diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | 0001-websocket-process-the-frame-as-soon-as-we-read-data.patch | 56 | ||||
| -rw-r--r-- | backport-CVE-2024-52530.patch | 145 | ||||
| -rw-r--r-- | libsoup3.spec | 112 | ||||
| -rw-r--r-- | sources | 1 |
5 files changed, 315 insertions, 0 deletions
@@ -0,0 +1 @@ +/libsoup-3.4.4.tar.xz diff --git a/0001-websocket-process-the-frame-as-soon-as-we-read-data.patch b/0001-websocket-process-the-frame-as-soon-as-we-read-data.patch new file mode 100644 index 0000000..2ecc8be --- /dev/null +++ b/0001-websocket-process-the-frame-as-soon-as-we-read-data.patch @@ -0,0 +1,56 @@ +From 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be Mon Sep 17 00:00:00 2001 +From: Ignacio Casal Quinteiro <qignacio@amazon.com> +Date: Wed, 11 Sep 2024 11:52:11 +0200 +Subject: [PATCH] websocket: process the frame as soon as we read data + +Otherwise we can enter in a read loop because we were not +validating the data until the all the data was read. + +Fixes #391 +--- + libsoup/websocket/soup-websocket-connection.c | 4 ++-- + tests/websocket-test.c | 4 +++- + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/libsoup/websocket/soup-websocket-connection.c b/libsoup/websocket/soup-websocket-connection.c +index 2f7d920..df8f67d 100644 +--- a/libsoup/websocket/soup-websocket-connection.c ++++ b/libsoup/websocket/soup-websocket-connection.c +@@ -1165,9 +1165,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self) + } + + priv->incoming->len = len + count; +- } while (count > 0); + +- process_incoming (self); ++ process_incoming (self); ++ } while (count > 0 && !priv->close_sent && !priv->io_closing); + + if (end) { + if (!priv->close_sent || !priv->close_received) { +diff --git a/tests/websocket-test.c b/tests/websocket-test.c +index b954b01..5cb3ca2 100644 +--- a/tests/websocket-test.c ++++ b/tests/websocket-test.c +@@ -1489,8 +1489,9 @@ test_receive_invalid_encode_length_64 (Test *test, + GError *error = NULL; + InvalidEncodeLengthTest context = { test, NULL }; + guint i; ++ guint error_id; + +- g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); ++ error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); + g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received); + + /* We use 127(\x7f) as payload length with 65535 extended length */ +@@ -1503,6 +1504,7 @@ test_receive_invalid_encode_length_64 (Test *test, + WAIT_UNTIL (error != NULL || received != NULL); + g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR); + g_clear_error (&error); ++ g_signal_handler_disconnect (test->client, error_id); + g_assert_null (received); + + g_thread_join (thread); +-- +2.43.0 + diff --git a/backport-CVE-2024-52530.patch b/backport-CVE-2024-52530.patch new file mode 100644 index 0000000..2d174f2 --- /dev/null +++ b/backport-CVE-2024-52530.patch @@ -0,0 +1,145 @@ +From 04df03bc092ac20607f3e150936624d4f536e68b Mon Sep 17 00:00:00 2001 +From: Patrick Griffis <pgriffis@igalia.com> +Date: Mon, 8 Jul 2024 12:33:15 -0500 +Subject: [PATCH] headers: Strictly don't allow NUL bytes + +In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem. +--- + libsoup/soup-headers.c | 15 +++------ + tests/header-parsing-test.c | 62 +++++++++++++++++-------------------- + 2 files changed, 32 insertions(+), 45 deletions(-) + +diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c +index a0cf351ac..f30ee467a 100644 +--- a/libsoup/soup-headers.c ++++ b/libsoup/soup-headers.c +@@ -51,13 +51,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest) + * ignorable trailing whitespace. + */ + ++ /* No '\0's are allowed */ ++ if (memchr (str, '\0', len)) ++ return FALSE; ++ + /* Skip over the Request-Line / Status-Line */ + headers_start = memchr (str, '\n', len); + if (!headers_start) + return FALSE; +- /* No '\0's in the Request-Line / Status-Line */ +- if (memchr (str, '\0', headers_start - str)) +- return FALSE; + + /* We work on a copy of the headers, which we can write '\0's + * into, so that we don't have to individually g_strndup and +@@ -69,14 +70,6 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest) + headers_copy[copy_len] = '\0'; + value_end = headers_copy; + +- /* There shouldn't be any '\0's in the headers already, but +- * this is the web we're talking about. +- */ +- while ((p = memchr (headers_copy, '\0', copy_len))) { +- memmove (p, p + 1, copy_len - (p - headers_copy)); +- copy_len--; +- } +- + while (*(value_end + 1)) { + name = value_end + 1; + name_end = strchr (name, ':'); +diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c +index edf8eebb3..715c2c6f2 100644 +--- a/tests/header-parsing-test.c ++++ b/tests/header-parsing-test.c +@@ -358,24 +358,6 @@ static struct RequestTest { + } + }, + +- { "NUL in header name", "760832", +- "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36, +- SOUP_STATUS_OK, +- "GET", "/", SOUP_HTTP_1_1, +- { { "Host", "example.com" }, +- { NULL } +- } +- }, +- +- { "NUL in header value", "760832", +- "GET / HTTP/1.1\r\nHost: example\x00" "com\r\n", 35, +- SOUP_STATUS_OK, +- "GET", "/", SOUP_HTTP_1_1, +- { { "Host", "examplecom" }, +- { NULL } +- } +- }, +- + /************************/ + /*** INVALID REQUESTS ***/ + /************************/ +@@ -448,6 +430,21 @@ static struct RequestTest { + SOUP_STATUS_EXPECTATION_FAILED, + NULL, NULL, -1, + { { NULL } } ++ }, ++ ++ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377 ++ { "NUL in header name", NULL, ++ "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36, ++ SOUP_STATUS_BAD_REQUEST, ++ NULL, NULL, -1, ++ { { NULL } } ++ }, ++ ++ { "NUL in header value", NULL, ++ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28, ++ SOUP_STATUS_BAD_REQUEST, ++ NULL, NULL, -1, ++ { { NULL } } + } + }; + static const int num_reqtests = G_N_ELEMENTS (reqtests); +@@ -620,22 +617,6 @@ static struct ResponseTest { + { NULL } } + }, + +- { "NUL in header name", "760832", +- "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28, +- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK", +- { { "Foo", "bar" }, +- { NULL } +- } +- }, +- +- { "NUL in header value", "760832", +- "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28, +- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK", +- { { "Foo", "bar" }, +- { NULL } +- } +- }, +- + /********************************/ + /*** VALID CONTINUE RESPONSES ***/ + /********************************/ +@@ -768,6 +749,19 @@ static struct ResponseTest { + { { NULL } + } + }, ++ ++ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377 ++ { "NUL in header name", NULL, ++ "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28, ++ -1, 0, NULL, ++ { { NULL } } ++ }, ++ ++ { "NUL in header value", "760832", ++ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28, ++ -1, 0, NULL, ++ { { NULL } } ++ }, + }; + static const int num_resptests = G_N_ELEMENTS (resptests); + +-- +GitLab + diff --git a/libsoup3.spec b/libsoup3.spec new file mode 100644 index 0000000..1dd4d8f --- /dev/null +++ b/libsoup3.spec @@ -0,0 +1,112 @@ +%global glib2_version 2.69.1 + +%bcond_without sysprof + +Name: libsoup3 +Version: 3.4.4 +Release: 5 +Summary: Soup, an HTTP library implementation +License: LGPL-2.0-or-later +URL: https://wiki.gnome.org/Projects/libsoup +Source0: https://download.gnome.org/sources/libsoup/3.4/libsoup-%{version}.tar.xz + +Patch0001: 0001-websocket-process-the-frame-as-soon-as-we-read-data.patch +Patch0002: backport-CVE-2024-52530.patch + +BuildRequires: gcc gettext vala krb5-devel samba-winbind-clients +BuildRequires: meson >= 0.54 +BuildRequires: pkgconfig(gio-2.0) >= %{glib2_version} +BuildRequires: pkgconfig(gio-unix-2.0) >= %{glib2_version} +BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version} +BuildRequires: pkgconfig(gmodule-2.0) >= %{glib2_version} +BuildRequires: pkgconfig(gobject-2.0) >= %{glib2_version} +BuildRequires: pkgconfig(libbrotlidec) +BuildRequires: pkgconfig(libnghttp2) +BuildRequires: pkgconfig(libpsl) >= 0.20 +BuildRequires: pkgconfig(sqlite3) +BuildRequires: pkgconfig(zlib) +BuildRequires: gi-docgen >= 2021.1 +BuildRequires: glib-networking +%if %{with sysprof} +BuildRequires: pkgconfig(sysprof-capture-4) +%endif + +Recommends: glib-networking >= %{glib2_version} + +%description +Libsoup is an HTTP library implementation in C. It was originally part +of a SOAP (Simple Object Access Protocol) implementation called Soup, but +the SOAP and non-SOAP parts have now been split into separate packages. + +libsoup uses the Glib main loop and is designed to work well with GTK +applications. This enables GNOME applications to access HTTP servers +on the network in a completely asynchronous fashion, very similar to +the Gtk+ programming model (a synchronous operation mode is also +supported for those who want it), but the SOAP parts were removed +long ago. + +%package devel +Summary: Header files for the Soup library +Requires: %{name} = %{version}-%{release} + +%description devel +Libsoup is an HTTP library implementation in C. This package allows +you to develop applications that use the libsoup library. + +%package_help + +%prep +%autosetup -p1 -n libsoup-%{version} + +%build +%meson -Ddocs=enabled -Dtests=false -Dautobahn=disabled -Dpkcs11_tests=disabled -Dsysprof=%{?with_sysprof:enabled}%{?!with_sysprof:disabled} +%meson_build + +%install +%meson_install +install -m 644 -D tests/libsoup.supp %{buildroot}%{_datadir}/libsoup-3.0/libsoup.supp + +%find_lang libsoup-3.0 + +%files -f libsoup-3.0.lang +%license COPYING +%{_libdir}/libsoup-3.0.so.0* +%{_libdir}/girepository-1.0/Soup*3.0.typelib + +%files devel +%{_includedir}/libsoup-3.0 +%{_libdir}/libsoup-3.0.so +%{_libdir}/pkgconfig/*.pc +%{_datadir}/gir-1.0/Soup*3.0.gir +%{_datadir}/vala/vapi/libsoup-3.0.deps +%{_datadir}/vala/vapi/libsoup-3.0.vapi +%{_datadir}/libsoup-3.0/libsoup.supp + +%files help +%doc README NEWS AUTHORS +%{_datadir}/doc + +%changelog +* Fri Nov 22 2024 Funda Wang <fundawang@yeah.net> - 3.4.4-5 +- enable sysprof feature by default + +* Fri Nov 22 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 3.4.4-4 +- Type:CVE +- ID:CVE-2024-52530 +- SUG:NA +- DESC: fix CVE-2024-52530 + +* Wed Nov 13 2024 Deyuan Fan <fandeyuan@kylinos.cn> - 3.4.4-3 +- fix CVE-2024-52532 + +* Fri Oct 25 2024 Funda Wang <fundawang@yeah.net> - 3.4.4-2 +- make sysprof build conditioned + +* Fri Nov 17 2023 lwg <liweiganga@uniontech.com> - 3.4.4-1 +- update to version 3.4.4 + +* Mon Jan 2 2023 lin zhang <lin.zhang@turbolinux.com.cn> - 3.2.2-1 +- Update 3.2.2 + +* Mon Apr 11 2022 lin zhang <lin.zhang@turbolinux.com.cn> - 3.0.6-1 +- Initial packaging @@ -0,0 +1 @@ +a63ea04a9686e9e4470b127ffe1eb96b libsoup-3.4.4.tar.xz |