Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libsoup2 for openSUSE:Factory checked in at 2026-02-10 21:11:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsoup2 (Old) and /work/SRC/openSUSE:Factory/.libsoup2.new.1670 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsoup2" Tue Feb 10 21:11:51 2026 rev:19 rq:1332174 version:2.74.3 Changes: -------- --- /work/SRC/openSUSE:Factory/libsoup2/libsoup2.changes 2026-01-13 21:23:16.551987557 +0100 +++ /work/SRC/openSUSE:Factory/.libsoup2.new.1670/libsoup2.changes 2026-02-10 21:11:55.678319605 +0100 @@ -1,0 +2,23 @@ +Mon Feb 9 23:48:35 UTC 2026 - Michael Gorse <[email protected]> + +- Add libsoup2-CVE-2025-4476.patch: fix crash in + soup_auth_digest_get_protection_space (bsc#1243422 + CVE-2025-4476 glgo#GNOME/libsoup#440). + +------------------------------------------------------------------- +Fri Feb 6 18:52:17 UTC 2026 - Michael Gorse <[email protected]> + +- Add libsoup2-CVE-2026-0716.patch: Fix out-of-bounds read for + websocket (bsc#1256418, CVE-2026-0716, glgo#GNOME/libsoup!494). + +------------------------------------------------------------------- +Tue Feb 3 01:52:48 UTC 2026 - Jonathan Kang <[email protected]> + +- Add libsoup2-CVE-2026-1761.patch: multipart: check length of bytes + read soup_filter_input_stream_read_until() + (bsc#1257598, CVE-2026-1761, glgo#GNOME/libsoup!496). +- Refresh ef6c4bf6.patch, 04df03bc.patch, 29b96fab.patch, + 48b3b611.patch, 4d12c3e5.patch, 96c22b67.patch and ced3c5d8.patch + from upstream git. + +------------------------------------------------------------------- New: ---- libsoup2-CVE-2025-4476.patch libsoup2-CVE-2026-0716.patch libsoup2-CVE-2026-1761.patch ----------(New B)---------- New: - Add libsoup2-CVE-2025-4476.patch: fix crash in soup_auth_digest_get_protection_space (bsc#1243422 New: - Add libsoup2-CVE-2026-0716.patch: Fix out-of-bounds read for websocket (bsc#1256418, CVE-2026-0716, glgo#GNOME/libsoup!494). New: - Add libsoup2-CVE-2026-1761.patch: multipart: check length of bytes read soup_filter_input_stream_read_until() ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsoup2.spec ++++++ --- /var/tmp/diff_new_pack.uESldI/_old 2026-02-10 21:11:56.834368045 +0100 +++ /var/tmp/diff_new_pack.uESldI/_new 2026-02-10 21:11:56.838368213 +0100 @@ -1,7 +1,7 @@ # # spec file for package libsoup2 # -# Copyright (c) 2026 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -84,6 +84,12 @@ Patch28: libsoup2-CVE-2025-14523.patch # PATCH-FIX-UPSTREAM libsoup2-CVE-2026-0719.patch bsc#1256399, CVE-2026-0719, glgo#GNOME/libsoup!493 [email protected] -- Fix overflow for password md4sum Patch29: libsoup2-CVE-2026-0719.patch +# PATCH-FIX-UPSTREAM libsoup2-CVE-2026-1761.patch bsc#1257598, CVE-2026-1761, glgo#GNOME/libsoup!496 [email protected] -- multipart: check length of bytes read soup_filter_input_stream_read_until() +Patch30: libsoup2-CVE-2026-1761.patch +# PATCH-FIX-UPSTREAM libsoup2-CVE-2026-0716.patch bsc#1256418, CVE-2026-0716, glgo#GNOME/libsoup!494 [email protected] -- Fix out-of-bounds read for websocket +Patch31: libsoup2-CVE-2026-0716.patch +# PATCH-FIX-UPSTREAM libsoup2-CVE-2025-4476.patch boo#1243422 [email protected] -- fix crash in soup_auth_digest_get_protection_space. +Patch32: libsoup2-CVE-2025-4476.patch BuildRequires: glib-networking BuildRequires: meson >= 0.50 ++++++ 04df03bc.patch ++++++ --- /var/tmp/diff_new_pack.uESldI/_old 2026-02-10 21:11:56.870369554 +0100 +++ /var/tmp/diff_new_pack.uESldI/_new 2026-02-10 21:11:56.874369722 +0100 @@ -10,7 +10,7 @@ 2 files changed, 32 insertions(+), 45 deletions(-) diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c -index a0cf351ac..f30ee467a 100644 +index a0cf351a..f30ee467 100644 --- a/libsoup/soup-headers.c +++ b/libsoup/soup-headers.c @@ -51,13 +51,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest) @@ -47,7 +47,7 @@ name = value_end + 1; name_end = strchr (name, ':'); diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c -index edf8eebb3..715c2c6f2 100644 +index edf8eebb..715c2c6f 100644 --- a/tests/header-parsing-test.c +++ b/tests/header-parsing-test.c @@ -358,24 +358,6 @@ static struct RequestTest { ++++++ 29b96fab.patch ++++++ --- /var/tmp/diff_new_pack.uESldI/_old 2026-02-10 21:11:56.890370392 +0100 +++ /var/tmp/diff_new_pack.uESldI/_new 2026-02-10 21:11:56.902370895 +0100 @@ -11,7 +11,7 @@ 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/websocket-test.c b/tests/websocket-test.c -index 06c443bb5..6a48c1f9b 100644 +index 06c443bb..6a48c1f9 100644 --- a/tests/websocket-test.c +++ b/tests/websocket-test.c @@ -1539,8 +1539,9 @@ test_receive_invalid_encode_length_64 (Test *test, ++++++ 48b3b611.patch ++++++ --- /var/tmp/diff_new_pack.uESldI/_old 2026-02-10 21:11:56.922371733 +0100 +++ /var/tmp/diff_new_pack.uESldI/_new 2026-02-10 21:11:56.926371901 +0100 @@ -23,7 +23,7 @@ 4 files changed, 51 insertions(+) diff --git a/libsoup/soup-message-io.c b/libsoup/soup-message-io.c -index c5412abb2..8d69f18d6 100644 +index c5412abb..8d69f18d 100644 --- a/libsoup/soup-message-io.c +++ b/libsoup/soup-message-io.c @@ -927,7 +927,11 @@ soup_message_io_get_source (SoupMessage *msg, GCancellable *cancellable, @@ -39,7 +39,7 @@ message_source->msg = g_object_ref (msg); message_source->paused = io && io->paused; diff --git a/libsoup/soup-misc.c b/libsoup/soup-misc.c -index 2cf6b0f6a..170fa15a2 100644 +index 2cf6b0f6..170fa15a 100644 --- a/libsoup/soup-misc.c +++ b/libsoup/soup-misc.c @@ -83,6 +83,11 @@ soup_add_io_watch (GMainContext *async_context, @@ -91,7 +91,7 @@ g_source_attach (source, async_context); g_source_unref (source); diff --git a/libsoup/soup-socket.c b/libsoup/soup-socket.c -index 0ec451032..53b5c584b 100644 +index 0ec45103..53b5c584 100644 --- a/libsoup/soup-socket.c +++ b/libsoup/soup-socket.c @@ -1203,6 +1203,13 @@ soup_socket_create_watch (SoupSocketPrivate *priv, GIOCondition cond, @@ -109,7 +109,7 @@ g_source_attach (watch, priv->async_context); diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c -index a4095e1c9..6d136d411 100644 +index a4095e1c..6d136d41 100644 --- a/libsoup/soup-websocket-connection.c +++ b/libsoup/soup-websocket-connection.c @@ -306,6 +306,11 @@ soup_websocket_connection_start_input_source (SoupWebsocketConnection *self) ++++++ 4d12c3e5.patch ++++++ --- /var/tmp/diff_new_pack.uESldI/_old 2026-02-10 21:11:56.950372906 +0100 +++ /var/tmp/diff_new_pack.uESldI/_new 2026-02-10 21:11:56.954373074 +0100 @@ -22,7 +22,7 @@ 11 files changed, 16 insertions(+) diff --git a/libsoup/soup-address.c b/libsoup/soup-address.c -index 574e982f2..bcd3e9e7f 100644 +index 574e982f..bcd3e9e7 100644 --- a/libsoup/soup-address.c +++ b/libsoup/soup-address.c @@ -1209,6 +1209,8 @@ soup_address_address_enumerator_next_async (GSocketAddressEnumerator *enumerato @@ -35,7 +35,7 @@ soup_address_resolve_async (addr_enum->addr, g_main_context_get_thread_default (), diff --git a/libsoup/soup-client-input-stream.c b/libsoup/soup-client-input-stream.c -index e73ec9e63..c5484501e 100644 +index e73ec9e6..c5484501 100644 --- a/libsoup/soup-client-input-stream.c +++ b/libsoup/soup-client-input-stream.c @@ -189,6 +189,7 @@ soup_client_input_stream_close_async (GInputStream *stream, @@ -47,7 +47,7 @@ if (close_async_ready (cistream->priv->msg, task) == G_SOURCE_CONTINUE) { diff --git a/libsoup/soup-connection.c b/libsoup/soup-connection.c -index 1b9a4fee8..8d4fee8d1 100644 +index 1b9a4fee..8d4fee8d 100644 --- a/libsoup/soup-connection.c +++ b/libsoup/soup-connection.c @@ -418,6 +418,7 @@ soup_connection_connect_async (SoupConnection *conn, @@ -67,7 +67,7 @@ soup_socket_handshake_async (priv->socket, priv->remote_uri->host, cancellable, start_ssl_completed, task); diff --git a/libsoup/soup-io-stream.c b/libsoup/soup-io-stream.c -index 8daca38d6..3da1d614b 100644 +index 8daca38d..3da1d614 100644 --- a/libsoup/soup-io-stream.c +++ b/libsoup/soup-io-stream.c @@ -160,6 +160,7 @@ soup_io_stream_close_async (GIOStream *stream, @@ -79,7 +79,7 @@ io_priority, cancellable, close_async_complete, task); diff --git a/libsoup/soup-multipart-input-stream.c b/libsoup/soup-multipart-input-stream.c -index 535dd6ec4..209eb9a32 100644 +index 535dd6ec..209eb9a3 100644 --- a/libsoup/soup-multipart-input-stream.c +++ b/libsoup/soup-multipart-input-stream.c @@ -528,6 +528,7 @@ soup_multipart_input_stream_next_part_async (SoupMultipartInputStream *multipart @@ -91,7 +91,7 @@ if (!g_input_stream_set_pending (stream, &error)) { diff --git a/libsoup/soup-proxy-resolver-wrapper.c b/libsoup/soup-proxy-resolver-wrapper.c -index e07664ca9..e787ff095 100644 +index e07664ca..e787ff09 100644 --- a/libsoup/soup-proxy-resolver-wrapper.c +++ b/libsoup/soup-proxy-resolver-wrapper.c @@ -92,6 +92,7 @@ soup_proxy_resolver_wrapper_lookup_async (GProxyResolver *resolver, @@ -103,7 +103,7 @@ g_task_set_task_data (task, source_uri, (GDestroyNotify) soup_uri_free); diff --git a/libsoup/soup-request-file.c b/libsoup/soup-request-file.c -index c402a5b4c..6d3e9fa3b 100644 +index c402a5b4..6d3e9fa3 100644 --- a/libsoup/soup-request-file.c +++ b/libsoup/soup-request-file.c @@ -301,6 +301,7 @@ soup_request_file_send_async (SoupRequest *request, @@ -115,7 +115,7 @@ if (!soup_request_file_ensure_file (file, cancellable, &error)) { g_task_return_error (task, error); diff --git a/libsoup/soup-request-http.c b/libsoup/soup-request-http.c -index 285f59d7a..a608d3a2d 100644 +index 285f59d7..a608d3a2 100644 --- a/libsoup/soup-request-http.c +++ b/libsoup/soup-request-http.c @@ -140,6 +140,7 @@ soup_request_http_send_async (SoupRequest *request, @@ -127,7 +127,7 @@ http_input_stream_ready_cb, task); } diff --git a/libsoup/soup-request.c b/libsoup/soup-request.c -index 61980c78a..6c11c32c4 100644 +index 61980c78..6c11c32c 100644 --- a/libsoup/soup-request.c +++ b/libsoup/soup-request.c @@ -177,6 +177,7 @@ soup_request_default_send_async (SoupRequest *request, @@ -139,7 +139,7 @@ stream = soup_request_send (request, cancellable, &error); if (stream) diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c -index 83421ef9d..c74b1b886 100644 +index 83421ef9..c74b1b88 100644 --- a/libsoup/soup-session.c +++ b/libsoup/soup-session.c @@ -4355,6 +4355,7 @@ soup_session_send_async (SoupSession *session, @@ -167,7 +167,7 @@ msg = soup_message_new_from_uri (SOUP_METHOD_HEAD, uri); soup_message_set_flags (msg, SOUP_MESSAGE_NEW_CONNECTION); diff --git a/libsoup/soup-socket.c b/libsoup/soup-socket.c -index 7ad484308..0ec451032 100644 +index 7ad48430..0ec45103 100644 --- a/libsoup/soup-socket.c +++ b/libsoup/soup-socket.c @@ -970,6 +970,7 @@ soup_socket_connect_async_internal (SoupSocket *sock, ++++++ 96c22b67.patch ++++++ --- /var/tmp/diff_new_pack.uESldI/_old 2026-02-10 21:11:56.974373912 +0100 +++ /var/tmp/diff_new_pack.uESldI/_new 2026-02-10 21:11:56.978374080 +0100 @@ -11,7 +11,7 @@ 3 files changed, 53 insertions(+), 11 deletions(-) diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c -index 4c8134a7f..7669c6385 100644 +index 4c8134a7..7669c638 100644 --- a/libsoup/soup-content-sniffer.c +++ b/libsoup/soup-content-sniffer.c @@ -612,8 +612,11 @@ sniff_text_or_binary (SoupContentSniffer *sniffer, SoupBuffer *buffer) @@ -47,7 +47,7 @@ goto text_html; diff --git a/tests/sniffing-test.c b/tests/sniffing-test.c -index 0a4569a43..372b659e1 100644 +index 0a4569a4..372b659e 100644 --- a/tests/sniffing-test.c +++ b/tests/sniffing-test.c @@ -436,6 +436,52 @@ test_disabled (gconstpointer data) @@ -123,7 +123,7 @@ soup_uri_free (base_uri); diff --git a/tests/soup-tests.gresource.xml b/tests/soup-tests.gresource.xml -index cbef1d402..9c08d170e 100644 +index cbef1d40..9c08d170 100644 --- a/tests/soup-tests.gresource.xml +++ b/tests/soup-tests.gresource.xml @@ -25,6 +25,5 @@ ++++++ ced3c5d8.patch ++++++ --- /var/tmp/diff_new_pack.uESldI/_old 2026-02-10 21:11:57.018375756 +0100 +++ /var/tmp/diff_new_pack.uESldI/_new 2026-02-10 21:11:57.022375923 +0100 @@ -15,7 +15,7 @@ 2 files changed, 2 insertions(+) diff --git a/libsoup/soup-xmlrpc-old.c b/libsoup/soup-xmlrpc-old.c -index c57086b6a..527e3b235 100644 +index c57086b6..527e3b23 100644 --- a/libsoup/soup-xmlrpc-old.c +++ b/libsoup/soup-xmlrpc-old.c @@ -11,6 +11,7 @@ @@ -27,7 +27,7 @@ #include "soup-xmlrpc-old.h" diff --git a/libsoup/soup-xmlrpc.c b/libsoup/soup-xmlrpc.c -index 42dcda9c7..e991cbf01 100644 +index 42dcda9c..e991cbf0 100644 --- a/libsoup/soup-xmlrpc.c +++ b/libsoup/soup-xmlrpc.c @@ -17,6 +17,7 @@ ++++++ ef6c4bf6.patch ++++++ --- /var/tmp/diff_new_pack.uESldI/_old 2026-02-10 21:11:57.034376426 +0100 +++ /var/tmp/diff_new_pack.uESldI/_new 2026-02-10 21:11:57.038376594 +0100 @@ -11,7 +11,7 @@ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c -index 967ec6141..4c8134a7f 100644 +index 967ec614..4c8134a7 100644 --- a/libsoup/soup-content-sniffer.c +++ b/libsoup/soup-content-sniffer.c @@ -642,7 +642,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer) @@ -24,7 +24,7 @@ if (skip_insignificant_space (resource, &pos, resource_length)) diff --git a/tests/sniffing-test.c b/tests/sniffing-test.c -index d2aa86b9d..0a4569a43 100644 +index d2aa86b9..0a4569a4 100644 --- a/tests/sniffing-test.c +++ b/tests/sniffing-test.c @@ -605,6 +605,11 @@ main (int argc, char **argv) @@ -40,7 +40,7 @@ g_test_add_data_func ("/sniffing/disabled", "/text_or_binary/home.gif", diff --git a/tests/soup-tests.gresource.xml b/tests/soup-tests.gresource.xml -index 9c08d170e..cbef1d402 100644 +index 9c08d170..cbef1d40 100644 --- a/tests/soup-tests.gresource.xml +++ b/tests/soup-tests.gresource.xml @@ -25,5 +25,6 @@ ++++++ libsoup2-CVE-2025-4476.patch ++++++ diff -urp libsoup-2.74.3.orig/libsoup/soup-auth-digest.c libsoup-2.74.3/libsoup/soup-auth-digest.c --- libsoup-2.74.3.orig/libsoup/soup-auth-digest.c 2026-02-09 17:38:30.164344509 -0600 +++ libsoup-2.74.3/libsoup/soup-auth-digest.c 2026-02-09 17:43:50.567587815 -0600 @@ -229,7 +229,7 @@ soup_auth_digest_get_protection_space (S uri = soup_uri_new (d); if (uri && uri->scheme == source_uri->scheme && uri->port == source_uri->port && - !strcmp (uri->host, source_uri->host)) + !g_strcmp0 (uri->host, source_uri->host)) dir = g_strdup (uri->path); else dir = NULL; ++++++ libsoup2-CVE-2026-0716.patch ++++++ diff -urp libsoup-2.74.3.orig/libsoup/soup-websocket-connection.c libsoup-2.74.3/libsoup/soup-websocket-connection.c --- libsoup-2.74.3.orig/libsoup/soup-websocket-connection.c 2022-10-11 13:27:22.000000000 -0500 +++ libsoup-2.74.3/libsoup/soup-websocket-connection.c 2026-02-06 12:46:44.372111863 -0600 @@ -1064,6 +1064,12 @@ process_frame (SoupWebsocketConnection * payload += 4; at += 4; + /* at has a maximum value of 10 + 4 = 14 */ + if (payload_len > G_MAXSIZE - 14) { + bad_data_error_and_close (self); + return FALSE; + } + if (len < at + payload_len) return FALSE; /* need more data */ diff -urp libsoup-2.74.3.orig/tests/websocket-test.c libsoup-2.74.3/tests/websocket-test.c --- libsoup-2.74.3.orig/tests/websocket-test.c 2022-10-11 13:27:22.000000000 -0500 +++ libsoup-2.74.3/tests/websocket-test.c 2026-02-06 12:46:44.372679228 -0600 @@ -1861,6 +1861,41 @@ test_cookies_in_response (Test *test, soup_cookie_free (cookie); } +static void +test_cve_2026_0716 (Test *test, + gconstpointer unused) +{ + GError *error = NULL; + GIOStream *io; + gsize written; + const char *frame; + gboolean close_event = FALSE; + + g_signal_handlers_disconnect_by_func (test->server, on_error_not_reached, NULL); + g_signal_connect (test->server, "error", G_CALLBACK (on_error_copy), &error); + g_signal_connect (test->client, "closed", G_CALLBACK (on_close_set_flag), &close_event); + + io = soup_websocket_connection_get_io_stream (test->client); + + soup_websocket_connection_set_max_incoming_payload_size (test->server, 0); + + // Malicious masked frame header (10-byte header + 4-byte mask) */ + frame = "\x82\xff\xff\xff\xff\xff\xff\xff\xff\xf6\xaa\xbb\xcc\xdd"; + if (!g_output_stream_write_all (g_io_stream_get_output_stream (io), + frame, 14, &written, NULL, NULL)) + g_assert_cmpstr ("This code", ==, "should not be reached"); + g_assert_cmpuint (written, ==, 14); + + WAIT_UNTIL (error != NULL); + g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_BAD_DATA); + g_clear_error (&error); + + WAIT_UNTIL (soup_websocket_connection_get_state (test->client) == SOUP_WEBSOCKET_STATE_CLOSED); + g_assert_true (close_event); + + g_assert_cmpuint (soup_websocket_connection_get_close_code (test->client), ==, SOUP_WEBSOCKET_CLOSE_BAD_DATA); +} + int main (int argc, char *argv[]) @@ -2094,6 +2129,15 @@ main (int argc, test_cookies_in_response, teardown_soup_connection); + g_test_add ("/websocket/direct/cve-2026-0716", Test, NULL, + setup_direct_connection, + test_cve_2026_0716, + teardown_direct_connection); + g_test_add ("/websocket/soup/cve-2026-0716", Test, NULL, + setup_soup_connection, + test_cve_2026_0716, + teardown_soup_connection); + ret = g_test_run (); test_cleanup (); ++++++ libsoup2-CVE-2026-1761.patch ++++++ Index: libsoup-2.74.3/libsoup/soup-filter-input-stream.c =================================================================== --- libsoup-2.74.3.orig/libsoup/soup-filter-input-stream.c +++ libsoup-2.74.3/libsoup/soup-filter-input-stream.c @@ -272,6 +272,6 @@ soup_filter_input_stream_read_until (Sou if (eof && !*got_boundary) read_length = MIN (fstream->priv->buf->len, length); else - read_length = p - buf; + read_length = MIN ((gsize)(p - buf), length); return read_from_buf (fstream, buffer, read_length); }
