Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libsoup-lang-3.6.6-2.1 RPM for noarch

From OpenSuSE Tumbleweed for noarch

Name: libsoup-lang Distribution: openSUSE Tumbleweed
Version: 3.6.6 Vendor: openSUSE
Release: 2.1 Build date: Wed Feb 25 03:47:08 2026
Group: System/Localization Build host: reproducible
Size: 280418 Source RPM: libsoup-3.6.6-2.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://wiki.gnome.org/Projects/libsoup
Summary: Translations for package libsoup
 
Provides translations for the "libsoup" package.

Provides

Requires

License

LGPL-2.1-or-later

Changelog

* Wed Feb 25 2026 Jonathan Kang <songchuan.kang@suse.com>
  - Add libsoup-CVE-2026-1539.patch: Also remove Proxy-Authorization
    header on cross origin redirect
    (bsc#1257441, CVE-2026-1539, glgo#GNOME/libsoup#489).
* Fri Feb 20 2026 Michael Gorse <mgorse@suse.com>
  - Rebase and re-enable libsoup-CVE-2026-2708.patch.
* Fri Feb 20 2026 Dominique Leuenberger <dimstar@opensuse.org>
  - Update to version 3.6.6:
    + websocket: Fix out-of-bounds read in process_frame
    + Check nulls returned by soup_date_time_new_from_http_string()
    + Numerous fixes to handling of Range headers
    + server: close the connection after responsing a request
      containing Content-Length and Transfer-Encoding
    + Use CRLF as line boundary when parsing chunked enconding data
    + websocket: do not accept messages frames after closing due to
      an error
    + Sanitize filename of content disposition header values
    + Always validate the headers value when coming from untrusted
      source
    + uri-utils: do host validation when checking if a GUri is valid
    + multipart: check length of bytes read
      soup_filter_input_stream_read_until()
    + message-headers: Reject duplicate Host headers
    + server: null-check soup_date_time_to_string()
    + auth-digest: fix crash in
      soup_auth_digest_get_protection_space()
    + session: fix 'heap-use-after-free' caused by 'finishing' queue
      item twice
    + cookies: Avoid expires attribute if date is invalid
    + http1: Set EOF flag once content-length bytes have been read
    + date-utils: Add value checks for date/time parsing
    + multipart: Fix multiple boundry limits
    + Fixed multiple possible memory leaks
    + message-headers: Correct merge of ranges
    + body-input-stream: Correct chunked trailers end detection
    + server-http2: Correctly validate URIs
    + multipart: Fix read out of buffer bounds under
      soup_multipart_new_from_message()
    + headers: Ensure Request-Line comprises entire first line
    + tests: Fix MSVC build error
    + Fix possible deadlock on init from gmodule usage
    + Updated translations.
  - Drop upstream merged patches:
    + libsoup-CVE-2025-11021.patch
    + libsoup-CVE-2025-12105.patch
    + libsoup-CVE-2025-14523.patch
    + libsoup-CVE-2025-32907.patch
    + libsoup-CVE-2025-32908.patch
    + libsoup-CVE-2025-32914.patch
    + libsoup-CVE-2025-4476.patch
    + libsoup-CVE-2025-4945.patch
    + libsoup-CVE-2025-4948.patch
    + libsoup-CVE-2025-4969.patch
    + libsoup-CVE-2026-0716.patch
    + libsoup-CVE-2026-1536.patch
    + libsoup-CVE-2026-1761.patch
    + libsoup-CVE-2026-2369.patch
    + libsoup-CVE-2026-2443.patch
    + libsoup-CVE-2026-1467.patch
    + libsoup-CVE-2026-1760.patch
  - libsoup-CVE-2026-2708.patch temporarily disabled while we need to
    rebase it.
* Fri Feb 20 2026 Jonathan Kang <songchuan.kang@suse.com>
  - Add libsoup-CVE-2026-1467.patch: uri-utils: do host validation
    when checking if a GUri is valid
    (bsc#1257398, CVE-2026-1467, glgo#GNOME/libsoup#488).
  - Add libsoup-CVE-2026-1760.patch: server: close the connection
    after responsing a request containing...
    (bsc#1257597, CVE-2026-1760, glgo#GNOME/libsoup#475).
* Thu Feb 19 2026 Michael Gorse <mgorse@suse.com>
  - Add libsoup-CVE-2026-2708.patch: do not allow adding multiple
    content length values to headers (bsc#1258508 CVE-2026-2708
    glgo#GNOME/libsoup#500).
* Sat Feb 14 2026 Michael Gorse <mgorse@suse.com>
  - Add more CVE fixes:
    + libsoup-CVE-2025-32049.patch (bsc#1240751 CVE-2025-32049
      glgo#GNOME/libsoup#390)
    + libsoup-CVE-2026-2443.patch (bsc#1258170 CVE-2026-2443
      glgo#GNOME/libsoup#487)
    + libsoup-CVE-2026-2369.patch (bsc#1258120 CVE-2026-2369
      glgo#GNOME/libsoup!508)
* Tue Feb 03 2026 Jonathan Kang <songchuan.kang@suse.com>
  - Add libsoup-CVE-2026-1536.patch: Always validate the headers
    value when coming from untrusted source
    (bsc#1257440, CVE-2026-1536, glgo#GNOME/libsoup/commit/5c1a2e9c).
  - Add libsoup-CVE-2026-1761.patch: multipart: check length of bytes
    read soup_filter_input_stream_read_until()
    (bsc#1257598, CVE-2026-1761, glgo#GNOME/libsoup!496).
* Mon Jan 12 2026 Alynx Zhou <alynx.zhou@suse.com>
  - Add libsoup-CVE-2026-0716.patch: Fix out-of-bounds read for
    websocket (bsc#1256418, CVE-2026-0716, glgo#GNOME/libsoup!494).
* Fri Jan 09 2026 Alynx Zhou <alynx.zhou@suse.com>
  - Add libsoup-CVE-2026-0719.patch: Fix overflow for password md4sum
    (bsc#1256399, CVE-2026-0719, glgo#GNOME/libsoup!493).
* Thu Jan 08 2026 Alynx Zhou <alynx.zhou@suse.com>
  - Add libsoup-CVE-2025-14523.patch: Reject duplicated Host in
    headers (bsc#1254876, CVE-2025-14523, glgo#GNOME/libsoup!491).
* Tue Nov 18 2025 Michael Gorse <mgorse@suse.com>
  - Add libsoup-CVE-2025-12105.patch: fix use after free caused by
    'finishing' queue item twice (bsc#1252555 CVE-2025-12105
    glgo#GNOME/libsoup!481).
  - Add i586 to the list of architectures where we re-run tests;
    hsts-db-test is timing out there as well.
* Thu Oct 16 2025 Alynx Zhou <alynx.zhou@suse.com>
  - Update libsoup-CVE-2025-11021.patch: Add NULL check for
    soup_date_time_to_string() (bsc#1250562, CVE-2025-11021,
    glgo#GNOME/libsoup!483).
* Sat Oct 11 2025 Alynx Zhou <alynx.zhou@suse.com>
  - Add libsoup-CVE-2025-11021.patch: Ignore invalid date when
    processing cookies to prevent out-of-bounds read (bsc#1250562,
    CVE-2025-11021, glgo#GNOME/libsoup!482).
* Wed Jun 18 2025 Michael Gorse <mgorse@suse.com>
  - Add libsoup-CVE-2025-4945.patch: add value checks for date/time
    parsing (boo#1243314 CVE-2025-4945).
* Wed May 28 2025 Michael Gorse <mgorse@suse.com>
  - Add libsoup-CVE-2025-4969.patch: multipart: verify array bounds
    before accesing its members (boo#1243423 CVE-2025-4969).
  - Also rerun tests for ppc64le should they fail. hsts-db-test
    appears to time out intermittently there (bsc#1243570).
* Tue May 27 2025 Michael Gorse <mgorse@suse.com>
  - Add libsoup-CVE-2025-4476.patch: fix crash in
    soup_auth_digest_get_protection_space (boo#1243422
    CVE-2025-4476 glgo#GNOME/libsoup!457).
  - Add libsoup-CVE-2025-4948.patch: verify boundary limits for
    multipart body (boo#1243332 CVE-2025-4948
    glgo#GNOME/libsoup#449).
* Tue Apr 29 2025 Michael Gorse <mgorse@suse.com>
  - Add libsoup-CVE-2025-32907.patch: correct merge of ranges
    (boo#1241222 CVE-2025-32907 glgo#GNOME/libsoup!452).
* Mon Apr 21 2025 Michael Gorse <mgorse@suse.com>
  - Add CVE fixes:
    + libsoup-CVE-2025-32914.patch (boo#1241164 CVE-2025-32914)
    + libsoup-CVE-2025-32908.patch (boo#1241223 CVE-2025-32908)
* Sun Apr 06 2025 Bjørn Lie <bjorn.lie@gmail.com>
  - Rerun tests once for s390x should they fail, tests for this arch
    is very flaky.
* Fri Mar 21 2025 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 3.6.5 (boo#1241263):
    + session: Strip authentication credentials on cross-origin
      redirects
    + build: Use pkg-config instead of krb5-config for the gssapi
      dependency
    + http1: When using chunked encoding report an error in case of
      unexpected stream end
    + http2:
    - When a message has no content still respect its Content-Type
    - Revert manual window size management temporarily, as it could
      stall
    + sniffer: Fix potential overflows
    + hsts: Fix minor leak
    + headers: Fix a few parsing edge cases that could be an out of
      bound read
    + connection: Avoid ever calling disconnect twice
    + auth-digest: Fix handling when a nonce isn't present
    + cookies:
    - Limit max size of max-age, path, and domain attributes to
      1024 bytes
    - Limit max size of name and value to 4096 bytes
    + docs: Remove references to old libsoup domain
    + Reintroduce some thread-safety to SoupSession (see
      https://libsoup.gnome.org/libsoup-3.0/client-thread-safety.html)
      Numerous API have been changed which is documented on
      https://libsoup.gnome.org
  - Replace pkgconfig(krb5) with pkgconfig(krb5-gssapi)
    BuildRequires: Following upstream changes, and stop passing
    krb5_config="$(which krb5-config)" to meson setup, no longer
    needed nor recognized.
* Thu Jan 16 2025 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 3.6.4:
    + http2: Fix regression on 32bit systems when reading response
      data.
* Sat Jan 11 2025 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 3.6.3:
    + http2: Significantly reduce memory usage of large requests
    + server: Treat `ECONNREFUSED` when listening on IPv6 as
      unsupported
    + auth-digest: Fix handling missing nonce/realm in responses, as
      well as a leak
    + In `soup_uri_decode_data_uri()` fix handling of URIs with a
      path beginning with `//`
    + In `soup_message_headers_get_content_disposition()` fix
      possibility of NULL-deref and double-free
    + In `soup_header_parse_quality_list()` fix leak
    + In `soup_form_decode_multipart()` fix ownership annotation for
      the multipart object
* Thu Dec 12 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - Update to version 3.6.1+4:
    + Fix ownership annotatin for soup_form_decode_multipart().
  - Convert to obs_scm source service: allow for easier maintenance.
* Wed Dec 04 2024 Michael Gorse <mgorse@suse.com>
  - Increase test timeout on s390x. The http2-body-stream test can be
    slow and sometimes times out in our builds.
* Fri Nov 22 2024 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 3.6.1:
    + Fix `soup_uri_copy()` reading port as a long instead of an int
    + Fix possible NULL deref in `soup_uri_decode_data_uri()`
    + Fix possible overflow in `SoupContentSniffer`
    + Fix assertion in `soup_uri_decode_data_uri()` on URLs with a
      path starting with `//`
    + headers: Be more robust against invalid input when parsing
      params
    + websocket: Fix possibility of being stuck in a read loop
  - Drop patches fixed upstream:
    + 6adc0e3e.patch
    + 29b96fab.patch
    + a35222dd.patch
    + 4c9e75c6.patch
* Wed Nov 13 2024 Michael Gorse <mgorse@suse.com>
  - Add 4c9e75c6.patch: fix an intermittent test failure
    (glgo#GNOME/libsoup#399).
* Tue Nov 12 2024 Michael Gorse <mgorse@suse.com>
  - Add 6adc0e3e.patch: websocket: Process the frame as soon as we
    read data (boo#1233287 CVE-2024-52532 glgo#GNOME/libsoup#391).
  - Add 29b96fab.patch: websocket-test: disconnect error copy after
    the test ends (glgo#GNOME/libsoup#391).
  - Add a35222dd.patch: be more robust against invalid input when
    parsing params (boo#1233292 CVE-2024-52531
    glgo#GNOME/libsoup!407).
* Mon Aug 26 2024 Bjørn Lie <bjorn.lie@gmail.com>
  6adc0e3e.patch
  - Update to version 3.6.0:
    + Allow HTTP/2 to be used with non-HTTP proxies
  - Changes from version 3.5.2:
    + Strictly forbid NUL bytes in headers
    + Fix minor leaks
  - Changes from version 3.5.1:
    + Add `SOUP_METHOD_PATCH`
    + websocket: Add `SoupWebsocketConnection:keepalive-pong-timeout`
      property
    + Increase maxmimum size of HTTP headers
    + Fix `soup_uri_copy()` in Vala
    + Fix leak in `soup_message_new_from_encoded_form()`
    + multipart: Improve handling of messages missing termination
    + logger:
    - Fix request filter function being called with response user
      data
    - Fix response bodies never being logged if request bodies
      aren't
    - Add Soup-Host to logged headers for when Host is missing
    + cookies:
    - Fix incorrect logic in determining same-site cookies
    - Limit the Max-Age to 1 year
    + cookie-jar-db: Explicitly handle old databases lacking
      same-site column
* Thu Oct 26 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 3.4.4:
    + Improve HTTP/2 performance when a lot of buffering happens
    + Support building libnghttp2 as a subproject
* Fri Sep 15 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 3.4.3:
    + Fix incorrect UTF-8 encoding for params in headers
    + Numerous HTTP/2 fixes and improvements
    + Fix possible crashes in connection management
    + Fix small leak in SoupServer
    + Fix the possibility of empty HTTP/2 frames being sent
* Sat Apr 29 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 3.4.2:
    + Revert changes to request cancellation.
* Fri Apr 21 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 3.4.1:
    + Fix HTTP/2 on platforms with unsigned char.
    + Change request cancellation to be handled earlier.
    + Add names to GSources and source tags to GTasks to aid
      debugging.
  - Run meson_test macro for all arches.
* Fri Mar 17 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 3.4.0:
    + Fix possible crash in SoupContentSniffer.
    + Fix socket leak.
    + Add missing annotation to
      soup_header_g_string_append_param_quoted().
* Mon Feb 13 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 3.3.1:
    + Fix regression in `SoupCookieJar` not handling valid Secure
      cookies.
    + Fix crash when skipping HTTP/1 response stream with chunked
      enconding.
    + Change Session to unqueue finished items earlier without an
      extra MainContext iteration.
* Sun Jan 22 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 3.3.0:
    + Add `SoupMessage::got-body-data` signal to monitor progress of
      reads
    + Add `soup_session_send_and_splice()` and
      `soup_session_send_and_splice_async()` convenience APIs
    + Add `soup_message_set_force_http1()` and
      `soup_message_get_force_http1()` APIs
    + Change `soup_cookie_copy()` to not retain default ports
    + Ensure `SoupServerMessage` socket is available in websocket
      handler
    + Fix `soup_message_new()` not erroring when URI has an empty
      host
    + Fix thread-saftey issues in `SoupConnectionAuth`
    + Fix various connection leaks
    + Fix the possibility of sending invalid empty
      `Sec-WebSocket-Protocol` header
    + Fix IO errors not being handled on `CONNECT` messages
    + Numerous improvements to cookies:
    - Add support for cookie prefixes (`__Secure-` and `__Host-`)
    - Reject cookies with control characters in name or value
    - Reject `SameSite=None` cookies without `Secure`
    - Change `soup_cookie_parse()` to be more strict about what is
      considered whitespace
    - Change default SameSite value to `Lax`
    - Fix `soup_cookie_equal()` with `NULL` path

Files

/usr/share/locale/as/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/be/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/bg/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/bn_IN/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/bs/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/ca/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/ca@valencia/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/cs/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/da/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/de/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/el/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/en_GB/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/eo/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/es/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/et/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/eu/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/fa/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/fi/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/fr/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/fur/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/gd/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/gl/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/gu/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/he/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/hi/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/hr/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/hu/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/id/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/it/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/ja/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/ka/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/kk/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/kn/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/ko/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/lt/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/lv/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/ml/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/mr/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/ms/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/nb/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/ne/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/nl/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/oc/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/or/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/pa/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/pl/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/pt/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/pt_BR/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/ro/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/ru/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/sk/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/sl/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/sr/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/sr@latin/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/sv/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/ta/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/te/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/th/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/tr/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/ug/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/uk/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/vi/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/zh_CN/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/zh_HK/LC_MESSAGES/libsoup-3.0.mo
/usr/share/locale/zh_TW/LC_MESSAGES/libsoup-3.0.mo

Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Mar 9 11:28:02 2026