rpms/grilo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

+ grilo-0.3.13-4

Browse Source 
Clarify license
Fix TLS not being validated correctly
This commit is contained in:
Bastien Nocera 2021-06-22 14:23:43 +02:00
parent 89c739c70f
commit 6e0575e8d5
3 changed files with 105 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
0001-build-Clarify-LGPLv2.1-or-later-license.patch Normal file
View File

@ -0,0 +1,59 @@
From 89537b8c4bae8857078de5d084f79ffe532a7ba8 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Mon, 21 Jun 2021 14:16:37 +0200
Subject: [PATCH 1/2] build: Clarify LGPLv2.1 or later license
The COPYING file by itself isn't enough to know under which license the
project is released, as a combined work.
Clarify this in the build system and the README.
---
README.md | 5 +++++
doc/grilo/overview.xml | 3 ++-
meson.build | 2 +-
3 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index c6fe38e..16f9453 100644
--- a/README.md
+++ b/README.md
@@ -89,4 +89,9 @@ ninja -C build
./build/tools/grilo-test-ui/grilo-test-ui-0.3
```
+## License
+
+grilo is available under the [GNU Lesser General Public License v2.1 or later](https://spdx.org/licenses/LGPL-2.1-or-later.html).
+Check the sources themselves for individual copyrights and licenses.
+
Enjoy!
diff --git a/doc/grilo/overview.xml b/doc/grilo/overview.xml
index aa169ae..52b8e41 100644
--- a/doc/grilo/overview.xml
+++ b/doc/grilo/overview.xml
@@ -99,7 +99,8 @@ developers.
</para>
<para>
-Grilo is licensed under the GNU Lesser General Public License (LGPL).
+Grilo is licensed under the GNU Lesser General Public License (LGPL)
+version 2.1 or later.
</para>
</section>
diff --git a/meson.build b/meson.build
index cf12454..f76d790 100644
--- a/meson.build
+++ b/meson.build
@@ -12,7 +12,7 @@ project('grilo', 'c',
'c_std=gnu99',
'warning_level=1'
],
- license: 'LGPL 2.1',
+ license: 'LGPL-2.1-or-later',
meson_version: '>= 0.46.0')
grilo_version = meson.project_version()
--
2.31.1

33
0002-net-Fix-TLS-cert-validation-not-being-done-for-any-n.patch Normal file
View File

@ -0,0 +1,33 @@
From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Mon, 21 Jun 2021 15:00:14 +0200
Subject: [PATCH 2/2] net: Fix TLS cert validation not being done for any
network call
The default SoupSessionAsync behaviour does not perform any TLS certificate
validation, unless the ssl-use-system-ca-file property is set to true.
See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
This mitigates CVE-2016-20011.
Closes: #146
---
libs/net/grl-net-wc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c
index 5a8e89f..5ff1d17 100644
--- a/libs/net/grl-net-wc.c
+++ b/libs/net/grl-net-wc.c
@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc)
wc->priv = grl_net_wc_get_instance_private (wc);
wc->priv->session = soup_session_async_new ();
+ g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
wc->priv->pending = g_queue_new ();
set_thread_context (wc);
--
2.31.1

15
grilo.spec
View File

@ -3,7 +3,7 @@
Name: grilo Name: grilo
Version: 0.3.13 Version: 0.3.13
Release: 3%{?dist} Release: 4%{?dist}
Summary: Content discovery framework Summary: Content discovery framework
License: LGPLv2+ License: LGPLv2+
@ -11,6 +11,7 @@ URL: https://wiki.gnome.org/Projects/Grilo
Source0: https://download.gnome.org/sources/grilo/%{release_version}/grilo-%{version}.tar.xz Source0: https://download.gnome.org/sources/grilo/%{release_version}/grilo-%{version}.tar.xz
BuildRequires: meson BuildRequires: meson
BuildRequires: git
BuildRequires: chrpath BuildRequires: chrpath
BuildRequires: gettext BuildRequires: gettext
BuildRequires: vala >= 0.27.1 BuildRequires: vala >= 0.27.1
@ -24,6 +25,11 @@ BuildRequires: gtk3-devel
BuildRequires: liboauth-devel BuildRequires: liboauth-devel
BuildRequires: totem-pl-parser-devel BuildRequires: totem-pl-parser-devel
# https://gitlab.gnome.org/GNOME/grilo/-/merge_requests/77
Patch0: 0001-build-Clarify-LGPLv2.1-or-later-license.patch
# https://gitlab.gnome.org/GNOME/grilo/-/merge_requests/78
Patch1: 0002-net-Fix-TLS-cert-validation-not-being-done-for-any-n.patch
%description %description
Grilo is a framework that provides access to different sources of Grilo is a framework that provides access to different sources of
multimedia content, using a pluggable system. multimedia content, using a pluggable system.
@ -40,7 +46,7 @@ This package contains the core library and elements, as well as
general and API documentation. general and API documentation.
%prep %prep
%autosetup -p1 %autosetup -p1 -S git
%build %build
%meson -Denable-gtk-doc=true %meson -Denable-gtk-doc=true
@ -80,6 +86,11 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/grilo-%{release_version}/plugins/
%{_datadir}/vala/ %{_datadir}/vala/
%changelog %changelog
* Tue Jun 22 2021 Bastien Nocera <bnocera@redhat.com> - 0.3.13-4
+ grilo-0.3.13-4
- Clarify license
- Fix TLS not being validated correctly
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.13-3 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.13-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild