mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-03 13:49:49 +00:00
Code Issues Projects Releases Wiki Activity

libsoup: upgrade to 2.62.3

Browse Source 
Freeze-breaking upgrade for a security bug fix involving cookie URLs, and a
number of static analysis fixes.

Drop CVE-2018-12910.patch as this is merged in 2.62.3.

(From OE-Core rev: a8098782fab87498026a09c06716b631c77c5ad6)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Ross Burton
2018-10-08 11:58:32 +01:00
committed by Richard Purdie
parent 25a8862b90
commit d89034988e
2 changed files with 3 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-support/libsoup/libsoup-2.4/CVE-2018-12910.patch
-32
View File
@@ -1,32 +0,0 @@
CVE: CVE-2018-12910
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@intel.com>
From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Sun, 24 Jun 2018 19:46:19 -0500
Subject: [PATCH] cookie-jar: bail if hostname is an empty string
There are several other ways to fix the problem with this function, but
skipping over all of the code is probably the simplest.
Fixes #3
---
libsoup/soup-cookie-jar.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
index 2369c8a7..b2b78909 100644
--- a/libsoup/soup-cookie-jar.c
+++ b/libsoup/soup-cookie-jar.c
@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
priv = soup_cookie_jar_get_instance_private (jar);
- if (!uri->host)
+ if (!uri->host || !uri->host[0])
return NULL;
/* The logic here is a little weird, but the plan is that if
--
2.17.1
meta/recipes-support/libsoup/libsoup-2.4_2.62.2.bb → meta/recipes-support/libsoup/libsoup-2.4_2.62.3.bb
+3 -4
View File
@@ -9,10 +9,9 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 intltool-native"
SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2018-12910.patch"
SRC_URI[md5sum] = "eaf99b04ac8968ed2b26f2509ba75584"
SRC_URI[sha256sum] = "9e536fe3da60b25d2c63addb84a9d5072d00b0d8b8cbeabc629a6bcd63f879b6"
SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz"
SRC_URI[md5sum] = "dfbf30af5fb6190bfafc5aa6abcc9dce"
SRC_URI[sha256sum] = "d312ade547495c2093ff8bda61f9b9727a98cfdae339f3263277dd39c0451172"
S = "${WORKDIR}/libsoup-${PV}"