diff --git a/0012-bugfix-for-CVE-2025-32914.patch b/0012-bugfix-for-CVE-2025-32914.patch new file mode 100644 index 0000000000000000000000000000000000000000..39c16793228543ba088a4bb7c8df7f2e6272389d --- /dev/null +++ b/0012-bugfix-for-CVE-2025-32914.patch @@ -0,0 +1,30 @@ +From 51c25f470f85b485818c253718594a4d59b39931 Mon Sep 17 00:00:00 2001 +From: Milan Crha +Date: Tue, 15 Apr 2025 09:03:00 +0200 +Subject: [PATCH] multipart: Fix read out of buffer bounds under + soup_multipart_new_from_message() + +This is CVE-2025-32914, special crafted input can cause read out of buffer bounds +of the body argument. + +Closes #436 +--- + libsoup/soup-multipart.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c +index a7e550f1..dd939739 100644 +--- a/libsoup/soup-multipart.c ++++ b/libsoup/soup-multipart.c +@@ -181,7 +181,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers, + return NULL; + } + +- split = strstr (start, "\r\n\r\n"); ++ split = g_strstr_len (start, body_end - start, "\r\n\r\n"); + if (!split || split > end) { + soup_multipart_free (multipart); + soup_buffer_free (flattened); +-- +2.49.0 + diff --git a/libsoup.spec b/libsoup.spec index e8ffca531704832c84e6779a9e735c04a640948c..a6e429d7047c2bc4baa9461000ebb3b80355a9e3 100644 --- a/libsoup.spec +++ b/libsoup.spec @@ -1,4 +1,4 @@ -%define anolis_release 11 +%define anolis_release 12 %define glib2_version 2.58 %{!?with_docs: %global with_docs 1} @@ -23,6 +23,7 @@ Patch8: 0008-bugfix-for-CVE-2025-32050.patch Patch9: 0009-bugfix-for-CVE-2025-32053.patch Patch10: 0010-bugfix-for-CVE-2025-32911-CVE-2025-32913.patch Patch11: 0011-bugfix-for-CVE-2025-32906.patch +Patch12: 0012-bugfix-for-CVE-2025-32914.patch BuildRequires: gettext BuildRequires: glib-networking @@ -132,6 +133,9 @@ This package contains developer documentation for %{name}. %endif %changelog +* Wed Jun 11 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 2.74.3-12 +- fix CVE-2025-32914 + * Wed Jun 11 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 2.74.3-11 - fix CVE-2025-32906