From 8bab0c78ca3772fd7bffc43aa380d1e979736fe3 Mon Sep 17 00:00:00 2001
From: yangcheng1203 <yangcheng87@huawei.com>
Date: Mon, 13 Sep 2021 11:33:40 +0800
Subject: [PATCH] fix CVE-2021-39365

---
 backport-fix-CVE-2021-39365.patch | 32 +++++++++++++++++++++++++++++++
 grilo.spec                        | 10 +++++++++-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 backport-fix-CVE-2021-39365.patch

diff --git a/backport-fix-CVE-2021-39365.patch b/backport-fix-CVE-2021-39365.patch
new file mode 100644
index 0000000..87c331b
--- /dev/null
+++ b/backport-fix-CVE-2021-39365.patch
@@ -0,0 +1,32 @@
+From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Mon, 21 Jun 2021 15:00:14 +0200
+Subject: [PATCH] net: Fix TLS cert validation not being done for any network
+ call
+
+The default SoupSessionAsync behaviour does not perform any TLS certificate
+validation, unless the ssl-use-system-ca-file property is set to true.
+
+See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
+
+This mitigates CVE-2016-20011.
+
+Closes: #146
+---
+ libs/net/grl-net-wc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c
+index 9bd4922..1193d4b 100644
+--- a/libs/net/grl-net-wc.c
++++ b/libs/net/grl-net-wc.c
+@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc)
+   wc->priv = grl_net_wc_get_instance_private (wc);
+
+   wc->priv->session = soup_session_async_new ();
++  g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
+   wc->priv->pending = g_queue_new ();
+
+   set_thread_context (wc);
+--
+2.27.0
diff --git a/grilo.spec b/grilo.spec
index 09fe1da..16681c3 100644
--- a/grilo.spec
+++ b/grilo.spec
@@ -3,13 +3,15 @@
 
 Name:           grilo
 Version:        0.3.13
-Release:        1
+Release:        2
 Summary:        A framework for browsing and searching media content
 
 License:        LGPLv2+
 URL:            https://wiki.gnome.org/Projects/Grilo
 Source0:        https://download.gnome.org/sources/grilo/%{release_version}/grilo-%{version}.tar.xz
 
+Patch6000:	backport-fix-CVE-2021-39365.patch
+
 BuildRequires:  chrpath glib2-devel gettext gobject-introspection-devel >= 0.9.0
 BuildRequires:  gtk-doc gtk3-devel liboauth-devel libsoup-devel libxml2-devel
 BuildRequires:  meson totem-pl-parser-devel vala >= 0.27.1 libxslt
@@ -79,6 +81,12 @@ mkdir -p %{buildroot}%{_datadir}/grilo-%{release_version}/plugins/
 %{_datadir}/gtk-doc/html/grilo/
 
 %changelog
+* Mon Sep 13 2021 yangcheng<yangcheng87@huawei.com> - 0.3.13-2
+- Type:CVE
+- CVE:CVE-2021-39365
+- SUG:NA
+- DESC:fix CVE-2021-39365
+
 * Tue Feb 2 2021 jinzhimin <jinzhimin2@huawei.com> - 0.3.13-1
 - upgrade to 0.3.13