diff --git a/0001-cve-CVE-2024-52530.patch b/0001-cve-CVE-2024-52530.patch new file mode 100644 index 0000000000000000000000000000000000000000..6451841af643984de590f197905f5a8f33bc3b7d --- /dev/null +++ b/0001-cve-CVE-2024-52530.patch @@ -0,0 +1,50 @@ +From c7d7ea970d073a6653a3401bc19ae0f453fe4b19 Mon Sep 17 00:00:00 2001 +From: zhuhongbo +Date: Tue, 19 Nov 2024 15:24:27 +0800 +Subject: [PATCH] cve CVE-2024-52530 + +--- + libsoup/soup-headers.c | 17 +++++------------ + 1 file changed, 5 insertions(+), 12 deletions(-) + +diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c +index 271d2a6..31ad1fe 100644 +--- a/libsoup/soup-headers.c ++++ b/libsoup/soup-headers.c +@@ -50,13 +50,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest) + * ignorable trailing whitespace. + */ + +- /* Skip over the Request-Line / Status-Line */ ++ /* No '\0's are allowed */ ++ if (memchr (str, '\0', len)) ++ return FALSE; ++ ++ /* Skip over the Request-Line / Status-Line */ + headers_start = memchr (str, '\n', len); + if (!headers_start) + return FALSE; +- /* No '\0's in the Request-Line / Status-Line */ +- if (memchr (str, '\0', headers_start - str)) +- return FALSE; + + /* We work on a copy of the headers, which we can write '\0's + * into, so that we don't have to individually g_strndup and +@@ -68,14 +69,6 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest) + headers_copy[copy_len] = '\0'; + value_end = headers_copy; + +- /* There shouldn't be any '\0's in the headers already, but +- * this is the web we're talking about. +- */ +- while ((p = memchr (headers_copy, '\0', copy_len))) { +- memmove (p, p + 1, copy_len - (p - headers_copy)); +- copy_len--; +- } +- + while (*(value_end + 1)) { + name = value_end + 1; + name_end = strchr (name, ':'); +-- +2.39.3 + diff --git a/libsoup.spec b/libsoup.spec index 5d7a20ca0f7fb36bc988fa1ff0c2e8e037e88b51..20c5bdf7971aeb20588411bd4d312b6b5ac2e107 100644 --- a/libsoup.spec +++ b/libsoup.spec @@ -2,7 +2,7 @@ Name: libsoup Version: 2.62.2 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Soup, an HTTP library implementation License: LGPLv2 @@ -14,6 +14,9 @@ Patch01: coverity-scan-issues.patch Patch02: libsoup-python2.patch Patch03: 0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch +#add by uos +Patch04: 0001-cve-CVE-2024-52530.patch +#end BuildRequires: chrpath BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: glib-networking @@ -51,7 +54,7 @@ you to develop applications that use the libsoup library. %patch01 -p1 -b .coverity-scan-issues %patch02 -p1 -b .python2 %patch03 -p1 -b .cve-2018-12910 - +%patch04 -p1 -b .cve-CVE-2024-52530 %build %configure --disable-static @@ -93,6 +96,10 @@ chrpath --delete $RPM_BUILD_ROOT%{_libdir}/*.so %{_datadir}/vala/vapi/libsoup-2.4.vapi %changelog +* Tue Nov 19 2024 zhuhongbo - 2.62.2-3 +- update to libsoup-2.62.2-3.el7_9 +- cve: fix CVE-2024-52530 + * Mon Jul 09 2018 Milan Crha - 2.62.2-2 - Backport upstream patch for CVE-2018-12910 - Crash in soup_cookie_jar.c: get_cookies() on empty hostnames - Resolves: #1598838