Accepting request 624333 from home:mgorse:branches:GNOME:Factory
- Add libsoup-boo1100097-empty-string.patch: fix crash when handling empty hostnames (boo#1100097 CVE-2018-12910). OBS-URL: https://build.opensuse.org/request/show/624333 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=214
This commit is contained in:
parent
dac0458f07
commit
73e9f54d4f
29
libsoup-boo1100097-empty-string.patch
Normal file
29
libsoup-boo1100097-empty-string.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Catanzaro <mcatanzaro@igalia.com>
|
||||||
|
Date: Sun, 24 Jun 2018 19:46:19 -0500
|
||||||
|
Subject: [PATCH] cookie-jar: bail if hostname is an empty string
|
||||||
|
|
||||||
|
There are several other ways to fix the problem with this function, but
|
||||||
|
skipping over all of the code is probably the simplest.
|
||||||
|
|
||||||
|
Fixes #3
|
||||||
|
---
|
||||||
|
libsoup/soup-cookie-jar.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
|
||||||
|
index 2369c8a7..b2b78909 100644
|
||||||
|
--- a/libsoup/soup-cookie-jar.c
|
||||||
|
+++ b/libsoup/soup-cookie-jar.c
|
||||||
|
@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
|
||||||
|
|
||||||
|
priv = soup_cookie_jar_get_instance_private (jar);
|
||||||
|
|
||||||
|
- if (!uri->host)
|
||||||
|
+ if (!uri->host || !uri->host[0])
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
/* The logic here is a little weird, but the plan is that if
|
||||||
|
--
|
||||||
|
2.18.0
|
||||||
|
|
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 20 19:16:31 UTC 2018 - mgorse@suse.com
|
||||||
|
|
||||||
|
- Add libsoup-boo1100097-empty-string.patch: fix crash when
|
||||||
|
handling empty hostnames (boo#1100097 CVE-2018-12910).
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue May 8 10:00:47 UTC 2018 - bjorn.lie@gmail.com
|
Tue May 8 10:00:47 UTC 2018 - bjorn.lie@gmail.com
|
||||||
|
|
||||||
|
@ -25,6 +25,8 @@ Group: Development/Libraries/GNOME
|
|||||||
URL: https://wiki.gnome.org/Projects/libsoup
|
URL: https://wiki.gnome.org/Projects/libsoup
|
||||||
Source: http://download.gnome.org/sources/libsoup/2.62/%{name}-%{version}.tar.xz
|
Source: http://download.gnome.org/sources/libsoup/2.62/%{name}-%{version}.tar.xz
|
||||||
Source99: baselibs.conf
|
Source99: baselibs.conf
|
||||||
|
# PATCH-FIX-UPSTREAM libsoup-boo1100097-empty-string.patch boo#1100097 mgorse@suse.com -- fix crash when handling empty hostnames (CVE-2018-12910).
|
||||||
|
Patch0: libsoup-boo1100097-empty-string.patch
|
||||||
|
|
||||||
BuildRequires: glib-networking
|
BuildRequires: glib-networking
|
||||||
BuildRequires: intltool >= 0.35.0
|
BuildRequires: intltool >= 0.35.0
|
||||||
@ -115,6 +117,7 @@ Features:
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
translation-update-upstream
|
translation-update-upstream
|
||||||
|
%patch0 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure\
|
%configure\
|
||||||
|
Loading…
Reference in New Issue
Block a user