From ff968502ec4ecbebae81beb34b7b148f0e28f791 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Mon, 2 Feb 2026 15:03:10 -0600 Subject: [PATCH] Backport patch for CVE-2026-1761 Resolves: RHEL-145683 --- CVE-2026-1761.patch | 32 ++++++++++++++++++++++++++++++++ libsoup.spec | 7 ++++++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 CVE-2026-1761.patch diff --git a/CVE-2026-1761.patch b/CVE-2026-1761.patch new file mode 100644 index 0000000..bf07d4a --- /dev/null +++ b/CVE-2026-1761.patch @@ -0,0 +1,32 @@ +From 2574e765b5d74caa642d1bf4714da1f035a55e76 Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Mon, 19 Jan 2026 15:14:58 +0100 +Subject: [PATCH] multipart: check length of bytes read + soup_filter_input_stream_read_until() + +We do make sure the read length is smaller than the buffer length when +the boundary is not found, but we should do the same when the boundary +is found. + +Spotted in #YWH-PGM9867-149 +Closes #493 +--- + libsoup/soup-filter-input-stream.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libsoup/soup-filter-input-stream.c b/libsoup/soup-filter-input-stream.c +index 2c30bf98..d46bff20 100644 +--- a/libsoup/soup-filter-input-stream.c ++++ b/libsoup/soup-filter-input-stream.c +@@ -272,6 +272,7 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream, + if (eof && !*got_boundary) + read_length = MIN (fstream->priv->buf->len, length); + else +- read_length = p - buf; ++ read_length = MIN ((gsize)(p - buf), length); ++ + return read_from_buf (fstream, buffer, read_length); + } +-- +2.52.0 + diff --git a/libsoup.spec b/libsoup.spec index aabb126..f581523 100644 --- a/libsoup.spec +++ b/libsoup.spec @@ -5,7 +5,7 @@ Name: libsoup Version: 2.72.0 -Release: 15%{?dist} +Release: 16%{?dist} Summary: Soup, an HTTP library implementation License: LGPLv2 @@ -59,6 +59,8 @@ Patch: CVE-2025-4945-CVE-2025-11021.patch Patch: CVE-2025-14523.patch # https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/494 Patch: CVE-2026-0719.patch +# https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/496 +Patch: CVE-2026-1761.patch BuildRequires: gettext BuildRequires: glib2-devel >= %{glib2_version} @@ -163,6 +165,9 @@ This package contains developer documentation for %{name}. %endif %changelog +* Mon Feb 02 2026 Michael Catanzaro - 2.72.0-16 +- Backport patch for CVE-2026-1761 + * Fri Jan 30 2026 Michael Catanzaro - 2.72.0-15 - Backport patch for CVE-2026-0719 - Fix NTLM authentication test failures in FIPS mode