forked from pool/libsoup
Accepting request 628559 from home:iznogood:branches:GNOME:Factory
- Update to version 2.62.3: + Check for trailing dots in domains. + Set default cookie path for NULL origins. + Use atomic-refcounting in classes that are not using GObject-refcounting. + Many Coverity-found code fixes. + Bail out on cookie-jar calls with empty hostnames. - Drop libsoup-boo1100097-empty-string.patch: Fixed upstream. OBS-URL: https://build.opensuse.org/request/show/628559 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=216
This commit is contained in:
parent
73e9f54d4f
commit
1f772d95ac
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:9e536fe3da60b25d2c63addb84a9d5072d00b0d8b8cbeabc629a6bcd63f879b6
|
||||
size 1848752
|
3
libsoup-2.62.3.tar.xz
Normal file
3
libsoup-2.62.3.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d312ade547495c2093ff8bda61f9b9727a98cfdae339f3263277dd39c0451172
|
||||
size 1851780
|
@ -1,29 +0,0 @@
|
||||
From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001
|
||||
From: Michael Catanzaro <mcatanzaro@igalia.com>
|
||||
Date: Sun, 24 Jun 2018 19:46:19 -0500
|
||||
Subject: [PATCH] cookie-jar: bail if hostname is an empty string
|
||||
|
||||
There are several other ways to fix the problem with this function, but
|
||||
skipping over all of the code is probably the simplest.
|
||||
|
||||
Fixes #3
|
||||
---
|
||||
libsoup/soup-cookie-jar.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
|
||||
index 2369c8a7..b2b78909 100644
|
||||
--- a/libsoup/soup-cookie-jar.c
|
||||
+++ b/libsoup/soup-cookie-jar.c
|
||||
@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
|
||||
|
||||
priv = soup_cookie_jar_get_instance_private (jar);
|
||||
|
||||
- if (!uri->host)
|
||||
+ if (!uri->host || !uri->host[0])
|
||||
return NULL;
|
||||
|
||||
/* The logic here is a little weird, but the plan is that if
|
||||
--
|
||||
2.18.0
|
||||
|
@ -1,3 +1,15 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 10 09:01:14 UTC 2018 - bjorn.lie@gmail.com
|
||||
|
||||
- Update to version 2.62.3:
|
||||
+ Check for trailing dots in domains.
|
||||
+ Set default cookie path for NULL origins.
|
||||
+ Use atomic-refcounting in classes that are not using
|
||||
GObject-refcounting.
|
||||
+ Many Coverity-found code fixes.
|
||||
+ Bail out on cookie-jar calls with empty hostnames.
|
||||
- Drop libsoup-boo1100097-empty-string.patch: Fixed upstream.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 20 19:16:31 UTC 2018 - mgorse@suse.com
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: libsoup
|
||||
Version: 2.62.2
|
||||
Version: 2.62.3
|
||||
Release: 0
|
||||
Summary: HTTP client/server library for GNOME
|
||||
License: LGPL-2.1-or-later
|
||||
@ -25,8 +25,6 @@ Group: Development/Libraries/GNOME
|
||||
URL: https://wiki.gnome.org/Projects/libsoup
|
||||
Source: http://download.gnome.org/sources/libsoup/2.62/%{name}-%{version}.tar.xz
|
||||
Source99: baselibs.conf
|
||||
# PATCH-FIX-UPSTREAM libsoup-boo1100097-empty-string.patch boo#1100097 mgorse@suse.com -- fix crash when handling empty hostnames (CVE-2018-12910).
|
||||
Patch0: libsoup-boo1100097-empty-string.patch
|
||||
|
||||
BuildRequires: glib-networking
|
||||
BuildRequires: intltool >= 0.35.0
|
||||
@ -117,7 +115,6 @@ Features:
|
||||
%prep
|
||||
%setup -q
|
||||
translation-update-upstream
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
%configure\
|
||||
|
Loading…
Reference in New Issue
Block a user