Go to file
RHEL Packaging Agent a21b3d7bb9 Fix integer overflow in date/time parsing
Backported upstream patch RHEL-117629.patch to fix CVE-2025-11021 security
vulnerability. The patch adds value checks for date/time parsing to reject
invalid date/time values in libsoup3 package.

Changes:
- Added RHEL-117629.patch with upstream issue reference
- Patch automatically applied via %autosetup -p1 in %prep section
- Successfully validated with rpmlint, centpkg prep, and SRPM generation

CVE: CVE-2025-11021
Upstream fix: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/473.patch
Resolves: RHEL-117628
Resolves: RHEL-123490

This commit was backported by Jotnar, a Red Hat Enterprise Linux software maintenance AI agent.

Assisted-by: Jotnar
2025-12-09 16:51:56 -06:00
.gitignore Update to 3.6.5 and add patches for CVEs 2025-04-29 15:31:14 -05:00
CVE-2025-4035.patch Fix several CVEs 2025-05-21 16:46:41 -05:00
CVE-2025-4948.patch Fix several CVEs 2025-05-21 16:46:41 -05:00
CVE-2025-32049.patch Fix several CVEs 2025-05-21 16:46:41 -05:00
CVE-2025-32907.patch Fix several CVEs 2025-05-21 16:46:41 -05:00
CVE-2025-32908.patch Fix several CVEs 2025-05-21 16:46:41 -05:00
CVE-2025-32914.patch Update to 3.6.5 and add patches for CVEs 2025-04-29 15:31:14 -05:00
gating.yaml Add gating.yaml via API 2024-04-25 15:13:13 +00:00
http2-body-size-test-timeout.patch Add patch to hopefully fix http2-body-size-test timeouts 2025-05-01 09:07:59 -05:00
libsoup3.spec Fix integer overflow in date/time parsing 2025-12-09 16:51:56 -06:00
README.md Added the README 2022-01-19 20:05:03 +00:00
RHEL-117629.patch Fix integer overflow in date/time parsing 2025-12-09 16:51:56 -06:00
server-test-timeout.patch Add patch to hopefully fix server-test timeouts 2025-04-30 14:33:17 -05:00
sources Update to 3.6.5 and add patches for CVEs 2025-04-29 15:31:14 -05:00
test-timeouts.patch Update to 3.6.5 and add patches for CVEs 2025-04-29 15:31:14 -05:00

libsoup3

The libsoup3 package