Package: libsoup2.4 / 2.56.0-2+deb9u2

Metadata

Package Version Patches format
libsoup2.4 2.56.0-2+deb9u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
soup misc add a GDestroyNotify to soup_add_completio.patch | (download)

libsoup/soup-message-io.c | 2 1 + 1 - 0 !
libsoup/soup-misc-private.h | 7 4 + 3 - 0 !
libsoup/soup-misc.c | 11 6 + 5 - 0 !
libsoup/soup-session.c | 2 1 + 1 - 0 !
4 files changed, 12 insertions(+), 10 deletions(-)

 soup-misc: add a gdestroynotify to soup_add_completion_reffed()

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=768567
soup session fix idle_run_queue source handling.patch | (download)

libsoup/soup-message-queue.h | 3 2 + 1 - 0 !
libsoup/soup-session.c | 70 32 + 38 - 0 !
2 files changed, 34 insertions(+), 39 deletions(-)

 soup-session: fix idle_run_queue() source handling

priv->run_queue_sources was un-thread-safe in multiple ways. Now:

1. We pass idle_run_queue() a GWeakRef to the SoupSession, rather than
   the SoupSession itself. So now it's not possible for the session to
   get disposed in another thread while idle_run_queue() is running,
   and it's safe to let the callback get run even after the session is
   freed.

2. The idle_run_queue() source is given a GDestroyNotify, so it can
   clean up the weakref even if the source is destroyed behind
   the session's back.

3. Since we no longer have to forcibly destroy the sources when the
   session is destroyed, and we don't have to manually clean up after
   them if they don't get run, we no longer have to explicitly
   remember the sources after creating them, and so we don't even need
   priv->run_queue_sources. However, we do still want to make sure
   that there's only ever one pending idle_run_queue() source per
   context (so we don't keep adding more and more if the context isn't
   currently being run), so we add a new "async_pending" field to
   SoupMessageQueueItem to keep track of that.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=768567
Fix chunked decoding buffer overrun CVE 2017 2885.patch | (download)

libsoup/soup-filter-input-stream.c | 22 11 + 11 - 0 !
1 file changed, 11 insertions(+), 11 deletions(-)

 [patch] fix chunked decoding buffer overrun (cve-2017-2885)

https://bugzilla.gnome.org/show_bug.cgi?id=785774

0001 cookie jar bail if hostname is an empty string.patch | (download)

libsoup/soup-cookie-jar.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 cookie-jar: bail if hostname is an empty string (cve-2018-12910)

There are several other ways to fix the problem with this function, but
skipping over all of the code is probably the simplest.

Fixes #3

(cherry picked from commit db2b0d5809d5f8226d47312b40992cadbcde439f)

0002 Add soup_cookie_jar_get_cookies with empty hostname .patch | (download)

tests/cookies-test.c | 19 19 + 0 - 0 !
1 file changed, 19 insertions(+)

 add soup_cookie_jar_get_cookies with empty hostname test

This test checks the behavior that occurs wehn
soup_cookie_jar_get_cookies is called with a SoupURI that contains an
empty host component.

This verifies the fix for #3.

(cherry picked from commit cf82db7472d3339ccca210342cb453a7ce22a900)