diff --git a/CVE-2026-1761.patch b/CVE-2026-1761.patch new file mode 100644 index 0000000..281b81d --- /dev/null +++ b/CVE-2026-1761.patch @@ -0,0 +1,32 @@ +From b8a709dd9da6724feea5ce632f666d53f335700f Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Mon, 19 Jan 2026 15:14:58 +0100 +Subject: [PATCH] multipart: check length of bytes read + soup_filter_input_stream_read_until() + +We do make sure the read length is smaller than the buffer length when +the boundary is not found, but we should do the same when the boundary +is found. + +Spotted in #YWH-PGM9867-149 +Closes #493 +--- + libsoup/soup-filter-input-stream.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libsoup/soup-filter-input-stream.c b/libsoup/soup-filter-input-stream.c +index 2c30bf98..d46bff20 100644 +--- a/libsoup/soup-filter-input-stream.c ++++ b/libsoup/soup-filter-input-stream.c +@@ -272,6 +272,7 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream, + if (eof && !*got_boundary) + read_length = MIN (fstream->priv->buf->len, length); + else +- read_length = p - buf; ++ read_length = MIN ((gsize)(p - buf), length); ++ + return read_from_buf (fstream, buffer, read_length); + } +-- +2.52.0 + diff --git a/libsoup.spec b/libsoup.spec index 64029a3..2bfed73 100644 --- a/libsoup.spec +++ b/libsoup.spec @@ -2,7 +2,7 @@ Name: libsoup Version: 2.62.3 -Release: 12%{?dist} +Release: 13%{?dist} Summary: Soup, an HTTP library implementation License: LGPLv2 @@ -51,6 +51,8 @@ Patch0024: CVE-2025-14523.patch Patch0025: no-ntlm-in-fips-mode.patch # https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/494 Patch0026: CVE-2026-0719.patch +# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/496 +Patch0027: CVE-2026-1761.patch BuildRequires: chrpath BuildRequires: glib2-devel >= %{glib2_version} @@ -125,6 +127,9 @@ chrpath --delete $RPM_BUILD_ROOT%{_libdir}/*.so %{_datadir}/vala/vapi/libsoup-2.4.vapi %changelog +* Mon Feb 02 2026 Michael Catanzaro - 2.62.3-13 +- Backport patch for CVE-2026-1761 + * Fri Jan 30 2026 Michael Catanzaro - 2.62.3-12 - Backport patch for CVE-2026-0719 - Fix NTLM authentication test failures in FIPS mode