Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libsoup2 for openSUSE:Factory checked in at 2026-05-31 18:28:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsoup2 (Old) and /work/SRC/openSUSE:Factory/.libsoup2.new.1937 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsoup2" Sun May 31 18:28:32 2026 rev:25 rq:1355962 version:2.74.3 Changes: -------- --- /work/SRC/openSUSE:Factory/libsoup2/libsoup2.changes 2026-05-25 21:53:24.088568971 +0200 +++ /work/SRC/openSUSE:Factory/.libsoup2.new.1937/libsoup2.changes 2026-05-31 18:28:45.893277507 +0200 @@ -1,0 +2,7 @@ +Wed May 27 14:42:50 UTC 2026 - Michael Gorse <[email protected]> + +- Add libsoup2-CVE-2026-1801.patch: Use CRLF as line boundary when + parsing chunk encoding data (bsc#1257649 CVE-2026-1801 + glgo#GNOME/libsoup#481). + +------------------------------------------------------------------- New: ---- libsoup2-CVE-2026-1801.patch ----------(New B)---------- New: - Add libsoup2-CVE-2026-1801.patch: Use CRLF as line boundary when parsing chunk encoding data (bsc#1257649 CVE-2026-1801 ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsoup2.spec ++++++ --- /var/tmp/diff_new_pack.e6ypol/_old 2026-05-31 18:28:51.649513431 +0200 +++ /var/tmp/diff_new_pack.e6ypol/_new 2026-05-31 18:28:51.649513431 +0200 @@ -106,6 +106,8 @@ Patch39: libsoup-CVE-2026-1539.patch # PATCH-FIx-UPSTREAM -- tld-test: update after changes in the public suffix list https://github.com/publicsuffix/list/pull/2623 Patch40: https://github.com/GNOME/libsoup/commit/35af2342.patch +# PATCH-FIX-UPSTREAM libsoup2-CVE-2026-1801.patch bsc#1257649 [email protected] -- Use CRLF as line boundary when parsing chunk encoding data. +Patch41: libsoup2-CVE-2026-1801.patch BuildRequires: glib-networking BuildRequires: meson >= 0.50 ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.e6ypol/_old 2026-05-31 18:28:51.717516218 +0200 +++ /var/tmp/diff_new_pack.e6ypol/_new 2026-05-31 18:28:51.725516546 +0200 @@ -1,6 +1,6 @@ -mtime: 1779605938 -commit: a37f13835aa5211b843e2f8f5f6fc58a34967e1bff31528d05b5051cda73aa56 +mtime: 1780084832 +commit: e061d2cdcf2a8e381421df8d18073d5a9fd33553d0d08d96dbf5285ffa0407db url: https://src.opensuse.org/GNOME/libsoup2 -revision: a37f13835aa5211b843e2f8f5f6fc58a34967e1bff31528d05b5051cda73aa56 +revision: e061d2cdcf2a8e381421df8d18073d5a9fd33553d0d08d96dbf5285ffa0407db projectscmsync: https://src.opensuse.org/GNOME/_ObsPrj ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-05-29 22:00:32.000000000 +0200 @@ -0,0 +1,4 @@ +*.obscpio +*.osc +_build.* +.pbuild ++++++ libsoup2-CVE-2026-1801.patch ++++++ >From b9a1c0663ff8ab6e79715db4b35b54f560416ddd Mon Sep 17 00:00:00 2001 From: Carlos Garcia Campos <[email protected]> Date: Thu, 29 Jan 2026 13:28:55 +0100 Subject: [PATCH] Use CRLF as line boundary when parsing chunked enconding data Closes #481 --- libsoup/http1/soup-body-input-stream.c | 18 ++++--- tests/server-test.c | 67 ++++++++++++++++++++++++++ 2 files changed, 78 insertions(+), 7 deletions(-) Index: libsoup-2.74.3/libsoup/soup-body-input-stream.c =================================================================== --- libsoup-2.74.3.orig/libsoup/soup-body-input-stream.c +++ libsoup-2.74.3/libsoup/soup-body-input-stream.c @@ -159,8 +159,9 @@ soup_body_input_stream_read_chunked (Sou again: switch (bistream->priv->chunked_state) { case SOUP_BODY_INPUT_STREAM_STATE_CHUNK_SIZE: - nread = soup_filter_input_stream_read_line ( - fstream, metabuf, sizeof (metabuf), blocking, + nread = soup_filter_input_stream_read_until ( + fstream, metabuf, sizeof (metabuf), + "\r\n", 2, blocking, TRUE, &got_line, cancellable, error); if (nread <= 0) return nread; @@ -191,9 +192,9 @@ again: return nread; case SOUP_BODY_INPUT_STREAM_STATE_CHUNK_END: - nread = soup_filter_input_stream_read_line ( + nread = soup_filter_input_stream_read_until ( SOUP_FILTER_INPUT_STREAM (bistream->priv->base_stream), - metabuf, sizeof (metabuf), blocking, + metabuf, sizeof (metabuf), "\r\n", 2, blocking, TRUE, &got_line, cancellable, error); if (nread <= 0) return nread; @@ -208,13 +209,13 @@ again: break; case SOUP_BODY_INPUT_STREAM_STATE_TRAILERS: - nread = soup_filter_input_stream_read_line ( - fstream, buffer, count, blocking, + nread = soup_filter_input_stream_read_until ( + fstream, buffer, count, "\r\n", 2, blocking, TRUE, &got_line, cancellable, error); if (nread <= 0) return nread; - if (strncmp (buffer, "\r\n", nread) || strncmp (buffer, "\n", nread)) { + if (nread == 2 && strncmp (buffer, "\r\n", nread) == 0) { bistream->priv->chunked_state = SOUP_BODY_INPUT_STREAM_STATE_DONE; bistream->priv->eof = TRUE; } Index: libsoup-2.74.3/tests/server-test.c =================================================================== --- libsoup-2.74.3.orig/tests/server-test.c +++ libsoup-2.74.3/tests/server-test.c @@ -1435,6 +1435,72 @@ do_multiple_content_length_test (ServerD } } +static void +server_chunked_hundler (SoupServer *server, + SoupMessage *msg, + const char *path, + GHashTable *query, + SoupClientContext *context, + gpointer data) +{ + g_assert_true (msg->method == SOUP_METHOD_POST); + g_assert_cmpstr (path, ==, "/valid"); + + soup_message_set_status (msg, SOUP_STATUS_OK); + soup_message_set_response (msg, "text/plain", SOUP_MEMORY_STATIC, "index", 5); +} + +#define CHUNKED_FORMAT_REQUEST "POST /valid HTTP/1.1\r\nHost: 127.0.0.1\r\n%sGET /invalid HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n" + +static void +do_chunked_test (ServerData *sd, gconstpointer test_data) +{ + gint i; + struct { + const char *description; + const char *test; + } tests[] = { + { "Lone LF", "Transfer-Encoding: chunked\r\n\r\n5;ext\n data\r\n0\r\n\r\n" }, + }; + + sd->server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD); + sd->base_uri = soup_test_server_get_uri (sd->server, "http", NULL); + server_add_handler (sd, NULL, server_chunked_hundler, NULL, NULL); + + for (i = 0; i < G_N_ELEMENTS (tests); i++) { + GSocketClient *client; + GSocketConnection *conn; + GInputStream *input; + GOutputStream *output; + char *request; + char buffer[4096]; + gssize nread; + GError *error = NULL; + + debug_printf (1, " %s\n", tests[i].description); + + client = g_socket_client_new (); + conn = g_socket_client_connect_to_host (client, soup_uri_get_host (sd->base_uri), soup_uri_get_port (sd->base_uri), NULL, &error); + g_assert_no_error (error); + + request = g_strdup_printf (CHUNKED_FORMAT_REQUEST, tests[i].test); + + output = g_io_stream_get_output_stream (G_IO_STREAM (conn)); + g_output_stream_write_all (output, request, strlen (request), NULL, NULL, NULL); + g_output_stream_close (output, NULL, NULL); + g_socket_shutdown (g_socket_connection_get_socket (G_SOCKET_CONNECTION (conn)), FALSE, TRUE, &error); + + input = g_io_stream_get_input_stream (G_IO_STREAM (conn)); + do { + nread = g_input_stream_read (input, buffer, sizeof(buffer), NULL, NULL); + } while (nread > 0); + + g_free (request); + g_object_unref (conn); + g_object_unref (client); + } +} + int main (int argc, char **argv) { @@ -1475,6 +1541,8 @@ main (int argc, char **argv) server_setup, do_steal_connect_test, server_teardown); g_test_add ("/server/multiple-content-length", ServerData, NULL, NULL, do_multiple_content_length_test, server_teardown); + g_test_add ("/server/chunked", ServerData, NULL, + NULL, do_chunked_test, server_teardown); ret = g_test_run ();
