File libsoup-CVE-2026-1539.patch of Package libsoup.42964

From 98c1285d9d78662c38bf14b4a128af01ccfdb446 Mon Sep 17 00:00:00 2001
From: Carlos Garcia Campos <cgarcia@igalia.com>
Date: Tue, 20 Jan 2026 13:17:42 +0100
Subject: [PATCH] Also remove Proxy-Authorization header on cross origin
 redirect

Closes #489
---
 libsoup/soup-session.c |  1 +
 tests/httpd.conf.in    |  1 +
 tests/proxy-test.c     | 34 ++++++++++++++++++++++++++++++++++
 3 files changed, 36 insertions(+)

Index: libsoup-3.0.4/libsoup/soup-session.c
===================================================================
--- libsoup-3.0.4.orig/libsoup/soup-session.c
+++ libsoup-3.0.4/libsoup/soup-session.c
@@ -1267,6 +1267,7 @@ soup_session_redirect_message (SoupSessi
         /* Strip all credentials on cross-origin redirect. */
         if (!soup_uri_host_equal (soup_message_get_uri (msg), new_uri)) {
                 soup_message_headers_remove_common (soup_message_get_request_headers (msg), SOUP_HEADER_AUTHORIZATION);
+		soup_message_headers_remove_common (soup_message_get_request_headers (msg), SOUP_HEADER_PROXY_AUTHORIZATION);
                 soup_message_set_auth (msg, NULL);
         }
 
Index: libsoup-3.0.4/tests/httpd.conf.in
===================================================================
--- libsoup-3.0.4.orig/tests/httpd.conf.in
+++ libsoup-3.0.4/tests/httpd.conf.in
@@ -34,6 +34,7 @@ DirectoryIndex index.txt
 TypesConfig /dev/null
 AddType application/x-httpd-php .php
 Redirect permanent /redirected /index.txt
+Redirect permanent /Basic/realm1/redirected https://127.0.0.1:47525/index.txt
 
 # Proxy #1: unauthenticated
 Listen 127.0.0.1:47526
Index: libsoup-3.0.4/tests/proxy-test.c
===================================================================
--- libsoup-3.0.4.orig/tests/proxy-test.c
+++ libsoup-3.0.4/tests/proxy-test.c
@@ -268,6 +268,39 @@ do_proxy_redirect_test (void)
 	soup_test_session_abort_unref (session);
 }
 
+static void proxy_auth_redirect_message_restarted (SoupMessage *msg)
+{
+        if (soup_message_get_status (msg) != SOUP_STATUS_MOVED_PERMANENTLY)
+                return;
+
+        g_assert_null (soup_message_headers_get_one (soup_message_get_request_headers (msg), "Proxy-Authorization"));
+}
+
+static void
+do_proxy_auth_redirect_test (void)
+{
+        SoupSession *session;
+        SoupMessage *msg;
+        char *url;
+
+        SOUP_TEST_SKIP_IF_NO_APACHE;
+        SOUP_TEST_SKIP_IF_NO_TLS;
+
+        session = soup_test_session_new ("proxy-resolver", proxy_resolvers[AUTH_PROXY], NULL);
+
+        url = g_strconcat (HTTP_SERVER, "/Basic/realm1/redirected", NULL);
+        msg = soup_message_new (SOUP_METHOD_GET, url);
+        g_signal_connect (msg, "authenticate", G_CALLBACK (authenticate), NULL);
+        g_signal_connect (msg, "restarted", G_CALLBACK (proxy_auth_redirect_message_restarted), NULL);
+
+        soup_test_session_send_message (session, msg);
+        soup_test_assert_message_status (msg, SOUP_STATUS_OK);
+
+        g_free (url);
+        g_object_unref (msg);
+        soup_test_session_abort_unref (session);
+}
+
 static void
 do_proxy_auth_request (const char *url, SoupSession *session, gboolean do_read)
 {
@@ -368,6 +401,7 @@ main (int argc, char **argv)
 
 	g_test_add_data_func ("/proxy/fragment", base_uri, do_proxy_fragment_test);
 	g_test_add_func ("/proxy/redirect", do_proxy_redirect_test);
+	g_test_add_func ("/proxy/auth-redirect", do_proxy_auth_redirect_test);
 	g_test_add_func ("/proxy/auth-cache", do_proxy_auth_cache_test);
 
 	ret = g_test_run ();