diff --git a/16-bugfix-for-CVE-2025-4476.patch b/16-bugfix-for-CVE-2025-4476.patch new file mode 100644 index 0000000000000000000000000000000000000000..9bdb9885b2d814b18b1e130b56a5dd90f9531e39 --- /dev/null +++ b/16-bugfix-for-CVE-2025-4476.patch @@ -0,0 +1,37 @@ +From e64c221f9c7d09b48b610c5626b3b8c400f0907c Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Thu, 8 May 2025 09:27:01 -0500 +Subject: [PATCH] auth-digest: fix crash in + soup_auth_digest_get_protection_space() + +We need to validate the Domain parameter in the WWW-Authenticate header. + +Unfortunately this crash only occurs when listening on default ports 80 +and 443, so there's no good way to test for this. The test would require +running as root. + +Fixes #440 + +Conflict: Context Adaptation and g_uri_get_host (uri)->uri->host,g_uri_get_host (source_uri)->source_uri->host and Modify file path adaptation:libsoup/auth/soup-auth-digest.c->libsoup/soup-auth-digest.c +Reference: https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c + +--- + libsoup/soup-auth-digest.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c +index 318ebe2..efc84e9 100644 +--- a/libsoup/soup-auth-digest.c ++++ b/libsoup/soup-auth-digest.c +@@ -213,7 +213,7 @@ soup_auth_digest_get_protection_space (SoupAuth *auth, SoupURI *source_uri) + uri = soup_uri_new (d); + if (uri && uri->scheme == source_uri->scheme && + uri->port == source_uri->port && +- !strcmp (uri->host, source_uri->host)) ++ !g_strcmp0 (uri->host, source_uri->host)) + dir = g_strdup (uri->path); + else + dir = NULL; +-- +2.27.0 + diff --git a/libsoup.spec b/libsoup.spec index 019862d7fa6c7843866e8ebcfff9b1736969ed8a..76e1ba7519137ac63239488351b36c260f3cc866 100644 --- a/libsoup.spec +++ b/libsoup.spec @@ -1,4 +1,4 @@ -%define anolis_release 15 +%define anolis_release 16 %define glib2_version 2.58 %{!?with_docs: %global with_docs 1} @@ -28,6 +28,7 @@ Patch13: 0013-bugfix-for-CVE-2025-32049.patch Patch14: 0014-bugfix-for-CVE-2025-2784.patch # From https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463/ Patch15: 1015-bugfix-for-CVE-2025-4948.patch +Patch16: 16-bugfix-for-CVE-2025-4476.patch BuildRequires: gettext BuildRequires: glib-networking %if %{with_docs} @@ -136,6 +137,9 @@ This package contains developer documentation for %{name}. %endif %changelog +* Thu Jul 03 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 2.74.3-16 +- Fix CVE-2025-4476 + * Mon Jun 18 2025 lzq11122 - 2.74.3-15 - add patch to fix CVE-2025-4948