packages/gfbgraph
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!11 [sync] PR-4: fix CVE-2021-39358

Browse Source 
From: @openeuler-sync-bot
Reviewed-by: @dwl301
Signed-off-by: @dwl301
This commit is contained in:
openeuler-ci-bot 2021-11-16 05:32:16 +00:00 committed by Gitee
commit 94cce8b9e6
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
CVE-2021-39358.patch Normal file
View File

@ -0,0 +1,33 @@
From a7d3d5cbf64647c1ed8978b2a33a3be35f888129 Mon Sep 17 00:00:00 2001
From: "Douglas R. Reno" <renodr@linuxfromscratch.org>
Date: Wed, 15 Sep 2021 17:40:00 +0000
Subject: [PATCH] Fix CVE-2021-39358 by forcing TLS certificate
validation
This is similar to the fix performed in other packages. See
https://gitlab.gnome.org/Teams/Releng/security/-/issues/57 for more
details.
Tested on Linux From Scratch 11.0 and on Debian 11.
Fixes #17
---
gfbgraph/gfbgraph-photo.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gfbgraph/gfbgraph-photo.c b/gfbgraph/gfbgraph-photo.c
index 1e8955c..f6281a6 100644
--- a/gfbgraph/gfbgraph-photo.c
+++ b/gfbgraph/gfbgraph-photo.c
@@ -424,6 +424,7 @@ gfbgraph_photo_download_default_size (GFBGraphPhoto *photo, GFBGraphAuthorizer *
session = soup_session_sync_new ();
requester = soup_requester_new ();
+ g_object_set (G_OBJECT (session), "ssl-use-system-ca-file", TRUE, NULL);
soup_session_add_feature (session, SOUP_SESSION_FEATURE (requester));
request = soup_requester_request (requester, priv->source, error);
--
2.27.0

7
gfbgraph.spec
View File

@ -1,10 +1,11 @@
Name: gfbgraph Name: gfbgraph
Version: 0.2.4 Version: 0.2.4
Release: 1 Release: 2
Summary: GLib/GObject wrapper for the Facebook Graph API Summary: GLib/GObject wrapper for the Facebook Graph API
License: LGPLv2+ License: LGPLv2+
URL: https://wiki.gnome.org/Projects/GFBGraph URL: https://wiki.gnome.org/Projects/GFBGraph
Source0: https://download.gnome.org/sources/gfbgraph/0.2/gfbgraph-%{version}.tar.xz Source0: https://download.gnome.org/sources/gfbgraph/0.2/gfbgraph-%{version}.tar.xz
Patch0: CVE-2021-39358.patch
BuildRequires: pkgconfig(gio-2.0) pkgconfig(glib-2.0) pkgconfig(gobject-2.0) BuildRequires: pkgconfig(gio-2.0) pkgconfig(glib-2.0) pkgconfig(gobject-2.0)
BuildRequires: pkgconfig(goa-1.0) gobject-introspection-devel gtk-doc pkgconfig(json-glib-1.0) BuildRequires: pkgconfig(goa-1.0) gobject-introspection-devel gtk-doc pkgconfig(json-glib-1.0)
BuildRequires: pkgconfig(libsoup-2.4) pkgconfig(rest-0.7) BuildRequires: pkgconfig(libsoup-2.4) pkgconfig(rest-0.7)
@ -22,6 +23,7 @@ developing applications that use gfbgraph.
%prep %prep
%setup -q %setup -q
%patch0 -p1
%build %build
sh autogen.sh sh autogen.sh
@ -60,6 +62,9 @@ rm -rf $RPM_BUILD_ROOT%{_prefix}/doc
%{_includedir}/gfbgraph-0.2/gfbgraph %{_includedir}/gfbgraph-0.2/gfbgraph
%changelog %changelog
* Mon Nov 15 2021 liwu <liwu13@huawei.com> - 0.2.4-2
- Fix CVE-2021-39358
* Thu Jun 17 2021 weijin deng <weijin.deng@turbolinux.com.cn> - 0.2.4-1 * Thu Jun 17 2021 weijin deng <weijin.deng@turbolinux.com.cn> - 0.2.4-1
- Upgrade to 0.2.4 - Upgrade to 0.2.4