Hello community, here is the log from the commit of package gnome-online-accounts.1315 for openSUSE:12.2:Update checked in at 2013-02-15 11:46:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/gnome-online-accounts.1315 (Old) and /work/SRC/openSUSE:12.2:Update/.gnome-online-accounts.1315.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnome-online-accounts.1315", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-02-09 11:18:20.872010756 +0100 +++ /work/SRC/openSUSE:12.2:Update/.gnome-online-accounts.1315.new/gnome-online-accounts.changes 2013-02-15 11:46:51.000000000 +0100 @@ -0,0 +1,135 @@ +------------------------------------------------------------------- +Wed Feb 6 19:57:34 UTC 2013 - dims...@opensuse.org + +- Add gnome-online-accounts-CVE-2013-0240.patch: goa fails to + verify SSL certificates when creating accounts (bnc#802409, + bgo#693214, CVE-2013--240). + +------------------------------------------------------------------- +Mon May 14 19:28:17 UTC 2012 - dims...@opensuse.org + +- Update to version 3.4.2: + + facebook: Use m.facebook.com for the authorization URI + (bgo#675930) + + webview: Set the SoupSession's "accept-language-auto" to TRUE + + Updated translations. + +------------------------------------------------------------------- +Tue Apr 17 13:52:35 UTC 2012 - dims...@opensuse.org + +- Update to version 3.4.1: + + Remove the credentials from the keyring when an account is + removed (bgo#654168). + + Make sure the GError** passed is always pointer to NULL. + + Updated translations. + +------------------------------------------------------------------- +Mon Mar 26 15:58:33 UTC 2012 - vu...@opensuse.org + +- Update to version 3.4.0: + + Updated translations. + +------------------------------------------------------------------- +Wed Mar 21 16:50:46 UTC 2012 - vu...@opensuse.org + +- Update to version 3.3.92.1: + + No change, fix broken tarball. + +------------------------------------------------------------------- +Mon Mar 19 22:25:55 UTC 2012 - dims...@opensuse.org + +- Update to version 3.3.92: + + Add a border on the webkit view (bgo#660514). + + Build fixes. + + Facebook related changes: + - OAuth2Provider: add support for facebook client side auth + flow (bgo#672060). + - FacebookProvider: move to client-side flow (bgo#672060). + - configure.ac: remove the facebook client secret (bgo#672060). + - Unref the JSON parser (bgo#672060). + - offline_access has been removed since it is deprecated. + + Updated translations. +- Drop xz BuildRequires, as it now comes for free in the build + system. +- Pass --enable-facebook to configure now that it doesn't require a + secret key anymore. + +------------------------------------------------------------------- +Fri Jan 13 13:13:04 UTC 2012 - vu...@opensuse.org + +- Add baselibs.conf, as we need the 32bit package for + evolution-data-server libraries. + +------------------------------------------------------------------- +Tue Dec 20 09:47:21 UTC 2011 - vu...@opensuse.org + +- Update to version 3.3.0: + + Add support for Windows Live. + + Facebook provider: Add Chat. + + GoaOAuth2Based: Add ClientId and ClientSecret properties. + + Correctly launch the preferences from the daemon. + + Remove unused org.gnome.OnlineAccounts.PasswordBased D-Bus + interface. + + Build fixes. + + Updated translations. +- Add xz BuildRequires because we can't build a package for a + xz-compressed tarball without explicitly specifying that... See + bnc#697467 for more details. +- Add new --enable-windows-live option to configure. +- Split typelib file into typelib-1_0-Goa-1_0 subpackage. +- Add typelib-1_0-Goa-1_0 Requires to devel subpackage. + +------------------------------------------------------------------- +Mon Oct 17 19:33:49 UTC 2011 - dims...@opensuse.org + +- Update to version 3.2.1: + + Updated translations. + +------------------------------------------------------------------- +Wed Sep 28 06:09:12 UTC 2011 - vu...@opensuse.org + +- Update to version 3.2.0.1: + + Fix a crash when launching preferences from notifications + +------------------------------------------------------------------- +Mon Sep 26 21:55:56 UTC 2011 - vu...@opensuse.org + +- Update to version 3.2.0: + + Let authentication webkit window inherit from GNOME proxy + settings (bgo#658444) + + Updated translations. +- Add pkgconfig(libsoup-gnome-2.4) BuildRequires: new dependency. + +------------------------------------------------------------------- +Tue Sep 20 07:16:28 UTC 2011 - vu...@opensuse.org + +- Update to version 3.1.91: + + String fixes. + + Build fixes. + + Updated translations. + +------------------------------------------------------------------- +Tue Aug 30 15:47:28 CEST 2011 - vu...@opensuse.org + +- Update to version 3.1.90: + + Add a Documents account type. + + Updated translations. +- Remove have_lang macro now that there are translations. + +------------------------------------------------------------------- +Mon Jul 18 22:25:32 UTC 2011 - dims...@opensuse.org + +- Add libsocialweb-branding-openSUSE BuildRequires. This package + contains our API keys for the various backends. +- Pass --enable-twitter and the corresponding keys to configure. + This allows us to enable the twitter backend for + gnome-online-accounts. Part of bnc#703759. +- For completeness pass --enable-google to configure. It's there by + default and it does not require API keys; anonymous works just + fine. + +------------------------------------------------------------------- +Sun Jul 3 12:39:36 CEST 2011 - vu...@opensuse.org + +- Initial package (version 3.1.1). + New: ---- baselibs.conf gnome-online-accounts-3.4.2.tar.xz gnome-online-accounts-CVE-2013-0240.patch gnome-online-accounts.changes gnome-online-accounts.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnome-online-accounts.spec ++++++ # # spec file for package gnome-online-accounts # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: gnome-online-accounts Version: 3.4.2 Release: 0 Summary: GNOME service to access online accounts License: LGPL-2.1+ Group: System/GUI/GNOME Url: http://www.gnome.org Source: http://download.gnome.org/sources/gnome-online-accounts/3.4/%{name}-%{version}.tar.xz Source99: baselibs.conf # PATCH-FIX-UPSTREAM gnome-online-accounts-CVE-2013-0240.patch CVE-2013-0240 bnc#802409 bgo#693214 -- goa fails to verify SSL certificates when creating accounts Patch0: gnome-online-accounts-CVE-2013-0240.patch BuildRequires: docbook-xsl-stylesheets BuildRequires: gobject-introspection-devel BuildRequires: gtk-doc BuildRequires: intltool # libsocialweb-branding-openSUSE is a package that already contains the right API keys. Instead of # duplicating them in the .spec file here, we include them from libsocialweb-branding. BuildRequires: libsocialweb-branding-openSUSE BuildRequires: update-desktop-files BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(gnome-keyring-1) BuildRequires: pkgconfig(gtk+-3.0) BuildRequires: pkgconfig(json-glib-1.0) BuildRequires: pkgconfig(libnotify) BuildRequires: pkgconfig(libsoup-gnome-2.4) >= 2.26 BuildRequires: pkgconfig(rest-0.7) BuildRequires: pkgconfig(webkitgtk-3.0) Recommends: %{name}-lang BuildRoot: %{_tmppath}/%{name}-%{version}-build %description gnome-online-accounts provides interfaces so applications and libraries in GNOME can access the user's online accounts. %package -n libgoa-1_0-0 Summary: GNOME service to access online accounts -- Client Library Group: System/Libraries Recommends: %{name} %description -n libgoa-1_0-0 gnome-online-accounts provides interfaces so applications and libraries in GNOME can access the user's online accounts. %package -n typelib-1_0-Goa-1_0 Summary: GNOME service to access online accounts -- Introspection bindings Group: System/Libraries %description -n typelib-1_0-Goa-1_0 gnome-online-accounts provides interfaces so applications and libraries in GNOME can access the user's online accounts. This package provides the GObject Introspection bindings for the libgoa client library. %package -n libgoa-backend-1_0-0 Summary: GNOME service to access online accounts -- Backend Library Group: System/Libraries Recommends: %{name} %description -n libgoa-backend-1_0-0 gnome-online-accounts provides interfaces so applications and libraries in GNOME can access the user's online accounts. %package devel Summary: GNOME service to access online accounts -- Development Files Group: Development/Libraries/GNOME Requires: libgoa-1_0-0 = %{version} Requires: libgoa-backend-1_0-0 = %{version} Requires: typelib-1_0-Goa-1_0 = %{version} %description devel gnome-online-accounts provides interfaces so applications and libraries in GNOME can access the user's online accounts. %lang_package %prep %setup -q %patch0 -p1 %build TWITTER=$(cat %{_datadir}/libsocialweb/keys/twitter) if test "x$TWITTER" = "x"; then echo "No API keys for twitter." false fi TWITTER_KEY=$(echo $TWITTER | awk '{print $1}') TWITTER_SECRET=$(echo $TWITTER | awk '{print $2}') %configure \ --disable-static \ --enable-gtk-doc \ --enable-twitter \ --with-twitter-consumer-key=$TWITTER_KEY \ --with-twitter-consumer-secret=$TWITTER_SECRET \ --enable-facebook \ --enable-google \ --enable-windows-live make %{?_smp_mflags} %install %make_install find %{buildroot}%{_libdir} -name '*.la' -type f -delete -print %find_lang %{name} %{?no_lang_C} %clean rm -rf %{buildroot} %post -n libgoa-1_0-0 -p /sbin/ldconfig %postun -n libgoa-1_0-0 -p /sbin/ldconfig %post -n libgoa-backend-1_0-0 -p /sbin/ldconfig %postun -n libgoa-backend-1_0-0 -p /sbin/ldconfig %files %defattr(-,root,root) %doc COPYING NEWS %{_libexecdir}/goa-daemon %{_datadir}/dbus-1/services/org.gnome.OnlineAccounts.service %{_datadir}/icons/hicolor/*/apps/goa-account*.png %{_mandir}/man8/goa-daemon.8%{?ext_man} %files -n libgoa-1_0-0 %defattr(-,root,root) %{_libdir}/libgoa-1.0.so.* %files -n typelib-1_0-Goa-1_0 %defattr(-,root,root) %{_libdir}/girepository-1.0/Goa-1.0.typelib %files -n libgoa-backend-1_0-0 %defattr(-,root,root) %{_libdir}/libgoa-backend-1.0.so.* %files devel %defattr(-,root,root) %doc %{_datadir}/gtk-doc/html/goa/ %{_includedir}/goa-1.0/ %{_libdir}/libgoa-1.0.so %{_libdir}/libgoa-backend-1.0.so %{_libdir}/pkgconfig/goa-1.0.pc %{_libdir}/pkgconfig/goa-backend-1.0.pc %{_datadir}/gir-1.0/*.gir %files lang -f %{name}.lang %changelog ++++++ baselibs.conf ++++++ libgoa-1_0-0 libgoa-backend-1_0-0 ++++++ gnome-online-accounts-CVE-2013-0240.patch ++++++ >From 407c4cf96519cd9801cec4bc630c6e0d451c82a3 Mon Sep 17 00:00:00 2001 From: Simon McVittie <simon.mcvit...@collabora.co.uk> Date: Tue, 5 Feb 2013 13:43:34 +0000 Subject: [PATCH] CVE-2013-0240: Do not allow invalid SSL certificates None of the branded providers (eg., Google, Facebook and Windows Live) should ever have an invalid certificate; and in this version of GOA, that's all we have. So set "ssl-strict" on the SoupSession object being used by GoaWebView. --- src/goabackend/goaoauth2provider.c | 6 ++++++ src/goabackend/goaoauthprovider.c | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/src/goabackend/goaoauth2provider.c b/src/goabackend/goaoauth2provider.c index 2cf2e54..5645ead 100644 --- a/src/goabackend/goaoauth2provider.c +++ b/src/goabackend/goaoauth2provider.c @@ -747,6 +747,12 @@ get_tokens_and_identity (GoaOAuth2Provider *provider, SoupCookieJar *cookie_jar; webkit_soup_session = webkit_get_default_session (); + + g_object_set (webkit_soup_session, + SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, + SOUP_SESSION_SSL_STRICT, TRUE, + NULL); + /* Get the proxy configuration from the GNOME settings */ soup_session_add_feature_by_type (webkit_soup_session, SOUP_TYPE_PROXY_RESOLVER_GNOME); /* Set the Accept-Language header automatically */ diff --git a/src/goabackend/goaoauthprovider.c b/src/goabackend/goaoauthprovider.c index 1dbd5a1..5d76f02 100644 --- a/src/goabackend/goaoauthprovider.c +++ b/src/goabackend/goaoauthprovider.c @@ -708,6 +708,12 @@ get_tokens_and_identity (GoaOAuthProvider *provider, SoupCookieJar *cookie_jar; webkit_soup_session = webkit_get_default_session (); + + g_object_set (webkit_soup_session, + SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE, + SOUP_SESSION_SSL_STRICT, TRUE, + NULL); + /* Get the proxy configuration from the GNOME settings */ soup_session_add_feature_by_type (webkit_soup_session, SOUP_TYPE_PROXY_RESOLVER_GNOME); -- 1.7.10.4 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org