summaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorVivien Kraus <vivien@planete-kraus.eu>2021-11-10 20:18:46 +0000
committerLudovic Courtès <ludo@gnu.org>2021-11-19 14:26:15 +0100
commitd9e3c1b0b36717278e9ee326c627d55a2ab27629 (patch)
treea52415aef6cf5bb8a5c4fd7d70c4b1fa033a9916 /gnu/packages/patches
parent86f031e877cd0f494d70f0ee67790628b63140f9 (diff)
gnu: geary: Upgrade to 40.0
* gnu/packages/gnome.scm (geary): Upgrade to 40.0. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/geary-CVE-2020-24661.patch133
1 files changed, 0 insertions, 133 deletions
diff --git a/gnu/packages/patches/geary-CVE-2020-24661.patch b/gnu/packages/patches/geary-CVE-2020-24661.patch
deleted file mode 100644
index 6cbc224786..0000000000
--- a/gnu/packages/patches/geary-CVE-2020-24661.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From d4e86dc91e1d8a940dc40872fe94ef9ac0fed1b5 Mon Sep 17 00:00:00 2001
-From: Michael Gratton <mike@vee.net>
-Date: Tue, 25 Aug 2020 03:54:09 +0000
-Subject: [PATCH] Merge branch 'mjog/866-self-signed-certificates' into
- 'mainline'
-
-Fix invalid certificate pinning when GCR support is unavailable
-
-Closes #866
-
-See merge request GNOME/geary!529
-
-(cherry picked from commit 423a55b00f1dc6bee9dc17e67c0aea6f42387a77)
-
-5088adfe Application.CertificateManager: Rename some methods for clarity
-0d957559 Application.CertificateManager: Check locally pinned certs for equality
----
- .../application-certificate-manager.vala | 44 +++++++++----------
- 1 file changed, 22 insertions(+), 22 deletions(-)
-
-diff --git a/src/client/application/application-certificate-manager.vala b/src/client/application/application-certificate-manager.vala
-index 4881d73c0..65f6af4fa 100644
---- a/src/client/application/application-certificate-manager.vala
-+++ b/src/client/application/application-certificate-manager.vala
-@@ -381,8 +381,8 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- GLib.TlsCertificateFlags ret = this.parent.verify_chain(
- chain, purpose, identity, interaction, flags, cancellable
- );
-- if (should_verify(ret, purpose, identity) &&
-- verify(chain, identity, cancellable)) {
-+ if (check_pinned(ret, purpose, identity) &&
-+ is_pinned(chain, identity, cancellable)) {
- ret = 0;
- }
- return ret;
-@@ -399,16 +399,16 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- GLib.TlsCertificateFlags ret = yield this.parent.verify_chain_async(
- chain, purpose, identity, interaction, flags, cancellable
- );
-- if (should_verify(ret, purpose, identity) &&
-- yield verify_async(chain, identity, cancellable)) {
-+ if (check_pinned(ret, purpose, identity) &&
-+ yield is_pinned_async(chain, identity, cancellable)) {
- ret = 0;
- }
- return ret;
- }
-
-- private inline bool should_verify(GLib.TlsCertificateFlags parent_ret,
-- string purpose,
-- GLib.SocketConnectable? identity) {
-+ private inline bool check_pinned(GLib.TlsCertificateFlags parent_ret,
-+ string purpose,
-+ GLib.SocketConnectable? identity) {
- // If the parent didn't verify, check for a locally pinned
- // cert if it looks like we should, but always reject revoked
- // certs
-@@ -420,22 +420,22 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- );
- }
-
-- private bool verify(GLib.TlsCertificate chain,
-- GLib.SocketConnectable identity,
-- GLib.Cancellable? cancellable)
-+ private bool is_pinned(GLib.TlsCertificate chain,
-+ GLib.SocketConnectable identity,
-+ GLib.Cancellable? cancellable)
- throws GLib.Error {
-- bool is_verified = false;
-+ bool is_pinned = false;
- string id = to_name(identity);
- TrustContext? context = null;
- lock (this.pinned_certs) {
- context = this.pinned_certs.get(id);
- if (context != null) {
-- is_verified = true;
-+ is_pinned = context.certificate.is_same(chain);
- } else {
- // Cert not found in memory, check with GCR if
- // enabled.
- if (this.use_gcr) {
-- is_verified = gcr_trust_is_certificate_pinned(
-+ is_pinned = gcr_trust_is_certificate_pinned(
- new Gcr.SimpleCertificate(chain.certificate.data),
- GLib.TlsDatabase.PURPOSE_AUTHENTICATE_SERVER,
- id,
-@@ -443,7 +443,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- );
- }
-
-- if (!is_verified) {
-+ if (!is_pinned) {
- // Cert is not pinned in memory or in GCR, so look
- // for it on disk. Do this even if GCR support is
- // enabled, since if the cert was previously saved
-@@ -453,7 +453,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- this.store_dir, id, cancellable
- );
- this.pinned_certs.set(id, context);
-- is_verified = true;
-+ is_pinned = context.certificate.is_same(chain);
- } catch (GLib.IOError.NOT_FOUND err) {
- // Cert was not found saved, so it not pinned
- } catch (GLib.Error err) {
-@@ -465,18 +465,18 @@ private class Application.TlsDatabase : GLib.TlsDatabase {
- }
- }
- }
-- return is_verified;
-+ return is_pinned;
- }
-
-- private async bool verify_async(GLib.TlsCertificate chain,
-- GLib.SocketConnectable identity,
-- GLib.Cancellable? cancellable)
-+ private async bool is_pinned_async(GLib.TlsCertificate chain,
-+ GLib.SocketConnectable identity,
-+ GLib.Cancellable? cancellable)
- throws GLib.Error {
-- bool is_valid = false;
-+ bool pinned = false;
- yield Geary.Nonblocking.Concurrent.global.schedule_async(() => {
-- is_valid = verify(chain, identity, cancellable);
-+ pinned = is_pinned(chain, identity, cancellable);
- }, cancellable);
-- return is_valid;
-+ return pinned;
- }
-
- private TrustContext? lookup_id(string id) {
---
-GitLab
-