diff options
| author |   Alexandre Rostovtsev <tetromino@gentoo.org> | 2012-03-15 01:24:30 +0000 |
|---|---|---|
| committer | Alexandre Rostovtsev <tetromino@gentoo.org> | 2012-03-15 01:24:30 +0000 |
| commit | 0c06f092c74dda193c5dc985c88fe7ab32f818dc (patch) | |
| tree | 178b9e2d8c5c38bae9605a5d4caca0dd14dd6d0a /dev-libs | |
| parent | Use CTARGET from the env.d file by default to better work with custom GCC_VER. (diff) | |
| download | gentoo-2-0c06f092c74dda193c5dc985c88fe7ab32f818dc.tar.gz gentoo-2-0c06f092c74dda193c5dc985c88fe7ab32f818dc.tar.bz2 gentoo-2-0c06f092c74dda193c5dc985c88fe7ab32f818dc.zip | |
Validate SSL certificates to prevent MITM attack (bug #408245, CVE-2012-1177, thanks to Michael Harrison for reporting). Drop old.
(Portage version: 2.2.0_alpha90/cvs/Linux x86_64)
Diffstat (limited to 'dev-libs')
| -rw-r--r-- | dev-libs/libgdata/ChangeLog | 12 | ||||
| -rw-r--r-- | dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch | 53 | ||||
| -rw-r--r-- | dev-libs/libgdata/libgdata-0.10.2.ebuild (renamed from dev-libs/libgdata/libgdata-0.10.0.ebuild) | 6 | ||||
| -rw-r--r-- | dev-libs/libgdata/libgdata-0.8.1-r2.ebuild (renamed from dev-libs/libgdata/libgdata-0.8.0.ebuild) | 22 |
4 files changed, 86 insertions, 7 deletions
diff --git a/dev-libs/libgdata/ChangeLog b/dev-libs/libgdata/ChangeLog index a167e0a7d541..03324c3420d4 100644 --- a/dev-libs/libgdata/ChangeLog +++ b/dev-libs/libgdata/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for dev-libs/libgdata # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/libgdata/ChangeLog,v 1.43 2012/03/05 21:59:51 ranger Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/libgdata/ChangeLog,v 1.44 2012/03/15 01:24:29 tetromino Exp $ + +*libgdata-0.10.2 (15 Mar 2012) +*libgdata-0.8.1-r2 (15 Mar 2012) + + 15 Mar 2012; Alexandre Rostovtsev <tetromino@gentoo.org> + -libgdata-0.8.0.ebuild, +libgdata-0.8.1-r2.ebuild, + +files/libgdata-0.8.1-validate-ssl.patch, -libgdata-0.10.0.ebuild, + +libgdata-0.10.2.ebuild: + Validate SSL certificates to prevent MITM attack (bug #408245, CVE-2012-1177, + thanks to Michael Harrison for reporting). Drop old. 05 Mar 2012; Brent Baude <ranger@gentoo.org> libgdata-0.8.1-r1.ebuild: Marking libgdata-0.8.1-r1 ppc stable for bug 393007 diff --git a/dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch b/dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch new file mode 100644 index 000000000000..a018604d0545 --- /dev/null +++ b/dev-libs/libgdata/files/libgdata-0.8.1-validate-ssl.patch @@ -0,0 +1,53 @@ +From 25a2824203ad199d69432940d2f1edda5b226e9e Mon Sep 17 00:00:00 2001 +From: Philip Withnall <philip@tecnocode.co.uk> +Date: Thu, 8 Mar 2012 00:09:08 +0000 +Subject: [PATCH] core: Validate SSL certificates for all connections + +This prevents MitM attacks which use spoofed SSL certificates. + +Closes: https://bugzilla.gnome.org/show_bug.cgi?id=671535 + +[Alexandre Rostovtsev <tetromino@gentoo.org>: backport to 0.8.1] + +Conflicts: + + gdata/gdata-service.c +--- + configure.ac | 7 +++++++ + gdata/gdata-service.c | 2 +- + 2 files changed, 8 insertions(+), 1 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 449383d..ad23761 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -92,6 +92,13 @@ AC_CHECK_FUNCS([strtol]) + AC_CHECK_FUNCS([strtoul]) + AC_CHECK_HEADERS([sys/time.h]) + ++# System SSL CA certificates ++AC_ARG_WITH(ca-certs, ++ AS_HELP_STRING([--with-ca-certs=PATH],[location of SSL CA certificates (default: /etc/ssl/certs/ca-certificates.crt)]), ++ ca_certs="$withval", ++ ca_certs="/etc/ssl/certs/ca-certificates.crt") ++AC_DEFINE_UNQUOTED(CA_CERTS, "$ca_certs", [Where to look for SSL CA certificates]) ++ + # Internationalisation support + GETTEXT_PACKAGE=gdata + AC_DEFINE_UNQUOTED(GETTEXT_PACKAGE, ["$GETTEXT_PACKAGE"], [Define to the Gettext package name]) +diff --git a/gdata/gdata-service.c b/gdata/gdata-service.c +index 420eec2..8d8d21c 100644 +--- a/gdata/gdata-service.c ++++ b/gdata/gdata-service.c +@@ -273,7 +273,7 @@ static void + gdata_service_init (GDataService *self) + { + self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self, GDATA_TYPE_SERVICE, GDataServicePrivate); +- self->priv->session = soup_session_sync_new (); ++ self->priv->session = soup_session_sync_new_with_options (SOUP_SESSION_SSL_CA_FILE, CA_CERTS, NULL); + + #ifdef HAVE_GNOME + soup_session_add_feature_by_type (self->priv->session, SOUP_TYPE_GNOME_FEATURES_2_26); +-- +1.7.8.5 + diff --git a/dev-libs/libgdata/libgdata-0.10.0.ebuild b/dev-libs/libgdata/libgdata-0.10.2.ebuild index 943c75b025cc..8893dfc1712e 100644 --- a/dev-libs/libgdata/libgdata-0.10.0.ebuild +++ b/dev-libs/libgdata/libgdata-0.10.2.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2011 Gentoo Foundation +# Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/libgdata/libgdata-0.10.0.ebuild,v 1.1 2011/10/30 06:15:19 tetromino Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/libgdata/libgdata-0.10.2.ebuild,v 1.1 2012/03/15 01:24:29 tetromino Exp $ EAPI="4" GCONF_DEBUG="yes" @@ -22,6 +22,7 @@ RDEPEND=">=dev-libs/glib-2.19:2 || ( >=x11-libs/gdk-pixbuf-2.14:2 >=x11-libs/gtk+-2.14:2 ) + app-misc/ca-certificates >=dev-libs/libxml2-2:2 >=net-libs/libsoup-2.26.1:2.4[introspection?] >=net-libs/liboauth-0.9.4 @@ -34,6 +35,7 @@ DEPEND="${RDEPEND} pkg_setup() { DOCS="AUTHORS ChangeLog HACKING NEWS README" G2CONF="${G2CONF} + --with-ca-certs=${EPREFIX}/etc/ssl/certs/ca-certificates.crt $(use_enable static-libs static) $(use_enable gnome) $(use_enable introspection)" diff --git a/dev-libs/libgdata/libgdata-0.8.0.ebuild b/dev-libs/libgdata/libgdata-0.8.1-r2.ebuild index 14a0aebae9a9..fb915671f608 100644 --- a/dev-libs/libgdata/libgdata-0.8.0.ebuild +++ b/dev-libs/libgdata/libgdata-0.8.1-r2.ebuild @@ -1,18 +1,18 @@ -# Copyright 1999-2011 Gentoo Foundation +# Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/libgdata/libgdata-0.8.0.ebuild,v 1.8 2011/03/22 18:52:37 ranger Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/libgdata/libgdata-0.8.1-r2.ebuild,v 1.1 2012/03/15 01:24:29 tetromino Exp $ EAPI="3" GCONF_DEBUG="yes" -inherit eutils gnome2 +inherit autotools eutils gnome2 DESCRIPTION="GLib-based library for accessing online service APIs using the GData protocol" HOMEPAGE="http://live.gnome.org/libgdata" LICENSE="LGPL-2.1" SLOT="0" -KEYWORDS="alpha amd64 arm ia64 ppc ppc64 sparc x86" +KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86" IUSE="doc gnome +introspection" # gtk+ is needed for gdk @@ -20,23 +20,37 @@ RDEPEND=">=dev-libs/glib-2.19:2 || ( >=x11-libs/gdk-pixbuf-2.14:2 >=x11-libs/gtk+-2.14:2 ) + app-misc/ca-certificates >=dev-libs/libxml2-2:2 >=net-libs/libsoup-2.26.1:2.4[introspection?] gnome? ( >=net-libs/libsoup-gnome-2.26.1:2.4[introspection?] ) introspection? ( >=dev-libs/gobject-introspection-0.9.7 )" DEPEND="${RDEPEND} >=dev-util/intltool-0.40 + gnome-base/gnome-common doc? ( >=dev-util/gtk-doc-1.14 )" +# eautoreconf requires gnome-base/gnome-common pkg_setup() { DOCS="AUTHORS ChangeLog HACKING NEWS README" G2CONF="${G2CONF} --disable-static + --with-ca-certs=${EPREFIX}/etc/ssl/certs/ca-certificates.crt $(use_enable gnome) $(use_enable introspection)" } src_prepare() { + # Allow Google Contacts' user defined fields to have empty names, upstream bug #648058 + epatch "${FILESDIR}/${P}-empty-names.patch" + + # Fix building with gobject-introspection-1.30; fixed in 0.10.x + epatch "${FILESDIR}/${P}-gdata-symbols.patch" + + # Fix MITM attack, bug #408245 + epatch "${FILESDIR}/${P}-validate-ssl.patch" + + eautoreconf gnome2_src_prepare # Disable tests requiring network access, bug #307725 |