From aa796f0e1651eab039ac3a68c4037bf9643f6f06 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 30 2018 05:19:44 +0000 Subject: import libsoup-2.62.2-2.el7 --- diff --git a/.gitignore b/.gitignore index 48a8fc3..c00574f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libsoup-2.56.0.tar.xz +SOURCES/libsoup-2.62.2.tar.xz diff --git a/.libsoup.metadata b/.libsoup.metadata index 625b2a6..ffb840d 100644 --- a/.libsoup.metadata +++ b/.libsoup.metadata @@ -1 +1 @@ -faf72c678d013b8ad9d1d9eecc7e7da8a93c4dd1 SOURCES/libsoup-2.56.0.tar.xz +d4efdf3f5a3767b11aa60883b9a3a01b2dc6d97d SOURCES/libsoup-2.62.2.tar.xz diff --git a/SOURCES/0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch b/SOURCES/0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch new file mode 100644 index 0000000..843b2e6 --- /dev/null +++ b/SOURCES/0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch @@ -0,0 +1,29 @@ +From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Sun, 24 Jun 2018 19:46:19 -0500 +Subject: [PATCH] cookie-jar: bail if hostname is an empty string + +There are several other ways to fix the problem with this function, but +skipping over all of the code is probably the simplest. + +Fixes #3 +--- + libsoup/soup-cookie-jar.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c +index 2369c8a..b2b7890 100644 +--- a/libsoup/soup-cookie-jar.c ++++ b/libsoup/soup-cookie-jar.c +@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_ + + priv = soup_cookie_jar_get_instance_private (jar); + +- if (!uri->host) ++ if (!uri->host || !uri->host[0]) + return NULL; + + /* The logic here is a little weird, but the plan is that if +-- +2.17.1 + diff --git a/SOURCES/auth-try-all-available.patch b/SOURCES/auth-try-all-available.patch deleted file mode 100644 index ff35469..0000000 --- a/SOURCES/auth-try-all-available.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 6a1ab1eebb64f482a949f04fc1442c13ccb55e11 Mon Sep 17 00:00:00 2001 -From: Tomas Popela -Date: Wed, 27 Sep 2017 19:01:26 +0200 -Subject: [PATCH] Bug 788238 - Fallback to another authentication type if the - current failed - -Fallback to another authentication type if the current failed. More -specifically if the Negotiate failed (kerberos is not properly -configured), then libsoup should fallback to Basic auth (if server -supports it). Currently in such case it is not possible to load the -page at all (in WebKitGTK+). ---- - libsoup/soup-auth-manager.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/libsoup/soup-auth-manager.c b/libsoup/soup-auth-manager.c -index b32ba900..62fe9c40 100644 ---- a/libsoup/soup-auth-manager.c -+++ b/libsoup/soup-auth-manager.c -@@ -354,7 +354,7 @@ create_auth (SoupAuthManagerPrivate *priv, SoupMessage *msg) - const char *header; - SoupAuthClass *auth_class; - char *challenge = NULL; -- SoupAuth *auth; -+ SoupAuth *auth = NULL; - int i; - - header = auth_header_for_message (msg); -@@ -364,14 +364,14 @@ create_auth (SoupAuthManagerPrivate *priv, SoupMessage *msg) - for (i = priv->auth_types->len - 1; i >= 0; i--) { - auth_class = priv->auth_types->pdata[i]; - challenge = soup_auth_manager_extract_challenge (header, auth_class->scheme_name); -- if (challenge) -+ if (!challenge) -+ continue; -+ auth = soup_auth_new (G_TYPE_FROM_CLASS (auth_class), msg, challenge); -+ g_free (challenge); -+ if (auth) - break; - } -- if (!challenge) -- return NULL; - -- auth = soup_auth_new (G_TYPE_FROM_CLASS (auth_class), msg, challenge); -- g_free (challenge); - return auth; - } - --- -2.14.2 - diff --git a/SOURCES/chunked-decoding-buffer-overrun-CVE-2017-2885.patch b/SOURCES/chunked-decoding-buffer-overrun-CVE-2017-2885.patch deleted file mode 100644 index 87970de..0000000 --- a/SOURCES/chunked-decoding-buffer-overrun-CVE-2017-2885.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 34d361188adc4b4a81457bcffb14588d84078e79 Mon Sep 17 00:00:00 2001 -From: Dan Winship -Date: Thu, 3 Aug 2017 09:56:43 -0400 -Subject: [PATCH] Fix chunked decoding buffer overrun (CVE-2017-2885) - -https://bugzilla.gnome.org/show_bug.cgi?id=785774 ---- - libsoup/soup-filter-input-stream.c | 22 +++++++++++----------- - 1 file changed, 11 insertions(+), 11 deletions(-) - -diff --git a/libsoup/soup-filter-input-stream.c b/libsoup/soup-filter-input-stream.c -index cde4d12..2c30bf9 100644 ---- a/libsoup/soup-filter-input-stream.c -+++ b/libsoup/soup-filter-input-stream.c -@@ -198,7 +198,7 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream, - GCancellable *cancellable, - GError **error) - { -- gssize nread; -+ gssize nread, read_length; - guint8 *p, *buf, *end; - gboolean eof = FALSE; - GError *my_error = NULL; -@@ -251,10 +251,11 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream, - } else - buf = fstream->priv->buf->data; - -- /* Scan for the boundary */ -- end = buf + fstream->priv->buf->len; -- if (!eof) -- end -= boundary_length; -+ /* Scan for the boundary within the range we can possibly return. */ -+ if (include_boundary) -+ end = buf + MIN (fstream->priv->buf->len, length) - boundary_length; -+ else -+ end = buf + MIN (fstream->priv->buf->len - boundary_length, length); - for (p = buf; p <= end; p++) { - if (*p == *(guint8*)boundary && - !memcmp (p, boundary, boundary_length)) { -@@ -268,10 +269,9 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream, - if (!*got_boundary && fstream->priv->buf->len < length && !eof) - goto fill_buffer; - -- /* Return everything up to 'p' (which is either just after the boundary if -- * include_boundary is TRUE, just before the boundary if include_boundary is -- * FALSE, @boundary_len - 1 bytes before the end of the buffer, or end-of- -- * file). -- */ -- return read_from_buf (fstream, buffer, p - buf); -+ if (eof && !*got_boundary) -+ read_length = MIN (fstream->priv->buf->len, length); -+ else -+ read_length = p - buf; -+ return read_from_buf (fstream, buffer, read_length); - } --- -2.9.4 \ No newline at end of file diff --git a/SOURCES/coverity-scan-issues.patch b/SOURCES/coverity-scan-issues.patch index ffa1d30..16fe807 100644 --- a/SOURCES/coverity-scan-issues.patch +++ b/SOURCES/coverity-scan-issues.patch @@ -1,5 +1,23 @@ +diff --git a/libsoup/soup-address.c b/libsoup/soup-address.c +index 0351db50..9c0b0a45 100644 +--- a/libsoup/soup-address.c ++++ b/libsoup/soup-address.c +@@ -1183,10 +1183,10 @@ got_addresses (SoupAddress *addr, guint status, gpointer user_data) + if (error) + g_task_return_error (task, g_error_copy (error)); + else { +- GSocketAddress *addr; ++ GSocketAddress *socket_addr; + +- addr = next_address (g_task_get_source_object (task)); +- g_task_return_pointer (task, addr, g_object_unref); ++ socket_addr = next_address (g_task_get_source_object (task)); ++ g_task_return_pointer (task, socket_addr, g_object_unref); + } + g_object_unref (task); + } diff --git a/libsoup/soup-auth-basic.c b/libsoup/soup-auth-basic.c -index 5f1e718..d8b3226 100644 +index 5f1e7186..d8b32264 100644 --- a/libsoup/soup-auth-basic.c +++ b/libsoup/soup-auth-basic.c @@ -74,7 +74,7 @@ soup_auth_basic_get_protection_space (SoupAuth *auth, SoupURI *source_uri) @@ -11,21 +29,490 @@ index 5f1e718..d8b3226 100644 p[1] = '\0'; else if (p && p[1]) *p = '\0'; +diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c +index eda2a93c..45dd35be 100644 +--- a/libsoup/soup-auth-digest.c ++++ b/libsoup/soup-auth-digest.c +@@ -343,7 +343,7 @@ soup_auth_digest_compute_response (const char *method, + g_checksum_update (checksum, (guchar *)method, strlen (method)); + g_checksum_update (checksum, (guchar *)":", 1); + g_checksum_update (checksum, (guchar *)uri, strlen (uri)); +- strncpy (hex_a2, g_checksum_get_string (checksum), 33); ++ memcpy (hex_a2, g_checksum_get_string (checksum), sizeof (char) * 33); + g_checksum_free (checksum); + + /* compute KD */ diff --git a/libsoup/soup-auth-negotiate.c b/libsoup/soup-auth-negotiate.c -index 94863d6..f94760c 100644 +index 1fdf142d..941e49be 100644 --- a/libsoup/soup-auth-negotiate.c +++ b/libsoup/soup-auth-negotiate.c -@@ -268,7 +268,7 @@ soup_auth_negotiate_update_connection (SoupConnectionAuth *auth, SoupMessage *ms - } else { +@@ -200,9 +200,9 @@ soup_auth_negotiate_get_connection_authorization (SoupConnectionAuth *auth, /* FIXME: report further upward via * soup_message_get_error_message */ -- g_warning ("gssapi step failed: %s", err->message); -+ g_warning ("gssapi step failed: %s", err ? err->message : "Unknown error"); + if (conn->initialized) +- g_warning ("gssapi step failed: %s", err->message); ++ g_warning ("gssapi step failed: %s", err ? err->message : "Internal error"); + else +- g_warning ("gssapi init failed: %s", err->message); ++ g_warning ("gssapi init failed: %s", err ? err->message : "Internal error"); + conn->state = SOUP_NEGOTIATE_FAILED; + g_clear_error (&err); + +@@ -274,9 +274,9 @@ soup_auth_negotiate_update_connection (SoupConnectionAuth *auth, SoupMessage *ms + /* FIXME: report further upward via + * soup_message_get_error_message */ + if (conn->initialized) +- g_warning ("gssapi step failed: %s", err->message); ++ g_warning ("gssapi step failed: %s", err ? err->message : "Internal error"); + else +- g_warning ("gssapi init failed: %s", err->message); ++ g_warning ("gssapi init failed: %s", err ? err->message : "Internal error"); success = FALSE; } } else if (!strncmp (header, "Negotiate ", 10)) { +diff --git a/libsoup/soup-auth-ntlm.c b/libsoup/soup-auth-ntlm.c +index 19a551ee..f4009aa8 100644 +--- a/libsoup/soup-auth-ntlm.c ++++ b/libsoup/soup-auth-ntlm.c +@@ -810,7 +810,7 @@ soup_ntlm_response (const char *nonce, + ntlm_set_string (&resp.nt_resp, &offset, sizeof (nt_resp)); + + out = g_malloc (((offset + 3) * 4) / 3 + 6); +- strncpy (out, "NTLM ", 5); ++ memcpy (out, "NTLM ", 5); + p = out + 5; + + state = save = 0; +diff --git a/libsoup/soup-auth.c b/libsoup/soup-auth.c +index 00aa405e..48f39359 100644 +--- a/libsoup/soup-auth.c ++++ b/libsoup/soup-auth.c +@@ -107,13 +107,9 @@ soup_auth_get_property (GObject *object, guint prop_id, + g_value_set_string (value, soup_auth_get_scheme_name (auth)); + break; + case PROP_REALM: +- if (auth->realm) +- g_free (auth->realm); + g_value_set_string (value, soup_auth_get_realm (auth)); + break; + case PROP_HOST: +- if (priv->host) +- g_free (priv->host); + g_value_set_string (value, soup_auth_get_host (auth)); + break; + case PROP_IS_FOR_PROXY: +@@ -349,10 +345,12 @@ soup_auth_authenticate (SoupAuth *auth, const char *username, const char *passwo + gboolean + soup_auth_is_for_proxy (SoupAuth *auth) + { +- SoupAuthPrivate *priv = soup_auth_get_instance_private (auth); ++ SoupAuthPrivate *priv; + + g_return_val_if_fail (SOUP_IS_AUTH (auth), FALSE); + ++ priv = soup_auth_get_instance_private (auth); ++ + return priv->proxy; + } + +@@ -367,9 +365,14 @@ soup_auth_is_for_proxy (SoupAuth *auth) + const char * + soup_auth_get_scheme_name (SoupAuth *auth) + { ++ SoupAuthClass *klass; ++ + g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL); + +- return SOUP_AUTH_GET_CLASS (auth)->scheme_name; ++ klass = SOUP_AUTH_GET_CLASS (auth); ++ g_return_val_if_fail (klass != NULL, NULL); ++ ++ return klass->scheme_name; + } + + /** +@@ -383,10 +386,12 @@ soup_auth_get_scheme_name (SoupAuth *auth) + const char * + soup_auth_get_host (SoupAuth *auth) + { +- SoupAuthPrivate *priv = soup_auth_get_instance_private (auth); ++ SoupAuthPrivate *priv; + + g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL); + ++ priv = soup_auth_get_instance_private (auth); ++ + return priv->host; + } + +@@ -423,13 +428,18 @@ soup_auth_get_realm (SoupAuth *auth) + char * + soup_auth_get_info (SoupAuth *auth) + { ++ SoupAuthClass *klass; ++ + g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL); + ++ klass = SOUP_AUTH_GET_CLASS (auth); ++ g_return_val_if_fail (klass != NULL, NULL); ++ + if (SOUP_IS_CONNECTION_AUTH (auth)) +- return g_strdup (SOUP_AUTH_GET_CLASS (auth)->scheme_name); ++ return g_strdup (klass->scheme_name); + else { + return g_strdup_printf ("%s:%s", +- SOUP_AUTH_GET_CLASS (auth)->scheme_name, ++ klass->scheme_name, + auth->realm); + } + } +@@ -445,9 +455,14 @@ soup_auth_get_info (SoupAuth *auth) + gboolean + soup_auth_is_authenticated (SoupAuth *auth) + { ++ SoupAuthClass *klass; ++ + g_return_val_if_fail (SOUP_IS_AUTH (auth), TRUE); + +- return SOUP_AUTH_GET_CLASS (auth)->is_authenticated (auth); ++ klass = SOUP_AUTH_GET_CLASS (auth); ++ g_return_val_if_fail (klass != NULL, TRUE); ++ ++ return klass->is_authenticated (auth); + } + + /** +@@ -464,10 +479,15 @@ soup_auth_is_authenticated (SoupAuth *auth) + char * + soup_auth_get_authorization (SoupAuth *auth, SoupMessage *msg) + { ++ SoupAuthClass *klass; ++ + g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL); + g_return_val_if_fail (msg != NULL, NULL); + +- return SOUP_AUTH_GET_CLASS (auth)->get_authorization (auth, msg); ++ klass = SOUP_AUTH_GET_CLASS (auth); ++ g_return_val_if_fail (klass != NULL, NULL); ++ ++ return klass->get_authorization (auth, msg); + } + + /** +@@ -488,13 +508,18 @@ gboolean + soup_auth_is_ready (SoupAuth *auth, + SoupMessage *msg) + { ++ SoupAuthClass *klass; ++ + g_return_val_if_fail (SOUP_IS_AUTH (auth), TRUE); + g_return_val_if_fail (SOUP_IS_MESSAGE (msg), TRUE); + +- if (SOUP_AUTH_GET_CLASS (auth)->is_ready) +- return SOUP_AUTH_GET_CLASS (auth)->is_ready (auth, msg); ++ klass = SOUP_AUTH_GET_CLASS (auth); ++ g_return_val_if_fail (klass != NULL, TRUE); ++ ++ if (klass->is_ready) ++ return klass->is_ready (auth, msg); + else +- return SOUP_AUTH_GET_CLASS (auth)->is_authenticated (auth); ++ return klass->is_authenticated (auth); + } + + /** +@@ -511,9 +536,14 @@ soup_auth_is_ready (SoupAuth *auth, + gboolean + soup_auth_can_authenticate (SoupAuth *auth) + { ++ SoupAuthClass *klass; ++ + g_return_val_if_fail (SOUP_IS_AUTH (auth), FALSE); + +- return SOUP_AUTH_GET_CLASS (auth)->can_authenticate (auth); ++ klass = SOUP_AUTH_GET_CLASS (auth); ++ g_return_val_if_fail (klass != NULL, FALSE); ++ ++ return klass->can_authenticate (auth); + } + + /** +@@ -533,10 +563,15 @@ soup_auth_can_authenticate (SoupAuth *auth) + GSList * + soup_auth_get_protection_space (SoupAuth *auth, SoupURI *source_uri) + { ++ SoupAuthClass *klass; ++ + g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL); + g_return_val_if_fail (source_uri != NULL, NULL); + +- return SOUP_AUTH_GET_CLASS (auth)->get_protection_space (auth, source_uri); ++ klass = SOUP_AUTH_GET_CLASS (auth); ++ g_return_val_if_fail (klass != NULL, NULL); ++ ++ return klass->get_protection_space (auth, source_uri); + } + + /** +diff --git a/libsoup/soup-body-output-stream.c b/libsoup/soup-body-output-stream.c +index 314d7ee9..58e9b3ee 100644 +--- a/libsoup/soup-body-output-stream.c ++++ b/libsoup/soup-body-output-stream.c +@@ -162,7 +162,6 @@ again: + case SOUP_BODY_OUTPUT_STREAM_STATE_CHUNK_SIZE: + g_snprintf (buf, sizeof (bostream->priv->buf), + "%lx\r\n", (gulong)count); +- len = strlen (buf); + + if (count > 0) + bostream->priv->chunked_state = SOUP_BODY_OUTPUT_STREAM_STATE_CHUNK; +@@ -182,13 +181,11 @@ again: + + case SOUP_BODY_OUTPUT_STREAM_STATE_CHUNK_END: + strncpy (buf, "\r\n", sizeof (bostream->priv->buf)); +- len = 2; + bostream->priv->chunked_state = SOUP_BODY_OUTPUT_STREAM_STATE_DONE; + break; + + case SOUP_BODY_OUTPUT_STREAM_STATE_TRAILERS: + strncpy (buf, "\r\n", sizeof (bostream->priv->buf)); +- len = 2; + bostream->priv->chunked_state = SOUP_BODY_OUTPUT_STREAM_STATE_DONE; + break; + +diff --git a/libsoup/soup-cache.c b/libsoup/soup-cache.c +index 682625e6..63c13121 100644 +--- a/libsoup/soup-cache.c ++++ b/libsoup/soup-cache.c +@@ -822,6 +822,9 @@ soup_cache_content_processor_wrap_input (SoupContentProcessor *processor, + StreamHelper *helper; + time_t request_time, response_time; + ++ g_return_val_if_fail (SOUP_IS_CACHE (cache), NULL); ++ g_return_val_if_fail (SOUP_IS_MESSAGE (msg), NULL); ++ + /* First of all, check if we should cache the resource. */ + cacheability = soup_cache_get_cacheability (cache, msg); + entry = soup_cache_entry_lookup (cache, msg); +@@ -1075,6 +1078,9 @@ soup_cache_has_response (SoupCache *cache, SoupMessage *msg) + int max_age, max_stale, min_fresh; + GList *lru_item, *item; + ++ g_return_val_if_fail (SOUP_IS_CACHE (cache), SOUP_CACHE_RESPONSE_STALE); ++ g_return_val_if_fail (SOUP_IS_MESSAGE (msg), SOUP_CACHE_RESPONSE_STALE); ++ + entry = soup_cache_entry_lookup (cache, msg); + + /* 1. The presented Request-URI and that of stored response +@@ -1226,10 +1232,15 @@ soup_cache_has_response (SoupCache *cache, SoupMessage *msg) + SoupCacheability + soup_cache_get_cacheability (SoupCache *cache, SoupMessage *msg) + { ++ SoupCacheClass *klass; ++ + g_return_val_if_fail (SOUP_IS_CACHE (cache), SOUP_CACHE_UNCACHEABLE); + g_return_val_if_fail (SOUP_IS_MESSAGE (msg), SOUP_CACHE_UNCACHEABLE); + +- return SOUP_CACHE_GET_CLASS (cache)->get_cacheability (cache, msg); ++ klass = SOUP_CACHE_GET_CLASS (cache); ++ g_return_val_if_fail (klass != NULL, SOUP_CACHE_UNCACHEABLE); ++ ++ return klass->get_cacheability (cache, msg); + } + + static gboolean +@@ -1404,6 +1415,9 @@ soup_cache_cancel_conditional_request (SoupCache *cache, + { + SoupCacheEntry *entry; + ++ g_return_if_fail (SOUP_IS_CACHE (cache)); ++ g_return_if_fail (SOUP_IS_MESSAGE (msg)); ++ + entry = soup_cache_entry_lookup (cache, msg); + if (entry) + entry->being_validated = FALSE; +@@ -1415,7 +1429,12 @@ void + soup_cache_update_from_conditional_request (SoupCache *cache, + SoupMessage *msg) + { +- SoupCacheEntry *entry = soup_cache_entry_lookup (cache, msg); ++ SoupCacheEntry *entry; ++ ++ g_return_if_fail (SOUP_IS_CACHE (cache)); ++ g_return_if_fail (SOUP_IS_MESSAGE (msg)); ++ ++ entry = soup_cache_entry_lookup (cache, msg); + if (!entry) + return; + +diff --git a/libsoup/soup-connection-auth.c b/libsoup/soup-connection-auth.c +index f55cfe6b..a44013e3 100644 +--- a/libsoup/soup-connection-auth.c ++++ b/libsoup/soup-connection-auth.c +@@ -39,8 +39,14 @@ soup_connection_auth_free_connection_state (SoupConnectionAuth *auth, + SoupConnection *conn, + gpointer state) + { ++ SoupConnectionAuthClass *klass; ++ + g_signal_handlers_disconnect_by_func (conn, G_CALLBACK (connection_disconnected), auth); +- SOUP_CONNECTION_AUTH_GET_CLASS (auth)->free_connection_state (auth, state); ++ ++ klass = SOUP_CONNECTION_AUTH_GET_CLASS (auth); ++ g_return_if_fail (klass != NULL); ++ ++ klass->free_connection_state (auth, state); + } + + static void +@@ -91,6 +97,7 @@ soup_connection_auth_get_connection_state_for_message (SoupConnectionAuth *auth, + SoupMessage *msg) + { + SoupConnection *conn; ++ SoupConnectionAuthClass *klass; + gpointer state; + + g_return_val_if_fail (SOUP_IS_CONNECTION_AUTH (auth), NULL); +@@ -101,7 +108,10 @@ soup_connection_auth_get_connection_state_for_message (SoupConnectionAuth *auth, + if (state) + return state; + +- state = SOUP_CONNECTION_AUTH_GET_CLASS (auth)->create_connection_state (auth); ++ klass = SOUP_CONNECTION_AUTH_GET_CLASS (auth); ++ g_return_val_if_fail (klass != NULL, NULL); ++ ++ state = klass->create_connection_state (auth); + if (conn) { + g_signal_connect (conn, "disconnected", + G_CALLBACK (connection_disconnected), auth); +@@ -117,12 +127,15 @@ soup_connection_auth_update (SoupAuth *auth, + GHashTable *auth_params) + { + SoupConnectionAuth *cauth = SOUP_CONNECTION_AUTH (auth); ++ SoupConnectionAuthClass *klass = SOUP_CONNECTION_AUTH_GET_CLASS (auth); + gpointer conn = soup_connection_auth_get_connection_state_for_message (cauth, msg); + GHashTableIter iter; + GString *auth_header; + gpointer key, value; + gboolean result; + ++ g_return_val_if_fail (klass != NULL, FALSE); ++ + /* Recreate @auth_header out of @auth_params. If the + * base64 data ended with 1 or more "="s, then it + * will have been parsed as key=value. Otherwise +@@ -147,8 +160,7 @@ soup_connection_auth_update (SoupAuth *auth, + } + } + +- result = SOUP_CONNECTION_AUTH_GET_CLASS (auth)-> +- update_connection (cauth, msg, auth_header->str, conn); ++ result = klass->update_connection (cauth, msg, auth_header->str, conn); + + g_string_free (auth_header, TRUE); + return result; +@@ -159,10 +171,13 @@ soup_connection_auth_get_authorization (SoupAuth *auth, + SoupMessage *msg) + { + SoupConnectionAuth *cauth = SOUP_CONNECTION_AUTH (auth); ++ SoupConnectionAuthClass *klass; + gpointer conn = soup_connection_auth_get_connection_state_for_message (cauth, msg); + +- return SOUP_CONNECTION_AUTH_GET_CLASS (auth)-> +- get_connection_authorization (cauth, msg, conn); ++ klass = SOUP_CONNECTION_AUTH_GET_CLASS (auth); ++ g_return_val_if_fail (klass != NULL, NULL); ++ ++ return klass->get_connection_authorization (cauth, msg, conn); + } + + static gboolean +@@ -170,10 +185,13 @@ soup_connection_auth_is_ready (SoupAuth *auth, + SoupMessage *msg) + { + SoupConnectionAuth *cauth = SOUP_CONNECTION_AUTH (auth); ++ SoupConnectionAuthClass *klass; + gpointer conn = soup_connection_auth_get_connection_state_for_message (cauth, msg); + +- return SOUP_CONNECTION_AUTH_GET_CLASS (auth)-> +- is_connection_ready (SOUP_CONNECTION_AUTH (auth), msg, conn); ++ klass = SOUP_CONNECTION_AUTH_GET_CLASS (auth); ++ g_return_val_if_fail (klass != NULL, FALSE); ++ ++ return klass->is_connection_ready (SOUP_CONNECTION_AUTH (auth), msg, conn); + } + + static void +diff --git a/libsoup/soup-content-sniffer-stream.c b/libsoup/soup-content-sniffer-stream.c +index b8a8c97e..7f74c705 100644 +--- a/libsoup/soup-content-sniffer-stream.c ++++ b/libsoup/soup-content-sniffer-stream.c +@@ -167,7 +167,8 @@ read_internal (GInputStream *stream, + + if (sniffer->priv->buffer) { + nread = MIN (count, sniffer->priv->buffer_nread); +- memcpy (buffer, sniffer->priv->buffer, nread); ++ if (buffer) ++ memcpy (buffer, sniffer->priv->buffer, nread); + if (nread == sniffer->priv->buffer_nread) { + g_free (sniffer->priv->buffer); + sniffer->priv->buffer = NULL; +diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c +index 7573fde5..20e10d71 100644 +--- a/libsoup/soup-content-sniffer.c ++++ b/libsoup/soup-content-sniffer.c +@@ -925,11 +925,16 @@ soup_content_sniffer_sniff (SoupContentSniffer *sniffer, + SoupMessage *msg, SoupBuffer *buffer, + GHashTable **params) + { ++ SoupContentSnifferClass *klass; ++ + g_return_val_if_fail (SOUP_IS_CONTENT_SNIFFER (sniffer), NULL); + g_return_val_if_fail (SOUP_IS_MESSAGE (msg), NULL); + g_return_val_if_fail (buffer != NULL, NULL); + +- return SOUP_CONTENT_SNIFFER_GET_CLASS (sniffer)->sniff (sniffer, msg, buffer, params); ++ klass = SOUP_CONTENT_SNIFFER_GET_CLASS (sniffer); ++ g_return_val_if_fail (klass != NULL, NULL); ++ ++ return klass->sniff (sniffer, msg, buffer, params); + } + + /** +@@ -946,7 +951,12 @@ soup_content_sniffer_sniff (SoupContentSniffer *sniffer, + gsize + soup_content_sniffer_get_buffer_size (SoupContentSniffer *sniffer) + { ++ SoupContentSnifferClass *klass; ++ + g_return_val_if_fail (SOUP_IS_CONTENT_SNIFFER (sniffer), 0); + +- return SOUP_CONTENT_SNIFFER_GET_CLASS (sniffer)->get_buffer_size (sniffer); ++ klass = SOUP_CONTENT_SNIFFER_GET_CLASS (sniffer); ++ g_return_val_if_fail (klass != NULL, 0); ++ ++ return klass->get_buffer_size (sniffer); + } +diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c +index 2369c8a7..3996c62f 100644 +--- a/libsoup/soup-cookie-jar.c ++++ b/libsoup/soup-cookie-jar.c +@@ -888,7 +888,12 @@ soup_cookie_jar_set_accept_policy (SoupCookieJar *jar, + gboolean + soup_cookie_jar_is_persistent (SoupCookieJar *jar) + { ++ SoupCookieJarClass *klass; ++ + g_return_val_if_fail (SOUP_IS_COOKIE_JAR (jar), FALSE); + +- return SOUP_COOKIE_JAR_GET_CLASS (jar)->is_persistent (jar); ++ klass = SOUP_COOKIE_JAR_GET_CLASS (jar); ++ g_return_val_if_fail (klass != NULL, FALSE); ++ ++ return klass->is_persistent (jar); + } diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c -index a180c6e..abef34c 100644 +index a180c6ee..abef34cb 100644 --- a/libsoup/soup-message-headers.c +++ b/libsoup/soup-message-headers.c @@ -1324,7 +1324,7 @@ content_type_setter (SoupMessageHeaders *hdrs, const char *value) @@ -37,8 +524,153 @@ index a180c6e..abef34c 100644 parse_content_foo (hdrs, "Content-Type", &content_type, NULL); p = strpbrk (content_type, " /"); +diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c +index ae340b9c..42f38889 100644 +--- a/libsoup/soup-session.c ++++ b/libsoup/soup-session.c +@@ -2175,11 +2175,15 @@ void + soup_session_queue_message (SoupSession *session, SoupMessage *msg, + SoupSessionCallback callback, gpointer user_data) + { ++ SoupSessionClass *klass; ++ + g_return_if_fail (SOUP_IS_SESSION (session)); + g_return_if_fail (SOUP_IS_MESSAGE (msg)); + +- SOUP_SESSION_GET_CLASS (session)->queue_message (session, msg, +- callback, user_data); ++ klass = SOUP_SESSION_GET_CLASS (session); ++ g_return_if_fail (klass != NULL); ++ ++ klass->queue_message (session, msg, callback, user_data); + /* The SoupMessageQueueItem will hold a ref on @msg until it is + * finished, so we can drop the ref adopted from the caller now. + */ +@@ -2219,10 +2223,15 @@ soup_session_real_requeue_message (SoupSession *session, SoupMessage *msg) + void + soup_session_requeue_message (SoupSession *session, SoupMessage *msg) + { ++ SoupSessionClass *klass; ++ + g_return_if_fail (SOUP_IS_SESSION (session)); + g_return_if_fail (SOUP_IS_MESSAGE (msg)); + +- SOUP_SESSION_GET_CLASS (session)->requeue_message (session, msg); ++ klass = SOUP_SESSION_GET_CLASS (session); ++ g_return_if_fail (klass != NULL); ++ ++ klass->requeue_message (session, msg); + } + + static guint +@@ -2266,10 +2275,15 @@ soup_session_real_send_message (SoupSession *session, SoupMessage *msg) + guint + soup_session_send_message (SoupSession *session, SoupMessage *msg) + { ++ SoupSessionClass *klass; ++ + g_return_val_if_fail (SOUP_IS_SESSION (session), SOUP_STATUS_MALFORMED); + g_return_val_if_fail (SOUP_IS_MESSAGE (msg), SOUP_STATUS_MALFORMED); + +- return SOUP_SESSION_GET_CLASS (session)->send_message (session, msg); ++ klass = SOUP_SESSION_GET_CLASS (session); ++ g_return_val_if_fail (klass != NULL, SOUP_STATUS_MALFORMED); ++ ++ return klass->send_message (session, msg); + } + + +@@ -2350,7 +2364,14 @@ soup_session_real_kick_queue (SoupSession *session) + void + soup_session_kick_queue (SoupSession *session) + { +- SOUP_SESSION_GET_CLASS (session)->kick (session); ++ SoupSessionClass *klass; ++ ++ g_return_if_fail (SOUP_IS_SESSION (session)); ++ ++ klass = SOUP_SESSION_GET_CLASS (session); ++ g_return_if_fail (klass != NULL); ++ ++ klass->kick (session); + } + + /** +@@ -2450,11 +2471,15 @@ soup_session_cancel_message (SoupSession *session, SoupMessage *msg, + guint status_code) + { + SoupSessionPrivate *priv; ++ SoupSessionClass *klass; + SoupMessageQueueItem *item; + + g_return_if_fail (SOUP_IS_SESSION (session)); + g_return_if_fail (SOUP_IS_MESSAGE (msg)); + ++ klass = SOUP_SESSION_GET_CLASS (session); ++ g_return_if_fail (klass != NULL); ++ + priv = soup_session_get_instance_private (session); + item = soup_message_queue_lookup (priv->queue, msg); + /* If the message is already ending, don't do anything */ +@@ -2465,7 +2490,7 @@ soup_session_cancel_message (SoupSession *session, SoupMessage *msg, + return; + } + +- SOUP_SESSION_GET_CLASS (session)->cancel_message (session, msg, status_code); ++ klass->cancel_message (session, msg, status_code); + soup_message_queue_item_unref (item); + } + +@@ -2538,15 +2563,20 @@ soup_session_real_flush_queue (SoupSession *session) + void + soup_session_abort (SoupSession *session) + { ++ SoupSessionClass *klass; + SoupSessionPrivate *priv; + GSList *conns, *c; + GHashTableIter iter; + gpointer conn, host; + + g_return_if_fail (SOUP_IS_SESSION (session)); ++ ++ klass = SOUP_SESSION_GET_CLASS (session); ++ g_return_if_fail (klass != NULL); ++ + priv = soup_session_get_instance_private (session); + +- SOUP_SESSION_GET_CLASS (session)->flush_queue (session); ++ klass->flush_queue (session); + + /* Close all idle connections */ + g_mutex_lock (&priv->conn_lock); +diff --git a/libsoup/soup-status.h b/libsoup/soup-status.h +index 28d481db..514dfc31 100644 +--- a/libsoup/soup-status.h ++++ b/libsoup/soup-status.h +@@ -8,7 +8,7 @@ + #ifndef SOUP_STATUS_H + #define SOUP_STATUS_H 1 + +-#include ++#include + + G_BEGIN_DECLS + +diff --git a/libsoup/soup-uri.c b/libsoup/soup-uri.c +index be778d6c..74c362e9 100644 +--- a/libsoup/soup-uri.c ++++ b/libsoup/soup-uri.c +@@ -1348,7 +1348,7 @@ soup_uri_is_http (SoupURI *uri, char **aliases) + return TRUE; + } + +- if (!aliases[1] && !strcmp (aliases[0], "*")) ++ if (aliases[0] && !aliases[1] && !strcmp (aliases[0], "*")) + return TRUE; + else + return FALSE; diff --git a/libsoup/soup-xmlrpc.c b/libsoup/soup-xmlrpc.c -index 42dcda9..2da6344 100644 +index 42dcda9c..60fb814c 100644 --- a/libsoup/soup-xmlrpc.c +++ b/libsoup/soup-xmlrpc.c @@ -588,7 +588,7 @@ signature_get_next_complete_type (const char **signature) @@ -46,15 +678,15 @@ index 42dcda9..2da6344 100644 (*signature)++; - if ( (*signature)[0] == stack[stack_len - 1]) -+ if ( stack_len > 0 && (*signature)[0] == stack[stack_len - 1]) ++ if (stack_len > 0 && (*signature)[0] == stack[stack_len - 1]) stack_len--; } while (stack_len > 0); diff --git a/tests/test-utils.c b/tests/test-utils.c -index 9c74206..fc58362 100644 +index 9c742060..7a21fa02 100644 --- a/tests/test-utils.c +++ b/tests/test-utils.c -@@ -676,6 +678,8 @@ soup_test_request_read_all (SoupRequest *req, +@@ -676,9 +676,11 @@ soup_test_request_read_all (SoupRequest *req, if (!SOUP_IS_SESSION_SYNC (soup_request_get_session (req))) data.loop = g_main_loop_new (g_main_context_get_thread_default (), FALSE); @@ -62,8 +694,12 @@ index 9c74206..fc58362 100644 + data.loop = NULL; do { - if (SOUP_IS_SESSION_SYNC (soup_request_get_session (req))) { -@@ -691,7 +695,7 @@ soup_test_request_read_all (SoupRequest *req, +- if (SOUP_IS_SESSION_SYNC (soup_request_get_session (req))) { ++ if (!data.loop) { + nread = g_input_stream_read (stream, buf, sizeof (buf), + cancellable, error); + } else { +@@ -691,7 +693,7 @@ soup_test_request_read_all (SoupRequest *req, } } while (nread > 0); diff --git a/SOURCES/crash-under-soup_socket_new.patch b/SOURCES/crash-under-soup_socket_new.patch deleted file mode 100644 index ea511f2..0000000 --- a/SOURCES/crash-under-soup_socket_new.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff -up libsoup-2.56.0/libsoup/soup-session.c.crash-under-soup_socket_new libsoup-2.56.0/libsoup/soup-session.c ---- libsoup-2.56.0/libsoup/soup-session.c.crash-under-soup_socket_new 2016-09-16 17:14:27.000000000 +0200 -+++ libsoup-2.56.0/libsoup/soup-session.c 2017-11-15 17:20:52.660392432 +0100 -@@ -369,6 +369,7 @@ soup_session_finalize (GObject *object) - G_OBJECT_CLASS (soup_session_parent_class)->finalize (object); - } - -+/* requires conn_lock */ - static void - ensure_socket_props (SoupSession *session) - { -@@ -784,11 +785,13 @@ soup_session_set_property (GObject *obje - break; - } - -+ g_mutex_lock (&priv->conn_lock); - if (priv->socket_props && socket_props_changed) { - soup_socket_properties_unref (priv->socket_props); - priv->socket_props = NULL; - ensure_socket_props (session); - } -+ g_mutex_unlock (&priv->conn_lock); - } - - static void -@@ -808,7 +811,9 @@ soup_session_get_property (GObject *obje - g_value_set_boxed (value, priv->proxy_uri); - break; - case PROP_PROXY_RESOLVER: -+ g_mutex_lock (&priv->conn_lock); - ensure_socket_props (session); -+ g_mutex_unlock (&priv->conn_lock); - g_value_set_object (value, priv->proxy_resolver); - break; - case PROP_MAX_CONNS: -@@ -829,12 +834,16 @@ soup_session_get_property (GObject *obje - break; - case PROP_SSL_USE_SYSTEM_CA_FILE: - tlsdb = g_tls_backend_get_default_database (g_tls_backend_get_default ()); -+ g_mutex_lock (&priv->conn_lock); - ensure_socket_props (session); -+ g_mutex_unlock (&priv->conn_lock); - g_value_set_boolean (value, priv->tlsdb == tlsdb); - g_clear_object (&tlsdb); - break; - case PROP_TLS_DATABASE: -+ g_mutex_lock (&priv->conn_lock); - ensure_socket_props (session); -+ g_mutex_unlock (&priv->conn_lock); - g_value_set_object (value, priv->tlsdb); - break; - case PROP_TLS_INTERACTION: diff --git a/SOURCES/get-leaks.patch b/SOURCES/get-leaks.patch deleted file mode 100644 index 67f77bd..0000000 --- a/SOURCES/get-leaks.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -up libsoup-2.56.0/examples/get.c.get-leaks libsoup-2.56.0/examples/get.c ---- libsoup-2.56.0/examples/get.c.get-leaks 2016-09-16 17:14:27.000000000 +0200 -+++ libsoup-2.56.0/examples/get.c 2017-06-20 14:31:00.325517968 +0200 -@@ -90,6 +90,7 @@ get_url (const char *url) - fclose (output_file); - } - } -+ g_object_unref (msg); - } - - /* Inline class for providing a pre-configured client certificate */ -@@ -287,5 +288,7 @@ main (int argc, char **argv) - if (!synchronous) - g_main_loop_unref (loop); - -+ g_object_unref (session); -+ - return 0; - } diff --git a/SOURCES/libsoup-python2.patch b/SOURCES/libsoup-python2.patch new file mode 100644 index 0000000..35a39a0 --- /dev/null +++ b/SOURCES/libsoup-python2.patch @@ -0,0 +1,8 @@ +--- libsoup-2.62.1/libsoup/tld-parser.py.orig 2018-04-26 19:29:27.318600263 +0200 ++++ libsoup-2.62.1/libsoup/tld-parser.py 2018-04-26 19:29:39.761593669 +0200 +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python3 ++#!/usr/bin/env python + + # Generate tld rules + # Copyright (C) 2012 Red Hat, Inc. diff --git a/SOURCES/negotiate-connection-close.patch b/SOURCES/negotiate-connection-close.patch deleted file mode 100644 index 0e22774..0000000 --- a/SOURCES/negotiate-connection-close.patch +++ /dev/null @@ -1,46 +0,0 @@ -diff -up libsoup-2.56.0/libsoup/soup-auth-negotiate.c.negotiate-connection-close libsoup-2.56.0/libsoup/soup-auth-negotiate.c ---- libsoup-2.56.0/libsoup/soup-auth-negotiate.c.negotiate-connection-close 2017-06-20 14:38:57.074528827 +0200 -+++ libsoup-2.56.0/libsoup/soup-auth-negotiate.c 2017-06-20 14:40:02.165257249 +0200 -@@ -188,7 +188,29 @@ soup_auth_negotiate_get_connection_autho - SoupNegotiateConnectionState *conn = state; - char *header = NULL; - -- if (conn->state == SOUP_NEGOTIATE_RECEIVED_CHALLENGE) { -+ if (conn->state == SOUP_NEGOTIATE_NEW) { -+ GError *err = NULL; -+ -+ if (!check_auth_trusted_uri (auth, msg)) { -+ conn->state = SOUP_NEGOTIATE_FAILED; -+ return NULL; -+ } -+ -+ if (!soup_gss_build_response (conn, SOUP_AUTH (auth), &err)) { -+ /* FIXME: report further upward via -+ * soup_message_get_error_message */ -+ if (conn->initialized) -+ g_warning ("gssapi step failed: %s", err ? err->message : "Unknown error"); -+ else -+ g_warning ("gssapi init failed: %s", err ? err->message : "Unknown error"); -+ conn->state = SOUP_NEGOTIATE_FAILED; -+ g_clear_error (&err); -+ -+ return NULL; -+ } -+ } -+ -+ if (conn->response_header) { - header = conn->response_header; - conn->response_header = NULL; - conn->state = SOUP_NEGOTIATE_SENT_RESPONSE; -@@ -251,7 +273,10 @@ soup_auth_negotiate_update_connection (S - } else { - /* FIXME: report further upward via - * soup_message_get_error_message */ -- g_warning ("gssapi step failed: %s", err ? err->message : "Unknown error"); -+ if (conn->initialized) -+ g_warning ("gssapi step failed: %s", err ? err->message : "Unknown error"); -+ else -+ g_warning ("gssapi init failed: %s", err ? err->message : "Unknown error"); - success = FALSE; - } - } else if (!strncmp (header, "Negotiate ", 10)) { diff --git a/SOURCES/negotiate-internals.patch b/SOURCES/negotiate-internals.patch deleted file mode 100644 index 9fd6d97..0000000 --- a/SOURCES/negotiate-internals.patch +++ /dev/null @@ -1,205 +0,0 @@ -diff -up libsoup-2.56.0/libsoup/soup-auth-negotiate.c.negotiate-internals libsoup-2.56.0/libsoup/soup-auth-negotiate.c ---- libsoup-2.56.0/libsoup/soup-auth-negotiate.c.negotiate-internals 2016-09-16 17:14:27.000000000 +0200 -+++ libsoup-2.56.0/libsoup/soup-auth-negotiate.c 2017-06-20 14:34:42.018592998 +0200 -@@ -83,11 +83,6 @@ typedef struct { - - typedef struct { - gboolean is_authenticated; -- -- gulong message_finished_signal_id; -- gulong message_got_headers_signal_id; -- -- SoupNegotiateConnectionState *conn_state; - } SoupAuthNegotiatePrivate; - - #define SOUP_AUTH_NEGOTIATE_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), SOUP_TYPE_AUTH_NEGOTIATE, SoupAuthNegotiatePrivate)) -@@ -108,7 +103,6 @@ static GSList *blacklisted_uris; - static void parse_uris_from_env_variable (const gchar *env_variable, GSList **list); - - static void check_server_response (SoupMessage *msg, gpointer auth); --static void remove_server_response_handler (SoupMessage *msg, gpointer auth); - - static const char spnego_OID[] = "\x2b\x06\x01\x05\x05\x02"; - static const gss_OID_desc gss_mech_spnego = { sizeof (spnego_OID) - 1, (void *) &spnego_OID }; -@@ -116,12 +110,10 @@ static const gss_OID_desc gss_mech_spneg - static gpointer - soup_auth_negotiate_create_connection_state (SoupConnectionAuth *auth) - { -- SoupAuthNegotiatePrivate *priv = SOUP_AUTH_NEGOTIATE_GET_PRIVATE (auth); - SoupNegotiateConnectionState *conn; - - conn = g_slice_new0 (SoupNegotiateConnectionState); - conn->state = SOUP_NEGOTIATE_NEW; -- priv->conn_state = conn; - - return conn; - } -@@ -137,14 +129,11 @@ static void - soup_auth_negotiate_free_connection_state (SoupConnectionAuth *auth, - gpointer state) - { -- SoupAuthNegotiate *negotiate = SOUP_AUTH_NEGOTIATE (auth); -- SoupAuthNegotiatePrivate *priv = SOUP_AUTH_NEGOTIATE_GET_PRIVATE (negotiate); - SoupNegotiateConnectionState *conn = state; - - free_connection_state_data (conn); - - g_slice_free (SoupNegotiateConnectionState, conn); -- priv->conn_state = NULL; - } - - static GSList * -@@ -226,7 +215,6 @@ soup_auth_negotiate_update_connection (S - #ifdef LIBSOUP_HAVE_GSSAPI - gboolean success = TRUE; - SoupNegotiateConnectionState *conn = state; -- SoupAuthNegotiatePrivate *priv = SOUP_AUTH_NEGOTIATE_GET_PRIVATE (auth); - GError *err = NULL; - - if (!check_auth_trusted_uri (auth, msg)) { -@@ -245,24 +233,19 @@ soup_auth_negotiate_update_connection (S - - conn->state = SOUP_NEGOTIATE_RECEIVED_CHALLENGE; - if (soup_gss_build_response (conn, SOUP_AUTH (auth), &err)) { -- /* Register the callbacks just once */ -- if (priv->message_finished_signal_id == 0) { -- gulong id = 0; -- id = g_signal_connect (msg, -- "finished", -- G_CALLBACK (remove_server_response_handler), -- auth); -- priv->message_finished_signal_id = id; -- } -- -- if (priv->message_got_headers_signal_id == 0) { -- gulong id = 0; -+ /* Connect the signal only once per message */ -+ if (!g_object_get_data (G_OBJECT (msg), "negotiate-got-headers-connected")) { - /* Wait for the 2xx response to verify server response */ -- id = g_signal_connect (msg, -+ g_signal_connect_data (msg, - "got_headers", - G_CALLBACK (check_server_response), -- auth); -- priv->message_got_headers_signal_id = id; -+ g_object_ref (auth), -+ (GClosureNotify) g_object_unref, -+ 0); -+ /* Mark that the signal was connected */ -+ g_object_set_data (G_OBJECT (msg), -+ "negotiate-got-headers-connected", -+ GINT_TO_POINTER (1)); - } - goto out; - } else { -@@ -333,7 +316,11 @@ check_server_response (SoupMessage *msg, - GError *err = NULL; - SoupAuthNegotiate *negotiate = auth; - SoupAuthNegotiatePrivate *priv = SOUP_AUTH_NEGOTIATE_GET_PRIVATE (negotiate); -- SoupNegotiateConnectionState *conn = priv->conn_state; -+ SoupNegotiateConnectionState *conn; -+ -+ conn = soup_connection_auth_get_connection_state_for_message (SOUP_CONNECTION_AUTH (auth), msg); -+ if (!conn) -+ return; - - if (auth != soup_message_get_auth (msg)) - return; -@@ -365,19 +352,6 @@ check_server_response (SoupMessage *msg, - g_clear_error (&err); - } - --static void --remove_server_response_handler (SoupMessage *msg, gpointer auth) --{ -- SoupAuthNegotiate *negotiate = auth; -- SoupAuthNegotiatePrivate *priv = SOUP_AUTH_NEGOTIATE_GET_PRIVATE (negotiate); -- -- g_signal_handler_disconnect (msg, priv->message_got_headers_signal_id); -- priv->message_got_headers_signal_id = 0; -- -- g_signal_handler_disconnect (msg, priv->message_finished_signal_id); -- priv->message_finished_signal_id = 0; --} -- - /* Check if scheme://host:port from message matches the given URI. */ - static gint - match_base_uri (SoupURI *list_uri, SoupURI *msg_uri) -diff -up libsoup-2.56.0/libsoup/soup-connection-auth.c.negotiate-internals libsoup-2.56.0/libsoup/soup-connection-auth.c ---- libsoup-2.56.0/libsoup/soup-connection-auth.c.negotiate-internals 2016-02-05 16:05:33.000000000 +0100 -+++ libsoup-2.56.0/libsoup/soup-connection-auth.c 2017-06-20 14:31:00.333517935 +0200 -@@ -71,12 +71,31 @@ soup_connection_auth_finalize (GObject * - G_OBJECT_CLASS (soup_connection_auth_parent_class)->finalize (object); - } - --static gpointer --get_connection_state_for_message (SoupConnectionAuth *auth, SoupMessage *msg) -+ -+/** -+ * soup_connection_auth_get_connection_state_for_message: -+ * @auth: a #SoupConnectionAuth -+ * @msg: a #SoupMessage -+ * -+ * Returns an associated connection state object for the given @auth and @msg. -+ * -+ * This function is only useful from within implementations of SoupConnectionAuth -+ * subclasses. -+ * -+ * Return value: (transfer none): the connection state -+ * -+ * Since: 2.56 -+ **/ -+gpointer -+soup_connection_auth_get_connection_state_for_message (SoupConnectionAuth *auth, -+ SoupMessage *msg) - { - SoupConnection *conn; - gpointer state; - -+ g_return_val_if_fail (SOUP_IS_CONNECTION_AUTH (auth), NULL); -+ g_return_val_if_fail (SOUP_IS_MESSAGE (msg), NULL); -+ - conn = soup_message_get_connection (msg); - state = g_hash_table_lookup (auth->priv->conns, conn); - if (state) -@@ -98,7 +117,7 @@ soup_connection_auth_update (SoupAuth - GHashTable *auth_params) - { - SoupConnectionAuth *cauth = SOUP_CONNECTION_AUTH (auth); -- gpointer conn = get_connection_state_for_message (cauth, msg); -+ gpointer conn = soup_connection_auth_get_connection_state_for_message (cauth, msg); - GHashTableIter iter; - GString *auth_header; - gpointer key, value; -@@ -140,7 +159,7 @@ soup_connection_auth_get_authorization ( - SoupMessage *msg) - { - SoupConnectionAuth *cauth = SOUP_CONNECTION_AUTH (auth); -- gpointer conn = get_connection_state_for_message (cauth, msg); -+ gpointer conn = soup_connection_auth_get_connection_state_for_message (cauth, msg); - - return SOUP_CONNECTION_AUTH_GET_CLASS (auth)-> - get_connection_authorization (cauth, msg, conn); -@@ -151,7 +170,7 @@ soup_connection_auth_is_ready (SoupAuth - SoupMessage *msg) - { - SoupConnectionAuth *cauth = SOUP_CONNECTION_AUTH (auth); -- gpointer conn = get_connection_state_for_message (cauth, msg); -+ gpointer conn = soup_connection_auth_get_connection_state_for_message (cauth, msg); - - return SOUP_CONNECTION_AUTH_GET_CLASS (auth)-> - is_connection_ready (SOUP_CONNECTION_AUTH (auth), msg, conn); -diff -up libsoup-2.56.0/libsoup/soup-connection-auth.h.negotiate-internals libsoup-2.56.0/libsoup/soup-connection-auth.h ---- libsoup-2.56.0/libsoup/soup-connection-auth.h.negotiate-internals 2016-09-16 17:14:27.000000000 +0200 -+++ libsoup-2.56.0/libsoup/soup-connection-auth.h 2017-06-20 14:31:00.333517935 +0200 -@@ -46,6 +46,10 @@ typedef struct { - - GType soup_connection_auth_get_type (void); - -+SOUP_AVAILABLE_IN_2_56 -+gpointer soup_connection_auth_get_connection_state_for_message -+ (SoupConnectionAuth *auth, -+ SoupMessage *message); - G_END_DECLS - - #endif /* SOUP_CONNECTION_AUTH_H */ diff --git a/SOURCES/tcms-site-warning.patch b/SOURCES/tcms-site-warning.patch deleted file mode 100644 index e13bd2e..0000000 --- a/SOURCES/tcms-site-warning.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -up libsoup-2.56.0/libsoup/soup-auth-negotiate.c.tcms-site-warning libsoup-2.56.0/libsoup/soup-auth-negotiate.c ---- libsoup-2.56.0/libsoup/soup-auth-negotiate.c.tcms-site-warning 2017-06-20 14:41:20.593930021 +0200 -+++ libsoup-2.56.0/libsoup/soup-auth-negotiate.c 2017-06-20 14:41:20.601929988 +0200 -@@ -364,13 +364,28 @@ check_server_response (SoupMessage *msg, - - ret = soup_gss_client_step (conn, auth_headers + 10, &err); - -- priv->is_authenticated = ret == AUTH_GSS_COMPLETE; -- -- if (ret == AUTH_GSS_CONTINUE) { -+ switch (ret) { -+ case AUTH_GSS_COMPLETE: -+ priv->is_authenticated = TRUE; -+ break; -+ case AUTH_GSS_CONTINUE: - conn->state = SOUP_NEGOTIATE_RECEIVED_CHALLENGE; -- } else if (ret == AUTH_GSS_ERROR) { -+ break; -+ case AUTH_GSS_ERROR: - if (err) - g_warning ("%s", err->message); -+ /* Unfortunately, so many programs (curl, Firefox, ..) ignore -+ * the return token that is included in the response, so it is -+ * possible that there are servers that send back broken stuff. -+ * Try to behave in the right way (pass the token to -+ * gss_init_sec_context()), show a warning, but don't fail -+ * if the server returned 200. */ -+ if (msg->status_code == SOUP_STATUS_OK) -+ priv->is_authenticated = TRUE; -+ else -+ conn->state = SOUP_NEGOTIATE_FAILED; -+ break; -+ default: - conn->state = SOUP_NEGOTIATE_FAILED; - } - out: diff --git a/SPECS/libsoup.spec b/SPECS/libsoup.spec index 197b89f..5d7a20c 100644 --- a/SPECS/libsoup.spec +++ b/SPECS/libsoup.spec @@ -1,33 +1,20 @@ %define glib2_version 2.38.0 Name: libsoup -Version: 2.56.0 -Release: 6%{?dist} +Version: 2.62.2 +Release: 2%{?dist} Summary: Soup, an HTTP library implementation License: LGPLv2 URL: https://wiki.gnome.org/Projects/libsoup -Source0: https://download.gnome.org/sources/%{name}/2.56/%{name}-%{version}.tar.xz +Source0: https://download.gnome.org/sources/%{name}/2.62/%{name}-%{version}.tar.xz Patch01: coverity-scan-issues.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1439798 -# https://bugzilla.gnome.org/show_bug.cgi?id=782939 -Patch02: get-leaks.patch -# https://bugzilla.gnome.org/show_bug.cgi?id=782940 -Patch03: negotiate-internals.patch -# https://bugzilla.gnome.org/show_bug.cgi?id=783780 -Patch04: negotiate-connection-close.patch -# https://bugzilla.gnome.org/show_bug.cgi?id=783781 -Patch05: tcms-site-warning.patch -# https://bugzilla.gnome.org/show_bug.cgi?id=785774 -# https://bugzilla.redhat.com/show_bug.cgi?id=1479281 -Patch06: chunked-decoding-buffer-overrun-CVE-2017-2885.patch -# http://bugzilla.gnome.org/show_bug.cgi?id=788238 -# https://bugzilla.redhat.com/show_bug.cgi?id=1495552 -Patch07: auth-try-all-available.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1513355 -Patch08: crash-under-soup_socket_new.patch +# Downstream patch to support Python 2 +Patch02: libsoup-python2.patch +Patch03: 0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch +BuildRequires: chrpath BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: glib-networking BuildRequires: intltool @@ -62,13 +49,8 @@ you to develop applications that use the libsoup library. %prep %setup -q %patch01 -p1 -b .coverity-scan-issues -%patch02 -p1 -b .get-leaks -%patch03 -p1 -b .negotiate-internals -%patch04 -p1 -b .negotiate-connection-close -%patch05 -p1 -b .tcms-site-warning -%patch06 -p1 -b .cve-2017-2885 -%patch07 -p1 -b .auth-try-all -%patch08 -p1 -b .crash-under-soup_socket_new +%patch02 -p1 -b .python2 +%patch03 -p1 -b .cve-2018-12910 %build %configure --disable-static @@ -83,6 +65,9 @@ make %{?_smp_mflags} rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la +# Remove lib64 rpaths +chrpath --delete $RPM_BUILD_ROOT%{_libdir}/*.so + %find_lang libsoup %post -p /sbin/ldconfig @@ -108,6 +93,18 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la %{_datadir}/vala/vapi/libsoup-2.4.vapi %changelog +* Mon Jul 09 2018 Milan Crha - 2.62.2-2 +- Backport upstream patch for CVE-2018-12910 - Crash in soup_cookie_jar.c: get_cookies() on empty hostnames +- Resolves: #1598838 + +* Tue May 08 2018 Kalev Lember - 2.62.2-1 +- Update to 2.62.2 +- Resolves: #1569734 + +* Mon Apr 09 2018 Kalev Lember - 2.62.1-1 +- Update to 2.62.1 +- Resolves: #1569734 + * Wed Nov 15 2017 Milan Crha - 2.56.0-6 - Fix for crash under soup_socket_new() (rh #1513355)