From f1acd9476c060b33c8f08a571a5ee38bcf983bbc Mon Sep 17 00:00:00 2001 From: Rasmus Thomsen Date: Wed, 15 May 2019 18:04:05 +0200 Subject: community/libsoup: upgrade to 2.66.2 --- community/libsoup/APKBUILD | 41 ++++++++++++------------- community/libsoup/CVE-2017-2885.patch | 57 ----------------------------------- 2 files changed, 20 insertions(+), 78 deletions(-) delete mode 100644 community/libsoup/CVE-2017-2885.patch diff --git a/community/libsoup/APKBUILD b/community/libsoup/APKBUILD index af1dc689b0..6893b3d079 100644 --- a/community/libsoup/APKBUILD +++ b/community/libsoup/APKBUILD @@ -1,17 +1,17 @@ -# Maintainer: Natanael Copa +# Contributor: Natanael Copa +# Maintainer: Rasmus Thomsen pkgname=libsoup -pkgver=2.64.1 +pkgver=2.66.2 pkgrel=0 -pkgdesc="Gnome HTTP Library" -url="http://live.gnome.org/LibSoup" +pkgdesc="Gnome HTTP client/server Library" +url="https://wiki.gnome.org/Projects/libsoup" arch="all" -options="!check" # Requires a running Apache HTTPd. not kidding... +options="!check" # Wants to bind to ports, which doesn't work in our environment license="LGPL-2.0-or-later" subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" depends="glib-networking" -depends_dev="gnutls-dev sqlite-dev" -makedepends="$depends_dev libgcrypt-dev libgpg-error-dev zlib-dev - gobject-introspection-dev intltool vala libxml2-dev libpsl-dev" +makedepends="libgcrypt-dev libgpg-error-dev zlib-dev meson gtk-doc + gobject-introspection-dev vala libxml2-dev libpsl-dev sqlite-dev" source="https://download.gnome.org/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz" # secfixes: @@ -19,23 +19,22 @@ source="https://download.gnome.org/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgve # - CVE-2017-2885 build() { - cd "$builddir" - DATADIRNAME=share ./configure \ - --build=$CBUILD \ - --host=$CHOST \ + meson \ --prefix=/usr \ --sysconfdir=/etc \ --localstatedir=/var \ - --disable-more-warnings \ - --disable-static \ - --disable-tls-check \ - --enable-introspection=yes \ - --localedir=/usr/share/locale - make + -Dtls_check=false \ + -Dgssapi=false \ + -Ddoc=true \ + . output + ninja -C output +} + +check() { + ninja -C output test } package() { - cd "$builddir" - make DESTDIR="$pkgdir" install + DESTDIR="$pkgdir" ninja -C output install } -sha512sums="13d16457a443294020621df34205c570d25a6ff048ab68633cc504d70a8a1281a38dddb54110fd35a059bd69aebc3fd49b5ab0fc42abf4f4a19746a25050119d libsoup-2.64.1.tar.xz" +sha512sums="1df443470239f23d22301e37e36f3d34963352ee0122f317cd15b19d90115831091bddcee27bc6f0d4994adcf4e5bd9c0395de2bd7f39ae305ba0edea7789092 libsoup-2.66.2.tar.xz" diff --git a/community/libsoup/CVE-2017-2885.patch b/community/libsoup/CVE-2017-2885.patch deleted file mode 100644 index c22616ad5b..0000000000 --- a/community/libsoup/CVE-2017-2885.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 03c91c76daf70ee227f38304c5e45a155f45073d Mon Sep 17 00:00:00 2001 -From: Dan Winship -Date: Thu, 3 Aug 2017 09:56:43 -0400 -Subject: Fix chunked decoding buffer overrun (CVE-2017-2885) - -https://bugzilla.gnome.org/show_bug.cgi?id=785774 ---- - libsoup/soup-filter-input-stream.c | 22 +++++++++++----------- - 1 file changed, 11 insertions(+), 11 deletions(-) - -diff --git a/libsoup/soup-filter-input-stream.c b/libsoup/soup-filter-input-stream.c -index cde4d12..2c30bf9 100644 ---- a/libsoup/soup-filter-input-stream.c -+++ b/libsoup/soup-filter-input-stream.c -@@ -198,7 +198,7 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream, - GCancellable *cancellable, - GError **error) - { -- gssize nread; -+ gssize nread, read_length; - guint8 *p, *buf, *end; - gboolean eof = FALSE; - GError *my_error = NULL; -@@ -251,10 +251,11 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream, - } else - buf = fstream->priv->buf->data; - -- /* Scan for the boundary */ -- end = buf + fstream->priv->buf->len; -- if (!eof) -- end -= boundary_length; -+ /* Scan for the boundary within the range we can possibly return. */ -+ if (include_boundary) -+ end = buf + MIN (fstream->priv->buf->len, length) - boundary_length; -+ else -+ end = buf + MIN (fstream->priv->buf->len - boundary_length, length); - for (p = buf; p <= end; p++) { - if (*p == *(guint8*)boundary && - !memcmp (p, boundary, boundary_length)) { -@@ -268,10 +269,9 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream, - if (!*got_boundary && fstream->priv->buf->len < length && !eof) - goto fill_buffer; - -- /* Return everything up to 'p' (which is either just after the boundary if -- * include_boundary is TRUE, just before the boundary if include_boundary is -- * FALSE, @boundary_len - 1 bytes before the end of the buffer, or end-of- -- * file). -- */ -- return read_from_buf (fstream, buffer, p - buf); -+ if (eof && !*got_boundary) -+ read_length = MIN (fstream->priv->buf->len, length); -+ else -+ read_length = p - buf; -+ return read_from_buf (fstream, buffer, read_length); - } --- -cgit v0.12 -- cgit v1.2.3