Your message dated Wed, 27 Aug 2025 07:02:55 +0000
with message-id <[email protected]>
and subject line Bug#1100509: fixed in libsoup3 3.2.3-0+deb12u2
has caused the Debian Bug report #1100509,
regarding gnome-calculator: "Calculator" is not responding
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1100509: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100509
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gnome-calculator
Version: 1:43.0.1-2
Severity: important
GNOME Calculator starts up but does not respond to keystrokes. The
desktop notices that the application is unresponsive and offers the
choice between force-quit and wait. Waiting does not seem to do
anything.
Here's what I have on the console:
<snip>
$ gnome-calculator
(gnome-calculator:1863520): Adwaita-WARNING **: 11:37:42.424: Using
GtkSettings:gtk-application-prefer-dark-theme with libadwaita is unsupported.
Please use AdwStyleManager:color-scheme instead.
** (gnome-calculator:1863520): WARNING **: 11:37:43.318:
currency-provider.vala:161: Couldn't download IMF currency rate file: HTTP/2
Error: INTERNAL_ERROR
(gnome-calculator:1863520): libsoup-WARNING **: 11:37:43.318:
(../libsoup/soup-session.c:334):soup_session_dispose: runtime check failed:
(soup_connection_manager_get_num_conns (priv->conn_manager) == 0)
(gnome-calculator:1863520): libsoup-WARNING **: 11:37:43.318:
(../libsoup/soup-connection-manager.c:78):soup_host_free: runtime check failed:
(host->conns == NULL)
</snip>
-- System Information:
Debian Release: 12.9
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-31-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gnome-calculator depends on:
ii dconf-gsettings-backend [gsettings-backend] 0.40.0-4
ii libadwaita-1-0 1.2.2-1
ii libc6 2.36-9+deb12u9
ii libgee-0.8-2 0.20.6-1
ii libglib2.0-0 2.74.6-2+deb12u5
ii libgtk-4-1 4.8.3+ds-2+deb12u1
ii libgtksourceview-5-0 5.6.2-1
ii libmpc3 1.3.1-1
ii libmpfr6 4.2.0-1
ii libsoup-3.0-0 3.2.2-2
ii libxml2 2.9.14+dfsg-1.3~deb12u1
Versions of packages gnome-calculator recommends:
ii gvfs 1.50.3-1
ii yelp 42.2-1
gnome-calculator suggests no packages.
-- no debconf information
--
"the lyf so short, the craft so long to lerne."
-- Chaucer.
--- End Message ---
--- Begin Message ---
Source: libsoup3
Source-Version: 3.2.3-0+deb12u2
Done: Simon McVittie <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libsoup3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <[email protected]> (supplier of updated libsoup3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 Aug 2025 16:06:45 +0100
Source: libsoup3
Architecture: source
Version: 3.2.3-0+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Simon McVittie <[email protected]>
Closes: 1052551 1054962 1059773 1064744 1077962 1087416 1087417 1098315 1099119
1100509 1100541 1101922 1102471 1104456
Changes:
libsoup3 (3.2.3-0+deb12u2) bookworm; urgency=medium
.
* Team upload
* d/p/tests-Gracefully-skip-test-if-a-large-memory-allocation-f.patch:
Add proposed patch to fix a test failure on some 32-bit machines, in
particular Debian 12's mipsel buildds
.
libsoup3 (3.2.3-0+deb12u1) bookworm; urgency=medium
.
* Team upload
.
[ Jeremy BĂcha ]
* d/control{,.in}: Add Build-Depends: ca-certificates for build-time tests
(Closes: #1064744, #1054962)
.
[ Simon McVittie ]
* Re-export patch series (no functional changes)
* New upstream old-stable release 3.2.3
- Fix a buffer overrun if asked to parse non-UTF-8 headers. It is
believed that this cannot happen on the client side, but it can
happen in SoupServer. (CVE-2024-52531, Closes: #1087417)
- Avoid an infinite loop in WebSocket processing which can cause a denial
of service via resource exhaustion (CVE-2024-52532, Closes: #1087416)
- Fix denial of service (crash) when parsing invalid data URLs
(CVE-2025-32051)
- Fix heap overflows during content sniffing
(CVE-2025-32052, libsoup3 equivalent of #1102214)
(CVE-2025-32053, libsoup3 equivalent of #1102215)
- Fix an integer overflow during parameter serialization
(CVE-2025-32050, libsoup3 equivalent of #1102212)
* Fix a regression introduced in 3.2.3 by backporting its fixes from
3.6.5:
- d/p/sniffer-Fix-potential-overflow.patch,
d/p/sniffer-Add-better-coverage-of-skip_insignificant_space.patch:
Fix more heap buffer overflows during content sniffing
(CVE-2025-2784; libsoup3 equivalent of #1102208)
- d/source/include-binaries: Configure dpkg to accept non-text diffs
in test data for CVE-2025-2784
* d/p/server-Add-note-about-recommended-usage.patch:
Update documentation to indicate the level of security support for
the server side.
Upstream clarified the documentation in 3.6.1 to state that SoupServer
is not intended to be exposed to untrusted clients.
(Related to CVE-2024-52531, CVE-2024-52532)
* d/p/tests-Add-test-for-passing-invalid-UTF-8-to-soup_header_p.patch:
Add test coverage related to CVE-2024-52531
* Backport additional CVE fixes from upstream release 3.5.2:
- d/p/headers-Strictly-don-t-allow-NUL-bytes.patch:
Reject HTTP headers if they contain NUL bytes
(CVE-2024-52530, libsoup3 equivalent of #1088812)
* Backport additional CVE fixes from upstream release 3.6.2:
- d/p/content-sniffer-Handle-sniffing-resource-shorter-than-4-b.patch:
Fix denial of service when sniffing type of a short resource
(CVE-2025-32909, libsoup3 equivalent of #1103517)
- d/p/auth-digest-Handle-missing-realm-in-authenticate-header.patch,
d/p/auth-digest-Handle-missing-nonce.patch,
d/p/auth-digest-Fix-leak.patch:
Fix denial of service (crash) during client-side authentication
(CVE-2025-32910, libsoup3 equivalent of #1103516)
- d/p/soup_message_headers_get_content_disposition-Fix-NULL-der.patch,
d/p/soup_message_headers_get_content_disposition-strdup-trunc.patch:
Fix memory management of message headers.
(CVE-2025-32911, CVE-2025-32913; libsoup3 equivalent of #1103515)
- d/p/soup_header_parse_quality_list-Fix-leak.patch:
Fix a memory leak (slow denial of service) in quality list parsing
(CVE-2025-46420, libsoup3 equivalent of #1104055)
* Backport additional CVE fixes from upstream release 3.6.5:
- d/p/auth-digest-Handle-missing-nonce-1.patch,
d/p/digest-auth-Handle-NULL-nonce.patch:
Fix additional denial of service issues related to CVE-2025-32910
(CVE-2025-32912, libsoup3 equivalent of #1103516)
- d/p/headers-Handle-parsing-edge-case.patch,
d/p/headers-Handle-parsing-only-newlines.patch:
Fix denial of service (crash) in http server header parsing
(CVE-2025-32906, libsoup3 equivalent of #1103521)
- d/p/session-Strip-authentication-credentails-on-cross-origin-.patch:
Fix credentials disclosure on cross-origin redirect
(CVE-2025-46421, libsoup3 equivalent of #110405)
* d/control: libsoup-3.0-tests Depends on ca-certificates
(Equivalent of #1054962, #1064744 for autopkgtests)
* d/p/connection-manager-don-t-crash-if-connection-outlives-its.patch:
Add patch from upstream fixing a use-after-free during disconnection.
In particular this resolves a hang during gnome-calculator startup,
when it downloads currency conversion data.
(Closes: #1077962, #1052551, #1098315, #1099119, #1100509, #1104456,
#1100541, #1101922, #1102471, #1059773)
* d/p/connection-auth-don-t-crash-if-connection-outlives-the-au.patch:
Add patch from upstream fixing another use-after-free during disconnect.
(Related to #1077962, etc.)
Checksums-Sha1:
109f78b0454e2dfb3c04d7580032cf1653adbbc7 3514 libsoup3_3.2.3-0+deb12u2.dsc
18c39cf2ccdbe8bafae6ea5cb9fcee000ff89f92 38208
libsoup3_3.2.3-0+deb12u2.debian.tar.xz
12081c772865f927fc2d717eb0b22e03c23aae09 2473716
libsoup3_3.2.3-0+deb12u2.git.tar.xz
a67dd354b3d5929d371fdb3d37d0804d0efc7fd9 18090
libsoup3_3.2.3-0+deb12u2_source.buildinfo
Checksums-Sha256:
b00656d3dc925048e575643f7ea701ffc3d1e2ec677372b77255284e0b810be6 3514
libsoup3_3.2.3-0+deb12u2.dsc
34a04a865a644a16d635f55454ba06d52329806de943a95ed245384e6ea077b6 38208
libsoup3_3.2.3-0+deb12u2.debian.tar.xz
9337618beea532c5699338dab705633fad05b05f761381c3d467ba0ed9c29791 2473716
libsoup3_3.2.3-0+deb12u2.git.tar.xz
dcb95818cb589d1d9f81f49c5d5e6a16ab48560674c47eaf457b4c995b4a7409 18090
libsoup3_3.2.3-0+deb12u2_source.buildinfo
Files:
ecaa011c29a9237de552df9ec26cd29f 3514 devel optional
libsoup3_3.2.3-0+deb12u2.dsc
ebaf706e41784c7ecdac04475eaa8674 38208 devel optional
libsoup3_3.2.3-0+deb12u2.debian.tar.xz
d2c73254c8d2288371d330a92fccb046 2473716 None None
libsoup3_3.2.3-0+deb12u2.git.tar.xz
861f8b3a357d3ca2ddd458456d12edd9 18090 devel optional
libsoup3_3.2.3-0+deb12u2_source.buildinfo
Git-Tag-Info: tag=fa847d591345c7074c0ccb2bad8f16dcde18d15a
fp=7a073ad1ae694fa25bff62e5235c099d3eb33076
Git-Tag-Tagger: Simon McVittie <[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmishYoACgkQYG0ITkaD
wHkCwQ/+Pe4XP/B5bvd/zePkpk49GSx3We7W7xpgJuDentebHISJObL9HlU0b4ey
gPtnBfVmIFW9Jg2AzgrHqWd9fBd7HvbIhYZAu7Wr4KXYKvnNl7lJFdmRbAuJjwS+
GRCjh77nZZFy7bhFqxH+twPt4BI5dIJTdUs5tGA3iSFGshd3xpgZe01ABOhgbFCK
Lb3yqduCWEYQ1BeOhHYb+ZWNi8XNU5VAgEPhVYL8yVpzbGVR5G9IowyQ932U26Zb
yw37MYH5hPSLSjuFBttqYenS1krtwOnfW+EKRnLeF7uEBNKWWn3KEchtmgDBPUDi
unGZx5MqzYIVmpxvfCBYqxJ3n1oByBmZKRdsXQxUYUANuXTQ290Ean9cvbSY7M2l
Jq2JaRbDe/61wLWzmFzyXp1bBOT28TeWwBIABsj/xcd/UyRyI2gIDI8dnyqNlEd/
oRfwg0s0i8menc9Kq2X1rOqO1VllhxOb8aOWVpM4zPyX4GqA7nLfoNeEVp3z+Yxw
DOnt6kr/VTAH0UlbiVfrQPJVMokM1H3c1ymnnP0KZKV0gAA51Dzd66Wh7Vmp9JQi
rDiqqWiMTrvyGjF0d1/PzmD9TRneTlBVjAaWMqxu9wHVooarzyjvqrsgKu1kGIW7
jM6vOCyVS3yjAeys9ieKQZ2VXiG2F0AjyTF0H2yLkAvtPDC/FXw=
=r12K
-----END PGP SIGNATURE-----
pgpwgbGDLsLXS.pgp
Description: PGP signature
--- End Message ---
