File grilo-CVE-2021-39365.patch of Package grilo.21042

From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Mon, 21 Jun 2021 15:00:14 +0200
Subject: [PATCH] net: Fix TLS cert validation not being done for any network
 call

The default SoupSessionAsync behaviour does not perform any TLS certificate
validation, unless the ssl-use-system-ca-file property is set to true.

See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/

This mitigates CVE-2016-20011.

Closes: #146
---
 libs/net/grl-net-wc.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c
index 5a8e89f5..5ff1d177 100644
--- a/libs/net/grl-net-wc.c
+++ b/libs/net/grl-net-wc.c
@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc)
   wc->priv = grl_net_wc_get_instance_private (wc);
 
   wc->priv->session = soup_session_async_new ();
+  g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
   wc->priv->pending = g_queue_new ();
 
   set_thread_context (wc);
-- 
GitLab

openSUSE Build Service is sponsored by