From bebdffb4de586fb43fd07ac549121f4b22f6812d Mon Sep 17 00:00:00 2001
From: "Douglas R. Reno" <renodr@linuxfromscratch.org>
Date: Mon, 18 Oct 2021 13:18:01 -0500
Subject: [PATCH] Fix CVE-2021-39359 by forcing TLS certificate validation

This was done by adding "ssl-use-system-ca-file", TRUE to the options
for each soup_session_new_with_options() call that was made.

Tested on Linux From Scratch 11.0 and Debian 11.

Fixes #249
---
 providers/web/gda-web-provider.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/providers/web/gda-web-provider.c b/providers/web/gda-web-provider.c
index cf8d14dc3..cc818895f 100644
--- a/providers/web/gda-web-provider.c
+++ b/providers/web/gda-web-provider.c
@@ -355,8 +355,8 @@ gda_web_provider_open_connection (GdaServerProvider *provider, GdaConnection *cn
 	g_rec_mutex_init (& (cdata->mutex));
 	cdata->server_id = NULL;
 	cdata->forced_closing = FALSE;
-	cdata->worker_session = soup_session_new ();
-	cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, NULL);
+	cdata->worker_session = soup_session_new_with_options ("ssl-use-system-ca-file", TRUE, NULL);
+	cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, "ssl-use-system-ca-file", TRUE, NULL);
 	if (use_ssl) {
 		server_url = g_string_new ("https://");
 		g_print ("USING SSL\n");
-- 
GitLab

id=48e1cbdf6ed307e8e5dbfd2e7e0731b3432d50a7'>commit</a><a href='/guix/diff/gnu/packages/debian.scm?id=48e1cbdf6ed307e8e5dbfd2e7e0731b3432d50a7'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/debian.scm'>
<input type='hidden' name='id' value='48e1cbdf6ed307e8e5dbfd2e7e0731b3432d50a7'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=48e1cbdf6ed307e8e5dbfd2e7e0731b3432d50a7'>root</a>/<a href='/guix/log/gnu?id=48e1cbdf6ed307e8e5dbfd2e7e0731b3432d50a7'>gnu</a>/<a href='/guix/log/gnu/packages?id=48e1cbdf6ed307e8e5dbfd2e7e0731b3432d50a7'>packages</a>/<a href='/guix/log/gnu/packages/debian.scm?id=48e1cbdf6ed307e8e5dbfd2e7e0731b3432d50a7'>debian.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/debian.scm?id=48e1cbdf6ed307e8e5dbfd2e7e0731b3432d50a7&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2019-06-05 09:54:49 -0700'>2019-06-05</span></td><td><a href='/guix/commit/gnu/packages/debian.scm?id=90041e9c28e71ee9736b5e9942625460f7deacd2'>gnu: debootstrap: Workaround for PATH issues.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/debian (debootstrap):
  [arguments]: Substitute PATH to include $PATH.
  [description]: Remove obsolete workaround from description.
</span></span></td><td>Vagrant Cascadian</td></tr>
<tr><td><span title='2019-06-01 18:35:36 -0700'>2019-06-01</span></td><td><a href='/guix/commit/gnu/packages/debian.scm?id=54d14302462a68a9d96360f0d88236fdc39c17a0'>gnu: debootstrap: Update to 114.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/debian (debootstrap): Update to 114.
</span></span></td><td>Vagrant Cascadian</td></tr>
<tr><td><span title='2019-06-01 17:38:48 -0700'>2019-06-01</span></td><td><a href='/guix/commit/gnu/packages/debian.scm?id=76513c949b63c675c602bc634e0738efc4f5d9ab'>gnu: debian-archive-keyring: Update to 2019.01.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/debian (debian-archive-keyring): Update to 2019.01.
</span></span></td><td>Vagrant Cascadian</td></tr>
<tr><td><span title='2018-12-01 23:34:43 +0200'>2018-12-01</span></td><td><a href='/guix/commit/gnu/packages/debian.scm?id=a0e813725ee73f3638078fb99c003e7abe92a5be'>gnu: debootstrap: Update to 1.0.111.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/debian.scm (debootstrap): Update to 1.0.111.
</span></span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2018-12-01 23:34:43 +0200'>2018-12-01</span></td><td><a href='/guix/commit/gnu/packages/debian.scm?id=7111ea0d588aca0cdd8ddd204919effa2f2d8283'>gnu: debootstrap: Update build.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/debian.scm (debootstrap)[arguments]: Update the
substitutes during the custom 'patch-source phase. Add custom
'wrap-executable phase.
[inputs]: Remove coreutils, wget. Add tzdata.
[propagated-inputs]: Remove binutils, gnupg. Move perl ...
[native-inputs]: ... to here.
[description]: Add implementation hint.
</span></span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2018-11-04 12:00:13 +0200'>2018-11-04</span></td><td><a href='/guix/commit/gnu/packages/debian.scm?id=f909e2179715ea1cf7d381810c2de5dcfedfb45e'>gnu: debian-archive-keyring: Update to 2018.1.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/debian.scm (debian-archive-keyring): Update to 2018.1.
[source]: Download from git repository.
</span></span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2018-11-04 12:00:10 +0200'>2018-11-04</span></td><td><a href='/guix/commit/gnu/packages/debian.scm?id=d4b5e4bb7377a31196b392c93b0072aed9cc969a'>gnu: debootstrap: Update to 1.0.109.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/debian.scm (debootstrap): Update to 1.0.109.
</span></span></td><td>Efraim Flashner</td></tr>

Age	Commit message (Expand)	Author
2019-06-05	gnu: debootstrap: Workaround for PATH issues....* gnu/packages/debian (debootstrap): [arguments]: Substitute PATH to include $PATH. [description]: Remove obsolete workaround from description.	Vagrant Cascadian
2019-06-01	gnu: debootstrap: Update to 114....* gnu/packages/debian (debootstrap): Update to 114.	Vagrant Cascadian
2019-06-01	gnu: debian-archive-keyring: Update to 2019.01....* gnu/packages/debian (debian-archive-keyring): Update to 2019.01.	Vagrant Cascadian
2018-12-01	gnu: debootstrap: Update to 1.0.111....* gnu/packages/debian.scm (debootstrap): Update to 1.0.111.	Efraim Flashner
2018-12-01	gnu: debootstrap: Update build....* gnu/packages/debian.scm (debootstrap)[arguments]: Update the substitutes during the custom 'patch-source phase. Add custom 'wrap-executable phase. [inputs]: Remove coreutils, wget. Add tzdata. [propagated-inputs]: Remove binutils, gnupg. Move perl ... [native-inputs]: ... to here. [description]: Add implementation hint.	Efraim Flashner
2018-11-04	gnu: debian-archive-keyring: Update to 2018.1....* gnu/packages/debian.scm (debian-archive-keyring): Update to 2018.1. [source]: Download from git repository.	Efraim Flashner
2018-11-04	gnu: debootstrap: Update to 1.0.109....* gnu/packages/debian.scm (debootstrap): Update to 1.0.109.	Efraim Flashner