Debian Patches
Status for libsoup3/3.6.5-4
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| soup-init-Use-libdl-instead-of-gmodule-in-soup2_is_loaded.patch | soup-init: Use libdl instead of gmodule in `soup2_is_loaded` check Calling `g_module_open` in the library constructor can cause deadlocks when libsoup is used with other libraries that also contend for GLib mutexes. `dlopen` should be used instead. |
Fabio Manganiello <fabio@manganiello.tech> | yes | debian upstream | https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/475 | 2025-07-15 |
| skip-tls_interaction-test.patch | skip tls_interaction test This test is too unreliable on Debian architectures and this package is too critical to not get timely updates [smcv: Allow running it anyway, by setting an environment variable] |
Jeremy Bicha <jbicha@ubuntu.com> | yes | upstream | 2018-10-08 | |
| Record-Apache-error-log-for-unit-tests-and-show-it-during.patch | Record Apache error log for unit tests and show it during teardown This helps to diagnose problems with the Apache-based tests. |
Simon McVittie <smcv@debian.org> | no | 2021-12-27 | ||
| test-utils-Add-more-debug-for-starting-stopping-Apache.patch | test-utils: Add more debug for starting/stopping Apache | Simon McVittie <smcv@debian.org> | no | 2022-03-16 | ||
| tests-extend-timeout-for-http2-body-stream-test.patch | tests: extend timeout for http2-body-stream-test https://bugs.debian.org/1018709 |
Eric Long <i@hack3r.moe> | no | 2022-08-29 | ||
| multipart-Fix-read-out-of-buffer-bounds-under-soup_multip.patch | multipart: Fix read out of buffer bounds under soup_multipart_new_from_message() This is CVE-2025-32914, special crafted input can cause read out of buffer bounds of the body argument. |
Milan Crha <mcrha@redhat.com> | yes | debian upstream | upstream, 3.7.0, commit:5bfcf8157597f2d327050114fb37ff600004dbcf | 2025-04-15 |
| soup-server-http2-Check-validity-of-the-constructed-conne.patch | soup-server-http2: Check validity of the constructed connection URI The HTTP/2 pseudo-headers can contain invalid values, which the GUri rejects and returns NULL, but the soup-server did not check the validity and could abort the server itself later in the code. |
Milan Crha <mcrha@redhat.com> | yes | debian upstream | upstream, 3.7.0, commit:a792b23ab87cacbf4dd9462bf7b675fa678efbae | 2025-04-15 |
| soup-server-http2-Correct-check-of-the-validity-of-the-co.patch | soup-server-http2: Correct check of the validity of the constructed connection URI RFC 5740: the CONNECT has unset the "scheme" and "path", thus allow them unset. The commit a792b23ab87cacbf4dd9462bf7b675fa678efbae also missed to decrement the `io->in_callback` in the early returns. Related to #429 |
Milan Crha <mcrha@redhat.com> | yes | debian upstream | upstream, 3.7.0, commit:a792b23ab87cacbf4dd9462bf7b675fa678efbae | 2025-04-28 |
| auth-digest-fix-crash-in-soup_auth_digest_get_protection_.patch | auth-digest: fix crash in soup_auth_digest_get_protection_space() We need to validate the Domain parameter in the WWW-Authenticate header. Unfortunately this crash only occurs when listening on default ports 80 and 443, so there's no good way to test for this. The test would require running as root. |
Michael Catanzaro <mcatanzaro@redhat.com> | yes | debian upstream | upstream, 3.7.0, commit:e64c221f9c7d09b48b610c5626b3b8c400f0907c | 2025-05-08 |
| test-utils-flush-stdout-after-printing.patch | test-utils: flush stdout after printing test_printf() would be more useful if it were to actually guarantee that everything has printed; otherwise, it cannot be used to determine how far we've made it in a test before a hang. |
Michael Catanzaro <mcatanzaro@redhat.com> | no | upstream, 3.7.0, commit:3eec3d8b9b5d8ac1e202d02c715663a440e6a508 | 2025-04-30 | |
| test-utils-fix-deadlock-in-add_listener_in_thread.patch | test-utils: fix deadlock in add_listener_in_thread() The mutex is locked in the wrong place here. Hopefully fixes #379 |
Michael Catanzaro <mcatanzaro@redhat.com> | yes | upstream | upstream, 3.7.0, commit:3c0cee2cfddb9ba31b30421f2b3cdd3c5a255e99 | 2025-04-30 |
| tests-Treat-multithread-test-as-an-Apache-test.patch | tests: Treat multithread-test as an Apache test This test calls apache_init() to run Apache on a hard-coded port, which means it cannot coexist with other tests in this group. Don't allow it to parallelize with others. Maybe helps: #1035983 |
Simon McVittie <smcv@debian.org> | no | 2025-07-11 | ||
| soup-form-Fix-a-possible-memory-leak-in-soup_form_decode_.patch | soup-form: Fix a possible memory leak in soup_form_decode_multipart() The output variables can be set multiple times, when there are multiparts with the same name, thus first clear any previously value and only then assign a new value. |
Milan Crha <mcrha@redhat.com> | yes | upstream | upstream, 3.7.0, commit:66b5c5be947062df9caf7025b56ee1de32aee3ac | 2025-05-13 |
| soup-message-headers-Correct-merge-of-ranges.patch | soup-message-headers: Correct merge of ranges It had been skipping every second range, which generated an array of a lot of insane ranges, causing large memory usage by the server. |
Milan Crha <mcrha@redhat.com> | yes | debian upstream | upstream, 3.7.0, commit:9bb92f7a685e31e10e9e8221d0342280432ce836 | 2025-04-15 |
| server-mem-limit-test-Limit-memory-usage-only-when-not-bu.patch | server-mem-limit-test: Limit memory usage only when not built witha sanitizer A build with -Db_sanitize=address crashes with failed mmap(), which is done inside libasan. The test requires 20.0TB of virtual memory when running with the sanitizer, which is beyond unsigned integer limits and may not trigger the bug anyway. |
Milan Crha <mcrha@redhat.com> | yes | debian upstream | upstream, 3.7.0, commit:eeace39ec686094ff6a05a43e5fce06e9c37f376 | 2025-05-13 |
| websocket-test-Fix-two-memory-leaks.patch | websocket-test: Fix two memory leaks The errors can be emitted also when joining the thread, in some cases, thus disconnect the handlers to avoid memory leaks in such case. |
Milan Crha <mcrha@redhat.com> | no | upstream, 3.7.0, commit:a6df31d7a89298fcdc6da0373f16ca222d052061 | 2025-05-22 | |
| misc-test-Fix-two-memory-leaks.patch | misc-test: Fix two memory leaks It's tested it returned the data/object, but it was not freed. |
Milan Crha <mcrha@redhat.com> | no | upstream, 3.7.0, commit:83e26e9001b500cc09ae52cef258195303fe32da | 2025-05-22 | |
| http2-test-Fix-several-memory-leaks.patch | http2-test: Fix several memory leaks These were more or less obvious, but missed. |
Milan Crha <mcrha@redhat.com> | no | upstream, 3.7.0, commit:21a99b2a2c3bb7d5574499c92e31f9ed0de13fad | 2025-05-22 | |
| range-test-Fix-a-memory-leak.patch | range-test: Fix a memory leak The 'succeed' is an argument, set by the caller, which does not mean the 'body' cannot be set to some data. |
Milan Crha <mcrha@redhat.com> | no | upstream, 3.7.0, commit:1e90797e2575d8b27e0431c03df5a4cbd4713b76 | 2025-05-22 | |
| soup-multipart-Verify-boundary-limits-for-multipart-body.patch | soup-multipart: Verify boundary limits for multipart body It could happen that the boundary started at a place which resulted into a negative number, which in an unsigned integer is a very large value. Check the body size is not a negative value before setting it. |
Milan Crha <mcrha@redhat.com> | yes | debian upstream | upstream, 3.7.0, commit:f2f28afe0b3b2b3009ab67d6874457ec6bac70c0 | 2025-05-15 |
| soup-multipart-Verify-array-bounds-before-accessing-its-m.patch | soup-multipart: Verify array bounds before accessing its members The boundary could be at a place which, calculated, pointed before the beginning of the array. Check the bounds, to avoid read out of the array bounds. |
Milan Crha <mcrha@redhat.com> | yes | debian upstream | upstream, 3.7.0, commit:b5b4dd10d4810f0c87b4eaffe88504f06e502f33 | 2025-05-19 |
| soup-date-utils-Add-value-checks-for-date-time-parsing.patch | soup-date-utils: Add value checks for date/time parsing Reject date/time when it does not represent a valid value. |
Milan Crha <mcrha@redhat.com> | yes | debian upstream | upstream, 3.7.0, commit:8988379984e33dcc7d3aa58551db13e48755959f | 2025-05-15 |
| tests-Add-tests-for-date-time-including-timezone-validati.patch | tests: Add tests for date-time including timezone validation work These tests are built on top of earlier work in a related pull request. |
Brian Yurko <155515-byurko@users.noreply.gitlab.gnome.org> | yes | debian upstream | upstream, 3.7.0, commit:8988379984e33dcc7d3aa58551db13e48755959f | 2025-06-11 |
| tests-Gracefully-skip-test-if-a-large-memory-allocation-f.patch | tests: Gracefully skip test if a large memory allocation fails On resource-constrained 32-bit machines, it might not be possible to allocate 1G of buffer space. Catch this and skip the test that uses very large buffers, instead of having it fail. |
Simon McVittie <smcv@debian.org> | yes | 2025-08-25 | ||
| debian/docs-Remove-remotely-accessed-logo.patch | docs: Remove remotely accessed logo Remote images in local documentation are not ideal from a privacy point of view. |
Simon McVittie <smcv@debian.org> | not-needed | 2025-07-12 |
All known versions for source package 'libsoup3'
- 3.6.5-4 (forky, sid)
- 3.6.5-3 (trixie)
- 3.2.3-0+deb12u2 (bookworm)