diff --git a/.gitignore b/.gitignore
index 48a8fc3..c00574f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/libsoup-2.56.0.tar.xz
+SOURCES/libsoup-2.62.2.tar.xz
diff --git a/.libsoup.metadata b/.libsoup.metadata
index 625b2a6..ffb840d 100644
--- a/.libsoup.metadata
+++ b/.libsoup.metadata
@@ -1 +1 @@
-faf72c678d013b8ad9d1d9eecc7e7da8a93c4dd1 SOURCES/libsoup-2.56.0.tar.xz
+d4efdf3f5a3767b11aa60883b9a3a01b2dc6d97d SOURCES/libsoup-2.62.2.tar.xz
diff --git a/SOURCES/0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch b/SOURCES/0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch
new file mode 100644
index 0000000..843b2e6
--- /dev/null
+++ b/SOURCES/0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch
@@ -0,0 +1,29 @@
+From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@igalia.com>
+Date: Sun, 24 Jun 2018 19:46:19 -0500
+Subject: [PATCH] cookie-jar: bail if hostname is an empty string
+
+There are several other ways to fix the problem with this function, but
+skipping over all of the code is probably the simplest.
+
+Fixes #3
+---
+ libsoup/soup-cookie-jar.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
+index 2369c8a..b2b7890 100644
+--- a/libsoup/soup-cookie-jar.c
++++ b/libsoup/soup-cookie-jar.c
+@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
+ 
+ 	priv = soup_cookie_jar_get_instance_private (jar);
+ 
+-	if (!uri->host)
++	if (!uri->host || !uri->host[0])
+ 		return NULL;
+ 
+ 	/* The logic here is a little weird, but the plan is that if
+-- 
+2.17.1
+
diff --git a/SOURCES/auth-try-all-available.patch b/SOURCES/auth-try-all-available.patch
deleted file mode 100644
index ff35469..0000000
--- a/SOURCES/auth-try-all-available.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 6a1ab1eebb64f482a949f04fc1442c13ccb55e11 Mon Sep 17 00:00:00 2001
-From: Tomas Popela <tpopela@redhat.com>
-Date: Wed, 27 Sep 2017 19:01:26 +0200
-Subject: [PATCH] Bug 788238 - Fallback to another authentication type if the
- current failed
-
-Fallback to another authentication type if the current failed. More
-specifically if the Negotiate failed (kerberos is not properly
-configured), then libsoup should fallback to Basic auth (if server
-supports it). Currently in such case it is not possible to load the
-page at all (in WebKitGTK+).
----
- libsoup/soup-auth-manager.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/libsoup/soup-auth-manager.c b/libsoup/soup-auth-manager.c
-index b32ba900..62fe9c40 100644
---- a/libsoup/soup-auth-manager.c
-+++ b/libsoup/soup-auth-manager.c
-@@ -354,7 +354,7 @@ create_auth (SoupAuthManagerPrivate *priv, SoupMessage *msg)
- 	const char *header;
- 	SoupAuthClass *auth_class;
- 	char *challenge = NULL;
--	SoupAuth *auth;
-+	SoupAuth *auth = NULL;
- 	int i;
- 
- 	header = auth_header_for_message (msg);
-@@ -364,14 +364,14 @@ create_auth (SoupAuthManagerPrivate *priv, SoupMessage *msg)
- 	for (i = priv->auth_types->len - 1; i >= 0; i--) {
- 		auth_class = priv->auth_types->pdata[i];
- 		challenge = soup_auth_manager_extract_challenge (header, auth_class->scheme_name);
--		if (challenge)
-+		if (!challenge)
-+			continue;
-+		auth = soup_auth_new (G_TYPE_FROM_CLASS (auth_class), msg, challenge);
-+		g_free (challenge);
-+		if (auth)
- 			break;
- 	}
--	if (!challenge)
--		return NULL;
- 
--	auth = soup_auth_new (G_TYPE_FROM_CLASS (auth_class), msg, challenge);
--	g_free (challenge);
- 	return auth;
- }
- 
--- 
-2.14.2
-
diff --git a/SOURCES/chunked-decoding-buffer-overrun-CVE-2017-2885.patch b/SOURCES/chunked-decoding-buffer-overrun-CVE-2017-2885.patch
deleted file mode 100644
index 87970de..0000000
--- a/SOURCES/chunked-decoding-buffer-overrun-CVE-2017-2885.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 34d361188adc4b4a81457bcffb14588d84078e79 Mon Sep 17 00:00:00 2001
-From: Dan Winship <danw@gnome.org>
-Date: Thu, 3 Aug 2017 09:56:43 -0400
-Subject: [PATCH] Fix chunked decoding buffer overrun (CVE-2017-2885)
-
-https://bugzilla.gnome.org/show_bug.cgi?id=785774
----
- libsoup/soup-filter-input-stream.c | 22 +++++++++++-----------
- 1 file changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/libsoup/soup-filter-input-stream.c b/libsoup/soup-filter-input-stream.c
-index cde4d12..2c30bf9 100644
---- a/libsoup/soup-filter-input-stream.c
-+++ b/libsoup/soup-filter-input-stream.c
-@@ -198,7 +198,7 @@ soup_filter_input_stream_read_until (SoupFilterInputStream  *fstream,
- 				     GCancellable           *cancellable,
- 				     GError                **error)
- {
--	gssize nread;
-+	gssize nread, read_length;
- 	guint8 *p, *buf, *end;
- 	gboolean eof = FALSE;
- 	GError *my_error = NULL;
-@@ -251,10 +251,11 @@ soup_filter_input_stream_read_until (SoupFilterInputStream  *fstream,
- 	} else
- 		buf = fstream->priv->buf->data;
- 
--	/* Scan for the boundary */
--	end = buf + fstream->priv->buf->len;
--	if (!eof)
--		end -= boundary_length;
-+	/* Scan for the boundary within the range we can possibly return. */
-+	if (include_boundary)
-+		end = buf + MIN (fstream->priv->buf->len, length) - boundary_length;
-+	else
-+		end = buf + MIN (fstream->priv->buf->len - boundary_length, length);
- 	for (p = buf; p <= end; p++) {
- 		if (*p == *(guint8*)boundary &&
- 		    !memcmp (p, boundary, boundary_length)) {
-@@ -268,10 +269,9 @@ soup_filter_input_stream_read_until (SoupFilterInputStream  *fstream,
- 	if (!*got_boundary && fstream->priv->buf->len < length && !eof)
- 		goto fill_buffer;
- 
--	/* Return everything up to 'p' (which is either just after the boundary if
--	 * include_boundary is TRUE, just before the boundary if include_boundary is
--	 * FALSE, @boundary_len - 1 bytes before the end of the buffer, or end-of-
--	 * file).
--	 */
--	return read_from_buf (fstream, buffer, p - buf);
-+	if (eof && !*got_boundary)
-+		read_length = MIN (fstream->priv->buf->len, length);
-+	else
-+		read_length = p - buf;
-+	return read_from_buf (fstream, buffer, read_length);
- }
--- 
-2.9.4
\ No newline at end of file
diff --git a/SOURCES/coverity-scan-issues.patch b/SOURCES/coverity-scan-issues.patch
index ffa1d30..16fe807 100644
--- a/SOURCES/coverity-scan-issues.patch
+++ b/SOURCES/coverity-scan-issues.patch
@@ -1,5 +1,23 @@
+diff --git a/libsoup/soup-address.c b/libsoup/soup-address.c
+index 0351db50..9c0b0a45 100644
+--- a/libsoup/soup-address.c
++++ b/libsoup/soup-address.c
+@@ -1183,10 +1183,10 @@ got_addresses (SoupAddress *addr, guint status, gpointer user_data)
+ 	if (error)
+ 		g_task_return_error (task, g_error_copy (error));
+ 	else {
+-		GSocketAddress *addr;
++		GSocketAddress *socket_addr;
+ 
+-		addr = next_address (g_task_get_source_object (task));
+-		g_task_return_pointer (task, addr, g_object_unref);
++		socket_addr = next_address (g_task_get_source_object (task));
++		g_task_return_pointer (task, socket_addr, g_object_unref);
+ 	}
+ 	g_object_unref (task);
+ }
 diff --git a/libsoup/soup-auth-basic.c b/libsoup/soup-auth-basic.c
-index 5f1e718..d8b3226 100644
+index 5f1e7186..d8b32264 100644
 --- a/libsoup/soup-auth-basic.c
 +++ b/libsoup/soup-auth-basic.c
 @@ -74,7 +74,7 @@ soup_auth_basic_get_protection_space (SoupAuth *auth, SoupURI *source_uri)
@@ -11,21 +29,490 @@ index 5f1e718..d8b3226 100644
  		p[1] = '\0';
  	else if (p && p[1])
  		*p = '\0';
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index eda2a93c..45dd35be 100644
+--- a/libsoup/soup-auth-digest.c
++++ b/libsoup/soup-auth-digest.c
+@@ -343,7 +343,7 @@ soup_auth_digest_compute_response (const char        *method,
+ 	g_checksum_update (checksum, (guchar *)method, strlen (method));
+ 	g_checksum_update (checksum, (guchar *)":", 1);
+ 	g_checksum_update (checksum, (guchar *)uri, strlen (uri));
+-	strncpy (hex_a2, g_checksum_get_string (checksum), 33);
++	memcpy (hex_a2, g_checksum_get_string (checksum), sizeof (char) * 33);
+ 	g_checksum_free (checksum);
+ 
+ 	/* compute KD */
 diff --git a/libsoup/soup-auth-negotiate.c b/libsoup/soup-auth-negotiate.c
-index 94863d6..f94760c 100644
+index 1fdf142d..941e49be 100644
 --- a/libsoup/soup-auth-negotiate.c
 +++ b/libsoup/soup-auth-negotiate.c
-@@ -268,7 +268,7 @@ soup_auth_negotiate_update_connection (SoupConnectionAuth *auth, SoupMessage *ms
- 		} else {
+@@ -200,9 +200,9 @@ soup_auth_negotiate_get_connection_authorization (SoupConnectionAuth *auth,
  			/* FIXME: report further upward via
  			 * soup_message_get_error_message  */
--			g_warning ("gssapi step failed: %s", err->message);
-+			g_warning ("gssapi step failed: %s", err ? err->message : "Unknown error");
+ 			if (conn->initialized)
+-				g_warning ("gssapi step failed: %s", err->message);
++				g_warning ("gssapi step failed: %s", err ? err->message : "Internal error");
+ 			else
+-				g_warning ("gssapi init failed: %s", err->message);
++				g_warning ("gssapi init failed: %s", err ? err->message : "Internal error");
+ 			conn->state = SOUP_NEGOTIATE_FAILED;
+ 			g_clear_error (&err);
+ 
+@@ -274,9 +274,9 @@ soup_auth_negotiate_update_connection (SoupConnectionAuth *auth, SoupMessage *ms
+ 			/* FIXME: report further upward via
+ 			 * soup_message_get_error_message  */
+ 			if (conn->initialized)
+-				g_warning ("gssapi step failed: %s", err->message);
++				g_warning ("gssapi step failed: %s", err ? err->message : "Internal error");
+ 			else
+-				g_warning ("gssapi init failed: %s", err->message);
++				g_warning ("gssapi init failed: %s", err ? err->message : "Internal error");
  			success = FALSE;
  		}
  	} else if (!strncmp (header, "Negotiate ", 10)) {
+diff --git a/libsoup/soup-auth-ntlm.c b/libsoup/soup-auth-ntlm.c
+index 19a551ee..f4009aa8 100644
+--- a/libsoup/soup-auth-ntlm.c
++++ b/libsoup/soup-auth-ntlm.c
+@@ -810,7 +810,7 @@ soup_ntlm_response (const char *nonce,
+ 	ntlm_set_string (&resp.nt_resp, &offset, sizeof (nt_resp));
+ 
+ 	out = g_malloc (((offset + 3) * 4) / 3 + 6);
+-	strncpy (out, "NTLM ", 5);
++	memcpy (out, "NTLM ", 5);
+ 	p = out + 5;
+ 
+ 	state = save = 0;
+diff --git a/libsoup/soup-auth.c b/libsoup/soup-auth.c
+index 00aa405e..48f39359 100644
+--- a/libsoup/soup-auth.c
++++ b/libsoup/soup-auth.c
+@@ -107,13 +107,9 @@ soup_auth_get_property (GObject *object, guint prop_id,
+ 		g_value_set_string (value, soup_auth_get_scheme_name (auth));
+ 		break;
+ 	case PROP_REALM:
+-		if (auth->realm)
+-			g_free (auth->realm);
+ 		g_value_set_string (value, soup_auth_get_realm (auth));
+ 		break;
+ 	case PROP_HOST:
+-		if (priv->host)
+-			g_free (priv->host);
+ 		g_value_set_string (value, soup_auth_get_host (auth));
+ 		break;
+ 	case PROP_IS_FOR_PROXY:
+@@ -349,10 +345,12 @@ soup_auth_authenticate (SoupAuth *auth, const char *username, const char *passwo
+ gboolean
+ soup_auth_is_for_proxy (SoupAuth *auth)
+ {
+-	SoupAuthPrivate *priv = soup_auth_get_instance_private (auth);
++	SoupAuthPrivate *priv;
+ 
+ 	g_return_val_if_fail (SOUP_IS_AUTH (auth), FALSE);
+ 
++	priv = soup_auth_get_instance_private (auth);
++
+ 	return priv->proxy;
+ }
+ 
+@@ -367,9 +365,14 @@ soup_auth_is_for_proxy (SoupAuth *auth)
+ const char *
+ soup_auth_get_scheme_name (SoupAuth *auth)
+ {
++	SoupAuthClass *klass;
++
+ 	g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL);
+ 
+-	return SOUP_AUTH_GET_CLASS (auth)->scheme_name;
++	klass = SOUP_AUTH_GET_CLASS (auth);
++	g_return_val_if_fail (klass != NULL, NULL);
++
++	return klass->scheme_name;
+ }
+ 
+ /**
+@@ -383,10 +386,12 @@ soup_auth_get_scheme_name (SoupAuth *auth)
+ const char *
+ soup_auth_get_host (SoupAuth *auth)
+ {
+-	SoupAuthPrivate *priv = soup_auth_get_instance_private (auth);
++	SoupAuthPrivate *priv;
+ 
+ 	g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL);
+ 
++	priv = soup_auth_get_instance_private (auth);
++
+ 	return priv->host;
+ }
+ 
+@@ -423,13 +428,18 @@ soup_auth_get_realm (SoupAuth *auth)
+ char *
+ soup_auth_get_info (SoupAuth *auth)
+ {
++	SoupAuthClass *klass;
++
+ 	g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL);
+ 
++	klass = SOUP_AUTH_GET_CLASS (auth);
++	g_return_val_if_fail (klass != NULL, NULL);
++
+ 	if (SOUP_IS_CONNECTION_AUTH (auth))
+-		return g_strdup (SOUP_AUTH_GET_CLASS (auth)->scheme_name);
++		return g_strdup (klass->scheme_name);
+ 	else {
+ 		return g_strdup_printf ("%s:%s",
+-					SOUP_AUTH_GET_CLASS (auth)->scheme_name,
++					klass->scheme_name,
+ 					auth->realm);
+ 	}
+ }
+@@ -445,9 +455,14 @@ soup_auth_get_info (SoupAuth *auth)
+ gboolean
+ soup_auth_is_authenticated (SoupAuth *auth)
+ {
++	SoupAuthClass *klass;
++
+ 	g_return_val_if_fail (SOUP_IS_AUTH (auth), TRUE);
+ 
+-	return SOUP_AUTH_GET_CLASS (auth)->is_authenticated (auth);
++	klass = SOUP_AUTH_GET_CLASS (auth);
++	g_return_val_if_fail (klass != NULL, TRUE);
++
++	return klass->is_authenticated (auth);
+ }
+ 
+ /**
+@@ -464,10 +479,15 @@ soup_auth_is_authenticated (SoupAuth *auth)
+ char *
+ soup_auth_get_authorization (SoupAuth *auth, SoupMessage *msg)
+ {
++	SoupAuthClass *klass;
++
+ 	g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL);
+ 	g_return_val_if_fail (msg != NULL, NULL);
+ 
+-	return SOUP_AUTH_GET_CLASS (auth)->get_authorization (auth, msg);
++	klass = SOUP_AUTH_GET_CLASS (auth);
++	g_return_val_if_fail (klass != NULL, NULL);
++
++	return klass->get_authorization (auth, msg);
+ }
+ 
+ /**
+@@ -488,13 +508,18 @@ gboolean
+ soup_auth_is_ready (SoupAuth    *auth,
+ 		    SoupMessage *msg)
+ {
++	SoupAuthClass *klass;
++
+ 	g_return_val_if_fail (SOUP_IS_AUTH (auth), TRUE);
+ 	g_return_val_if_fail (SOUP_IS_MESSAGE (msg), TRUE);
+ 
+-	if (SOUP_AUTH_GET_CLASS (auth)->is_ready)
+-		return SOUP_AUTH_GET_CLASS (auth)->is_ready (auth, msg);
++	klass = SOUP_AUTH_GET_CLASS (auth);
++	g_return_val_if_fail (klass != NULL, TRUE);
++
++	if (klass->is_ready)
++		return klass->is_ready (auth, msg);
+ 	else
+-		return SOUP_AUTH_GET_CLASS (auth)->is_authenticated (auth);
++		return klass->is_authenticated (auth);
+ }
+ 
+ /**
+@@ -511,9 +536,14 @@ soup_auth_is_ready (SoupAuth    *auth,
+ gboolean
+ soup_auth_can_authenticate (SoupAuth *auth)
+ {
++	SoupAuthClass *klass;
++
+ 	g_return_val_if_fail (SOUP_IS_AUTH (auth), FALSE);
+ 
+-	return SOUP_AUTH_GET_CLASS (auth)->can_authenticate (auth);
++	klass = SOUP_AUTH_GET_CLASS (auth);
++	g_return_val_if_fail (klass != NULL, FALSE);
++
++	return klass->can_authenticate (auth);
+ }
+ 
+ /**
+@@ -533,10 +563,15 @@ soup_auth_can_authenticate (SoupAuth *auth)
+ GSList *
+ soup_auth_get_protection_space (SoupAuth *auth, SoupURI *source_uri)
+ {
++	SoupAuthClass *klass;
++
+ 	g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL);
+ 	g_return_val_if_fail (source_uri != NULL, NULL);
+ 
+-	return SOUP_AUTH_GET_CLASS (auth)->get_protection_space (auth, source_uri);
++	klass = SOUP_AUTH_GET_CLASS (auth);
++	g_return_val_if_fail (klass != NULL, NULL);
++
++	return klass->get_protection_space (auth, source_uri);
+ }
+ 
+ /**
+diff --git a/libsoup/soup-body-output-stream.c b/libsoup/soup-body-output-stream.c
+index 314d7ee9..58e9b3ee 100644
+--- a/libsoup/soup-body-output-stream.c
++++ b/libsoup/soup-body-output-stream.c
+@@ -162,7 +162,6 @@ again:
+ 	case SOUP_BODY_OUTPUT_STREAM_STATE_CHUNK_SIZE:
+ 		g_snprintf (buf, sizeof (bostream->priv->buf),
+ 			    "%lx\r\n", (gulong)count);
+-		len = strlen (buf);
+ 
+ 		if (count > 0)
+ 			bostream->priv->chunked_state = SOUP_BODY_OUTPUT_STREAM_STATE_CHUNK;
+@@ -182,13 +181,11 @@ again:
+ 
+ 	case SOUP_BODY_OUTPUT_STREAM_STATE_CHUNK_END:
+ 		strncpy (buf, "\r\n", sizeof (bostream->priv->buf));
+-		len = 2;
+ 		bostream->priv->chunked_state = SOUP_BODY_OUTPUT_STREAM_STATE_DONE;
+ 		break;
+ 
+ 	case SOUP_BODY_OUTPUT_STREAM_STATE_TRAILERS:
+ 		strncpy (buf, "\r\n", sizeof (bostream->priv->buf));
+-		len = 2;
+ 		bostream->priv->chunked_state = SOUP_BODY_OUTPUT_STREAM_STATE_DONE;
+ 		break;
+ 
+diff --git a/libsoup/soup-cache.c b/libsoup/soup-cache.c
+index 682625e6..63c13121 100644
+--- a/libsoup/soup-cache.c
++++ b/libsoup/soup-cache.c
+@@ -822,6 +822,9 @@ soup_cache_content_processor_wrap_input (SoupContentProcessor *processor,
+ 	StreamHelper *helper;
+ 	time_t request_time, response_time;
+ 
++	g_return_val_if_fail (SOUP_IS_CACHE (cache), NULL);
++	g_return_val_if_fail (SOUP_IS_MESSAGE (msg), NULL);
++
+ 	/* First of all, check if we should cache the resource. */
+ 	cacheability = soup_cache_get_cacheability (cache, msg);
+ 	entry = soup_cache_entry_lookup (cache, msg);
+@@ -1075,6 +1078,9 @@ soup_cache_has_response (SoupCache *cache, SoupMessage *msg)
+ 	int max_age, max_stale, min_fresh;
+ 	GList *lru_item, *item;
+ 
++	g_return_val_if_fail (SOUP_IS_CACHE (cache), SOUP_CACHE_RESPONSE_STALE);
++	g_return_val_if_fail (SOUP_IS_MESSAGE (msg), SOUP_CACHE_RESPONSE_STALE);
++
+ 	entry = soup_cache_entry_lookup (cache, msg);
+ 
+ 	/* 1. The presented Request-URI and that of stored response
+@@ -1226,10 +1232,15 @@ soup_cache_has_response (SoupCache *cache, SoupMessage *msg)
+ SoupCacheability
+ soup_cache_get_cacheability (SoupCache *cache, SoupMessage *msg)
+ {
++	SoupCacheClass *klass;
++
+ 	g_return_val_if_fail (SOUP_IS_CACHE (cache), SOUP_CACHE_UNCACHEABLE);
+ 	g_return_val_if_fail (SOUP_IS_MESSAGE (msg), SOUP_CACHE_UNCACHEABLE);
+ 
+-	return SOUP_CACHE_GET_CLASS (cache)->get_cacheability (cache, msg);
++	klass = SOUP_CACHE_GET_CLASS (cache);
++	g_return_val_if_fail (klass != NULL, SOUP_CACHE_UNCACHEABLE);
++
++	return klass->get_cacheability (cache, msg);
+ }
+ 
+ static gboolean
+@@ -1404,6 +1415,9 @@ soup_cache_cancel_conditional_request (SoupCache   *cache,
+ {
+ 	SoupCacheEntry *entry;
+ 
++	g_return_if_fail (SOUP_IS_CACHE (cache));
++	g_return_if_fail (SOUP_IS_MESSAGE (msg));
++
+ 	entry = soup_cache_entry_lookup (cache, msg);
+ 	if (entry)
+ 		entry->being_validated = FALSE;
+@@ -1415,7 +1429,12 @@ void
+ soup_cache_update_from_conditional_request (SoupCache   *cache,
+ 					    SoupMessage *msg)
+ {
+-	SoupCacheEntry *entry = soup_cache_entry_lookup (cache, msg);
++	SoupCacheEntry *entry;
++
++	g_return_if_fail (SOUP_IS_CACHE (cache));
++	g_return_if_fail (SOUP_IS_MESSAGE (msg));
++
++	entry = soup_cache_entry_lookup (cache, msg);
+ 	if (!entry)
+ 		return;
+ 
+diff --git a/libsoup/soup-connection-auth.c b/libsoup/soup-connection-auth.c
+index f55cfe6b..a44013e3 100644
+--- a/libsoup/soup-connection-auth.c
++++ b/libsoup/soup-connection-auth.c
+@@ -39,8 +39,14 @@ soup_connection_auth_free_connection_state (SoupConnectionAuth *auth,
+ 					    SoupConnection     *conn,
+ 					    gpointer            state)
+ {
++	SoupConnectionAuthClass *klass;
++
+ 	g_signal_handlers_disconnect_by_func (conn, G_CALLBACK (connection_disconnected), auth);
+-	SOUP_CONNECTION_AUTH_GET_CLASS (auth)->free_connection_state (auth, state);
++
++	klass = SOUP_CONNECTION_AUTH_GET_CLASS (auth);
++	g_return_if_fail (klass != NULL);
++
++	klass->free_connection_state (auth, state);
+ }
+ 
+ static void
+@@ -91,6 +97,7 @@ soup_connection_auth_get_connection_state_for_message (SoupConnectionAuth *auth,
+ 						       SoupMessage *msg)
+ {
+ 	SoupConnection *conn;
++	SoupConnectionAuthClass *klass;
+ 	gpointer state;
+ 
+ 	g_return_val_if_fail (SOUP_IS_CONNECTION_AUTH (auth), NULL);
+@@ -101,7 +108,10 @@ soup_connection_auth_get_connection_state_for_message (SoupConnectionAuth *auth,
+ 	if (state)
+ 		return state;
+ 
+-	state = SOUP_CONNECTION_AUTH_GET_CLASS (auth)->create_connection_state (auth);
++	klass = SOUP_CONNECTION_AUTH_GET_CLASS (auth);
++	g_return_val_if_fail (klass != NULL, NULL);
++
++	state = klass->create_connection_state (auth);
+ 	if (conn) {
+ 		g_signal_connect (conn, "disconnected",
+ 				  G_CALLBACK (connection_disconnected), auth);
+@@ -117,12 +127,15 @@ soup_connection_auth_update (SoupAuth    *auth,
+ 			     GHashTable  *auth_params)
+ {
+ 	SoupConnectionAuth *cauth = SOUP_CONNECTION_AUTH (auth);
++	SoupConnectionAuthClass *klass = SOUP_CONNECTION_AUTH_GET_CLASS (auth);
+ 	gpointer conn = soup_connection_auth_get_connection_state_for_message (cauth, msg);
+ 	GHashTableIter iter;
+ 	GString *auth_header;
+ 	gpointer key, value;
+ 	gboolean result;
+ 
++	g_return_val_if_fail (klass != NULL, FALSE);
++
+ 	/* Recreate @auth_header out of @auth_params. If the
+ 	 * base64 data ended with 1 or more "="s, then it
+ 	 * will have been parsed as key=value. Otherwise
+@@ -147,8 +160,7 @@ soup_connection_auth_update (SoupAuth    *auth,
+ 		}
+ 	}
+ 
+-	result = SOUP_CONNECTION_AUTH_GET_CLASS (auth)->
+-		update_connection (cauth, msg, auth_header->str, conn);
++	result = klass->update_connection (cauth, msg, auth_header->str, conn);
+ 
+ 	g_string_free (auth_header, TRUE);
+ 	return result;
+@@ -159,10 +171,13 @@ soup_connection_auth_get_authorization (SoupAuth    *auth,
+ 					SoupMessage *msg)
+ {
+ 	SoupConnectionAuth *cauth = SOUP_CONNECTION_AUTH (auth);
++	SoupConnectionAuthClass *klass;
+ 	gpointer conn = soup_connection_auth_get_connection_state_for_message (cauth, msg);
+ 
+-	return SOUP_CONNECTION_AUTH_GET_CLASS (auth)->
+-		get_connection_authorization (cauth, msg, conn);
++	klass = SOUP_CONNECTION_AUTH_GET_CLASS (auth);
++	g_return_val_if_fail (klass != NULL, NULL);
++
++	return klass->get_connection_authorization (cauth, msg, conn);
+ }
+ 
+ static gboolean
+@@ -170,10 +185,13 @@ soup_connection_auth_is_ready (SoupAuth    *auth,
+ 			       SoupMessage *msg)
+ {
+ 	SoupConnectionAuth *cauth = SOUP_CONNECTION_AUTH (auth);
++	SoupConnectionAuthClass *klass;
+ 	gpointer conn = soup_connection_auth_get_connection_state_for_message (cauth, msg);
+ 
+-	return SOUP_CONNECTION_AUTH_GET_CLASS (auth)->
+-		is_connection_ready (SOUP_CONNECTION_AUTH (auth), msg, conn);
++	klass = SOUP_CONNECTION_AUTH_GET_CLASS (auth);
++	g_return_val_if_fail (klass != NULL, FALSE);
++
++	return klass->is_connection_ready (SOUP_CONNECTION_AUTH (auth), msg, conn);
+ }
+ 
+ static void
+diff --git a/libsoup/soup-content-sniffer-stream.c b/libsoup/soup-content-sniffer-stream.c
+index b8a8c97e..7f74c705 100644
+--- a/libsoup/soup-content-sniffer-stream.c
++++ b/libsoup/soup-content-sniffer-stream.c
+@@ -167,7 +167,8 @@ read_internal (GInputStream  *stream,
+ 
+ 	if (sniffer->priv->buffer) {
+ 		nread = MIN (count, sniffer->priv->buffer_nread);
+-		memcpy (buffer, sniffer->priv->buffer, nread);
++		if (buffer)
++			memcpy (buffer, sniffer->priv->buffer, nread);
+ 		if (nread == sniffer->priv->buffer_nread) {
+ 			g_free (sniffer->priv->buffer);
+ 			sniffer->priv->buffer = NULL;
+diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
+index 7573fde5..20e10d71 100644
+--- a/libsoup/soup-content-sniffer.c
++++ b/libsoup/soup-content-sniffer.c
+@@ -925,11 +925,16 @@ soup_content_sniffer_sniff (SoupContentSniffer *sniffer,
+ 			    SoupMessage *msg, SoupBuffer *buffer,
+ 			    GHashTable **params)
+ {
++	SoupContentSnifferClass *klass;
++
+ 	g_return_val_if_fail (SOUP_IS_CONTENT_SNIFFER (sniffer), NULL);
+ 	g_return_val_if_fail (SOUP_IS_MESSAGE (msg), NULL);
+ 	g_return_val_if_fail (buffer != NULL, NULL);
+ 
+-	return SOUP_CONTENT_SNIFFER_GET_CLASS (sniffer)->sniff (sniffer, msg, buffer, params);
++	klass = SOUP_CONTENT_SNIFFER_GET_CLASS (sniffer);
++	g_return_val_if_fail (klass != NULL, NULL);
++
++	return klass->sniff (sniffer, msg, buffer, params);
+ }
+ 
+ /**
+@@ -946,7 +951,12 @@ soup_content_sniffer_sniff (SoupContentSniffer *sniffer,
+ gsize
+ soup_content_sniffer_get_buffer_size (SoupContentSniffer *sniffer)
+ {
++	SoupContentSnifferClass *klass;
++
+ 	g_return_val_if_fail (SOUP_IS_CONTENT_SNIFFER (sniffer), 0);
+ 
+-	return SOUP_CONTENT_SNIFFER_GET_CLASS (sniffer)->get_buffer_size (sniffer);
++	klass = SOUP_CONTENT_SNIFFER_GET_CLASS (sniffer);
++	g_return_val_if_fail (klass != NULL, 0);
++
++	return klass->get_buffer_size (sniffer);
+ }
+diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
+index 2369c8a7..3996c62f 100644
+--- a/libsoup/soup-cookie-jar.c
++++ b/libsoup/soup-cookie-jar.c
+@@ -888,7 +888,12 @@ soup_cookie_jar_set_accept_policy (SoupCookieJar *jar,
+ gboolean
+ soup_cookie_jar_is_persistent (SoupCookieJar *jar)
+ {
++	SoupCookieJarClass *klass;
++
+ 	g_return_val_if_fail (SOUP_IS_COOKIE_JAR (jar), FALSE);
+ 
+-	return SOUP_COOKIE_JAR_GET_CLASS (jar)->is_persistent (jar);
++	klass = SOUP_COOKIE_JAR_GET_CLASS (jar);
++	g_return_val_if_fail (klass != NULL, FALSE);
++
++	return klass->is_persistent (jar);
+ }
 diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
-index a180c6e..abef34c 100644
+index a180c6ee..abef34cb 100644
 --- a/libsoup/soup-message-headers.c
 +++ b/libsoup/soup-message-headers.c
 @@ -1324,7 +1324,7 @@ content_type_setter (SoupMessageHeaders *hdrs, const char *value)
@@ -37,8 +524,153 @@ index a180c6e..abef34c 100644
  
  		parse_content_foo (hdrs, "Content-Type", &content_type, NULL);
  		p = strpbrk (content_type, " /");
+diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c
+index ae340b9c..42f38889 100644
+--- a/libsoup/soup-session.c
++++ b/libsoup/soup-session.c
+@@ -2175,11 +2175,15 @@ void
+ soup_session_queue_message (SoupSession *session, SoupMessage *msg,
+ 			    SoupSessionCallback callback, gpointer user_data)
+ {
++	SoupSessionClass *klass;
++
+ 	g_return_if_fail (SOUP_IS_SESSION (session));
+ 	g_return_if_fail (SOUP_IS_MESSAGE (msg));
+ 
+-	SOUP_SESSION_GET_CLASS (session)->queue_message (session, msg,
+-							 callback, user_data);
++	klass = SOUP_SESSION_GET_CLASS (session);
++	g_return_if_fail (klass != NULL);
++
++	klass->queue_message (session, msg, callback, user_data);
+ 	/* The SoupMessageQueueItem will hold a ref on @msg until it is
+ 	 * finished, so we can drop the ref adopted from the caller now.
+ 	 */
+@@ -2219,10 +2223,15 @@ soup_session_real_requeue_message (SoupSession *session, SoupMessage *msg)
+ void
+ soup_session_requeue_message (SoupSession *session, SoupMessage *msg)
+ {
++	SoupSessionClass *klass;
++
+ 	g_return_if_fail (SOUP_IS_SESSION (session));
+ 	g_return_if_fail (SOUP_IS_MESSAGE (msg));
+ 
+-	SOUP_SESSION_GET_CLASS (session)->requeue_message (session, msg);
++	klass = SOUP_SESSION_GET_CLASS (session);
++	g_return_if_fail (klass != NULL);
++
++	klass->requeue_message (session, msg);
+ }
+ 
+ static guint
+@@ -2266,10 +2275,15 @@ soup_session_real_send_message (SoupSession *session, SoupMessage *msg)
+ guint
+ soup_session_send_message (SoupSession *session, SoupMessage *msg)
+ {
++	SoupSessionClass *klass;
++
+ 	g_return_val_if_fail (SOUP_IS_SESSION (session), SOUP_STATUS_MALFORMED);
+ 	g_return_val_if_fail (SOUP_IS_MESSAGE (msg), SOUP_STATUS_MALFORMED);
+ 
+-	return SOUP_SESSION_GET_CLASS (session)->send_message (session, msg);
++	klass = SOUP_SESSION_GET_CLASS (session);
++	g_return_val_if_fail (klass != NULL, SOUP_STATUS_MALFORMED);
++
++	return klass->send_message (session, msg);
+ }
+ 
+ 
+@@ -2350,7 +2364,14 @@ soup_session_real_kick_queue (SoupSession *session)
+ void
+ soup_session_kick_queue (SoupSession *session)
+ {
+-	SOUP_SESSION_GET_CLASS (session)->kick (session);
++	SoupSessionClass *klass;
++
++	g_return_if_fail (SOUP_IS_SESSION (session));
++
++	klass = SOUP_SESSION_GET_CLASS (session);
++	g_return_if_fail (klass != NULL);
++
++	klass->kick (session);
+ }
+ 
+ /**
+@@ -2450,11 +2471,15 @@ soup_session_cancel_message (SoupSession *session, SoupMessage *msg,
+ 			     guint status_code)
+ {
+ 	SoupSessionPrivate *priv;
++	SoupSessionClass *klass;
+ 	SoupMessageQueueItem *item;
+ 
+ 	g_return_if_fail (SOUP_IS_SESSION (session));
+ 	g_return_if_fail (SOUP_IS_MESSAGE (msg));
+ 
++	klass = SOUP_SESSION_GET_CLASS (session);
++	g_return_if_fail (klass != NULL);
++
+ 	priv = soup_session_get_instance_private (session);
+ 	item = soup_message_queue_lookup (priv->queue, msg);
+ 	/* If the message is already ending, don't do anything */
+@@ -2465,7 +2490,7 @@ soup_session_cancel_message (SoupSession *session, SoupMessage *msg,
+ 		return;
+ 	}
+ 
+-	SOUP_SESSION_GET_CLASS (session)->cancel_message (session, msg, status_code);
++	klass->cancel_message (session, msg, status_code);
+ 	soup_message_queue_item_unref (item);
+ }
+ 
+@@ -2538,15 +2563,20 @@ soup_session_real_flush_queue (SoupSession *session)
+ void
+ soup_session_abort (SoupSession *session)
+ {
++	SoupSessionClass *klass;
+ 	SoupSessionPrivate *priv;
+ 	GSList *conns, *c;
+ 	GHashTableIter iter;
+ 	gpointer conn, host;
+ 
+ 	g_return_if_fail (SOUP_IS_SESSION (session));
++
++	klass = SOUP_SESSION_GET_CLASS (session);
++	g_return_if_fail (klass != NULL);
++
+ 	priv = soup_session_get_instance_private (session);
+ 
+-	SOUP_SESSION_GET_CLASS (session)->flush_queue (session);
++	klass->flush_queue (session);
+ 
+ 	/* Close all idle connections */
+ 	g_mutex_lock (&priv->conn_lock);
+diff --git a/libsoup/soup-status.h b/libsoup/soup-status.h
+index 28d481db..514dfc31 100644
+--- a/libsoup/soup-status.h
++++ b/libsoup/soup-status.h
+@@ -8,7 +8,7 @@
+ #ifndef SOUP_STATUS_H
+ #define SOUP_STATUS_H 1
+ 
+-#include <libsoup/soup-types.h>
++#include <libsoup/soup-version.h>
+ 
+ G_BEGIN_DECLS
+ 
+diff --git a/libsoup/soup-uri.c b/libsoup/soup-uri.c
+index be778d6c..74c362e9 100644
+--- a/libsoup/soup-uri.c
++++ b/libsoup/soup-uri.c
+@@ -1348,7 +1348,7 @@ soup_uri_is_http (SoupURI *uri, char **aliases)
+ 			return TRUE;
+ 	}
+ 
+-	if (!aliases[1] && !strcmp (aliases[0], "*"))
++	if (aliases[0] && !aliases[1] && !strcmp (aliases[0], "*"))
+ 		return TRUE;
+ 	else
+ 		return FALSE;
 diff --git a/libsoup/soup-xmlrpc.c b/libsoup/soup-xmlrpc.c
-index 42dcda9..2da6344 100644
+index 42dcda9c..60fb814c 100644
 --- a/libsoup/soup-xmlrpc.c
 +++ b/libsoup/soup-xmlrpc.c
 @@ -588,7 +588,7 @@ signature_get_next_complete_type (const char **signature)
@@ -46,15 +678,15 @@ index 42dcda9..2da6344 100644
  			(*signature)++;
  
 -			if ( (*signature)[0] == stack[stack_len - 1])
-+			if ( stack_len > 0 && (*signature)[0] == stack[stack_len - 1])
++			if (stack_len > 0 && (*signature)[0] == stack[stack_len - 1])
  				stack_len--;
  		} while (stack_len > 0);
  
 diff --git a/tests/test-utils.c b/tests/test-utils.c
-index 9c74206..fc58362 100644
+index 9c742060..7a21fa02 100644
 --- a/tests/test-utils.c
 +++ b/tests/test-utils.c
-@@ -676,6 +678,8 @@ soup_test_request_read_all (SoupRequest   *req,
+@@ -676,9 +676,11 @@ soup_test_request_read_all (SoupRequest   *req,
  
  	if (!SOUP_IS_SESSION_SYNC (soup_request_get_session (req)))
  		data.loop = g_main_loop_new (g_main_context_get_thread_default (), FALSE);
@@ -62,8 +694,12 @@ index 9c74206..fc58362 100644
 +		data.loop = NULL;
  
  	do {
- 		if (SOUP_IS_SESSION_SYNC (soup_request_get_session (req))) {
-@@ -691,7 +695,7 @@ soup_test_request_read_all (SoupRequest   *req,
+-		if (SOUP_IS_SESSION_SYNC (soup_request_get_session (req))) {
++		if (!data.loop) {
+ 			nread = g_input_stream_read (stream, buf, sizeof (buf),
+ 						     cancellable, error);
+ 		} else {
+@@ -691,7 +693,7 @@ soup_test_request_read_all (SoupRequest   *req,
  		}
  	} while (nread > 0);
  
diff --git a/SOURCES/crash-under-soup_socket_new.patch b/SOURCES/crash-under-soup_socket_new.patch
deleted file mode 100644
index ea511f2..0000000
--- a/SOURCES/crash-under-soup_socket_new.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-diff -up libsoup-2.56.0/libsoup/soup-session.c.crash-under-soup_socket_new libsoup-2.56.0/libsoup/soup-session.c
---- libsoup-2.56.0/libsoup/soup-session.c.crash-under-soup_socket_new	2016-09-16 17:14:27.000000000 +0200
-+++ libsoup-2.56.0/libsoup/soup-session.c	2017-11-15 17:20:52.660392432 +0100
-@@ -369,6 +369,7 @@ soup_session_finalize (GObject *object)
- 	G_OBJECT_CLASS (soup_session_parent_class)->finalize (object);
- }
- 
-+/* requires conn_lock */
- static void
- ensure_socket_props (SoupSession *session)
- {
-@@ -784,11 +785,13 @@ soup_session_set_property (GObject *obje
- 		break;
- 	}
- 
-+	g_mutex_lock (&priv->conn_lock);
- 	if (priv->socket_props && socket_props_changed) {
- 		soup_socket_properties_unref (priv->socket_props);
- 		priv->socket_props = NULL;
- 		ensure_socket_props (session);
- 	}
-+	g_mutex_unlock (&priv->conn_lock);
- }
- 
- static void
-@@ -808,7 +811,9 @@ soup_session_get_property (GObject *obje
- 		g_value_set_boxed (value, priv->proxy_uri);
- 		break;
- 	case PROP_PROXY_RESOLVER:
-+		g_mutex_lock (&priv->conn_lock);
- 		ensure_socket_props (session);
-+		g_mutex_unlock (&priv->conn_lock);
- 		g_value_set_object (value, priv->proxy_resolver);
- 		break;
- 	case PROP_MAX_CONNS:
-@@ -829,12 +834,16 @@ soup_session_get_property (GObject *obje
- 		break;
- 	case PROP_SSL_USE_SYSTEM_CA_FILE:
- 		tlsdb = g_tls_backend_get_default_database (g_tls_backend_get_default ());
-+		g_mutex_lock (&priv->conn_lock);
- 		ensure_socket_props (session);
-+		g_mutex_unlock (&priv->conn_lock);
- 		g_value_set_boolean (value, priv->tlsdb == tlsdb);
- 		g_clear_object (&tlsdb);
- 		break;
- 	case PROP_TLS_DATABASE:
-+		g_mutex_lock (&priv->conn_lock);
- 		ensure_socket_props (session);
-+		g_mutex_unlock (&priv->conn_lock);
- 		g_value_set_object (value, priv->tlsdb);
- 		break;
- 	case PROP_TLS_INTERACTION:
diff --git a/SOURCES/get-leaks.patch b/SOURCES/get-leaks.patch
deleted file mode 100644
index 67f77bd..0000000
--- a/SOURCES/get-leaks.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff -up libsoup-2.56.0/examples/get.c.get-leaks libsoup-2.56.0/examples/get.c
---- libsoup-2.56.0/examples/get.c.get-leaks	2016-09-16 17:14:27.000000000 +0200
-+++ libsoup-2.56.0/examples/get.c	2017-06-20 14:31:00.325517968 +0200
-@@ -90,6 +90,7 @@ get_url (const char *url)
- 				fclose (output_file);
- 		}
- 	}
-+	g_object_unref (msg);
- }
- 
- /* Inline class for providing a pre-configured client certificate */
-@@ -287,5 +288,7 @@ main (int argc, char **argv)
- 	if (!synchronous)
- 		g_main_loop_unref (loop);
- 
-+	g_object_unref (session);
-+
- 	return 0;
- }
diff --git a/SOURCES/libsoup-python2.patch b/SOURCES/libsoup-python2.patch
new file mode 100644
index 0000000..35a39a0
--- /dev/null
+++ b/SOURCES/libsoup-python2.patch
@@ -0,0 +1,8 @@
+--- libsoup-2.62.1/libsoup/tld-parser.py.orig	2018-04-26 19:29:27.318600263 +0200
++++ libsoup-2.62.1/libsoup/tld-parser.py	2018-04-26 19:29:39.761593669 +0200
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python3
++#!/usr/bin/env python
+ 
+ # Generate tld rules
+ # Copyright (C) 2012 Red Hat, Inc.
diff --git a/SOURCES/negotiate-connection-close.patch b/SOURCES/negotiate-connection-close.patch
deleted file mode 100644
index 0e22774..0000000
--- a/SOURCES/negotiate-connection-close.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-diff -up libsoup-2.56.0/libsoup/soup-auth-negotiate.c.negotiate-connection-close libsoup-2.56.0/libsoup/soup-auth-negotiate.c
---- libsoup-2.56.0/libsoup/soup-auth-negotiate.c.negotiate-connection-close	2017-06-20 14:38:57.074528827 +0200
-+++ libsoup-2.56.0/libsoup/soup-auth-negotiate.c	2017-06-20 14:40:02.165257249 +0200
-@@ -188,7 +188,29 @@ soup_auth_negotiate_get_connection_autho
- 	SoupNegotiateConnectionState *conn = state;
- 	char *header = NULL;
- 
--	if (conn->state == SOUP_NEGOTIATE_RECEIVED_CHALLENGE) {
-+	if (conn->state == SOUP_NEGOTIATE_NEW) {
-+		GError *err = NULL;
-+
-+		if (!check_auth_trusted_uri (auth, msg)) {
-+			conn->state = SOUP_NEGOTIATE_FAILED;
-+			return NULL;
-+		}
-+
-+		if (!soup_gss_build_response (conn, SOUP_AUTH (auth), &err)) {
-+			/* FIXME: report further upward via
-+			 * soup_message_get_error_message  */
-+			if (conn->initialized)
-+				g_warning ("gssapi step failed: %s", err ? err->message : "Unknown error");
-+			else
-+				g_warning ("gssapi init failed: %s", err ? err->message : "Unknown error");
-+			conn->state = SOUP_NEGOTIATE_FAILED;
-+			g_clear_error (&err);
-+
-+			return NULL;
-+		}
-+	}
-+
-+	if (conn->response_header) {
- 		header = conn->response_header;
- 		conn->response_header = NULL;
- 		conn->state = SOUP_NEGOTIATE_SENT_RESPONSE;
-@@ -251,7 +273,10 @@ soup_auth_negotiate_update_connection (S
- 		} else {
- 			/* FIXME: report further upward via
- 			 * soup_message_get_error_message  */
--			g_warning ("gssapi step failed: %s", err ? err->message : "Unknown error");
-+			if (conn->initialized)
-+				g_warning ("gssapi step failed: %s", err ? err->message : "Unknown error");
-+			else
-+				g_warning ("gssapi init failed: %s", err ? err->message : "Unknown error");
- 			success = FALSE;
- 		}
- 	} else if (!strncmp (header, "Negotiate ", 10)) {
diff --git a/SOURCES/negotiate-internals.patch b/SOURCES/negotiate-internals.patch
deleted file mode 100644
index 9fd6d97..0000000
--- a/SOURCES/negotiate-internals.patch
+++ /dev/null
@@ -1,205 +0,0 @@
-diff -up libsoup-2.56.0/libsoup/soup-auth-negotiate.c.negotiate-internals libsoup-2.56.0/libsoup/soup-auth-negotiate.c
---- libsoup-2.56.0/libsoup/soup-auth-negotiate.c.negotiate-internals	2016-09-16 17:14:27.000000000 +0200
-+++ libsoup-2.56.0/libsoup/soup-auth-negotiate.c	2017-06-20 14:34:42.018592998 +0200
-@@ -83,11 +83,6 @@ typedef struct {
- 
- typedef struct {
- 	gboolean is_authenticated;
--
--	gulong message_finished_signal_id;
--	gulong message_got_headers_signal_id;
--
--	SoupNegotiateConnectionState *conn_state;
- } SoupAuthNegotiatePrivate;
- 
- #define SOUP_AUTH_NEGOTIATE_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), SOUP_TYPE_AUTH_NEGOTIATE, SoupAuthNegotiatePrivate))
-@@ -108,7 +103,6 @@ static GSList *blacklisted_uris;
- static void parse_uris_from_env_variable (const gchar *env_variable, GSList **list);
- 
- static void check_server_response (SoupMessage *msg, gpointer auth);
--static void remove_server_response_handler (SoupMessage *msg, gpointer auth);
- 
- static const char spnego_OID[] = "\x2b\x06\x01\x05\x05\x02";
- static const gss_OID_desc gss_mech_spnego = { sizeof (spnego_OID) - 1, (void *) &spnego_OID };
-@@ -116,12 +110,10 @@ static const gss_OID_desc gss_mech_spneg
- static gpointer
- soup_auth_negotiate_create_connection_state (SoupConnectionAuth *auth)
- {
--	SoupAuthNegotiatePrivate *priv = SOUP_AUTH_NEGOTIATE_GET_PRIVATE (auth);
- 	SoupNegotiateConnectionState *conn;
- 
- 	conn = g_slice_new0 (SoupNegotiateConnectionState);
- 	conn->state = SOUP_NEGOTIATE_NEW;
--	priv->conn_state = conn;
- 
- 	return conn;
- }
-@@ -137,14 +129,11 @@ static void
- soup_auth_negotiate_free_connection_state (SoupConnectionAuth *auth,
- 					   gpointer state)
- {
--	SoupAuthNegotiate *negotiate = SOUP_AUTH_NEGOTIATE (auth);
--	SoupAuthNegotiatePrivate *priv = SOUP_AUTH_NEGOTIATE_GET_PRIVATE (negotiate);
- 	SoupNegotiateConnectionState *conn = state;
- 
- 	free_connection_state_data (conn);
- 
- 	g_slice_free (SoupNegotiateConnectionState, conn);
--	priv->conn_state = NULL;
- }
- 
- static GSList *
-@@ -226,7 +215,6 @@ soup_auth_negotiate_update_connection (S
- #ifdef LIBSOUP_HAVE_GSSAPI
- 	gboolean success = TRUE;
- 	SoupNegotiateConnectionState *conn = state;
--	SoupAuthNegotiatePrivate *priv = SOUP_AUTH_NEGOTIATE_GET_PRIVATE (auth);
- 	GError *err = NULL;
- 
- 	if (!check_auth_trusted_uri (auth, msg)) {
-@@ -245,24 +233,19 @@ soup_auth_negotiate_update_connection (S
- 
- 		conn->state = SOUP_NEGOTIATE_RECEIVED_CHALLENGE;
- 		if (soup_gss_build_response (conn, SOUP_AUTH (auth), &err)) {
--			/* Register the callbacks just once */
--			if (priv->message_finished_signal_id == 0) {
--				gulong id = 0;
--				id = g_signal_connect (msg,
--						       "finished",
--						       G_CALLBACK (remove_server_response_handler),
--						       auth);
--				priv->message_finished_signal_id = id;
--			}
--
--			if (priv->message_got_headers_signal_id == 0) {
--				gulong id = 0;
-+			/* Connect the signal only once per message */
-+			if (!g_object_get_data (G_OBJECT (msg), "negotiate-got-headers-connected")) {
- 				/* Wait for the 2xx response to verify server response */
--				id = g_signal_connect (msg,
-+				g_signal_connect_data (msg,
- 						       "got_headers",
- 						       G_CALLBACK (check_server_response),
--						       auth);
--				priv->message_got_headers_signal_id = id;
-+						       g_object_ref (auth),
-+						       (GClosureNotify) g_object_unref,
-+						       0);
-+				/* Mark that the signal was connected */
-+				g_object_set_data (G_OBJECT (msg),
-+						   "negotiate-got-headers-connected",
-+						   GINT_TO_POINTER (1));
- 			}
- 			goto out;
- 		} else {
-@@ -333,7 +316,11 @@ check_server_response (SoupMessage *msg,
- 	GError *err = NULL;
- 	SoupAuthNegotiate *negotiate = auth;
- 	SoupAuthNegotiatePrivate *priv = SOUP_AUTH_NEGOTIATE_GET_PRIVATE (negotiate);
--	SoupNegotiateConnectionState *conn = priv->conn_state;
-+	SoupNegotiateConnectionState *conn;
-+
-+	conn = soup_connection_auth_get_connection_state_for_message (SOUP_CONNECTION_AUTH (auth), msg);
-+	if (!conn)
-+		return;
- 
- 	if (auth != soup_message_get_auth (msg))
- 		return;
-@@ -365,19 +352,6 @@ check_server_response (SoupMessage *msg,
- 	g_clear_error (&err);
- }
- 
--static void
--remove_server_response_handler (SoupMessage *msg, gpointer auth)
--{
--	SoupAuthNegotiate *negotiate = auth;
--	SoupAuthNegotiatePrivate *priv = SOUP_AUTH_NEGOTIATE_GET_PRIVATE (negotiate);
--
--	g_signal_handler_disconnect (msg, priv->message_got_headers_signal_id);
--	priv->message_got_headers_signal_id = 0;
--
--	g_signal_handler_disconnect (msg, priv->message_finished_signal_id);
--	priv->message_finished_signal_id = 0;
--}
--
- /* Check if scheme://host:port from message matches the given URI. */
- static gint
- match_base_uri (SoupURI *list_uri, SoupURI *msg_uri)
-diff -up libsoup-2.56.0/libsoup/soup-connection-auth.c.negotiate-internals libsoup-2.56.0/libsoup/soup-connection-auth.c
---- libsoup-2.56.0/libsoup/soup-connection-auth.c.negotiate-internals	2016-02-05 16:05:33.000000000 +0100
-+++ libsoup-2.56.0/libsoup/soup-connection-auth.c	2017-06-20 14:31:00.333517935 +0200
-@@ -71,12 +71,31 @@ soup_connection_auth_finalize (GObject *
- 	G_OBJECT_CLASS (soup_connection_auth_parent_class)->finalize (object);
- }
- 
--static gpointer
--get_connection_state_for_message (SoupConnectionAuth *auth, SoupMessage *msg)
-+
-+/**
-+ * soup_connection_auth_get_connection_state_for_message:
-+ * @auth: a #SoupConnectionAuth
-+ * @msg: a #SoupMessage
-+ *
-+ * Returns an associated connection state object for the given @auth and @msg.
-+ *
-+ * This function is only useful from within implementations of SoupConnectionAuth
-+ * subclasses.
-+ *
-+ * Return value: (transfer none): the connection state
-+ *
-+ * Since: 2.56
-+ **/
-+gpointer
-+soup_connection_auth_get_connection_state_for_message (SoupConnectionAuth *auth,
-+						       SoupMessage *msg)
- {
- 	SoupConnection *conn;
- 	gpointer state;
- 
-+	g_return_val_if_fail (SOUP_IS_CONNECTION_AUTH (auth), NULL);
-+	g_return_val_if_fail (SOUP_IS_MESSAGE (msg), NULL);
-+
- 	conn = soup_message_get_connection (msg);
- 	state = g_hash_table_lookup (auth->priv->conns, conn);
- 	if (state)
-@@ -98,7 +117,7 @@ soup_connection_auth_update (SoupAuth
- 			     GHashTable  *auth_params)
- {
- 	SoupConnectionAuth *cauth = SOUP_CONNECTION_AUTH (auth);
--	gpointer conn = get_connection_state_for_message (cauth, msg);
-+	gpointer conn = soup_connection_auth_get_connection_state_for_message (cauth, msg);
- 	GHashTableIter iter;
- 	GString *auth_header;
- 	gpointer key, value;
-@@ -140,7 +159,7 @@ soup_connection_auth_get_authorization (
- 					SoupMessage *msg)
- {
- 	SoupConnectionAuth *cauth = SOUP_CONNECTION_AUTH (auth);
--	gpointer conn = get_connection_state_for_message (cauth, msg);
-+	gpointer conn = soup_connection_auth_get_connection_state_for_message (cauth, msg);
- 
- 	return SOUP_CONNECTION_AUTH_GET_CLASS (auth)->
- 		get_connection_authorization (cauth, msg, conn);
-@@ -151,7 +170,7 @@ soup_connection_auth_is_ready (SoupAuth
- 			       SoupMessage *msg)
- {
- 	SoupConnectionAuth *cauth = SOUP_CONNECTION_AUTH (auth);
--	gpointer conn = get_connection_state_for_message (cauth, msg);
-+	gpointer conn = soup_connection_auth_get_connection_state_for_message (cauth, msg);
- 
- 	return SOUP_CONNECTION_AUTH_GET_CLASS (auth)->
- 		is_connection_ready (SOUP_CONNECTION_AUTH (auth), msg, conn);
-diff -up libsoup-2.56.0/libsoup/soup-connection-auth.h.negotiate-internals libsoup-2.56.0/libsoup/soup-connection-auth.h
---- libsoup-2.56.0/libsoup/soup-connection-auth.h.negotiate-internals	2016-09-16 17:14:27.000000000 +0200
-+++ libsoup-2.56.0/libsoup/soup-connection-auth.h	2017-06-20 14:31:00.333517935 +0200
-@@ -46,6 +46,10 @@ typedef struct {
- 
- GType soup_connection_auth_get_type (void);
- 
-+SOUP_AVAILABLE_IN_2_56
-+gpointer	soup_connection_auth_get_connection_state_for_message
-+						(SoupConnectionAuth *auth,
-+						 SoupMessage *message);
- G_END_DECLS
- 
- #endif /* SOUP_CONNECTION_AUTH_H */
diff --git a/SOURCES/tcms-site-warning.patch b/SOURCES/tcms-site-warning.patch
deleted file mode 100644
index e13bd2e..0000000
--- a/SOURCES/tcms-site-warning.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-diff -up libsoup-2.56.0/libsoup/soup-auth-negotiate.c.tcms-site-warning libsoup-2.56.0/libsoup/soup-auth-negotiate.c
---- libsoup-2.56.0/libsoup/soup-auth-negotiate.c.tcms-site-warning	2017-06-20 14:41:20.593930021 +0200
-+++ libsoup-2.56.0/libsoup/soup-auth-negotiate.c	2017-06-20 14:41:20.601929988 +0200
-@@ -364,13 +364,28 @@ check_server_response (SoupMessage *msg,
- 
- 	ret = soup_gss_client_step (conn, auth_headers + 10, &err);
- 
--	priv->is_authenticated = ret == AUTH_GSS_COMPLETE;
--
--	if (ret == AUTH_GSS_CONTINUE) {
-+	switch (ret) {
-+	case AUTH_GSS_COMPLETE:
-+		priv->is_authenticated = TRUE;
-+		break;
-+	case AUTH_GSS_CONTINUE:
- 		conn->state = SOUP_NEGOTIATE_RECEIVED_CHALLENGE;
--	} else if (ret == AUTH_GSS_ERROR) {
-+		break;
-+	case AUTH_GSS_ERROR:
- 		if (err)
- 			g_warning ("%s", err->message);
-+		/* Unfortunately, so many programs (curl, Firefox, ..) ignore
-+		 * the return token that is included in the response, so it is
-+		 * possible that there are servers that send back broken stuff.
-+		 * Try to behave in the right way (pass the token to
-+		 * gss_init_sec_context()), show a warning, but don't fail
-+		 * if the server returned 200. */
-+		if (msg->status_code == SOUP_STATUS_OK)
-+			priv->is_authenticated = TRUE;
-+		else
-+			conn->state = SOUP_NEGOTIATE_FAILED;
-+		break;
-+	default:
- 		conn->state = SOUP_NEGOTIATE_FAILED;
- 	}
-  out:
diff --git a/SPECS/libsoup.spec b/SPECS/libsoup.spec
index 197b89f..5d7a20c 100644
--- a/SPECS/libsoup.spec
+++ b/SPECS/libsoup.spec
@@ -1,33 +1,20 @@
 %define glib2_version 2.38.0
 
 Name: libsoup
-Version: 2.56.0
-Release: 6%{?dist}
+Version: 2.62.2
+Release: 2%{?dist}
 Summary: Soup, an HTTP library implementation
 
 License: LGPLv2
 URL: https://wiki.gnome.org/Projects/libsoup
-Source0: https://download.gnome.org/sources/%{name}/2.56/%{name}-%{version}.tar.xz
+Source0: https://download.gnome.org/sources/%{name}/2.62/%{name}-%{version}.tar.xz
 
 Patch01: coverity-scan-issues.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1439798
-# https://bugzilla.gnome.org/show_bug.cgi?id=782939
-Patch02: get-leaks.patch
-# https://bugzilla.gnome.org/show_bug.cgi?id=782940
-Patch03: negotiate-internals.patch
-# https://bugzilla.gnome.org/show_bug.cgi?id=783780
-Patch04: negotiate-connection-close.patch
-# https://bugzilla.gnome.org/show_bug.cgi?id=783781
-Patch05: tcms-site-warning.patch
-# https://bugzilla.gnome.org/show_bug.cgi?id=785774
-# https://bugzilla.redhat.com/show_bug.cgi?id=1479281
-Patch06: chunked-decoding-buffer-overrun-CVE-2017-2885.patch
-# http://bugzilla.gnome.org/show_bug.cgi?id=788238
-# https://bugzilla.redhat.com/show_bug.cgi?id=1495552
-Patch07: auth-try-all-available.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1513355
-Patch08: crash-under-soup_socket_new.patch
+# Downstream patch to support Python 2
+Patch02: libsoup-python2.patch
+Patch03: 0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch
 
+BuildRequires: chrpath
 BuildRequires: glib2-devel >= %{glib2_version}
 BuildRequires: glib-networking
 BuildRequires: intltool
@@ -62,13 +49,8 @@ you to develop applications that use the libsoup library.
 %prep
 %setup -q
 %patch01 -p1 -b .coverity-scan-issues
-%patch02 -p1 -b .get-leaks
-%patch03 -p1 -b .negotiate-internals
-%patch04 -p1 -b .negotiate-connection-close
-%patch05 -p1 -b .tcms-site-warning
-%patch06 -p1 -b .cve-2017-2885
-%patch07 -p1 -b .auth-try-all
-%patch08 -p1 -b .crash-under-soup_socket_new
+%patch02 -p1 -b .python2
+%patch03 -p1 -b .cve-2018-12910
 
 %build
 %configure --disable-static
@@ -83,6 +65,9 @@ make %{?_smp_mflags}
 
 rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
 
+# Remove lib64 rpaths
+chrpath --delete $RPM_BUILD_ROOT%{_libdir}/*.so
+
 %find_lang libsoup
 
 %post -p /sbin/ldconfig
@@ -108,6 +93,18 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
 %{_datadir}/vala/vapi/libsoup-2.4.vapi
 
 %changelog
+* Mon Jul 09 2018 Milan Crha <mcrha@redhat.com> - 2.62.2-2
+- Backport upstream patch for CVE-2018-12910 - Crash in soup_cookie_jar.c: get_cookies() on empty hostnames
+- Resolves: #1598838
+
+* Tue May 08 2018 Kalev Lember <klember@redhat.com> - 2.62.2-1
+- Update to 2.62.2
+- Resolves: #1569734
+
+* Mon Apr 09 2018 Kalev Lember <klember@redhat.com> - 2.62.1-1
+- Update to 2.62.1
+- Resolves: #1569734
+
 * Wed Nov 15 2017 Milan Crha <mcrha@redhat.com> - 2.56.0-6
 - Fix for crash under soup_socket_new() (rh #1513355)