File libsoup-CVE-2025-11021.patch of Package libsoup
diff --unified --recursive --text --new-file --color libsoup-3.6.5/libsoup/cookies/soup-cookie.c libsoup-3.6.5.new/libsoup/cookies/soup-cookie.c
--- libsoup-3.6.5/libsoup/cookies/soup-cookie.c 2025-03-22 02:30:16.000000000 +0800
+++ libsoup-3.6.5.new/libsoup/cookies/soup-cookie.c 2025-10-16 11:11:23.233860890 +0800
@@ -758,12 +758,13 @@
if (cookie->expires) {
char *timestamp;
-
- g_string_append (header, "; expires=");
timestamp = soup_date_time_to_string (cookie->expires,
SOUP_DATE_COOKIE);
- g_string_append (header, timestamp);
- g_free (timestamp);
+ if (timestamp) {
+ g_string_append (header, "; expires=");
+ g_string_append (header, timestamp);
+ g_free (timestamp);
+ }
}
if (cookie->path) {
g_string_append (header, "; path=");
diff --unified --recursive --text --new-file --color libsoup-3.6.5/libsoup/server/soup-server.c libsoup-3.6.5.new/libsoup/server/soup-server.c
--- libsoup-3.6.5/libsoup/server/soup-server.c 2025-03-22 02:30:16.000000000 +0800
+++ libsoup-3.6.5.new/libsoup/server/soup-server.c 2025-10-16 11:12:03.270673884 +0800
@@ -852,6 +852,11 @@
date = g_date_time_new_now_utc ();
date_string = soup_date_time_to_string (date, SOUP_DATE_HTTP);
+ if (!date_string) {
+ g_date_time_unref (date);
+ return;
+ }
+
soup_message_headers_replace_common (headers, SOUP_HEADER_DATE, date_string);
g_free (date_string);
g_date_time_unref (date);
diff --unified --recursive --text --new-file --color libsoup-3.6.5/libsoup/soup-date-utils.c libsoup-3.6.5.new/libsoup/soup-date-utils.c
--- libsoup-3.6.5/libsoup/soup-date-utils.c 2025-03-22 02:30:16.000000000 +0800
+++ libsoup-3.6.5.new/libsoup/soup-date-utils.c 2025-10-16 11:11:23.234306968 +0800
@@ -92,6 +92,9 @@
* @date if it's non-UTC.
*/
GDateTime *utcdate = g_date_time_to_utc (date);
+ if (!utcdate)
+ return NULL;
+
char *date_format;
char *formatted_date;
