!4 fix CVE-2021-39365
From: @yangcheng1203 Reviewed-by: @zzm_567,@yanan-rock Signed-off-by: @yanan-rock
This commit is contained in:
openeuler-ci-bot
Gitee
commit
e0b26202e8
32
backport-fix-CVE-2021-39365.patch
Normal file
32
backport-fix-CVE-2021-39365.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Mon, 21 Jun 2021 15:00:14 +0200
|
||||
Subject: [PATCH] net: Fix TLS cert validation not being done for any network
|
||||
call
|
||||
|
||||
The default SoupSessionAsync behaviour does not perform any TLS certificate
|
||||
validation, unless the ssl-use-system-ca-file property is set to true.
|
||||
|
||||
See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
|
||||
|
||||
This mitigates CVE-2016-20011.
|
||||
|
||||
Closes: #146
|
||||
---
|
||||
libs/net/grl-net-wc.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c
|
||||
index 9bd4922..1193d4b 100644
|
||||
--- a/libs/net/grl-net-wc.c
|
||||
+++ b/libs/net/grl-net-wc.c
|
||||
@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc)
|
||||
wc->priv = grl_net_wc_get_instance_private (wc);
|
||||
|
||||
wc->priv->session = soup_session_async_new ();
|
||||
+ g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
|
||||
wc->priv->pending = g_queue_new ();
|
||||
|
||||
set_thread_context (wc);
|
||||
--
|
||||
2.27.0
|
||||
10
grilo.spec
10
grilo.spec
@ -3,13 +3,15 @@
|
||||
|
||||
Name: grilo
|
||||
Version: 0.3.13
|
||||
Release: 1
|
||||
Release: 2
|
||||
Summary: A framework for browsing and searching media content
|
||||
|
||||
License: LGPLv2+
|
||||
URL: https://wiki.gnome.org/Projects/Grilo
|
||||
Source0: https://download.gnome.org/sources/grilo/%{release_version}/grilo-%{version}.tar.xz
|
||||
|
||||
Patch6000: backport-fix-CVE-2021-39365.patch
|
||||
|
||||
BuildRequires: chrpath glib2-devel gettext gobject-introspection-devel >= 0.9.0
|
||||
BuildRequires: gtk-doc gtk3-devel liboauth-devel libsoup-devel libxml2-devel
|
||||
BuildRequires: meson totem-pl-parser-devel vala >= 0.27.1 libxslt
|
||||
@ -79,6 +81,12 @@ mkdir -p %{buildroot}%{_datadir}/grilo-%{release_version}/plugins/
|
||||
%{_datadir}/gtk-doc/html/grilo/
|
||||
|
||||
%changelog
|
||||
* Mon Sep 13 2021 yangcheng<yangcheng87@huawei.com> - 0.3.13-2
|
||||
- Type:CVE
|
||||
- CVE:CVE-2021-39365
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2021-39365
|
||||
|
||||
* Tue Feb 2 2021 jinzhimin <jinzhimin2@huawei.com> - 0.3.13-1
|
||||
- upgrade to 0.3.13
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user