diff --git a/1-bugfix-for-CVE-2025-4948.patch b/1-bugfix-for-CVE-2025-4948.patch new file mode 100644 index 0000000000000000000000000000000000000000..128d9267f672aa4ed8e1a34c14bae11d3bf44379 --- /dev/null +++ b/1-bugfix-for-CVE-2025-4948.patch @@ -0,0 +1,30 @@ +From 592db079bc2dfea75708751ed0b7533ac9fd36df Mon Sep 17 00:00:00 2001 +From: Milan Crha +Date: Thu, 15 May 2025 17:49:11 +0200 +Subject: [PATCH] soup-multipart: Verify boundary limits for multipart body + +It could happen that the boundary started at a place which resulted into +a negative number, which in an unsigned integer is a very large value. +Check the body size is not a negative value before setting it. + +Closes https://gitlab.gnome.org/GNOME/libsoup/-/issues/449 +--- + libsoup/soup-multipart.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c +index dd939739..ce2fc109 100644 +--- a/libsoup/soup-multipart.c ++++ b/libsoup/soup-multipart.c +@@ -214,7 +214,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers, + */ + part_body = soup_buffer_new_subbuffer (flattened, + split - flattened->data, +- end - 2 - split); ++ end - 2 >= split ? end - 2 - split : 0); + g_ptr_array_add (multipart->bodies, part_body); + + start = end; +-- +2.49.0 + diff --git a/libsoup3.spec b/libsoup3.spec index 86f5c18f2b9244ba373ef59c358b4df7498aba64..bdfcf822d68208ffe0ddb45f32c47d4cb76070a1 100644 --- a/libsoup3.spec +++ b/libsoup3.spec @@ -1,4 +1,4 @@ -%define anolis_release 2 +%define anolis_release 3 %global glib2_version 2.69.1 %{!?with_docs: %global with_docs 1} @@ -14,6 +14,7 @@ URL: https://wiki.gnome.org/Projects/libsoup Source0: https://download.gnome.org/sources/libsoup/3.6/libsoup-%{version}.tar.xz # From https://gitlab.com/redhat/centos-stream/rpms/libsoup3/-/tree/c10s?ref_type=heads Patch0: 1000-CVE-2025-4948.patch +Patch1: 1-bugfix-for-CVE-2025-4948.patch BuildRequires: gcc BuildRequires: gettext BuildRequires: glib-networking @@ -65,6 +66,7 @@ BuildArch: noarch %description doc This package contains developer documentation for %{name}. +%patch1 -p1 -b .1-bugfix-for-CVE-2025-4948 %prep %autosetup -p1 -n libsoup-%{version} @@ -110,6 +112,9 @@ install -m 644 -D tests/libsoup.supp %{buildroot}%{_datadir}/libsoup-3.0/libsoup %doc README NEWS AUTHORS %changelog +* Thu Jun 26 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 3.6.5-3 +- Fix CVE-2025-4948 + * Mon Jun 23 2025 lzq11122 - 3.6.5-2 - add patch to fix CVE-2025-4948