From 792f03cd8c467f950dd8e56cc0b0af5d2386d217 Mon Sep 17 00:00:00 2001
From: yangcheng1203 <yangcheng87@huawei.com>
Date: Mon, 13 Sep 2021 15:16:10 +0800
Subject: [PATCH] fix CVE-2021-39365

(cherry picked from commit 0219b8db91d4cb01e6895f090130d7293303693a)
---
 backport-fix-CVE-2021-39365.patch | 32 +++++++++++++++++++++++++++++++
 grilo.spec                        | 10 +++++++++-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 backport-fix-CVE-2021-39365.patch

diff --git a/backport-fix-CVE-2021-39365.patch b/backport-fix-CVE-2021-39365.patch
new file mode 100644
index 0000000..87c331b
--- /dev/null
+++ b/backport-fix-CVE-2021-39365.patch
@@ -0,0 +1,32 @@
+From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Mon, 21 Jun 2021 15:00:14 +0200
+Subject: [PATCH] net: Fix TLS cert validation not being done for any network
+ call
+
+The default SoupSessionAsync behaviour does not perform any TLS certificate
+validation, unless the ssl-use-system-ca-file property is set to true.
+
+See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
+
+This mitigates CVE-2016-20011.
+
+Closes: #146
+---
+ libs/net/grl-net-wc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c
+index 9bd4922..1193d4b 100644
+--- a/libs/net/grl-net-wc.c
++++ b/libs/net/grl-net-wc.c
+@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc)
+   wc->priv = grl_net_wc_get_instance_private (wc);
+
+   wc->priv->session = soup_session_async_new ();
++  g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
+   wc->priv->pending = g_queue_new ();
+
+   set_thread_context (wc);
+--
+2.27.0
diff --git a/grilo.spec b/grilo.spec
index 8c510df..827be81 100644
--- a/grilo.spec
+++ b/grilo.spec
@@ -1,12 +1,14 @@
 Name:           grilo
 Version:        0.3.9
-Release:        3 
+Release:        4 
 Summary:        A framework for browsing and searching media content
 
 License:        LGPLv2+
 URL:            https://wiki.gnome.org/Projects/Grilo
 Source0:        https://github.com/grilofw/grilo/archive/%{name}-%{version}.tar.gz
 
+Patch6000:	backport-fix-CVE-2021-39365.patch
+
 BuildRequires:  chrpath glib2-devel gettext gobject-introspection-devel >= 0.9.0
 BuildRequires:  gtk-doc gtk3-devel liboauth-devel libsoup-devel libxml2-devel
 BuildRequires:  meson totem-pl-parser-devel vala >= 0.27.1 libxslt
@@ -77,6 +79,12 @@ mkdir -p %{buildroot}%{_datadir}/grilo-0.3/plugins
 %{_datadir}/gtk-doc/html/grilo/
 
 %changelog
+* Mon Sep 13 2021 yangcheng <yangcheng87@huawei.com> - 0.3.9-4
+- Type:CVE
+- CVE:CVE-2021-39365
+- SUG:NA
+- DESC:fix CVE-2021-39365
+
 * Thu Dec 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.3.9-3
 - Type:bugfix
 - Id:NA