commit gnome-online-accounts.1315 for openSUSE:12.2:Update

Fri, 15 Feb 2013 02:46:56 -0800 

Hello community,

here is the log from the commit of package gnome-online-accounts.1315 for 
openSUSE:12.2:Update checked in at 2013-02-15 11:46:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.2:Update/gnome-online-accounts.1315 (Old)
 and      /work/SRC/openSUSE:12.2:Update/.gnome-online-accounts.1315.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "gnome-online-accounts.1315", Maintainer is ""

Changes:
--------
New Changes file:

--- /dev/null   2013-02-09 11:18:20.872010756 +0100
+++ 
/work/SRC/openSUSE:12.2:Update/.gnome-online-accounts.1315.new/gnome-online-accounts.changes
        2013-02-15 11:46:51.000000000 +0100
@@ -0,0 +1,135 @@
+-------------------------------------------------------------------
+Wed Feb  6 19:57:34 UTC 2013 - dims...@opensuse.org
+
+- Add gnome-online-accounts-CVE-2013-0240.patch: goa fails to
+  verify SSL certificates when creating accounts (bnc#802409,
+  bgo#693214, CVE-2013--240).
+
+-------------------------------------------------------------------
+Mon May 14 19:28:17 UTC 2012 - dims...@opensuse.org
+
+- Update to version 3.4.2:
+  + facebook: Use m.facebook.com for the authorization URI
+    (bgo#675930)
+  + webview: Set the SoupSession's "accept-language-auto" to TRUE
+  + Updated translations.
+
+-------------------------------------------------------------------
+Tue Apr 17 13:52:35 UTC 2012 - dims...@opensuse.org
+
+- Update to version 3.4.1:
+  + Remove the credentials from the keyring when an account is
+    removed (bgo#654168).
+  + Make sure the GError** passed is always pointer to NULL.
+  + Updated translations.
+
+-------------------------------------------------------------------
+Mon Mar 26 15:58:33 UTC 2012 - vu...@opensuse.org
+
+- Update to version 3.4.0:
+  + Updated translations.
+
+-------------------------------------------------------------------
+Wed Mar 21 16:50:46 UTC 2012 - vu...@opensuse.org
+
+- Update to version 3.3.92.1:
+  + No change, fix broken tarball.
+
+-------------------------------------------------------------------
+Mon Mar 19 22:25:55 UTC 2012 - dims...@opensuse.org
+
+- Update to version 3.3.92:
+  + Add a border on the webkit view (bgo#660514).
+  + Build fixes.
+  + Facebook related changes:
+    - OAuth2Provider: add support for facebook client side auth
+      flow (bgo#672060).
+    - FacebookProvider: move to client-side flow (bgo#672060).
+    - configure.ac: remove the facebook client secret (bgo#672060).
+    - Unref the JSON parser (bgo#672060).
+    - offline_access has been removed since it is deprecated.
+  + Updated translations.
+- Drop xz BuildRequires, as it now comes for free in the build
+  system.
+- Pass --enable-facebook to configure now that it doesn't require a
+  secret key anymore.
+
+-------------------------------------------------------------------
+Fri Jan 13 13:13:04 UTC 2012 - vu...@opensuse.org
+
+- Add baselibs.conf, as we need the 32bit package for
+  evolution-data-server libraries.
+
+-------------------------------------------------------------------
+Tue Dec 20 09:47:21 UTC 2011 - vu...@opensuse.org
+
+- Update to version 3.3.0:
+  + Add support for Windows Live.
+  + Facebook provider: Add Chat.
+  + GoaOAuth2Based: Add ClientId and ClientSecret properties.
+  + Correctly launch the preferences from the daemon.
+  + Remove unused org.gnome.OnlineAccounts.PasswordBased D-Bus
+    interface.
+  + Build fixes.
+  + Updated translations.
+- Add xz BuildRequires because we can't build a package for a
+  xz-compressed tarball without explicitly specifying that... See
+  bnc#697467 for more details.
+- Add new --enable-windows-live option to configure.
+- Split typelib file into typelib-1_0-Goa-1_0 subpackage.
+- Add typelib-1_0-Goa-1_0 Requires to devel subpackage.
+
+-------------------------------------------------------------------
+Mon Oct 17 19:33:49 UTC 2011 - dims...@opensuse.org
+
+- Update to version 3.2.1:
+  + Updated translations.
+
+-------------------------------------------------------------------
+Wed Sep 28 06:09:12 UTC 2011 - vu...@opensuse.org
+
+- Update to version 3.2.0.1:
+  + Fix a crash when launching preferences from notifications
+
+-------------------------------------------------------------------
+Mon Sep 26 21:55:56 UTC 2011 - vu...@opensuse.org
+
+- Update to version 3.2.0:
+  + Let authentication webkit window inherit from GNOME proxy
+    settings (bgo#658444)
+  + Updated translations.
+- Add pkgconfig(libsoup-gnome-2.4) BuildRequires: new dependency.
+
+-------------------------------------------------------------------
+Tue Sep 20 07:16:28 UTC 2011 - vu...@opensuse.org
+
+- Update to version 3.1.91:
+  + String fixes.
+  + Build fixes.
+  + Updated translations.
+
+-------------------------------------------------------------------
+Tue Aug 30 15:47:28 CEST 2011 - vu...@opensuse.org
+
+- Update to version 3.1.90:
+  + Add a Documents account type.
+  + Updated translations.
+- Remove have_lang macro now that there are translations.
+
+-------------------------------------------------------------------
+Mon Jul 18 22:25:32 UTC 2011 - dims...@opensuse.org
+
+- Add libsocialweb-branding-openSUSE BuildRequires. This package
+  contains our API keys for the various backends.
+- Pass --enable-twitter and the corresponding keys to configure.
+  This allows us to enable the twitter backend for
+  gnome-online-accounts. Part of bnc#703759.
+- For completeness pass --enable-google to configure. It's there by
+  default and it does not require API keys; anonymous works just
+  fine.
+
+-------------------------------------------------------------------
+Sun Jul  3 12:39:36 CEST 2011 - vu...@opensuse.org
+
+- Initial package (version 3.1.1).
+

New:
----
  baselibs.conf
  gnome-online-accounts-3.4.2.tar.xz
  gnome-online-accounts-CVE-2013-0240.patch
  gnome-online-accounts.changes
  gnome-online-accounts.spec

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ gnome-online-accounts.spec ++++++
#
# spec file for package gnome-online-accounts
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


Name:           gnome-online-accounts
Version:        3.4.2
Release:        0
Summary:        GNOME service to access online accounts
License:        LGPL-2.1+
Group:          System/GUI/GNOME
Url:            http://www.gnome.org
Source:         
http://download.gnome.org/sources/gnome-online-accounts/3.4/%{name}-%{version}.tar.xz
Source99:       baselibs.conf
# PATCH-FIX-UPSTREAM gnome-online-accounts-CVE-2013-0240.patch CVE-2013-0240 
bnc#802409 bgo#693214 -- goa fails to verify SSL certificates when creating 
accounts
Patch0:         gnome-online-accounts-CVE-2013-0240.patch
BuildRequires:  docbook-xsl-stylesheets
BuildRequires:  gobject-introspection-devel
BuildRequires:  gtk-doc
BuildRequires:  intltool
# libsocialweb-branding-openSUSE is a package that already contains the right 
API keys. Instead of
# duplicating them in the .spec file here, we include them from 
libsocialweb-branding.
BuildRequires:  libsocialweb-branding-openSUSE
BuildRequires:  update-desktop-files
BuildRequires:  pkgconfig(glib-2.0)
BuildRequires:  pkgconfig(gnome-keyring-1)
BuildRequires:  pkgconfig(gtk+-3.0)
BuildRequires:  pkgconfig(json-glib-1.0)
BuildRequires:  pkgconfig(libnotify)
BuildRequires:  pkgconfig(libsoup-gnome-2.4) >= 2.26
BuildRequires:  pkgconfig(rest-0.7)
BuildRequires:  pkgconfig(webkitgtk-3.0)
Recommends:     %{name}-lang
BuildRoot:      %{_tmppath}/%{name}-%{version}-build

%description
gnome-online-accounts provides interfaces so applications and
libraries in GNOME can access the user's online accounts.

%package -n libgoa-1_0-0
Summary:        GNOME service to access online accounts -- Client Library
Group:          System/Libraries
Recommends:     %{name}

%description -n libgoa-1_0-0
gnome-online-accounts provides interfaces so applications and
libraries in GNOME can access the user's online accounts.

%package -n typelib-1_0-Goa-1_0
Summary:        GNOME service to access online accounts -- Introspection 
bindings
Group:          System/Libraries

%description -n typelib-1_0-Goa-1_0
gnome-online-accounts provides interfaces so applications and
libraries in GNOME can access the user's online accounts.

This package provides the GObject Introspection bindings for the libgoa
client library.

%package -n libgoa-backend-1_0-0
Summary:        GNOME service to access online accounts -- Backend Library
Group:          System/Libraries
Recommends:     %{name}

%description -n libgoa-backend-1_0-0
gnome-online-accounts provides interfaces so applications and
libraries in GNOME can access the user's online accounts.

%package devel
Summary:        GNOME service to access online accounts -- Development Files
Group:          Development/Libraries/GNOME
Requires:       libgoa-1_0-0 = %{version}
Requires:       libgoa-backend-1_0-0 = %{version}
Requires:       typelib-1_0-Goa-1_0 = %{version}

%description devel
gnome-online-accounts provides interfaces so applications and
libraries in GNOME can access the user's online accounts.

%lang_package
%prep
%setup -q
%patch0 -p1

%build
TWITTER=$(cat %{_datadir}/libsocialweb/keys/twitter)
if test "x$TWITTER" = "x"; then
    echo "No API keys for twitter."
    false
fi
TWITTER_KEY=$(echo $TWITTER | awk '{print $1}')
TWITTER_SECRET=$(echo $TWITTER | awk '{print $2}')
%configure \
        --disable-static \
        --enable-gtk-doc \
        --enable-twitter \
        --with-twitter-consumer-key=$TWITTER_KEY \
        --with-twitter-consumer-secret=$TWITTER_SECRET \
        --enable-facebook \
        --enable-google \
        --enable-windows-live
make %{?_smp_mflags}

%install
%make_install
find %{buildroot}%{_libdir} -name '*.la' -type f -delete -print
%find_lang %{name} %{?no_lang_C}

%clean
rm -rf %{buildroot}

%post -n libgoa-1_0-0 -p /sbin/ldconfig

%postun -n libgoa-1_0-0 -p /sbin/ldconfig

%post -n libgoa-backend-1_0-0 -p /sbin/ldconfig

%postun -n libgoa-backend-1_0-0 -p /sbin/ldconfig

%files
%defattr(-,root,root)
%doc COPYING NEWS
%{_libexecdir}/goa-daemon
%{_datadir}/dbus-1/services/org.gnome.OnlineAccounts.service
%{_datadir}/icons/hicolor/*/apps/goa-account*.png
%{_mandir}/man8/goa-daemon.8%{?ext_man}

%files -n libgoa-1_0-0
%defattr(-,root,root)
%{_libdir}/libgoa-1.0.so.*

%files -n typelib-1_0-Goa-1_0
%defattr(-,root,root)
%{_libdir}/girepository-1.0/Goa-1.0.typelib

%files -n libgoa-backend-1_0-0
%defattr(-,root,root)
%{_libdir}/libgoa-backend-1.0.so.*

%files devel
%defattr(-,root,root)
%doc %{_datadir}/gtk-doc/html/goa/
%{_includedir}/goa-1.0/
%{_libdir}/libgoa-1.0.so
%{_libdir}/libgoa-backend-1.0.so
%{_libdir}/pkgconfig/goa-1.0.pc
%{_libdir}/pkgconfig/goa-backend-1.0.pc
%{_datadir}/gir-1.0/*.gir

%files lang -f %{name}.lang

%changelog
++++++ baselibs.conf ++++++
libgoa-1_0-0
libgoa-backend-1_0-0
++++++ gnome-online-accounts-CVE-2013-0240.patch ++++++
>From 407c4cf96519cd9801cec4bc630c6e0d451c82a3 Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvit...@collabora.co.uk>
Date: Tue, 5 Feb 2013 13:43:34 +0000
Subject: [PATCH] CVE-2013-0240: Do not allow invalid SSL certificates

None of the branded providers (eg., Google, Facebook and Windows Live)
should ever have an invalid certificate; and in this version of GOA,
that's all we have. So set "ssl-strict" on the SoupSession object
being used by GoaWebView.
---
 src/goabackend/goaoauth2provider.c |    6 ++++++
 src/goabackend/goaoauthprovider.c  |    6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/src/goabackend/goaoauth2provider.c 
b/src/goabackend/goaoauth2provider.c
index 2cf2e54..5645ead 100644
--- a/src/goabackend/goaoauth2provider.c
+++ b/src/goabackend/goaoauth2provider.c
@@ -747,6 +747,12 @@ get_tokens_and_identity (GoaOAuth2Provider  *provider,
       SoupCookieJar *cookie_jar;
 
       webkit_soup_session = webkit_get_default_session ();
+
+      g_object_set (webkit_soup_session,
+          SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
+          SOUP_SESSION_SSL_STRICT, TRUE,
+          NULL);
+
       /* Get the proxy configuration from the GNOME settings */
       soup_session_add_feature_by_type (webkit_soup_session, 
SOUP_TYPE_PROXY_RESOLVER_GNOME);
       /* Set the Accept-Language header automatically */
diff --git a/src/goabackend/goaoauthprovider.c 
b/src/goabackend/goaoauthprovider.c
index 1dbd5a1..5d76f02 100644
--- a/src/goabackend/goaoauthprovider.c
+++ b/src/goabackend/goaoauthprovider.c
@@ -708,6 +708,12 @@ get_tokens_and_identity (GoaOAuthProvider *provider,
       SoupCookieJar *cookie_jar;
 
       webkit_soup_session = webkit_get_default_session ();
+
+      g_object_set (webkit_soup_session,
+          SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
+          SOUP_SESSION_SSL_STRICT, TRUE,
+          NULL);
+
       /* Get the proxy configuration from the GNOME settings */
       soup_session_add_feature_by_type (webkit_soup_session, 
SOUP_TYPE_PROXY_RESOLVER_GNOME);
 
-- 
1.7.10.4


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to