fix CVE-2021-39365
This commit is contained in:
yangcheng1203
parent
781138bc57
commit
8bab0c78ca
32
backport-fix-CVE-2021-39365.patch
Normal file
32
backport-fix-CVE-2021-39365.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Bastien Nocera <hadess@hadess.net>
|
||||||
|
Date: Mon, 21 Jun 2021 15:00:14 +0200
|
||||||
|
Subject: [PATCH] net: Fix TLS cert validation not being done for any network
|
||||||
|
call
|
||||||
|
|
||||||
|
The default SoupSessionAsync behaviour does not perform any TLS certificate
|
||||||
|
validation, unless the ssl-use-system-ca-file property is set to true.
|
||||||
|
|
||||||
|
See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
|
||||||
|
|
||||||
|
This mitigates CVE-2016-20011.
|
||||||
|
|
||||||
|
Closes: #146
|
||||||
|
---
|
||||||
|
libs/net/grl-net-wc.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c
|
||||||
|
index 9bd4922..1193d4b 100644
|
||||||
|
--- a/libs/net/grl-net-wc.c
|
||||||
|
+++ b/libs/net/grl-net-wc.c
|
||||||
|
@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc)
|
||||||
|
wc->priv = grl_net_wc_get_instance_private (wc);
|
||||||
|
|
||||||
|
wc->priv->session = soup_session_async_new ();
|
||||||
|
+ g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
|
||||||
|
wc->priv->pending = g_queue_new ();
|
||||||
|
|
||||||
|
set_thread_context (wc);
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
10
grilo.spec
10
grilo.spec
@ -3,13 +3,15 @@
|
|||||||
|
|
||||||
Name: grilo
|
Name: grilo
|
||||||
Version: 0.3.13
|
Version: 0.3.13
|
||||||
Release: 1
|
Release: 2
|
||||||
Summary: A framework for browsing and searching media content
|
Summary: A framework for browsing and searching media content
|
||||||
|
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: https://wiki.gnome.org/Projects/Grilo
|
URL: https://wiki.gnome.org/Projects/Grilo
|
||||||
Source0: https://download.gnome.org/sources/grilo/%{release_version}/grilo-%{version}.tar.xz
|
Source0: https://download.gnome.org/sources/grilo/%{release_version}/grilo-%{version}.tar.xz
|
||||||
|
|
||||||
|
Patch6000: backport-fix-CVE-2021-39365.patch
|
||||||
|
|
||||||
BuildRequires: chrpath glib2-devel gettext gobject-introspection-devel >= 0.9.0
|
BuildRequires: chrpath glib2-devel gettext gobject-introspection-devel >= 0.9.0
|
||||||
BuildRequires: gtk-doc gtk3-devel liboauth-devel libsoup-devel libxml2-devel
|
BuildRequires: gtk-doc gtk3-devel liboauth-devel libsoup-devel libxml2-devel
|
||||||
BuildRequires: meson totem-pl-parser-devel vala >= 0.27.1 libxslt
|
BuildRequires: meson totem-pl-parser-devel vala >= 0.27.1 libxslt
|
||||||
@ -79,6 +81,12 @@ mkdir -p %{buildroot}%{_datadir}/grilo-%{release_version}/plugins/
|
|||||||
%{_datadir}/gtk-doc/html/grilo/
|
%{_datadir}/gtk-doc/html/grilo/
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Sep 13 2021 yangcheng<yangcheng87@huawei.com> - 0.3.13-2
|
||||||
|
- Type:CVE
|
||||||
|
- CVE:CVE-2021-39365
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:fix CVE-2021-39365
|
||||||
|
|
||||||
* Tue Feb 2 2021 jinzhimin <jinzhimin2@huawei.com> - 0.3.13-1
|
* Tue Feb 2 2021 jinzhimin <jinzhimin2@huawei.com> - 0.3.13-1
|
||||||
- upgrade to 0.3.13
|
- upgrade to 0.3.13
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user