diff options
author | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2015-12-13 18:04:45 +0100 |
---|---|---|
committer | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2015-12-13 18:04:45 +0100 |
commit | 4bab2e5816700a94e967dec612a15eed3bcc13eb (patch) | |
tree | 16af96cffced1257c0d9045b22af8a3316005ed7 /debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch | |
parent | c3164342455a7c7085a1a59b5910e936241730c8 (diff) |
CVE TEMP-0807110-881366
Diffstat (limited to 'debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch')
-rw-r--r-- | debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch b/debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch new file mode 100644 index 0000000..df24283 --- /dev/null +++ b/debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch @@ -0,0 +1,39 @@ +From ac6efab13554d1ef39eb8b86744234d72773c2da Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro <mcatanzaro@igalia.com> +Date: Fri, 4 Dec 2015 17:34:17 +0100 +Subject: [PATCH] Have all soup sessions validate TLS certificates + +Note that this commit is *not* sufficient to fix certificate verification +on its own. The port to WK2 is also required, else WebKit's soup session +will not verify certificates. + +https://bugzilla.gnome.org/show_bug.cgi?id=751709 +--- + plugins/common/RESTSupport.vala | 1 + + plugins/shotwell-publishing/FacebookPublishing.vala | 1 + + 2 files changed, 2 insertions(+) + +Index: trunk/plugins/common/RESTSupport.vala +=================================================================== +--- trunk.orig/plugins/common/RESTSupport.vala ++++ trunk/plugins/common/RESTSupport.vala +@@ -20,6 +20,7 @@ public abstract class Session { + public Session(string? endpoint_url = null) { + this.endpoint_url = endpoint_url; + soup_session = new Soup.SessionAsync(); ++ this.soup_session.ssl_use_system_ca_file = true; + } + + protected void notify_wire_message_unqueued(Soup.Message message) { +Index: trunk/plugins/shotwell-publishing/FacebookPublishing.vala +=================================================================== +--- trunk.orig/plugins/shotwell-publishing/FacebookPublishing.vala ++++ trunk/plugins/shotwell-publishing/FacebookPublishing.vala +@@ -1473,6 +1473,7 @@ internal class GraphSession { + this.soup_session.timeout = 15; + this.access_token = null; + this.current_message = null; ++ this.soup_session.ssl_use_system_ca_file = true; + } + + ~GraphSession() { |