File grilo-CVE-2021-39365.patch of Package grilo.21037

From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Mon, 21 Jun 2021 15:00:14 +0200
Subject: [PATCH] net: Fix TLS cert validation not being done for any network
 call

The default SoupSessionAsync behaviour does not perform any TLS certificate
validation, unless the ssl-use-system-ca-file property is set to true.

See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/

This mitigates CVE-2016-20011.

Closes: #146
---
 libs/net/grl-net-wc.c | 1 +
 1 file changed, 1 insertion(+)

Index: grilo-0.3.4/libs/net/grl-net-wc.c
===================================================================
--- grilo-0.3.4.orig/libs/net/grl-net-wc.c
+++ grilo-0.3.4/libs/net/grl-net-wc.c
@@ -321,6 +321,7 @@ grl_net_wc_init (GrlNetWc *wc)
   wc->priv = GRL_NET_WC_GET_PRIVATE (wc);
 
   wc->priv->session = soup_session_async_new ();
+  g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
   wc->priv->pending = g_queue_new ();
 
   set_thread_context (wc);
openSUSE Build Service is sponsored by