From 812696045fb3782c800374fd77f43db327099202 Mon Sep 17 00:00:00 2001
From: Gwyn Ciesla <gwync@protonmail.com>
Date: Dec 22 2021 15:51:01 +0000
Subject: Patch for CVE-2021-39359.


---

diff --git a/bebdffb4de586fb43fd07ac549121f4b22f6812d.patch b/bebdffb4de586fb43fd07ac549121f4b22f6812d.patch
new file mode 100644
index 0000000..dc656d4
--- /dev/null
+++ b/bebdffb4de586fb43fd07ac549121f4b22f6812d.patch
@@ -0,0 +1,13 @@
+--- libgda-5.2.10/providers/web/gda-web-provider.c~	2020-11-08 14:23:20.000000000 -0600
++++ libgda-5.2.10/providers/web/gda-web-provider.c	2021-12-22 09:00:22.980170873 -0600
+@@ -385,8 +385,8 @@
+ 	cdata->mutex = gda_mutex_new ();
+ 	cdata->server_id = NULL;
+ 	cdata->forced_closing = FALSE;
+-	cdata->worker_session = soup_session_sync_new ();
+-	cdata->front_session = soup_session_sync_new_with_options ("max-conns-per-host", 1, NULL);
++        cdata->worker_session = soup_session_new_with_options ("ssl-use-system-ca-file", TRUE, NULL);
++        cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, "ssl-use-system-ca-file", TRUE, NULL);
+ 	if (use_ssl) {
+ 		server_url = g_string_new ("https://");
+ 		g_print ("USING SSL\n");
diff --git a/libgda.spec b/libgda.spec
index af70744..6896f4d 100644
--- a/libgda.spec
+++ b/libgda.spec
@@ -11,7 +11,7 @@
 Name:           libgda
 Epoch:          1
 Version:        5.2.10
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Library for writing gnome database programs
 
 License:        LGPLv2+
@@ -25,6 +25,7 @@ Patch2:         0002-mdb-provider-Store-filename-used-to-open-the-DB-in-o.patch
 Patch3:         0003-mdb-provider-Pass-MdbHandle-to-the-mdb_set_date_fmt-.patch
 # Upstream fix commit 9859479884fad5f39e6c37e8995e57c28b11b1b9
 Patch4:         libgda-5.2.10-mysql-bool-fix.patch
+Patch5:         bebdffb4de586fb43fd07ac549121f4b22f6812d.patch
 
 BuildRequires:    gcc
 BuildRequires:    gcc-c++
@@ -378,6 +379,9 @@ rm %{buildroot}/%{_sysconfdir}/%{name}-%{apiver}/sales_test.db
 %endif
 
 %changelog
+* Wed Dec 22 2021 Gwyn Ciesla <gwync@protonmail.com> - 1:5.2.10-4
+- Patch for CVE-2021-39359
+
 * Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1:5.2.10-3
 - Rebuilt with OpenSSL 3.0.0