Blame SOURCES/gfbgraph-Fix-CVE-2021-39358-by-forcing-TLS-certificate-valida.patch

eea1d6
From c294b06ec0f3a0b8e3f6292de962e048bbd7774a Mon Sep 17 00:00:00 2001
eea1d6
From: "Douglas R. Reno" <renodr@linuxfromscratch.org>
eea1d6
Date: Wed, 15 Sep 2021 17:40:00 +0000
eea1d6
Subject: [PATCH] Fix CVE-2021-39358 by forcing TLS certificate validation.
eea1d6
eea1d6
This is similar to the fix performed in other packages. See https://gitlab.gnome.org/Teams/Releng/security/-/issues/57 for more details. Note that this is my first non-documentation commit to a GNOME package, but I'm a distributor and want to see this fixed.
eea1d6
eea1d6
Tested on Linux From Scratch 11.0 and on Debian 11.
eea1d6
eea1d6
Fixes #17
eea1d6
---
eea1d6
 gfbgraph/gfbgraph-photo.c | 1 +
eea1d6
 1 file changed, 1 insertion(+)
eea1d6
eea1d6
diff --git a/gfbgraph/gfbgraph-photo.c b/gfbgraph/gfbgraph-photo.c
eea1d6
index 69eb98db2576..2ebb9aaf8db1 100644
eea1d6
--- a/gfbgraph/gfbgraph-photo.c
eea1d6
+++ b/gfbgraph/gfbgraph-photo.c
eea1d6
@@ -422,6 +422,7 @@ gfbgraph_photo_download_default_size (GFBGraphPhoto *photo, GFBGraphAuthorizer *
eea1d6
 
eea1d6
         session = soup_session_sync_new ();
eea1d6
         requester = soup_requester_new ();
eea1d6
+        g_object_set (G_OBJECT (session), "ssl-use-system-ca-file", TRUE, NULL);
eea1d6
         soup_session_add_feature (session, SOUP_SESSION_FEATURE (requester));
eea1d6
 
eea1d6
         request = soup_requester_request (requester, priv->source, error);
eea1d6
-- 
eea1d6
2.31.1
eea1d6