Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

port to libsoup3 #326

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

port to libsoup3 #326

wants to merge 1 commit into from

Conversation

ffontaine
Copy link

No description provided.

Signed-off-by: Fabrice Fontaine <[email protected]>
@jacmet
Copy link

jacmet commented Dec 15, 2024

@jsalas98 can this be reviewed please? Given that libsoup 2.x is unmaintained with known security issues it would be good to migrate to 3.x

@michaelgruner michaelgruner changed the base branch from master to develop December 16, 2024 15:50
@michaelgruner
Copy link
Contributor

@kimberlycarvajal can you please validate this? I'm interested in understanding which OS versions include libsoup3 as part of the standard packaging systems and which don't

@jacmet
Copy link

jacmet commented Dec 16, 2024

@kimberlycarvajal can you please validate this? I'm interested in understanding which OS versions include libsoup3 as part of the standard packaging systems and which don't

E.G. Debian does: https://packages.debian.org/search?keywords=libsoup (and so far also libsoup 2.x). The last 2.x release was 2.74.3 released > 2 years ago: https://gitlab.gnome.org/GNOME/libsoup/-/commit/4a6b9178ded85e269872ffedfb2b18f2754a75d9

There were a number of CVEs earlier this year that are NOT fixed in the upstream git repo, so people are vulnerable unless they have done the backports themselves: https://security-tracker.debian.org/tracker/source-package/libsoup2.4

@michaelgruner
Copy link
Contributor

Makes sense to me. Thanks for the contribution. I'll get this merged after I hear back from Kim.

g_mutex_lock (data_request_local->mutex);
soup_server_unpause_message (server, msg);
soup_server_message_unpause (msg);

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change was added since libsoup 3.2, for versions minor to 3.2 it will fail as it expect to use soup_server_unpause_message(). There are some distributions that manage libsoup 3.0.7 version like Ubuntu 22.04. For this case, we will need to add conditional logic to support versions < 3.2 and >= 3.2.

"Access-Control-Allow-Methods", "PUT, GET, POST, DELETE");
g_mutex_lock (&self->mutex);
soup_server_pause_message (server, msg);
soup_server_message_pause (msg);

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change was added since libsoup 3.2, for versions minor to 3.2 it will fail as it expect to use soup_server_pause_message(). There are some distributions that manage libsoup 3.0.7 version like Ubuntu 22.04. For this case, we will need to add conditional logic to support versions < 3.2 and >= 3.2.

@kimberlycarvajal
Copy link

Hi @ffontaine @jacmet have you been able to check the code comments? It is important to check these version issues before we can proceed with the request

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants