diff --git a/0018-bugfix-for-CVE-2025-32052.patch b/0018-bugfix-for-CVE-2025-32052.patch new file mode 100644 index 0000000000000000000000000000000000000000..7ec0fd2a37d760382a38492635ee04a9dee67c75 --- /dev/null +++ b/0018-bugfix-for-CVE-2025-32052.patch @@ -0,0 +1,16 @@ +diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c +index 486fb2d..4e3a5b3 100644 +--- a/libsoup/soup-content-sniffer.c ++++ b/libsoup/soup-content-sniffer.c +@@ -509,7 +509,7 @@ sniff_unknown (SoupContentSniffer *sniffer, SoupBuffer *buffer, + guint index_pattern = 0; + gboolean skip_row = FALSE; + +- while ((index_stream < resource_length) && ++ while ((index_stream < resource_length - 1) && + (index_pattern <= type_row->pattern_length)) { + /* Skip insignificant white space ("WS" in the spec) */ + if (type_row->pattern[index_pattern] == ' ') { +-- +2.43.5 + diff --git a/libsoup.spec b/libsoup.spec index 2360726fe0201a68cf565f9458af896b76022784..963d321f3105d6720c04eb19b74cee1383735d4a 100644 --- a/libsoup.spec +++ b/libsoup.spec @@ -1,4 +1,4 @@ -%define anolis_release 17 +%define anolis_release 18 %define glib2_version 2.58 %{!?with_docs: %global with_docs 1} @@ -29,8 +29,10 @@ Patch14: 0014-bugfix-for-CVE-2025-2784.patch # From https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463/ Patch15: 1015-bugfix-for-CVE-2025-4948.patch Patch16: 16-bugfix-for-CVE-2025-4476.patch -#Upstream https://gitlab.gnome.org/GNOME/libsoup/-/commit/3e5c26415811f19e7737238bb23305ffaf96f66b.patch +# Upstream https://gitlab.gnome.org/GNOME/libsoup/-/commit/3e5c26415811f19e7737238bb23305ffaf96f66b.patch Patch17: 0017-bugfix-for-CVE-2025-46421.patch +# https://gitlab.gnome.org/GNOME/libsoup/-/commit/a5b86bfc9405e01f12a975ae6898b1ce6a870e11 +Patch18: 0018-bugfix-for-CVE-2025-32052.patch BuildRequires: gettext BuildRequires: glib-networking %if %{with_docs} @@ -139,6 +141,9 @@ This package contains developer documentation for %{name}. %endif %changelog +* Tue Aug 12 2025 wh02252983 - 2.74.3-18 +- add patch to fix CVE-2025-32052 + * Wed Jul 09 2025 yangjinlin01 - 2.74.3-17 - Fix CVE-2025-46421