diff --git a/backport-CVE-2024-52532.patch b/backport-CVE-2024-52532.patch new file mode 100644 index 0000000000000000000000000000000000000000..a806a51d696205cd8e29eea7f4e5155e3d41b48d --- /dev/null +++ b/backport-CVE-2024-52532.patch @@ -0,0 +1,71 @@ +From 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be Mon Sep 17 00:00:00 2001 +From: Ignacio Casal Quinteiro +Date: Wed, 11 Sep 2024 11:52:11 +0200 +Subject: [PATCH 1/2] websocket: process the frame as soon as we read data + +Otherwise we can enter in a read loop because we were not +validating the data until the all the data was read. + +Fixes #391 +--- + libsoup/soup-websocket-connection.c | 6 +++--- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c +index a4095e1..599d4a6 100644 +--- a/libsoup/soup-websocket-connection.c ++++ b/libsoup/soup-websocket-connection.c +@@ -1140,9 +1140,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self) + } + + pv->incoming->len = len + count; +- } while (count > 0); +- +- process_incoming (self); ++ ++ process_incoming (self); ++ } while (count > 0 && !priv->close_sent && !priv->io_closing); + + if (end) { + if (!pv->close_sent || !pv->close_received) { +-- +GitLab + + +From 29b96fab2512666d7241e46c98cc45b60b795c0c Mon Sep 17 00:00:00 2001 +From: Ignacio Casal Quinteiro +Date: Wed, 2 Oct 2024 11:17:19 +0200 +Subject: [PATCH 2/2] websocket-test: disconnect error copy after the test ends + +Otherwise the server will have already sent a few more wrong +bytes and the client will continue getting errors to copy +but the error is already != NULL and it will assert +--- + tests/websocket-test.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tests/websocket-test.c b/tests/websocket-test.c +index 5e40cf3..f1894a3 100644 +--- a/tests/websocket-test.c ++++ b/tests/websocket-test.c +@@ -1331,8 +1331,9 @@ test_receive_invalid_encode_length_64 (Test *test, + GError *error = NULL; + InvalidEncodeLengthTest context = { test, NULL }; + guint i; ++ guint error_id; + +- g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); ++ error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); + g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received); + + /* We use 127(\x7f) as payload length with 65535 extended length */ +@@ -1345,6 +1346,7 @@ test_receive_invalid_encode_length_64 (Test *test, + WAIT_UNTIL (error != NULL || received != NULL); + g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR); + g_clear_error (&error); ++ g_signal_handler_disconnect (test->client, error_id); + g_assert_null (received); + + g_thread_join (thread); +-- +GitLab diff --git a/libsoup.spec b/libsoup.spec index 01b966d67b6637c5bda3131c5c0411fcc7a96ab0..f664e5c81ec43e7f7c586acb2edac143ed37cb5a 100644 --- a/libsoup.spec +++ b/libsoup.spec @@ -1,6 +1,6 @@ Name: libsoup Version: 2.74.3 -Release: 3 +Release: 4 Summary: An HTTP library implementation License: LGPLv2 URL: https://wiki.gnome.org/Projects/libsoup @@ -13,6 +13,7 @@ BuildRequires: pkgconfig(sysprof-capture-4) Requires: glib2 glib-networking Patch6000: backport-skip-tls_interaction-test.patch +Patch6001: backport-CVE-2024-52532.patch %description libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, @@ -64,6 +65,9 @@ sed -i 's/idm[0-9]\{5,32\}/idm12345678912345/g' %{buildroot}%{_datadir}/gtk-doc/ %{_datadir}/gtk-doc/html/libsoup-2.4/* %changelog +* Tue Nov 12 2024 liningjie - 2.74.3-4 +- Fix CVE-2024-52532 + * Thu Apr 18 2024 zhangpan - 2.74.3-3 - Rebuild for next release