From 3acb72ecbe2866f17f210bf87c90edf1d7636cce Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 16 May 2023 06:22:20 +0000 Subject: [PATCH] import libsoup-2.62.3-3.el8 --- .gitignore | 1 + .libsoup.metadata | 1 + ...e-any-messages-after-close-has-been-.patch | 95 ++ ...-null-characters-in-text-messages-da.patch | 152 +++ ...kets-only-poll-IO-stream-when-needed.patch | 299 ++++++ SOURCES/0004-ntlmv2.patch | 356 +++++++ SPECS/libsoup.spec | 902 ++++++++++++++++++ 7 files changed, 1806 insertions(+) create mode 100644 .gitignore create mode 100644 .libsoup.metadata create mode 100644 SOURCES/0001-WebSockets-ignore-any-messages-after-close-has-been-.patch create mode 100644 SOURCES/0002-WebSockets-allow-null-characters-in-text-messages-da.patch create mode 100644 SOURCES/0003-WebSockets-only-poll-IO-stream-when-needed.patch create mode 100644 SOURCES/0004-ntlmv2.patch create mode 100644 SPECS/libsoup.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6097314 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libsoup-2.62.3.tar.xz diff --git a/.libsoup.metadata b/.libsoup.metadata new file mode 100644 index 0000000..fdc780e --- /dev/null +++ b/.libsoup.metadata @@ -0,0 +1 @@ +8b9c743348b1f9fc044c6abf3431899154e93ad1 SOURCES/libsoup-2.62.3.tar.xz diff --git a/SOURCES/0001-WebSockets-ignore-any-messages-after-close-has-been-.patch b/SOURCES/0001-WebSockets-ignore-any-messages-after-close-has-been-.patch new file mode 100644 index 0000000..644cb53 --- /dev/null +++ b/SOURCES/0001-WebSockets-ignore-any-messages-after-close-has-been-.patch @@ -0,0 +1,95 @@ +From d9c729aa5a7991182fa7bdb8d94442f8f0cf055b Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Fri, 19 Jul 2019 14:56:05 +0200 +Subject: [PATCH] WebSockets: ignore any messages after close has been sent and + received + +We currently ignore data frames when close has been received, but we +should also ignore any frame after close has been sent and received. +Currently, if we receive two close frames we end up with the code and +reason of the second frame, while the RFC says: "The WebSocket +Connection Close Code is defined as the status code contained in the +first Close control frame received by the application implementing +this protocol." +--- + libsoup/soup-websocket-connection.c | 3 ++ + tests/websocket-test.c | 48 +++++++++++++++++++++++++++++ + 2 files changed, 51 insertions(+) + +diff --git libsoup/soup-websocket-connection.c libsoup/soup-websocket-connection.c +--- a/libsoup/soup-websocket-connection.c ++++ b/libsoup/soup-websocket-connection.c +@@ -690,6 +690,9 @@ + SoupWebsocketConnectionPrivate *pv = self->pv; + GBytes *message; + ++ if (pv->close_sent && pv->close_received) ++ return; ++ + if (control) { + /* Control frames must never be fragmented */ + if (!fin) { +--- a/tests/websocket-test.c ++++ b/tests/websocket-test.c +@@ -707,6 +707,49 @@ + } + + static gpointer ++close_after_close_server_thread (gpointer user_data) ++{ ++ Test *test = user_data; ++ gsize written; ++ const char frames[] = ++ "\x88\x09\x03\xe8""reason1" ++ "\x88\x09\x03\xe8""reason2"; ++ GError *error = NULL; ++ ++ g_mutex_lock (&test->mutex); ++ g_mutex_unlock (&test->mutex); ++ ++ g_output_stream_write_all (g_io_stream_get_output_stream (test->raw_server), ++ frames, sizeof (frames) -1, &written, NULL, &error); ++ g_assert_no_error (error); ++ g_assert_cmpuint (written, ==, sizeof (frames) - 1); ++ g_io_stream_close (test->raw_server, NULL, &error); ++ g_assert_no_error (error); ++ ++ return NULL; ++} ++ ++static void ++test_close_after_close (Test *test, ++ gconstpointer data) ++{ ++ GThread *thread; ++ ++ g_mutex_lock (&test->mutex); ++ ++ thread = g_thread_new ("close-after-close-thread", close_after_close_server_thread, test); ++ ++ soup_websocket_connection_close (test->client, SOUP_WEBSOCKET_CLOSE_NORMAL, "reason1"); ++ g_mutex_unlock (&test->mutex); ++ ++ g_thread_join (thread); ++ ++ WAIT_UNTIL (soup_websocket_connection_get_state (test->client) == SOUP_WEBSOCKET_STATE_CLOSED); ++ g_assert_cmpuint (soup_websocket_connection_get_close_code (test->client), ==, SOUP_WEBSOCKET_CLOSE_NORMAL); ++ g_assert_cmpstr (soup_websocket_connection_get_close_data (test->client), ==, "reason1"); ++} ++ ++static gpointer + timeout_server_thread (gpointer user_data) + { + Test *test = user_data; +@@ -918,6 +961,11 @@ + test_message_after_closing, + teardown_soup_connection); + ++ g_test_add ("/websocket/direct/close-after-close", Test, NULL, ++ setup_half_direct_connection, ++ test_close_after_close, ++ teardown_direct_connection); ++ + + g_test_add ("/websocket/direct/protocol-negotiate", Test, NULL, NULL, + test_protocol_negotiate_direct, diff --git a/SOURCES/0002-WebSockets-allow-null-characters-in-text-messages-da.patch b/SOURCES/0002-WebSockets-allow-null-characters-in-text-messages-da.patch new file mode 100644 index 0000000..113e461 --- /dev/null +++ b/SOURCES/0002-WebSockets-allow-null-characters-in-text-messages-da.patch @@ -0,0 +1,152 @@ +From 109bb2f692c746bc63a0ade8737b584aecb0b1ad Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Thu, 27 Jun 2019 16:03:21 +0200 +Subject: [PATCH] WebSockets: allow null characters in text messages data + +RFC 6455 says that text messages should contains valid UTF-8, and null +characters valid according to RFC 3629. However, we are using +g_utf8_validate(), which considers null characters as errors, to +validate WebSockets text messages. This patch adds an internal +utf8_validate() function based on g_utf8_validate() but allowing null +characters and just returning a gboolean since we are always ignoring +the end parameter in case of errors. +soup_websocket_connection_send_text() assumes the given text is null +terminated, so we need a new public function to allow sending text +messages containing null characters. This patch adds +soup_websocket_connection_send_message() that receives a +SoupWebsocketDataType and GBytes, which is consistent with +SoupWebsocketConnection::message signal. + +For RHEL backport, drop the addition of soup_websocket_connection_send_message() +as we don't need it and don't want to expose new API. +diff --git libsoup/soup-websocket-connection.c libsoup/soup-websocket-connection.c +index 66bd6871..67a98731 100644 +--- a/libsoup/soup-websocket-connection.c ++++ b/libsoup/soup-websocket-connection.c +@@ -155,6 +155,82 @@ + + static void protocol_error_and_close (SoupWebsocketConnection *self); + ++/* Code below is based on g_utf8_validate() implementation, ++ * but handling NULL characters as valid, as expected by ++ * WebSockets and compliant with RFC 3629. ++ */ ++#define VALIDATE_BYTE(mask, expect) \ ++ G_STMT_START { \ ++ if (G_UNLIKELY((*(guchar *)p & (mask)) != (expect))) \ ++ return FALSE; \ ++ } G_STMT_END ++ ++/* see IETF RFC 3629 Section 4 */ ++static gboolean ++utf8_validate (const char *str, ++ gsize max_len) ++ ++{ ++ const gchar *p; ++ ++ for (p = str; ((p - str) < max_len); p++) { ++ if (*(guchar *)p < 128) ++ /* done */; ++ else { ++ if (*(guchar *)p < 0xe0) { /* 110xxxxx */ ++ if (G_UNLIKELY (max_len - (p - str) < 2)) ++ return FALSE; ++ ++ if (G_UNLIKELY (*(guchar *)p < 0xc2)) ++ return FALSE; ++ } else { ++ if (*(guchar *)p < 0xf0) { /* 1110xxxx */ ++ if (G_UNLIKELY (max_len - (p - str) < 3)) ++ return FALSE; ++ ++ switch (*(guchar *)p++ & 0x0f) { ++ case 0: ++ VALIDATE_BYTE(0xe0, 0xa0); /* 0xa0 ... 0xbf */ ++ break; ++ case 0x0d: ++ VALIDATE_BYTE(0xe0, 0x80); /* 0x80 ... 0x9f */ ++ break; ++ default: ++ VALIDATE_BYTE(0xc0, 0x80); /* 10xxxxxx */ ++ } ++ } else if (*(guchar *)p < 0xf5) { /* 11110xxx excluding out-of-range */ ++ if (G_UNLIKELY (max_len - (p - str) < 4)) ++ return FALSE; ++ ++ switch (*(guchar *)p++ & 0x07) { ++ case 0: ++ VALIDATE_BYTE(0xc0, 0x80); /* 10xxxxxx */ ++ if (G_UNLIKELY((*(guchar *)p & 0x30) == 0)) ++ return FALSE; ++ break; ++ case 4: ++ VALIDATE_BYTE(0xf0, 0x80); /* 0x80 ... 0x8f */ ++ break; ++ default: ++ VALIDATE_BYTE(0xc0, 0x80); /* 10xxxxxx */ ++ } ++ p++; ++ VALIDATE_BYTE(0xc0, 0x80); /* 10xxxxxx */ ++ } else { ++ return FALSE; ++ } ++ } ++ ++ p++; ++ VALIDATE_BYTE(0xc0, 0x80); /* 10xxxxxx */ ++ } ++ } ++ ++ return TRUE; ++} ++ ++#undef VALIDATE_BYTE ++ + static void + frame_free (gpointer data) + { +@@ -629,7 +705,7 @@ + data += 2; + len -= 2; + +- if (!g_utf8_validate ((char *)data, len, NULL)) { ++ if (!utf8_validate ((const char *)data, len)) { + g_debug ("received non-UTF8 close data: %d '%.*s' %d", (int)len, (int)len, (char *)data, (int)data[0]); + protocol_error_and_close (self); + return; +@@ -777,9 +853,8 @@ + /* Actually deliver the message? */ + if (fin) { + if (pv->message_opcode == 0x01 && +- !g_utf8_validate((char *)pv->message_data->data, +- pv->message_data->len, +- NULL)) { ++ !utf8_validate((const char *)pv->message_data->data, ++ pv->message_data->len)) { + + g_debug ("received invalid non-UTF8 text data"); + +@@ -1699,7 +1774,9 @@ + * @self: the WebSocket + * @text: the message contents + * +- * Send a text (UTF-8) message to the peer. ++ * Send a %NULL-terminated text (UTF-8) message to the peer. If you need ++ * to send text messages containing %NULL characters use ++ * soup_websocket_connection_send_message() instead. + * + * The message is queued to be sent and will be sent when the main loop + * is run. +@@ -1717,7 +1794,7 @@ + g_return_if_fail (text != NULL); + + length = strlen (text); +- g_return_if_fail (g_utf8_validate (text, length, NULL)); ++ g_return_if_fail (utf8_validate (text, length)); + + send_message (self, SOUP_WEBSOCKET_QUEUE_NORMAL, 0x01, (const guint8 *) text, length); + } +-- +2.26.2 + diff --git a/SOURCES/0003-WebSockets-only-poll-IO-stream-when-needed.patch b/SOURCES/0003-WebSockets-only-poll-IO-stream-when-needed.patch new file mode 100644 index 0000000..820d0c4 --- /dev/null +++ b/SOURCES/0003-WebSockets-only-poll-IO-stream-when-needed.patch @@ -0,0 +1,299 @@ +From 35f1bac5ff9ec694e64b65e51f0e7a3226aa3aaf Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Wed, 28 Aug 2019 10:51:18 +0200 +Subject: [PATCH] WebSockets: only poll IO stream when needed + +Instead of having two pollable sources constantly running, always try to +read/write without blocking and start polling if the operation returns +G_IO_ERROR_WOULD_BLOCK. This patch also fixes test +/websocket/direct/close-after-close that was passing but not actually +testing what we wanted, because the client close was never sent. When +the mutex is released, the frame has been queued, but not sent. + +diff --git libsoup/soup-websocket-connection.c libsoup/soup-websocket-connection.c +index 345040fe..6afbbe67 100644 +--- a/libsoup/soup-websocket-connection.c ++++ b/libsoup/soup-websocket-connection.c +@@ -147,6 +147,7 @@ + }; + + #define MAX_INCOMING_PAYLOAD_SIZE_DEFAULT 128 * 1024 ++#define READ_BUFFER_SIZE 1024 + + G_DEFINE_TYPE_WITH_PRIVATE (SoupWebsocketConnection, soup_websocket_connection, G_TYPE_OBJECT) + +@@ -155,6 +156,11 @@ + + static void protocol_error_and_close (SoupWebsocketConnection *self); + ++static gboolean on_web_socket_input (GObject *pollable_stream, ++ gpointer user_data); ++static gboolean on_web_socket_output (GObject *pollable_stream, ++ gpointer user_data); ++ + /* Code below is based on g_utf8_validate() implementation, + * but handling NULL characters as valid, as expected by + * WebSockets and compliant with RFC 3629. +@@ -283,7 +289,20 @@ + } + + static void +-stop_input (SoupWebsocketConnection *self) ++soup_websocket_connection_start_input_source (SoupWebsocketConnection *self) ++{ ++ SoupWebsocketConnectionPrivate *pv = self->pv; ++ ++ if (pv->input_source) ++ return; ++ ++ pv->input_source = g_pollable_input_stream_create_source (pv->input, NULL); ++ g_source_set_callback (pv->input_source, (GSourceFunc)on_web_socket_input, self, NULL); ++ g_source_attach (pv->input_source, pv->main_context); ++} ++ ++static void ++soup_websocket_connection_stop_input_source (SoupWebsocketConnection *self) + { + SoupWebsocketConnectionPrivate *pv = self->pv; + +@@ -296,7 +315,20 @@ + } + + static void +-stop_output (SoupWebsocketConnection *self) ++soup_websocket_connection_start_output_source (SoupWebsocketConnection *self) ++{ ++ SoupWebsocketConnectionPrivate *pv = self->pv; ++ ++ if (pv->output_source) ++ return; ++ ++ pv->output_source = g_pollable_output_stream_create_source (pv->output, NULL); ++ g_source_set_callback (pv->output_source, (GSourceFunc)on_web_socket_output, self, NULL); ++ g_source_attach (pv->output_source, pv->main_context); ++} ++ ++static void ++soup_websocket_connection_stop_output_source (SoupWebsocketConnection *self) + { + SoupWebsocketConnectionPrivate *pv = self->pv; + +@@ -341,8 +373,8 @@ + close_io_stop_timeout (self); + + if (!pv->io_closing) { +- stop_input (self); +- stop_output (self); ++ soup_websocket_connection_stop_input_source (self); ++ soup_websocket_connection_stop_output_source (self); + pv->io_closing = TRUE; + g_debug ("closing io stream"); + g_io_stream_close_async (pv->io_stream, G_PRIORITY_DEFAULT, +@@ -359,7 +391,7 @@ + GSocket *socket; + GError *error = NULL; + +- stop_output (self); ++ soup_websocket_connection_stop_output_source (self); + + if (G_IS_SOCKET_CONNECTION (pv->io_stream)) { + socket = g_socket_connection_get_socket (G_SOCKET_CONNECTION (pv->io_stream)); +@@ -612,9 +644,6 @@ + self->pv->connection_type == SOUP_WEBSOCKET_CONNECTION_SERVER ? "server" : "client", + payload_len, self->pv->max_incoming_payload_size); + emit_error_and_close (self, error, TRUE); +- +- /* The input is in an invalid state now */ +- stop_input (self); + } + + static void +@@ -981,32 +1010,31 @@ + ; + } + +-static gboolean +-on_web_socket_input (GObject *pollable_stream, +- gpointer user_data) ++static void ++soup_websocket_connection_read (SoupWebsocketConnection *self) + { +- SoupWebsocketConnection *self = SOUP_WEBSOCKET_CONNECTION (user_data); + SoupWebsocketConnectionPrivate *pv = self->pv; + GError *error = NULL; + gboolean end = FALSE; + gssize count; + gsize len; + ++ soup_websocket_connection_stop_input_source (self); ++ + do { + len = pv->incoming->len; +- g_byte_array_set_size (pv->incoming, len + 1024); ++ g_byte_array_set_size (pv->incoming, len + READ_BUFFER_SIZE); + + count = g_pollable_input_stream_read_nonblocking (pv->input, + pv->incoming->data + len, +- 1024, NULL, &error); +- ++ READ_BUFFER_SIZE, NULL, &error); + if (count < 0) { + if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK)) { + g_error_free (error); + count = 0; + } else { + emit_error_and_close (self, error, TRUE); +- return TRUE; ++ return; + } + } else if (count == 0) { + end = TRUE; +@@ -1026,16 +1054,24 @@ + } + + close_io_stream (self); ++ return; + } + +- return TRUE; ++ soup_websocket_connection_start_input_source (self); + } + + static gboolean +-on_web_socket_output (GObject *pollable_stream, +- gpointer user_data) ++on_web_socket_input (GObject *pollable_stream, ++ gpointer user_data) ++{ ++ soup_websocket_connection_read (SOUP_WEBSOCKET_CONNECTION (user_data)); ++ ++ return G_SOURCE_REMOVE; ++} ++ ++static void ++soup_websocket_connection_write (SoupWebsocketConnection *self) + { +- SoupWebsocketConnection *self = SOUP_WEBSOCKET_CONNECTION (user_data); + SoupWebsocketConnectionPrivate *pv = self->pv; + const guint8 *data; + GError *error = NULL; +@@ -1043,19 +1079,18 @@ + gssize count; + gsize len; + ++ soup_websocket_connection_stop_output_source (self); ++ + if (soup_websocket_connection_get_state (self) == SOUP_WEBSOCKET_STATE_CLOSED) { + g_debug ("Ignoring message since the connection is closed"); +- stop_output (self); +- return TRUE; ++ return; + } + + frame = g_queue_peek_head (&pv->outgoing); + + /* No more frames to send */ +- if (frame == NULL) { +- stop_output (self); +- return TRUE; +- } ++ if (frame == NULL) ++ return; + + data = g_bytes_get_data (frame->data, &len); + g_assert (len > 0); +@@ -1075,7 +1110,7 @@ + frame->pending = TRUE; + } else { + emit_error_and_close (self, error, TRUE); +- return FALSE; ++ return; + } + } + +@@ -1093,23 +1128,21 @@ + } + } + frame_free (frame); ++ ++ if (g_queue_is_empty (&pv->outgoing)) ++ return; + } + +- return TRUE; ++ soup_websocket_connection_start_output_source (self); + } + +-static void +-start_output (SoupWebsocketConnection *self) ++static gboolean ++on_web_socket_output (GObject *pollable_stream, ++ gpointer user_data) + { +- SoupWebsocketConnectionPrivate *pv = self->pv; +- +- if (pv->output_source) +- return; ++ soup_websocket_connection_write (SOUP_WEBSOCKET_CONNECTION (user_data)); + +- g_debug ("starting output source"); +- pv->output_source = g_pollable_output_stream_create_source (pv->output, NULL); +- g_source_set_callback (pv->output_source, (GSourceFunc)on_web_socket_output, self, NULL); +- g_source_attach (pv->output_source, pv->main_context); ++ return G_SOURCE_REMOVE; + } + + static void +@@ -1150,7 +1183,7 @@ + g_queue_push_tail (&pv->outgoing, frame); + } + +- start_output (self); ++ soup_websocket_connection_write (self); + } + + static void +@@ -1175,9 +1208,7 @@ + pv->output = G_POLLABLE_OUTPUT_STREAM (os); + g_return_if_fail (g_pollable_output_stream_can_poll (pv->output)); + +- pv->input_source = g_pollable_input_stream_create_source (pv->input, NULL); +- g_source_set_callback (pv->input_source, (GSourceFunc)on_web_socket_input, self, NULL); +- g_source_attach (pv->input_source, pv->main_context); ++ soup_websocket_connection_start_input_source (self); + } + + static void +diff --git tests/websocket-test.c tests/websocket-test.c +index 146fdf82..26d064df 100644 +--- a/tests/websocket-test.c ++++ b/tests/websocket-test.c +@@ -733,6 +733,7 @@ + const char frames[] = + "\x88\x09\x03\xe8""reason1" + "\x88\x09\x03\xe8""reason2"; ++ GSocket *socket; + GError *error = NULL; + + g_mutex_lock (&test->mutex); +@@ -742,7 +743,8 @@ + frames, sizeof (frames) -1, &written, NULL, &error); + g_assert_no_error (error); + g_assert_cmpuint (written, ==, sizeof (frames) - 1); +- g_io_stream_close (test->raw_server, NULL, &error); ++ socket = g_socket_connection_get_socket (G_SOCKET_CONNECTION (test->raw_server)); ++ g_socket_shutdown (socket, FALSE, TRUE, &error); + g_assert_no_error (error); + + return NULL; +@@ -766,6 +768,7 @@ + WAIT_UNTIL (soup_websocket_connection_get_state (test->client) == SOUP_WEBSOCKET_STATE_CLOSED); + g_assert_cmpuint (soup_websocket_connection_get_close_code (test->client), ==, SOUP_WEBSOCKET_CLOSE_NORMAL); + g_assert_cmpstr (soup_websocket_connection_get_close_data (test->client), ==, "reason1"); ++ g_io_stream_close (test->raw_server, NULL, NULL); + } + + static gpointer +-- +2.26.2 + diff --git a/SOURCES/0004-ntlmv2.patch b/SOURCES/0004-ntlmv2.patch new file mode 100644 index 0000000..1fad130 --- /dev/null +++ b/SOURCES/0004-ntlmv2.patch @@ -0,0 +1,356 @@ +diff -up libsoup-2.62.3/libsoup/soup-auth-ntlm.c.4 libsoup-2.62.3/libsoup/soup-auth-ntlm.c +--- libsoup-2.62.3/libsoup/soup-auth-ntlm.c.4 2021-03-12 07:30:03.366088932 +0100 ++++ libsoup-2.62.3/libsoup/soup-auth-ntlm.c 2021-03-12 07:30:25.296043405 +0100 +@@ -12,6 +12,8 @@ + #include + #include + #include ++#include ++ + #include + + #include "soup-auth-ntlm.h" +@@ -26,14 +28,20 @@ static char *soup_ntlm_request + static gboolean soup_ntlm_parse_challenge (const char *challenge, + char **nonce, + char **default_domain, +- gboolean *ntlmv2_session); +-static char *soup_ntlm_response (const char *nonce, ++ gboolean *ntlmv2_session, ++ gboolean *negotiate_target, ++ char **target_info, ++ size_t *target_info_sz); ++static char *soup_ntlm_response (const char *nonce, + const char *user, + guchar nt_hash[21], + guchar lm_hash[21], + const char *host, + const char *domain, +- gboolean ntlmv2_session); ++ gboolean ntlmv2_session, ++ gboolean negotiate_target, ++ const char *target_info, ++ size_t target_info_sz); + + typedef enum { + SOUP_NTLM_NEW, +@@ -49,6 +57,9 @@ typedef struct { + char *nonce; + char *response_header; + gboolean ntlmv2_session; ++ gboolean negotiate_target; ++ char *target_info; ++ size_t target_info_sz; + } SoupNTLMConnectionState; + + typedef enum { +@@ -280,6 +291,7 @@ soup_auth_ntlm_free_connection_state (So + + g_free (conn->nonce); + g_free (conn->response_header); ++ g_free (conn->target_info); + g_slice_free (SoupNTLMConnectionState, conn); + } + +@@ -339,7 +351,8 @@ soup_auth_ntlm_update_connection (SoupCo + + if (!soup_ntlm_parse_challenge (auth_header + 5, &conn->nonce, + priv->domain ? NULL : &priv->domain, +- &conn->ntlmv2_session)) { ++ &conn->ntlmv2_session, &conn->negotiate_target, ++ &conn->target_info, &conn->target_info_sz)) { + conn->state = SOUP_NTLM_FAILED; + return FALSE; + } +@@ -521,7 +534,10 @@ soup_auth_ntlm_get_connection_authorizat + priv->lm_hash, + NULL, + priv->domain, +- conn->ntlmv2_session); ++ conn->ntlmv2_session, ++ conn->negotiate_target, ++ conn->target_info, ++ conn->target_info_sz); + } + g_clear_pointer (&conn->nonce, g_free); + conn->state = SOUP_NTLM_SENT_RESPONSE; +@@ -647,14 +663,20 @@ typedef struct { + #define NTLM_CHALLENGE_NONCE_OFFSET 24 + #define NTLM_CHALLENGE_NONCE_LENGTH 8 + #define NTLM_CHALLENGE_DOMAIN_STRING_OFFSET 12 ++#define NTLM_CHALLENGE_TARGET_INFORMATION_OFFSET 40 + + #define NTLM_CHALLENGE_FLAGS_OFFSET 20 + #define NTLM_FLAGS_NEGOTIATE_NTLMV2 0x00080000 ++#define NTLM_FLAGS_NEGOTIATE_TARGET_INFORMATION 0x00800000 ++#define NTLM_FLAGS_REQUEST_TARGET 0x00000004 + + #define NTLM_RESPONSE_HEADER "NTLMSSP\x00\x03\x00\x00\x00" + #define NTLM_RESPONSE_FLAGS 0x8201 ++#define NTLM_RESPONSE_TARGET_INFORMATION_OFFSET 44 + #define NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0x00080000 + ++#define HMAC_MD5_LENGTH 16 ++ + typedef struct { + guchar header[12]; + +@@ -686,10 +708,14 @@ static gboolean + soup_ntlm_parse_challenge (const char *challenge, + char **nonce, + char **default_domain, +- gboolean *ntlmv2_session) ++ gboolean *ntlmv2_session, ++ gboolean *negotiate_target, ++ char **target_info, ++ size_t *target_info_sz) + { + gsize clen; + NTLMString domain; ++ NTLMString target; + guchar *chall; + guint32 flags; + +@@ -703,6 +729,14 @@ soup_ntlm_parse_challenge (const char *c + memcpy (&flags, chall + NTLM_CHALLENGE_FLAGS_OFFSET, sizeof(flags)); + flags = GUINT_FROM_LE (flags); + *ntlmv2_session = (flags & NTLM_FLAGS_NEGOTIATE_NTLMV2) ? TRUE : FALSE; ++ /* To know if NTLMv2 responses should be calculated */ ++ *negotiate_target = (flags & NTLM_FLAGS_NEGOTIATE_TARGET_INFORMATION ) ? TRUE : FALSE; ++ if (*negotiate_target) { ++ if (clen < NTLM_CHALLENGE_TARGET_INFORMATION_OFFSET + sizeof (target)) { ++ g_free (chall); ++ return FALSE; ++ } ++ } + + if (default_domain) { + memcpy (&domain, chall + NTLM_CHALLENGE_DOMAIN_STRING_OFFSET, sizeof (domain)); +@@ -723,6 +757,19 @@ soup_ntlm_parse_challenge (const char *c + *nonce = g_memdup (chall + NTLM_CHALLENGE_NONCE_OFFSET, + NTLM_CHALLENGE_NONCE_LENGTH); + } ++ /* For NTLMv2 response */ ++ if (*negotiate_target && target_info) { ++ memcpy (&target, chall + NTLM_CHALLENGE_TARGET_INFORMATION_OFFSET, sizeof (target)); ++ target.length = GUINT16_FROM_LE (target.length); ++ target.offset = GUINT16_FROM_LE (target.offset); ++ ++ if (clen < target.length + target.offset) { ++ g_free (chall); ++ return FALSE; ++ } ++ *target_info = g_memdup (chall + target.offset, target.length); ++ *target_info_sz = target.length; ++ } + + g_free (chall); + return TRUE; +@@ -761,6 +808,115 @@ calc_ntlm2_session_response (const char + calc_response (nt_hash, ntlmv2_hash, nt_resp); + } + ++/* Compute HMAC-MD5 with Glib function*/ ++static void ++calc_hmac_md5 (unsigned char *hmac, const guchar *key, gsize key_sz, const guchar *data, gsize data_sz) ++{ ++ char *hmac_hex, *hex_pos; ++ size_t count; ++ ++ hmac_hex = g_compute_hmac_for_data(G_CHECKSUM_MD5, key, key_sz, data, data_sz); ++ hex_pos = hmac_hex; ++ for (count = 0; count < HMAC_MD5_LENGTH; count++) ++ { ++ /* The 'hh' sscanf format modifier is C99, so we enable it on ++ * non-Windows or if __USE_MINGW_ANSI_STDIO is enabled or` ++ * if we are building on Visual Studio 2015 or later ++ */ ++#if !defined (G_OS_WIN32) || (__USE_MINGW_ANSI_STDIO == 1) || (_MSC_VER >= 1900) ++ sscanf(hex_pos, "%2hhx", &hmac[count]); ++#else ++ unsigned int tmp_hmac; ++ sscanf(hex_pos, "%2x", &tmp_hmac); ++ hmac[count] = (guint8)tmp_hmac; ++#endif ++ ++ hex_pos += 2; ++ } ++ g_free(hmac_hex); ++} ++ ++static void ++calc_ntlmv2_response (const char *user, const char *domain, ++ const guchar *nt_hash, const gsize nt_hash_sz, ++ const guchar *nonce, ++ const char *target_info, size_t target_info_sz, ++ guchar *lm_resp, size_t lm_resp_sz, ++ guchar *nt_resp, size_t nt_resp_sz) ++{ ++ const unsigned char blob_signature[] = {0x01,0x01,0x00,0x00}; ++ const unsigned char blob_reserved[] = {0x00,0x00,0x00,0x00}; ++ gint64 blob_timestamp; ++ unsigned char client_nonce[8]; ++ const unsigned char blob_unknown[] = {0x00,0x00,0x00,0x00}; ++ ++ unsigned char ntv2_hash[HMAC_MD5_LENGTH]; ++ guchar *nonce_blob, *blob, *p_blob; ++ unsigned char nonce_blob_hash[HMAC_MD5_LENGTH]; ++ unsigned char nonce_client_nonce[16], nonce_client_nonce_hash[HMAC_MD5_LENGTH]; ++ gchar *user_uppercase, *user_domain, *user_domain_conv; ++ gsize user_domain_conv_sz; ++ size_t blob_sz; ++ int i; ++ ++ /* create HMAC-MD5 hash of Unicode uppercase username and Unicode domain */ ++ user_uppercase = g_utf8_strup (user, strlen (user)); ++ user_domain = g_strconcat (user_uppercase, domain, NULL); ++ user_domain_conv = g_convert (user_domain, -1, "UCS-2LE", "UTF-8", NULL, &user_domain_conv_sz, NULL); ++ calc_hmac_md5 (ntv2_hash, nt_hash, nt_hash_sz, (const guchar *)user_domain_conv, user_domain_conv_sz); ++ g_free (user_uppercase); ++ g_free (user_domain); ++ g_free (user_domain_conv); ++ ++ /* create random client nonce */ ++ for (i = 0; i < sizeof (client_nonce); i++) ++ { ++ client_nonce[i] = g_random_int(); ++ } ++ ++ /* create timestamp for blob ++ * LE, 64-bit signed value, number of tenths of a ms since January 1, 1601.*/ ++ blob_timestamp = GINT64_TO_LE(((unsigned long)time(NULL) + 11644473600) * 10000000); ++ ++ /* create blob */ ++ blob_sz = sizeof (blob_signature) + sizeof (blob_reserved) + ++ sizeof (blob_timestamp) + sizeof (client_nonce) + ++ sizeof (blob_unknown) + target_info_sz; ++ p_blob = blob = g_malloc (blob_sz); ++ memset (blob, 0, blob_sz); ++ memcpy (p_blob, blob_signature, sizeof (blob_signature)); ++ memcpy (p_blob += sizeof (blob_signature), blob_reserved, sizeof (blob_reserved)); ++ memcpy (p_blob += sizeof (blob_reserved), &blob_timestamp, sizeof (blob_timestamp)); ++ memcpy (p_blob += sizeof (blob_timestamp), client_nonce, sizeof (client_nonce)); ++ memcpy (p_blob += sizeof (client_nonce), blob_unknown, sizeof (blob_unknown)); ++ memcpy (p_blob += sizeof (blob_unknown), target_info, target_info_sz); ++ ++ /* create HMAC-MD5 hash of concatenated nonce and blob */ ++ nonce_blob = g_malloc (NTLM_CHALLENGE_NONCE_LENGTH + blob_sz); ++ memcpy (nonce_blob, nonce, NTLM_CHALLENGE_NONCE_LENGTH); ++ memcpy (nonce_blob + NTLM_CHALLENGE_NONCE_LENGTH, blob, blob_sz); ++ calc_hmac_md5 (nonce_blob_hash, (const guchar *)ntv2_hash, (gsize) sizeof (ntv2_hash), (const guchar *) nonce_blob, (gsize) NTLM_CHALLENGE_NONCE_LENGTH + blob_sz); ++ g_free (nonce_blob); ++ ++ /* create NTv2 response */ ++ memset (nt_resp, 0, nt_resp_sz); ++ memcpy (nt_resp, nonce_blob_hash, sizeof (nonce_blob_hash)); ++ memcpy (nt_resp + sizeof (nonce_blob_hash), blob, blob_sz); ++ ++ g_free (blob); ++ ++ /* LMv2 ++ * create HMAC-MD5 hash of concatenated nonce and client nonce ++ */ ++ memcpy (nonce_client_nonce, nonce, NTLM_CHALLENGE_NONCE_LENGTH); ++ memcpy (nonce_client_nonce + NTLM_CHALLENGE_NONCE_LENGTH, client_nonce, sizeof (client_nonce)); ++ calc_hmac_md5 (nonce_client_nonce_hash, (const guchar *) ntv2_hash, (gsize) sizeof (ntv2_hash), (const guchar *) nonce_client_nonce, (gsize) NTLM_CHALLENGE_NONCE_LENGTH + sizeof (client_nonce)); ++ ++ /* create LMv2 response */ ++ memset (lm_resp, 0, lm_resp_sz); ++ memcpy (lm_resp, nonce_client_nonce_hash, sizeof (nonce_client_nonce_hash)); ++ memcpy (lm_resp + sizeof (nonce_client_nonce_hash), client_nonce, sizeof (client_nonce)); ++} + + static char * + soup_ntlm_response (const char *nonce, +@@ -769,23 +925,45 @@ soup_ntlm_response (const char *nonce, + guchar lm_hash[21], + const char *host, + const char *domain, +- gboolean ntlmv2_session) ++ gboolean ntlmv2_session, ++ gboolean negotiate_target, ++ const char *target_info, ++ size_t target_info_sz) + { ++ + int offset; +- gsize hlen, dlen, ulen; +- guchar lm_resp[24], nt_resp[24]; ++ gsize hlen, dlen, ulen, nt_resp_sz; ++ guchar lm_resp[24], *nt_resp; + char *user_conv, *host_conv, *domain_conv; + NTLMResponse resp; + char *out, *p; + int state, save; + +- if (ntlmv2_session) { ++ if (negotiate_target) ++ { ++ /* nonce_blob_hash 16 + blob_signature 4 + blob_reserved 4 + ++ * blob_timestamp 8 + client_nonce 8 + blob_unknown 4 + ++ * target_info*/ ++ nt_resp_sz = NTLM_RESPONSE_TARGET_INFORMATION_OFFSET + target_info_sz; ++ } else { ++ nt_resp_sz = 24; ++ } ++ nt_resp = g_malloc (nt_resp_sz); ++ ++ if (ntlmv2_session && !negotiate_target) { + calc_ntlm2_session_response (nonce, nt_hash, lm_hash, + lm_resp, sizeof(lm_resp), nt_resp); +- } else { +- /* Compute a regular response */ ++ } else if (!negotiate_target){ ++ /* Compute a regular NTLMv1 response */ + calc_response (nt_hash, (guchar *) nonce, nt_resp); + calc_response (lm_hash, (guchar *) nonce, lm_resp); ++ } else { ++ calc_ntlmv2_response (user, domain, ++ nt_hash, 21, ++ (guchar *) nonce, ++ target_info, target_info_sz, ++ lm_resp, sizeof (lm_resp), ++ nt_resp, (size_t) nt_resp_sz); + } + + memset (&resp, 0, sizeof (resp)); +@@ -793,7 +971,8 @@ soup_ntlm_response (const char *nonce, + resp.flags = GUINT32_TO_LE (NTLM_RESPONSE_FLAGS); + if (ntlmv2_session) + resp.flags |= GUINT32_TO_LE (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY); +- ++ if (negotiate_target) ++ resp.flags |= GUINT32_TO_LE (NTLM_FLAGS_REQUEST_TARGET); + offset = sizeof (resp); + + if (!host) +@@ -807,10 +986,10 @@ soup_ntlm_response (const char *nonce, + ntlm_set_string (&resp.user, &offset, ulen); + ntlm_set_string (&resp.host, &offset, hlen); + ntlm_set_string (&resp.lm_resp, &offset, sizeof (lm_resp)); +- ntlm_set_string (&resp.nt_resp, &offset, sizeof (nt_resp)); ++ ntlm_set_string (&resp.nt_resp, &offset, nt_resp_sz); + + out = g_malloc (((offset + 3) * 4) / 3 + 6); +- strncpy (out, "NTLM ", 5); ++ memcpy (out, "NTLM ", 5); + p = out + 5; + + state = save = 0; +@@ -825,7 +1004,7 @@ soup_ntlm_response (const char *nonce, + FALSE, p, &state, &save); + p += g_base64_encode_step (lm_resp, sizeof (lm_resp), + FALSE, p, &state, &save); +- p += g_base64_encode_step (nt_resp, sizeof (nt_resp), ++ p += g_base64_encode_step (nt_resp, nt_resp_sz, + FALSE, p, &state, &save); + p += g_base64_encode_close (FALSE, p, &state, &save); + *p = '\0'; +@@ -833,6 +1012,7 @@ soup_ntlm_response (const char *nonce, + g_free (domain_conv); + g_free (user_conv); + g_free (host_conv); ++ g_free (nt_resp); + + return out; + } diff --git a/SPECS/libsoup.spec b/SPECS/libsoup.spec new file mode 100644 index 0000000..0f462a4 --- /dev/null +++ b/SPECS/libsoup.spec @@ -0,0 +1,902 @@ +%define glib2_version 2.38.0 + +Name: libsoup +Version: 2.62.3 +Release: 3%{?dist} +Summary: Soup, an HTTP library implementation + +License: LGPLv2 +URL: https://wiki.gnome.org/Projects/libsoup +Source0: https://download.gnome.org/sources/%{name}/2.62/%{name}-%{version}.tar.xz + +Patch0001: 0001-WebSockets-ignore-any-messages-after-close-has-been-.patch +Patch0002: 0002-WebSockets-allow-null-characters-in-text-messages-da.patch +Patch0003: 0003-WebSockets-only-poll-IO-stream-when-needed.patch +Patch0004: 0004-ntlmv2.patch + +BuildRequires: chrpath +BuildRequires: glib2-devel >= %{glib2_version} +BuildRequires: glib-networking +BuildRequires: intltool +BuildRequires: krb5-devel >= 1.11 +BuildRequires: pkgconfig(gobject-introspection-1.0) +BuildRequires: pkgconfig(libxml-2.0) +BuildRequires: pkgconfig(sqlite3) +BuildRequires: %{_bindir}/python3 +BuildRequires: vala + +Requires: glib2%{?_isa} >= %{glib2_version} +Requires: glib-networking%{?_isa} >= %{glib2_version} + +%description +Libsoup is an HTTP library implementation in C. It was originally part +of a SOAP (Simple Object Access Protocol) implementation called Soup, but +the SOAP and non-SOAP parts have now been split into separate packages. + +libsoup uses the Glib main loop and is designed to work well with GTK +applications. This enables GNOME applications to access HTTP servers +on the network in a completely asynchronous fashion, very similar to +the Gtk+ programming model (a synchronous operation mode is also +supported for those who want it). + +%package devel +Summary: Header files for the Soup library +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +Libsoup is an HTTP library implementation in C. This package allows +you to develop applications that use the libsoup library. + +%prep +%autosetup -p1 + +%build +%configure --disable-static + +# Omit unused direct shared library dependencies. +sed --in-place --expression 's! -shared ! -Wl,--as-needed\0!g' libtool + +make %{?_smp_mflags} + +%install +%make_install + +rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la + +# Remove lib64 rpaths +chrpath --delete $RPM_BUILD_ROOT%{_libdir}/*.so + +%find_lang libsoup + +%files -f libsoup.lang +%license COPYING +%doc README NEWS AUTHORS +%{_libdir}/lib*.so.* +%{_libdir}/girepository-1.0/Soup*2.4.typelib + +%files devel +%{_includedir}/%{name}-2.4 +%{_includedir}/%{name}-gnome-2.4 +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc +%{_datadir}/gir-1.0/Soup*2.4.gir +%{_datadir}/gtk-doc/html/%{name}-2.4 +%dir %{_datadir}/vala +%dir %{_datadir}/vala/vapi +%{_datadir}/vala/vapi/libsoup-2.4.deps +%{_datadir}/vala/vapi/libsoup-2.4.vapi + +%changelog +* Fri Sep 16 2022 Milan Crha - 2.62.3-3 +- Resolves: #1938011 (Support for NTLMv2 Authentication) + +* Thu Aug 27 2020 Martin Pitt - 2.62.3-2 +- Some WebSocket fixes to unbreak cockpit-desktop (rhbz#1872270) + +* Fri Aug 10 2018 Kalev Lember - 2.62.3-1 +- Update to 2.62.3 + +* Thu Jul 19 2018 Milan Crha - 2.62.2-2 +- Address some of the Coverity Scan and clang issues + +* Wed Jul 04 2018 Milan Crha - 2.62.2-1 +- Update to 2.62.2 +- Backport upstream patch for CVE-2018-12910 - Crash in soup_cookie_jar.c:get_cookies() on empty hostnames + +* Mon Apr 09 2018 Kalev Lember - 2.62.1-1 +- Update to 2.62.1 + +* Mon Mar 12 2018 Kalev Lember - 2.62.0-1 +- Update to 2.62.0 + +* Mon Mar 05 2018 Kalev Lember - 2.61.91-1 +- Update to 2.61.91 + +* Wed Feb 07 2018 Fedora Release Engineering - 2.61.90-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Feb 05 2018 Kalev Lember - 2.61.90-1 +- Update to 2.61.90 +- Drop ldconfig scriptlets + +* Sat Feb 03 2018 Igor Gnatenko - 2.61.2-2 +- Switch to %%ldconfig_scriptlets + +* Tue Jan 09 2018 Kalev Lember - 2.61.2-1 +- Update to 2.61.2 + +* Wed Dec 20 2017 Kalev Lember - 2.61.1-1 +- Update to 2.61.1 + +* Thu Nov 16 2017 Milan Crha - 2.60.2-2 +- Add patch for RH bug #1458498 (Crash under soup_socket_new()) + +* Wed Nov 01 2017 Kalev Lember - 2.60.2-1 +- Update to 2.60.2 + +* Wed Oct 11 2017 Kalev Lember - 2.60.1-1 +- Update to 2.60.1 +- Remove lib64 rpaths + +* Wed Sep 13 2017 Kalev Lember - 2.60.0-1 +- Update to 2.60.0 + +* Fri Aug 11 2017 Kalev Lember - 2.59.90.1-2 +- Bump and rebuild for an rpm signing issue + +* Thu Aug 10 2017 Kalev Lember - 2.59.90.1-1 +- Update to 2.59.90.1 (CVE-2017-2885) + +* Thu Aug 03 2017 Fedora Release Engineering - 2.58.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.58.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Jun 30 2017 Tomas Popela - 2.58.1-2 +- Backport negotiate fixes + +* Tue May 09 2017 Kalev Lember - 2.58.1-1 +- Update to 2.58.1 + +* Wed May 03 2017 Milan Crha - 2.58.0-2 +- Add patch for GNONE bug #781590 (Fails to connect to server due to request cancel) + +* Thu Apr 20 2017 Kalev Lember - 2.58.0-1 +- Update to 2.58.0 + +* Fri Feb 10 2017 Fedora Release Engineering - 2.57.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Dec 14 2016 David King - 2.57.1-1 +- Update to 2.57.1 + +* Thu Sep 22 2016 Kalev Lember - 2.56.0-2 +- BR vala instead of obsolete vala-tools subpackage + +* Mon Sep 19 2016 Kalev Lember - 2.56.0-1 +- Update to 2.56.0 + +* Wed Aug 17 2016 Kalev Lember - 2.55.90-1 +- Update to 2.55.90 + +* Tue Apr 26 2016 Milan Crha - 2.54.1-1 +- Update to 2.54.1 +- Remove patch for NTLM auth failure with latest samba (fixed upstream) + +* Fri Apr 22 2016 Milan Crha - 2.54.0.1-3 +- Add 'BuildRequires: krb5-devel', to support WWW-Authenticate: Negotiate in runtime + +* Tue Apr 19 2016 Milan Crha - 2.54.0.1-2 +- NTLM auth failure with latest samba (rh #1327072) + +* Wed Mar 23 2016 Kalev Lember - 2.54.0.1-1 +- Update to 2.54.0.1 + +* Tue Mar 22 2016 Kalev Lember - 2.54.0-1 +- Update to 2.54.0 + +* Tue Mar 15 2016 Kalev Lember - 2.53.92-1 +- Update to 2.53.92 + +* Tue Feb 16 2016 Richard Hughes - 2.53.90-1 +- Update to 2.53.90 + +* Thu Feb 04 2016 Fedora Release Engineering - 2.53.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Nov 25 2015 Kalev Lember - 2.53.2-1 +- Update to 2.53.2 + +* Wed Oct 28 2015 Kalev Lember - 2.53.1-1 +- Update to 2.53.1 + +* Mon Oct 12 2015 Kalev Lember - 2.52.1-1 +- Update to 2.52.1 + +* Mon Sep 21 2015 Kalev Lember - 2.52.0-1 +- Update to 2.52.0 + +* Tue Sep 15 2015 Richard Hughes - 2.51.92-1 +- Update to 2.51.92 + +* Mon Aug 17 2015 Kalev Lember - 2.51.90-1 +- Update to 2.51.90 +- Use make_install macro +- Build vala bindings + +* Tue Jun 23 2015 David King - 2.51.3-1 +- Update to 2.51.3 +- Update URL +- Use pkgconfig for BuildRequires +- Preserve timestamps during install + +* Wed Jun 17 2015 Fedora Release Engineering - 2.50.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Mar 23 2015 Kalev Lember - 2.50.0-1 +- Update to 2.50.0 + +* Tue Mar 17 2015 Kalev Lember - 2.49.92-1 +- Update to 2.49.92 + +* Tue Mar 03 2015 Kalev Lember - 2.49.91.1-1 +- Update to 2.49.91.1 + +* Tue Mar 03 2015 Kalev Lember - 2.49.91-1 +- Update to 2.49.91 +- Use the %%license macro for the COPYING file + +* Tue Nov 25 2014 Kalev Lember - 2.49.1-1 +- Update to 2.49.1 + +* Mon Sep 22 2014 Kalev Lember - 2.48.0-1 +- Update to 2.48.0 + +* Mon Sep 15 2014 Kalev Lember - 2.47.92-1 +- Update to 2.47.92 +- Tighten deps with the _isa macro + +* Sun Aug 17 2014 Fedora Release Engineering - 2.47.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Jul 22 2014 Kalev Lember - 2.47.4-1 +- Update to 2.47.4 + +* Tue Jun 24 2014 Richard Hughes - 2.47.3-1 +- Update to 2.47.3 + +* Sat Jun 07 2014 Fedora Release Engineering - 2.46.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Apr 05 2014 Kalev Lember - 2.46.0-2 +- Update dep versions + +* Mon Mar 24 2014 Richard Hughes - 2.46.0-1 +- Update to 2.46.0 + +* Tue Mar 18 2014 Richard Hughes - 2.45.92-1 +- Update to 2.45.92 + +* Tue Feb 18 2014 Richard Hughes - 2.45.90-1 +- Update to 2.45.90 + +* Tue Dec 17 2013 Richard Hughes - 2.45.3-1 +- Update to 2.45.3 + +* Thu Nov 14 2013 Richard Hughes - 2.44.2-1 +- Update to 2.44.2 + +* Tue Oct 29 2013 Richard Hughes - 2.44.1-1 +- Update to 2.44.1 + +* Sun Sep 29 2013 Dan Winship - 2.44.0-2 +- Fix hang on early close with streaming API + +* Tue Sep 24 2013 Kalev Lember - 2.44.0-1 +- Update to 2.44.0 + +* Tue Sep 17 2013 Kalev Lember - 2.43.92-1 +- Update to 2.43.92 + +* Thu Aug 22 2013 Kalev Lember - 2.43.90-1 +- Update to 2.43.90 + +* Fri Aug 09 2013 Kalev Lember - 2.43.5-1 +- Update to 2.43.5 + +* Sat Aug 03 2013 Fedora Release Engineering - 2.43.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Fri Jul 12 2013 Dan Winship - 2.43.4-1 +- Update to 2.43.4 + +* Sun Jun 02 2013 Kalev Lember - 2.43.2-1 +- Update to 2.43.2 + +* Sat May 04 2013 Kalev Lember - 2.43.1-1 +- Update to 2.43.1 + +* Mon Apr 29 2013 Kalev Lember - 2.42.2-1 +- Update to 2.42.2 + +* Tue Apr 16 2013 Richard Hughes - 2.42.1-1 +- Update to 2.42.1 + +* Tue Mar 26 2013 Kalev Lember - 2.42.0-1 +- Update to 2.42.0 + +* Tue Mar 19 2013 Richard Hughes - 2.41.92-1 +- Update to 2.41.92 + +* Thu Mar 7 2013 Matthias Clasen - 2.41.91-1 +- Update to 2.41.91 + +* Tue Feb 19 2013 Richard Hughes - 2.41.90-1 +- Update to 2.41.90 + +* Wed Feb 06 2013 Kalev Lember - 2.41.5-1 +- Update to 2.41.5 + +* Tue Jan 15 2013 Matthias Clasen - 2.41.4-1 +- Updat e to 2.41.4 + +* Thu Dec 20 2012 Kalev Lember - 2.41.3-1 +- Update to 2.41.3 +- Remove libgnome-keyring build dep; no longer used + +* Tue Nov 20 2012 Richard Hughes - 2.41.2-1 +- Update to 2.41.2 + +* Fri Nov 09 2012 Kalev Lember - 2.41.1-1 +- Update to 2.41.1 + +* Tue Oct 16 2012 Kalev Lember - 2.40.1-1 +- Update to 2.40.1 + +* Tue Oct 2 2012 Matthias Clasen - 2.40.0-1 +- Update to 2.40.0 + +* Fri Jul 27 2012 Fedora Release Engineering - 2.39.4.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Jul 17 2012 Richard Hughes - 2.39.4.1-1 +- Update to 2.39.4.1 + +* Wed Jun 27 2012 Richard Hughes - 2.39.3-1 +- Update to 2.39.3 + +* Thu Jun 07 2012 Richard Hughes - 2.39.2-1 +- Update to 2.39.2 + +* Sat May 05 2012 Kalev Lember - 2.39.1-1 +- Update to 2.39.1 +- Package the translations + +* Tue Apr 17 2012 Kalev Lember - 2.38.1-1 +- Update to 2.38.1 + +* Wed Mar 28 2012 Richard Hughes - 2.38.0-1 +- Update to 2.38.0 + +* Wed Mar 21 2012 Kalev Lember - 2.37.92-1 +- Update to 2.37.92 + +* Mon Mar 5 2012 Matthias Clasen - 2.37.91-1 +- Update to 2.37.91 + +* Sat Feb 25 2012 Matthias Clasen - 2.37.90-1 +- Update to 2.37.90 + +* Mon Feb 13 2012 Matthias Clasen - 2.37.5.1-1 +- Update to 2.37.5.1 + +* Mon Feb 6 2012 Matthias Clasen - 2.37.5-1 +- Update to 2.37.5 + +* Tue Jan 17 2012 Matthias Clasen - 2.37.4-1 +- Update to 2.37.4 + +* Fri Jan 13 2012 Fedora Release Engineering - 2.37.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Dec 20 2011 Matthias Clasen - 2.37.3-1 +- Update to 2.37.3 + +* Mon Nov 21 2011 Matthias Clasen - 2.37.2-1 +- Update to 2.37.2 + +* Wed Nov 2 2011 Matthias Clasen - 2.37.1-1 +- Update to 2.37.1 + +* Wed Oct 26 2011 Fedora Release Engineering - 2.36.1-2 +- Rebuilt for glibc bug#747377 + +* Tue Oct 18 2011 Matthias Clasen - 2.36.1-1 +- Update to 2.36.1 + +* Mon Sep 26 2011 Ray - 2.36.0-1 +- Update to 2.36.0 + +* Mon Sep 19 2011 Matthias Clasen 2.35.92-1 +- Update to 2.35.92 + +* Tue Aug 30 2011 Matthias Clasen 2.35.90-1 +- Update to 2.35.90 + +* Wed Aug 17 2011 Matthias Clasen 2.35.5-1 +- Update to 2.35.5 + +* Tue Jul 05 2011 Bastien Nocera 2.35.3-1 +- Update to 2.35.3 + +* Tue Apr 26 2011 Matthias Clasen - 2.34.1-1 +- Update to 2.34.1 + +* Mon Apr 4 2011 Matthias Clasen - 2.34.0-1 +- Update to 2.34.0 + +* Tue Mar 22 2011 Matthias Clasen - 2.33.92-2 +- Clean up BRs + +* Tue Mar 22 2011 Matthias Clasen - 2.33.92-1 +- 2.33.92 + +* Tue Feb 22 2011 Matthias Clasen - 2.33.90-1 +- 2.33.90 + +* Tue Feb 08 2011 Fedora Release Engineering - 2.33.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Feb 2 2011 Christopher Aillon - 2.33.6-1 +- Update to 2.33.6 + +* Mon Jan 17 2011 Dan Winship - 2.33.5-2 +- Require glib-networking, for TLS support + +* Mon Jan 10 2011 Matthias Clasen - 2.33.5-1 +- Update to 2.33.5 + +* Thu Dec 2 2010 Dan Winship - 2.32.2-1 +- Update to 2.32.2 + +* Thu Nov 11 2010 Dan HorĂ¡k - 2.32.0-2 +- bump release to win over F-14 + +* Tue Sep 28 2010 Matthias Clasen - 2.32.0-1 +- Update to 2.32.0 + +* Tue Sep 21 2010 Matthias Clasen - 2.31.92-1 +- Update to 2.31.92 + +* Wed Aug 18 2010 Matthias Clasen - 2.31.90-1 +- Update to 2.31.90 + +* Tue Aug 3 2010 Matthias Clasen - 2.31.6-1 +- Update to 2.31.6 + +* Thu Jul 15 2010 Colin Walters - 2.31.2-5 +- Rebuild with new gobject-introspection + +* Fri Jul 2 2010 Matthias Clasen - 2.31.2-4 +- Rebuild for introspection format break + +* Wed Jun 23 2010 Matthew Barnes - 2.31.2-3 +- libsoup-devel doesn't need gtk-doc (RH bug #604396). + +* Mon Jun 21 2010 Peter Robinson - 2.31.2-2 +- enable introspection support + +* Thu May 27 2010 Matthias Clasen - 2.31.2-1 +- Update to 2.31.2 + +* Tue Apr 27 2010 Matthias Clasen - 2.30.1-1 +- Update to 2.30.1 + +* Mon Mar 29 2010 Matthias Clasen - 2.30.0-1 +- Update to 2.30.0 + +* Thu Mar 25 2010 Nils Philippsen - 2.29.91-2 +- rebuild for new libproxy + +* Mon Feb 22 2010 Matthias Clasen - 2.29.91-1 +- Update to 2.29.91 + +* Mon Feb 08 2010 Matthew Barnes - 2.29.90-1 +- Update to 2.29.90 + +* Tue Jan 26 2010 Matthias Clasen - 2.29.6-1 +- Update to 2.29.6 + +* Sat Jan 16 2010 Matthias Clasen - 2.29.5-1 +- Update to 2.29.5 + +* Wed Dec 9 2009 Dan Winship - 2.29.3-2 +- Add patch from git to fix gir-repository build + +* Tue Dec 01 2009 Bastien Nocera 2.29.3-1 +- Update to 2.29.3 + +* Mon Sep 21 2009 Matthias Clasen - 2.28.0-1 +- Update to 2.28.0 + +* Mon Sep 7 2009 Matthias Clasen - 2.27.92-1 +- Update to 2.27.92 + +* Mon Aug 24 2009 Matthias Clasen - 2.27.91-1 +- Update to 2.27.91 + +* Tue Aug 11 2009 Matthias Clasen - 2.27.90-1 +- Update to 2.27.90 + +* Tue Jul 28 2009 Matthias Clasen - 2.27.5-1 +- Update to 2.27.5 + +* Sat Jul 25 2009 Fedora Release Engineering - 2.27.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Jul 13 2009 Matthew Barnes - 2.27.4-1 +- Update to 2.27.4 + +* Wed Jun 17 2009 Matthias Clasen - 2.27.2-1 +- Update to 2.27.2 + +* Mon May 18 2009 Bastien Nocera 2.27.1-1 +- Update to 2.27.1 + +* Mon Apr 13 2009 Matthias Clasen - 2.26.1-1 +- Update to 2.26.1 +- See http://download.gnome.org/sources/libsoup/2.26/libsoup-2.26.1.changes + +* Thu Apr 9 2009 Matthias Clasen - 2.26.0.9-1 +- Upate to 2.26.0.9 + +* Mon Mar 16 2009 Matthias Clasen - 2.26.0-1 +- Update to 2.26.0 + +* Wed Feb 25 2009 Fedora Release Engineering - 2.25.91-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Feb 16 2009 Matthew Barnes - 2.25.91-1 +- Update to 2.25.91 + +* Mon Feb 02 2009 Matthew Barnes - 2.25.5-1 +- Update to 2.25.5 + +* Sun Jan 25 2009 Matthias Clasen - 2.25.4-2 +- Build against libproxy + +* Mon Jan 05 2009 Matthew Barnes - 2.25.4-1 +- Update to 2.25.4 + +* Tue Dec 16 2008 Matthew Barnes - 2.25.3-1 +- Update to 2.25.3 + +* Mon Dec 01 2008 Matthew Barnes - 2.25.2-1 +- Update to 2.25.2 + +* Wed Nov 12 2008 Matthias Clasen - 2.25.1-3 +- Fix BuildRequires + +* Fri Nov 07 2008 Matthew Barnes - 2.25.1-1 +- Update to 2.25.1 + +* Mon Oct 20 2008 Matthias Clasen - 2.24.1-1 +- Update to 2.24.1 + +* Wed Sep 24 2008 Matthias Clasen - 2.24.0.1-1 +- Update to 2.24.0.1 + +* Mon Sep 22 2008 Matthias Clasen - 2.24.0-1 +- Update to 2.24.0 + +* Mon Sep 8 2008 Matthias Clasen - 2.23.92-1 +- Update to 2.23.92 + +* Mon Sep 01 2008 Matthew Barnes - 2.23.91-1 +- Update to 2.23.91 + +* Mon Aug 04 2008 Matthew Barnes - 2.23.6-1 +- Update to 2.23.6 + +* Wed Jul 30 2008 Matthew Barnes - 2.23.1-6 +- Omit unused direct shared library dependencies (RH bug #226046). + +* Tue Jun 24 2008 Tomas Mraz - 2.23.1-5 +- rebuild with new gnutls + +* Sun Jun 22 2008 Matthew Barnes - 2.23.1-4 +- Remove unnecessary pkgconfig build requirement. + +* Mon Jun 16 2008 Matthew Barnes - 2.23.1-3 +- Incorporate package review feedback (RH bug #226046). + +* Sun May 4 2008 Matthias Clasen - 2.23.1-2 +- Fix source url + +* Mon Apr 21 2008 Matthew Barnes - 2.23.1-1 +- Update to 2.23.1 + +* Mon Apr 07 2008 Matthew Barnes - 2.4.1-1 +- Update to 2.4.1 + +* Mon Mar 10 2008 Matthias Clasen - 2.4.0-1 +- Update to 2.4.0 + +* Mon Feb 25 2008 Matthew Barnes - 2.3.4-1 +- Update to 2.3.4 + +* Wed Feb 13 2008 Matthew Barnes - 2.3.2-1 +- Update to 2.3.2 + +* Mon Jan 28 2008 Matthew Barnes - 2.3.0-1 +- Update to 2.3.0 +- Bump glib2 requirement to >= 2.15.3. +- Clean up some redundant dependencies. +- Remove patch for RH bug #327871 (fixed in glibc). + +* Mon Nov 26 2007 Matthew Barnes - 2.2.104-1 +- Update to 2.2.104 + +* Sun Oct 28 2007 Jeremy Katz - 2.2.103-1 +- update to 2.2.103 to fix a rhythmbox crasher (#343561) + +* Mon Oct 15 2007 Matthew Barnes - 2.2.102-1 +- Update to 2.2.102 + +* Thu Oct 11 2007 Matthew Barnes - 2.2.101-2 +- Add patch for RH bug #327871 (broken Rhythmbox build). +- Suspect this is really a glibc bug. + +* Fri Oct 05 2007 Matthew Barnes - 2.2.101-1 +- Update to 2.2.101 + +* Wed Aug 8 2007 Matthias Clasen - 2.2.100-3 +- Update the license field + +* Sat Apr 21 2007 Matthias Clasen - 2.2.100-2 +- Don't install INSTALL + +* Mon Feb 12 2007 Matthew Barnes - 2.2.100-1 +- Update to 2.2.100 + +* Mon Jan 08 2007 Matthew Barnes - 2.2.99-1 +- Update to 2.2.99 + +* Tue Nov 21 2006 Matthew Barnes - 2.2.98-1 +- Update to 2.2.98 +- Remove patch for RH bug #215919 (fixed upstream). + +* Fri Nov 17 2006 Matthias Clasen - 2.2.97-2 +- Avoid accidentally exported symbols (#215919) + +* Mon Nov 06 2006 Matthew Barnes - 2.2.97-1 +- Update to 2.2.97 +- Remove patch for Gnome.org bug #356809 (fixed upstream). + +* Fri Nov 03 2006 Matthew Barnes - 2.2.96-5 +- Revised patch for Gnome.org bug #356809 to match upstream. + +* Sun Oct 01 2006 Jesse Keating - 2.2.96-4 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Wed Sep 20 2006 Matthew Barnes - 2.2.96-3.fc6 +- Add patch for Gnome.org bug #356809 (lingering file on uninstall). + +* Tue Aug 15 2006 Matthew Barnes - 2.2.96-2.fc6 +- Rebuild + +* Tue Jul 25 2006 Matthew Barnes - 2.2.96 +- Update to 2.2.96 +- Bump glib2 requirement to >= 2.6. + +* Wed Jul 12 2006 Matthew Barnes - 2.2.95.1-1 +- Update to 2.2.95.1 + +* Wed Jul 12 2006 Jesse Keating - 2.2.94-3.1 +- rebuild + +* Wed Jun 14 2006 Tomas Mraz - 2.2.94-3 +- rebuilt with new gnutls + +* Tue Jun 13 2006 Matthias Clasen - 2.2.94-1 +- Update to 2.2.94 + +* Mon Apr 10 2006 Matthias Clasen - 2.2.92-2 +- Update to 2.2.92 + +* Sat Mar 4 2006 Matthias Clasen - 2.2.91-1 +- Update to 2.2.91 + +* Wed Feb 15 2006 Matthias Clasen - 2.2.7-2 +- Remove excessive Requires for the -devel package + +* Fri Feb 10 2006 Jesse Keating - 2.2.7-1.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 2.2.7-1.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Tue Nov 29 2005 David Malcolm - 2.2.7-1 +- 2.2.7 +- Remove static library + +* Tue Aug 23 2005 David Malcolm - 2.2.6.1-1 +- 2.2.6.1 + +* Tue Aug 9 2005 David Malcolm - 2.2.5-1 +- 2.2.5 +- Removed gnome-bug-306877-soup-connection-ntlm.c.patch (#160071) as this is + now in upstream tarball + +* Mon Aug 8 2005 Tomas Mraz - 2.2.3-5 +- rebuild with new gnutls + +* Tue Jun 14 2005 David Malcolm - 2.2.3-4 +- add patch for NTLM domains (#160071) + +* Sun Apr 24 2005 Florian La Roche +- rebuild for new gnutls + +* Thu Mar 17 2005 David Malcolm - 2.2.3-2 +- explicitly enable gtk-doc support + +* Thu Mar 17 2005 David Malcolm - 2.2.3-1 +- 2.2.3 + +* Wed Mar 2 2005 David Malcolm - 2.2.2-3 +- rebuild with GCC 4 + +* Wed Jan 26 2005 David Malcolm - 2.2.2-2 +- actually uploaded the source this time + +* Wed Jan 26 2005 David Malcolm - 2.2.2-1 +- update from 2.2.1 to 2.2.2 +- add explicit devel requirements on glib2-devel, pkgconfig, gtk-doc, gnutls-devel and libxml2-devel + +* Tue Oct 12 2004 David Malcolm - 2.2.1-1 +- update from 2.2.0 to 2.2.1 + +* Wed Oct 6 2004 David Malcolm - 2.2.0-3 +- added requirement on libxml2 (#134700) + +* Wed Sep 22 2004 David Malcolm - 2.2.0-2 +- added requirement on gnutls, so that we build with SSL support +- fixed source download path + +* Tue Aug 31 2004 David Malcolm - 2.2.0-1 +- update from 2.1.13 to 2.2.0 + +* Mon Aug 16 2004 David Malcolm - 2.1.13-1 +- 2.1.13 + +* Tue Jul 20 2004 David Malcolm - 2.1.12-1 +- 2.1.12 + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Mon Jun 7 2004 David Malcolm - 2.1.11-1 +- 2.1.11 + +* Thu May 20 2004 David Malcolm - 2.1.10-2 +- added missing md5 file + +* Thu May 20 2004 David Malcolm - 2.1.10-1 +- 2.1.10 + +* Tue Apr 20 2004 David Malcolm - 2.1.9-1 +- Update to 2.1.9; added gtk-doc to BuildRequires and the generated files to the devel package + +* Wed Mar 10 2004 Jeremy Katz - 2.1.8-1 +- 2.1.8 + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Tue Feb 17 2004 Jeremy Katz - 2.1.7-1 +- 2.1.7 + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Mon Jan 26 2004 Jeremy Katz 2.1.5-1 +- 2.1.5 + +* Wed Jan 14 2004 Jeremy Katz 2.1.4-0 +- update to 2.1.4 + +* Sat Jan 3 2004 Jeremy Katz 2.1.3-0 +- update to 2.1.3 + +* Tue Sep 23 2003 Jeremy Katz 1.99.26-2 +- rebuild + +* Fri Sep 19 2003 Jeremy Katz 1.99.26-1 +- 1.99.26 + +* Tue Jul 15 2003 Jeremy Katz 1.99.23-3 +- rebuild to pickup ppc64 + +* Mon Jun 9 2003 Jeremy Katz 1.99.23-2 +- rebuild +- no openssl on ppc64 yet, excludearch + +* Mon Jun 9 2003 Jeremy Katz 1.99.23-1 +- 1.99.23 + +* Thu Jun 5 2003 Elliot Lee +- rebuilt + +* Thu Jun 5 2003 Jeremy Katz 1.99.22-2 +- rebuild + +* Sun May 25 2003 Jeremy Katz 1.99.22-1 +- 1.99.22 + +* Tue May 6 2003 Jeremy Katz 1.99.20-1 +- 1.99.20 + +* Sun May 4 2003 Jeremy Katz 1.99.17-3 +- include ssl proxy so that ssl urls work properly (#90165, #90166) + +* Wed Apr 16 2003 Jeremy Katz 1.99.17-2 +- forward port patch to use a union initializer to fix build on x86_64 + +* Wed Apr 16 2003 Jeremy Katz 1.99.17-1 +- rename package to libsoup +- update to 1.99.17 +- don't obsolete soup for now, it's parallel installable + +* Sun Apr 6 2003 Jeremy Katz 0.7.11-1 +- update to 0.7.11 + +* Wed Apr 2 2003 Matt Wilson 0.7.10-5 +- added soup-0.7.10-64bit.patch to fix 64 bit platforms (#86347) + +* Sat Feb 01 2003 Florian La Roche +- only runtime libs in normal rpm + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Jan 21 2003 Jeremy Katz +- update url (#82347) + +* Tue Jan 7 2003 Nalin Dahyabhai 0.7.10-2 +- use pkgconfig's openssl configuration information, if it exists + +* Fri Dec 13 2002 Jeremy Katz 0.7.10-1 +- update to 0.7.10 + +* Thu Dec 12 2002 Jeremy Katz 0.7.9-4 +- fix fpic patch +- soup-devel should require soup + +* Thu Dec 12 2002 Jeremy Katz 0.7.9-3 +- better lib64 patch +- fix building of libwsdl-build to use libtool so that it gets built + with -fPIC as needed + +* Tue Dec 10 2002 Jeremy Katz 0.7.9-2 +- change popt handling in configure slightly so that it will work on + multilib arches + +* Tue Dec 10 2002 Jeremy Katz 0.7.9-1 +- update to 0.7.9, pulling the tarball out of Ximian packages + +* Wed Oct 23 2002 Jeremy Katz 0.7.4-3 +- fix to not try to include non-existent doc files and remove all + unwanted files from the build +- include api docs +- don't build the apache module + +* Wed Sep 25 2002 Jeremy Katz 0.7.4-2 +- various specfile tweaks to include in Red Hat Linux +- include all the files + +* Tue Jan 23 2001 Alex Graveley +- Inital RPM config.