diff options
author | Ross Burton <ross.burton@intel.com> | 2018-10-08 11:58:32 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-10-09 19:04:02 +0100 |
commit | d89034988ebf77a41b4f46f4b53f1ce753203f01 (patch) | |
tree | aa97c2d12bc5c08111dea4848aa388f41cc8e542 | |
parent | 25a8862b906d20281aed3cc3b877a9f5ce494231 (diff) | |
download | poky-d89034988ebf77a41b4f46f4b53f1ce753203f01.tar.gz |
libsoup: upgrade to 2.62.3
Freeze-breaking upgrade for a security bug fix involving cookie URLs, and a
number of static analysis fixes.
Drop CVE-2018-12910.patch as this is merged in 2.62.3.
(From OE-Core rev: a8098782fab87498026a09c06716b631c77c5ad6)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-support/libsoup/libsoup-2.4/CVE-2018-12910.patch | 32 | ||||
-rw-r--r-- | meta/recipes-support/libsoup/libsoup-2.4_2.62.3.bb (renamed from meta/recipes-support/libsoup/libsoup-2.4_2.62.2.bb) | 7 |
2 files changed, 3 insertions, 36 deletions
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2018-12910.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2018-12910.patch deleted file mode 100644 index 158bf93093..0000000000 --- a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2018-12910.patch +++ /dev/null | |||
@@ -1,32 +0,0 @@ | |||
1 | CVE: CVE-2018-12910 | ||
2 | Upstream-Status: Backport | ||
3 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
4 | |||
5 | From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001 | ||
6 | From: Michael Catanzaro <mcatanzaro@igalia.com> | ||
7 | Date: Sun, 24 Jun 2018 19:46:19 -0500 | ||
8 | Subject: [PATCH] cookie-jar: bail if hostname is an empty string | ||
9 | |||
10 | There are several other ways to fix the problem with this function, but | ||
11 | skipping over all of the code is probably the simplest. | ||
12 | |||
13 | Fixes #3 | ||
14 | --- | ||
15 | libsoup/soup-cookie-jar.c | 2 +- | ||
16 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
17 | |||
18 | diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c | ||
19 | index 2369c8a7..b2b78909 100644 | ||
20 | --- a/libsoup/soup-cookie-jar.c | ||
21 | +++ b/libsoup/soup-cookie-jar.c | ||
22 | @@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_ | ||
23 | |||
24 | priv = soup_cookie_jar_get_instance_private (jar); | ||
25 | |||
26 | - if (!uri->host) | ||
27 | + if (!uri->host || !uri->host[0]) | ||
28 | return NULL; | ||
29 | |||
30 | /* The logic here is a little weird, but the plan is that if | ||
31 | -- | ||
32 | 2.17.1 | ||
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.62.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.62.3.bb index ba3e86a03c..aaa3cc5103 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.62.2.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.62.3.bb | |||
@@ -9,10 +9,9 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 intltool-native" | |||
9 | 9 | ||
10 | SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" | 10 | SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" |
11 | 11 | ||
12 | SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ | 12 | SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz" |
13 | file://CVE-2018-12910.patch" | 13 | SRC_URI[md5sum] = "dfbf30af5fb6190bfafc5aa6abcc9dce" |
14 | SRC_URI[md5sum] = "eaf99b04ac8968ed2b26f2509ba75584" | 14 | SRC_URI[sha256sum] = "d312ade547495c2093ff8bda61f9b9727a98cfdae339f3263277dd39c0451172" |
15 | SRC_URI[sha256sum] = "9e536fe3da60b25d2c63addb84a9d5072d00b0d8b8cbeabc629a6bcd63f879b6" | ||
16 | 15 | ||
17 | S = "${WORKDIR}/libsoup-${PV}" | 16 | S = "${WORKDIR}/libsoup-${PV}" |
18 | 17 | ||