diff --git a/backport-CVE-2025-32912.patch b/backport-CVE-2025-32912.patch new file mode 100644 index 0000000000000000000000000000000000000000..0d29f2248bd230c3c07616400d821f389ec4e1a7 --- /dev/null +++ b/backport-CVE-2025-32912.patch @@ -0,0 +1,24 @@ +From acc0e7c802758934ce0a51c4db4e7ea5c3e91ef6 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 17 Apr 2025 19:58:08 +0800 +Subject: [PATCH] backport-CVE-2025-32912 + +--- + libsoup/soup-auth-digest.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c +index e8ba990..c249f02 100644 +--- a/libsoup/soup-auth-digest.c ++++ b/libsoup/soup-auth-digest.c +@@ -66,6 +66,7 @@ soup_auth_digest_finalize (GObject *object) + g_free (priv->nonce); + g_free (priv->domain); + g_free (priv->cnonce); ++ g_free (priv->opaque); + + memset (priv->hex_urp, 0, sizeof (priv->hex_urp)); + memset (priv->hex_a1, 0, sizeof (priv->hex_a1)); +-- +2.33.0 + diff --git a/libsoup.spec b/libsoup.spec index 38819090d749f7cf2f9a2ab7699dcc2c77606cbc..a88dd46ceb43c4d9ee951832fa6796c916ef3c20 100644 --- a/libsoup.spec +++ b/libsoup.spec @@ -1,6 +1,6 @@ Name: libsoup Version: 2.74.3 -Release: 5 +Release: 6 Summary: An HTTP library implementation License: LGPLv2 URL: https://wiki.gnome.org/Projects/libsoup @@ -23,6 +23,7 @@ Patch6008: backport-CVE-2025-32052.patch Patch6009: backport-0001-CVE-2025-32053.patch Patch6010: backport-0002-CVE-2025-32053.patch Patch6011: backport-CVE-2025-2784.patch +Patch6012: backport-CVE-2025-32912.patch %description libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, @@ -74,6 +75,12 @@ sed -i 's/idm[0-9]\{5,32\}/idm12345678912345/g' %{buildroot}%{_datadir}/gtk-doc/ %{_datadir}/gtk-doc/html/libsoup-2.4/* %changelog +* Thu Apr 17 2025 maoyanping - 2.74.3-6 +- Type:cves +- ID:CVE-2025-32912 +- SUG:NA +- DESC:fix CVE-2025-32912 + * Tue Apr 8 2025 zhangpan - 2.74.3-5 - Type:cves - ID:CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-2784