From 4bab2e5816700a94e967dec612a15eed3bcc13eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= <debian@jff-webhosting.net>
Date: Sun, 13 Dec 2015 18:04:45 +0100
Subject: CVE TEMP-0807110-881366

---
 ...l-soup-sessions-validate-TLS-certificates.patch | 39 ++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch

(limited to 'debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch')

diff --git a/debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch b/debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch
new file mode 100644
index 0000000..df24283
--- /dev/null
+++ b/debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch
@@ -0,0 +1,39 @@
+From ac6efab13554d1ef39eb8b86744234d72773c2da Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@igalia.com>
+Date: Fri, 4 Dec 2015 17:34:17 +0100
+Subject: [PATCH] Have all soup sessions validate TLS certificates
+
+Note that this commit is *not* sufficient to fix certificate verification
+on its own. The port to WK2 is also required, else WebKit's soup session
+will not verify certificates.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=751709
+---
+ plugins/common/RESTSupport.vala                     | 1 +
+ plugins/shotwell-publishing/FacebookPublishing.vala | 1 +
+ 2 files changed, 2 insertions(+)
+
+Index: trunk/plugins/common/RESTSupport.vala
+===================================================================
+--- trunk.orig/plugins/common/RESTSupport.vala
++++ trunk/plugins/common/RESTSupport.vala
+@@ -20,6 +20,7 @@ public abstract class Session {
+     public Session(string? endpoint_url = null) {
+         this.endpoint_url = endpoint_url;
+         soup_session = new Soup.SessionAsync();
++        this.soup_session.ssl_use_system_ca_file = true;
+     }
+     
+     protected void notify_wire_message_unqueued(Soup.Message message) {
+Index: trunk/plugins/shotwell-publishing/FacebookPublishing.vala
+===================================================================
+--- trunk.orig/plugins/shotwell-publishing/FacebookPublishing.vala
++++ trunk/plugins/shotwell-publishing/FacebookPublishing.vala
+@@ -1473,6 +1473,7 @@ internal class GraphSession {
+         this.soup_session.timeout = 15;
+         this.access_token = null;
+         this.current_message = null;
++        this.soup_session.ssl_use_system_ca_file = true;
+     }
+ 
+     ~GraphSession() {
-- 
cgit v1.2.3