Accepting request 516810 from GNOME:Next

New stable rel, CVE-2017-2885 OBS-URL: https://build.opensuse.org/request/show/516810 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=188
2017-08-14 14:29:49 +00:00 · 2017-08-14 14:29:49 +00:00 · 73a12bf7d6
commit 73a12bf7d6
parent 95bc2c3ec6
4 changed files with 12 additions and 5 deletions
--- a/libsoup-2.58.1.tar.xz
+++ b/libsoup-2.58.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:62c669f557de745b7b20ba9d5b74d839c95e4c9cea1a5ab7f3da5531a1aeefb9
-size 1820096
--- a/libsoup-2.58.2.tar.xz
+++ b/libsoup-2.58.2.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:442300ca1b1bf8a3bbf2f788203287ff862542d4fc048f19a92a068a27d17b72
+size 1815256
--- a/libsoup.changes
+++ b/libsoup.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Aug 14 12:22:57 UTC 2017 - zaitor@opensuse.org
+
+- Update to version 2.58.2 (CVE-2017-2885):
+  + Fixed a chunked decoding buffer overrun that could be exploited
+    against either clients or servers (bgo#785774, CVE-2017-2885).
+
 -------------------------------------------------------------------
 Sat May 20 09:09:11 UTC 2017 - dimstar@opensuse.org

--- a/libsoup.spec
+++ b/libsoup.spec
@ -20,10 +20,10 @@ Name:           libsoup
 Summary:        HTTP client/server library for GNOME
 License:        LGPL-2.1+
 Group:          Development/Libraries/GNOME
-Version:        2.58.1
+Version:        2.58.2
 Release:        0
 Url:            http://www.gnome.org
-Source:         http://download.gnome.org/sources/libsoup/2.58/%{name}-%{version}.tar.xz
+Source:         https://download.gnome.org/sources/libsoup/2.58/%{name}-%{version}.tar.xz
 Source99:       baselibs.conf
 BuildRequires:  glib-networking
 BuildRequires:  glib2-devel >= 2.38.0