diff --git a/0001-fix-CVE-2024-52532.patch b/0001-fix-CVE-2024-52532.patch new file mode 100644 index 0000000000000000000000000000000000000000..1c0e214badde767678302d8c0f8b4ea4bac611ba --- /dev/null +++ b/0001-fix-CVE-2024-52532.patch @@ -0,0 +1,56 @@ +From 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be Mon Sep 17 00:00:00 2001 +From: Ignacio Casal Quinteiro +Date: Fri, 25 Oct 2024 17:22:00 +0800 +Subject: [PATCH 1/2] websocket: process the frame as soon as we read data + +Otherwise we can enter in a read loop because we were not +validating the data until the all the data was read. + +Fixes #391 +--- + libsoup/soup-websocket-connection.c | 4 ++-- + tests/websocket-test.c | 4 +++- + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c +index a4095e1..ed54e6b 100644 +--- a/libsoup/soup-websocket-connection.c ++++ b/libsoup/soup-websocket-connection.c +@@ -1140,9 +1140,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self) + } + + pv->incoming->len = len + count; +- } while (count > 0); + +- process_incoming (self); ++ process_incoming (self); ++ } while (count > 0 && !priv->close_sent && !priv->io_closing); + + if (end) { + if (!pv->close_sent || !pv->close_received) { +diff --git a/tests/websocket-test.c b/tests/websocket-test.c +index 5e40cf3..f1894a3 100644 +--- a/tests/websocket-test.c ++++ b/tests/websocket-test.c +@@ -1331,8 +1331,9 @@ test_receive_invalid_encode_length_64 (Test *test, + GError *error = NULL; + InvalidEncodeLengthTest context = { test, NULL }; + guint i; ++ guint error_id; + +- g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); ++ error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); + g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received); + + /* We use 127(\x7f) as payload length with 65535 extended length */ +@@ -1345,6 +1346,7 @@ test_receive_invalid_encode_length_64 (Test *test, + WAIT_UNTIL (error != NULL || received != NULL); + g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR); + g_clear_error (&error); ++ g_signal_handler_disconnect (test->client, error_id); + g_assert_null (received); + + g_thread_join (thread); +-- +2.43.0 + diff --git a/libsoup.spec b/libsoup.spec index 5b1bd632cafd6ee70f307a90ba99da6822aebeea..a73210c0e1f7c08ea26138f96309cff96c763201 100644 --- a/libsoup.spec +++ b/libsoup.spec @@ -1,6 +1,6 @@ Name: libsoup Version: 2.74.2 -Release: 4 +Release: 5` Summary: An HTTP library implementation License: LGPLv2 URL: https://wiki.gnome.org/Projects/libsoup @@ -13,6 +13,7 @@ BuildRequires: pkgconfig(sysprof-capture-4) Requires: glib2 glib-networking Patch6000: backport-skip-tls_interaction-test.patch +Patch6001: 0001-fix-CVE-2024-52532.patch %description libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, @@ -64,6 +65,9 @@ sed -i 's/idm[0-9]\{5,32\}/idm12345678912345/g' %{buildroot}%{_datadir}/gtk-doc/ %{_datadir}/gtk-doc/html/libsoup-2.4/* %changelog +* Tue Nov 12 2024 changtao - 2.74.2-5 +- fix CVE-2024-52532 + * Thu Apr 18 2024 zhangpan - 2.74.2-4 - Rebuild for next release