mirror of
https://git.yoctoproject.org/poky
synced 2026-07-02 17:13:39 +02:00
libsoup: fix for CVE-2025-11021
Pick patch from [1] also mentioned at Debian report in [2]
[1] 9e1a427d2f
[2] https://security-tracker.debian.org/tracker/CVE-2025-11021
(From OE-Core rev: f360fdedfb500cecf6d4e860d599c57b11d6e31d)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
[YC: The CVE fixing patch is d010b0bbd in 3.6.6 (current master/wrynose)]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
committed by
Paul Barker
parent
e9dcaec506
commit
8820ef32b5
@@ -0,0 +1,57 @@
|
||||
From 9e1a427d2f047439d0320defe1593e6352595788 Mon Sep 17 00:00:00 2001
|
||||
From: Alynx Zhou <alynx.zhou@gmail.com>
|
||||
Date: Sat, 11 Oct 2025 15:52:47 +0800
|
||||
Subject: [PATCH] cookies: Avoid expires attribute if date is invalid
|
||||
|
||||
According to CVE-2025-11021, we may get invalid on processing date
|
||||
string with timezone offset, this commit will ignore it.
|
||||
|
||||
Closes #459
|
||||
|
||||
CVE: CVE-2025-11021
|
||||
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9e1a427d2f047439d0320defe1593e6352595788]
|
||||
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
|
||||
---
|
||||
libsoup/cookies/soup-cookie.c | 9 +++++----
|
||||
libsoup/soup-date-utils.c | 3 +++
|
||||
2 files changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/libsoup/cookies/soup-cookie.c b/libsoup/cookies/soup-cookie.c
|
||||
index 7c41b1d..5af154d 100644
|
||||
--- a/libsoup/cookies/soup-cookie.c
|
||||
+++ b/libsoup/cookies/soup-cookie.c
|
||||
@@ -726,12 +726,13 @@ serialize_cookie (SoupCookie *cookie, GString *header, gboolean set_cookie)
|
||||
|
||||
if (cookie->expires) {
|
||||
char *timestamp;
|
||||
-
|
||||
- g_string_append (header, "; expires=");
|
||||
timestamp = soup_date_time_to_string (cookie->expires,
|
||||
SOUP_DATE_COOKIE);
|
||||
- g_string_append (header, timestamp);
|
||||
- g_free (timestamp);
|
||||
+ if (timestamp) {
|
||||
+ g_string_append (header, "; expires=");
|
||||
+ g_string_append (header, timestamp);
|
||||
+ g_free (timestamp);
|
||||
+ }
|
||||
}
|
||||
if (cookie->path) {
|
||||
g_string_append (header, "; path=");
|
||||
diff --git a/libsoup/soup-date-utils.c b/libsoup/soup-date-utils.c
|
||||
index 34ca995..ae5504d 100644
|
||||
--- a/libsoup/soup-date-utils.c
|
||||
+++ b/libsoup/soup-date-utils.c
|
||||
@@ -95,6 +95,9 @@ soup_date_time_to_string (GDateTime *date,
|
||||
char *date_format;
|
||||
char *formatted_date;
|
||||
|
||||
+ if (!utcdate)
|
||||
+ return NULL;
|
||||
+
|
||||
// We insert days/months ourselves to avoid locale specific formatting
|
||||
if (format == SOUP_DATE_HTTP) {
|
||||
/* "Sun, 06 Nov 1994 08:49:37 GMT" */
|
||||
--
|
||||
2.50.1
|
||||
|
||||
@@ -51,6 +51,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
|
||||
file://CVE-2025-32049-2.patch \
|
||||
file://CVE-2025-32049-3.patch \
|
||||
file://CVE-2025-32049-4.patch \
|
||||
file://CVE-2025-11021.patch \
|
||||
"
|
||||
SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user