| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| skip-tls_interaction-test.patch | skip tls_interaction test This test is too unreliable on Debian architectures and this package is too critical to not get timely updates [smcv: Allow running it anyway, by setting an environment variable] |
Jeremy Bicha <jbicha@ubuntu.com> | yes | upstream | 2018-10-08 | |
| tests-Skip-tests-if-unable-to-start-Apache.patch | tests: Skip tests if unable to start Apache This is a workaround for Apache not always being able to bind to its hard-coded ports, which happens often enough to be a problem for Debian QA infrastructure, but not often enough to be able to debug it. |
Simon McVittie <smcv@debian.org> | yes | 2020-03-11 | ||
| Record-Apache-error-log-for-unit-tests-and-show-it-during.patch | Record Apache error log for unit tests and show it during teardown This helps to diagnose problems with the Apache-based tests. |
Simon McVittie <smcv@debian.org> | no | 2021-12-27 | ||
| Mark-XMLRPC-tests-as-flaky.patch | Mark XMLRPC tests as flaky They seem likely to fail during the PHP 8 transition, and don't seem to be amazingly reliable in general. |
Simon McVittie <smcv@debian.org> | not-needed | 2021-12-27 | ||
| CVE-2024-52530.patch | headers: Strictly don't allow NUL bytes In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem. (cherry picked from commit 04df03bc092ac20607f3e150936624d4f536e68b) |
Patrick Griffis <pgriffis@igalia.com> | no | 2024-07-08 | ||
| CVE-2024-52531-1.patch | Define GLIB_VERSION_MAX_ALLOWED and GLIB_VERSION_MIN_REQUIRED (cherry picked from commit 3c54033634ae537b52582900a7ba432c52ae8174) |
Patrick Griffis <pgriffis@igalia.com> | no | 2024-09-16 | ||
| CVE-2024-52531-2.patch | headers: Be more robust against invalid input when parsing params If you pass invalid input to a function such as soup_header_parse_param_list_strict() it can cause an overflow if it decodes the input to UTF-8. This should never happen with valid UTF-8 input which libsoup's client API ensures, however it's server API does not currently. (cherry picked from commit a35222dd0bfab2ac97c10e86b95f762456628283) |
Patrick Griffis <pgriffis@igalia.com> | no | 2024-08-27 | ||
| CVE-2024-52532-1.patch | websocket: process the frame as soon as we read data Otherwise we can enter in a read loop because we were not validating the data until the all the data was read. Fixes #391 (cherry picked from commit 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be) |
Ignacio Casal Quinteiro <qignacio@amazon.com> | no | 2024-09-11 | ||
| CVE-2024-52532-2.patch | websocket-test: disconnect error copy after the test ends Otherwise the server will have already sent a few more wrong bytes and the client will continue getting errors to copy but the error is already != NULL and it will assert (cherry picked from commit 29b96fab2512666d7241e46c98cc45b60b795c0c) |
Ignacio Casal Quinteiro <qignacio@amazon.com> | no | 2024-10-02 | ||
| CVE-2024-52532-3.patch | websocket-test: Disconnect error signal in another place This is the same change as commit 29b96fab "websocket-test: disconnect error copy after the test ends", and is done for the same reason, but replicating it into a different function. (cherry picked from commit 4c9e75c6676a37b6485620c332e568e1a3f530ff) |
Simon McVittie <smcv@debian.org> | no | 2024-11-13 |