| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libsoup-3_0-0 | Distribution: openSUSE Tumbleweed |
| Version: 3.6.5 | Vendor: openSUSE |
| Release: 8.1 | Build date: Thu Oct 16 05:25:37 2025 |
| Group: Development/Libraries/GNOME | Build host: reproducible |
| Size: 748516 | Source RPM: libsoup-3.6.5-8.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://wiki.gnome.org/Projects/libsoup | |
| Summary: HTTP client/server library for GNOME | |
Libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications. Features: * Both asynchronous (GMainLoop and callback-based) and synchronous APIs * Automatically caches connections * SSL Support using GnuTLS * Proxy support, including authentication and SSL tunneling * Client support for Digest, NTLM, and Basic authentication * Server support for Digest and Basic authentication * XML-RPC support
LGPL-2.1-or-later
* Thu Oct 16 2025 Alynx Zhou <alynx.zhou@suse.com>
- Update libsoup-CVE-2025-11021.patch: Add NULL check for
soup_date_time_to_string() (bsc#1250562, CVE-2025-11021,
glgo#GNOME/libsoup!483).
* Sat Oct 11 2025 Alynx Zhou <alynx.zhou@suse.com>
- Add libsoup-CVE-2025-11021.patch: Ignore invalid date when
processing cookies to prevent out-of-bounds read (bsc#1250562,
CVE-2025-11021, glgo#GNOME/libsoup!482).
* Wed Jun 18 2025 Michael Gorse <mgorse@suse.com>
- Add libsoup-CVE-2025-4945.patch: add value checks for date/time
parsing (boo#1243314 CVE-2025-4945).
* Wed May 28 2025 Michael Gorse <mgorse@suse.com>
- Add libsoup-CVE-2025-4969.patch: multipart: verify array bounds
before accesing its members (boo#1243423 CVE-2025-4969).
- Also rerun tests for ppc64le should they fail. hsts-db-test
appears to time out intermittently there (bsc#1243570).
* Tue May 27 2025 Michael Gorse <mgorse@suse.com>
- Add libsoup-CVE-2025-4476.patch: fix crash in
soup_auth_digest_get_protection_space (boo#1243422
CVE-2025-4476 glgo#GNOME/libsoup!457).
- Add libsoup-CVE-2025-4948.patch: verify boundary limits for
multipart body (boo#1243332 CVE-2025-4948
glgo#GNOME/libsoup#449).
* Tue Apr 29 2025 Michael Gorse <mgorse@suse.com>
- Add libsoup-CVE-2025-32907.patch: correct merge of ranges
(boo#1241222 CVE-2025-32907 glgo#GNOME/libsoup!452).
* Mon Apr 21 2025 Michael Gorse <mgorse@suse.com>
- Add CVE fixes:
+ libsoup-CVE-2025-32914.patch (boo#1241164 CVE-2025-32914)
+ libsoup-CVE-2025-32908.patch (boo#1241223 CVE-2025-32908)
* Sun Apr 06 2025 Bjørn Lie <bjorn.lie@gmail.com>
- Rerun tests once for s390x should they fail, tests for this arch
is very flaky.
* Fri Mar 21 2025 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.6.5 (boo#1241263):
+ session: Strip authentication credentials on cross-origin
redirects
+ build: Use pkg-config instead of krb5-config for the gssapi
dependency
+ http1: When using chunked encoding report an error in case of
unexpected stream end
+ http2:
- When a message has no content still respect its Content-Type
- Revert manual window size management temporarily, as it could
stall
+ sniffer: Fix potential overflows
+ hsts: Fix minor leak
+ headers: Fix a few parsing edge cases that could be an out of
bound read
+ connection: Avoid ever calling disconnect twice
+ auth-digest: Fix handling when a nonce isn't present
+ cookies:
- Limit max size of max-age, path, and domain attributes to
1024 bytes
- Limit max size of name and value to 4096 bytes
+ docs: Remove references to old libsoup domain
+ Reintroduce some thread-safety to SoupSession (see
https://libsoup.gnome.org/libsoup-3.0/client-thread-safety.html)
Numerous API have been changed which is documented on
https://libsoup.gnome.org
- Replace pkgconfig(krb5) with pkgconfig(krb5-gssapi)
BuildRequires: Following upstream changes, and stop passing
krb5_config="$(which krb5-config)" to meson setup, no longer
needed nor recognized.
* Thu Jan 16 2025 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.6.4:
+ http2: Fix regression on 32bit systems when reading response
data.
* Sat Jan 11 2025 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.6.3:
+ http2: Significantly reduce memory usage of large requests
+ server: Treat `ECONNREFUSED` when listening on IPv6 as
unsupported
+ auth-digest: Fix handling missing nonce/realm in responses, as
well as a leak
+ In `soup_uri_decode_data_uri()` fix handling of URIs with a
path beginning with `//`
+ In `soup_message_headers_get_content_disposition()` fix
possibility of NULL-deref and double-free
+ In `soup_header_parse_quality_list()` fix leak
+ In `soup_form_decode_multipart()` fix ownership annotation for
the multipart object
* Thu Dec 12 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 3.6.1+4:
+ Fix ownership annotatin for soup_form_decode_multipart().
- Convert to obs_scm source service: allow for easier maintenance.
* Wed Dec 04 2024 Michael Gorse <mgorse@suse.com>
- Increase test timeout on s390x. The http2-body-stream test can be
slow and sometimes times out in our builds.
* Fri Nov 22 2024 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.6.1:
+ Fix `soup_uri_copy()` reading port as a long instead of an int
+ Fix possible NULL deref in `soup_uri_decode_data_uri()`
+ Fix possible overflow in `SoupContentSniffer`
+ Fix assertion in `soup_uri_decode_data_uri()` on URLs with a
path starting with `//`
+ headers: Be more robust against invalid input when parsing
params
+ websocket: Fix possibility of being stuck in a read loop
- Drop patches fixed upstream:
+ 6adc0e3e.patch
+ 29b96fab.patch
+ a35222dd.patch
+ 4c9e75c6.patch
* Wed Nov 13 2024 Michael Gorse <mgorse@suse.com>
- Add 4c9e75c6.patch: fix an intermittent test failure
(glgo#GNOME/libsoup#399).
* Tue Nov 12 2024 Michael Gorse <mgorse@suse.com>
- Add 6adc0e3e.patch: websocket: Process the frame as soon as we
read data (boo#1233287 CVE-2024-52532 glgo#GNOME/libsoup#391).
- Add 29b96fab.patch: websocket-test: disconnect error copy after
the test ends (glgo#GNOME/libsoup#391).
- Add a35222dd.patch: be more robust against invalid input when
parsing params (boo#1233292 CVE-2024-52531
glgo#GNOME/libsoup!407).
* Mon Aug 26 2024 Bjørn Lie <bjorn.lie@gmail.com>
6adc0e3e.patch
- Update to version 3.6.0:
+ Allow HTTP/2 to be used with non-HTTP proxies
- Changes from version 3.5.2:
+ Strictly forbid NUL bytes in headers
+ Fix minor leaks
- Changes from version 3.5.1:
+ Add `SOUP_METHOD_PATCH`
+ websocket: Add `SoupWebsocketConnection:keepalive-pong-timeout`
property
+ Increase maxmimum size of HTTP headers
+ Fix `soup_uri_copy()` in Vala
+ Fix leak in `soup_message_new_from_encoded_form()`
+ multipart: Improve handling of messages missing termination
+ logger:
- Fix request filter function being called with response user
data
- Fix response bodies never being logged if request bodies
aren't
- Add Soup-Host to logged headers for when Host is missing
+ cookies:
- Fix incorrect logic in determining same-site cookies
- Limit the Max-Age to 1 year
+ cookie-jar-db: Explicitly handle old databases lacking
same-site column
* Thu Oct 26 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.4.4:
+ Improve HTTP/2 performance when a lot of buffering happens
+ Support building libnghttp2 as a subproject
* Fri Sep 15 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.4.3:
+ Fix incorrect UTF-8 encoding for params in headers
+ Numerous HTTP/2 fixes and improvements
+ Fix possible crashes in connection management
+ Fix small leak in SoupServer
+ Fix the possibility of empty HTTP/2 frames being sent
* Sat Apr 29 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.4.2:
+ Revert changes to request cancellation.
* Fri Apr 21 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.4.1:
+ Fix HTTP/2 on platforms with unsigned char.
+ Change request cancellation to be handled earlier.
+ Add names to GSources and source tags to GTasks to aid
debugging.
- Run meson_test macro for all arches.
* Fri Mar 17 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.4.0:
+ Fix possible crash in SoupContentSniffer.
+ Fix socket leak.
+ Add missing annotation to
soup_header_g_string_append_param_quoted().
* Mon Feb 13 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.3.1:
+ Fix regression in `SoupCookieJar` not handling valid Secure
cookies.
+ Fix crash when skipping HTTP/1 response stream with chunked
enconding.
+ Change Session to unqueue finished items earlier without an
extra MainContext iteration.
* Sun Jan 22 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.3.0:
+ Add `SoupMessage::got-body-data` signal to monitor progress of
reads
+ Add `soup_session_send_and_splice()` and
`soup_session_send_and_splice_async()` convenience APIs
+ Add `soup_message_set_force_http1()` and
`soup_message_get_force_http1()` APIs
+ Change `soup_cookie_copy()` to not retain default ports
+ Ensure `SoupServerMessage` socket is available in websocket
handler
+ Fix `soup_message_new()` not erroring when URI has an empty
host
+ Fix thread-saftey issues in `SoupConnectionAuth`
+ Fix various connection leaks
+ Fix the possibility of sending invalid empty
`Sec-WebSocket-Protocol` header
+ Fix IO errors not being handled on `CONNECT` messages
+ Numerous improvements to cookies:
- Add support for cookie prefixes (`__Secure-` and `__Host-`)
- Reject cookies with control characters in name or value
- Reject `SameSite=None` cookies without `Secure`
- Change `soup_cookie_parse()` to be more strict about what is
considered whitespace
- Change default SameSite value to `Lax`
- Fix `soup_cookie_equal()` with `NULL` path
* Thu Nov 03 2022 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.2.2:
+ Various HTTP/2 Fixes:
- Fix `content-sniffed` not being emitted for resources without
content.
- Fix leak of SoupServerConnection when stolen.
- Enable tests on 32-bit again, fixed upstream.
* Wed Oct 12 2022 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.2.1:
+ When built against nghttp2 1.50.0+ be relaxed about header
whitespace.
+ Fix possible crash when cancelling an HTTP/2 message.
+ Fix regresion where soup_server_message_get_socket() could
return NULL.
+ Fix minor memory leak.
- Disable tests on 32-bit while waiting for
https://gitlab.gnome.org/GNOME/libsoup/-/issues/309
* Thu Sep 15 2022 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.2.0:
+ No changes, stable bump only.
* Mon Sep 05 2022 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.1.4:
+ Numerous improvements to HTTP/2 reliablity.
+ Fix `http` proxy authentication with default proxy resolver.
+ Fix undefined ``ssize_t`` with MSVC.
* Sun Sep 04 2022 Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 3.1.3:
+ Fix compile error when `SOUP_VERSION_MAX_ALLOWED` is defined.
- Changes from version 3.1.2:
+ Replace HTTP/2 tests using Quart with internal HTTP/2 server
tests.
+ Improve version macros including adding ability to define
`SOUP_DISABLE_DEPRECATION_WARNINGS`.
- Drop -D http2_tests=disabled meson paramter: no longer supported.
- Drop 299.patch: merged upstream.
* Sat Sep 03 2022 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.1.1:
+ Reintroduce some thread-safety to SoupSession (see
https://libsoup.org/libsoup-3.0/client-thread-safety.html)
+ Add SoupServerMessage:tls-peer-certificate and
SoupServerMessage:tls-peer-certificate-errors
+ Port docs to gi-docgen
+ Update documentation.
- Replace pkgconfig(gtk-doc) with pkgconfig(gi-docgen)
BuildRequires (and update options passed to meson) following
upstreams port.
- Add 299.patch: multithread-test: show error information in case
of request failure. multithread-test: skip proxy tests if apache
is not available.
- Use ldconfig_scriptlets for post(un) handling.
* Fri Sep 02 2022 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.0.8:
+ Fix `http` proxy authentication with default proxy resolver.
+ Numerous improvments to HTTP/2 reliability.
* Wed Jul 06 2022 Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 3.0.7:
+ Fix leak in SoupAuthNTLM.
+ Fix constructing SoupAuthNTLM objects.
+ Disable mutual negotiation in SoupAuthNegotiate.
+ http2:
- Do not advertise the `h2` protocool for proxy connections.
- Remove left-over headers when HTTP/1 redirects to HTTP/2.
- Handle HTTP_1_1_REQUIRED error.
- Read request bodies synchronously for sync requests.
- Properly handle server sending shut down GOAWAY.
+ tests:
- Remove dependency on Apache's PHP module.
- Depend upon Apache's http2 module.
* Fri Apr 01 2022 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.0.6:
+ Misc HTTP/2 fixes.
+ Add PUT/POST support to examples/get.
+ Add `--user-agent` option to examples/get.
+ Misc meson improvements.
+ Fix build with Visual Studio.
* Fri Mar 18 2022 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 3.0.5:
+ Misc HTTP/2 fixes.
+ Fix missing files for installed-tests.
+ Fix SoupServer not properly handling invalid percent encoded
paths.
+ Fix other areas not properly handling invalid percent encoded
paths.
+ Fix SoupLogger:max-body-size of 0 meaning log nothing.
* Fri Jan 07 2022 Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 3.0.4:
+ Fix HTTP/2 not properly handling socket timeouts.
+ Improvements to test reliablity.
+ Fix cross-compiling to Windows.
+ Fix tests with development glib-networking.
+ Expose soup_uri_copy() to Vala.
/usr/lib/libsoup-3.0.so.0 /usr/lib/libsoup-3.0.so.0.7.4 /usr/share/doc/packages/libsoup-3_0-0 /usr/share/doc/packages/libsoup-3_0-0/NEWS /usr/share/licenses/libsoup-3_0-0 /usr/share/licenses/libsoup-3_0-0/COPYING
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Oct 24 23:22:36 2025