- Update to version 3.6.5:
+ session: Strip authentication credentials on cross-origin
redirects
+ build: Use pkg-config instead of krb5-config for the gssapi
dependency
+ http1: When using chunked encoding report an error in case of
unexpected stream end
+ http2:
- When a message has no content still respect its Content-Type
- Revert manual window size management temporarily, as it could
stall
+ sniffer: Fix potential overflows
+ hsts: Fix minor leak
+ headers: Fix a few parsing edge cases that could be an out of
bound read
+ connection: Avoid ever calling disconnect twice
+ auth-digest: Fix handling when a nonce isn't present
+ cookies:
- Limit max size of max-age, path, and domain attributes to
1024 bytes
- Limit max size of name and value to 4096 bytes
+ docs: Remove references to old libsoup domain
+ Reintroduce some thread-safety to SoupSession (see
https://libsoup.gnome.org/libsoup-3.0/client-thread-safety.html)
Numerous API have been changed which is documented on
https://libsoup.gnome.org
- Replace pkgconfig(krb5) with pkgconfig(krb5-gssapi)
BuildRequires: Following upstream changes, and stop passing
krb5_config="$(which krb5-config)" to meson setup, no longer
needed nor recognized. (forwarded request 1255109 from iznogood)
OBS-URL: https://build.opensuse.org/request/show/1255568
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=152
- Update to version 3.6.5:
+ session: Strip authentication credentials on cross-origin
redirects
+ build: Use pkg-config instead of krb5-config for the gssapi
dependency
+ http1: When using chunked encoding report an error in case of
unexpected stream end
+ http2:
- When a message has no content still respect its Content-Type
- Revert manual window size management temporarily, as it could
stall
+ sniffer: Fix potential overflows
+ hsts: Fix minor leak
+ headers: Fix a few parsing edge cases that could be an out of
bound read
+ connection: Avoid ever calling disconnect twice
+ auth-digest: Fix handling when a nonce isn't present
+ cookies:
- Limit max size of max-age, path, and domain attributes to
1024 bytes
- Limit max size of name and value to 4096 bytes
+ docs: Remove references to old libsoup domain
+ Reintroduce some thread-safety to SoupSession (see
https://libsoup.gnome.org/libsoup-3.0/client-thread-safety.html)
Numerous API have been changed which is documented on
https://libsoup.gnome.org
- Replace pkgconfig(krb5) with pkgconfig(krb5-gssapi)
BuildRequires: Following upstream changes, and stop passing
krb5_config="$(which krb5-config)" to meson setup, no longer
needed nor recognized.
OBS-URL: https://build.opensuse.org/request/show/1255109
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=302
- Update to version 3.6.1:
+ Fix `soup_uri_copy()` reading port as a long instead of an int
+ Fix possible NULL deref in `soup_uri_decode_data_uri()`
+ Fix possible overflow in `SoupContentSniffer`
+ Fix assertion in `soup_uri_decode_data_uri()` on URLs with a
path starting with `//`
+ headers: Be more robust against invalid input when parsing
params
+ websocket: Fix possibility of being stuck in a read loop
- Drop patches fixed upstream:
+ 6adc0e3e.patch
+ 29b96fab.patch
+ a35222dd.patch
+ 4c9e75c6.patch
6adc0e3e.patch (forwarded request 1225898 from iznogood)
OBS-URL: https://build.opensuse.org/request/show/1226285
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=148
- Update to version 3.6.1:
+ Fix `soup_uri_copy()` reading port as a long instead of an int
+ Fix possible NULL deref in `soup_uri_decode_data_uri()`
+ Fix possible overflow in `SoupContentSniffer`
+ Fix assertion in `soup_uri_decode_data_uri()` on URLs with a
path starting with `//`
+ headers: Be more robust against invalid input when parsing
params
+ websocket: Fix possibility of being stuck in a read loop
- Drop patches fixed upstream:
+ 6adc0e3e.patch
+ 29b96fab.patch
+ a35222dd.patch
+ 4c9e75c6.patch
6adc0e3e.patch
OBS-URL: https://build.opensuse.org/request/show/1225898
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=294
- Add 6adc0e3e.patch: websocket: Process the frame as soon as we
read data (boo#1233287 CVE-2024-52532 glgo#GNOME/libsoup#391).
- Add 29b96fab.patch: websocket-test: disconnect error copy after
the test ends (glgo#GNOME/libsoup#391).
- Add a35222dd.patch: be more robust against invalid input when
parsing params (boo#1233292 CVE-2024-52531
glgo#GNOME/libsoup!407).
OBS-URL: https://build.opensuse.org/request/show/1223813
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=290
- Update to version 3.6.0:
+ Allow HTTP/2 to be used with non-HTTP proxies
- Changes from version 3.5.2:
+ Strictly forbid NUL bytes in headers
+ Fix minor leaks
- Changes from version 3.5.1:
+ Add `SOUP_METHOD_PATCH`
+ websocket: Add `SoupWebsocketConnection:keepalive-pong-timeout`
property
+ Increase maxmimum size of HTTP headers
+ Fix `soup_uri_copy()` in Vala
+ Fix leak in `soup_message_new_from_encoded_form()`
+ multipart: Improve handling of messages missing termination
+ logger:
- Fix request filter function being called with response user
data
- Fix response bodies never being logged if request bodies
aren't
- Add Soup-Host to logged headers for when Host is missing
+ cookies:
- Fix incorrect logic in determining same-site cookies
- Limit the Max-Age to 1 year
+ cookie-jar-db: Explicitly handle old databases lacking
same-site column
OBS-URL: https://build.opensuse.org/request/show/1196028
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=288
