From 73e9f54d4f9c0d2f25cb5d52fd1b172b823b469e8c29c71b7ece6e75d9e8c2a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= <bjorn.lie@gmail.com>
Date: Fri, 20 Jul 2018 19:45:41 +0000
Subject: [PATCH] Accepting request 624333 from
 home:mgorse:branches:GNOME:Factory

- Add libsoup-boo1100097-empty-string.patch: fix crash when
  handling empty hostnames (boo#1100097 CVE-2018-12910).

OBS-URL: https://build.opensuse.org/request/show/624333
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=214
---
 libsoup-boo1100097-empty-string.patch | 29 +++++++++++++++++++++++++++
 libsoup.changes                       |  6 ++++++
 libsoup.spec                          |  3 +++
 3 files changed, 38 insertions(+)
 create mode 100644 libsoup-boo1100097-empty-string.patch

diff --git a/libsoup-boo1100097-empty-string.patch b/libsoup-boo1100097-empty-string.patch
new file mode 100644
index 0000000..95698cf
--- /dev/null
+++ b/libsoup-boo1100097-empty-string.patch
@@ -0,0 +1,29 @@
+From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@igalia.com>
+Date: Sun, 24 Jun 2018 19:46:19 -0500
+Subject: [PATCH] cookie-jar: bail if hostname is an empty string
+
+There are several other ways to fix the problem with this function, but
+skipping over all of the code is probably the simplest.
+
+Fixes #3
+---
+ libsoup/soup-cookie-jar.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
+index 2369c8a7..b2b78909 100644
+--- a/libsoup/soup-cookie-jar.c
++++ b/libsoup/soup-cookie-jar.c
+@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
+ 
+ 	priv = soup_cookie_jar_get_instance_private (jar);
+ 
+-	if (!uri->host)
++	if (!uri->host || !uri->host[0])
+ 		return NULL;
+ 
+ 	/* The logic here is a little weird, but the plan is that if
+-- 
+2.18.0
+
diff --git a/libsoup.changes b/libsoup.changes
index a7163e9..f3ed1b3 100644
--- a/libsoup.changes
+++ b/libsoup.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Jul 20 19:16:31 UTC 2018 - mgorse@suse.com
+
+- Add libsoup-boo1100097-empty-string.patch: fix crash when
+  handling empty hostnames (boo#1100097 CVE-2018-12910).
+
 -------------------------------------------------------------------
 Tue May  8 10:00:47 UTC 2018 - bjorn.lie@gmail.com
 
diff --git a/libsoup.spec b/libsoup.spec
index 3d7efb6..6bb1d90 100644
--- a/libsoup.spec
+++ b/libsoup.spec
@@ -25,6 +25,8 @@ Group:          Development/Libraries/GNOME
 URL:            https://wiki.gnome.org/Projects/libsoup
 Source:         http://download.gnome.org/sources/libsoup/2.62/%{name}-%{version}.tar.xz
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM libsoup-boo1100097-empty-string.patch boo#1100097 mgorse@suse.com -- fix crash when handling empty hostnames (CVE-2018-12910).
+Patch0:         libsoup-boo1100097-empty-string.patch
 
 BuildRequires:  glib-networking
 BuildRequires:  intltool >= 0.35.0
@@ -115,6 +117,7 @@ Features:
 %prep
 %setup -q
 translation-update-upstream
+%patch0 -p1
 
 %build
 %configure\