diff --git a/0002-bugfix-for-CVE-2025-32909.patch b/0002-bugfix-for-CVE-2025-32909.patch new file mode 100644 index 0000000000000000000000000000000000000000..bc0853221fc2a06ac29e2aae18a72406c332a7b5 --- /dev/null +++ b/0002-bugfix-for-CVE-2025-32909.patch @@ -0,0 +1,36 @@ +From ba4c3a6f988beff59e45801ab36067293d24ce92 Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Wed, 8 Jan 2025 16:30:17 -0600 +Subject: [PATCH] content-sniffer: Handle sniffing resource shorter than 4 + bytes + +Conflict: context adaptation and modify file path adaptation: libsoup/content-sniffer/soup-content-sniffer.c->libsoup/soup-content-sniffer.c +Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92 + +--- + libsoup/soup-content-sniffer.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c +index c52d2d0..ee32971 100644 +--- a/libsoup/soup-content-sniffer.c ++++ b/libsoup/soup-content-sniffer.c +@@ -227,9 +227,14 @@ sniff_mp4 (SoupContentSniffer *sniffer, SoupBuffer *buffer) + { + const char *resource = (const char *)buffer->data; + guint resource_length = MIN (512, buffer->length); +- guint32 box_size = *((guint32*)resource); ++ guint32 box_size; + guint i; + ++ if (resource_length < sizeof (guint32)) ++ return FALSE; ++ ++ box_size = *((guint32*)resource); ++ + #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + box_size = ((box_size >> 24) | + ((box_size << 8) & 0x00FF0000) | +-- +2.48.1 + diff --git a/libsoup.spec b/libsoup.spec index be597ad9c849fea0e7ab0dd80faf66b77708d67a..cd279a2c28d26a8de8254d8bc85b73cc76e5b7ab 100644 --- a/libsoup.spec +++ b/libsoup.spec @@ -1,4 +1,4 @@ -%define anolis_release 4 +%define anolis_release 5 %define glib2_version 2.58 %{!?with_docs: %global with_docs 1} @@ -13,6 +13,7 @@ URL: https://wiki.gnome.org/Projects/libsoup Source0: https://download.gnome.org/sources/%{name}/2.74/%{name}-%{version}.tar.xz Patch0: 0000-bugfix-for-CVE-2025-46420.patch Patch1: 0001-bugfix-for-CVE-2025-32907.patch +Patch2: 0002-bugfix-for-CVE-2025-32909.patch BuildRequires: gettext BuildRequires: glib-networking @@ -122,6 +123,9 @@ This package contains developer documentation for %{name}. %endif %changelog +* Thu Jun 05 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 2.74.3-5 +- fix CVE-2025-32909 + * Wed Jun 04 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 2.74.3-4 - fix CVE-2025-32907