libsoup/soup-init.c | 28 17 + 11 - 0 !
1 file changed, 17 insertions(+), 11 deletions(-)

 soup-init: use libdl instead of gmodule in `soup2_is_loaded` check

Calling `g_module_open` in the library constructor can cause deadlocks
when libsoup is used with other libraries that also contend for GLib
mutexes. `dlopen` should be used instead.

Co-authored-by: Nirbheek Chauhan <nirbheek@centricular.com>
Bug: https://gitlab.gnome.org/GNOME/libsoup/-/issues/463
Bug: https://gitlab.gnome.org/GNOME/glib/-/issues/1443
Bug-Debian: https://bugs.debian.org/1109685

tests/ssl-test.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 skip tls_interaction test

This test is too unreliable on Debian architectures
and this package is too critical to not get timely updates

[smcv: Allow running it anyway, by setting an environment variable]

Bug: https://gitlab.gnome.org/GNOME/libsoup/issues/120

tests/test-utils.c | 11 10 + 1 - 0 !
1 file changed, 10 insertions(+), 1 deletion(-)

 record apache error log for unit tests and show it during teardown

This helps to diagnose problems with the Apache-based tests.

tests/test-utils.c | 17 14 + 3 - 0 !
1 file changed, 14 insertions(+), 3 deletions(-)

 test-utils: add more debug for starting/stopping apache

tests/meson.build | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 tests: extend timeout for http2-body-stream-test

https://bugs.debian.org/1018709

libsoup/soup-multipart.c | 2 1 + 1 - 0 !
tests/multipart-test.c | 58 58 + 0 - 0 !
2 files changed, 59 insertions(+), 1 deletion(-)

 multipart: fix read out of buffer bounds under
 soup_multipart_new_from_message()

This is CVE-2025-32914, special crafted input can cause read out of buffer bounds
of the body argument.

libsoup/server/http2/soup-server-message-io-http2.c | 4 4 + 0 - 0 !
tests/http2-test.c | 28 28 + 0 - 0 !
2 files changed, 32 insertions(+)

 soup-server-http2: check validity of the constructed connection uri

The HTTP/2 pseudo-headers can contain invalid values, which the GUri rejects
and returns NULL, but the soup-server did not check the validity and could
abort the server itself later in the code.

libsoup/server/http2/soup-server-message-io-http2.c | 15 10 + 5 - 0 !
1 file changed, 10 insertions(+), 5 deletions(-)

 soup-server-http2: correct check of the validity of the constructed
 connection URI

RFC 5740: the CONNECT has unset the "scheme" and "path", thus allow them unset.

The commit a792b23ab87cacbf4dd9462bf7b675fa678efbae also missed to decrement
the `io->in_callback` in the early returns.

Related to #429

libsoup/auth/soup-auth-digest.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 auth-digest: fix crash in soup_auth_digest_get_protection_space()

We need to validate the Domain parameter in the WWW-Authenticate header.

Unfortunately this crash only occurs when listening on default ports 80
and 443, so there's no good way to test for this. The test would require
running as root.

tests/test-utils.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 test-utils: flush stdout after printing

test_printf() would be more useful if it were to actually guarantee
that everything has printed; otherwise, it cannot be used to determine
how far we've made it in a test before a hang.

tests/test-utils.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 test-utils: fix deadlock in add_listener_in_thread()

The mutex is locked in the wrong place here.

Hopefully fixes #379

tests/meson.build | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 tests: treat multithread-test as an apache test

This test calls apache_init() to run Apache on a hard-coded port,
which means it cannot coexist with other tests in this group.
Don't allow it to parallelize with others.

Maybe helps: #1035983

libsoup/soup-form.c | 12 9 + 3 - 0 !
tests/forms-test.c | 41 41 + 0 - 0 !
2 files changed, 50 insertions(+), 3 deletions(-)

 soup-form: fix a possible memory leak in
 soup_form_decode_multipart()

The output variables can be set multiple times, when there are multiparts
with the same name, thus first clear any previously value and only then
assign a new value.

libsoup/soup-message-headers.c | 1 1 + 0 - 0 !
tests/meson.build | 1 1 + 0 - 0 !
tests/server-mem-limit-test.c | 144 144 + 0 - 0 !
3 files changed, 146 insertions(+)

 soup-message-headers: correct merge of ranges

It had been skipping every second range, which generated an array
of a lot of insane ranges, causing large memory usage by the server.

meson.build | 4 4 + 0 - 0 !
tests/server-mem-limit-test.c | 13 9 + 4 - 0 !
2 files changed, 13 insertions(+), 4 deletions(-)

 server-mem-limit-test: limit memory usage only when not built witha
 sanitizer

A build with -Db_sanitize=address crashes with failed mmap(), which is done
inside libasan. The test requires 20.0TB of virtual memory when running with
the sanitizer, which is beyond unsigned integer limits and may not trigger
the bug anyway.

tests/websocket-test.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 websocket-test: fix two memory leaks

The errors can be emitted also when joining the thread, in some cases,
thus disconnect the handlers to avoid memory leaks in such case.

tests/misc-test.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 misc-test: fix two memory leaks

It's tested it returned the data/object, but it was not freed.

tests/http2-test.c | 11 9 + 2 - 0 !
1 file changed, 9 insertions(+), 2 deletions(-)

 http2-test: fix several memory leaks

These were more or less obvious, but missed.

tests/range-test.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 range-test: fix a memory leak

The 'succeed' is an argument, set by the caller, which does not mean
the 'body' cannot be set to some data.

libsoup/soup-multipart.c | 2 1 + 1 - 0 !
tests/multipart-test.c | 40 40 + 0 - 0 !
2 files changed, 41 insertions(+), 1 deletion(-)

 soup-multipart: verify boundary limits for multipart body

It could happen that the boundary started at a place which resulted into
a negative number, which in an unsigned integer is a very large value.
Check the body size is not a negative value before setting it.

libsoup/soup-multipart.c | 2 1 + 1 - 0 !
tests/multipart-test.c | 22 22 + 0 - 0 !
2 files changed, 23 insertions(+), 1 deletion(-)

 soup-multipart: verify array bounds before accessing its members

The boundary could be at a place which, calculated, pointed
before the beginning of the array. Check the bounds, to avoid
read out of the array bounds.

libsoup/soup-date-utils.c | 23 15 + 8 - 0 !
tests/cookies-test.c | 10 10 + 0 - 0 !
2 files changed, 25 insertions(+), 8 deletions(-)

 soup-date-utils: add value checks for date/time parsing

Reject date/time when it does not represent a valid value.

libsoup/soup-date-utils.c | 8 4 + 4 - 0 !
tests/cookies-test.c | 1 1 + 0 - 0 !
tests/date-test.c | 37 30 + 7 - 0 !
3 files changed, 35 insertions(+), 11 deletions(-)

 tests: add tests for date-time including timezone validation work

These tests are built on top of earlier work in a related pull request.

tests/http2-body-stream-test.c | 10 8 + 2 - 0 !
1 file changed, 8 insertions(+), 2 deletions(-)

 tests: gracefully skip test if a large memory allocation fails

On resource-constrained 32-bit machines, it might not be possible to
allocate 1G of buffer space. Catch this and skip the test that uses
very large buffers, instead of having it fail.

Signed-off-by: Simon McVittie <smcv@debian.org>

docs/reference/libsoup.toml.in | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 docs: remove remotely accessed logo

Remote images in local documentation are not ideal from a privacy point
of view.