summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch
diff options
context:
space:
mode:
authorVijay Anusuri <vanusuri@mvista.com>2024-11-29 12:16:52 +0530
committerSteve Sakoman <steve@sakoman.com>2024-12-09 07:54:03 -0800
commit880002d47c8339cfc2a1462b377aacb1450bc328 (patch)
tree4f3972338152cdb20701b775c417b761ff54eac0 /meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch
parentaf06cbf82b44e4944ecfff212686b97d67021171 (diff)
downloadpoky-880002d47c8339cfc2a1462b377aacb1450bc328.tar.gz
libsoup-2.4: Backport fix for CVE-2024-52531
import patch from ubuntu to fix CVE-2024-52531 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches?h=ubuntu/jammy-security Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/a35222dd0bfab2ac97c10e86b95f762456628283 & https://gitlab.gnome.org/GNOME/libsoup/-/commit/825fda3425546847b42ad5270544e9388ff349fe] Reference: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/ https://ubuntu.com/security/CVE-2024-52531 (From OE-Core rev: 763af055ccb1cbcc4f8fa0944815ec02e3bff87c) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch')
-rw-r--r--meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch36
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch
new file mode 100644
index 0000000000..19b1872866
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch
@@ -0,0 +1,36 @@
1From 825fda3425546847b42ad5270544e9388ff349fe Mon Sep 17 00:00:00 2001
2From: Patrick Griffis <pgriffis@igalia.com>
3Date: Tue, 27 Aug 2024 13:52:08 -0500
4Subject: [PATCH 2/2] tests: Add test for passing invalid UTF-8 to
5 soup_header_parse_semi_param_list()
6
7Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches/CVE-2024-52531-2.patch?h=ubuntu/jammy-security
8Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/825fda3425546847b42ad5270544e9388ff349fe]
9CVE: CVE-2024-52531
10Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
11---
12 tests/header-parsing-test.c | 11 +++++++++++
13 1 file changed, 11 insertions(+)
14
15Index: libsoup2.4-2.74.2/tests/header-parsing-test.c
16===================================================================
17--- libsoup2.4-2.74.2.orig/tests/header-parsing-test.c
18+++ libsoup2.4-2.74.2/tests/header-parsing-test.c
19@@ -825,6 +825,17 @@ static struct ParamListTest {
20 { "filename", "t\xC3\xA9st.txt" },
21 },
22 },
23+
24+ /* This tests invalid UTF-8 data which *should* never be passed here but it was designed to be robust against it. */
25+ { TRUE,
26+ "invalid*=\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; filename*=iso-8859-1''\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; foo",
27+ {
28+ { "filename", "i''\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" },
29+ { "invalid", "\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" },
30+ { "foo", NULL },
31+
32+ },
33+ }
34 };
35 static const int num_paramlisttests = G_N_ELEMENTS (paramlisttests);
36