commit librest for openSUSE:Factory

Source-Sync Wed, 21 Sep 2022 05:40:23 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package librest for openSUSE:Factory checked 
in at 2022-09-21 14:39:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/librest (Old)
 and      /work/SRC/openSUSE:Factory/.librest.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "librest"

Wed Sep 21 14:39:52 2022 rev:29 rq:1003277 version:0.9.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/librest/librest.changes  2022-06-20 
15:39:27.387050870 +0200
+++ /work/SRC/openSUSE:Factory/.librest.new.2083/librest.changes        
2022-09-21 14:40:14.461390304 +0200
@@ -1,0 +2,20 @@
+Sun Sep 11 12:25:12 UTC 2022 - Bj??rn Lie <bjorn....@gmail.com>
+
+- Add patches to fix some minor issues that upstream have solved in
+  a different way in git, but this should suffice for now for us:
+  + 0001-rest_proxy_call_sync-bail-out-if-no-payload.patch:
+    rest_proxy_call_sync: bail out if no payload.
+  + 0002-Handle-some-potential-problems-in-parsing-oauth2-acc.patch:
+    Handle some potential problems in parsing oauth2 access tokens.
+
+-------------------------------------------------------------------
+Sat Aug 20 23:06:52 UTC 2022 - Bj??rn Lie <bjorn....@gmail.com>
+
+- Stop passing soup2=false and tests=false to meson, follow the
+  defaults.
+- Pass vapi=true and add pkgconfig(vapigen) BuildRequires: Build
+  vapi support.
+- Pass ca_certificates=true and
+  ca_certificates_path=%{_sysconfdir}/ssl/ca-bundle.pem to meson.
+
+-------------------------------------------------------------------

New:
----
  0001-rest_proxy_call_sync-bail-out-if-no-payload.patch
  0002-Handle-some-potential-problems-in-parsing-oauth2-acc.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ librest.spec ++++++
--- /var/tmp/diff_new_pack.fptOQs/_old  2022-09-21 14:40:15.021391858 +0200
+++ /var/tmp/diff_new_pack.fptOQs/_new  2022-09-21 14:40:15.025391868 +0200
@@ -30,6 +30,11 @@
 URL:            http://git.gnome.org/browse/librest/
 Source0:        
http://download.gnome.org/sources/rest/0.9/%{_name}-%{version}.tar.xz
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM 0001-rest_proxy_call_sync-bail-out-if-no-payload.patch -- 
rest_proxy_call_sync: bail out if no payload
+Patch0:         0001-rest_proxy_call_sync-bail-out-if-no-payload.patch
+# PATCH-FIX-UPSTREAM 
0002-Handle-some-potential-problems-in-parsing-oauth2-acc.patch -- Handle some 
potential problems in parsing oauth2 access tokens
+Patch1:         0002-Handle-some-potential-problems-in-parsing-oauth2-acc.patch
+
 
 BuildRequires:  gtk-doc
 BuildRequires:  meson
@@ -40,6 +45,7 @@
 BuildRequires:  pkgconfig(json-glib-1.0)
 BuildRequires:  pkgconfig(libsoup-3.0)
 BuildRequires:  pkgconfig(libxml-2.0)
+BuildRequires:  pkgconfig(vapigen)
 
 %description
 This library was designed to make it easier to access web services that
@@ -104,9 +110,10 @@
 #      -D ca_certificates=true \
 #      -D ca_certificates_path=%%{_sysconfdir}/ssl/ca-bundle.pem \
 %meson \
+       -D ca_certificates=true \
+       -D ca_certificates_path=%{_sysconfdir}/ssl/ca-bundle.pem \
        -D examples=false \
-       -D soup2=false \
-       -D tests=false \
+       -D vapi=true \
        %{nil}
 %meson_build
 
@@ -135,5 +142,11 @@
 %{_datadir}/gir-1.0/*.gir
 %{_includedir}/rest-%{abi}/
 %doc %{_datadir}/doc/librest-%{abi}/
+%dir %{_datadir}/vala
+%dir %{_datadir}/vala/vapi
+%{_datadir}/vala/vapi/rest-1.0.deps
+%{_datadir}/vala/vapi/rest-1.0.vapi
+%{_datadir}/vala/vapi/rest-extras-1.0.deps
+%{_datadir}/vala/vapi/rest-extras-1.0.vapi
 
 %changelog

++++++ 0001-rest_proxy_call_sync-bail-out-if-no-payload.patch ++++++
>From fbad64abe28a96f591a30e3a5d3189c10172a414 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awill...@redhat.com>
Date: Tue, 30 Aug 2022 10:03:57 -0700
Subject: [PATCH 1/2] rest_proxy_call_sync: bail out if no payload

goa-daemon is crashing on suspend/resume with a traceback that
points here: it calls rest_proxy_call_sync, that calls
_rest_proxy_send_message, assumes it gets a `payload` back,
and calls `finish_call` with it. However, it's not actually
guaranteed that `_rest_proxy_send_message` will return a payload
(a `GBytes`). There are three ways it can return `NULL` instead:
if it's passed a wrong proxy or message, or - when built against
libsoup3 - if there is an error sending the message (it passes
through the return value of `soup_session_send_and_read`, and
that's documented to be `NULL` on error).

If `payload` comes back `NULL`, let's just return `FALSE`, like
we do if there's a problem with the call or message.

Signed-off-by: Adam Williamson <awill...@redhat.com>
---
 rest/rest-proxy-call.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rest/rest-proxy-call.c b/rest/rest-proxy-call.c
index 851b397..07b8b49 100644
--- a/rest/rest-proxy-call.c
+++ b/rest/rest-proxy-call.c
@@ -1428,6 +1428,8 @@ rest_proxy_call_sync (RestProxyCall *call,
     return FALSE;
 
   payload = _rest_proxy_send_message (priv->proxy, message, priv->cancellable, 
error_out);
+  if (!payload)
+    return FALSE;
 
   ret = finish_call (call, message, payload, error_out);
 
-- 
2.37.1


++++++ 0002-Handle-some-potential-problems-in-parsing-oauth2-acc.patch ++++++
>From 49c2d0ac00b959ce53cc00ca4e7758c21085722f Mon Sep 17 00:00:00 2001
From: Adam Williamson <awill...@redhat.com>
Date: Tue, 30 Aug 2022 10:59:01 -0700
Subject: [PATCH 2/2] Handle some potential problems in parsing oauth2 access
 tokens

It's possible for `_rest_proxy_send_message` to return `NULL`,
which would mean the `payload` here would be `NULL`. If so,
we're not going to be able to do anything, so we should just
bail out.

It's also possible for `json_parser_load_from_data` to return
`FALSE` without setting an error. The most obvious way would be
if `data` was `NULL`, which the bailout avoids, but it could
also happen if we pass an invalid parser somehow. Let's just
handle that too, to be safe.

Signed-off-by: Adam Williamson <awill...@redhat.com>
---
 rest/rest-oauth2-proxy.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/rest/rest-oauth2-proxy.c b/rest/rest-oauth2-proxy.c
index 9511f97..a715b2b 100644
--- a/rest/rest-oauth2-proxy.c
+++ b/rest/rest-oauth2-proxy.c
@@ -68,18 +68,21 @@ rest_oauth2_proxy_parse_access_token (RestOAuth2Proxy *self,
   gsize size;
   gint expires_in;
   gint created_at;
+  gboolean ret;
 
   g_return_if_fail (REST_IS_OAUTH2_PROXY (self));
+  g_return_if_fail (payload);
 
   data = g_bytes_get_data (payload, &size);
 
   parser = json_parser_new ();
-  json_parser_load_from_data (parser, data, size, &error);
+  ret = json_parser_load_from_data (parser, data, size, &error);
   if (error != NULL)
     {
       g_task_return_error (task, error);
       return;
     }
+  g_return_if_fail (ret);
 
   root = json_parser_get_root (parser);
   root_object = json_node_get_object (root);
-- 
2.37.1

commit librest for openSUSE:Factory

Reply via email to