libsoup2-2.74.3-160000.4.1

- Add libsoup-CVE-2026-1760.patch: server: close the connection
  after responsing a request containing...
  (bsc#1257597, CVE-2026-1760, glgo#GNOME/libsoup#475).
- Add libsoup-CVE-2026-1467.patch: uri-utils: do host validation
  when checking if a GUri is valid
  (bsc#1257398, CVE-2026-1467, glgo#GNOME/libsoup#488).
- Add libsoup-CVE-2026-1539.patch: Also remove Proxy-Authorization
  header on cross origin redirect
  (bsc#1257441, CVE-2026-1539, glgo#GNOME/libsoup#489).

- Add libsoup2-CVE-2026-2708.patch: do not allow adding multiple
  content length values to headers (bsc#1258508 CVE-2026-2708
  glgo#GNOME/libsoup#500).

- Add more CVE fixes:
  + libsoup2-CVE-2025-32049.patch (bsc#1240751 CVE-2025-32049
    glgo#GNOME/libsoup#390)
  + libsoup2-CVE-2026-2443.patch (bsc#1258170 CVE-2026-2443
    glgo#GNOME/libsoup#487)
  + libsoup2-CVE-2026-2369.patch (bsc#1258120 CVE-2026-2369
    glgo#GNOME/libsoup!508)

- Add libsoup2-CVE-2025-4476.patch: fix crash in
  soup_auth_digest_get_protection_space (bsc#1243422
  CVE-2025-4476 glgo#GNOME/libsoup#440).

- Add libsoup2-CVE-2026-0716.patch: Fix out-of-bounds read for
  websocket (bsc#1256418, CVE-2026-0716, glgo#GNOME/libsoup!494).

- Add libsoup2-CVE-2026-0719.patch: Fix overflow for password
  md4sum (bsc#1256399, CVE-2026-0719, glgo#GNOME/libsoup!493).

- Add libsoup2-CVE-2025-14523.patch: Reject duplicated Host in
  headers (bsc#1254876, CVE-2025-14523, glgo#GNOME/libsoup!491).

- Add libsoup2-CVE-2026-1761.patch: multipart: check length of bytes
  read soup_filter_input_stream_read_until()
  (bsc#1257598, CVE-2026-1761, glgo#GNOME/libsoup!496).
- Refresh ef6c4bf6.patch, 04df03bc.patch, 29b96fab.patch,
  48b3b611.patch, 4d12c3e5.patch, 96c22b67.patch and ced3c5d8.patch
  from upstream git.

- Add libsoup-CVE-2025-4945.patch: add value checks for date/time
  parsing (boo#1243314 CVE-2025-4945).

- Add more CVE fixes:
  + libsoup-CVE-2025-32913.patch (boo#1241162 boo#1241238
    CVE-2025-32913 CVE-2025-32911)
  + libsoup-CVE-2025-32910.patch (boo#1241252 CVE-2025-32910)
  + libsoup-CVE-2025-32906.patch (boo#1241263 CVE-2025-32906)
  + libsoup-CVE-2025-32912.patch (boo#1241214 CVE-2025-32912)
  + libsoup-CVE-2025-32909.patch (boo#1241226 CVE-2025-32909)
  + libsoup-CVE-2025-4948.patch (boo#1243332 CVE-2025-4948)
  + libsoup-CVE-2025-4969.patch (boo#1243423 CVE-2025-4969)

- Add more CVE fixes:
  + c9083869.patch (boo#1241686 CVE-2025-46420)
  + libsoup-CVE-2025-32914.patch (boo#1241164 CVE-2025-32914)
  + libsoup-CVE-2025-32907.patch (boo#1241222 CVE-2025-32907)
  + libsoup-CVE-2025-46421.patch (boo#1241688 CVE-2025-46421)

- Add more CVE fixes:
  + ef6c4bf6.patch (boo#1240750 CVE-2025-2784)
  + 96c22b67.patch (boo#1240750 CVE-2025-2784)
  + 19124679.patch (boo#1240752 CVE-2025-32050)
  + a5b86bfc.patch (boo#1240756 CVE-2025-32052)
  + 5739a090.patch (boo#1240757 CVE-2025-32053)

- Increase test timeout for all arches except x86_64 and run tests
  again should they fail the first time, the testsuite is flaky.

- Increase test timeout on s390x. The http2-body-stream test can be
  slow and sometimes times out in our builds.

- Add 4c9e75c6.patch: fix an intermittent test failure
  (glgo#GNOME/libsoup#399).

- Add 04df03bc.patch: strictly don't allow NUL bytes in headers
  (boo#1233285 CVE-2024-52530 glgo#GNOME/libsoup#377).
- Add libsoup-CVE-2024-52532.patch: websocket: Process the frame as
  soon as we read data (boo#1233287 CVE-2024-52532).
- Add 29b96fab.patch: websocket-test: disconnect error copy after
  the test ends (glgo#GNOME/libsoup#391).
- Add a35222dd.patch: be more robust against invalid input when
  parsing params (boo#1233292 CVE-2024-52531
  glgo#GNOME/libsoup!407).

- Add ced3c5d8.patch: Fix build with libxml2-2.12.0 and clang-17.

- Add upstream bug fixes:
  + 4d12c3e5.patch: lib: Add g_task_set_source_tag() everywhere
  + 48b3b611.patch: lib: Add names to various GSources
- Drop no longer valid translation-update-upstream BuildRequires
  and macro.
- Use ldconfig_scriptlets macro for post(un) handling.