Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libsoup2 for openSUSE:Factory checked in at 2026-03-08 17:26:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsoup2 (Old) and /work/SRC/openSUSE:Factory/.libsoup2.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsoup2" Sun Mar 8 17:26:01 2026 rev:23 rq:1337266 version:2.74.3 Changes: -------- --- /work/SRC/openSUSE:Factory/libsoup2/libsoup2.changes 2026-03-05 17:14:48.821815574 +0100 +++ /work/SRC/openSUSE:Factory/.libsoup2.new.8177/libsoup2.changes 2026-03-08 17:26:29.065819233 +0100 @@ -1,0 +2,7 @@ +Thu Mar 5 22:36:53 UTC 2026 - Michael Gorse <[email protected]> + +- Update libsoup2-CVE-2026-0716.patch to incorporate + glgo#GNOME/libsoup!518. The original fix was incomplete + (bsc#1256418 CVE-2026-0716 glgo#GNOME/libsoup#476). + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsoup2-CVE-2026-0716.patch ++++++ --- /var/tmp/diff_new_pack.Oreaxz/_old 2026-03-08 17:26:30.217866550 +0100 +++ /var/tmp/diff_new_pack.Oreaxz/_new 2026-03-08 17:26:30.225866878 +0100 @@ -1,28 +1,30 @@ -diff -urp libsoup-2.74.3.orig/libsoup/soup-websocket-connection.c libsoup-2.74.3/libsoup/soup-websocket-connection.c ---- libsoup-2.74.3.orig/libsoup/soup-websocket-connection.c 2022-10-11 13:27:22.000000000 -0500 -+++ libsoup-2.74.3/libsoup/soup-websocket-connection.c 2026-02-06 12:46:44.372111863 -0600 -@@ -1064,6 +1064,12 @@ process_frame (SoupWebsocketConnection * - payload += 4; - at += 4; +Index: libsoup-2.74.3/libsoup/soup-websocket-connection.c +=================================================================== +--- libsoup-2.74.3.orig/libsoup/soup-websocket-connection.c ++++ libsoup-2.74.3/libsoup/soup-websocket-connection.c +@@ -1074,6 +1074,12 @@ process_frame (SoupWebsocketConnection * -+ /* at has a maximum value of 10 + 4 = 14 */ -+ if (payload_len > G_MAXSIZE - 14) { -+ bad_data_error_and_close (self); -+ return FALSE; -+ } -+ - if (len < at + payload_len) - return FALSE; /* need more data */ + payload = header + at; -diff -urp libsoup-2.74.3.orig/tests/websocket-test.c libsoup-2.74.3/tests/websocket-test.c ---- libsoup-2.74.3.orig/tests/websocket-test.c 2022-10-11 13:27:22.000000000 -0500 -+++ libsoup-2.74.3/tests/websocket-test.c 2026-02-06 12:46:44.372679228 -0600 -@@ -1861,6 +1861,41 @@ test_cookies_in_response (Test *test, ++ /* at has a maximum value of 10 + 4 = 14 */ ++ if (payload_len > G_MAXSIZE - 14) { ++ bad_data_error_and_close (self); ++ return FALSE; ++ } ++ + if (masked) { + mask = header + at; + payload += 4; +Index: libsoup-2.74.3/tests/websocket-test.c +=================================================================== +--- libsoup-2.74.3.orig/tests/websocket-test.c ++++ libsoup-2.74.3/tests/websocket-test.c +@@ -1865,6 +1865,88 @@ test_cookies_in_response (Test *test, soup_cookie_free (cookie); } +static void -+test_cve_2026_0716 (Test *test, ++test_bad_length_masked (Test *test, + gconstpointer unused) +{ + GError *error = NULL; @@ -39,7 +41,7 @@ + + soup_websocket_connection_set_max_incoming_payload_size (test->server, 0); + -+ // Malicious masked frame header (10-byte header + 4-byte mask) */ ++ /* Malicious masked frame header (10-byte header + 4-byte mask) */ + frame = "\x82\xff\xff\xff\xff\xff\xff\xff\xff\xf6\xaa\xbb\xcc\xdd"; + if (!g_output_stream_write_all (g_io_stream_get_output_stream (io), + frame, 14, &written, NULL, NULL)) @@ -56,21 +58,72 @@ + g_assert_cmpuint (soup_websocket_connection_get_close_code (test->client), ==, SOUP_WEBSOCKET_CLOSE_BAD_DATA); +} + ++static gpointer ++send_bad_length_frame_server_thread (gpointer user_data) ++{ ++ Test *test = user_data; ++ const char frame[] = "\x82\x7f\xff\xff\xff\xff\xff\xff\xff\xf6"; ++ gsize written; ++ GError *error = NULL; ++ ++ g_output_stream_write_all (g_io_stream_get_output_stream (test->raw_server), ++ frame, sizeof (frame), &written, NULL, &error); ++ g_assert_no_error (error); ++ g_assert_cmpuint (written, ==, sizeof (frame)); ++ ++ g_io_stream_close (test->raw_server, NULL, &error); ++ g_assert_no_error (error); ++ ++ return NULL; ++} ++ ++static void ++test_bad_length_unmasked (Test *test, ++ gconstpointer unused) ++{ ++ GThread *thread; ++ GBytes *received = NULL; ++ GError *error = NULL; ++ ++ g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); ++ g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received); ++ ++ soup_websocket_connection_set_max_incoming_payload_size (test->client, 0); ++ ++ thread = g_thread_new ("send-bad-length-frame-thread", send_bad_length_frame_server_thread, test); ++ ++ WAIT_UNTIL (error != NULL || received != NULL); ++ g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_BAD_DATA); ++ g_clear_error (&error); ++ g_assert_null (received); ++ ++ /* it can emit more errors while joining the thread, thus disconnect, to avoid memory leak */ ++ g_signal_handlers_disconnect_by_func (test->client, G_CALLBACK (on_error_copy), &error); ++ ++ g_thread_join (thread); ++ ++ WAIT_UNTIL (soup_websocket_connection_get_state (test->client) == SOUP_WEBSOCKET_STATE_CLOSED); ++} ++ int main (int argc, char *argv[]) -@@ -2094,6 +2129,15 @@ main (int argc, +@@ -2098,6 +2180,19 @@ main (int argc, test_cookies_in_response, teardown_soup_connection); -+ g_test_add ("/websocket/direct/cve-2026-0716", Test, NULL, ++ g_test_add ("/websocket/direct/bad-length-masked", Test, NULL, + setup_direct_connection, -+ test_cve_2026_0716, ++ test_bad_length_masked, + teardown_direct_connection); -+ g_test_add ("/websocket/soup/cve-2026-0716", Test, NULL, ++ g_test_add ("/websocket/soup/bad-length-masked", Test, NULL, + setup_soup_connection, -+ test_cve_2026_0716, ++ test_bad_length_masked, + teardown_soup_connection); ++ g_test_add ("/websocket/direct/bad-length-unmasked", Test, NULL, ++ setup_half_direct_connection, ++ test_bad_length_unmasked, ++ teardown_direct_connection); + ret = g_test_run ();
