From 79edaa4f4778682bbfcea1b92270a8e3eb1b5d88 Mon Sep 17 00:00:00 2001 From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> Date: Mon, 9 Jun 2025 09:12:34 +0800 Subject: [PATCH] [CVE] FIX CVE-2025-32912 to #20413 add patch to fix CVE-2025-32912 Project: TC2024080204 Signed-off-by: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> --- 0005-bugfix-for-CVE-2025-32912.patch | 41 ++++++++++++++++++++++ 0006-bugfix-for-CVE-2025-32912.patch | 30 ++++++++++++++++ 0007-bugfix-for-CVE-2025-32912.patch | 51 ++++++++++++++++++++++++++++ libsoup.spec | 8 ++++- 4 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 0005-bugfix-for-CVE-2025-32912.patch create mode 100644 0006-bugfix-for-CVE-2025-32912.patch create mode 100644 0007-bugfix-for-CVE-2025-32912.patch diff --git a/0005-bugfix-for-CVE-2025-32912.patch b/0005-bugfix-for-CVE-2025-32912.patch new file mode 100644 index 0000000..9ece47f --- /dev/null +++ b/0005-bugfix-for-CVE-2025-32912.patch @@ -0,0 +1,41 @@ +From cd077513f267e43ce4b659eb18a1734d8a369992 Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Wed, 5 Feb 2025 14:03:05 -0600 +Subject: [PATCH] auth-digest: Handle missing nonce + +Conflict: Modify file path adaptation: libsoup/auth/soup-auth-digest.c->libsoup/soup-auth-digest.c +Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992 + +--- + libsoup/soup-auth-digest.c | 2 +- + tests/auth-test.c | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c +index 83069ef..b79e6f8 100644 +--- a/libsoup/soup-auth-digest.c ++++ b/libsoup/soup-auth-digest.c +@@ -156,7 +156,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg, + guint qop_options; + gboolean ok = TRUE; + +- if (!soup_auth_get_realm (auth)) ++ if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce")) + return FALSE; + + g_free (priv->domain); +diff --git a/tests/auth-test.c b/tests/auth-test.c +index 6fb1e4a..548ac94 100644 +--- a/tests/auth-test.c ++++ b/tests/auth-test.c +@@ -1629,6 +1629,7 @@ main (int argc, char **argv) + g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test); + g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test); + g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test); ++ g_test_add_data_func ("/auth/missing-params/nonce-and-qop", "Digest realm=\"auth-test\"", do_missing_params_test); + + ret = g_test_run (); + +-- +2.48.1 + diff --git a/0006-bugfix-for-CVE-2025-32912.patch b/0006-bugfix-for-CVE-2025-32912.patch new file mode 100644 index 0000000..4679db0 --- /dev/null +++ b/0006-bugfix-for-CVE-2025-32912.patch @@ -0,0 +1,30 @@ +From 910ebdcd3dd82386717a201c13c834f3a63eed7f Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Sat, 8 Feb 2025 12:30:13 -0600 +Subject: [PATCH] digest-auth: Handle NULL nonce + +`contains` only handles a missing nonce, `lookup` handles both missing and empty. + +Conflict: Modify file path adaptation: libsoup/auth/soup-auth-digest.c->libsoup/soup-auth-digest.c +Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f + +--- + libsoup/soup-auth-digest.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c +index d69a4013..dc4dbfc5 100644 +--- a/libsoup/soup-auth-digest.c ++++ b/libsoup/soup-auth-digest.c +@@ -162,7 +162,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg, + guint qop_options; + gboolean ok = TRUE; + +- if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce")) ++ if (!soup_auth_get_realm (auth) || !g_hash_table_lookup (auth_params, "nonce")) + return FALSE; + + g_free (priv->domain); +-- +GitLab + diff --git a/0007-bugfix-for-CVE-2025-32912.patch b/0007-bugfix-for-CVE-2025-32912.patch new file mode 100644 index 0000000..6e219b4 --- /dev/null +++ b/0007-bugfix-for-CVE-2025-32912.patch @@ -0,0 +1,51 @@ +From e2e3d1cf16a15d725289e3f5a8a6503de08fc63f Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Tue, 11 Feb 2025 10:32:39 -0600 +Subject: [PATCH] Remove redundant function + +The nonce is validated earlier now. + +Conflict: Modify file path adaptation: libsoup/auth/soup-auth-digest.c->libsoup/soup-auth-digest.c +Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/e2e3d1cf16a15d725289e3f5a8a6503de08fc63f + +--- + libsoup/soup-auth-digest.c | 16 ---------------- + 1 file changed, 16 deletions(-) + +diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c +index 40b470b..318ebe2 100644 +--- a/libsoup/soup-auth-digest.c ++++ b/libsoup/soup-auth-digest.c +@@ -133,19 +133,6 @@ soup_auth_digest_get_qop (SoupAuthDigestQop qop) + return g_string_free (out, FALSE); + } + +-static gboolean +-validate_params (SoupAuthDigest *auth_digest) +-{ +- SoupAuthDigestPrivate *priv = soup_auth_digest_get_instance_private (auth_digest); +- +- if (priv->qop || priv->algorithm == SOUP_AUTH_DIGEST_ALGORITHM_MD5_SESS) { +- if (!priv->nonce) +- return FALSE; +- } +- +- return TRUE; +-} +- + static gboolean + soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg, + GHashTable *auth_params) +@@ -183,9 +170,6 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg, + if (priv->algorithm == -1) + ok = FALSE; + +- if (!validate_params (auth_digest)) +- ok = FALSE; +- + if (ok) { + stale = g_hash_table_lookup (auth_params, "stale"); + if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp) +-- +2.48.1 + diff --git a/libsoup.spec b/libsoup.spec index 8fae458..f0ccb3f 100644 --- a/libsoup.spec +++ b/libsoup.spec @@ -1,4 +1,4 @@ -%define anolis_release 6 +%define anolis_release 7 %define glib2_version 2.58 %{!?with_docs: %global with_docs 1} @@ -16,6 +16,9 @@ Patch1: 0001-bugfix-for-CVE-2025-32907.patch Patch2: 0002-bugfix-for-CVE-2025-32909.patch Patch3: 0003-bugfix-for-CVE-2025-32910.patch Patch4: 0004-bugfix-for-CVE-2025-32910.patch +Patch5: 0005-bugfix-for-CVE-2025-32912.patch +Patch6: 0006-bugfix-for-CVE-2025-32912.patch +Patch7: 0007-bugfix-for-CVE-2025-32912.patch BuildRequires: gettext BuildRequires: glib-networking @@ -125,6 +128,9 @@ This package contains developer documentation for %{name}. %endif %changelog +* Mon Jun 09 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 2.74.3-7 +- fix CVE-2025-32912 + * Fri Jun 06 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 2.74.3-6 - fix CVE-2025-32910 -- Gitee