libsoup: update to version 2.36.1

Update to latest stable release. SSL support now depends on glib-networking with gnutls support instead of using gnutls directly. Remove libsoup-CVE-2011-2054.patch, this is fixed upstream. Signed-off-by: Sven Neumann <s.neumann@raumfeld.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2025-07-28 05:36:32 +00:00 · 2012-02-27 13:38:57 +01:00 · 2012-02-27 13:38:57 +01:00 · 8d485749e1
commit 8d485749e1
parent 01ffa2e868
3 changed files with 9 additions and 43 deletions
--- a/package/libsoup/Config.in
+++ b/package/libsoup/Config.in
@ -14,6 +14,7 @@ config BR2_PACKAGE_LIBSOUP
 config BR2_PACKAGE_LIBSOUP_SSL
 	bool "https support"
 	select BR2_PACKAGE_GLIB_NETWORKING
 	select BR2_PACKAGE_GNUTLS
 	depends on BR2_PACKAGE_LIBSOUP
 	help
--- a/package/libsoup/libsoup-CVE-2011-2054.patch
+++ b/package/libsoup/libsoup-CVE-2011-2054.patch
@ -1,32 +0,0 @@
 From 4617b6ef6dd21931a0153070c5b5ff7ef21b46f8 Mon Sep 17 00:00:00 2001
 From: Dan Winship <danw@gnome.org>
 Date: Wed, 29 Jun 2011 10:04:06 -0400
 Subject: [PATCH] SoupServer: fix to not allow smuggling ".." into path
 When SoupServer:raw-paths was set (the default), it was possible to
 sneak ".." segments into the path passed to the SoupServerHandler,
 which could then end up tricking some handlers into retrieving
 arbitrary files from the filesystem. Fix that.
 https://bugzilla.gnome.org/show_bug.cgi?id=653258
 diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c
 index d56efd1..7225337 100644
 --- a/libsoup/soup-server.c
 +++ b/libsoup/soup-server.c
@@ -779,6 +779,15 @@ got_headers (SoupMessage *req, SoupClientContext *client)
 		uri = soup_message_get_uri (req);
 		decoded_path = soup_uri_decode (uri->path);
 +
 +		if (strstr (decoded_path, "/../") ||
 +		    g_str_has_suffix (decoded_path, "/..")) {
 +			/* Introducing new ".." segments is not allowed */
 +			g_free (decoded_path);
 +			soup_message_set_status (req, SOUP_STATUS_BAD_REQUEST);
 +			return;
 +		}
 +
 		soup_uri_set_path (uri, decoded_path);
 		g_free (decoded_path);
 	}
--- a/package/libsoup/libsoup.mk
+++ b/package/libsoup/libsoup.mk
@ -4,10 +4,11 @@
 #
 #############################################################
-LIBSOUP_MAJOR_VERSION:=2.32
+LIBSOUP_MAJOR_VERSION = 2.36
-LIBSOUP_VERSION:=$(LIBSOUP_MAJOR_VERSION).2
+LIBSOUP_MINOR_VERSION = 1
-LIBSOUP_SOURCE:=libsoup-$(LIBSOUP_VERSION).tar.bz2
+LIBSOUP_VERSION = $(LIBSOUP_MAJOR_VERSION).$(LIBSOUP_MINOR_VERSION)
-LIBSOUP_SITE:=http://ftp.gnome.org/pub/gnome/sources/libsoup/$(LIBSOUP_MAJOR_VERSION)
+LIBSOUP_SOURCE = libsoup-$(LIBSOUP_VERSION).tar.bz2
 LIBSOUP_SITE = http://ftp.gnome.org/pub/gnome/sources/libsoup/$(LIBSOUP_MAJOR_VERSION)
 LIBSOUP_INSTALL_STAGING = YES
 LIBSOUP_CONF_ENV = ac_cv_path_GLIB_GENMARSHAL=$(LIBGLIB2_HOST_BINARY)
@ -16,18 +17,14 @@ ifneq ($(BR2_INET_IPV6),y)
 LIBSOUP_CONF_ENV += soup_cv_ipv6=no
 endif
-LIBSOUP_CONF_OPT = \
+LIBSOUP_CONF_OPT = --disable-glibtest --without-gnome
 	--disable-explicit-deps \
 	--disable-glibtest	\
 	--without-gnome
 LIBSOUP_DEPENDENCIES = $(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext libintl) host-pkg-config host-libglib2 libglib2 libxml2
 ifeq ($(BR2_PACKAGE_LIBSOUP_SSL),y)
-LIBSOUP_DEPENDENCIES += gnutls
+LIBSOUP_DEPENDENCIES += glib-networking
 LIBSOUP_CONF_OPT += --enable-ssl --with-libgcrypt-prefix=$(STAGING_DIR)/usr
 else
-LIBSOUP_CONF_OPT += --disable-ssl
+LIBSOUP_CONF_OPT += --disable-tls-check
 endif
 $(eval $(call AUTOTARGETS))