pool/libsoup
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 624333 from home:mgorse:branches:GNOME:Factory

Browse Source 
- Add libsoup-boo1100097-empty-string.patch: fix crash when
  handling empty hostnames (boo#1100097 CVE-2018-12910).

OBS-URL: https://build.opensuse.org/request/show/624333
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=214
This commit is contained in:
Bjørn Lie 2018-07-20 19:45:41 +00:00 committed by Git OBS Bridge
parent dac0458f07
commit 73e9f54d4f
3 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
libsoup-boo1100097-empty-string.patch Normal file
View File

@ -0,0 +1,29 @@
From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Sun, 24 Jun 2018 19:46:19 -0500
Subject: [PATCH] cookie-jar: bail if hostname is an empty string
There are several other ways to fix the problem with this function, but
skipping over all of the code is probably the simplest.
Fixes #3
---
libsoup/soup-cookie-jar.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
index 2369c8a7..b2b78909 100644
--- a/libsoup/soup-cookie-jar.c
+++ b/libsoup/soup-cookie-jar.c
@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
priv = soup_cookie_jar_get_instance_private (jar);
- if (!uri->host)
+ if (!uri->host || !uri->host[0])
return NULL;
/* The logic here is a little weird, but the plan is that if
--
2.18.0

6
libsoup.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Jul 20 19:16:31 UTC 2018 - mgorse@suse.com
- Add libsoup-boo1100097-empty-string.patch: fix crash when
handling empty hostnames (boo#1100097 CVE-2018-12910).
-------------------------------------------------------------------
Tue May 8 10:00:47 UTC 2018 - bjorn.lie@gmail.com

3
libsoup.spec
View File

@ -25,6 +25,8 @@ Group: Development/Libraries/GNOME
URL: https://wiki.gnome.org/Projects/libsoup
Source: http://download.gnome.org/sources/libsoup/2.62/%{name}-%{version}.tar.xz
Source99: baselibs.conf
# PATCH-FIX-UPSTREAM libsoup-boo1100097-empty-string.patch boo#1100097 mgorse@suse.com -- fix crash when handling empty hostnames (CVE-2018-12910).
Patch0: libsoup-boo1100097-empty-string.patch
BuildRequires: glib-networking
BuildRequires: intltool >= 0.35.0
@ -115,6 +117,7 @@ Features:
%prep
%setup -q
translation-update-upstream
%patch0 -p1
%build
%configure\