Fedora has issued an advisory today (October 23): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IDXCHOCVP3VSAKDBQSLER2DQHFIOUHAT/
Status comment: (none) => Patch available from FedoraWhiteboard: (none) => MGA8TOO
A parentless SRPM committed by different packagers, so have to assign this update globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. (CVE-2021-39360) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39360 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IDXCHOCVP3VSAKDBQSLER2DQHFIOUHAT/ ======================== Updated packages in core/updates_testing: ======================== lib(64)zapojit-gir0.0-0.0.3-9.1.mga8 lib(64)zapojit0.0_0-0.0.3-9.1.mga8 lib(64)zapojit-devel-0.0.3-9.1.mga8 from SRPM: libzapojit-0.0.3-9.1.mga8.src.rpm
CC: (none) => nicolas.salgueroWhiteboard: MGA8TOO => (none)Version: Cauldron => 8Assignee: pkg-bugs => qa-bugsCVE: (none) => CVE-2021-39360Status comment: Patch available from Fedora => (none)Status: NEW => ASSIGNED
MGA8-64 Plasma on Lenovo B50 No installation issues. Looking for something depending on this library. # urpmq --whatrequires lib64zapojit0.0_0 gnome-online-miners lib64zapojit-devel lib64zapojit-gir0.0 lib64zapojit-gir0.0 lib64zapojit0.0_0 # urpmq --whatrequires lib64zapojit-gir0.0 gnome-documents lib64zapojit-devel lib64zapojit-gir0.0 # urpmq --whatrequires-recursive lib64zapojit0.0_0 gnome-documents gnome-online-miners gnome-photos lib64zapojit-devel lib64zapojit-devel lib64zapojit-gir0.0 lib64zapojit-gir0.0 lib64zapojit0.0_0 gnome-documents is out of thee question since that would draw in Mageia's LibreOffice's rpm's. I have an issue with thos and are running LO's rpm's now. Tried a trace on gnome-photos, walked around in it and creaed a new album, but found no references to the libraries.
CC: (none) => herman.viaene
Herman, the description for the library in MCC says "Libzapojit is a GLib/GObject wrapper for Skydrive and Hotmail." Is that of any help? I'm not a Gnome user, so I am not familiar with such things.
CC: (none) => andrewsfarm
Tried to trace using thunderbird on hotmail account, but no references found. Googling and reading stuff like https://www.freshports.org/net/libzapojit makes me conclude that this is a pure Gnome library. And I run LARGE circles around Gnome......
I know what you mean. I might try something in a vbox guest, but I don't have a Hotmail account...
MGA8-64, Gnome The following 2 packages are going to be installed: - lib64zapojit-gir0.0-0.0.3-9.1.mga8.x86_64 - lib64zapojit0.0_0-0.0.3-9.1.mga8.x86_64 4.2KB of additional disk space will be used. I connected to an MS Onedrive account. It didn't do much. However, I was able to attach to the account. Document and Photos didn't really do much. I can't give this an up or down vote.
CC: (none) => brtians1
I continue to fumble around in the dark here, but... The third reference in Comment 2 contains this description of the library: Description : GLib/GObject wrapper for the OneDrive and Hotmail REST APIs. It supports OneDrive file and folder objects, and the following OneDrive operations: - Deleting a file, folder or photo. - Listing the contents of a folder. - Reading the properties of a file, folder or photo. - Uploading files and photos. Brian, can you do any of those operations with the Onedrive account? That would probably be enough for a test. I don't know enough about the subject to know if being able to "attach" to the account is enough.
I don't see anything even though the online accounts app says it is connected. Doesn't work for me.
original version doesn't work for me either. it installs fine so up to you if you want to approve it.
I fired up my usually-dormant Gnome Vbox guest, updated it (330 packages!), and took a look at what was installed. I found that these libraries were already there, as are gnome-documents and gnome-online-miners. Doing a bit of research, I found this about gnome-online-miners: "GNOME Online Miners provides a set of crawlers that go through your online content and index them locally in Tracker. It has miners for Flickr, Google, OwnCloud and SkyDrive." Not really something I want to get into, even with a test install. But, using qarepo, I updated the libraries, and as with others there were no installation issues. Then I ran gnome-documents in the terminal. It did load, telling me it didn't find any documents, but issued a lot of warning messages as it did: $ gnome-documents (org.gnome.Documents:4150): Tracker-WARNING **: 09:58:48.507: Error parsing miner .desktop file: No such file or directory (org.gnome.Documents:4150): Tracker-WARNING **: 09:58:48.508: Error parsing miner .desktop file: No such file or directory (org.gnome.Documents:4150): Gjs-WARNING **: 09:58:48.514: JS ERROR: Error indexing the getting started PDF: GLib.Error tracker-miner-manager-error-quark: Filesystem miner is not active _initGettingStarted@resource:///org/gnome/Documents/js/application.js:142:25 _createWindow@resource:///org/gnome/Documents/js/application.js:392:14 vfunc_activate@resource:///org/gnome/Documents/js/application.js:449:18 main@resource:///org/gnome/Documents/js/main.js:47:24 run@resource:///org/gnome/gjs/modules/script/package.js:222:19 @/usr/bin/gnome-documents:6:17 (org.gnome.Documents:4150): Tracker-WARNING **: 09:58:48.517: Error parsing miner .desktop file: No such file or directory (org.gnome.Documents:4150): Tracker-WARNING **: 09:58:48.517: Error parsing miner .desktop file: No such file or directory So somehow, I need to activate the miners to somehow test this, but as I said, that's nothing I, as a novice, want to get into. I'm going to send this on based on three clean installs. Validating. Advisory in Comment 2.
Whiteboard: (none) => MGA8-64-OKCC: (none) => sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0504.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED