From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:1008:1e59::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id cEy+DE/EfGVwSgAAkFu2QA (envelope-from ) for ; Fri, 15 Dec 2023 22:25:35 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id iFiMBk/EfGWmsgAA62LTzQ (envelope-from ) for ; Fri, 15 Dec 2023 22:25:35 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=member.fsf.org (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1702675535; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=HxgAe/Aes/3oGuSjPSZ5R7U45c65O3ij2WtBZzCx0qs=; b=h+URdF0gtqpucu5SXF1zwoYcM8tUfv6eppWcy72dfMQgMwh9o9mzSBGaIVBWvxrekjBgix kDaVeiefHMlc7Ey54v1x85LuJEaMRo1y+sSeYkSgSZBOdU3U4jmGwLHr3Pj0DfEwh9ZQMg 27iXaKtvV61IVHhbkceqnzS/Oz+Ctp784V/ERcKAwwvmPcHzE2Ww5eWVF63V9+zKTe9w0d qQYvkZn20e0uHNSwlInmCkt4fqNu28nmcjUiPUa1lVvU8hHgC23OnlcDtD0IYzB8TRos6i cp0kRvWfmR+PTLNu3AairjiGhXot3z6eZM8qFEuqu2ceKZWtsIwjQp6eac2bLQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1702675535; a=rsa-sha256; cv=none; b=l3xEfWsUihvzNct9l8F+XpZfx1Ehpb1pFG1ZFu+O611LQSfZkdSpeMQCG/R8m24WunJkRz myuaBZGwDoiSmehdvTa2Do8qJFUEBsztxsywvQlmUEtmeL6mbYa6UDYb4bte5NoYxeZ9Sd TVu0bWQfREAMTHVlxW4bEw5DDDwady0FjgKNFCE0T3VPQyGkjlgRfpac8wLJy1GGcSosfp lrzHD/GVMmyyaiJhzBOH0o6HsMH2rhDsZa5l96TYmi7058fr3e/jUhI93kq5TvlSzM9I7C +b7smu5jGQecTfzEkCbDYx3qH0SL50nR/7dcKJzRG0BPvGJVbJcgOYLsrIMLBA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=member.fsf.org (policy=none) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 87D446136A for ; Fri, 15 Dec 2023 22:25:34 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rEFg9-00065O-Jj; Fri, 15 Dec 2023 16:25:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rEFg8-00064j-8s for guix-patches@gnu.org; Fri, 15 Dec 2023 16:25:04 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rEFg6-0007gq-VL for guix-patches@gnu.org; Fri, 15 Dec 2023 16:25:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rEFg6-0006ex-Pu for guix-patches@gnu.org; Fri, 15 Dec 2023 16:25:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#67844] [PATCH 1/2] gnu: Add libgda-5. Resent-From: Alexandre Hannud Abdo Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 15 Dec 2023 21:25:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 67844 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 67844@debbugs.gnu.org X-Debbugs-Original-To: guix-patches Received: via spool by submit@debbugs.gnu.org id=B.170267547525491 (code B ref -1); Fri, 15 Dec 2023 21:25:02 +0000 Received: (at submit) by debbugs.gnu.org; 15 Dec 2023 21:24:35 +0000 Received: from localhost ([127.0.0.1]:53670 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rEFfe-0006d5-Nh for submit@debbugs.gnu.org; Fri, 15 Dec 2023 16:24:35 -0500 Received: from lists.gnu.org ([2001:470:142::17]:37722) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rEFfc-0006cr-Tx for submit@debbugs.gnu.org; Fri, 15 Dec 2023 16:24:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rEFfX-000606-H2 for guix-patches@gnu.org; Fri, 15 Dec 2023 16:24:27 -0500 Received: from mail-wm1-f54.google.com ([209.85.128.54]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rEFfV-0007b5-Hq for guix-patches@gnu.org; Fri, 15 Dec 2023 16:24:27 -0500 Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-40c2db2ee28so13473105e9.2 for ; Fri, 15 Dec 2023 13:24:25 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702675464; x=1703280264; h=content-transfer-encoding:in-reply-to:to:content-language :references:reply-to:subject:from:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=HxgAe/Aes/3oGuSjPSZ5R7U45c65O3ij2WtBZzCx0qs=; b=LM5PKSviWa0xnW4cO2niS1ZBwC2f2tvj1Zay1Crb/pCn2dsG5CYX5P74oya/TRVMPa OPv8aFIhlqH/6Llq+BXJPPjSYos/ko/UUNBaxrOzE9AxOrZ8sZwyjT4b7DZgRvtmeG2q b6ceypksQEswSqZ5kB9XDniU1ZoBBV1brk1XLIZXV2mOYU37s6OeAmGTbIvJ6ncvYSh/ R/GMPrHPol4G7O8454gjjXQ8VdaRruJDAyxNhdKyBXdKd68mkko5DPq7jBL0VVnTdmes w6L5lNAbmS58cGKPVJzVald7fbYWAtkf7FIQA6001uyQkC1W3u16Uz0OlKmmR6p5PM0e MrQg== X-Gm-Message-State: AOJu0Yz7UQuT0ABuSaR+C/Y4URec2ZeXhp3VUTZ/YpJniLiFOzV6QPXW Y2eHNh5fs+fqvBdVfBbwvxSOOg0AWoU= X-Google-Smtp-Source: AGHT+IGtAqSt/zQ9xpF9xPxFIjBS5zyF0VfK73kj9+b63hPAFhrkJETv+qhv3A+qE2ZCxmRtsANvdg== X-Received: by 2002:a05:600c:2b0e:b0:40c:337e:f059 with SMTP id y14-20020a05600c2b0e00b0040c337ef059mr6472283wme.65.1702675463822; Fri, 15 Dec 2023 13:24:23 -0800 (PST) Received: from [192.168.43.34] ([37.166.103.159]) by smtp.gmail.com with ESMTPSA id fm14-20020a05600c0c0e00b00407b93d8085sm32955771wmb.27.2023.12.15.13.24.22 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 15 Dec 2023 13:24:23 -0800 (PST) Message-ID: <327a4235-10c8-13ac-0209-9657bf3c6ead@member.fsf.org> Date: Fri, 15 Dec 2023 22:24:22 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 From: Alexandre Hannud Abdo References: <86b06d832aa97ba607220c01dad63540890d7c95.1702674710.git.abdo@member.fsf.org> Content-Language: en-US In-Reply-To: <86b06d832aa97ba607220c01dad63540890d7c95.1702674710.git.abdo@member.fsf.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=209.85.128.54; envelope-from=alehabdo@gmail.com; helo=mail-wm1-f54.google.com X-Spam_score_int: -13 X-Spam_score: -1.4 X-Spam_bar: - X-Spam_report: (-1.4 / 5.0 requ) BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Ale Abdo Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -6.06 X-Spam-Score: -6.06 X-Migadu-Queue-Id: 87D446136A X-Migadu-Scanner: mx11.migadu.com X-TUID: H2kjg15dgp0r * gnu/packages/gnome.scm (libgda-5): New variable. Bring back libgda at version 5, required by sequeler. Adapt and apply patch for cve-2021-39359. Change-Id: I152273ebe788029e596193912ed63a24f489eab6 --- gnu/packages/gnome.scm | 90 +++++++++++++++++++ .../patches/libgda-5-cve-2021-39359.patch | 33 +++++++ 2 files changed, 123 insertions(+) create mode 100644 gnu/packages/patches/libgda-5-cve-2021-39359.patch diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 69698cf4fc..5800e09ea8 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -13241,6 +13241,96 @@ (define-public libgda your data.") (license license:lgpl2.1+))) + +;; This is required for 'sequeler which has not been ported to libgda-6 yet. +(define-public libgda-5 + (package + (name "libgda") + (version "5.2.10") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://gitlab.gnome.org/GNOME/libgda.git/") + (commit (string-append "LIBGDA_" (string-replace-substring + version "." "_"))))) + (file-name (git-file-name name version)) + (sha256 + (base32 "18rg773gq9v3cdywpmrp12c5xyp97ir9yqjinccpi22sksb1kl8a")) + (modules '((guix build utils))) + (snippet + ;; Remove the bundled sqlite, but keep its header because code relies + ;; on this header variant. + '(delete-file "libgda/sqlite/sqlite-src/sqlite3.c")) + (patches (search-patches "libgda-5-cve-2021-39359.patch")))) + (build-system gnu-build-system) + (arguments + `(#:configure-flags '("--enable-system-sqlite" "--enable-vala") + ;; There's a race between check_cnc_lock and check_threaded_cnc + ;; in tests/multi-threading. + #:parallel-tests? #f + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-glade-install + (lambda _ + (substitute* "configure.ac" + (("`\\$PKG_CONFIG --variable=catalogdir gladeui-2\\.0`") + "${datadir}/glade/catalogs") + (("`\\$PKG_CONFIG --variable=pixmapdir gladeui-2\\.0`") + "${datadir}/glade/pixmaps")) + #t)) + (add-before 'check 'pre-check + (lambda* (#:key inputs #:allow-other-keys) + ;; Tests require a running X server. + (system "Xvfb :1 &") + (setenv "DISPLAY" ":1") + #t)) + (add-after 'install 'symlink-glade-module + (lambda* (#:key outputs #:allow-other-keys) + (let* ((shlib "libgda-ui-5.0.so") + (out (assoc-ref outputs "out")) + (out/lib (string-append out "/lib")) + (moduledir (string-append out/lib "/glade/modules"))) + (mkdir-p moduledir) + (symlink (string-append out/lib "/" shlib) + (string-append moduledir "/" shlib)) + #t)))))) + (propagated-inputs + (list libxml2)) ; required by libgda-5.0.pc + (inputs + (list glib + glade3 + gtk+ + libsecret + libxslt + openssl + sqlite + vala)) + (native-inputs + `(("autoconf" ,autoconf) + ("autoconf-archive" ,autoconf-archive) + ("automake" ,automake) + ("glib:bin" ,glib "bin") + ("gnome-common" ,gnome-common) + ("gobject-introspection" ,gobject-introspection) + ("gtk-doc" ,gtk-doc/stable) + ("intltool" ,intltool) + ("libtool" ,libtool) + ("pkg-config" ,pkg-config) + ("vala" ,vala) + ("which" ,which) + ("xorg-server" ,xorg-server-for-tests) + ("yelp-tools" ,yelp-tools))) + (home-page "https://gitlab.gnome.org/GNOME/libgda") + (synopsis "Uniform data access") + (description + "GNU Data Access (GDA) is an attempt to provide uniform access to +different kinds of data sources (databases, information servers, mail spools, +etc). It is a complete architecture that provides all you need to access +your data.") + (license license:lgpl2.1+))) + + (define-public gtranslator (package (name "gtranslator") diff --git a/gnu/packages/patches/libgda-5-cve-2021-39359.patch b/gnu/packages/patches/libgda-5-cve-2021-39359.patch new file mode 100644 index 0000000000..960eab7e4e --- /dev/null +++ b/gnu/packages/patches/libgda-5-cve-2021-39359.patch @@ -0,0 +1,33 @@ +From bebdffb4de586fb43fd07ac549121f4b22f6812d Mon Sep 17 00:00:00 2001 +From: "Douglas R. Reno" +Date: Mon, 18 Oct 2021 13:18:01 -0500 +Subject: [PATCH] Fix CVE-2021-39359 by forcing TLS certificate validation + +This was done by adding "ssl-use-system-ca-file", TRUE to the options +for each soup_session_new_with_options() call that was made. + +Tested on Linux From Scratch 11.0 and Debian 11. + +Fixes #249 +--- + providers/web/gda-web-provider.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/providers/web/gda-web-provider.c b/providers/web/gda-web-provider.c +index cf8d14dc3..cc818895f 100644 +--- a/providers/web/gda-web-provider.c ++++ b/providers/web/gda-web-provider.c +@@ -355,8 +355,8 @@ gda_web_provider_open_connection (GdaServerProvider *provider, GdaConnection *cn + g_rec_mutex_init (& (cdata->mutex)); + cdata->server_id = NULL; + cdata->forced_closing = FALSE; +- cdata->worker_session = soup_session_sync_new (); +- cdata->front_session = soup_session_sync_new_with_options ("max-conns-per-host", 1, NULL); ++ cdata->worker_session = soup_session_new_with_options ("ssl-use-system-ca-file", TRUE, NULL); ++ cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, "ssl-use-system-ca-file", TRUE, NULL); + if (use_ssl) { + server_url = g_string_new ("https://"); + g_print ("USING SSL\n"); +-- +GitLab + base-commit: 92f179ab20f1835933b2526bfc5d9489e3b1e226 -- 2.41.0