* [bug#67636] [PATCH] gnu: Fixes for sequeler
@ 2023-12-05 2:08 Alexandre Hannud Abdo
2024-01-12 17:14 ` bug#67636: actually close all my patches Alexandre Hannud Abdo
0 siblings, 1 reply; 2+ messages in thread
From: Alexandre Hannud Abdo @ 2023-12-05 2:08 UTC (permalink / raw)
To: 67636
[-- Attachment #1.1.1: Type: text/plain, Size: 200 bytes --]
Ni! The attached patches bring back libgda at version 5 as required by sequeler, adapting a patch for a known security vulnerability, and update sequeler to use libgda-5 as well as granite-6. .~´
[-- Attachment #1.1.2: 0001-gnu-Add-libgda-5.patch --]
[-- Type: text/x-patch, Size: 6280 bytes --]
From f736ba7f1661ee3b5bbd4d66483055fa3caf9862 Mon Sep 17 00:00:00 2001
Message-ID: <f736ba7f1661ee3b5bbd4d66483055fa3caf9862.1701741917.git.abdo@member.fsf.org>
From: Ale Abdo <abdo@member.fsf.org>
Date: Tue, 5 Dec 2023 00:59:14 +0100
Subject: [PATCH 1/2] gnu: Add libgda-5.
* gnu/packages/gnome.scm (libgda-5): New variable.
Bring back libgda at version 5, required by sequeler.
Adapt and apply patch for cve-2021-39359.
Change-Id: I152273ebe788029e596193912ed63a24f489eab6
---
gnu/packages/gnome.scm | 90 +++++++++++++++++++
.../patches/libgda-5-cve-2021-39359.patch | 33 +++++++
2 files changed, 123 insertions(+)
create mode 100644 gnu/packages/patches/libgda-5-cve-2021-39359.patch
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 7364655d25..6b9f6c4d62 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -13203,6 +13203,96 @@ (define-public libgda
your data.")
(license license:lgpl2.1+)))
+
+;; This is required for 'sequeler which has not been ported to libgda-6 yet.
+(define-public libgda-5
+ (package
+ (name "libgda")
+ (version "5.2.10")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://gitlab.gnome.org/GNOME/libgda.git/")
+ (commit (string-append "LIBGDA_" (string-replace-substring
+ version "." "_")))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "18rg773gq9v3cdywpmrp12c5xyp97ir9yqjinccpi22sksb1kl8a"))
+ (modules '((guix build utils)))
+ (snippet
+ ;; Remove the bundled sqlite, but keep its header because code relies
+ ;; on this header variant.
+ '(delete-file "libgda/sqlite/sqlite-src/sqlite3.c"))
+ (patches (search-patches "libgda-5-cve-2021-39359.patch"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags '("--enable-system-sqlite" "--enable-vala")
+ ;; There's a race between check_cnc_lock and check_threaded_cnc
+ ;; in tests/multi-threading.
+ #:parallel-tests? #f
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'fix-glade-install
+ (lambda _
+ (substitute* "configure.ac"
+ (("`\\$PKG_CONFIG --variable=catalogdir gladeui-2\\.0`")
+ "${datadir}/glade/catalogs")
+ (("`\\$PKG_CONFIG --variable=pixmapdir gladeui-2\\.0`")
+ "${datadir}/glade/pixmaps"))
+ #t))
+ (add-before 'check 'pre-check
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; Tests require a running X server.
+ (system "Xvfb :1 &")
+ (setenv "DISPLAY" ":1")
+ #t))
+ (add-after 'install 'symlink-glade-module
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((shlib "libgda-ui-5.0.so")
+ (out (assoc-ref outputs "out"))
+ (out/lib (string-append out "/lib"))
+ (moduledir (string-append out/lib "/glade/modules")))
+ (mkdir-p moduledir)
+ (symlink (string-append out/lib "/" shlib)
+ (string-append moduledir "/" shlib))
+ #t))))))
+ (propagated-inputs
+ (list libxml2)) ; required by libgda-5.0.pc
+ (inputs
+ (list glib
+ glade3
+ gtk+
+ libsecret
+ libxslt
+ openssl
+ sqlite
+ vala))
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("autoconf-archive" ,autoconf-archive)
+ ("automake" ,automake)
+ ("glib:bin" ,glib "bin")
+ ("gnome-common" ,gnome-common)
+ ("gobject-introspection" ,gobject-introspection)
+ ("gtk-doc" ,gtk-doc/stable)
+ ("intltool" ,intltool)
+ ("libtool" ,libtool)
+ ("pkg-config" ,pkg-config)
+ ("vala" ,vala)
+ ("which" ,which)
+ ("xorg-server" ,xorg-server-for-tests)
+ ("yelp-tools" ,yelp-tools)))
+ (home-page "https://gitlab.gnome.org/GNOME/libgda")
+ (synopsis "Uniform data access")
+ (description
+ "GNU Data Access (GDA) is an attempt to provide uniform access to
+different kinds of data sources (databases, information servers, mail spools,
+etc). It is a complete architecture that provides all you need to access
+your data.")
+ (license license:lgpl2.1+)))
+
+
(define-public gtranslator
(package
(name "gtranslator")
diff --git a/gnu/packages/patches/libgda-5-cve-2021-39359.patch b/gnu/packages/patches/libgda-5-cve-2021-39359.patch
new file mode 100644
index 0000000000..960eab7e4e
--- /dev/null
+++ b/gnu/packages/patches/libgda-5-cve-2021-39359.patch
@@ -0,0 +1,33 @@
+From bebdffb4de586fb43fd07ac549121f4b22f6812d Mon Sep 17 00:00:00 2001
+From: "Douglas R. Reno" <renodr@linuxfromscratch.org>
+Date: Mon, 18 Oct 2021 13:18:01 -0500
+Subject: [PATCH] Fix CVE-2021-39359 by forcing TLS certificate validation
+
+This was done by adding "ssl-use-system-ca-file", TRUE to the options
+for each soup_session_new_with_options() call that was made.
+
+Tested on Linux From Scratch 11.0 and Debian 11.
+
+Fixes #249
+---
+ providers/web/gda-web-provider.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/providers/web/gda-web-provider.c b/providers/web/gda-web-provider.c
+index cf8d14dc3..cc818895f 100644
+--- a/providers/web/gda-web-provider.c
++++ b/providers/web/gda-web-provider.c
+@@ -355,8 +355,8 @@ gda_web_provider_open_connection (GdaServerProvider *provider, GdaConnection *cn
+ g_rec_mutex_init (& (cdata->mutex));
+ cdata->server_id = NULL;
+ cdata->forced_closing = FALSE;
+- cdata->worker_session = soup_session_sync_new ();
+- cdata->front_session = soup_session_sync_new_with_options ("max-conns-per-host", 1, NULL);
++ cdata->worker_session = soup_session_new_with_options ("ssl-use-system-ca-file", TRUE, NULL);
++ cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, "ssl-use-system-ca-file", TRUE, NULL);
+ if (use_ssl) {
+ server_url = g_string_new ("https://");
+ g_print ("USING SSL\n");
+--
+GitLab
+
base-commit: 3178b1a442c2f2eeeec1ff73bb852d2837b8aa3d
--
2.41.0
[-- Attachment #1.1.3: 0002-gnu-sequeler-Use-libgda-5-and-granite-6.patch --]
[-- Type: text/x-patch, Size: 2226 bytes --]
From cae86ea098d26c9a6cc6a6ac4d47e564f6a687b8 Mon Sep 17 00:00:00 2001
Message-ID: <cae86ea098d26c9a6cc6a6ac4d47e564f6a687b8.1701741917.git.abdo@member.fsf.org>
In-Reply-To: <f736ba7f1661ee3b5bbd4d66483055fa3caf9862.1701741917.git.abdo@member.fsf.org>
References: <f736ba7f1661ee3b5bbd4d66483055fa3caf9862.1701741917.git.abdo@member.fsf.org>
From: Ale Abdo <abdo@member.fsf.org>
Date: Tue, 5 Dec 2023 01:03:45 +0100
Subject: [PATCH 2/2] gnu: sequeler: Use libgda-5 and granite-6.
---
gnu/packages/databases.scm | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index f0ea100c3b..b34038ff02 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -5083,23 +5083,23 @@ (define-public sequeler
(("gtk-update-icon-cache") "true")
(("update-desktop-database") "true")))))))
(native-inputs
- `(;("appstream-glib" ,appstream-glib) ; validation fails for lack of network
- ("gettext-minimal" ,gettext-minimal)
- ("glib:bin" ,glib "bin") ; for glib-compile-resources
- ("gtk+" ,gtk+ "bin")
- ("pkg-config" ,pkg-config)
- ("vala" ,vala)))
+ (list ; appstream-glib ; validation fails for lack of network
+ gettext-minimal
+ `(,glib "bin") ; for glib-compile-resources
+ `(,gtk+ "bin")
+ pkg-config
+ vala))
(inputs
- `(("glib" ,glib)
- ("granite" ,granite)
- ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
- ("gtk+" ,gtk+)
- ("gtksourceview-3" ,gtksourceview-3)
- ("libgda" ,libgda)
- ("libgee" ,libgee)
- ("libsecret" ,libsecret)
- ("libssh2" ,libssh2)
- ("libxml2" ,libxml2)))
+ (list glib
+ granite-6
+ gsettings-desktop-schemas
+ gtk+
+ gtksourceview-3
+ libgda-5
+ libgee
+ libsecret
+ libssh2
+ libxml2))
(synopsis "Friendly SQL Client")
(description "Sequeler is a native Linux SQL client built in Vala and
Gtk. It allows you to connect to your local and remote databases, write SQL in
--
2.41.0
[-- Attachment #1.1.4: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3219 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 665 bytes --]
^ permalink raw reply related [flat|nested] 2+ messages in thread
* bug#67636: actually close all my patches
2023-12-05 2:08 [bug#67636] [PATCH] gnu: Fixes for sequeler Alexandre Hannud Abdo
@ 2024-01-12 17:14 ` Alexandre Hannud Abdo
0 siblings, 0 replies; 2+ messages in thread
From: Alexandre Hannud Abdo @ 2024-01-12 17:14 UTC (permalink / raw)
To: 67634-done, 67636-done, 67843-done, 67844-done, 67845-done,
68408-done
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-01-12 17:15 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-05 2:08 [bug#67636] [PATCH] gnu: Fixes for sequeler Alexandre Hannud Abdo
2024-01-12 17:14 ` bug#67636: actually close all my patches Alexandre Hannud Abdo
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).