5 files changed, 718 insertions, 5 deletions
diff --git a/extra/evolution-data-server/PKGBUILD b/extra/evolution-data-server/PKGBUILD
index 78291d153..fcfc6df67 100644
--- a/extra/evolution-data-server/PKGBUILD
+++ b/extra/evolution-data-server/PKGBUILD
@@ -1,22 +1,40 @@
-# $Id: PKGBUILD 191340 2013-07-23 17:20:12Z jgc $
+# $Id: PKGBUILD 192047 2013-08-05 10:37:46Z jgc $
 # Maintainer: Jan de Groot <jgc@archlinux.org>
 
 pkgname=evolution-data-server
 pkgver=3.8.4
-pkgrel=1
+pkgrel=2
 pkgdesc="Centralized access to appointments and contacts"
 arch=(i686 x86_64)
 depends=(gnome-online-accounts nss krb5 libgweather libical db libgdata)
-makedepends=(intltool gperf gobject-introspection vala python2)
+makedepends=(intltool gperf gobject-introspection vala python2 gnome-common)
 options=('!libtool')
 install=$pkgname.install
 url="http://www.gnome.org"
 license=(GPL)
-source=(http://ftp.gnome.org/pub/gnome/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz)
-sha256sums=('0b9e725d36a4c63ccb15b4e0f92932764c9a335e84af2ebeeb4c182760ef3f6e')
+source=(http://ftp.gnome.org/pub/gnome/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz
+fix-google-2fa-1.patch
+fix-google-2fa-2.patch
+fix-google-2fa-3.patch
+fix-google-2fa-4.patch)
+sha256sums=('0b9e725d36a4c63ccb15b4e0f92932764c9a335e84af2ebeeb4c182760ef3f6e'
+            'c1de9fe146f0512cf6c0219341c8409a9e4d955c3eb6a85f7d07183972b9328e'
+            '3e1c83dd00f01dfa0f9d67d2327de110b3e232a5f9a882ccce09a02392df7de6'
+            '9da8cccf504f40b8ee9e068b465cdf0a1a858999dd88d8e8e96f1e4cdffbf1e2'
+            '27022d00575ba1b9283d9420aa231c2770ff403b0b6c0442b6d679faefdbe00e')
+
+
+prepare() {
+  cd "$pkgname-$pkgver"
+  patch -Np1 -i ../fix-google-2fa-1.patch
+  patch -Np1 -i ../fix-google-2fa-2.patch
+  patch -Np1 -i ../fix-google-2fa-3.patch
+  patch -Np1 -i ../fix-google-2fa-4.patch
+}
 
 build() {
   cd "$pkgname-$pkgver"
+  autoreconf -fi
   ./configure --prefix=/usr --sysconfdir=/etc \
       --localstatedir=/var --with-openldap=yes \
       --libexecdir=/usr/lib/evolution-data-server \
diff --git a/extra/evolution-data-server/fix-google-2fa-1.patch b/extra/evolution-data-server/fix-google-2fa-1.patch
new file mode 100644
index 000000000..530996898
--- /dev/null
+++ b/extra/evolution-data-server/fix-google-2fa-1.patch
@@ -0,0 +1,402 @@
+From fa0d18fcf2d8084d2a41f24f50f689eed8e3e241 Mon Sep 17 00:00:00 2001
+From: Matthew Barnes <mbarnes@redhat.com>
+Date: Tue, 09 Jul 2013 18:23:04 +0000
+Subject: Add ESoupAuthBearer.
+
+SoupAuth subclass for use with OAuth 2.0 HTTP authentication.
+
+See http://tools.ietf.org/html/rfc6750
+
+EBackends should use e_source_get_oauth2_access_token() to obtain
+the access token and token expiry for an ESource, then pass them to
+e_soup_auth_bearer_set_access_token().
+---
+diff --git a/docs/reference/libebackend/libebackend-docs.xml b/docs/reference/libebackend/libebackend-docs.xml
+index fa9ab92..f54d3d6 100644
+--- a/docs/reference/libebackend/libebackend-docs.xml
++++ b/docs/reference/libebackend/libebackend-docs.xml
+@@ -34,6 +34,7 @@
+     <title>Miscellaneous Utilities</title>
+     <xi:include href="xml/e-file-cache.xml"/>
+     <xi:include href="xml/e-db3-utils.xml"/>
++    <xi:include href="xml/e-soup-auth-bearer.xml"/>
+     <xi:include href="xml/e-sqlite3-vfs.xml"/>
+     <xi:include href="xml/e-user-prompter.xml"/>
+     <xi:include href="xml/e-user-prompter-server.xml"/>
+diff --git a/docs/reference/libebackend/libebackend-sections.txt b/docs/reference/libebackend/libebackend-sections.txt
+index 6c604bf..189f002 100644
+--- a/docs/reference/libebackend/libebackend-sections.txt
++++ b/docs/reference/libebackend/libebackend-sections.txt
+@@ -397,6 +397,24 @@ EServerSideSourcePrivate
+ </SECTION>
+ 
+ <SECTION>
++<FILE>e-soup-auth-bearer</FILE>
++<TITLE>ESoupAuthBearer</TITLE>
++ESoupAuthBearer
++e_soup_auth_bearer_set_access_token
++<SUBSECTION Standard>
++E_SOUP_AUTH_BEARER
++E_IS_SOUP_AUTH_BEARER
++E_TYPE_SOUP_AUTH_BEARER
++E_SOUP_AUTH_BEARER_CLASS
++E_IS_SOUP_AUTH_BEARER_CLASS
++E_SOUP_AUTH_BEARER_GET_CLASS
++ESoupAuthBearerClass
++e_soup_auth_bearer_get_type
++<SUBSECTION Private>
++ESoupAuthBearerPrivate
++</SECTION>
++
++<SECTION>
+ <FILE>e-source-registry-server</FILE>
+ <TITLE>ESourceRegistryServer</TITLE>
+ E_SOURCE_REGISTRY_SERVER_OBJECT_PATH
+diff --git a/docs/reference/libebackend/libebackend.types b/docs/reference/libebackend/libebackend.types
+index aeb38dc..1d7fe96 100644
+--- a/docs/reference/libebackend/libebackend.types
++++ b/docs/reference/libebackend/libebackend.types
+@@ -15,6 +15,7 @@ e_module_get_type
+ e_oauth2_support_get_type
+ e_offline_listener_get_type
+ e_server_side_source_get_type
++e_soup_auth_bearer_get_type
+ e_source_registry_server_get_type
+ e_user_prompter_get_type
+ e_user_prompter_server_get_type
+diff --git a/libebackend/Makefile.am b/libebackend/Makefile.am
+index c77b470..783732e 100644
+--- a/libebackend/Makefile.am
++++ b/libebackend/Makefile.am
+@@ -35,6 +35,7 @@ libebackend_1_2_la_CPPFLAGS = \
+ 	$(E_BACKEND_CFLAGS)					\
+ 	$(GCR_BASE_CFLAGS)					\
+ 	$(GIO_UNIX_CFLAGS)					\
++	$(SOUP_CFLAGS)						\
+ 	$(CODE_COVERAGE_CFLAGS)					\
+ 	$(NULL)
+ 
+@@ -56,6 +57,7 @@ libebackend_1_2_la_SOURCES =		\
+ 	e-db3-utils.c			\
+ 	e-module.c			\
+ 	e-server-side-source.c		\
++	e-soup-auth-bearer.c		\
+ 	e-source-registry-server.c	\
+ 	e-sqlite3-vfs.c			\
+ 	e-user-prompter.c		\
+@@ -71,6 +73,7 @@ libebackend_1_2_la_LIBADD = 				\
+ 	$(SQLITE3_LIBS)					\
+ 	$(GCR_BASE_LIBS)				\
+ 	$(GIO_UNIX_LIBS)				\
++	$(SOUP_LIBS)					\
+ 	$(DB_LIBS)
+ 
+ libebackend_1_2_la_LDFLAGS = \
+@@ -100,6 +103,7 @@ libebackendinclude_HEADERS =		\
+ 	e-dbhash.h			\
+ 	e-module.h			\
+ 	e-server-side-source.h		\
++	e-soup-auth-bearer.h		\
+ 	e-source-registry-server.h	\
+ 	e-sqlite3-vfs.h			\
+ 	e-user-prompter.h		\
+diff --git a/libebackend/e-soup-auth-bearer.c b/libebackend/e-soup-auth-bearer.c
+new file mode 100644
+index 0000000..1d5f804
+--- /dev/null
++++ b/libebackend/e-soup-auth-bearer.c
+@@ -0,0 +1,196 @@
++/*
++ * e-soup-auth-bearer.c
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2 of the License, or (at your option) version 3.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with the program; if not, see <http://www.gnu.org/licenses/>
++ *
++ */
++
++/**
++ * SECTION: e-soup-auth-bearer
++ * @include: libebackend/libebackend.h
++ * @short_description: OAuth 2.0 support for libsoup
++ *
++ * #ESoupAuthBearer adds libsoup support for the use of bearer tokens in
++ * HTTP requests to access OAuth 2.0 protected resources, as defined in
++ * <ulink url="http://tools.ietf.org/html/rfc6750">RFC 6750</ulink>.
++ *
++ * An #EBackend should integrate #ESoupAuthBearer first by adding it as a
++ * feature to a #SoupSession's #SoupAuthManager, then from a #SoupSession
++ * #SoupSession::authenticate handler call e_source_get_oauth2_access_token()
++ * and pass the results to e_soup_auth_bearer_set_access_token().
++ **/
++
++#include "e-soup-auth-bearer.h"
++
++#include <time.h>
++
++#define E_SOUP_AUTH_BEARER_GET_PRIVATE(obj) \
++	(G_TYPE_INSTANCE_GET_PRIVATE \
++	((obj), E_TYPE_SOUP_AUTH_BEARER, ESoupAuthBearerPrivate))
++
++#define AUTH_STRENGTH 1
++
++#define EXPIRY_INVALID ((time_t) -1)
++
++struct _ESoupAuthBearerPrivate {
++	gchar *access_token;
++	time_t expiry;
++};
++
++G_DEFINE_TYPE (
++	ESoupAuthBearer,
++	e_soup_auth_bearer,
++	SOUP_TYPE_AUTH)
++
++static gboolean
++e_soup_auth_bearer_is_expired (ESoupAuthBearer *bearer)
++{
++	gboolean expired = FALSE;
++
++	if (bearer->priv->expiry != EXPIRY_INVALID)
++		expired = (bearer->priv->expiry < time (NULL));
++
++	return expired;
++}
++
++static void
++e_soup_auth_bearer_finalize (GObject *object)
++{
++	ESoupAuthBearerPrivate *priv;
++
++	priv = E_SOUP_AUTH_BEARER_GET_PRIVATE (object);
++
++	g_free (priv->access_token);
++
++	/* Chain up to parent's finalize() method. */
++	G_OBJECT_CLASS (e_soup_auth_bearer_parent_class)->finalize (object);
++}
++
++static gboolean
++e_soup_auth_bearer_update (SoupAuth *auth,
++                           SoupMessage *message,
++                           GHashTable *auth_header)
++{
++	/* XXX Not sure what to do here.  Discard the access token? */
++
++	return TRUE;
++}
++
++static GSList *
++e_soup_auth_bearer_get_protection_space (SoupAuth *auth,
++                                         SoupURI *source_uri)
++{
++	/* XXX Not sure what to do here.  Need to return something. */
++
++	return g_slist_prepend (NULL, g_strdup (""));
++}
++
++static gboolean
++e_soup_auth_bearer_is_authenticated (SoupAuth *auth)
++{
++	ESoupAuthBearer *bearer;
++	gboolean authenticated = FALSE;
++
++	bearer = E_SOUP_AUTH_BEARER (auth);
++
++	if (!e_soup_auth_bearer_is_expired (bearer))
++		authenticated = (bearer->priv->access_token != NULL);
++
++	return authenticated;
++}
++
++static gchar *
++e_soup_auth_bearer_get_authorization (SoupAuth *auth,
++                                      SoupMessage *message)
++{
++	ESoupAuthBearer *bearer;
++
++	bearer = E_SOUP_AUTH_BEARER (auth);
++
++	return g_strdup_printf ("Bearer %s", bearer->priv->access_token);
++}
++
++static void
++e_soup_auth_bearer_class_init (ESoupAuthBearerClass *class)
++{
++	GObjectClass *object_class;
++	SoupAuthClass *auth_class;
++
++	g_type_class_add_private (class, sizeof (ESoupAuthBearerPrivate));
++
++	/* Keep the "e" prefix on private methods
++	 * so we don't step on libsoup's namespace. */
++
++	object_class = G_OBJECT_CLASS (class);
++	object_class->finalize = e_soup_auth_bearer_finalize;
++
++	auth_class = SOUP_AUTH_CLASS (class);
++	auth_class->scheme_name = "Bearer";
++	auth_class->strength = AUTH_STRENGTH;
++	auth_class->update = e_soup_auth_bearer_update;
++	auth_class->get_protection_space = e_soup_auth_bearer_get_protection_space;
++	auth_class->is_authenticated = e_soup_auth_bearer_is_authenticated;
++	auth_class->get_authorization = e_soup_auth_bearer_get_authorization;
++}
++
++static void
++e_soup_auth_bearer_init (ESoupAuthBearer *bearer)
++{
++	bearer->priv = E_SOUP_AUTH_BEARER_GET_PRIVATE (bearer);
++	bearer->priv->expiry = EXPIRY_INVALID;
++}
++
++/**
++ * e_soup_auth_bearer_set_access_token:
++ * @bearer: an #ESoupAuthBearer
++ * @access_token: an OAuth 2.0 access token
++ * @expires_in_seconds: expiry for @access_token, or 0 if unknown
++ *
++ * This function is analogous to soup_auth_authenticate() for "Basic" HTTP
++ * authentication, except it takes an OAuth 2.0 access token instead of a
++ * username and password.
++ *
++ * If @expires_in_seconds is greater than zero, soup_auth_is_authenticated()
++ * will return %FALSE after the given number of seconds have elapsed.
++ *
++ * Since: 3.10
++ **/
++void
++e_soup_auth_bearer_set_access_token (ESoupAuthBearer *bearer,
++                                     const gchar *access_token,
++                                     gint expires_in_seconds)
++{
++	gboolean was_authenticated;
++	gboolean now_authenticated;
++
++	g_return_if_fail (E_IS_SOUP_AUTH_BEARER (bearer));
++
++	was_authenticated = soup_auth_is_authenticated (SOUP_AUTH (bearer));
++
++	g_free (bearer->priv->access_token);
++	bearer->priv->access_token = g_strdup (access_token);
++
++	if (expires_in_seconds > 0)
++		bearer->priv->expiry = time (NULL) + expires_in_seconds;
++	else
++		bearer->priv->expiry = EXPIRY_INVALID;
++
++	now_authenticated = soup_auth_is_authenticated (SOUP_AUTH (bearer));
++
++	if (was_authenticated != now_authenticated)
++		g_object_notify (
++			G_OBJECT (bearer),
++			SOUP_AUTH_IS_AUTHENTICATED);
++}
++
+diff --git a/libebackend/e-soup-auth-bearer.h b/libebackend/e-soup-auth-bearer.h
+new file mode 100644
+index 0000000..83746a4
+--- /dev/null
++++ b/libebackend/e-soup-auth-bearer.h
+@@ -0,0 +1,79 @@
++/*
++ * e-soup-auth-bearer.h
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2 of the License, or (at your option) version 3.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with the program; if not, see <http://www.gnu.org/licenses/>
++ *
++ */
++
++#if !defined (__LIBEBACKEND_H_INSIDE__) && !defined (LIBEBACKEND_COMPILATION)
++#error "Only <libebackend/libebackend.h> should be included directly."
++#endif
++
++#ifndef E_SOUP_AUTH_BEARER_H
++#define E_SOUP_AUTH_BEARER_H
++
++#include <libsoup/soup.h>
++
++/* Standard GObject macros */
++#define E_TYPE_SOUP_AUTH_BEARER \
++	(e_soup_auth_bearer_get_type ())
++#define E_SOUP_AUTH_BEARER(obj) \
++	(G_TYPE_CHECK_INSTANCE_CAST \
++	((obj), E_TYPE_SOUP_AUTH_BEARER, ESoupAuthBearer))
++#define E_SOUP_AUTH_BEARER_CLASS(cls) \
++	(G_TYPE_CHECK_CLASS_CAST \
++	((cls), E_TYPE_SOUP_AUTH_BEARER, ESoupAuthBearerClass))
++#define E_IS_SOUP_AUTH_BEARER(obj) \
++	(G_TYPE_CHECK_INSTANCE_TYPE \
++	((obj), E_TYPE_SOUP_AUTH_BEARER))
++#define E_IS_SOUP_AUTH_BEARER_CLASS(cls) \
++	(G_TYPE_CHECK_CLASS_TYPE \
++	((cls), E_TYPE_SOUP_AUTH_BEARER))
++#define E_SOUP_AUTH_BEARER_GET_CLASS(obj) \
++	(G_TYPE_INSTANCE_GET_CLASS \
++	((obj), E_TYPE_SOUP_AUTH_BEARER, ESoupAuthBearerClass))
++
++G_BEGIN_DECLS
++
++typedef struct _ESoupAuthBearer ESoupAuthBearer;
++typedef struct _ESoupAuthBearerClass ESoupAuthBearerClass;
++typedef struct _ESoupAuthBearerPrivate ESoupAuthBearerPrivate;
++
++/**
++ * ESoupAuthBearer:
++ *
++ * Contains only private data that should be read and manipulated using the
++ * functions below.
++ *
++ * Since: 3.10
++ **/
++struct _ESoupAuthBearer {
++	SoupAuth parent;
++	ESoupAuthBearerPrivate *priv;
++};
++
++struct _ESoupAuthBearerClass {
++	SoupAuthClass parent_class;
++};
++
++GType		e_soup_auth_bearer_get_type	(void) G_GNUC_CONST;
++void		e_soup_auth_bearer_set_access_token
++						(ESoupAuthBearer *bearer,
++						 const gchar *access_token,
++						 gint expires_in_seconds);
++
++G_END_DECLS
++
++#endif /* E_SOUP_AUTH_BEARER_H */
++
+diff --git a/libebackend/libebackend.h b/libebackend/libebackend.h
+index f7f0157..0aac5d4 100644
+--- a/libebackend/libebackend.h
++++ b/libebackend/libebackend.h
+@@ -42,6 +42,7 @@
+ #include <libebackend/e-oauth2-support.h>
+ #include <libebackend/e-offline-listener.h>
+ #include <libebackend/e-server-side-source.h>
++#include <libebackend/e-soup-auth-bearer.h>
+ #include <libebackend/e-source-registry-server.h>
+ #include <libebackend/e-sqlite3-vfs.h>
+ #include <libebackend/e-user-prompter.h>
+
diff --git a/extra/evolution-data-server/fix-google-2fa-2.patch b/extra/evolution-data-server/fix-google-2fa-2.patch
new file mode 100644
index 000000000..d178cd0af
--- /dev/null
+++ b/extra/evolution-data-server/fix-google-2fa-2.patch
@@ -0,0 +1,86 @@
+From 54e876d3fc25ec59c58beda915a8c9d1f8d5f101 Mon Sep 17 00:00:00 2001
+From: Matthew Barnes <mbarnes@redhat.com>
+Date: Tue, 09 Jul 2013 21:06:16 +0000
+Subject: CalDAV: Add support for OAuth 2.0 authentication.
+
+---
+diff --git a/calendar/backends/caldav/e-cal-backend-caldav.c b/calendar/backends/caldav/e-cal-backend-caldav.c
+index 58c70b6..58f0654 100644
+--- a/calendar/backends/caldav/e-cal-backend-caldav.c
++++ b/calendar/backends/caldav/e-cal-backend-caldav.c
+@@ -968,6 +968,32 @@ parse_propfind_response (SoupMessage *message,
+ /* Authentication helpers for libsoup */
+ 
+ static void
++soup_authenticate_bearer (SoupSession *session,
++                          SoupMessage *message,
++                          SoupAuth *auth,
++                          ESource *source)
++{
++	gchar *access_token = NULL;
++	gint expires_in_seconds = -1;
++	GError *local_error = NULL;
++
++	e_source_get_oauth2_access_token_sync (
++		source, NULL, &access_token,
++		&expires_in_seconds, &local_error);
++
++	e_soup_auth_bearer_set_access_token (
++		E_SOUP_AUTH_BEARER (auth),
++		access_token, expires_in_seconds);
++
++	if (local_error != NULL) {
++		g_warning ("%s: %s", G_STRFUNC, local_error->message);
++		g_error_free (local_error);
++	}
++
++	g_free (access_token);
++}
++
++static void
+ soup_authenticate (SoupSession *session,
+                    SoupMessage *msg,
+                    SoupAuth *auth,
+@@ -985,8 +1011,14 @@ soup_authenticate (SoupSession *session,
+ 	extension_name = E_SOURCE_EXTENSION_AUTHENTICATION;
+ 	auth_extension = e_source_get_extension (source, extension_name);
+ 
++	if (retrying)
++		return;
++
++	if (E_IS_SOUP_AUTH_BEARER (auth)) {
++		soup_authenticate_bearer (session, msg, auth, source);
++
+ 	/* do not send same password twice, but keep it for later use */
+-	if (!retrying && cbdav->priv->password != NULL) {
++	} else if (cbdav->priv->password != NULL) {
+ 		gchar *user;
+ 
+ 		user = e_source_authentication_dup_user (auth_extension);
+@@ -5194,6 +5226,8 @@ cal_backend_caldav_constructed (GObject *object)
+ static void
+ e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
+ {
++	SoupSessionFeature *feature;
++
+ 	cbdav->priv = E_CAL_BACKEND_CALDAV_GET_PRIVATE (cbdav);
+ 	cbdav->priv->session = soup_session_sync_new ();
+ 	g_object_set (
+@@ -5203,6 +5237,16 @@ e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
+ 		SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
+ 		NULL);
+ 
++	/* XXX SoupAuthManager is public API as of libsoup 2.42, but
++	 *     this isn't worth bumping our libsoup requirement over.
++	 *     So get the SoupAuthManager GType by its type name. */
++	feature = soup_session_get_feature (
++		cbdav->priv->session,
++		g_type_from_name ("SoupAuthManager"));
++
++	/* Add the "Bearer" auth type to support OAuth 2.0. */
++	soup_session_feature_add_feature (feature, E_TYPE_SOUP_AUTH_BEARER);
++
+ 	cbdav->priv->proxy = e_proxy_new ();
+ 	e_proxy_setup_proxy (cbdav->priv->proxy);
+ 	g_signal_connect (cbdav->priv->proxy, "changed", G_CALLBACK (proxy_settings_changed), cbdav->priv);
+
diff --git a/extra/evolution-data-server/fix-google-2fa-3.patch b/extra/evolution-data-server/fix-google-2fa-3.patch
new file mode 100644
index 000000000..a5c6ca324
--- /dev/null
+++ b/extra/evolution-data-server/fix-google-2fa-3.patch
@@ -0,0 +1,48 @@
+From cc9fb7d15ce3983fc36487d2856e5fd14b341725 Mon Sep 17 00:00:00 2001
+From: Matthew Barnes <mbarnes@redhat.com>
+Date: Tue, 09 Jul 2013 15:49:09 +0000
+Subject: google: Minor module cleanups.
+
+---
+diff --git a/modules/google-backend/module-google-backend.c b/modules/google-backend/module-google-backend.c
+index d5684bb..cbd7bd2 100644
+--- a/modules/google-backend/module-google-backend.c
++++ b/modules/google-backend/module-google-backend.c
+@@ -100,19 +100,17 @@ google_backend_contacts_update_auth_method (ESource *source)
+ 	EOAuth2Support *oauth2_support;
+ 	ESourceAuthentication *extension;
+ 	const gchar *extension_name;
+-
+-	extension_name = E_SOURCE_EXTENSION_AUTHENTICATION;
+-	extension = e_source_get_extension (source, extension_name);
++	const gchar *method;
+ 
+ 	oauth2_support = e_server_side_source_ref_oauth2_support (
+ 		E_SERVER_SIDE_SOURCE (source));
+-	if (oauth2_support != NULL) {
+-		e_source_authentication_set_method (extension, "OAuth2");
+-		g_object_unref (oauth2_support);
+-		return;
+-	}
+ 
+-	e_source_authentication_set_method (extension, "ClientLogin");
++	extension_name = E_SOURCE_EXTENSION_AUTHENTICATION;
++	extension = e_source_get_extension (source, extension_name);
++	method = (oauth2_support != NULL) ? "OAuth2" : "ClientLogin";
++	e_source_authentication_set_method (extension, method);
++
++	g_clear_object (&oauth2_support);
+ }
+ 
+ static void
+@@ -178,7 +176,8 @@ google_backend_add_calendar (ECollectionBackend *backend)
+ 
+ 		g_get_current_time (&today_tv);
+ 		today = g_time_val_to_iso8601 (&today_tv);
+-		e_source_alarms_set_last_notified (E_SOURCE_ALARMS (extension), today);
++		e_source_alarms_set_last_notified (
++			E_SOURCE_ALARMS (extension), today);
+ 		g_free (today);
+ 	}
+ 
+
diff --git a/extra/evolution-data-server/fix-google-2fa-4.patch b/extra/evolution-data-server/fix-google-2fa-4.patch
new file mode 100644
index 000000000..26b64763e
--- /dev/null
+++ b/extra/evolution-data-server/fix-google-2fa-4.patch
@@ -0,0 +1,159 @@
+From 13afda757c4ba8d558eaa64853849f2ad00a9806 Mon Sep 17 00:00:00 2001
+From: Matthew Barnes <mbarnes@redhat.com>
+Date: Tue, 09 Jul 2013 15:42:17 +0000
+Subject: google: Use CalDAV v2 if OAuth 2.0 support is available.
+
+---
+diff --git a/modules/google-backend/module-google-backend.c b/modules/google-backend/module-google-backend.c
+index cbd7bd2..4ded74d 100644
+--- a/modules/google-backend/module-google-backend.c
++++ b/modules/google-backend/module-google-backend.c
+@@ -45,10 +45,16 @@
+ 
+ /* Calendar Configuration Details */
+ #define GOOGLE_CALENDAR_BACKEND_NAME	"caldav"
+-#define GOOGLE_CALENDAR_HOST		"www.google.com"
+-#define GOOGLE_CALENDAR_CALDAV_PATH	"/calendar/dav/%s/events"
+ #define GOOGLE_CALENDAR_RESOURCE_ID	"Calendar"
+ 
++/* CalDAV v1 Configuration Details */
++#define GOOGLE_CALDAV_V1_HOST		"www.google.com"
++#define GOOGLE_CALDAV_V1_PATH		"/calendar/dav/%s/events"
++
++/* CalDAV v2 Configuration Details */
++#define GOOGLE_CALDAV_V2_HOST		"apidata.googleusercontent.com"
++#define GOOGLE_CALDAV_V2_PATH		"/caldav/v2/%s/events"
++
+ /* Contacts Configuration Details */
+ #define GOOGLE_CONTACTS_BACKEND_NAME	"google"
+ #define GOOGLE_CONTACTS_HOST		"www.google.com"
+@@ -95,6 +101,52 @@ G_DEFINE_DYNAMIC_TYPE (
+ 	E_TYPE_COLLECTION_BACKEND_FACTORY)
+ 
+ static void
++google_backend_calendar_update_auth_method (ESource *source)
++{
++	EOAuth2Support *oauth2_support;
++	ESourceAuthentication *auth_extension;
++	ESourceWebdav *webdav_extension;
++	const gchar *extension_name;
++	const gchar *host;
++	const gchar *method;
++	const gchar *path_format;
++	gchar *path;
++	gchar *user;
++
++	oauth2_support = e_server_side_source_ref_oauth2_support (
++		E_SERVER_SIDE_SOURCE (source));
++
++	/* The host name and WebDAV resource path depend on the
++	 * authentication method used, so update those here too. */
++
++	if (oauth2_support != NULL) {
++		method = "OAuth2";
++		host = GOOGLE_CALDAV_V2_HOST;
++		path_format = GOOGLE_CALDAV_V2_PATH;
++	} else {
++		method = "plain/password";
++		host = GOOGLE_CALDAV_V1_HOST;
++		path_format = GOOGLE_CALDAV_V1_PATH;
++	}
++
++	extension_name = E_SOURCE_EXTENSION_AUTHENTICATION;
++	auth_extension = e_source_get_extension (source, extension_name);
++	e_source_authentication_set_host (auth_extension, host);
++	e_source_authentication_set_method (auth_extension, method);
++
++	extension_name = E_SOURCE_EXTENSION_WEBDAV_BACKEND;
++	webdav_extension = e_source_get_extension (source, extension_name);
++
++	user = e_source_authentication_dup_user (auth_extension);
++	path = g_strdup_printf (path_format, (user != NULL) ? user : "");
++	e_source_webdav_set_resource_path (webdav_extension, path);
++	g_free (path);
++	g_free (user);
++
++	g_clear_object (&oauth2_support);
++}
++
++static void
+ google_backend_contacts_update_auth_method (ESource *source)
+ {
+ 	EOAuth2Support *oauth2_support;
+@@ -123,14 +175,16 @@ google_backend_add_calendar (ECollectionBackend *backend)
+ 	ESourceCollection *collection_extension;
+ 	const gchar *backend_name;
+ 	const gchar *extension_name;
+-	const gchar *identity;
+ 	const gchar *resource_id;
+-	gchar *path;
+ 
+ 	/* FIXME As a future enhancement, we should query Google
+ 	 *       for a list of user calendars and add them to the
+ 	 *       collection with matching display names and colors. */
+ 
++	/* NOTE: Host name and WebDAV resource path are set in
++	 *       google_backend_calendar_update_auth_method(),
++	 *       since they depend on the auth method used. */
++
+ 	collection_source = e_backend_get_source (E_BACKEND (backend));
+ 
+ 	resource_id = GOOGLE_CALENDAR_RESOURCE_ID;
+@@ -153,15 +207,15 @@ google_backend_add_calendar (ECollectionBackend *backend)
+ 	extension_name = E_SOURCE_EXTENSION_AUTHENTICATION;
+ 	extension = e_source_get_extension (source, extension_name);
+ 
+-	e_source_authentication_set_host (
+-		E_SOURCE_AUTHENTICATION (extension),
+-		GOOGLE_CALENDAR_HOST);
+-
+ 	g_object_bind_property (
+ 		collection_extension, "identity",
+ 		extension, "user",
+ 		G_BINDING_SYNC_CREATE);
+ 
++	/* Make sure the WebDAV resource path is up-to-date, since
++	 * it's built from the "user" property that we just set. */
++	google_backend_calendar_update_auth_method (source);
++
+ 	extension_name = E_SOURCE_EXTENSION_SECURITY;
+ 	extension = e_source_get_extension (source, extension_name);
+ 
+@@ -181,15 +235,6 @@ google_backend_add_calendar (ECollectionBackend *backend)
+ 		g_free (today);
+ 	}
+ 
+-	extension_name = E_SOURCE_EXTENSION_WEBDAV_BACKEND;
+-	extension = e_source_get_extension (source, extension_name);
+-
+-	identity = e_source_collection_get_identity (collection_extension);
+-	path = g_strdup_printf (GOOGLE_CALENDAR_CALDAV_PATH, identity);
+-	e_source_webdav_set_resource_path (
+-		E_SOURCE_WEBDAV (extension), path);
+-	g_free (path);
+-
+ 	server = e_collection_backend_ref_server (backend);
+ 	e_source_registry_server_add_source (server, source);
+ 	g_object_unref (server);
+@@ -336,6 +381,20 @@ google_backend_child_added (ECollectionBackend *backend,
+ 				collection_identity);
+ 	}
+ 
++	/* Keep the calendar authentication method up-to-date.
++	 *
++	 * XXX Not using a property binding here in case I end up adding
++	 *     other "support" interfaces which influence authentication.
++	 *     Many-to-one property bindinds tend not to work so well. */
++	extension_name = E_SOURCE_EXTENSION_CALENDAR;
++	if (e_source_has_extension (child_source, extension_name)) {
++		google_backend_calendar_update_auth_method (child_source);
++		g_signal_connect (
++			child_source, "notify::oauth2-support",
++			G_CALLBACK (google_backend_calendar_update_auth_method),
++			NULL);
++	}
++
+ 	/* Keep the contacts authentication method up-to-date.
+ 	 *
+ 	 * XXX Not using a property binding here in case I end up adding
+