From unknown Tue Jun 17 01:43:18 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#51956 <51956@debbugs.gnu.org> To: bug#51956 <51956@debbugs.gnu.org> Subject: Status: [PATCH] On core-updates-frozen, geary is criminally outdated Reply-To: bug#51956 <51956@debbugs.gnu.org> Date: Tue, 17 Jun 2025 08:43:18 +0000 retitle 51956 [PATCH] On core-updates-frozen, geary is criminally outdated reassign 51956 guix-patches submitter 51956 Vivien Kraus severity 51956 normal tag 51956 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 18 14:26:33 2021 Received: (at submit) by debbugs.gnu.org; 18 Nov 2021 19:26:33 +0000 Received: from localhost ([127.0.0.1]:37245 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mnn38-0003w1-Ch for submit@debbugs.gnu.org; Thu, 18 Nov 2021 14:26:33 -0500 Received: from lists.gnu.org ([209.51.188.17]:36938) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mnn33-0003vj-6x for submit@debbugs.gnu.org; Thu, 18 Nov 2021 14:26:20 -0500 Received: from eggs.gnu.org ([209.51.188.92]:42530) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnn33-0007OP-11 for guix-patches@gnu.org; Thu, 18 Nov 2021 14:26:17 -0500 Received: from [2a00:5881:4008:2810::309] (port=35776 helo=planete-kraus.eu) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1mnn2z-0006xP-AB for guix-patches@gnu.org; Thu, 18 Nov 2021 14:26:16 -0500 Received: from planete-kraus.eu (localhost.lan [127.0.0.1]) by planete-kraus.eu (OpenSMTPD) with ESMTP id 5613fbf3 for ; Thu, 18 Nov 2021 19:26:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=planete-kraus.eu; h=from :to:subject:date:message-id:mime-version:content-type; s=dkim; bh=GnwhmHimJW95YAXHOMrSdttR3To=; b=ry/Q4URC9o+GGKPh1fsFcEDghVoN KxHu0zYZ7ZZw8Qbb2n1y4oyTpvzzaN6cbvFhoXLburkcdLCT3fL2uTM4e5PUFeyg oU/dff2QlkValfpAobb8UORmb5D4S67ypJEhbXbiSScgzGU5mVZttrdkvgP6KNXJ pEnC9cbqt65xVvc= Received: by planete-kraus.eu (OpenSMTPD) with ESMTPSA id cf8da832 (TLSv1.3:AEAD-CHACHA20-POLY1305-SHA256:256:NO); Thu, 18 Nov 2021 19:26:04 +0000 (UTC) From: Vivien Kraus To: guix-patches@gnu.org Subject: [PATCH] On core-updates-frozen, geary is criminally outdated Date: Thu, 18 Nov 2021 20:25:58 +0100 Message-ID: <87h7c99sft.fsf@planete-kraus.eu> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a00:5881:4008:2810::309 (failed) Received-SPF: pass client-ip=2a00:5881:4008:2810::309; envelope-from=vivien@planete-kraus.eu; helo=planete-kraus.eu X-Spam_score_int: -12 X-Spam_score: -1.3 X-Spam_bar: - X-Spam_report: (-1.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Dear guix, I finally managed to upgrade geary. The latest release lacks the GMime 3.0 vapi, and that=E2=80=99s not something we can generate easily (there=E2= =80=99s custom metadata and custom code), so I had to install it with gmime. What do you think? Best regards, Vivien --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-gnu-gmime-Install-the-vapi-file.patch Content-Transfer-Encoding: quoted-printable Content-Description: Let gmime install its vapi From=2065c6544aca89c3a8797de22861f06a3f7bb831bf Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Thu, 18 Nov 2021 19:44:03 +0100 Subject: [PATCH 1/2] gnu: gmime: Install the vapi file. * gnu/packages/mail.scm (gmime)[configure flags]: Build the vapi file. [native-inputs]: Add vala. =2D-- gnu/packages/mail.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index c92ec14c04..c3be5330f3 100644 =2D-- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -727,13 +727,14 @@ (define-public gmime (native-inputs `(("pkg-config" ,pkg-config) ("gnupg" ,gnupg) ; for tests only =2D ("gobject-introspection" ,gobject-introspection))) + ("gobject-introspection" ,gobject-introspection) + ("vala" ,vala))) (inputs `(("glib" ,glib) ("gpgme" ,gpgme) ("zlib" ,zlib))) (arguments `(#:configure-flags =2D (list "--enable-introspection=3Dyes") + (list "--enable-introspection=3Dyes" "--enable-vapigen=3Dyes") #:phases (modify-phases %standard-phases (add-after =2D-=20 2.34.0 --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: attachment; filename=0002-gnu-geary-Upgrade-to-40.0.patch Content-Transfer-Encoding: quoted-printable Content-Description: Upgrade geary to 40.0 From=20cf80e70f47532fa5057755b6e08cc6ea1a346a1f Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Wed, 10 Nov 2021 20:18:46 +0000 Subject: [PATCH 2/2] gnu: geary: Upgrade to 40.0 * gnu/packages/gnome.scm (geary): Upgrade to 40.0. =2D-- gnu/local.mk | 1 - gnu/packages/gnome.scm | 52 ++++--- .../patches/geary-CVE-2020-24661.patch | 133 ------------------ 3 files changed, 35 insertions(+), 151 deletions(-) delete mode 100644 gnu/packages/patches/geary-CVE-2020-24661.patch diff --git a/gnu/local.mk b/gnu/local.mk index f25548f137..d35be45f76 100644 =2D-- a/gnu/local.mk +++ b/gnu/local.mk @@ -1111,7 +1111,6 @@ dist_patch_DATA =3D \ %D%/packages/patches/gdm-elogind-support.patch \ %D%/packages/patches/gdm-remove-hardcoded-xwayland-path.patch \ %D%/packages/patches/gdm-wayland-session-wrapper-from-env.patch \ =2D %D%/packages/patches/geary-CVE-2020-24661.patch \ %D%/packages/patches/genimage-mke2fs-test.patch \ %D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index ca4ed25fe3..ce00783692 100644 =2D-- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -140,6 +140,7 @@ (define-module (gnu packages gnome) #:use-module (gnu packages inkscape) #:use-module (gnu packages iso-codes) #:use-module (gnu packages kerberos) + #:use-module (gnu packages language) #:use-module (gnu packages libcanberra) #:use-module (gnu packages libffi) #:use-module (gnu packages libunistring) @@ -11739,34 +11740,46 @@ (define-public gnome-boxes (define-public geary (package (name "geary") =2D (version "3.34.1") + (version "40.0") (source (origin (method git-fetch) (uri (git-reference =2D (url "https://gitlab.gnome.org/GNOME/geary") =2D (commit version))) + (url "https://gitlab.gnome.org/GNOME/geary.git") + (commit (string-append "gnome-" version)))) (file-name (git-file-name name version)) (sha256 (base32 =2D "01cc921kyh3zxz07biqbdzkjgmdcc36kwjyajm4y382a75cl5zg7")) =2D (patches (search-patches "geary-CVE-2020-24661.patch")))) + "04hvw86r8sczvjm1z3ls5y5y5h6nyfb648rjkfx05ib00mqq5v1x")))) (build-system meson-build-system) (arguments `(#:glib-or-gtk? #t + #:configure-flags + '("-Dprofile=3Drelease") #:phases (modify-phases %standard-phases (add-after 'unpack 'disable-failing-tests (lambda _ =2D (substitute* "test/meson.build" =2D (("test\\('client-tests', geary_test_client_bin\= \)") =2D "")) =2D #t)) + (substitute* "test/test-client.vala" + (("client.add_suite\\(new Application.CertificateM= anagerTest\\(\\).suite\\);") + "")))) + (add-after 'unpack 'generate-vapis + (lambda* (#:key inputs #:allow-other-keys) + ;; It=E2=80=99s not possible to generate the GMime v= api, because + ;; there=E2=80=99s custom metadata that gmime didn= =E2=80=99t + ;; install. Thus, the vapi should be built and insta= lled + ;; with gmime. + (define gmime + (assoc-ref inputs "gmime")) + (copy-file (string-append gmime "/share/vala/vapi/gm= ime-3.0.vapi") + "bindings/vapi/gmime-3.0.vapi"))) (add-after 'unpack 'disable-postinstall-script (lambda _ =2D (substitute* "meson.build" =2D (("meson.add_install_script\\(\ =2Djoin_paths\\('build-aux', 'post_install.py'\\)\\)") =2D "")) =2D #t)) + (substitute* "build-aux/post_install.py" + (("gtk-update-icon-cache") + "true")))) + (add-before 'check 'setup-home + (lambda _ + ;; Tests require a writable HOME. + (setenv "HOME" (getcwd)))) (add-before 'check 'setup-xvfb (lambda _ (system "Xvfb :1 &") @@ -11777,28 +11790,33 @@ (define-public geary ("folks" ,folks) ("gcr" ,gcr) ("glib" ,glib) =2D ("gmime" ,gmime-2.6) + ("gmime" ,gmime) ("gnome-online-accounts:lib" ,gnome-online-accounts "lib") + ("gsettings-desktop-schemas" ,gsettings-desktop-schemas) ("gspell" ,gspell) + ("gsound" ,gsound) ("gtk+" ,gtk+) ("iso-codes" ,iso-codes) ("json-glib" ,json-glib) ("libcanberra" ,libcanberra) ("libgee" ,libgee) =2D ("libhandy" ,libhandy-0.0) + ("libhandy" ,libhandy) ("libpeas" ,libpeas) ("libsecret" ,libsecret) + ("libstemmer" ,libstemmer) ("libunwind" ,libunwind) ("sqlite" ,sqlite) =2D ("webkitgtk" ,webkitgtk) + ("webkitgtk" ,webkitgtk-with-libsoup2) ("ytnef" ,ytnef))) (native-inputs `(("appstream-glib" ,appstream-glib) ("cmake-minimal" ,cmake-minimal) ("desktop-file-utils" ,desktop-file-utils) ("gettext" ,gettext-minimal) + ("glib" ,glib) ("glib:bin" ,glib "bin") + ("gmime" ,gmime) ("gobject-introspection" ,gobject-introspection) ("itstool" ,itstool) ("libarchive" ,libarchive) diff --git a/gnu/packages/patches/geary-CVE-2020-24661.patch b/gnu/packages= /patches/geary-CVE-2020-24661.patch deleted file mode 100644 index 6cbc224786..0000000000 =2D-- a/gnu/packages/patches/geary-CVE-2020-24661.patch +++ /dev/null @@ -1,133 +0,0 @@ =2DFrom d4e86dc91e1d8a940dc40872fe94ef9ac0fed1b5 Mon Sep 17 00:00:00 2001 =2DFrom: Michael Gratton =2DDate: Tue, 25 Aug 2020 03:54:09 +0000 =2DSubject: [PATCH] Merge branch 'mjog/866-self-signed-certificates' into =2D 'mainline' =2D =2DFix invalid certificate pinning when GCR support is unavailable =2D =2DCloses #866 =2D =2DSee merge request GNOME/geary!529 =2D =2D(cherry picked from commit 423a55b00f1dc6bee9dc17e67c0aea6f42387a77) =2D =2D5088adfe Application.CertificateManager: Rename some methods for clarity =2D0d957559 Application.CertificateManager: Check locally pinned certs for = equality =2D--- =2D .../application-certificate-manager.vala | 44 +++++++++---------- =2D 1 file changed, 22 insertions(+), 22 deletions(-) =2D =2Ddiff --git a/src/client/application/application-certificate-manager.vala= b/src/client/application/application-certificate-manager.vala =2Dindex 4881d73c0..65f6af4fa 100644 =2D--- a/src/client/application/application-certificate-manager.vala =2D+++ b/src/client/application/application-certificate-manager.vala =2D@@ -381,8 +381,8 @@ private class Application.TlsDatabase : GLib.TlsData= base { =2D GLib.TlsCertificateFlags ret =3D this.parent.verify_chain( =2D chain, purpose, identity, interaction, flags, cancellable =2D ); =2D- if (should_verify(ret, purpose, identity) && =2D- verify(chain, identity, cancellable)) { =2D+ if (check_pinned(ret, purpose, identity) && =2D+ is_pinned(chain, identity, cancellable)) { =2D ret =3D 0; =2D } =2D return ret; =2D@@ -399,16 +399,16 @@ private class Application.TlsDatabase : GLib.TlsDa= tabase { =2D GLib.TlsCertificateFlags ret =3D yield this.parent.verify_chain= _async( =2D chain, purpose, identity, interaction, flags, cancellable =2D ); =2D- if (should_verify(ret, purpose, identity) && =2D- yield verify_async(chain, identity, cancellable)) { =2D+ if (check_pinned(ret, purpose, identity) && =2D+ yield is_pinned_async(chain, identity, cancellable)) { =2D ret =3D 0; =2D } =2D return ret; =2D } =2D=20 =2D- private inline bool should_verify(GLib.TlsCertificateFlags parent_r= et, =2D- string purpose, =2D- GLib.SocketConnectable? identity)= { =2D+ private inline bool check_pinned(GLib.TlsCertificateFlags parent_re= t, =2D+ string purpose, =2D+ GLib.SocketConnectable? identity) { =2D // If the parent didn't verify, check for a locally pinned =2D // cert if it looks like we should, but always reject revoked =2D // certs =2D@@ -420,22 +420,22 @@ private class Application.TlsDatabase : GLib.TlsDa= tabase { =2D ); =2D } =2D=20 =2D- private bool verify(GLib.TlsCertificate chain, =2D- GLib.SocketConnectable identity, =2D- GLib.Cancellable? cancellable) =2D+ private bool is_pinned(GLib.TlsCertificate chain, =2D+ GLib.SocketConnectable identity, =2D+ GLib.Cancellable? cancellable) =2D throws GLib.Error { =2D- bool is_verified =3D false; =2D+ bool is_pinned =3D false; =2D string id =3D to_name(identity); =2D TrustContext? context =3D null; =2D lock (this.pinned_certs) { =2D context =3D this.pinned_certs.get(id); =2D if (context !=3D null) { =2D- is_verified =3D true; =2D+ is_pinned =3D context.certificate.is_same(chain); =2D } else { =2D // Cert not found in memory, check with GCR if =2D // enabled. =2D if (this.use_gcr) { =2D- is_verified =3D gcr_trust_is_certificate_pinned( =2D+ is_pinned =3D gcr_trust_is_certificate_pinned( =2D new Gcr.SimpleCertificate(chain.certificate.dat= a), =2D GLib.TlsDatabase.PURPOSE_AUTHENTICATE_SERVER, =2D id, =2D@@ -443,7 +443,7 @@ private class Application.TlsDatabase : GLib.TlsData= base { =2D ); =2D } =2D=20 =2D- if (!is_verified) { =2D+ if (!is_pinned) { =2D // Cert is not pinned in memory or in GCR, so look =2D // for it on disk. Do this even if GCR support is =2D // enabled, since if the cert was previously saved =2D@@ -453,7 +453,7 @@ private class Application.TlsDatabase : GLib.TlsData= base { =2D this.store_dir, id, cancellable =2D ); =2D this.pinned_certs.set(id, context); =2D- is_verified =3D true; =2D+ is_pinned =3D context.certificate.is_same(chain= ); =2D } catch (GLib.IOError.NOT_FOUND err) { =2D // Cert was not found saved, so it not pinned =2D } catch (GLib.Error err) { =2D@@ -465,18 +465,18 @@ private class Application.TlsDatabase : GLib.TlsDa= tabase { =2D } =2D } =2D } =2D- return is_verified; =2D+ return is_pinned; =2D } =2D=20 =2D- private async bool verify_async(GLib.TlsCertificate chain, =2D- GLib.SocketConnectable identity, =2D- GLib.Cancellable? cancellable) =2D+ private async bool is_pinned_async(GLib.TlsCertificate chain, =2D+ GLib.SocketConnectable identity, =2D+ GLib.Cancellable? cancellable) =2D throws GLib.Error { =2D- bool is_valid =3D false; =2D+ bool pinned =3D false; =2D yield Geary.Nonblocking.Concurrent.global.schedule_async(() =3D= > { =2D- is_valid =3D verify(chain, identity, cancellable); =2D+ pinned =3D is_pinned(chain, identity, cancellable); =2D }, cancellable); =2D- return is_valid; =2D+ return pinned; =2D } =2D=20 =2D private TrustContext? lookup_id(string id) { =2D--=20 =2DGitLab =2D =2D-=20 2.34.0 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAEBCAAdFiEEq4yIHjMvkliPpwQnO7C8EjLYuCwFAmGWqMcACgkQO7C8EjLY uCwcewwAhsWymQQy+qCcysOT8CpeX+lw8bYqrKev0WYesHoeXX2QeevmBlEy+AB1 EKp1AG6C14onC+HOi28Hum6NzixdZ8xeEogA9cuuSbh8vzSf5kAJasAdutTPWYA3 mlYT9V2lUzfRx5+suqLBRaJMRxR3YDCKztdb5S1Q5qu5thTrRCObMcuuJVuXeSZm VgZ0mfPl5fLErMz3Iz0AMstjwlXilk2t1kNumTfNrj+PHwtCpaImJ+fn9KdNxrnE Aflpy/enuY+FoRIwqHZazsxUH+YP/sAkCi+1iX9jqetSlr1BlwcvPIHw9TNW+nx/ lv2rjvRZ+zYpPEDcw1WIwhiM/skm02r6S8SexVQlaWSoIo1Sc5MGzrzUV3My7cHs eQuZrQ7Z9fzzy7x9dSNi6aI5lNrJmpDdKybvDxE7cQJzbWYd+btt1znnenzKyix5 WaDVVQz6IKZMunRUFPuck0i7YvUbQ37VFG3cdZ/kum0GyDmkQujqnDq5zKW7FgNk Rmein6Eg =mcFJ -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 18 15:30:02 2021 Received: (at 51956) by debbugs.gnu.org; 18 Nov 2021 20:30:02 +0000 Received: from localhost ([127.0.0.1]:37309 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mno2g-0005rN-2q for submit@debbugs.gnu.org; Thu, 18 Nov 2021 15:30:02 -0500 Received: from planete-kraus.eu ([89.234.140.182]:34690) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mno2a-0005r9-MA for 51956@debbugs.gnu.org; Thu, 18 Nov 2021 15:29:56 -0500 Received: from planete-kraus.eu (localhost.lan [127.0.0.1]) by planete-kraus.eu (OpenSMTPD) with ESMTP id 1996a3ac for <51956@debbugs.gnu.org>; Thu, 18 Nov 2021 20:29:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=planete-kraus.eu; h= references:from:to:subject:date:in-reply-to:message-id :mime-version:content-type; s=dkim; bh=IIc8mMeBNO4N3FRXomlGoVdzj oI=; b=qqAhm2PjNxfqRJ/N94ZhT87ubd22bns8wqQW7vHsMljPhNq1e2EzftM21 /IRUgBGJHg6BodqHkNBVSYOoY4rioG9ZTb8POEJobcxEuHlf+qPnvHDs7n8KJKTo wxkYgkrsVj1pLMDfnGPBz3QfHf85yP2/myF22d1AdRzy7ygJrs= Received: by planete-kraus.eu (OpenSMTPD) with ESMTPSA id 0cfc8993 (TLSv1.3:AEAD-CHACHA20-POLY1305-SHA256:256:NO) for <51956@debbugs.gnu.org>; Thu, 18 Nov 2021 20:29:46 +0000 (UTC) References: <87h7c99sft.fsf@planete-kraus.eu> User-agent: mu4e 1.6.10; emacs 27.2 From: Vivien Kraus To: 51956@debbugs.gnu.org Subject: Re: bug#51956: Acknowledgement ([PATCH] On core-updates-frozen, geary is criminally outdated) Date: Thu, 18 Nov 2021 21:28:22 +0100 In-reply-to: Message-ID: <87czmx9phh.fsf@planete-kraus.eu> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 51956 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain If we enable experimental support for gmime 3.0 in pan, we can get rid of gmime 2.6. Is it worth it? Vivien --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-gnu-gmime-Install-the-vapi-file.patch Content-Transfer-Encoding: quoted-printable From=2011b027d7b34a2ac2e8591d4db2bb9a2d8086024e Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Thu, 18 Nov 2021 19:44:03 +0100 Subject: [PATCH 1/3] gnu: gmime: Install the vapi file. * gnu/packages/mail.scm (gmime)[configure flags]: Build the vapi file. [native-inputs]: Add vala. =2D-- gnu/packages/mail.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index c92ec14c04..c3be5330f3 100644 =2D-- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -727,13 +727,14 @@ (define-public gmime (native-inputs `(("pkg-config" ,pkg-config) ("gnupg" ,gnupg) ; for tests only =2D ("gobject-introspection" ,gobject-introspection))) + ("gobject-introspection" ,gobject-introspection) + ("vala" ,vala))) (inputs `(("glib" ,glib) ("gpgme" ,gpgme) ("zlib" ,zlib))) (arguments `(#:configure-flags =2D (list "--enable-introspection=3Dyes") + (list "--enable-introspection=3Dyes" "--enable-vapigen=3Dyes") #:phases (modify-phases %standard-phases (add-after =2D-=20 2.34.0 --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: attachment; filename=0002-gnu-geary-Upgrade-to-40.0.patch Content-Transfer-Encoding: quoted-printable From=20889e93849db8434abbfcfd63d30979a57535f6e5 Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Wed, 10 Nov 2021 20:18:46 +0000 Subject: [PATCH 2/3] gnu: geary: Upgrade to 40.0 * gnu/packages/gnome.scm (geary): Upgrade to 40.0. =2D-- gnu/local.mk | 1 - gnu/packages/gnome.scm | 52 ++++--- .../patches/geary-CVE-2020-24661.patch | 133 ------------------ 3 files changed, 35 insertions(+), 151 deletions(-) delete mode 100644 gnu/packages/patches/geary-CVE-2020-24661.patch diff --git a/gnu/local.mk b/gnu/local.mk index f25548f137..d35be45f76 100644 =2D-- a/gnu/local.mk +++ b/gnu/local.mk @@ -1111,7 +1111,6 @@ dist_patch_DATA =3D \ %D%/packages/patches/gdm-elogind-support.patch \ %D%/packages/patches/gdm-remove-hardcoded-xwayland-path.patch \ %D%/packages/patches/gdm-wayland-session-wrapper-from-env.patch \ =2D %D%/packages/patches/geary-CVE-2020-24661.patch \ %D%/packages/patches/genimage-mke2fs-test.patch \ %D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 8d382d411c..78042c4939 100644 =2D-- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -140,6 +140,7 @@ (define-module (gnu packages gnome) #:use-module (gnu packages inkscape) #:use-module (gnu packages iso-codes) #:use-module (gnu packages kerberos) + #:use-module (gnu packages language) #:use-module (gnu packages libcanberra) #:use-module (gnu packages libffi) #:use-module (gnu packages libunistring) @@ -11737,34 +11738,46 @@ (define-public gnome-boxes (define-public geary (package (name "geary") =2D (version "3.34.1") + (version "40.0") (source (origin (method git-fetch) (uri (git-reference =2D (url "https://gitlab.gnome.org/GNOME/geary") =2D (commit version))) + (url "https://gitlab.gnome.org/GNOME/geary.git") + (commit (string-append "gnome-" version)))) (file-name (git-file-name name version)) (sha256 (base32 =2D "01cc921kyh3zxz07biqbdzkjgmdcc36kwjyajm4y382a75cl5zg7")) =2D (patches (search-patches "geary-CVE-2020-24661.patch")))) + "04hvw86r8sczvjm1z3ls5y5y5h6nyfb648rjkfx05ib00mqq5v1x")))) (build-system meson-build-system) (arguments `(#:glib-or-gtk? #t + #:configure-flags + '("-Dprofile=3Drelease") #:phases (modify-phases %standard-phases (add-after 'unpack 'disable-failing-tests (lambda _ =2D (substitute* "test/meson.build" =2D (("test\\('client-tests', geary_test_client_bin\= \)") =2D "")) =2D #t)) + (substitute* "test/test-client.vala" + (("client.add_suite\\(new Application.CertificateM= anagerTest\\(\\).suite\\);") + "")))) + (add-after 'unpack 'generate-vapis + (lambda* (#:key inputs #:allow-other-keys) + ;; It=E2=80=99s not possible to generate the GMime v= api, because + ;; there=E2=80=99s custom metadata that gmime didn= =E2=80=99t + ;; install. Thus, the vapi should be built and insta= lled + ;; with gmime. + (define gmime + (assoc-ref inputs "gmime")) + (copy-file (string-append gmime "/share/vala/vapi/gm= ime-3.0.vapi") + "bindings/vapi/gmime-3.0.vapi"))) (add-after 'unpack 'disable-postinstall-script (lambda _ =2D (substitute* "meson.build" =2D (("meson.add_install_script\\(\ =2Djoin_paths\\('build-aux', 'post_install.py'\\)\\)") =2D "")) =2D #t)) + (substitute* "build-aux/post_install.py" + (("gtk-update-icon-cache") + "true")))) + (add-before 'check 'setup-home + (lambda _ + ;; Tests require a writable HOME. + (setenv "HOME" (getcwd)))) (add-before 'check 'setup-xvfb (lambda _ (system "Xvfb :1 &") @@ -11775,28 +11788,33 @@ (define-public geary ("folks" ,folks) ("gcr" ,gcr) ("glib" ,glib) =2D ("gmime" ,gmime-2.6) + ("gmime" ,gmime) ("gnome-online-accounts:lib" ,gnome-online-accounts "lib") + ("gsettings-desktop-schemas" ,gsettings-desktop-schemas) ("gspell" ,gspell) + ("gsound" ,gsound) ("gtk+" ,gtk+) ("iso-codes" ,iso-codes) ("json-glib" ,json-glib) ("libcanberra" ,libcanberra) ("libgee" ,libgee) =2D ("libhandy" ,libhandy-0.0) + ("libhandy" ,libhandy) ("libpeas" ,libpeas) ("libsecret" ,libsecret) + ("libstemmer" ,libstemmer) ("libunwind" ,libunwind) ("sqlite" ,sqlite) =2D ("webkitgtk" ,webkitgtk) + ("webkitgtk" ,webkitgtk-with-libsoup2) ("ytnef" ,ytnef))) (native-inputs `(("appstream-glib" ,appstream-glib) ("cmake-minimal" ,cmake-minimal) ("desktop-file-utils" ,desktop-file-utils) ("gettext" ,gettext-minimal) + ("glib" ,glib) ("glib:bin" ,glib "bin") + ("gmime" ,gmime) ("gobject-introspection" ,gobject-introspection) ("itstool" ,itstool) ("libarchive" ,libarchive) diff --git a/gnu/packages/patches/geary-CVE-2020-24661.patch b/gnu/packages= /patches/geary-CVE-2020-24661.patch deleted file mode 100644 index 6cbc224786..0000000000 =2D-- a/gnu/packages/patches/geary-CVE-2020-24661.patch +++ /dev/null @@ -1,133 +0,0 @@ =2DFrom d4e86dc91e1d8a940dc40872fe94ef9ac0fed1b5 Mon Sep 17 00:00:00 2001 =2DFrom: Michael Gratton =2DDate: Tue, 25 Aug 2020 03:54:09 +0000 =2DSubject: [PATCH] Merge branch 'mjog/866-self-signed-certificates' into =2D 'mainline' =2D =2DFix invalid certificate pinning when GCR support is unavailable =2D =2DCloses #866 =2D =2DSee merge request GNOME/geary!529 =2D =2D(cherry picked from commit 423a55b00f1dc6bee9dc17e67c0aea6f42387a77) =2D =2D5088adfe Application.CertificateManager: Rename some methods for clarity =2D0d957559 Application.CertificateManager: Check locally pinned certs for = equality =2D--- =2D .../application-certificate-manager.vala | 44 +++++++++---------- =2D 1 file changed, 22 insertions(+), 22 deletions(-) =2D =2Ddiff --git a/src/client/application/application-certificate-manager.vala= b/src/client/application/application-certificate-manager.vala =2Dindex 4881d73c0..65f6af4fa 100644 =2D--- a/src/client/application/application-certificate-manager.vala =2D+++ b/src/client/application/application-certificate-manager.vala =2D@@ -381,8 +381,8 @@ private class Application.TlsDatabase : GLib.TlsData= base { =2D GLib.TlsCertificateFlags ret =3D this.parent.verify_chain( =2D chain, purpose, identity, interaction, flags, cancellable =2D ); =2D- if (should_verify(ret, purpose, identity) && =2D- verify(chain, identity, cancellable)) { =2D+ if (check_pinned(ret, purpose, identity) && =2D+ is_pinned(chain, identity, cancellable)) { =2D ret =3D 0; =2D } =2D return ret; =2D@@ -399,16 +399,16 @@ private class Application.TlsDatabase : GLib.TlsDa= tabase { =2D GLib.TlsCertificateFlags ret =3D yield this.parent.verify_chain= _async( =2D chain, purpose, identity, interaction, flags, cancellable =2D ); =2D- if (should_verify(ret, purpose, identity) && =2D- yield verify_async(chain, identity, cancellable)) { =2D+ if (check_pinned(ret, purpose, identity) && =2D+ yield is_pinned_async(chain, identity, cancellable)) { =2D ret =3D 0; =2D } =2D return ret; =2D } =2D=20 =2D- private inline bool should_verify(GLib.TlsCertificateFlags parent_r= et, =2D- string purpose, =2D- GLib.SocketConnectable? identity)= { =2D+ private inline bool check_pinned(GLib.TlsCertificateFlags parent_re= t, =2D+ string purpose, =2D+ GLib.SocketConnectable? identity) { =2D // If the parent didn't verify, check for a locally pinned =2D // cert if it looks like we should, but always reject revoked =2D // certs =2D@@ -420,22 +420,22 @@ private class Application.TlsDatabase : GLib.TlsDa= tabase { =2D ); =2D } =2D=20 =2D- private bool verify(GLib.TlsCertificate chain, =2D- GLib.SocketConnectable identity, =2D- GLib.Cancellable? cancellable) =2D+ private bool is_pinned(GLib.TlsCertificate chain, =2D+ GLib.SocketConnectable identity, =2D+ GLib.Cancellable? cancellable) =2D throws GLib.Error { =2D- bool is_verified =3D false; =2D+ bool is_pinned =3D false; =2D string id =3D to_name(identity); =2D TrustContext? context =3D null; =2D lock (this.pinned_certs) { =2D context =3D this.pinned_certs.get(id); =2D if (context !=3D null) { =2D- is_verified =3D true; =2D+ is_pinned =3D context.certificate.is_same(chain); =2D } else { =2D // Cert not found in memory, check with GCR if =2D // enabled. =2D if (this.use_gcr) { =2D- is_verified =3D gcr_trust_is_certificate_pinned( =2D+ is_pinned =3D gcr_trust_is_certificate_pinned( =2D new Gcr.SimpleCertificate(chain.certificate.dat= a), =2D GLib.TlsDatabase.PURPOSE_AUTHENTICATE_SERVER, =2D id, =2D@@ -443,7 +443,7 @@ private class Application.TlsDatabase : GLib.TlsData= base { =2D ); =2D } =2D=20 =2D- if (!is_verified) { =2D+ if (!is_pinned) { =2D // Cert is not pinned in memory or in GCR, so look =2D // for it on disk. Do this even if GCR support is =2D // enabled, since if the cert was previously saved =2D@@ -453,7 +453,7 @@ private class Application.TlsDatabase : GLib.TlsData= base { =2D this.store_dir, id, cancellable =2D ); =2D this.pinned_certs.set(id, context); =2D- is_verified =3D true; =2D+ is_pinned =3D context.certificate.is_same(chain= ); =2D } catch (GLib.IOError.NOT_FOUND err) { =2D // Cert was not found saved, so it not pinned =2D } catch (GLib.Error err) { =2D@@ -465,18 +465,18 @@ private class Application.TlsDatabase : GLib.TlsDa= tabase { =2D } =2D } =2D } =2D- return is_verified; =2D+ return is_pinned; =2D } =2D=20 =2D- private async bool verify_async(GLib.TlsCertificate chain, =2D- GLib.SocketConnectable identity, =2D- GLib.Cancellable? cancellable) =2D+ private async bool is_pinned_async(GLib.TlsCertificate chain, =2D+ GLib.SocketConnectable identity, =2D+ GLib.Cancellable? cancellable) =2D throws GLib.Error { =2D- bool is_valid =3D false; =2D+ bool pinned =3D false; =2D yield Geary.Nonblocking.Concurrent.global.schedule_async(() =3D= > { =2D- is_valid =3D verify(chain, identity, cancellable); =2D+ pinned =3D is_pinned(chain, identity, cancellable); =2D }, cancellable); =2D- return is_valid; =2D+ return pinned; =2D } =2D=20 =2D private TrustContext? lookup_id(string id) { =2D--=20 =2DGitLab =2D =2D-=20 2.34.0 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0003-gnu-pan-Use-gmime-3.0.patch Content-Transfer-Encoding: quoted-printable From=2048e6b0dd3bb67e2a62788a5f075f6afecd33db89 Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Thu, 18 Nov 2021 21:26:58 +0100 Subject: [PATCH 3/3] gnu: pan: Use gmime 3.0. * gnu/packages/mail.scm (pan) [configure-flags]: Enable gmime 3.0. [inputs]: Use gmime 3.0. * gnu/packages/mail.scm (gmime-2.6): Remove it. =2D-- gnu/packages/mail.scm | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index c3be5330f3..53ee69ae0f 100644 =2D-- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -760,20 +760,6 @@ (define-public gmime Extension (MIME).") (license (list license:lgpl2.1+ license:gpl2+ license:gpl3+)))) =20 =2D;; Some packages are not ready for GMime 3 yet. =2D(define-public gmime-2.6 =2D (package =2D (inherit gmime) =2D (version "2.6.23") =2D (source (origin =2D (method url-fetch) =2D (uri (string-append "mirror://gnome/sources/gmime/" =2D (version-major+minor version) =2D "/gmime-" version ".tar.xz")) =2D (sha256 =2D (base32 =2D "0slzlzcr3h8jikpz5a5amqd0csqh2m40gdk910ws2hnaf5m6hjbi"))= )))) =2D (define-public altermime (package (name "altermime") @@ -3875,6 +3861,7 @@ (define-public pan (base32 "0960siaf0r6m18kv0d8aqpf36x2xbsfcvk07kswlany7jbxrhylr")))) (arguments `(#:configure-flags '("--with-gtk3" "--with-gtkspell" "--with-gnutls" + "--with-gmime30" "--enable-libnotify" "--enable-manual" "--enable-gkr") #:phases @@ -3887,7 +3874,7 @@ (define-public pan "/bin/gpg\""))) #t))))) (inputs =2D `(("gmime" ,gmime-2.6) + `(("gmime" ,gmime) ("gnupg" ,gnupg) ("gnutls" ,gnutls) ("gtk+" ,gtk+) =2D-=20 2.34.0 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAEBCAAdFiEEq4yIHjMvkliPpwQnO7C8EjLYuCwFAmGWt7oACgkQO7C8EjLY uCx8Zgv/WWxbfS+3EVhGKNCpgThj/HxSyZDi9ydGBJsVtXF2zvz1yC4nHTbwDt4X F7/nVKS4qYpGSal9Jyt+WLQrB84THdwgsEcUeFjO1a/aFRy/43izBLSQUIrnw+8b R86RxknEzs6OOvPAkRPnCJu1cZ9BQOVI95gMXj8CQqazacZa1mcXYGZsoscqtKxC rKfqY7y0QjRsuYCtMPOxlIcQN1bTBm3aJ/gF1Fm7hipd3ejMkyZpctVn2UXP6mRq dPzMAUsjebtEZtYzzlFTgG6NvIjvLD8dn51L3CuUwy7tn5fzfehCBTnP3jujB05w cljWTvQzjKbn+an0xdkBR0Bxhh67Hrl9O2QPVPixUJiUwXZ5md56/+O54vySuSSk ITf6fM/3VleDrvKfw1JoUvvmjIWzUp5QTZLuvtuB69jJFLDsvaVLArccE791NEvS 3+K6+dD4VSpa6OE0RuWpKCUgMI261OP5gQ9M5bDXYxaeNPyvw+Gjdr2ivNXGZlu5 QNsAaxZ/ =JHdE -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 19 08:20:42 2021 Received: (at 51956-done) by debbugs.gnu.org; 19 Nov 2021 13:20:42 +0000 Received: from localhost ([127.0.0.1]:38413 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mo3on-0005Zw-Rz for submit@debbugs.gnu.org; Fri, 19 Nov 2021 08:20:42 -0500 Received: from eggs.gnu.org ([209.51.188.92]:50796) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mo3om-0005Ze-TA for 51956-done@debbugs.gnu.org; Fri, 19 Nov 2021 08:20:41 -0500 Received: from [2001:470:142:3::e] (port=57062 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mo3oh-0001ef-Dn; Fri, 19 Nov 2021 08:20:35 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=ViQzqIgRNXkV4SSsu+fkcXuN8KtwzcBLzrsJK0bzL6o=; b=SVhftVRzAgoLe+udytTo 23YjPaQ05IXf3k0pbAwtu3F6Tq1dciCuZkvZgg1L4cYumi5d9RzLHib2rJ1A7HQ+BEL1ARC60Ory1 99UVgMbXmLfPSHpKhhZ3VxlSIYqd731yGmUU8fMG9bquPktI7JO3ALqyswTFW/v14G+q6iEoeJS4N bfffKyhXU6fEjncOAax7+V6Z28R0JvRjLhWAKqd4r9/n9cRLwAY5k7d97fDVj6PQZNWoqYCyzzU1k IDK3dMpp9o5oIwEr87Q56rVqRf79P0LRTblEYyQK2bu94xBsTALpphxwlaFscAvXM/0vsxG6kTp+k XFLgk+6Ok5tmDw==; Received: from [193.50.110.190] (port=37476 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mo3oh-0006Dh-5u; Fri, 19 Nov 2021 08:20:35 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Vivien Kraus Subject: Re: bug#51956: [PATCH] On core-updates-frozen, geary is criminally outdated References: <87h7c99sft.fsf@planete-kraus.eu> Date: Fri, 19 Nov 2021 14:20:32 +0100 In-Reply-To: <87h7c99sft.fsf@planete-kraus.eu> (Vivien Kraus's message of "Thu, 18 Nov 2021 20:25:58 +0100") Message-ID: <87r1bcl1sv.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 51956-done Cc: 51956-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! Vivien Kraus skribis: > I finally managed to upgrade geary. The latest release lacks the GMime > 3.0 vapi, and that=E2=80=99s not something we can generate easily (there= =E2=80=99s > custom metadata and custom code), so I had to install it with gmime. > > What do you think? No strong opinion, LGTM. > From 65c6544aca89c3a8797de22861f06a3f7bb831bf Mon Sep 17 00:00:00 2001 > From: Vivien Kraus > Date: Thu, 18 Nov 2021 19:44:03 +0100 > Subject: [PATCH 1/2] gnu: gmime: Install the vapi file. > > * gnu/packages/mail.scm (gmime)[configure flags]: Build the vapi file. > [native-inputs]: Add vala. [...] > From cf80e70f47532fa5057755b6e08cc6ea1a346a1f Mon Sep 17 00:00:00 2001 > From: Vivien Kraus > Date: Wed, 10 Nov 2021 20:18:46 +0000 > Subject: [PATCH 2/2] gnu: geary: Upgrade to 40.0 > > * gnu/packages/gnome.scm (geary): Upgrade to 40.0. Applied! Let=E2=80=99s discuss the possibility of getting rid of gmime 2.6 separatel= y. Thanks, Ludo=E2=80=99. From unknown Tue Jun 17 01:43:18 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sat, 18 Dec 2021 12:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator