fix CVE-2025-32912

reference:ea16eeacb0

Signed-off-by: maoyanping <maoyanping@xfusion.com>
(cherry picked from commit e6061ce3e16c118d97dae5056796e6853ed1af0f)

backport-CVE-2025-32912.patch

@@ -0,0 +1,24 @@
+From acc0e7c802758934ce0a51c4db4e7ea5c3e91ef6 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 17 Apr 2025 19:58:08 +0800
+Subject: [PATCH] backport-CVE-2025-32912
+
+---
+ libsoup/soup-auth-digest.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index e8ba990..c249f02 100644
+--- a/libsoup/soup-auth-digest.c
++++ b/libsoup/soup-auth-digest.c
+@@ -66,6 +66,7 @@ soup_auth_digest_finalize (GObject *object)
+ 	g_free (priv->nonce);
+ 	g_free (priv->domain);
+ 	g_free (priv->cnonce);
++	g_free (priv->opaque);
+ 
+ 	memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
+ 	memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
+-- 
+2.33.0
+

libsoup.spec

@@ -1,6 +1,6 @@
 Name:           libsoup
 Version:        2.74.3
-Release:        5
+Release:        6
 Summary:        An HTTP library implementation
 License:        LGPLv2
 URL:            https://wiki.gnome.org/Projects/libsoup
@@ -23,6 +23,7 @@ Patch6008:      backport-CVE-2025-32052.patch
 Patch6009:      backport-0001-CVE-2025-32053.patch
 Patch6010:      backport-0002-CVE-2025-32053.patch
 Patch6011:      backport-CVE-2025-2784.patch
+Patch6012:      backport-CVE-2025-32912.patch
 
 %description
 libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop,
@@ -74,6 +75,12 @@ sed -i 's/idm[0-9]\{5,32\}/idm12345678912345/g' %{buildroot}%{_datadir}/gtk-doc/
 %{_datadir}/gtk-doc/html/libsoup-2.4/*
 
 %changelog
+* Thu Apr 17 2025 maoyanping <maoyanping@xfusion.com> - 2.74.3-6
+- Type:cves
+- ID:CVE-2025-32912
+- SUG:NA
+- DESC:fix CVE-2025-32912
+
 * Tue Apr 8 2025 zhangpan <zhangpan103@h-partners.com> - 2.74.3-5
 - Type:cves
 - ID:CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-2784