Commit 8d485749 authored by Sven Neumann's avatar Sven Neumann Committed by Peter Korsgaard
Browse files

libsoup: update to version 2.36.1 



Update to latest stable release. SSL support now depends on
glib-networking with gnutls support instead of using gnutls
directly.

Remove libsoup-CVE-2011-2054.patch, this is fixed upstream.

Signed-off-by: default avatarSven Neumann <s.neumann@raumfeld.com>
Signed-off-by: default avatarPeter Korsgaard <jacmet@sunsite.dk>
parent 01ffa2e8

package/libsoup/Config.in

+1 −0
Original line number Diff line number Diff line
@@ -14,6 +14,7 @@ config BR2_PACKAGE_LIBSOUP 


config BR2_PACKAGE_LIBSOUP_SSL

	bool "https support"

	select BR2_PACKAGE_GLIB_NETWORKING

	select BR2_PACKAGE_GNUTLS

	depends on BR2_PACKAGE_LIBSOUP

	help

package/libsoup/libsoup-CVE-2011-2054.patch

deleted100644 → 0
+0 −32
Original line number Diff line number Diff line 
From 4617b6ef6dd21931a0153070c5b5ff7ef21b46f8 Mon Sep 17 00:00:00 2001

From: Dan Winship <danw@gnome.org>

Date: Wed, 29 Jun 2011 10:04:06 -0400

Subject: [PATCH] SoupServer: fix to not allow smuggling ".." into path



When SoupServer:raw-paths was set (the default), it was possible to

sneak ".." segments into the path passed to the SoupServerHandler,

which could then end up tricking some handlers into retrieving

arbitrary files from the filesystem. Fix that.



https://bugzilla.gnome.org/show_bug.cgi?id=653258



diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c

index d56efd1..7225337 100644

--- a/libsoup/soup-server.c

+++ b/libsoup/soup-server.c

@@ -779,6 +779,15 @@ got_headers (SoupMessage *req, SoupClientContext *client)

 

 		uri = soup_message_get_uri (req);

 		decoded_path = soup_uri_decode (uri->path);

+

+		if (strstr (decoded_path, "/../") ||

+		    g_str_has_suffix (decoded_path, "/..")) {

+			/* Introducing new ".." segments is not allowed */

+			g_free (decoded_path);

+			soup_message_set_status (req, SOUP_STATUS_BAD_REQUEST);

+			return;

+		}

+

 		soup_uri_set_path (uri, decoded_path);

 		g_free (decoded_path);

 	}

package/libsoup/libsoup.mk

+8 −11
Original line number Diff line number Diff line
@@ -4,10 +4,11 @@ 
#

#############################################################



LIBSOUP_MAJOR_VERSION:=2.32

LIBSOUP_VERSION:=$(LIBSOUP_MAJOR_VERSION).2

LIBSOUP_SOURCE:=libsoup-$(LIBSOUP_VERSION).tar.bz2

LIBSOUP_SITE:=http://ftp.gnome.org/pub/gnome/sources/libsoup/$(LIBSOUP_MAJOR_VERSION)

LIBSOUP_MAJOR_VERSION = 2.36

LIBSOUP_MINOR_VERSION = 1

LIBSOUP_VERSION = $(LIBSOUP_MAJOR_VERSION).$(LIBSOUP_MINOR_VERSION)

LIBSOUP_SOURCE = libsoup-$(LIBSOUP_VERSION).tar.bz2

LIBSOUP_SITE = http://ftp.gnome.org/pub/gnome/sources/libsoup/$(LIBSOUP_MAJOR_VERSION)

LIBSOUP_INSTALL_STAGING = YES



LIBSOUP_CONF_ENV = ac_cv_path_GLIB_GENMARSHAL=$(LIBGLIB2_HOST_BINARY)
@@ -16,18 +17,14 @@ ifneq ($(BR2_INET_IPV6),y) 
LIBSOUP_CONF_ENV += soup_cv_ipv6=no

endif



LIBSOUP_CONF_OPT = \

	--disable-explicit-deps \

	--disable-glibtest	\

	--without-gnome

LIBSOUP_CONF_OPT = --disable-glibtest --without-gnome



LIBSOUP_DEPENDENCIES = $(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext libintl) host-pkg-config host-libglib2 libglib2 libxml2



ifeq ($(BR2_PACKAGE_LIBSOUP_SSL),y)

LIBSOUP_DEPENDENCIES += gnutls

LIBSOUP_CONF_OPT += --enable-ssl --with-libgcrypt-prefix=$(STAGING_DIR)/usr

LIBSOUP_DEPENDENCIES += glib-networking

else

LIBSOUP_CONF_OPT += --disable-ssl

LIBSOUP_CONF_OPT += --disable-tls-check

endif



$(eval $(call AUTOTARGETS))