[webkitgtk4/f21] Add patch for late certificate verification

Tue Mar 17 20:05:12 UTC 2015

commit 905a4aa857989b2159bfd95abb43a364c08e655a
Author: Michael Catanzaro <mcatanzaro at gnome.org>
Date:   Tue Mar 17 15:05:10 2015 -0500

    Add patch for late certificate verification

 ...itgtk-2.6.5-late-certificate-verification.patch | 32 ++++++++++++++++++++++
 webkitgtk4.spec                                    |  8 +++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
---

diff --git a/webkitgtk-2.6.5-late-certificate-verification.patch b/webkitgtk-2.6.5-late-certificate-verification.patch
new file mode 100644
index 0000000..6aa0437
--- /dev/null
+++ b/webkitgtk-2.6.5-late-certificate-verification.patch
@@ -0,0 +1,32 @@
+--- a/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
++++ b/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
+@@ -331,5 +331,5 @@
+ }
+ 
+-static void gotHeadersCallback(SoupMessage* message, gpointer data)
++static void tlsErrorsChangedCallback(SoupMessage* message, GParamSpec*, gpointer data)
+ {
+     ResourceHandle* handle = static_cast<ResourceHandle*>(data);
+@@ -337,8 +337,13 @@
+         return;
+ 
+-    if (handleUnignoredTLSErrors(handle, message)) {
++    if (handleUnignoredTLSErrors(handle, message))
+         handle->cancel();
+-        return;
+-    }
++}
++
++static void gotHeadersCallback(SoupMessage* message, gpointer data)
++{
++    ResourceHandle* handle = static_cast<ResourceHandle*>(data);
++    if (!handle || handle->cancelledOrClientless())
++        return;
+ 
+     ResourceHandleInternal* d = handle->getInternal();
+@@ -935,4 +940,5 @@
+         soup_message_headers_set_content_length(soupMessage->request_headers, 0);
+ 
++    g_signal_connect(d->m_soupMessage.get(), "notify::tls-errors", G_CALLBACK(tlsErrorsChangedCallback), handle);
+     g_signal_connect(d->m_soupMessage.get(), "got-headers", G_CALLBACK(gotHeadersCallback), handle);
+     g_signal_connect(d->m_soupMessage.get(), "wrote-body-data", G_CALLBACK(wroteBodyDataCallback), handle);
diff --git a/webkitgtk4.spec b/webkitgtk4.spec
index 154ce23..6d34294 100644
--- a/webkitgtk4.spec
+++ b/webkitgtk4.spec
@@ -10,7 +10,7 @@
 
 Name:           webkitgtk4
 Version:        2.6.5
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        GTK+ Web content engine library
 
 License:        LGPLv2
@@ -23,6 +23,8 @@ Patch2:         webkitgtk-2.5.90-cloop_fix.patch
 Patch3:         webkitgtk-2.5.2-commit_align.patch
 # https://bugs.webkit.org/show_bug.cgi?id=142309
 Patch4:         webkitgtk-2.6.5-ax-child-changed.patch
+# http://seclists.org/oss-sec/2015/q1/871
+Patch5:         webkitgtk-2.6.5-late-certificate-verification.patch
 
 BuildRequires:  at-spi2-core-devel
 BuildRequires:  bison
@@ -97,6 +99,7 @@ This package contains developer documentation for %{name}.
 %patch3 -p1 -b .commit_align
 %endif
 %patch4 -p1 -b .ax_child_changed
+%patch5 -p1 -b .late_certificate_verification
 
 # Remove bundled libraries
 rm -rf Source/ThirdParty/leveldb/
@@ -189,6 +192,9 @@ make %{?_smp_mflags} -C %{_target_platform}
 %{_datadir}/gtk-doc/html/webkitdomgtk-4.0/
 
 %changelog
+* Tue Mar 17 2015 Michael Catanzaro <mcatanzaro at gnome.org> - 2.6.5-3
+- Add patch for late certificate verification
+
 * Mon Mar 16 2015 Michael Catanzaro <mcatanzaro at gnome.org> - 2.6.5-2
 - Add patch for rbz#1156330
 
