forked from pool/libsoup
Accepting request 624333 from home:mgorse:branches:GNOME:Factory
- Add libsoup-boo1100097-empty-string.patch: fix crash when handling empty hostnames (boo#1100097 CVE-2018-12910). OBS-URL: https://build.opensuse.org/request/show/624333 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=214
This commit is contained in:
parent
dac0458f07
commit
73e9f54d4f
29
libsoup-boo1100097-empty-string.patch
Normal file
29
libsoup-boo1100097-empty-string.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001
|
||||
From: Michael Catanzaro <mcatanzaro@igalia.com>
|
||||
Date: Sun, 24 Jun 2018 19:46:19 -0500
|
||||
Subject: [PATCH] cookie-jar: bail if hostname is an empty string
|
||||
|
||||
There are several other ways to fix the problem with this function, but
|
||||
skipping over all of the code is probably the simplest.
|
||||
|
||||
Fixes #3
|
||||
---
|
||||
libsoup/soup-cookie-jar.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
|
||||
index 2369c8a7..b2b78909 100644
|
||||
--- a/libsoup/soup-cookie-jar.c
|
||||
+++ b/libsoup/soup-cookie-jar.c
|
||||
@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
|
||||
|
||||
priv = soup_cookie_jar_get_instance_private (jar);
|
||||
|
||||
- if (!uri->host)
|
||||
+ if (!uri->host || !uri->host[0])
|
||||
return NULL;
|
||||
|
||||
/* The logic here is a little weird, but the plan is that if
|
||||
--
|
||||
2.18.0
|
||||
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 20 19:16:31 UTC 2018 - mgorse@suse.com
|
||||
|
||||
- Add libsoup-boo1100097-empty-string.patch: fix crash when
|
||||
handling empty hostnames (boo#1100097 CVE-2018-12910).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 8 10:00:47 UTC 2018 - bjorn.lie@gmail.com
|
||||
|
||||
|
@ -25,6 +25,8 @@ Group: Development/Libraries/GNOME
|
||||
URL: https://wiki.gnome.org/Projects/libsoup
|
||||
Source: http://download.gnome.org/sources/libsoup/2.62/%{name}-%{version}.tar.xz
|
||||
Source99: baselibs.conf
|
||||
# PATCH-FIX-UPSTREAM libsoup-boo1100097-empty-string.patch boo#1100097 mgorse@suse.com -- fix crash when handling empty hostnames (CVE-2018-12910).
|
||||
Patch0: libsoup-boo1100097-empty-string.patch
|
||||
|
||||
BuildRequires: glib-networking
|
||||
BuildRequires: intltool >= 0.35.0
|
||||
@ -115,6 +117,7 @@ Features:
|
||||
%prep
|
||||
%setup -q
|
||||
translation-update-upstream
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
%configure\
|
||||
|
Loading…
Reference in New Issue
Block a user