3
5
Fork 0
mirror of git://git.savannah.gnu.org/guix.git synced 2023-12-14 03:33:07 +01:00
guix/gnu/packages/patches/libgda-cve-2021-39359.patch
Maxim Cournoyer dc1cf13ac5
gnu: libgda: Update to 6.0.0.
* gnu/packages/gnome.scm (libgda): Update to 6.0.0.
[source]: Delete modules and snippet field.  Apply new patches.
[build-system]: Use meson-build-system.
[native-inputs]: Remove autoconf, autoconf-archive, automake, libtool, which
and xorg-server-for-tests.
[inputs]: Add json-glib.
* gnu/packages/patches/libgda-cve-2021-39359.patch: New file.
* gnu/packages/patches/libgda-fix-build.patch: Likewise.
* gnu/packages/patches/libgda-fix-missing-initialization.patch: Likewise.
* gnu/packages/patches/libgda-skip-postgresql-tests.patch: Likewise.
* gnu/local.mk (dist_patch_DATA): Register them.
2022-09-13 02:04:38 -04:00

33 lines
1.3 KiB
Diff

From bebdffb4de586fb43fd07ac549121f4b22f6812d Mon Sep 17 00:00:00 2001
From: "Douglas R. Reno" <renodr@linuxfromscratch.org>
Date: Mon, 18 Oct 2021 13:18:01 -0500
Subject: [PATCH] Fix CVE-2021-39359 by forcing TLS certificate validation
This was done by adding "ssl-use-system-ca-file", TRUE to the options
for each soup_session_new_with_options() call that was made.
Tested on Linux From Scratch 11.0 and Debian 11.
Fixes #249
---
providers/web/gda-web-provider.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/providers/web/gda-web-provider.c b/providers/web/gda-web-provider.c
index cf8d14dc3..cc818895f 100644
--- a/providers/web/gda-web-provider.c
+++ b/providers/web/gda-web-provider.c
@@ -355,8 +355,8 @@ gda_web_provider_open_connection (GdaServerProvider *provider, GdaConnection *cn
g_rec_mutex_init (& (cdata->mutex));
cdata->server_id = NULL;
cdata->forced_closing = FALSE;
- cdata->worker_session = soup_session_new ();
- cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, NULL);
+ cdata->worker_session = soup_session_new_with_options ("ssl-use-system-ca-file", TRUE, NULL);
+ cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, "ssl-use-system-ca-file", TRUE, NULL);
if (use_ssl) {
server_url = g_string_new ("https://");
g_print ("USING SSL\n");
--
GitLab