package/libsoup3: security bump to version 3.6.1

Fixes the following security vulnerabilities: CVE-2024-52531: GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. https://www.cve.org/CVERecord?id=CVE-2024-52531 CVE-2024-52532: GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. https://www.cve.org/CVERecord?id=CVE-2024-52532 Changelog: https://gitlab.gnome.org/GNOME/libsoup/-/blob/3.6.1/NEWS Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit b9120736a7e1e6c6e685d70a5a93e4d861422d70) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-12-15 11:07:23 +01:00 · 2024-12-15 11:07:23 +01:00 · 41bd9a5839
commit 41bd9a5839
parent f62d6af7fd
2 changed files with 3 additions and 3 deletions
--- a/package/libsoup3/libsoup3.hash
+++ b/package/libsoup3/libsoup3.hash
@ -1,4 +1,4 @@
-# From https://download.gnome.org/sources/libsoup/3.6/libsoup-3.6.0.sha256sum
-sha256  62959f791e8e8442f8c13cedac8c4919d78f9120d5bb5301be67a5e53318b4a3  libsoup-3.6.0.tar.xz
+# From https://download.gnome.org/sources/libsoup/3.6/libsoup-3.6.1.sha256sum
+sha256  ceb1f1aa2bdd73b2cd8159d3998c96c55ef097ef15e4b4f36029209fa18af838  libsoup-3.6.1.tar.xz
 # Locally calculated
 sha256  b7993225104d90ddd8024fd838faf300bea5e83d91203eab98e29512acebd69c  COPYING
--- a/package/libsoup3/libsoup3.mk
+++ b/package/libsoup3/libsoup3.mk
@ -5,7 +5,7 @@
 ################################################################################

 LIBSOUP3_VERSION_MAJOR = 3.6
-LIBSOUP3_VERSION = $(LIBSOUP3_VERSION_MAJOR).0
+LIBSOUP3_VERSION = $(LIBSOUP3_VERSION_MAJOR).1
 LIBSOUP3_SOURCE = libsoup-$(LIBSOUP3_VERSION).tar.xz
 LIBSOUP3_SITE = https://download.gnome.org/sources/libsoup/$(LIBSOUP3_VERSION_MAJOR)
 LIBSOUP3_LICENSE = LGPL-2.0+