From 944293ed6fc6a9cdd1a31f2d8c3177afd296e5f5 Mon Sep 17 00:00:00 2001 From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> Date: Wed, 11 Jun 2025 16:35:23 +0800 Subject: [PATCH] [CVE] FIX CVE-2025-32914 to #20417 add patch to fix CVE-2025-32914 Project: TC2024080204 Signed-off-by: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> --- 0012-bugfix-for-CVE-2025-32914.patch | 30 ++++++++++++++++++++++++++++ libsoup.spec | 6 +++++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 0012-bugfix-for-CVE-2025-32914.patch diff --git a/0012-bugfix-for-CVE-2025-32914.patch b/0012-bugfix-for-CVE-2025-32914.patch new file mode 100644 index 0000000..39c1679 --- /dev/null +++ b/0012-bugfix-for-CVE-2025-32914.patch @@ -0,0 +1,30 @@ +From 51c25f470f85b485818c253718594a4d59b39931 Mon Sep 17 00:00:00 2001 +From: Milan Crha +Date: Tue, 15 Apr 2025 09:03:00 +0200 +Subject: [PATCH] multipart: Fix read out of buffer bounds under + soup_multipart_new_from_message() + +This is CVE-2025-32914, special crafted input can cause read out of buffer bounds +of the body argument. + +Closes #436 +--- + libsoup/soup-multipart.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c +index a7e550f1..dd939739 100644 +--- a/libsoup/soup-multipart.c ++++ b/libsoup/soup-multipart.c +@@ -181,7 +181,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers, + return NULL; + } + +- split = strstr (start, "\r\n\r\n"); ++ split = g_strstr_len (start, body_end - start, "\r\n\r\n"); + if (!split || split > end) { + soup_multipart_free (multipart); + soup_buffer_free (flattened); +-- +2.49.0 + diff --git a/libsoup.spec b/libsoup.spec index e8ffca5..a6e429d 100644 --- a/libsoup.spec +++ b/libsoup.spec @@ -1,4 +1,4 @@ -%define anolis_release 11 +%define anolis_release 12 %define glib2_version 2.58 %{!?with_docs: %global with_docs 1} @@ -23,6 +23,7 @@ Patch8: 0008-bugfix-for-CVE-2025-32050.patch Patch9: 0009-bugfix-for-CVE-2025-32053.patch Patch10: 0010-bugfix-for-CVE-2025-32911-CVE-2025-32913.patch Patch11: 0011-bugfix-for-CVE-2025-32906.patch +Patch12: 0012-bugfix-for-CVE-2025-32914.patch BuildRequires: gettext BuildRequires: glib-networking @@ -132,6 +133,9 @@ This package contains developer documentation for %{name}. %endif %changelog +* Wed Jun 11 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 2.74.3-12 +- fix CVE-2025-32914 + * Wed Jun 11 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 2.74.3-11 - fix CVE-2025-32906 -- Gitee