From 2c6ea642663e2a44efc8583fae7c54b7b98f72b3 Mon Sep 17 00:00:00 2001
From: Ariadne Conill <ariadne@dereferenced.org>
Date: Mon, 7 Jun 2021 18:51:07 -0600
Subject: [PATCH] Ensure the ssl-use-system-ca-file property is set to true on
 all SoupSessions.

The default SoupSessionSync and SoupSessionAsync behaviour does not perform any
TLS certificate validation, unless the ssl-use-system-ca-file property is set
to true.

This mitigates CVE-2016-20011.
---
 src/feed-channel.c     | 2 ++
 src/feed-enclosure.c   | 4 ++++
 src/feeds-pool.c       | 1 +
 src/feeds-publisher.c  | 4 +++-
 src/feeds-subscriber.c | 4 +++-
 5 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/feed-channel.c b/src/feed-channel.c
index 19ca7b2..d2d51b9 100644
--- a/src/feed-channel.c
+++ b/src/feed-channel.c
@@ -973,6 +973,8 @@ quick_and_dirty_parse (GrssFeedChannel *channel, SoupMessage *msg, GList **save_
 static void
 init_soup_session (SoupSession *session, GrssFeedCh</td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=10aad72110e6a44255fa45281b4705ae98b26496'>refs</a><a href='/guix/log/config-daemon.ac'>log</a><a href='/guix/tree/config-daemon.ac?id=10aad72110e6a44255fa45281b4705ae98b26496'>tree</a><a href='/guix/commit/config-daemon.ac?id=10aad72110e6a44255fa45281b4705ae98b26496'>commit</a><a class='active' href='/guix/diff/config-daemon.ac?id=10aad72110e6a44255fa45281b4705ae98b26496'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/config-daemon.ac'>
<input type='hidden' name='id' value='10aad72110e6a44255fa45281b4705ae98b26496'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/diff/?id=10aad72110e6a44255fa45281b4705ae98b26496'>root</a>/<a href='/guix/diff/config-daemon.ac?id=10aad72110e6a44255fa45281b4705ae98b26496'>config-daemon.ac</a></div><div class='content'><div class='cgit-panel'><b>diff options</b><form method='get'><input type='hidden' name='id' value='10aad72110e6a44255fa45281b4705ae98b26496'/><table><tr><td colspan='2'/></tr><tr><td class='label'>context:</td><td class='ctrl'><select name='context' onchange='this.form.submit();'><option value='1'>1</option><option value='2'>2</option><option value='3' selected='selected'>3</option><option value='4'>4</option><option value='5'>5</option><option value='6'>6</option><option value='7'>7</option><option value='8'>8</option><option value='9'>9</option><option value='10'>10</option><option value='15'>15</option><option value='20'>20</option><option value='25'>25</option><option value='30'>30</option><option value='35'>35</option><option value='40'>40</option></select></td></tr><tr><td class='label'>space:</td><td class='ctrl'><select name='ignorews' onchange='this.form.submit();'><option value='0' selected='selected'>include</option><option value='1'>ignore</option></select></td></tr><tr><td class='label'>mode:</td><td class='ctrl'><select name='dt' onchange='this.form.submit();'><option value='0' selected='selected'>unified</option><option value='1'>ssdiff</option><option value='2'>stat only</option></select></td></tr><tr><td/><td class='ctrl'><noscript><input type='submit' value='reload'/></noscript></td></tr></table></form></div><div class='diffstat-header'><a href='/guix/diff/?id=10aad72110e6a44255fa45281b4705ae98b26496'>Diffstat</a> (limited to 'config-daemon.ac')</div><table summary='diffstat' class='diffsta