diff --git a/SOURCES/auth-try-all-available.patch b/SOURCES/auth-try-all-available.patch
new file mode 100644
index 0000000..ff35469
--- /dev/null
+++ b/SOURCES/auth-try-all-available.patch
@@ -0,0 +1,51 @@
+From 6a1ab1eebb64f482a949f04fc1442c13ccb55e11 Mon Sep 17 00:00:00 2001
+From: Tomas Popela <tpopela@redhat.com>
+Date: Wed, 27 Sep 2017 19:01:26 +0200
+Subject: [PATCH] Bug 788238 - Fallback to another authentication type if the
+ current failed
+
+Fallback to another authentication type if the current failed. More
+specifically if the Negotiate failed (kerberos is not properly
+configured), then libsoup should fallback to Basic auth (if server
+supports it). Currently in such case it is not possible to load the
+page at all (in WebKitGTK+).
+---
+ libsoup/soup-auth-manager.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/libsoup/soup-auth-manager.c b/libsoup/soup-auth-manager.c
+index b32ba900..62fe9c40 100644
+--- a/libsoup/soup-auth-manager.c
++++ b/libsoup/soup-auth-manager.c
+@@ -354,7 +354,7 @@ create_auth (SoupAuthManagerPrivate *priv, SoupMessage *msg)
+ 	const char *header;
+ 	SoupAuthClass *auth_class;
+ 	char *challenge = NULL;
+-	SoupAuth *auth;
++	SoupAuth *auth = NULL;
+ 	int i;
+ 
+ 	header = auth_header_for_message (msg);
+@@ -364,14 +364,14 @@ create_auth (SoupAuthManagerPrivate *priv, SoupMessage *msg)
+ 	for (i = priv->auth_types->len - 1; i >= 0; i--) {
+ 		auth_class = priv->auth_types->pdata[i];
+ 		challenge = soup_auth_manager_extract_challenge (header, auth_class->scheme_name);
+-		if (challenge)
++		if (!challenge)
++			continue;
++		auth = soup_auth_new (G_TYPE_FROM_CLASS (auth_class), msg, challenge);
++		g_free (challenge);
++		if (auth)
+ 			break;
+ 	}
+-	if (!challenge)
+-		return NULL;
+ 
+-	auth = soup_auth_new (G_TYPE_FROM_CLASS (auth_class), msg, challenge);
+-	g_free (challenge);
+ 	return auth;
+ }
+ 
+-- 
+2.14.2
+
diff --git a/SOURCES/crash-under-soup_socket_new.patch b/SOURCES/crash-under-soup_socket_new.patch
new file mode 100644
index 0000000..ea511f2
--- /dev/null
+++ b/SOURCES/crash-under-soup_socket_new.patch
@@ -0,0 +1,52 @@
+diff -up libsoup-2.56.0/libsoup/soup-session.c.crash-under-soup_socket_new libsoup-2.56.0/libsoup/soup-session.c
+--- libsoup-2.56.0/libsoup/soup-session.c.crash-under-soup_socket_new	2016-09-16 17:14:27.000000000 +0200
++++ libsoup-2.56.0/libsoup/soup-session.c	2017-11-15 17:20:52.660392432 +0100
+@@ -369,6 +369,7 @@ soup_session_finalize (GObject *object)
+ 	G_OBJECT_CLASS (soup_session_parent_class)->finalize (object);
+ }
+ 
++/* requires conn_lock */
+ static void
+ ensure_socket_props (SoupSession *session)
+ {
+@@ -784,11 +785,13 @@ soup_session_set_property (GObject *obje
+ 		break;
+ 	}
+ 
++	g_mutex_lock (&priv->conn_lock);
+ 	if (priv->socket_props && socket_props_changed) {
+ 		soup_socket_properties_unref (priv->socket_props);
+ 		priv->socket_props = NULL;
+ 		ensure_socket_props (session);
+ 	}
++	g_mutex_unlock (&priv->conn_lock);
+ }
+ 
+ static void
+@@ -808,7 +811,9 @@ soup_session_get_property (GObject *obje
+ 		g_value_set_boxed (value, priv->proxy_uri);
+ 		break;
+ 	case PROP_PROXY_RESOLVER:
++		g_mutex_lock (&priv->conn_lock);
+ 		ensure_socket_props (session);
++		g_mutex_unlock (&priv->conn_lock);
+ 		g_value_set_object (value, priv->proxy_resolver);
+ 		break;
+ 	case PROP_MAX_CONNS:
+@@ -829,12 +834,16 @@ soup_session_get_property (GObject *obje
+ 		break;
+ 	case PROP_SSL_USE_SYSTEM_CA_FILE:
+ 		tlsdb = g_tls_backend_get_default_database (g_tls_backend_get_default ());
++		g_mutex_lock (&priv->conn_lock);
+ 		ensure_socket_props (session);
++		g_mutex_unlock (&priv->conn_lock);
+ 		g_value_set_boolean (value, priv->tlsdb == tlsdb);
+ 		g_clear_object (&tlsdb);
+ 		break;
+ 	case PROP_TLS_DATABASE:
++		g_mutex_lock (&priv->conn_lock);
+ 		ensure_socket_props (session);
++		g_mutex_unlock (&priv->conn_lock);
+ 		g_value_set_object (value, priv->tlsdb);
+ 		break;
+ 	case PROP_TLS_INTERACTION:
diff --git a/SPECS/libsoup.spec b/SPECS/libsoup.spec
index 0b0b2c9..197b89f 100644
--- a/SPECS/libsoup.spec
+++ b/SPECS/libsoup.spec
@@ -2,7 +2,7 @@
 
 Name: libsoup
 Version: 2.56.0
-Release: 4%{?dist}
+Release: 6%{?dist}
 Summary: Soup, an HTTP library implementation
 
 License: LGPLv2
@@ -22,6 +22,11 @@ Patch05: tcms-site-warning.patch
 # https://bugzilla.gnome.org/show_bug.cgi?id=785774
 # https://bugzilla.redhat.com/show_bug.cgi?id=1479281
 Patch06: chunked-decoding-buffer-overrun-CVE-2017-2885.patch
+# http://bugzilla.gnome.org/show_bug.cgi?id=788238
+# https://bugzilla.redhat.com/show_bug.cgi?id=1495552
+Patch07: auth-try-all-available.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1513355
+Patch08: crash-under-soup_socket_new.patch
 
 BuildRequires: glib2-devel >= %{glib2_version}
 BuildRequires: glib-networking
@@ -62,6 +67,8 @@ you to develop applications that use the libsoup library.
 %patch04 -p1 -b .negotiate-connection-close
 %patch05 -p1 -b .tcms-site-warning
 %patch06 -p1 -b .cve-2017-2885
+%patch07 -p1 -b .auth-try-all
+%patch08 -p1 -b .crash-under-soup_socket_new
 
 %build
 %configure --disable-static
@@ -101,8 +108,14 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
 %{_datadir}/vala/vapi/libsoup-2.4.vapi
 
 %changelog
+* Wed Nov 15 2017 Milan Crha <mcrha@redhat.com> - 2.56.0-6
+- Fix for crash under soup_socket_new() (rh #1513355)
+
+* Fri Sep 29 2017 Tomas Popela <tpopela@redhat.com> - 2.56.0-5
+- libsoup should fallback to another authentication type if the current failed (rh #1495552)
+
 * Wed Aug 09 2017 Tomas Popela <tpopela@redhat.com> - 2.56.0-4
-- Fix chunked decoding buffer overrun (CVE-2017-2885) (rh #1479322)
+- Fix chunked decoding buffer overrun (CVE-2017-2885) (rh #1479321)
 
 * Thu Jun 22 2017 Tomas Popela <tpopela@redhat.com> - 2.56.0-3
 - libsoup stuck on infinite loop for kerberized pages (rh #1439798)