import grilo-0.3.6-3.el8

This commit is contained in:
CentOS Sources 2021-10-05 16:40:47 -04:00 committed by Stepan Oksanichenko
parent f4535056f4
commit d0f632ab19
2 changed files with 43 additions and 2 deletions

View File

@ -0,0 +1,33 @@
From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Mon, 21 Jun 2021 15:00:14 +0200
Subject: [PATCH 2/2] net: Fix TLS cert validation not being done for any
network call
The default SoupSessionAsync behaviour does not perform any TLS certificate
validation, unless the ssl-use-system-ca-file property is set to true.
See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
This mitigates CVE-2016-20011.
Closes: #146
---
libs/net/grl-net-wc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c
index 5a8e89f..5ff1d17 100644
--- a/libs/net/grl-net-wc.c
+++ b/libs/net/grl-net-wc.c
@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc)
wc->priv = grl_net_wc_get_instance_private (wc);
wc->priv->session = soup_session_async_new ();
+ g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
wc->priv->pending = g_queue_new ();
set_thread_context (wc);
--
2.31.1

View File

@ -3,15 +3,18 @@
Name: grilo Name: grilo
Version: 0.3.6 Version: 0.3.6
Release: 2%{?dist} Release: 3%{?dist}
Summary: Content discovery framework Summary: Content discovery framework
License: LGPLv2+ License: LGPLv2+
URL: https://wiki.gnome.org/Projects/Grilo URL: https://wiki.gnome.org/Projects/Grilo
Source0: https://download.gnome.org/sources/grilo/%{release_version}/grilo-%{version}.tar.xz Source0: https://download.gnome.org/sources/grilo/%{release_version}/grilo-%{version}.tar.xz
Patch0001: 0001-Include-file-to-build-docs-with-meson.patch Patch0001: 0001-Include-file-to-build-docs-with-meson.patch
# https://gitlab.gnome.org/GNOME/grilo/-/merge_requests/78
Patch0002: 0002-net-Fix-TLS-cert-validation-not-being-done-for-any-n.patch
BuildRequires: meson BuildRequires: meson
BuildRequires: git
BuildRequires: chrpath BuildRequires: chrpath
BuildRequires: gnome-common BuildRequires: gnome-common
BuildRequires: intltool BuildRequires: intltool
@ -45,7 +48,7 @@ This package contains the core library and elements, as well as
general and API documentation. general and API documentation.
%prep %prep
%autosetup -p1 %autosetup -p1 -S git
%build %build
%meson -Denable-gtk-doc=true %meson -Denable-gtk-doc=true
@ -97,6 +100,11 @@ rm -f $RPM_BUILD_ROOT%{_bindir}/grilo-simple-playlist
%{_datadir}/vala/ %{_datadir}/vala/
%changelog %changelog
* Wed Aug 25 2021 Bastien Nocera <bnocera@redhat.com> - 0.3.6-3
+ grilo-0.3.6-3
- Fix TLS not being validated correctly
- Resolves: rhbz#1997234
* Sat Jul 28 2018 Victor Toso <victortoso@redhat.com> - 0.3.6-2 * Sat Jul 28 2018 Victor Toso <victortoso@redhat.com> - 0.3.6-2
- Switch to meson build system - Switch to meson build system