port to libsoup3 #326
port to libsoup3 #326
Conversation
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
@jsalas98 can this be reviewed please? Given that libsoup 2.x is unmaintained with known security issues it would be good to migrate to 3.x |
|
@kimberlycarvajal can you please validate this? I'm interested in understanding which OS versions include libsoup3 as part of the standard packaging systems and which don't |
E.G. Debian does: https://packages.debian.org/search?keywords=libsoup (and so far also libsoup 2.x). The last 2.x release was 2.74.3 released > 2 years ago: https://gitlab.gnome.org/GNOME/libsoup/-/commit/4a6b9178ded85e269872ffedfb2b18f2754a75d9 There were a number of CVEs earlier this year that are NOT fixed in the upstream git repo, so people are vulnerable unless they have done the backports themselves: https://security-tracker.debian.org/tracker/source-package/libsoup2.4 |
|
Makes sense to me. Thanks for the contribution. I'll get this merged after I hear back from Kim. |
| soup_server_message_set_status (msg, status, NULL); | ||
| g_mutex_lock (data_request_local->mutex); | ||
| soup_server_unpause_message (server, msg); | ||
| soup_server_message_unpause (msg); |
There was a problem hiding this comment.
This change was added since libsoup 3.2, for versions minor to 3.2 it will fail as it expect to use soup_server_unpause_message(). There are some distributions that manage libsoup 3.0.7 version like Ubuntu 22.04. For this case, we will need to add conditional logic to support versions < 3.2 and >= 3.2.
| "Access-Control-Allow-Methods", "PUT, GET, POST, DELETE"); | ||
| g_mutex_lock (&self->mutex); | ||
| soup_server_pause_message (server, msg); | ||
| soup_server_message_pause (msg); |
There was a problem hiding this comment.
This change was added since libsoup 3.2, for versions minor to 3.2 it will fail as it expect to use soup_server_pause_message(). There are some distributions that manage libsoup 3.0.7 version like Ubuntu 22.04. For this case, we will need to add conditional logic to support versions < 3.2 and >= 3.2.
|
Hi @ffontaine @jacmet have you been able to check the code comments? It is important to check these version issues before we can proceed with the request |
|
this should be merged asap as distros are dropping libsoup 2.X fast |
|
@kimberlycarvajal can we absorb the changes ourselves? There's a breaking change in libsoup >= 3.2 so we need to do handle the message differently pre and post 3.2. EDIT: I'm interested in maintaining < 3.2 since Ubuntu 22.04 (which JP5 still comes with) comes with 3.0 |
|
@kimberlycarvajal I stand corrected. There is no breaking change in libsoup 3.2. It's actually a very unfortunate situation:
The fix should be rather simple: reorder the compilation flags so that libsoup3 gets priority over libsoup2. |
5 participants
No description provided.