From 0ddb634dde56dbd7c589ce1fb7c8871fd183e1e9 Mon Sep 17 00:00:00 2001
From: "Douglas R. Reno" <renodr@linuxfromscratch.org>
Date: Wed, 15 Sep 2021 17:40:00 +0000
Subject: Fix CVE-2021-39358 by forcing TLS certificate validation

This is similar to the fix performed in other packages. See
https://gitlab.gnome.org/Teams/Releng/security/-/issues/57 for more
details.

Tested on Linux From Scratch 11.0 and on Debian 11.

Fixes #17
---
 gfbgraph/gfbgraph-photo.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gfbgraph/gfbgraph-photo.c b/gfbgraph/gfbgraph-photo.c
index af3cfb6..d865609 100644
--- a/gfbgraph/gfbgraph-photo.c
+++ b/gfbgraph/gfbgraph-photo.c
@@ -452,6 +452,7 @@ gfbgraph_photo_download_default_size (GFBGraphPhoto       *photo,
 
   session = soup_session_sync_new ();
   requester = soup_requester_new ();
+  g_object_set (G_OBJECT (session), "ssl-use-system-ca-file", TRUE, NULL);
   soup_session_add_feature (session, SOUP_SESSION_FEATURE (requester));
 
   request = soup_requester_request (requester, priv->source, error);
-- 
cgit v1.2.1