Compare commits

..

No commits in common. "c10s" and "c8" have entirely different histories.
c10s ... c8

5 changed files with 45 additions and 30 deletions

1
.gfbgraph.metadata Normal file
View File

@ -0,0 +1 @@
bba9d7149b975e59e5831fb2287ebaad98f85ec1 SOURCES/gfbgraph-0.2.4.tar.xz

4
.gitignore vendored
View File

@ -1,3 +1 @@
/gfbgraph-0.2.1.tar.xz SOURCES/gfbgraph-0.2.4.tar.xz
/gfbgraph-0.2.2.tar.xz
/gfbgraph-0.2.3.tar.xz

View File

@ -0,0 +1,29 @@
From c294b06ec0f3a0b8e3f6292de962e048bbd7774a Mon Sep 17 00:00:00 2001
From: "Douglas R. Reno" <renodr@linuxfromscratch.org>
Date: Wed, 15 Sep 2021 17:40:00 +0000
Subject: [PATCH] Fix CVE-2021-39358 by forcing TLS certificate validation.
This is similar to the fix performed in other packages. See https://gitlab.gnome.org/Teams/Releng/security/-/issues/57 for more details. Note that this is my first non-documentation commit to a GNOME package, but I'm a distributor and want to see this fixed.
Tested on Linux From Scratch 11.0 and on Debian 11.
Fixes #17
---
gfbgraph/gfbgraph-photo.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gfbgraph/gfbgraph-photo.c b/gfbgraph/gfbgraph-photo.c
index 69eb98db2576..2ebb9aaf8db1 100644
--- a/gfbgraph/gfbgraph-photo.c
+++ b/gfbgraph/gfbgraph-photo.c
@@ -422,6 +422,7 @@ gfbgraph_photo_download_default_size (GFBGraphPhoto *photo, GFBGraphAuthorizer *
session = soup_session_sync_new ();
requester = soup_requester_new ();
+ g_object_set (G_OBJECT (session), "ssl-use-system-ca-file", TRUE, NULL);
soup_session_add_feature (session, SOUP_SESSION_FEATURE (requester));
request = soup_requester_request (requester, priv->source, error);
--
2.31.1

View File

@ -1,14 +1,20 @@
%global api 0.2 %global api 0.2
Name: gfbgraph Name: gfbgraph
Version: %{api}.3 Version: %{api}.4
Release: 14%{?dist} Release: 1%{?dist}
Summary: GLib/GObject wrapper for the Facebook Graph API Summary: GLib/GObject wrapper for the Facebook Graph API
License: LGPLv2+ License: LGPLv2+
URL: https://wiki.gnome.org/Projects/GFBGraph URL: https://wiki.gnome.org/Projects/GFBGraph
Source0: https://download.gnome.org/sources/%{name}/%{api}/%{name}-%{version}.tar.xz Source0: https://download.gnome.org/sources/%{name}/%{api}/%{name}-%{version}.tar.xz
# https://bugzilla.redhat.com/show_bug.cgi?id=1997941
Patch0: %{name}-Fix-CVE-2021-39358-by-forcing-TLS-certificate-valida.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: pkgconfig(gio-2.0) BuildRequires: pkgconfig(gio-2.0)
BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(gobject-2.0) BuildRequires: pkgconfig(gobject-2.0)
@ -18,7 +24,6 @@ BuildRequires: gtk-doc
BuildRequires: pkgconfig(json-glib-1.0) BuildRequires: pkgconfig(json-glib-1.0)
BuildRequires: pkgconfig(libsoup-2.4) BuildRequires: pkgconfig(libsoup-2.4)
BuildRequires: pkgconfig(rest-0.7) BuildRequires: pkgconfig(rest-0.7)
BuildRequires: make
Requires: gobject-introspection Requires: gobject-introspection
%description %description
@ -37,9 +42,12 @@ developing applications that use %{name}.
%prep %prep
%setup -q %setup -q
%patch0 -p1
%build %build
gtkdocize
autoreconf --install --verbose
%configure \ %configure \
--disable-silent-rules \ --disable-silent-rules \
--disable-static \ --disable-static \
@ -87,29 +95,9 @@ rm -rf $RPM_BUILD_ROOT%{_prefix}/doc
%changelog %changelog
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.2.3-14 * Tue Oct 12 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.2.4-1
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Update to 0.2.4
Resolves: #1997941
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.3-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.3-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.3-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.3-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jul 26 2018 Debarshi Ray <rishi@fedoraproject.org> - 0.2.3-8
- Fix URL and modernize
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.3-6 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

View File

@ -1 +0,0 @@
81f216f637b40dc9b3a7298651305763 gfbgraph-0.2.3.tar.xz