summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexandre Rostovtsev <tetromino@gentoo.org>2012-03-15 01:24:30 +0000
committerAlexandre Rostovtsev <tetromino@gentoo.org>2012-03-15 01:24:30 +0000
commit0a7f08de72d00140d7cdc66b5a0d69b32e0a9528 (patch)
tree0a7e991b070f305c018e2ff073015a16cca15f76 /dev-libs/libgdata/files
parentUse CTARGET from the env.d file by default to better work with custom GCC_VER. (diff)
downloadhistorical-0a7f08de72d00140d7cdc66b5a0d69b32e0a9528.tar.gz
historical-0a7f08de72d00140d7cdc66b5a0d69b32e0a9528.tar.bz2
historical-0a7f08de72d00140d7cdc66b5a0d69b32e0a9528.zip
Validate SSL certificates to prevent MITM attack (bug #408245, CVE-2012-1177, thanks to Michael Harrison for reporting). Drop old.
Package-Manager: portage-2.2.0_alpha90/cvs/Linux x86_64
Diffstat (limited to 'dev-libs/libgdata/files')
-rw-r--r--dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch53
1 files changed, 53 insertions, 0 deletions
diff --git a/dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch b/dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch
new file mode 100644
index 000000000000..a018604d0545
--- /dev/null
+++ b/dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch
@@ -0,0 +1,53 @@
+From 25a2824203ad199d69432940d2f1edda5b226e9e Mon Sep 17 00:00:00 2001
+From: Philip Withnall <philip@tecnocode.co.uk>
+Date: Thu, 8 Mar 2012 00:09:08 +0000
+Subject: [PATCH] core: Validate SSL certificates for all connections
+
+This prevents MitM attacks which use spoofed SSL certificates.
+
+Closes: https://bugzilla.gnome.org/show_bug.cgi?id=671535
+
+[Alexandre Rostovtsev <tetromino@gentoo.org>: backport to 0.8.1]
+
+Conflicts:
+
+ gdata/gdata-service.c
+---
+ configure.ac | 7 +++++++
+ gdata/gdata-service.c | 2 +-
+ 2 files changed, 8 insertions(+), 1 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 449383d..ad23761 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -92,6 +92,13 @@ AC_CHECK_FUNCS([strtol])
+ AC_CHECK_FUNCS([strtoul])
+ AC_CHECK_HEADERS([sys/time.h])
+
++# System SSL CA certificates
++AC_ARG_WITH(ca-certs,
++ AS_HELP_STRING([--with-ca-certs=PATH],[location of SSL CA certificates (default: /etc/ssl/certs/ca-certificates.crt)]),
++ ca_certs="$withval",
++ ca_certs="/etc/ssl/certs/ca-certificates.crt")
++AC_DEFINE_UNQUOTED(CA_CERTS, "$ca_certs", [Where to look for SSL CA certificates])
++
+ # Internationalisation support
+ GETTEXT_PACKAGE=gdata
+ AC_DEFINE_UNQUOTED(GETTEXT_PACKAGE, ["$GETTEXT_PACKAGE"], [Define to the Gettext package name])
+diff --git a/gdata/gdata-service.c b/gdata/gdata-service.c
+index 420eec2..8d8d21c 100644
+--- a/gdata/gdata-service.c
++++ b/gdata/gdata-service.c
+@@ -273,7 +273,7 @@ static void
+ gdata_service_init (GDataService *self)
+ {
+ self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self, GDATA_TYPE_SERVICE, GDataServicePrivate);
+- self->priv->session = soup_session_sync_new ();
++ self->priv->session = soup_session_sync_new_with_options (SOUP_SESSION_SSL_CA_FILE, CA_CERTS, NULL);
+
+ #ifdef HAVE_GNOME
+ soup_session_add_feature_by_type (self->priv->session, SOUP_TYPE_GNOME_FEATURES_2_26);
+--
+1.7.8.5
+