all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
blob 8270db6a90f03b218ee6d29bb52e93832c58aded 1381 bytes (raw)
name: gnu/packages/patches/libgda-5-cve-2021-39359.patch 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

 
From bebdffb4de586fb43fd07ac549121f4b22f6812d Mon Sep 17 00:00:00 2001
From: "Douglas R. Reno" <renodr@linuxfromscratch.org>
Date: Mon, 18 Oct 2021 13:18:01 -0500
Subject: [PATCH] Fix CVE-2021-39359 by forcing TLS certificate validation

This was done by adding "ssl-use-system-ca-file", TRUE to the options
for each soup_session_new_with_options() call that was made.

Tested on Linux From Scratch 11.0 and Debian 11.

Fixes #249
---
 providers/web/gda-web-provider.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/web/gda-web-provider.c b/providers/web/gda-web-provider.c
index cf8d14dc3..cc818895f 100644
--- a/providers/web/gda-web-provider.c
+++ b/providers/web/gda-web-provider.c
@@ -355,8 +355,8 @@ gda_web_provider_open_connection (GdaServerProvider *provider, GdaConnection *cn
 	g_rec_mutex_init (& (cdata->mutex));
 	cdata->server_id = NULL;
 	cdata->forced_closing = FALSE;
-	cdata->worker_session = soup_session_sync_new ();
-	cdata->front_session = soup_session_sync_new_with_options ("max-conns-per-host", 1, NULL);
+	cdata->worker_session = soup_session_new_with_options ("ssl-use-system-ca-file", TRUE, NULL);
+	cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, "ssl-use-system-ca-file", TRUE, NULL);
 	if (use_ssl) {
 		server_url = g_string_new ("https://");
 		g_print ("USING SSL\n");
--
GitLab


debug log:

solving 960eab7e4e ...
found 960eab7e4e in https://yhetil.org/guix/327a4235-10c8-13ac-0209-9657bf3c6ead@member.fsf.org/ ||
	https://yhetil.org/guix/6da12961-1425-4070-aebf-6415d4f3b614@member.fsf.org/ ||
	https://yhetil.org/guix/fc981f4a-5d55-9e31-d8b5-1941df168ce0@member.fsf.org/

applying [1/1] https://yhetil.org/guix/327a4235-10c8-13ac-0209-9657bf3c6ead@member.fsf.org/
diff --git a/gnu/packages/patches/libgda-5-cve-2021-39359.patch b/gnu/packages/patches/libgda-5-cve-2021-39359.patch
new file mode 100644
index 0000000000..960eab7e4e

1:27: space before tab in indent.
 	g_rec_mutex_init (& (cdata->mutex));
1:28: space before tab in indent.
 	cdata->server_id = NULL;
1:29: space before tab in indent.
 	cdata->forced_closing = FALSE;
1:34: space before tab in indent.
 	if (use_ssl) {
1:35: space before tab in indent.
 		server_url = g_string_new ("https://");
Checking patch gnu/packages/patches/libgda-5-cve-2021-39359.patch...
Applied patch gnu/packages/patches/libgda-5-cve-2021-39359.patch cleanly.
warning: squelched 2 whitespace errors
warning: 7 lines add whitespace errors.

skipping https://yhetil.org/guix/6da12961-1425-4070-aebf-6415d4f3b614@member.fsf.org/ for 960eab7e4e
skipping https://yhetil.org/guix/fc981f4a-5d55-9e31-d8b5-1941df168ce0@member.fsf.org/ for 960eab7e4e
index at:
100644 8270db6a90f03b218ee6d29bb52e93832c58aded	gnu/packages/patches/libgda-5-cve-2021-39359.patch

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.