port to libsoup3

[ffontaine]

No description provided.

[jacmet]

@jsalas98 can this be reviewed please? Given that libsoup 2.x is unmaintained with known security issues it would be good to migrate to 3.x

[michaelgruner]

@kimberlycarvajal can you please validate this? I'm interested in understanding which OS versions include libsoup3 as part of the standard packaging systems and which don't

[jacmet]

@kimberlycarvajal can you please validate this? I'm interested in understanding which OS versions include libsoup3 as part of the standard packaging systems and which don't

E.G. Debian does: https://packages.debian.org/search?keywords=libsoup (and so far also libsoup 2.x). The last 2.x release was 2.74.3 released > 2 years ago: https://gitlab.gnome.org/GNOME/libsoup/-/commit/4a6b9178ded85e269872ffedfb2b18f2754a75d9

There were a number of CVEs earlier this year that are NOT fixed in the upstream git repo, so people are vulnerable unless they have done the backports themselves: https://security-tracker.debian.org/tracker/source-package/libsoup2.4

[michaelgruner]

Makes sense to me. Thanks for the contribution. I'll get this merged after I hear back from Kim.

[kimberlycarvajal]

This change was added since libsoup 3.2, for versions minor to 3.2 it will fail as it expect to use soup_server_unpause_message(). There are some distributions that manage libsoup 3.0.7 version like Ubuntu 22.04. For this case, we will need to add conditional logic to support versions < 3.2 and >= 3.2.

[kimberlycarvajal]

This change was added since libsoup 3.2, for versions minor to 3.2 it will fail as it expect to use soup_server_pause_message(). There are some distributions that manage libsoup 3.0.7 version like Ubuntu 22.04. For this case, we will need to add conditional logic to support versions < 3.2 and >= 3.2.

[kimberlycarvajal]

Hi @ffontaine @jacmet have you been able to check the code comments? It is important to check these version issues before we can proceed with the request

[arkanoid87]

this should be merged asap as distros are dropping libsoup 2.X fast

[michaelgruner]

@kimberlycarvajal can we absorb the changes ourselves? There's a breaking change in libsoup >= 3.2 so we need to do handle the message differently pre and post 3.2.

EDIT: I'm interested in maintaining < 3.2 since Ubuntu 22.04 (which JP5 still comes with) comes with 3.0

[michaelgruner]

@kimberlycarvajal I stand corrected. There is no breaking change in libsoup 3.2. It's actually a very unfortunate situation:

• Gstd adds the libsoup3 include paths
• Another gstd dependency depends on libsoup2
• Libsoup2 include paths get added to the compilation line
• The later get priority so libsoup2 headers get picked up.

The fix should be rather simple: reorder the compilation flags so that libsoup3 gets priority over libsoup2.