aboutsummaryrefslogtreecommitdiffstats
path: root/community/libsoup
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2018-07-17 08:37:07 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2018-07-17 08:44:05 +0000
commit5c0563d9b61e3239c37147f4656ca8586e6512f3 (patch)
treeb9da2e3af1f0ae3cb183ca5d50aebe236c72ba83 /community/libsoup
parent9912f4aed6171339a6ff147585ad624aa838a4e2 (diff)
downloadaports-5c0563d9b61e3239c37147f4656ca8586e6512f3.tar.bz2
aports-5c0563d9b61e3239c37147f4656ca8586e6512f3.tar.xz
main/libsoup: move to community
Diffstat (limited to 'community/libsoup')
-rw-r--r--community/libsoup/APKBUILD41
-rw-r--r--community/libsoup/CVE-2017-2885.patch57
2 files changed, 98 insertions, 0 deletions
diff --git a/community/libsoup/APKBUILD b/community/libsoup/APKBUILD
new file mode 100644
index 0000000000..551803cecf
--- /dev/null
+++ b/community/libsoup/APKBUILD
@@ -0,0 +1,41 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libsoup
+pkgver=2.62.2
+pkgrel=0
+pkgdesc="Gnome HTTP Library"
+url="http://live.gnome.org/LibSoup"
+arch="all"
+options="!check" # Requires a running Apache HTTPd. not kidding...
+license="LGPL-2.0-or-later"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
+depends="glib-networking"
+depends_dev="gnutls-dev sqlite-dev"
+makedepends="$depends_dev libgcrypt-dev libgpg-error-dev zlib-dev
+ gobject-introspection-dev intltool vala libxml2-dev"
+source="https://download.gnome.org/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz"
+
+# secfixes:
+# 2.58.2-r0:
+# - CVE-2017-2885
+
+build() {
+ cd "$builddir"
+ DATADIRNAME=share ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --disable-more-warnings \
+ --disable-static \
+ --disable-tls-check \
+ --enable-introspection=yes \
+ --localedir=/usr/share/locale
+ make
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+sha512sums="fbb3f2bc35cf11c7ecf47aada8d92344a15e351ace4133686512b3e2d619e831d9f80781387252a2652625cc0ba21cf4775bf5c1ca8bec5f5ccf0af15ef23850 libsoup-2.62.2.tar.xz"
diff --git a/community/libsoup/CVE-2017-2885.patch b/community/libsoup/CVE-2017-2885.patch
new file mode 100644
index 0000000000..c22616ad5b
--- /dev/null
+++ b/community/libsoup/CVE-2017-2885.patch
@@ -0,0 +1,57 @@
+From 03c91c76daf70ee227f38304c5e45a155f45073d Mon Sep 17 00:00:00 2001
+From: Dan Winship <danw@gnome.org>
+Date: Thu, 3 Aug 2017 09:56:43 -0400
+Subject: Fix chunked decoding buffer overrun (CVE-2017-2885)
+
+https://bugzilla.gnome.org/show_bug.cgi?id=785774
+---
+ libsoup/soup-filter-input-stream.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/libsoup/soup-filter-input-stream.c b/libsoup/soup-filter-input-stream.c
+index cde4d12..2c30bf9 100644
+--- a/libsoup/soup-filter-input-stream.c
++++ b/libsoup/soup-filter-input-stream.c
+@@ -198,7 +198,7 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream,
+ GCancellable *cancellable,
+ GError **error)
+ {
+- gssize nread;
++ gssize nread, read_length;
+ guint8 *p, *buf, *end;
+ gboolean eof = FALSE;
+ GError *my_error = NULL;
+@@ -251,10 +251,11 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream,
+ } else
+ buf = fstream->priv->buf->data;
+
+- /* Scan for the boundary */
+- end = buf + fstream->priv->buf->len;
+- if (!eof)
+- end -= boundary_length;
++ /* Scan for the boundary within the range we can possibly return. */
++ if (include_boundary)
++ end = buf + MIN (fstream->priv->buf->len, length) - boundary_length;
++ else
++ end = buf + MIN (fstream->priv->buf->len - boundary_length, length);
+ for (p = buf; p <= end; p++) {
+ if (*p == *(guint8*)boundary &&
+ !memcmp (p, boundary, boundary_length)) {
+@@ -268,10 +269,9 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream,
+ if (!*got_boundary && fstream->priv->buf->len < length && !eof)
+ goto fill_buffer;
+
+- /* Return everything up to 'p' (which is either just after the boundary if
+- * include_boundary is TRUE, just before the boundary if include_boundary is
+- * FALSE, @boundary_len - 1 bytes before the end of the buffer, or end-of-
+- * file).
+- */
+- return read_from_buf (fstream, buffer, p - buf);
++ if (eof && !*got_boundary)
++ read_length = MIN (fstream->priv->buf->len, length);
++ else
++ read_length = p - buf;
++ return read_from_buf (fstream, buffer, read_length);
+ }
+--
+cgit v0.12