From bebdffb4de586fb43fd07ac549121f4b22f6812d Mon Sep 17 00:00:00 2001
From: "Douglas R. Reno" <renodr@linuxfromscratch.org>
Date: Mon, 18 Oct 2021 13:18:01 -0500
Subject: [PATCH] Fix CVE-2021-39359 by forcing TLS certificate validation

This was done by adding "ssl-use-system-ca-file", TRUE to the options
for each soup_session_new_with_options() call that was made.

Tested on Linux From Scratch 11.0 and Debian 11.

Fixes #249
---
 providers/web/gda-web-provider.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/providers/web/gda-web-provider.c b/providers/web/gda-web-provider.c
index cf8d14dc3..cc818895f 100644
--- a/providers/web/gda-web-provider.c
+++ b/providers/web/gda-web-provider.c
@@ -355,8 +355,8 @@ gda_web_provider_open_connection (GdaServerProvider *provider, GdaConnection *cn
 	g_rec_mutex_init (& (cdata->mutex));
 	cdata->server_id = NULL;
 	cdata->forced_closing = FALSE;
-	cdata->worker_session = soup_session_new ();
-	cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, NULL);
+	cdata->worker_session = soup_session_new_with_options ("ssl-use-system-ca-file", TRUE, NULL);
+	cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, "ssl-use-system-ca-file", TRUE, NULL);
 	if (use_ssl) {
 		server_url = g_string_new ("https://");
 		g_print ("USING SSL\n");
-- 
GitLab

idity.scm?id=a1dc5ac832a106d46450961e78e7db3f83bf2bff'>commit</a><a href='/guix/diff/gnu/packages/solidity.scm?id=a1dc5ac832a106d46450961e78e7db3f83bf2bff'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/solidity.scm'>
<input type='hidden' name='id' value='a1dc5ac832a106d46450961e78e7db3f83bf2bff'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=a1dc5ac832a106d46450961e78e7db3f83bf2bff'>root</a>/<a href='/guix/log/gnu?id=a1dc5ac832a106d46450961e78e7db3f83bf2bff'>gnu</a>/<a href='/guix/log/gnu/packages?id=a1dc5ac832a106d46450961e78e7db3f83bf2bff'>packages</a>/<a href='/guix/log/gnu/packages/solidity.scm?id=a1dc5ac832a106d46450961e78e7db3f83bf2bff'>solidity.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/solidity.scm?id=a1dc5ac832a106d46450961e78e7db3f83bf2bff&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-09-08 02:00:00 +0200'>2024-09-08</span></td><td><a href='/guix/commit/gnu/packages/solidity.scm?id=26942d67b784b164485252810847407f16e1a831'>Add some missing header comment header comments.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/minetest.scm: Add the ‘GNU Guix’ header comment.
* gnu/packages/notcurses.scm: Likewise.
* gnu/packages/presentation.scm: Likewise.
* gnu/packages/solidity.scm: Likewise.
* guix/build/minetest-build-system.scm: Likewise.
* gnu/packages/vnc.scm: Add missing ‘;’.
* guix/scripts/import/crate.scm: Remove leading newline.

Change-Id: I5294e6067b9348f2929d823a07d4ec335eaa5ecd
</span></span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2024-05-06 23:16:53 +0300'>2024-05-06</span></td><td><a href='/guix/commit/gnu/packages/solidity.scm?id=5a69a52d746bb542ee70088679a9b3747182b89a'>gnu: solidity: Update to 0.8.25.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/solidity.scm (solidity): Update to 0.8.25.
[arguments]: Add configure-flag to allow an older version of z3.
[inputs]: Replace fmt-8.0 with fmt.

Change-Id: I1501d16323566c066c58c1c4bbf90dd17a23f021
</span></span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2024-05-06 23:16:53 +0300'>2024-05-06</span></td><td><a href='/guix/commit/gnu/packages/solidity.scm?id=614bd4a7772e665857d41eacfd7ff5ab2e981553'>gnu: solidity: Allow a newer version of jsoncpp.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/solidity.scm (solidity)[arguments]: Add a phase to allow
newer versions of jsoncpp.

Change-Id: I4f7b5b3685f8d784da221ccb0eea1ba297e3e0b8
</span></span></td><td>Efraim Flashner</td></tr>

Age	Commit message (Expand)	Author
2024-09-08	Add some missing header comment header comments....* gnu/packages/minetest.scm: Add the ‘GNU Guix’ header comment. * gnu/packages/notcurses.scm: Likewise. * gnu/packages/presentation.scm: Likewise. * gnu/packages/solidity.scm: Likewise. * guix/build/minetest-build-system.scm: Likewise. * gnu/packages/vnc.scm: Add missing ‘;’. * guix/scripts/import/crate.scm: Remove leading newline. Change-Id: I5294e6067b9348f2929d823a07d4ec335eaa5ecd	Tobias Geerinckx-Rice
2024-05-06	gnu: solidity: Update to 0.8.25....* gnu/packages/solidity.scm (solidity): Update to 0.8.25. [arguments]: Add configure-flag to allow an older version of z3. [inputs]: Replace fmt-8.0 with fmt. Change-Id: I1501d16323566c066c58c1c4bbf90dd17a23f021	Efraim Flashner
2024-05-06	gnu: solidity: Allow a newer version of jsoncpp....* gnu/packages/solidity.scm (solidity)[arguments]: Add a phase to allow newer versions of jsoncpp. Change-Id: I4f7b5b3685f8d784da221ccb0eea1ba297e3e0b8	Efraim Flashner