Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libzapojit for openSUSE:Factory checked in at 2021-11-27 00:51:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libzapojit (Old) and /work/SRC/openSUSE:Factory/.libzapojit.new.1895 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libzapojit" Sat Nov 27 00:51:45 2021 rev:7 rq:934070 version:0.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/libzapojit/libzapojit.changes 2018-03-08 10:48:51.284009643 +0100 +++ /work/SRC/openSUSE:Factory/.libzapojit.new.1895/libzapojit.changes 2021-11-27 00:52:40.586521967 +0100 @@ -1,0 +2,7 @@ +Thu Nov 25 20:07:48 UTC 2021 - Bj??rn Lie <bjorn....@gmail.com> + +- Add upstream patch, fixes: CVE-2021-39360: + libzapojit-skydrive-Guard-against-invalid-SSL-certificates.patch: + skydrive: Guard against invalid SSL certificates. + +------------------------------------------------------------------- New: ---- libzapojit-skydrive-Guard-against-invalid-SSL-certificates.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libzapojit.spec ++++++ --- /var/tmp/diff_new_pack.Gm4KUx/_old 2021-11-27 00:52:41.010520503 +0100 +++ /var/tmp/diff_new_pack.Gm4KUx/_new 2021-11-27 00:52:41.014520490 +0100 @@ -1,7 +1,7 @@ # # spec file for package libzapojit # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,6 +24,9 @@ Group: Development/Libraries/GNOME URL: http://download.gnome.org/sources/libzapojit Source: http://download.gnome.org/sources/libzapojit/0.0/%{name}-%{version}.tar.xz +# PATCH-FIX-UPSTREAM libzapojit-skydrive-Guard-against-invalid-SSL-certificates.patch -- skydrive: Guard against invalid SSL certificates Fixes: CVE-2021-39360 +Patch: libzapojit-skydrive-Guard-against-invalid-SSL-certificates.patch + BuildRequires: intltool BuildRequires: pkgconfig BuildRequires: pkgconfig(gio-2.0) @@ -68,7 +71,7 @@ using libzapojit. %prep -%setup -q +%autosetup -p1 %build %configure --disable-static ++++++ libzapojit-skydrive-Guard-against-invalid-SSL-certificates.patch ++++++ >From d9e002733fd4402480fa6cc70346de0cac57e820 Mon Sep 17 00:00:00 2001 From: Debarshi Ray <debars...@gnome.org> Date: Thu, 14 Oct 2021 16:55:48 +0200 Subject: [PATCH] skydrive: Guard against invalid SSL certificates Backported to the 0.0.3 release. Fixes: CVE-2021-39360 https://gitlab.gnome.org/GNOME/libzapojit/-/issues/4 --- src/zpj-skydrive.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/zpj-skydrive.c b/src/zpj-skydrive.c index c91b126e192f..1d91d31660e0 100644 --- a/src/zpj-skydrive.c +++ b/src/zpj-skydrive.c @@ -415,6 +415,7 @@ zpj_skydrive_delete_entry_id (ZpjSkydrive *self, const gchar *entry_id, GCancell goto out; session = soup_session_sync_new (); + g_object_set (session, SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, NULL); url = g_strconcat (live_endpoint, entry_id, NULL); message = soup_message_new ("DELETE", url); @@ -744,6 +745,7 @@ zpj_skydrive_download_file_id_to_path (ZpjSkydrive *self, data.loop = g_main_loop_new (context, FALSE); session = soup_session_async_new_with_options (SOUP_SESSION_USE_THREAD_CONTEXT, TRUE, NULL); + g_object_set (session, SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, NULL); url = g_strconcat (live_endpoint, file_id, "/content", NULL); message = soup_message_new ("GET", url); @@ -1291,6 +1293,7 @@ zpj_skydrive_upload_path_to_folder_id (ZpjSkydrive *self, goto out; session = soup_session_sync_new (); + g_object_set (session, SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, NULL); url = g_strconcat (live_endpoint, folder_id, "/files", NULL); message = soup_message_new ("POST", url); -- 2.31.1
