summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexandre Rostovtsev <tetromino@gentoo.org>2012-03-15 01:24:30 +0000
committerAlexandre Rostovtsev <tetromino@gentoo.org>2012-03-15 01:24:30 +0000
commit0a7f08de72d00140d7cdc66b5a0d69b32e0a9528 (patch)
tree0a7e991b070f305c018e2ff073015a16cca15f76 /dev-libs/libgdata
parentUse CTARGET from the env.d file by default to better work with custom GCC_VER. (diff)
downloadhistorical-0a7f08de72d00140d7cdc66b5a0d69b32e0a9528.tar.gz
historical-0a7f08de72d00140d7cdc66b5a0d69b32e0a9528.tar.bz2
historical-0a7f08de72d00140d7cdc66b5a0d69b32e0a9528.zip
Validate SSL certificates to prevent MITM attack (bug #408245, CVE-2012-1177, thanks to Michael Harrison for reporting). Drop old.
Package-Manager: portage-2.2.0_alpha90/cvs/Linux x86_64
Diffstat (limited to 'dev-libs/libgdata')
-rw-r--r--dev-libs/libgdata/ChangeLog12
-rw-r--r--dev-libs/libgdata/Manifest20
-rw-r--r--dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch53
-rw-r--r--dev-libs/libgdata/libgdata-0.10.2.ebuild (renamed from dev-libs/libgdata/libgdata-0.10.0.ebuild)6
-rw-r--r--dev-libs/libgdata/libgdata-0.8.1-r2.ebuild (renamed from dev-libs/libgdata/libgdata-0.8.0.ebuild)22
5 files changed, 101 insertions, 12 deletions
diff --git a/dev-libs/libgdata/ChangeLog b/dev-libs/libgdata/ChangeLog
index a167e0a7d541..03324c3420d4 100644
--- a/dev-libs/libgdata/ChangeLog
+++ b/dev-libs/libgdata/ChangeLog
@@ -1,6 +1,16 @@
# ChangeLog for dev-libs/libgdata
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/libgdata/ChangeLog,v 1.43 2012/03/05 21:59:51 ranger Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/libgdata/ChangeLog,v 1.44 2012/03/15 01:24:29 tetromino Exp $
+
+*libgdata-0.10.2 (15 Mar 2012)
+*libgdata-0.8.1-r2 (15 Mar 2012)
+
+ 15 Mar 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
+ -libgdata-0.8.0.ebuild, +libgdata-0.8.1-r2.ebuild,
+ +files/libgdata-0.8.1-validate-ssl.patch, -libgdata-0.10.0.ebuild,
+ +libgdata-0.10.2.ebuild:
+ Validate SSL certificates to prevent MITM attack (bug #408245, CVE-2012-1177,
+ thanks to Michael Harrison for reporting). Drop old.
05 Mar 2012; Brent Baude <ranger@gentoo.org> libgdata-0.8.1-r1.ebuild:
Marking libgdata-0.8.1-r1 ppc stable for bug 393007
diff --git a/dev-libs/libgdata/Manifest b/dev-libs/libgdata/Manifest
index d34332aea2c7..6817e71fc681 100644
--- a/dev-libs/libgdata/Manifest
+++ b/dev-libs/libgdata/Manifest
@@ -1,13 +1,23 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
AUX libgdata-0.8.1-empty-names.patch 5173 RMD160 9acdbca20a3f7f146a372826c710362f624723bb SHA1 45e94481032149d95f17a0fbe44226e21fe9a71b SHA256 c7f1f7d380775e7b7e8756f58fb221bb04aec77de4e95b3b9f5f70bb7e0d7add
AUX libgdata-0.8.1-gdata-symbols.patch 1060 RMD160 35397d13d19b35ea7a706dcc2a18284544ad9f97 SHA1 d2f9997c672d21fe9ac7553c05e8f07f378e1d09 SHA256 ffdcf7b030eb2a620ef04b410d4f82dd40cb1dbbaf712378757163d70d6f1b34
-DIST libgdata-0.10.0.tar.xz 1126664 RMD160 6d88a72b469e9d4969334d4531cc0f582d6eb48f SHA1 49c8f23c2689068b20ddc6b8e02f3888adb644bb SHA256 af4805304763b93058773bbfdb06925189159196066207f275cb34b1b5c552ec
+AUX libgdata-0.8.1-validate-ssl.patch 1896 RMD160 32372d452399090b172031da23cba81763fd27cb SHA1 64ece4d4eb329d7cc93caabd3da0d7bc96be4ad5 SHA256 f4c082641d86aedaf287853dc3200d63c8d9138f7c6df9c3ad49809f66f5da14
DIST libgdata-0.10.1.tar.xz 1131224 RMD160 c2762edb71b3ddc0c83a0e748eb057f66c702800 SHA1 5e42e3c03ed4f1decd0eadd4f57c7cdd66d6f109 SHA256 d7f27b1019905792246336599cadc7470b362806ed5e2c038a9f7c0da257f6ef
-DIST libgdata-0.8.0.tar.bz2 1240410 RMD160 4a5dd9dd291e487be846443daad8f1f4af2f6843 SHA1 3d0beebfb248d8d684762492755c3e195220f929 SHA256 1a816dda7de8ce162e00cc1c782a5ae25230a36d56c590a67d86848058797c9f
+DIST libgdata-0.10.2.tar.xz 1129804 RMD160 5e4ada53ccd5d36c6ae5353871ffe5249945c2cd SHA1 07b8236cb86abe62146b590133b084ee161a46a2 SHA256 c028f3f39796fe6cc4841413b95a6c470350166ec8b520d17e6f4ff666f32c4e
DIST libgdata-0.8.1.tar.bz2 1201616 RMD160 ff56052332399e29a0a615d9128524cb2a178d47 SHA1 e0526fafeda6ef5d92afbdea08f715a07942ac84 SHA256 080be3e677e6098d0f1bbcbaf8e474b4b94fad8a0d07b5a2969c3ab95b68d0b9
-EBUILD libgdata-0.10.0.ebuild 1861 RMD160 2e2bcd9b1092decd19600199c14c34daef2dedbb SHA1 11337c374e53c3577070cab870724085c20116d8 SHA256 6adc5b33c15eeaf4168f2d4111f3ee2eaed4744d245cd96bcd974b34a1e5bea3
EBUILD libgdata-0.10.1.ebuild 1855 RMD160 76d871e3b3738f884c5de1bc22de883d0bd8c8af SHA1 012bc768ff6c4fcd28e53265459a917c677b00a3 SHA256 660055d7a4b779a05dfed8124b9f89551aecdd52a9271a8ba0f8a5681897c1ec
-EBUILD libgdata-0.8.0.ebuild 1618 RMD160 961836d0262133dc529c114f83d4383a3323acf2 SHA1 de6817401e1121150c931d68c9afa1b8f2b36c38 SHA256 b3c1d02a7391a60d84c4015c91de6765e9118955b3aa01b4053d44273c59620d
+EBUILD libgdata-0.10.2.ebuild 1950 RMD160 cd455ba3658d0166324bb97df255f2da56412c28 SHA1 49b4d0b490a322d41cfbd0d6ab8626c6029c13e0 SHA256 cdde21ea5b9c4d6aeb24175327eb118cd869ed9f64afc077b4b44d7ab6494fcd
EBUILD libgdata-0.8.1-r1.ebuild 1871 RMD160 8ccf770f2647bde56607caf085e43bade062b621 SHA1 43bc6bfe45854b9d288436ad788d7dabf445cf66 SHA256 8a19b082e171b1436b351869356ee71721bd7b011feb9c2c59f3167f3e57e046
+EBUILD libgdata-0.8.1-r2.ebuild 2142 RMD160 7343b0c9486643388f097776a1dfb29f7adc28d6 SHA1 51239bb7cccd321980a805fef10ad99330eb5be5 SHA256 cf61ec6d915fd1ab167d90721d355eff851e9cb7ad1c511215a28b50a8f2f7a0
EBUILD libgdata-0.8.1.ebuild 1756 RMD160 c95df6764b8a1298049051e416d34b7240eb7f0f SHA1 4b51a76e4ed644c11bd7130d8b150519d8d3eead SHA256 f2811263f327c053800c09faa5242e7ffc62f42ae7c6a431a4f315155544644a
-MISC ChangeLog 6199 RMD160 60e57c551c84ef273e22ad65e3e2e731366252fe SHA1 0bbb68563214d0b807856aa04dfc77a8b37adad4 SHA256 5669f5c69905d16d84d6b502325434e7c70a38468c64b190ec8fa1dd9d1eed6a
+MISC ChangeLog 6611 RMD160 a0c91a2dfeaf14c45fcb850f036ae2d42c8426b4 SHA1 4ce2d25807e573354fcfc661ee04709cb8eddfb2 SHA256 a0b65e925bf22748f093b42fd98e794a8f9a074a3bb5ebb6f8846798a35fac5d
MISC metadata.xml 277 RMD160 2ffb105a089a3b759ddef20bf72b06362a1d1c63 SHA1 82aa8cfe90fb0c9f7c02f295d2802d41ad2af380 SHA256 3d52f90556a9db4ad09f2fbe34e2d25b21f345e474e829ac84669d49cb64c8bb
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (GNU/Linux)
+
+iF4EAREIAAYFAk9hRNMACgkQdjK8w9WeBnDSpgEAjtWcX9H5lrcsjKI4JzayUGRD
+EgBc6w1tqLDXqgDlw8kBALKeDCEshwRMZOtvh8EYdOiBCiwezlrkHhHJEohoNa76
+=vEIn
+-----END PGP SIGNATURE-----
diff --git a/dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch b/dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch
new file mode 100644
index 000000000000..a018604d0545
--- /dev/null
+++ b/dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch
@@ -0,0 +1,53 @@
+From 25a2824203ad199d69432940d2f1edda5b226e9e Mon Sep 17 00:00:00 2001
+From: Philip Withnall <philip@tecnocode.co.uk>
+Date: Thu, 8 Mar 2012 00:09:08 +0000
+Subject: [PATCH] core: Validate SSL certificates for all connections
+
+This prevents MitM attacks which use spoofed SSL certificates.
+
+Closes: https://bugzilla.gnome.org/show_bug.cgi?id=671535
+
+[Alexandre Rostovtsev <tetromino@gentoo.org>: backport to 0.8.1]
+
+Conflicts:
+
+ gdata/gdata-service.c
+---
+ configure.ac | 7 +++++++
+ gdata/gdata-service.c | 2 +-
+ 2 files changed, 8 insertions(+), 1 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 449383d..ad23761 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -92,6 +92,13 @@ AC_CHECK_FUNCS([strtol])
+ AC_CHECK_FUNCS([strtoul])
+ AC_CHECK_HEADERS([sys/time.h])
+
++# System SSL CA certificates
++AC_ARG_WITH(ca-certs,
++ AS_HELP_STRING([--with-ca-certs=PATH],[location of SSL CA certificates (default: /etc/ssl/certs/ca-certificates.crt)]),
++ ca_certs="$withval",
++ ca_certs="/etc/ssl/certs/ca-certificates.crt")
++AC_DEFINE_UNQUOTED(CA_CERTS, "$ca_certs", [Where to look for SSL CA certificates])
++
+ # Internationalisation support
+ GETTEXT_PACKAGE=gdata
+ AC_DEFINE_UNQUOTED(GETTEXT_PACKAGE, ["$GETTEXT_PACKAGE"], [Define to the Gettext package name])
+diff --git a/gdata/gdata-service.c b/gdata/gdata-service.c
+index 420eec2..8d8d21c 100644
+--- a/gdata/gdata-service.c
++++ b/gdata/gdata-service.c
+@@ -273,7 +273,7 @@ static void
+ gdata_service_init (GDataService *self)
+ {
+ self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self, GDATA_TYPE_SERVICE, GDataServicePrivate);
+- self->priv->session = soup_session_sync_new ();
++ self->priv->session = soup_session_sync_new_with_options (SOUP_SESSION_SSL_CA_FILE, CA_CERTS, NULL);
+
+ #ifdef HAVE_GNOME
+ soup_session_add_feature_by_type (self->priv->session, SOUP_TYPE_GNOME_FEATURES_2_26);
+--
+1.7.8.5
+
diff --git a/dev-libs/libgdata/libgdata-0.10.0.ebuild b/dev-libs/libgdata/libgdata-0.10.2.ebuild
index 943c75b025cc..8893dfc1712e 100644
--- a/dev-libs/libgdata/libgdata-0.10.0.ebuild
+++ b/dev-libs/libgdata/libgdata-0.10.2.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2011 Gentoo Foundation
+# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/libgdata/libgdata-0.10.0.ebuild,v 1.1 2011/10/30 06:15:19 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/libgdata/libgdata-0.10.2.ebuild,v 1.1 2012/03/15 01:24:29 tetromino Exp $
EAPI="4"
GCONF_DEBUG="yes"
@@ -22,6 +22,7 @@ RDEPEND=">=dev-libs/glib-2.19:2
|| (
>=x11-libs/gdk-pixbuf-2.14:2
>=x11-libs/gtk+-2.14:2 )
+ app-misc/ca-certificates
>=dev-libs/libxml2-2:2
>=net-libs/libsoup-2.26.1:2.4[introspection?]
>=net-libs/liboauth-0.9.4
@@ -34,6 +35,7 @@ DEPEND="${RDEPEND}
pkg_setup() {
DOCS="AUTHORS ChangeLog HACKING NEWS README"
G2CONF="${G2CONF}
+ --with-ca-certs=${EPREFIX}/etc/ssl/certs/ca-certificates.crt
$(use_enable static-libs static)
$(use_enable gnome)
$(use_enable introspection)"
diff --git a/dev-libs/libgdata/libgdata-0.8.0.ebuild b/dev-libs/libgdata/libgdata-0.8.1-r2.ebuild
index 14a0aebae9a9..fb915671f608 100644
--- a/dev-libs/libgdata/libgdata-0.8.0.ebuild
+++ b/dev-libs/libgdata/libgdata-0.8.1-r2.ebuild
@@ -1,18 +1,18 @@
-# Copyright 1999-2011 Gentoo Foundation
+# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/libgdata/libgdata-0.8.0.ebuild,v 1.8 2011/03/22 18:52:37 ranger Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/libgdata/libgdata-0.8.1-r2.ebuild,v 1.1 2012/03/15 01:24:29 tetromino Exp $
EAPI="3"
GCONF_DEBUG="yes"
-inherit eutils gnome2
+inherit autotools eutils gnome2
DESCRIPTION="GLib-based library for accessing online service APIs using the GData protocol"
HOMEPAGE="http://live.gnome.org/libgdata"
LICENSE="LGPL-2.1"
SLOT="0"
-KEYWORDS="alpha amd64 arm ia64 ppc ppc64 sparc x86"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
IUSE="doc gnome +introspection"
# gtk+ is needed for gdk
@@ -20,23 +20,37 @@ RDEPEND=">=dev-libs/glib-2.19:2
|| (
>=x11-libs/gdk-pixbuf-2.14:2
>=x11-libs/gtk+-2.14:2 )
+ app-misc/ca-certificates
>=dev-libs/libxml2-2:2
>=net-libs/libsoup-2.26.1:2.4[introspection?]
gnome? ( >=net-libs/libsoup-gnome-2.26.1:2.4[introspection?] )
introspection? ( >=dev-libs/gobject-introspection-0.9.7 )"
DEPEND="${RDEPEND}
>=dev-util/intltool-0.40
+ gnome-base/gnome-common
doc? ( >=dev-util/gtk-doc-1.14 )"
+# eautoreconf requires gnome-base/gnome-common
pkg_setup() {
DOCS="AUTHORS ChangeLog HACKING NEWS README"
G2CONF="${G2CONF}
--disable-static
+ --with-ca-certs=${EPREFIX}/etc/ssl/certs/ca-certificates.crt
$(use_enable gnome)
$(use_enable introspection)"
}
src_prepare() {
+ # Allow Google Contacts' user defined fields to have empty names, upstream bug #648058
+ epatch "${FILESDIR}/${P}-empty-names.patch"
+
+ # Fix building with gobject-introspection-1.30; fixed in 0.10.x
+ epatch "${FILESDIR}/${P}-gdata-symbols.patch"
+
+ # Fix MITM attack, bug #408245
+ epatch "${FILESDIR}/${P}-validate-ssl.patch"
+
+ eautoreconf
gnome2_src_prepare
# Disable tests requiring network access, bug #307725