Dominique Leuenberger
b79f1af742
Fix CVE-2013-0240 OBS-URL: https://build.opensuse.org/request/show/151522 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gnome-online-accounts?expand=0&rev=35
49 lines
2.0 KiB
Diff
49 lines
2.0 KiB
Diff
From 407c4cf96519cd9801cec4bc630c6e0d451c82a3 Mon Sep 17 00:00:00 2001
|
|
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
Date: Tue, 5 Feb 2013 13:43:34 +0000
|
|
Subject: [PATCH] CVE-2013-0240: Do not allow invalid SSL certificates
|
|
|
|
None of the branded providers (eg., Google, Facebook and Windows Live)
|
|
should ever have an invalid certificate; and in this version of GOA,
|
|
that's all we have. So set "ssl-strict" on the SoupSession object
|
|
being used by GoaWebView.
|
|
---
|
|
src/goabackend/goaoauth2provider.c | 6 ++++++
|
|
src/goabackend/goaoauthprovider.c | 6 ++++++
|
|
2 files changed, 12 insertions(+)
|
|
|
|
Index: gnome-online-accounts-3.6.2/src/goabackend/goaoauth2provider.c
|
|
===================================================================
|
|
--- gnome-online-accounts-3.6.2.orig/src/goabackend/goaoauth2provider.c
|
|
+++ gnome-online-accounts-3.6.2/src/goabackend/goaoauth2provider.c
|
|
@@ -692,6 +692,12 @@ on_web_view_document_load_finished (WebK
|
|
gulong i;
|
|
|
|
session = webkit_get_default_session ();
|
|
+
|
|
+ g_object_set (session,
|
|
+ SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
|
|
+ SOUP_SESSION_SSL_STRICT, TRUE,
|
|
+ NULL);
|
|
+
|
|
cookie_jar = SOUP_COOKIE_JAR (soup_session_get_feature (session, SOUP_TYPE_COOKIE_JAR));
|
|
slist = soup_cookie_jar_all_cookies (cookie_jar);
|
|
g_slist_foreach (slist, (GFunc) check_cookie, data);
|
|
Index: gnome-online-accounts-3.6.2/src/goabackend/goaoauthprovider.c
|
|
===================================================================
|
|
--- gnome-online-accounts-3.6.2.orig/src/goabackend/goaoauthprovider.c
|
|
+++ gnome-online-accounts-3.6.2/src/goabackend/goaoauthprovider.c
|
|
@@ -725,6 +725,12 @@ on_web_view_document_load_finished (WebK
|
|
gulong i;
|
|
|
|
session = webkit_get_default_session ();
|
|
+
|
|
+ g_object_set (session,
|
|
+ SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
|
|
+ SOUP_SESSION_SSL_STRICT, TRUE,
|
|
+ NULL);
|
|
+
|
|
cookie_jar = SOUP_COOKIE_JAR (soup_session_get_feature (session, SOUP_TYPE_COOKIE_JAR));
|
|
slist = soup_cookie_jar_all_cookies (cookie_jar);
|
|
g_slist_foreach (slist, (GFunc) check_cookie, data);
|