SHA256
1
0
forked from GNOME/libsoup

356 Commits

Author SHA256 Message Date
qzhao 4b1da3dbf3 Update to 3.7.1 2026-06-30 20:42:12 +08:00
qzhao 0e87880586 Revert build dependence to meson 0.62
- Revert several commits which update the meson dependence from 0.54 to 0.62.
- These changes are not core function but block the build in early releases.
- This fix could enable the libsoup update to the latest verion in SLE-15-SP4
  and SP5, which will fix many CVE bugs.
- This fix only enable on SLE-15-SP4 and SP5 in SPEC file.
2026-06-15 20:25:22 +08:00
Xiaoguang Wang 23e8e62910 Add libsoup-CVE-2026-4271.patch bsc#1259767 2026-05-27 11:19:22 +08:00
dimstar baa7ff7022 Migrate to xz compression and manual service run 2026-03-23 09:11:29 +01:00
dimstar_suse b6b8cea30e Accepting request 1337265 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1337265
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=167
2026-03-08 16:25:59 +00:00
dimstar 1717db0cba - Add libsoup-CVE-2026-0716.patch: Fix out-of-bounds read when
reading unmasked frame (bsc#1256418 CVE-2026-0716
  glgo#GNOME/libsoup!518).

OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=334
2026-03-06 07:59:39 +00:00
iznogood 53ef0c7251 GNOME 50.rc - ready for staging
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=333
2026-03-05 09:47:52 +00:00
dimstar_suse 6055b856a0 Accepting request 1335556 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1335556
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=166
2026-03-01 21:14:14 +00:00
iznogood e100332582 - Add libsoup-CVE-2026-1539.patch: Also remove Proxy-Authorization
header on cross origin redirect
  (bsc#1257441, CVE-2026-1539, glgo#GNOME/libsoup#489).

  + libsoup-CVE-2026-1467.patch
  + libsoup-CVE-2026-1760.patch
- Add libsoup-CVE-2026-1467.patch: uri-utils: do host validation
  when checking if a GUri is valid 
  (bsc#1257398, CVE-2026-1467, glgo#GNOME/libsoup#488).
- Add libsoup-CVE-2026-1760.patch: server: close the connection
  after responsing a request containing...
  (bsc#1257597, CVE-2026-1760, glgo#GNOME/libsoup#475).

OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=331
2026-02-28 10:41:00 +00:00
anag_factory 986a792fc9 Accepting request 1334360 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1334360
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=165
2026-02-24 14:37:39 +00:00
iznogood ffc922178e - Update to version 3.6.6
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=329
2026-02-22 15:53:36 +00:00
anag_factory 5f4310c077 Accepting request 1333050 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1333050
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=164
2026-02-16 12:23:11 +00:00
iznogood 745a3951bf - Add more CVE fixes:
+ libsoup-CVE-2025-32049.patch (bsc#1240751 CVE-2025-32049
    glgo#GNOME/libsoup#390)
  + libsoup-CVE-2026-2443.patch (bsc#1258170 CVE-2026-2443
    glgo#GNOME/libsoup#487)
  + libsoup-CVE-2026-2369.patch (bsc#1258120 CVE-2026-2369
    glgo#GNOME/libsoup!508)

OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=327
2026-02-14 17:10:05 +00:00
anag_factory 59e65badb0 Accepting request 1330729 from GNOME:Factory
- Add libsoup-CVE-2026-1536.patch: Always validate the headers
  value when coming from untrusted source
  (bsc#1257440, CVE-2026-1536, glgo#GNOME/libsoup/commit/5c1a2e9c).
- Add libsoup-CVE-2026-1761.patch: multipart: check length of bytes
  read soup_filter_input_stream_read_until()
  (bsc#1257598, CVE-2026-1761, glgo#GNOME/libsoup!496). (forwarded request 1330655 from JonathanKang)

OBS-URL: https://build.opensuse.org/request/show/1330729
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=163
2026-02-03 20:26:28 +00:00
dimstar ab076efb32 Accepting request 1330655 from home:JonathanKang:branches:GNOME:Factory
- Add libsoup-CVE-2026-1536.patch: Always validate the headers
  value when coming from untrusted source
  (bsc#1257440, CVE-2026-1536, glgo#GNOME/libsoup/commit/5c1a2e9c).
- Add libsoup-CVE-2026-1761.patch: multipart: check length of bytes
  read soup_filter_input_stream_read_until()
  (bsc#1257598, CVE-2026-1761, glgo#GNOME/libsoup!496).

OBS-URL: https://build.opensuse.org/request/show/1330655
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=325
2026-02-03 10:44:56 +00:00
anag_factory 6a173f08f5 Accepting request 1326753 from GNOME:Factory
- Add libsoup-CVE-2026-0716.patch: Fix out-of-bounds read for
  websocket (bsc#1256418, CVE-2026-0716, glgo#GNOME/libsoup!494).
- Add libsoup-CVE-2026-0719.patch: Fix overflow for password md4sum
  (bsc#1256399, CVE-2026-0719, glgo#GNOME/libsoup!493). (forwarded request 1326672 from AZhou)

OBS-URL: https://build.opensuse.org/request/show/1326753
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=162
2026-01-13 20:22:58 +00:00
dimstar 11b73a4a43 Accepting request 1326672 from home:AZhou:branches:GNOME:Factory
- Add libsoup-CVE-2026-0716.patch: Fix out-of-bounds read for
  websocket (bsc#1256418, CVE-2026-0716, glgo#GNOME/libsoup!494).
- Add libsoup-CVE-2026-0719.patch: Fix overflow for password md4sum
  (bsc#1256399, CVE-2026-0719, glgo#GNOME/libsoup!493).

OBS-URL: https://build.opensuse.org/request/show/1326672
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=323
2026-01-12 10:13:27 +00:00
anag_factory 71a359df3d Accepting request 1325911 from GNOME:Factory
- Add libsoup-CVE-2025-14523.patch: Reject duplicated Host in
  headers (bsc#1254876, CVE-2025-14523, glgo#GNOME/libsoup!491). (forwarded request 1325886 from AZhou)

OBS-URL: https://build.opensuse.org/request/show/1325911
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=161
2026-01-09 16:02:27 +00:00
dimstar 778db5bd99 Accepting request 1325886 from home:AZhou:branches:GNOME:Factory
- Add libsoup-CVE-2025-14523.patch: Reject duplicated Host in
  headers (bsc#1254876, CVE-2025-14523, glgo#GNOME/libsoup!491).

OBS-URL: https://build.opensuse.org/request/show/1325886
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=321
2026-01-08 07:57:11 +00:00
anag_factory 5427053321 Accepting request 1319178 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1319178
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=160
2025-11-25 14:50:58 +00:00
iznogood 875ecedd9d Accepting request 1318512 from GNOME:Next
- Add libsoup-CVE-2025-12105.patch: fix use after free caused by
  'finishing' queue item twice (bsc#1252555 CVE-2025-12105
  glgo#GNOME/libsoup!481).
- Add i586 to the list of architectures where we re-run tests;
  hsts-db-test is timing out there as well.

OBS-URL: https://build.opensuse.org/request/show/1318512
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=319
2025-11-21 20:17:06 +00:00
dimstar_suse d23082398e Accepting request 1311630 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1311630
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=159
2025-10-18 12:35:08 +00:00
iznogood 08031ff74e Accepting request 1311579 from home:AZhou:branches:GNOME:Factory
- Update libsoup-CVE-2025-11021.patch: Add NULL check for
  soup_date_time_to_string() (bsc#1250562, CVE-2025-11021,
  glgo#GNOME/libsoup!483).

OBS-URL: https://build.opensuse.org/request/show/1311579
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=317
2025-10-16 08:18:31 +00:00
dimstar_suse 37f45f9ea9 Accepting request 1310699 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1310699
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=158
2025-10-14 16:04:51 +00:00
iznogood 08d783fc25 Accepting request 1310697 from home:AZhou:branches:GNOME:Factory
- Add libsoup-CVE-2025-11021.patch: Ignore invalid date when
  processing cookies to prevent out-of-bounds read (bsc#1250562,
  CVE-2025-11021, glgo#GNOME/libsoup!482).

OBS-URL: https://build.opensuse.org/request/show/1310697
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=315
2025-10-11 08:53:52 +00:00
anag_factory 33ebbb7a57 Accepting request 1286735 from GNOME:Factory
- Add libsoup-CVE-2025-4945.patch: add value checks for date/time
  parsing (boo#1243314 CVE-2025-4945). (forwarded request 1286727 from mgorse)

OBS-URL: https://build.opensuse.org/request/show/1286735
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=157
2025-06-20 14:48:18 +00:00
dimstar 48dd6c09fa Accepting request 1286727 from GNOME:Next
- Add libsoup-CVE-2025-4945.patch: add value checks for date/time
  parsing (boo#1243314 CVE-2025-4945).

OBS-URL: https://build.opensuse.org/request/show/1286727
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=313
2025-06-18 15:27:46 +00:00
dimstar_suse 237c5d051d Accepting request 1281009 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1281009
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=156
2025-05-31 17:14:28 +00:00
iznogood 8ebf66b6d9 Accepting request 1280956 from GNOME:Next
- Add libsoup-CVE-2025-4969.patch: multipart: verify array bounds
  before accesing its members (boo#1243423 CVE-2025-4969).
- Also rerun tests for ppc64le should they fail. hsts-db-test
  appears to time out intermittently there (bsc#1243570).

OBS-URL: https://build.opensuse.org/request/show/1280956
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=311
2025-05-29 04:59:02 +00:00
iznogood 2488bddff3 Accepting request 1280720 from GNOME:Next
- Add libsoup-CVE-2025-4476.patch: fix crash in
  soup_auth_digest_get_protection_space (boo#1243422
  CVE-2025-4476 glgo#GNOME/libsoup!457).
- Add libsoup-CVE-2025-4948.patch: verify boundary limits for
  multipart body (boo#1243332 CVE-2025-4948
  glgo#GNOME/libsoup#449).

OBS-URL: https://build.opensuse.org/request/show/1280720
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=310
2025-05-28 05:55:20 +00:00
anag_factory 3e02736a8d Accepting request 1278245 from GNOME:Factory
Fix date format in old changelog entries (forwarded request 1277788 from dimstar)

OBS-URL: https://build.opensuse.org/request/show/1278245
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=155
2025-05-20 07:35:27 +00:00
dimstar 00a113ad88 Accepting request 1277788 from GNOME:Next
Fix date format in old changelog entries

OBS-URL: https://build.opensuse.org/request/show/1277788
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=308
2025-05-18 09:28:57 +00:00
dimstar_suse 1872ef2231 Accepting request 1273522 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1273522
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=154
2025-05-01 13:22:26 +00:00
iznogood 7416d9314f Accepting request 1273515 from GNOME:Next
- Add libsoup-CVE-2025-32907.patch: correct merge of ranges
  (boo#1241222 CVE-2025-32907 glgo#GNOME/libsoup!452).

OBS-URL: https://build.opensuse.org/request/show/1273515
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=306
2025-04-29 20:20:03 +00:00
anag_factory e82c421400 Accepting request 1271272 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1271272
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=153
2025-04-22 15:25:53 +00:00
iznogood ab8ca1eb5b Accepting request 1271213 from GNOME:Next
- Add CVE fixes:
  + libsoup-CVE-2025-32914.patch (boo#1241164 CVE-2025-32914)
  + libsoup-CVE-2025-32908.patch (boo#1241223 CVE-2025-32908)

OBS-URL: https://build.opensuse.org/request/show/1271213
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=304
2025-04-22 06:29:34 +00:00
anag_factory eb06becf16 Accepting request 1255568 from GNOME:Factory
- Update to version 3.6.5:
  + session: Strip authentication credentials on cross-origin
    redirects
  + build: Use pkg-config instead of krb5-config for the gssapi
    dependency
  + http1: When using chunked encoding report an error in case of
    unexpected stream end
  + http2:
    - When a message has no content still respect its Content-Type
    - Revert manual window size management temporarily, as it could
      stall
  + sniffer: Fix potential overflows
  + hsts: Fix minor leak
  + headers: Fix a few parsing edge cases that could be an out of
    bound read
  + connection: Avoid ever calling disconnect twice
  + auth-digest: Fix handling when a nonce isn't present
  + cookies:
    - Limit max size of max-age, path, and domain attributes to
      1024 bytes
    - Limit max size of name and value to 4096 bytes
  + docs: Remove references to old libsoup domain
  + Reintroduce some thread-safety to SoupSession (see
    https://libsoup.gnome.org/libsoup-3.0/client-thread-safety.html)
    Numerous API have been changed which is documented on
    https://libsoup.gnome.org
- Replace pkgconfig(krb5) with pkgconfig(krb5-gssapi)
  BuildRequires: Following upstream changes, and stop passing
  krb5_config="$(which krb5-config)" to meson setup, no longer
  needed nor recognized. (forwarded request 1255109 from iznogood)

OBS-URL: https://build.opensuse.org/request/show/1255568
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=152
2025-03-25 21:07:51 +00:00
dimstar 1a5b149183 Accepting request 1255109 from GNOME:Next
- Update to version 3.6.5:
  + session: Strip authentication credentials on cross-origin
    redirects
  + build: Use pkg-config instead of krb5-config for the gssapi
    dependency
  + http1: When using chunked encoding report an error in case of
    unexpected stream end
  + http2:
    - When a message has no content still respect its Content-Type
    - Revert manual window size management temporarily, as it could
      stall
  + sniffer: Fix potential overflows
  + hsts: Fix minor leak
  + headers: Fix a few parsing edge cases that could be an out of
    bound read
  + connection: Avoid ever calling disconnect twice
  + auth-digest: Fix handling when a nonce isn't present
  + cookies:
    - Limit max size of max-age, path, and domain attributes to
      1024 bytes
    - Limit max size of name and value to 4096 bytes
  + docs: Remove references to old libsoup domain
  + Reintroduce some thread-safety to SoupSession (see
    https://libsoup.gnome.org/libsoup-3.0/client-thread-safety.html)
    Numerous API have been changed which is documented on
    https://libsoup.gnome.org
- Replace pkgconfig(krb5) with pkgconfig(krb5-gssapi)
  BuildRequires: Following upstream changes, and stop passing
  krb5_config="$(which krb5-config)" to meson setup, no longer
  needed nor recognized.

OBS-URL: https://build.opensuse.org/request/show/1255109
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=302
2025-03-24 10:18:39 +00:00
dimstar_suse e9f7c8fd5d Accepting request 1238500 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1238500
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=151
2025-01-18 12:17:44 +00:00
iznogood 1bb7908e86 Accepting request 1238344 from GNOME:Next
- Update to version 3.6.4:
  + http2: Fix regression on 32bit systems when reading response
    data.

OBS-URL: https://build.opensuse.org/request/show/1238344
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=300
2025-01-17 13:00:05 +00:00
anag_factory a5c54729c5 Accepting request 1237895 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1237895
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=150
2025-01-16 17:31:00 +00:00
iznogood cb59d8b7ac Accepting request 1237086 from GNOME:Next
New upstream release

OBS-URL: https://build.opensuse.org/request/show/1237086
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=298
2025-01-14 17:40:49 +00:00
anag_factory 0e5dfbbc50 Accepting request 1228510 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1228510
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=149
2024-12-06 13:25:12 +00:00
iznogood 681dea3b54 Accepting request 1228391 from GNOME:Next
- Increase test timeout on s390x. The http2-body-stream test can be
  slow and sometimes times out in our builds.

OBS-URL: https://build.opensuse.org/request/show/1228391
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=296
2024-12-05 12:42:12 +00:00
anag_factory ecb22a9b5f Accepting request 1226285 from GNOME:Factory
- Update to version 3.6.1:
  + Fix `soup_uri_copy()` reading port as a long instead of an int
  + Fix possible NULL deref in `soup_uri_decode_data_uri()`
  + Fix possible overflow in `SoupContentSniffer`
  + Fix assertion in `soup_uri_decode_data_uri()` on URLs with a
    path starting with `//`
  + headers: Be more robust against invalid input when parsing
    params
  + websocket: Fix possibility of being stuck in a read loop
- Drop patches fixed upstream:
  + 6adc0e3e.patch
  + 29b96fab.patch
  + a35222dd.patch
  + 4c9e75c6.patch

6adc0e3e.patch (forwarded request 1225898 from iznogood)

OBS-URL: https://build.opensuse.org/request/show/1226285
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=148
2024-11-26 19:54:51 +00:00
dimstar 43a200be02 Accepting request 1225898 from GNOME:Next
- Update to version 3.6.1:
  + Fix `soup_uri_copy()` reading port as a long instead of an int
  + Fix possible NULL deref in `soup_uri_decode_data_uri()`
  + Fix possible overflow in `SoupContentSniffer`
  + Fix assertion in `soup_uri_decode_data_uri()` on URLs with a
    path starting with `//`
  + headers: Be more robust against invalid input when parsing
    params
  + websocket: Fix possibility of being stuck in a read loop
- Drop patches fixed upstream:
  + 6adc0e3e.patch
  + 29b96fab.patch
  + a35222dd.patch
  + 4c9e75c6.patch

6adc0e3e.patch

OBS-URL: https://build.opensuse.org/request/show/1225898
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=294
2024-11-25 14:18:24 +00:00
anag_factory c94ce775a7 Accepting request 1224047 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1224047
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=147
2024-11-15 14:37:51 +00:00
iznogood 397026569c Accepting request 1224037 from GNOME:Next
- Add 4c9e75c6.patch: fix an intermittent test failure
  (glgo#GNOME/libsoup#399).

OBS-URL: https://build.opensuse.org/request/show/1224037
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=292
2024-11-13 22:53:52 +00:00
anag_factory 439c8fa768 Accepting request 1223846 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1223846
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsoup?expand=0&rev=146
2024-11-13 14:27:22 +00:00
iznogood e40d8a3747 Accepting request 1223813 from GNOME:Next
- Add 6adc0e3e.patch: websocket: Process the frame as soon as we
  read data (boo#1233287 CVE-2024-52532 glgo#GNOME/libsoup#391).
- Add 29b96fab.patch: websocket-test: disconnect error copy after
  the test ends (glgo#GNOME/libsoup#391).
- Add a35222dd.patch: be more robust against invalid input when
  parsing params (boo#1233292 CVE-2024-52531
  glgo#GNOME/libsoup!407).

OBS-URL: https://build.opensuse.org/request/show/1223813
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=290
2024-11-13 07:23:46 +00:00