diff --git a/backport-CVE-2024-52532.patch b/backport-CVE-2024-52532.patch new file mode 100644 index 0000000000000000000000000000000000000000..a0b6f91248ba27f87c63521be7264c9fdc348b3f --- /dev/null +++ b/backport-CVE-2024-52532.patch @@ -0,0 +1,71 @@ +From 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be Mon Sep 17 00:00:00 2001 +From: Ignacio Casal Quinteiro +Date: Wed, 11 Sep 2024 11:52:11 +0200 +Subject: [PATCH 1/2] websocket: process the frame as soon as we read data + +Otherwise we can enter in a read loop because we were not +validating the data until the all the data was read. + +Fixes #391 +--- + libsoup/websocket/soup-websocket-connection.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libsoup/websocket/soup-websocket-connection.c b/libsoup/websocket/soup-websocket-connection.c +index a1a730473..a14481340 100644 +--- a/libsoup/websocket/soup-websocket-connection.c ++++ b/libsoup/websocket/soup-websocket-connection.c +@@ -1199,9 +1199,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self) + } + + priv->incoming->len = len + count; +- } while (count > 0); + +- process_incoming (self); ++ process_incoming (self); ++ } while (count > 0 && !priv->close_sent && !priv->io_closing); + + if (end) { + if (!priv->close_sent || !priv->close_received) { +-- +GitLab + + +From 29b96fab2512666d7241e46c98cc45b60b795c0c Mon Sep 17 00:00:00 2001 +From: Ignacio Casal Quinteiro +Date: Wed, 2 Oct 2024 11:17:19 +0200 +Subject: [PATCH 2/2] websocket-test: disconnect error copy after the test ends + +Otherwise the server will have already sent a few more wrong +bytes and the client will continue getting errors to copy +but the error is already != NULL and it will assert +--- + tests/websocket-test.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tests/websocket-test.c b/tests/websocket-test.c +index 06c443bb5..6a48c1f9b 100644 +--- a/tests/websocket-test.c ++++ b/tests/websocket-test.c +@@ -1539,8 +1539,9 @@ test_receive_invalid_encode_length_64 (Test *test, + GError *error = NULL; + InvalidEncodeLengthTest context = { test, NULL }; + guint i; ++ guint error_id; + +- g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); ++ error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); + g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received); + + /* We use 127(\x7f) as payload length with 65535 extended length */ +@@ -1553,6 +1554,7 @@ test_receive_invalid_encode_length_64 (Test *test, + WAIT_UNTIL (error != NULL || received != NULL); + g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR); + g_clear_error (&error); ++ g_signal_handler_disconnect (test->client, error_id); + g_assert_null (received); + + g_thread_join (thread); +-- +GitLab + diff --git a/libsoup3.spec b/libsoup3.spec index 7283ef10321b0847a3756fcf1f199b1e00bfc313..94cdcce773f758d8df243063e40aea021bb7782d 100644 --- a/libsoup3.spec +++ b/libsoup3.spec @@ -2,12 +2,14 @@ Name: libsoup3 Version: 3.4.4 -Release: 1 +Release: 2 Summary: Soup, an HTTP library implementation License: LGPLv2 URL: https://wiki.gnome.org/Projects/libsoup Source0: https://download.gnome.org/sources/libsoup/3.4/libsoup-%{version}.tar.xz +Patch0001: backport-CVE-2024-52532.patch + BuildRequires: gcc meson gettext vala krb5-devel samba-winbind-clients BuildRequires: gi-docgen >= 2021.1 BuildRequires: pkgconfig(glib-2.0) @@ -76,6 +78,9 @@ install -m 644 -D tests/libsoup.supp %{buildroot}%{_datadir}/libsoup-3.0/libsoup %{_datadir}/doc %changelog +* Wed Nov 13 2024 liningjie - 3.4.4-2 +- Fix CVE-2024-52532 + * Fri Nov 17 2023 lwg - 3.4.4-1 - update to version 3.4.4 diff --git a/xgettext.patch b/xgettext.patch deleted file mode 100644 index 08cb8b4cb5b0886cfc3d6b6b10dede1e114e849b..0000000000000000000000000000000000000000 --- a/xgettext.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- meson.build~ 2021-11-24 12:15:58.564374000 -0600 -+++ meson.build 2022-01-06 09:43:04.302267338 -0600 -@@ -392,11 +392,7 @@ - configure_file(output : 'config.h', configuration : cdata) - - subdir('libsoup') --xgettext = find_program('xgettext', required : false) --# xgettext is optional (on Windows for instance) --if xgettext.found() -- subdir('po') --endif -+subdir('po') - - subdir('examples') - subdir('fuzzing') -@@ -421,7 +417,7 @@ - 'GSSAPI' : enable_gssapi, - 'NTLM' : ntlm_auth.found(), - 'Brotli' : brotlidec_dep.found(), -- 'Translations' : xgettext.found(), -+ 'Translations' : 'True', - 'GIR' : enable_introspection, - 'VAPI' : enable_vapi, - 'Documentation' : get_option('gtk_doc'),