| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| server-Add-note-about-recommended-usage.patch | server: Add note about recommended usage. | Patrick Griffis <pgriffis@igalia.com> | no | upstream, 3.7.0, commit:2a9d8ecc45bb814f6a81b1241e6c0c55d632aa28 | 2024-09-11 | |
| headers-Be-more-robust-against-invalid-input-when-parsing.patch | headers: Be more robust against invalid input when parsing params If you pass invalid input to a function such as soup_header_parse_param_list_strict() it can cause an overflow if it decodes the input to UTF-8. This should never happen with valid UTF-8 input which libsoup's client API ensures, however it's server API does not currently. CVE-2024-52531 |
Patrick Griffis <pgriffis@igalia.com> | no | upstream, 3.7.0, commit:a35222dd0bfab2ac97c10e86b95f762456628283 | 2024-08-27 | |
| tests-Add-test-for-passing-invalid-UTF-8-to-soup_header_p.patch | tests: Add test for passing invalid UTF-8 to soup_header_parse_semi_param_list() Related to CVE-2024-52531 |
Patrick Griffis <pgriffis@igalia.com> | no | upstream, 3.7.0, commit:825fda3425546847b42ad5270544e9388ff349fe | 2024-08-27 | |
| websocket-process-the-frame-as-soon-as-we-read-data.patch | websocket: process the frame as soon as we read data Otherwise we can enter in a read loop because we were not validating the data until the all the data was read. CVE-2024-52532 |
Ignacio Casal Quinteiro <qignacio@amazon.com> | yes | upstream | upstream, 3.7.0, commit:6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be | 2024-09-11 |
| websocket-test-disconnect-error-copy-after-the-test-ends.patch | websocket-test: disconnect error copy after the test ends Otherwise the server will have already sent a few more wrong bytes and the client will continue getting errors to copy but the error is already != NULL and it will assert |
Ignacio Casal Quinteiro <qignacio@amazon.com> | yes | upstream | upstream, 3.7.0, commit:29b96fab2512666d7241e46c98cc45b60b795c0c | 2024-10-02 |
| skip-tls_interaction-test.patch | skip tls_interaction test This test is too unreliable on Debian architectures and this package is too critical to not get timely updates [smcv: Allow running it anyway, by setting an environment variable] |
Jeremy Bicha <jbicha@ubuntu.com> | yes | upstream | 2018-10-08 | |
| Record-Apache-error-log-for-unit-tests-and-show-it-during.patch | Record Apache error log for unit tests and show it during teardown This helps to diagnose problems with the Apache-based tests. |
Simon McVittie <smcv@debian.org> | no | 2021-12-27 | ||
| test-utils-Add-more-debug-for-starting-stopping-Apache.patch | test-utils: Add more debug for starting/stopping Apache | Simon McVittie <smcv@debian.org> | no | 2022-03-16 | ||
| tests-extend-timeout-for-http2-body-stream-test.patch | tests: extend timeout for http2-body-stream-test https://bugs.debian.org/1018709 |
Eric Long <i@hack3r.moe> | no | 2022-08-29 | ||
| websocket-test-Disconnect-error-signal-in-another-place.patch | websocket-test: Disconnect error signal in another place This is the same change as commit 29b96fab "websocket-test: disconnect error copy after the test ends", and is done for the same reason, but replicating it into a different function. |
Simon McVittie <smcv@debian.org> | yes | upstream | 2024-11-13 |