for CVE-2024-52532 - infinite loop while reading websocket data
- Resolves: RHEL-67076
- Resolves: RHEL-67067
* Tue Sep 05 2023 Milan Crha <mcrha@redhat.com> - 2.62.3-5
- Resolves: RHEL-2240 (Correct BuildRequires for python3)