me
/
guix
Archived
1
0
Fork 0
Code

gnu: geary: Upgrade to 40.0 

* gnu/packages/gnome.scm (geary): Upgrade to 40.0.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
master
Vivien Kraus 2021-11-10 20:18:46 +00:00 committed by Ludovic Courtès
parent 86f031e877
commit d9e3c1b0b3
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
3 changed files with 35 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gnu/local.mk
View File

@ -1111,7 +1111,6 @@ dist_patch_DATA = \
%D%/packages/patches/gdm-elogind-support.patch \ %D%/packages/patches/gdm-elogind-support.patch \
%D%/packages/patches/gdm-remove-hardcoded-xwayland-path.patch \ %D%/packages/patches/gdm-remove-hardcoded-xwayland-path.patch \
%D%/packages/patches/gdm-wayland-session-wrapper-from-env.patch \ %D%/packages/patches/gdm-wayland-session-wrapper-from-env.patch \
%D%/packages/patches/geary-CVE-2020-24661.patch \
%D%/packages/patches/genimage-mke2fs-test.patch \ %D%/packages/patches/genimage-mke2fs-test.patch \
%D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/geoclue-config.patch \
%D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \ %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \

52
gnu/packages/gnome.scm
View File

@ -140,6 +140,7 @@
#:use-module (gnu packages inkscape) #:use-module (gnu packages inkscape)
#:use-module (gnu packages iso-codes) #:use-module (gnu packages iso-codes)
#:use-module (gnu packages kerberos) #:use-module (gnu packages kerberos)
#:use-module (gnu packages language)
#:use-module (gnu packages libcanberra) #:use-module (gnu packages libcanberra)
#:use-module (gnu packages libffi) #:use-module (gnu packages libffi)
#:use-module (gnu packages libunistring) #:use-module (gnu packages libunistring)
@ -11742,34 +11743,46 @@ these services on the Guix System.")
(define-public geary (define-public geary
(package (package
(name "geary") (name "geary")
(version "3.34.1") (version "40.0")
(source (origin (source (origin
(method git-fetch) (method git-fetch)
(uri (git-reference (uri (git-reference
(url "https://gitlab.gnome.org/GNOME/geary") (url "https://gitlab.gnome.org/GNOME/geary.git")
(commit version))) (commit (string-append "gnome-" version))))
(file-name (git-file-name name version)) (file-name (git-file-name name version))
(sha256 (sha256
(base32 (base32
"01cc921kyh3zxz07biqbdzkjgmdcc36kwjyajm4y382a75cl5zg7")) "04hvw86r8sczvjm1z3ls5y5y5h6nyfb648rjkfx05ib00mqq5v1x"))))
(patches (search-patches "geary-CVE-2020-24661.patch"))))
(build-system meson-build-system) (build-system meson-build-system)
(arguments (arguments
`(#:glib-or-gtk? #t `(#:glib-or-gtk? #t
#:configure-flags
'("-Dprofile=release")
#:phases (modify-phases %standard-phases #:phases (modify-phases %standard-phases
(add-after 'unpack 'disable-failing-tests (add-after 'unpack 'disable-failing-tests
(lambda _ (lambda _
(substitute* "test/meson.build" (substitute* "test/test-client.vala"
(("test\\('client-tests', geary_test_client_bin\\)") (("client.add_suite\\(new Application.CertificateManagerTest\\(\\).suite\\);")
"")) ""))))
#t)) (add-after 'unpack 'generate-vapis
(lambda* (#:key inputs #:allow-other-keys)
;; Its not possible to generate the GMime vapi, because
;; theres custom metadata that gmime didnt
;; install. Thus, the vapi should be built and installed
;; with gmime.
(define gmime
(assoc-ref inputs "gmime"))
(copy-file (string-append gmime "/share/vala/vapi/gmime-3.0.vapi")
"bindings/vapi/gmime-3.0.vapi")))
(add-after 'unpack 'disable-postinstall-script (add-after 'unpack 'disable-postinstall-script
(lambda _ (lambda _
(substitute* "meson.build" (substitute* "build-aux/post_install.py"
(("meson.add_install_script\\(\ (("gtk-update-icon-cache")
join_paths\\('build-aux', 'post_install.py'\\)\\)") "true"))))
"")) (add-before 'check 'setup-home
#t)) (lambda _
;; Tests require a writable HOME.
(setenv "HOME" (getcwd))))
(add-before 'check 'setup-xvfb (add-before 'check 'setup-xvfb
(lambda _ (lambda _
(system "Xvfb :1 &") (system "Xvfb :1 &")
@ -11780,28 +11793,33 @@ join_paths\\('build-aux', 'post_install.py'\\)\\)")
("folks" ,folks) ("folks" ,folks)
("gcr" ,gcr) ("gcr" ,gcr)
("glib" ,glib) ("glib" ,glib)
("gmime" ,gmime-2.6) ("gmime" ,gmime)
("gnome-online-accounts:lib" ("gnome-online-accounts:lib"
,gnome-online-accounts "lib") ,gnome-online-accounts "lib")
("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
("gspell" ,gspell) ("gspell" ,gspell)
("gsound" ,gsound)
("gtk+" ,gtk+) ("gtk+" ,gtk+)
("iso-codes" ,iso-codes) ("iso-codes" ,iso-codes)
("json-glib" ,json-glib) ("json-glib" ,json-glib)
("libcanberra" ,libcanberra) ("libcanberra" ,libcanberra)
("libgee" ,libgee) ("libgee" ,libgee)
("libhandy" ,libhandy-0.0) ("libhandy" ,libhandy)
("libpeas" ,libpeas) ("libpeas" ,libpeas)
("libsecret" ,libsecret) ("libsecret" ,libsecret)
("libstemmer" ,libstemmer)
("libunwind" ,libunwind) ("libunwind" ,libunwind)
("sqlite" ,sqlite) ("sqlite" ,sqlite)
("webkitgtk" ,webkitgtk) ("webkitgtk" ,webkitgtk-with-libsoup2)
("ytnef" ,ytnef))) ("ytnef" ,ytnef)))
(native-inputs (native-inputs
`(("appstream-glib" ,appstream-glib) `(("appstream-glib" ,appstream-glib)
("cmake-minimal" ,cmake-minimal) ("cmake-minimal" ,cmake-minimal)
("desktop-file-utils" ,desktop-file-utils) ("desktop-file-utils" ,desktop-file-utils)
("gettext" ,gettext-minimal) ("gettext" ,gettext-minimal)
("glib" ,glib)
("glib:bin" ,glib "bin") ("glib:bin" ,glib "bin")
("gmime" ,gmime)
("gobject-introspection" ,gobject-introspection) ("gobject-introspection" ,gobject-introspection)
("itstool" ,itstool) ("itstool" ,itstool)
("libarchive" ,libarchive) ("libarchive" ,libarchive)

133
gnu/packages/patches/geary-CVE-2020-24661.patch
View File

@ -1,133 +0,0 @@
From d4e86dc91e1d8a940dc40872fe94ef9ac0fed1b5 Mon Sep 17 00:00:00 2001
From: Michael Gratton <mike@vee.net>
Date: Tue, 25 Aug 2020 03:54:09 +0000
Subject: [PATCH] Merge branch 'mjog/866-self-signed-certificates' into
'mainline'
Fix invalid certificate pinning when GCR support is unavailable
Closes #866
See merge request GNOME/geary!529
(cherry picked from commit 423a55b00f1dc6bee9dc17e67c0aea6f42387a77)
5088adfe Application.CertificateManager: Rename some methods for clarity
0d957559 Application.CertificateManager: Check locally pinned certs for equality
---
.../application-certificate-manager.vala | 44 +++++++++----------
1 file changed, 22 insertions(+), 22 deletions(-)
diff --git a/src/client/application/application-certificate-manager.vala b/src/client/application/application-certificate-manager.vala
index 4881d73c0..65f6af4fa 100644
--- a/src/client/application/application-certificate-manager.vala
+++ b/src/client/application/application-certificate-manager.vala
@@ -381,8 +381,8 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
GLib.TlsCertificateFlags ret = this.parent.verify_chain(
chain, purpose, identity, interaction, flags, cancellable
);
- if (should_verify(ret, purpose, identity) &&
- verify(chain, identity, cancellable)) {
+ if (check_pinned(ret, purpose, identity) &&
+ is_pinned(chain, identity, cancellable)) {
ret = 0;
}
return ret;
@@ -399,16 +399,16 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
GLib.TlsCertificateFlags ret = yield this.parent.verify_chain_async(
chain, purpose, identity, interaction, flags, cancellable
);
- if (should_verify(ret, purpose, identity) &&
- yield verify_async(chain, identity, cancellable)) {
+ if (check_pinned(ret, purpose, identity) &&
+ yield is_pinned_async(chain, identity, cancellable)) {
ret = 0;
}
return ret;
}
- private inline bool should_verify(GLib.TlsCertificateFlags parent_ret,
- string purpose,
- GLib.SocketConnectable? identity) {
+ private inline bool check_pinned(GLib.TlsCertificateFlags parent_ret,
+ string purpose,
+ GLib.SocketConnectable? identity) {
// If the parent didn't verify, check for a locally pinned
// cert if it looks like we should, but always reject revoked
// certs
@@ -420,22 +420,22 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
);
}
- private bool verify(GLib.TlsCertificate chain,
- GLib.SocketConnectable identity,
- GLib.Cancellable? cancellable)
+ private bool is_pinned(GLib.TlsCertificate chain,
+ GLib.SocketConnectable identity,
+ GLib.Cancellable? cancellable)
throws GLib.Error {
- bool is_verified = false;
+ bool is_pinned = false;
string id = to_name(identity);
TrustContext? context = null;
lock (this.pinned_certs) {
context = this.pinned_certs.get(id);
if (context != null) {
- is_verified = true;
+ is_pinned = context.certificate.is_same(chain);
} else {
// Cert not found in memory, check with GCR if
// enabled.
if (this.use_gcr) {
- is_verified = gcr_trust_is_certificate_pinned(
+ is_pinned = gcr_trust_is_certificate_pinned(
new Gcr.SimpleCertificate(chain.certificate.data),
GLib.TlsDatabase.PURPOSE_AUTHENTICATE_SERVER,
id,
@@ -443,7 +443,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
);
}
- if (!is_verified) {
+ if (!is_pinned) {
// Cert is not pinned in memory or in GCR, so look
// for it on disk. Do this even if GCR support is
// enabled, since if the cert was previously saved
@@ -453,7 +453,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
this.store_dir, id, cancellable
);
this.pinned_certs.set(id, context);
- is_verified = true;
+ is_pinned = context.certificate.is_same(chain);
} catch (GLib.IOError.NOT_FOUND err) {
// Cert was not found saved, so it not pinned
} catch (GLib.Error err) {
@@ -465,18 +465,18 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
}
}
}
- return is_verified;
+ return is_pinned;
}
- private async bool verify_async(GLib.TlsCertificate chain,
- GLib.SocketConnectable identity,
- GLib.Cancellable? cancellable)
+ private async bool is_pinned_async(GLib.TlsCertificate chain,
+ GLib.SocketConnectable identity,
+ GLib.Cancellable? cancellable)
throws GLib.Error {
- bool is_valid = false;
+ bool pinned = false;
yield Geary.Nonblocking.Concurrent.global.schedule_async(() => {
- is_valid = verify(chain, identity, cancellable);
+ pinned = is_pinned(chain, identity, cancellable);
}, cancellable);
- return is_valid;
+ return pinned;
}
private TrustContext? lookup_id(string id) {
--
GitLab