Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP2
grilo.21037
grilo-CVE-2021-39365.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File grilo-CVE-2021-39365.patch of Package grilo.21037
From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001 From: Bastien Nocera <hadess@hadess.net> Date: Mon, 21 Jun 2021 15:00:14 +0200 Subject: [PATCH] net: Fix TLS cert validation not being done for any network call The default SoupSessionAsync behaviour does not perform any TLS certificate validation, unless the ssl-use-system-ca-file property is set to true. See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ This mitigates CVE-2016-20011. Closes: #146 --- libs/net/grl-net-wc.c | 1 + 1 file changed, 1 insertion(+) Index: grilo-0.3.4/libs/net/grl-net-wc.c =================================================================== --- grilo-0.3.4.orig/libs/net/grl-net-wc.c +++ grilo-0.3.4/libs/net/grl-net-wc.c @@ -321,6 +321,7 @@ grl_net_wc_init (GrlNetWc *wc) wc->priv = GRL_NET_WC_GET_PRIVATE (wc); wc->priv->session = soup_session_async_new (); + g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL); wc->priv->pending = g_queue_new (); set_thread_context (wc);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor