Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libgda for openSUSE:Factory checked in at 2022-02-04 21:49:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libgda (Old) and /work/SRC/openSUSE:Factory/.libgda.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libgda" Fri Feb 4 21:49:11 2022 rev:94 rq:951430 version:6.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libgda/libgda.changes 2021-11-17 01:15:28.082191289 +0100 +++ /work/SRC/openSUSE:Factory/.libgda.new.1898/libgda.changes 2022-02-04 21:52:21.815165198 +0100 @@ -1,0 +2,9 @@ +Wed Feb 2 14:09:48 UTC 2022 - Bj??rn Lie <[email protected]> + +- Add bebdffb4de586fb43fd07ac549121f4b22f6812d.patch: Fix + CVE-2021-39359 by forcing TLS certificate validation + (boo#1189849). +- Add libgda-fix-meson-060.patch: Fix build with meson 0.61.0 and + newer. + +------------------------------------------------------------------- New: ---- bebdffb4de586fb43fd07ac549121f4b22f6812d.patch libgda-fix-meson-060.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libgda.spec ++++++ --- /var/tmp/diff_new_pack.c1RFHl/_old 2022-02-04 21:52:22.379161318 +0100 +++ /var/tmp/diff_new_pack.c1RFHl/_new 2022-02-04 21:52:22.383161291 +0100 @@ -1,7 +1,7 @@ # # spec file for package libgda # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -35,6 +35,11 @@ Patch2: overflow-undefined-behavior.patch # PATCH-FIX-UPSTREAM libgda-no-gtkdoc-markers.patch glgo#GNOME/libgda#254 [email protected] -- Fix build with GNOME 41 stack Patch3: libgda-no-gtkdoc-markers.patch +# PATCH-FIX-UPSTREAM bebdffb4de586fb43fd07ac549121f4b22f6812d.patch boo#1189849 CVE-2021-39359 -- Fix CVE-2021-39359 by forcing TLS certificate validation +Patch4: https://gitlab.gnome.org/GNOME/libgda/-/commit/bebdffb4de586fb43fd07ac549121f4b22f6812d.patch +# PATCH-FIX-UPSTREAM libgda-fix-meson-060.patch [email protected] -- Fix build with meson 0.61.0 and newer +Patch5: libgda-fix-meson-060.patch + BuildRequires: db-devel BuildRequires: fdupes BuildRequires: gcc-c++ @@ -223,8 +228,8 @@ Summary: GNU Data Access (GDA) Library -- Development Files Group: Development/Libraries/C and C++ Requires: %{_name}-6_0-6_0_0 = %{version} -Requires: %{_name}-ui-6_0-6_0_0 = %{version} Requires: %{_name}-report-6_0-6_0_0 = %{version} +Requires: %{_name}-ui-6_0-6_0_0 = %{version} Requires: %{_name}-xslt-6_0-6_0_0 = %{version} Requires: typelib-1_0-Gda-6_0 = %{version} Requires: typelib-1_0-Gdaui-6_0 = %{version} ++++++ bebdffb4de586fb43fd07ac549121f4b22f6812d.patch ++++++ >From bebdffb4de586fb43fd07ac549121f4b22f6812d Mon Sep 17 00:00:00 2001 From: "Douglas R. Reno" <[email protected]> Date: Mon, 18 Oct 2021 13:18:01 -0500 Subject: [PATCH] Fix CVE-2021-39359 by forcing TLS certificate validation This was done by adding "ssl-use-system-ca-file", TRUE to the options for each soup_session_new_with_options() call that was made. Tested on Linux From Scratch 11.0 and Debian 11. Fixes #249 --- providers/web/gda-web-provider.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/providers/web/gda-web-provider.c b/providers/web/gda-web-provider.c index cf8d14dc3..cc818895f 100644 --- a/providers/web/gda-web-provider.c +++ b/providers/web/gda-web-provider.c @@ -355,8 +355,8 @@ gda_web_provider_open_connection (GdaServerProvider *provider, GdaConnection *cn g_rec_mutex_init (& (cdata->mutex)); cdata->server_id = NULL; cdata->forced_closing = FALSE; - cdata->worker_session = soup_session_new (); - cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, NULL); + cdata->worker_session = soup_session_new_with_options ("ssl-use-system-ca-file", TRUE, NULL); + cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, "ssl-use-system-ca-file", TRUE, NULL); if (use_ssl) { server_url = g_string_new ("https://";); g_print ("USING SSL\n"); -- GitLab ++++++ libgda-fix-meson-060.patch ++++++ --- orig-libgda-6.0.0/tools/browser/meson.build 2021-02-01 01:29:25.281818400 +0100 +++ libgda-6.0.0/tools/browser/meson.build 2022-02-02 15:59:28.721883015 +0100 @@ -84,7 +84,7 @@ subdir('data') -i18n.merge_file('browser_desktop', +i18n.merge_file( po_dir: join_paths(meson.source_root(),'po'), type: 'desktop', input: 'org.gnome.gda.Browser.desktop.in', @@ -105,4 +105,4 @@ install_dir: join_paths(get_option('datadir'),'metainfo') ) -browser_deps += inc_browserdirh_dep \ Intet linjeskift i slutten av fila +browser_deps += inc_browserdirh_dep
