Bug#992971: grilo: diff for NMU version 0.3.13-1.1

Thu, 02 Sep 2021 14:24:16 -0700 

Control: tags 992971 + patch
Control: tags 992971 + pending

Hi Alberto,

I've prepared an NMU for grilo (versioned as 0.3.13-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

It is basically just a rebuild of your upload for bullseye-security to
have the fix as well in unstable/testing.

Regards,
Salvatore

diff -Nru grilo-0.3.13/debian/changelog grilo-0.3.13/debian/changelog
--- grilo-0.3.13/debian/changelog	2020-09-06 12:51:05.000000000 +0200
+++ grilo-0.3.13/debian/changelog	2021-09-02 23:05:13.000000000 +0200
@@ -1,3 +1,14 @@
+grilo (0.3.13-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+
+  [ Alberto Garcia ]
+  * fix-tls-cert-validation.patch:
+    - Fix TLS cert validation not being done for any network call
+      (Closes: #992971, CVE-2021-39365).
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Thu, 02 Sep 2021 23:05:13 +0200
+
 grilo (0.3.13-1) unstable; urgency=medium
 
   [ Alberto Garcia ]
diff -Nru grilo-0.3.13/debian/patches/fix-tls-cert-validation.patch grilo-0.3.13/debian/patches/fix-tls-cert-validation.patch
--- grilo-0.3.13/debian/patches/fix-tls-cert-validation.patch	1970-01-01 01:00:00.000000000 +0100
+++ grilo-0.3.13/debian/patches/fix-tls-cert-validation.patch	2021-08-26 23:10:58.000000000 +0200
@@ -0,0 +1,17 @@
+From: Bastien Nocera <had...@hadess.net>
+Subject: Fix TLS cert validation not being done for any network call (CVE-2021-39365)
+Bug: https://gitlab.gnome.org/GNOME/grilo/-/issues/146
+Bug-Debian: https://bugs.debian.org/992971
+Origin: https://gitlab.gnome.org/GNOME/grilo/-/commit/cd2472e506dafb1bb8ae510e34ad4797f63e263e
+Index: grilo/libs/net/grl-net-wc.c
+===================================================================
+--- grilo.orig/libs/net/grl-net-wc.c
++++ grilo/libs/net/grl-net-wc.c
+@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc)
+   wc->priv = grl_net_wc_get_instance_private (wc);
+ 
+   wc->priv->session = soup_session_async_new ();
++  g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
+   wc->priv->pending = g_queue_new ();
+ 
+   set_thread_context (wc);
diff -Nru grilo-0.3.13/debian/patches/series grilo-0.3.13/debian/patches/series
--- grilo-0.3.13/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ grilo-0.3.13/debian/patches/series	2021-08-26 23:10:58.000000000 +0200
@@ -0,0 +1 @@
+fix-tls-cert-validation.patch

Reply via email to