diff options
author | 2012-03-15 01:24:30 +0000 | |
---|---|---|
committer | 2012-03-15 01:24:30 +0000 | |
commit | 0a7f08de72d00140d7cdc66b5a0d69b32e0a9528 (patch) | |
tree | 0a7e991b070f305c018e2ff073015a16cca15f76 /dev-libs/libgdata/files | |
parent | Use CTARGET from the env.d file by default to better work with custom GCC_VER. (diff) | |
download | historical-0a7f08de72d00140d7cdc66b5a0d69b32e0a9528.tar.gz historical-0a7f08de72d00140d7cdc66b5a0d69b32e0a9528.tar.bz2 historical-0a7f08de72d00140d7cdc66b5a0d69b32e0a9528.zip |
Validate SSL certificates to prevent MITM attack (bug #408245, CVE-2012-1177, thanks to Michael Harrison for reporting). Drop old.
Package-Manager: portage-2.2.0_alpha90/cvs/Linux x86_64
Diffstat (limited to 'dev-libs/libgdata/files')
-rw-r--r-- | dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch b/dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch new file mode 100644 index 000000000000..a018604d0545 --- /dev/null +++ b/dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch @@ -0,0 +1,53 @@ +From 25a2824203ad199d69432940d2f1edda5b226e9e Mon Sep 17 00:00:00 2001 +From: Philip Withnall <philip@tecnocode.co.uk> +Date: Thu, 8 Mar 2012 00:09:08 +0000 +Subject: [PATCH] core: Validate SSL certificates for all connections + +This prevents MitM attacks which use spoofed SSL certificates. + +Closes: https://bugzilla.gnome.org/show_bug.cgi?id=671535 + +[Alexandre Rostovtsev <tetromino@gentoo.org>: backport to 0.8.1] + +Conflicts: + + gdata/gdata-service.c +--- + configure.ac | 7 +++++++ + gdata/gdata-service.c | 2 +- + 2 files changed, 8 insertions(+), 1 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 449383d..ad23761 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -92,6 +92,13 @@ AC_CHECK_FUNCS([strtol]) + AC_CHECK_FUNCS([strtoul]) + AC_CHECK_HEADERS([sys/time.h]) + ++# System SSL CA certificates ++AC_ARG_WITH(ca-certs, ++ AS_HELP_STRING([--with-ca-certs=PATH],[location of SSL CA certificates (default: /etc/ssl/certs/ca-certificates.crt)]), ++ ca_certs="$withval", ++ ca_certs="/etc/ssl/certs/ca-certificates.crt") ++AC_DEFINE_UNQUOTED(CA_CERTS, "$ca_certs", [Where to look for SSL CA certificates]) ++ + # Internationalisation support + GETTEXT_PACKAGE=gdata + AC_DEFINE_UNQUOTED(GETTEXT_PACKAGE, ["$GETTEXT_PACKAGE"], [Define to the Gettext package name]) +diff --git a/gdata/gdata-service.c b/gdata/gdata-service.c +index 420eec2..8d8d21c 100644 +--- a/gdata/gdata-service.c ++++ b/gdata/gdata-service.c +@@ -273,7 +273,7 @@ static void + gdata_service_init (GDataService *self) + { + self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self, GDATA_TYPE_SERVICE, GDataServicePrivate); +- self->priv->session = soup_session_sync_new (); ++ self->priv->session = soup_session_sync_new_with_options (SOUP_SESSION_SSL_CA_FILE, CA_CERTS, NULL); + + #ifdef HAVE_GNOME + soup_session_add_feature_by_type (self->priv->session, SOUP_TYPE_GNOME_FEATURES_2_26); +-- +1.7.8.5 + |