Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
skip-tls_interaction-test.patch | skip tls_interaction test This test is too unreliable on Debian architectures and this package is too critical to not get timely updates [smcv: Allow running it anyway, by setting an environment variable] |
Jeremy Bicha <jbicha@ubuntu.com> | yes | upstream | 2018-10-08 | |
tests-Skip-tests-if-unable-to-start-Apache.patch | tests: Skip tests if unable to start Apache This is a workaround for Apache not always being able to bind to its hard-coded ports, which happens often enough to be a problem for Debian QA infrastructure, but not often enough to be able to debug it. |
Simon McVittie <smcv@debian.org> | yes | 2020-03-11 | ||
gitlab_tests_fix.patch | tests: fix SSL test with glib-networking >= 2.65.90 To make SSL tests fail with our testing certificate we create and empty GTlsDatabase passing /dev/null to g_tls_file_database_new(). This no longer works with newer glib-networking, since an empty file is considered an error by gnutls and g_tls_file_database_gnutls_populate_trust_list() now handles gnutls errors properly. Instead, we can just use the system CA file that won't contain our testing certificate for sure. |
Carlos Garcia Campos <cgarcia@igalia.com> | yes | debian upstream | 2020-09-09 | |
tests-ensure-we-use-an-absolute-path-for-apache-server-ro.patch | tests: ensure we use an absolute path for apache server root parameter For some reason apache silently fails now if a relative path is passed. |
Carlos Garcia Campos <cgarcia@igalia.com> | no | upstream, 2.72.1, commit:8088ba659b6984d4502315ff7173080a9711c8e5 | 2020-09-07 | |
CVE-2024-52530.patch | headers: Strictly don't allow NUL bytes In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem. (cherry picked from commit 04df03bc092ac20607f3e150936624d4f536e68b) |
Patrick Griffis <pgriffis@igalia.com> | no | 2024-07-08 | ||
CVE-2024-52531-2.patch | headers: Be more robust against invalid input when parsing params If you pass invalid input to a function such as soup_header_parse_param_list_strict() it can cause an overflow if it decodes the input to UTF-8. This should never happen with valid UTF-8 input which libsoup's client API ensures, however it's server API does not currently. (cherry picked from commit a35222dd0bfab2ac97c10e86b95f762456628283) LTS note: We skip upstream commit 3c540336 for LTS because we have older GLib. <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407#note_2274396> says that we shouldn't need it, and we have a test case to confirm the vulnerability is fixed without it. |
Patrick Griffis <pgriffis@igalia.com> | no | 2024-08-27 | ||
CVE-2024-52531-3.patch | tests: Add test for passing invalid UTF-8 to soup_header_parse_semi_param_list() (cherry picked from commit 825fda3425546847b42ad5270544e9388ff349fe) |
Patrick Griffis <pgriffis@igalia.com> | no | 2024-08-27 | ||
CVE-2024-52532-1.patch | websocket: process the frame as soon as we read data Otherwise we can enter in a read loop because we were not validating the data until the all the data was read. Fixes #391 (cherry picked from commit 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be) |
Ignacio Casal Quinteiro <qignacio@amazon.com> | no | 2024-09-11 | ||
CVE-2024-52532-2.patch | websocket-test: disconnect error copy after the test ends Otherwise the server will have already sent a few more wrong bytes and the client will continue getting errors to copy but the error is already != NULL and it will assert (cherry picked from commit 29b96fab2512666d7241e46c98cc45b60b795c0c) |
Ignacio Casal Quinteiro <qignacio@amazon.com> | no | 2024-10-02 | ||
CVE-2024-52532-3.patch | websocket-test: Disconnect error signal in another place This is the same change as commit 29b96fab "websocket-test: disconnect error copy after the test ends", and is done for the same reason, but replicating it into a different function. (cherry picked from commit 4c9e75c6676a37b6485620c332e568e1a3f530ff) |
Simon McVittie <smcv@debian.org> | no | 2024-11-13 |