From aa3d3be262cb67b43adaa1b1db909c15a88d8817 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Tue, 9 Dec 2025 16:30:14 -0600 Subject: [PATCH] Add patch for CVE-2025-12105 Resolves: RHEL-123543 --- CVE-2025-12105.patch | 30 +++++++++++++++++++ ...atch => CVE-2025-4945-CVE-2025-11021.patch | 0 libsoup3.spec | 7 +++-- 3 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 CVE-2025-12105.patch rename RHEL-117629.patch => CVE-2025-4945-CVE-2025-11021.patch (100%) diff --git a/CVE-2025-12105.patch b/CVE-2025-12105.patch new file mode 100644 index 0000000..fe1142d --- /dev/null +++ b/CVE-2025-12105.patch @@ -0,0 +1,30 @@ +From 9ba1243a24e442fa5ec44684617a4480027da960 Mon Sep 17 00:00:00 2001 +From: Eugene Mutavchi +Date: Fri, 10 Oct 2025 16:24:27 +0000 +Subject: [PATCH] fix 'heap-use-after-free' caused by 'finishing' queue item + twice + +--- + libsoup/soup-session.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c +index c5694d2c..4e6b478b 100644 +--- a/libsoup/soup-session.c ++++ b/libsoup/soup-session.c +@@ -2894,8 +2894,10 @@ run_until_read_done (SoupMessage *msg, + if (soup_message_io_in_progress (msg)) + soup_message_io_finished (msg); + item->paused = FALSE; +- item->state = SOUP_MESSAGE_FINISHING; +- soup_session_process_queue_item (item->session, item, FALSE); ++ if (item->state != SOUP_MESSAGE_FINISHED) { ++ item->state = SOUP_MESSAGE_FINISHING; ++ soup_session_process_queue_item (item->session, item, FALSE); ++ } + } + async_send_request_return_result (item, NULL, error); + soup_message_queue_item_unref (item); +-- +GitLab + diff --git a/RHEL-117629.patch b/CVE-2025-4945-CVE-2025-11021.patch similarity index 100% rename from RHEL-117629.patch rename to CVE-2025-4945-CVE-2025-11021.patch diff --git a/libsoup3.spec b/libsoup3.spec index cd7c3b1..d09ed1c 100644 --- a/libsoup3.spec +++ b/libsoup3.spec @@ -20,7 +20,6 @@ Patch: http2-body-size-test-timeout.patch Patch: CVE-2025-32914.patch # https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/451 Patch: CVE-2025-32908.patch - # https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/448 (simplified and corrected) Patch: CVE-2025-4035.patch # https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463 @@ -29,8 +28,10 @@ Patch: CVE-2025-4948.patch Patch: CVE-2025-32049.patch # https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452 Patch: CVE-2025-32907.patch -# https://gitlab.gnome.org/GNOME/libsoup/-/issues/448 -Patch: RHEL-117629.patch +# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/473 +Patch: CVE-2025-4945-CVE-2025-11021.patch +# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/481 +Patch: CVE-2025-12105.patch BuildRequires: ca-certificates BuildRequires: gcc