Skip to content

libsoup_3: add patch for CVE-2025-11021#489681

Merged
vcunat merged 1 commit intoNixOS:staging-nextfrom
jasonodoom:libsoup-3-cve-2025-11021
Feb 12, 2026
Merged

libsoup_3: add patch for CVE-2025-11021#489681
vcunat merged 1 commit intoNixOS:staging-nextfrom
jasonodoom:libsoup-3-cve-2025-11021

Conversation

@jasonodoom
Copy link
Member

@jasonodoom jasonodoom commented Feb 12, 2026
edited
Loading

Upstream patch: https://gitlab.gnome.org/GNOME/libsoup/-/commit/9e1a427d2f047439d0320defe1593e6352595788

Fixes: CVE-2025-11021
Issue: #488139

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

github-actions[bot]

This comment was marked as outdated.

Sign in to view

@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-darwin: 101-500 This PR causes between 101 and 500 packages to rebuild on Darwin. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Feb 12, 2026
@jasonodoom jasonodoom force-pushed the libsoup-3-cve-2025-11021 branch from 00c31b1 to ae380d7 Compare February 12, 2026 06:12
@jasonodoom jasonodoom changed the base branch from master to staging-next February 12, 2026 06:12
github-actions[bot]

This comment was marked as outdated.

Sign in to view

@nixpkgs-ci nixpkgs-ci bot closed this Feb 12, 2026
@nixpkgs-ci nixpkgs-ci bot reopened this Feb 12, 2026
@github-actions github-actions bot dismissed their stale review February 12, 2026 06:13

Review dismissed automatically

vcunat
vcunat requested changes Feb 12, 2026
View reviewed changes
@jasonodoom jasonodoom force-pushed the libsoup-3-cve-2025-11021 branch from ae380d7 to 5618939 Compare February 12, 2026 06:42
@jasonodoom jasonodoom requested a review from mweinelt February 12, 2026 06:50
@vcunat vcunat added this pull request to the merge queue Feb 12, 2026
Merged via the queue into NixOS:staging-next with commit 41da9b9 Feb 12, 2026
25 checks passed
@vcunat vcunat changed the title libsoup{_2_4,_3}: add patch for CVE-2025-11021 libsoup_3: add patch for CVE-2025-11021 Feb 12, 2026
@vcunat vcunat added 1.severity: security Issues which raise a security issue, or PRs that fix one backport staging-25.11 Backport PR automatically labels Feb 12, 2026
@nixpkgs-ci nixpkgs-ci bot mentioned this pull request Feb 12, 2026
Merged
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented Feb 12, 2026

Successfully created backport PR for staging-25.11:

@github-actions github-actions bot added the 8.has: port to stable This PR already has a backport to the stable release. label Feb 12, 2026
@vulnpatch-bot
Copy link

vulnpatch-bot commented Feb 13, 2026

This fix was submitted with Vulnpatch — open-source vulnerability patching.

@jasonodoom jasonodoom deleted the libsoup-3-cve-2025-11021 branch February 13, 2026 04:55
whispersofthedawn added a commit to whispersofthedawn/nixpkgs that referenced this pull request Feb 25, 2026
@whispersofthedawn
libsoup_3: drop patches incorporated in 3.6.6
fa66658 
This package currently fails to build during the patch application step
as it includes patches that were incorporated into libsoup 3.6.6. These
patches were introduced in NixOS#468891 and NixOS#489681. Since they are now part
of a regular release, we thus drop these patches.

The List of commits where these changes are present can be seen at
https://gitlab.gnome.org/GNOME/libsoup/-/compare/3.6.5...3.6.6.
@whispersofthedawn whispersofthedawn mentioned this pull request Feb 25, 2026
Merged
13 tasks
vcunat pushed a commit that referenced this pull request Feb 25, 2026
@whispersofthedawn @vcunat
libsoup_3: drop patches incorporated in 3.6.6
9812196 
This package currently fails to build during the patch application step
as it includes patches that were incorporated into libsoup 3.6.6. These
patches were introduced in #468891 and #489681. Since they are now part
of a regular release, we thus drop these patches.

The List of commits where these changes are present can be seen at
https://gitlab.gnome.org/GNOME/libsoup/-/compare/3.6.5...3.6.6.

(cherry picked from commit fa66658)
https://hydra.nixos.org/build/322622408/nixlog/1/tail
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vcunat vcunat vcunat requested changes

@github-actions github-actions[bot] github-actions[bot] left review comments

@7c6f434c 7c6f434c Awaiting requested review from 7c6f434c

@bobby285271 bobby285271 Awaiting requested review from bobby285271

@dasj19 dasj19 Awaiting requested review from dasj19

@hedning hedning Awaiting requested review from hedning

@jtojnar jtojnar Awaiting requested review from jtojnar

@lovek323 lovek323 Awaiting requested review from lovek323

@mweinelt mweinelt Awaiting requested review from mweinelt

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 8.has: port to stable This PR already has a backport to the stable release. 10.rebuild-darwin: 101-500 This PR causes between 101 and 500 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. backport staging-25.11 Backport PR automatically

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jasonodoom @vulnpatch-bot @vcunat