From bebdffb4de586fb43fd07ac549121f4b22f6812d Mon Sep 17 00:00:00 2001
From: "Douglas R. Reno" <renodr@linuxfromscratch.org>
Date: Mon, 18 Oct 2021 13:18:01 -0500
Subject: [PATCH] Fix CVE-2021-39359 by forcing TLS certificate validation

This was done by adding "ssl-use-system-ca-file", TRUE to the options
for each soup_session_new_with_options() call that was made.

Tested on Linux From Scratch 11.0 and Debian 11.

Fixes #249
---
 providers/web/gda-web-provider.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/web/gda-web-provider.c b/providers/web/gda-web-provider.c
index cf8d14dc3..cc818895f 100644
--- a/providers/web/gda-web-provider.c
+++ b/providers/web/gda-web-provider.c
@@ -355,8 +355,8 @@ gda_web_provider_open_connection (GdaServerProvider *provider, GdaConnection *cn
 	g_rec_mutex_init (& (cdata->mutex));
 	cdata->server_id = NULL;
 	cdata->forced_closing = FALSE;
-	cdata->worker_session = soup_session_new ();
-	cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, NULL);
+	cdata->worker_session = soup_session_new_with_options ("ssl-use-system-ca-file", TRUE, NULL);
+	cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, "ssl-use-system-ca-file", TRUE, NULL);
 	if (use_ssl) {
 		server_url = g_string_new ("https://");
 		g_print ("USING SSL\n");
-- 
GitLab

eb2dae2ee88e369de83698b'>commit</a><a href='/guix/diff/gnu/services/pm.scm?id=40dbae7fe4de91af4eb2dae2ee88e369de83698b'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/services/pm.scm'>
<input type='hidden' name='id' value='40dbae7fe4de91af4eb2dae2ee88e369de83698b'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=40dbae7fe4de91af4eb2dae2ee88e369de83698b'>root</a>/<a href='/guix/log/gnu?id=40dbae7fe4de91af4eb2dae2ee88e369de83698b'>gnu</a>/<a href='/guix/log/gnu/services?id=40dbae7fe4de91af4eb2dae2ee88e369de83698b'>services</a>/<a href='/guix/log/gnu/services/pm.scm?id=40dbae7fe4de91af4eb2dae2ee88e369de83698b'>pm.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/services/pm.scm?id=40dbae7fe4de91af4eb2dae2ee88e369de83698b&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-05-15 20:58:03 +0100'>2024-05-15</span></td><td><a href='/guix/commit/gnu/services/pm.scm?id=d0ad4f557fc8b9d105877f2ef4de0ce12c5c9566'>gnu: services: Add power-profiles-daemon-service-type.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/pm.scm
(power-profiles-configuration): New configuration.
(power-profiles-daemon-shepherd-service): New procedure.
(power-profiles-daemon-activation): New variable.
(power-profiles-daemon-service-type): New procedure.
* doc/guix.texi (Power Management Services): Document it.

Change-Id: Ib035d993ed82eec2a43f3ba2b4c92f77e08a0fd7
Signed-off-by: Christopher Baines &lt;mail@cbaines.net&gt;
</span></span></td><td>Dariqq</td></tr>