GNU bug report logs -
#67844
[PATCH 1/2] gnu: Add libgda-5.
Previous Next
Reported by: Ale Abdo <abdo <at> member.fsf.org>
Date: Fri, 15 Dec 2023 21:25:02 UTC
Severity: normal
Tags: patch
Done: Alexandre Hannud Abdo <abdo <at> member.fsf.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 67844 in the body.
You can then email your comments to 67844 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#67844; Package
guix-patches.
(Fri, 15 Dec 2023 21:25:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Ale Abdo <abdo <at> member.fsf.org>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Fri, 15 Dec 2023 21:25:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/gnome.scm (libgda-5): New variable.
Bring back libgda at version 5, required by sequeler.
Adapt and apply patch for cve-2021-39359.
Change-Id: I152273ebe788029e596193912ed63a24f489eab6
---
gnu/packages/gnome.scm | 90 +++++++++++++++++++
.../patches/libgda-5-cve-2021-39359.patch | 33 +++++++
2 files changed, 123 insertions(+)
create mode 100644 gnu/packages/patches/libgda-5-cve-2021-39359.patch
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 69698cf4fc..5800e09ea8 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -13241,6 +13241,96 @@ (define-public libgda
your data.")
(license license:lgpl2.1+)))
+
+;; This is required for 'sequeler which has not been ported to libgda-6 yet.
+(define-public libgda-5
+ (package
+ (name "libgda")
+ (version "5.2.10")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://gitlab.gnome.org/GNOME/libgda.git/")
+ (commit (string-append "LIBGDA_" (string-replace-substring
+ version "." "_")))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "18rg773gq9v3cdywpmrp12c5xyp97ir9yqjinccpi22sksb1kl8a"))
+ (modules '((guix build utils)))
+ (snippet
+ ;; Remove the bundled sqlite, but keep its header because code relies
+ ;; on this header variant.
+ '(delete-file "libgda/sqlite/sqlite-src/sqlite3.c"))
+ (patches (search-patches "libgda-5-cve-2021-39359.patch"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags '("--enable-system-sqlite" "--enable-vala")
+ ;; There's a race between check_cnc_lock and check_threaded_cnc
+ ;; in tests/multi-threading.
+ #:parallel-tests? #f
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'fix-glade-install
+ (lambda _
+ (substitute* "configure.ac"
+ (("`\\$PKG_CONFIG --variable=catalogdir gladeui-2\\.0`")
+ "${datadir}/glade/catalogs")
+ (("`\\$PKG_CONFIG --variable=pixmapdir gladeui-2\\.0`")
+ "${datadir}/glade/pixmaps"))
+ #t))
+ (add-before 'check 'pre-check
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; Tests require a running X server.
+ (system "Xvfb :1 &")
+ (setenv "DISPLAY" ":1")
+ #t))
+ (add-after 'install 'symlink-glade-module
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((shlib "libgda-ui-5.0.so")
+ (out (assoc-ref outputs "out"))
+ (out/lib (string-append out "/lib"))
+ (moduledir (string-append out/lib "/glade/modules")))
+ (mkdir-p moduledir)
+ (symlink (string-append out/lib "/" shlib)
+ (string-append moduledir "/" shlib))
+ #t))))))
+ (propagated-inputs
+ (list libxml2)) ; required by libgda-5.0.pc
+ (inputs
+ (list glib
+ glade3
+ gtk+
+ libsecret
+ libxslt
+ openssl
+ sqlite
+ vala))
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("autoconf-archive" ,autoconf-archive)
+ ("automake" ,automake)
+ ("glib:bin" ,glib "bin")
+ ("gnome-common" ,gnome-common)
+ ("gobject-introspection" ,gobject-introspection)
+ ("gtk-doc" ,gtk-doc/stable)
+ ("intltool" ,intltool)
+ ("libtool" ,libtool)
+ ("pkg-config" ,pkg-config)
+ ("vala" ,vala)
+ ("which" ,which)
+ ("xorg-server" ,xorg-server-for-tests)
+ ("yelp-tools" ,yelp-tools)))
+ (home-page "https://gitlab.gnome.org/GNOME/libgda")
+ (synopsis "Uniform data access")
+ (description
+ "GNU Data Access (GDA) is an attempt to provide uniform access to
+different kinds of data sources (databases, information servers, mail spools,
+etc). It is a complete architecture that provides all you need to access
+your data.")
+ (license license:lgpl2.1+)))
+
+
(define-public gtranslator
(package
(name "gtranslator")
diff --git a/gnu/packages/patches/libgda-5-cve-2021-39359.patch b/gnu/packages/patches/libgda-5-cve-2021-39359.patch
new file mode 100644
index 0000000000..960eab7e4e
--- /dev/null
+++ b/gnu/packages/patches/libgda-5-cve-2021-39359.patch
@@ -0,0 +1,33 @@
+From bebdffb4de586fb43fd07ac549121f4b22f6812d Mon Sep 17 00:00:00 2001
+From: "Douglas R. Reno" <renodr <at> linuxfromscratch.org>
+Date: Mon, 18 Oct 2021 13:18:01 -0500
+Subject: [PATCH] Fix CVE-2021-39359 by forcing TLS certificate validation
+
+This was done by adding "ssl-use-system-ca-file", TRUE to the options
+for each soup_session_new_with_options() call that was made.
+
+Tested on Linux From Scratch 11.0 and Debian 11.
+
+Fixes #249
+---
+ providers/web/gda-web-provider.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/providers/web/gda-web-provider.c b/providers/web/gda-web-provider.c
+index cf8d14dc3..cc818895f 100644
+--- a/providers/web/gda-web-provider.c
++++ b/providers/web/gda-web-provider.c
+@@ -355,8 +355,8 @@ gda_web_provider_open_connection (GdaServerProvider *provider, GdaConnection *cn
+ g_rec_mutex_init (& (cdata->mutex));
+ cdata->server_id = NULL;
+ cdata->forced_closing = FALSE;
+- cdata->worker_session = soup_session_sync_new ();
+- cdata->front_session = soup_session_sync_new_with_options ("max-conns-per-host", 1, NULL);
++ cdata->worker_session = soup_session_new_with_options ("ssl-use-system-ca-file", TRUE, NULL);
++ cdata->front_session = soup_session_new_with_options ("max-conns-per-host", 1, "ssl-use-system-ca-file", TRUE, NULL);
+ if (use_ssl) {
+ server_url = g_string_new ("https://");
+ g_print ("USING SSL\n");
+--
+GitLab
+
base-commit: 92f179ab20f1835933b2526bfc5d9489e3b1e226
--
2.41.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#67844; Package
guix-patches.
(Fri, 12 Jan 2024 17:01:03 GMT)
Full text and
rfc822 format available.
Message #8 received at 67844 <at> debbugs.gnu.org (full text, mbox):
Reply sent
to
Alexandre Hannud Abdo <abdo <at> member.fsf.org>:
You have taken responsibility.
(Fri, 12 Jan 2024 17:15:04 GMT)
Full text and
rfc822 format available.
Notification sent
to
Ale Abdo <abdo <at> member.fsf.org>:
bug acknowledged by developer.
(Fri, 12 Jan 2024 17:15:04 GMT)
Full text and
rfc822 format available.
Message #13 received at 67844-done <at> debbugs.gnu.org (full text, mbox):
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 10 Feb 2024 12:24:11 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 182 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.