From e703cccd094c4d4d6bb1db4d42ac4a604eff0292 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 17 May 2022 05:19:10 -0400 Subject: [PATCH] import grilo-0.3.13-7.el9 --- .gitignore | 1 + .grilo.metadata | 1 + ...ld-Clarify-LGPLv2.1-or-later-license.patch | 59 ++++ ...-validation-not-being-done-for-any-n.patch | 33 ++ SPECS/grilo.spec | 322 ++++++++++++++++++ 5 files changed, 416 insertions(+) create mode 100644 .gitignore create mode 100644 .grilo.metadata create mode 100644 SOURCES/0001-build-Clarify-LGPLv2.1-or-later-license.patch create mode 100644 SOURCES/0002-net-Fix-TLS-cert-validation-not-being-done-for-any-n.patch create mode 100644 SPECS/grilo.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a885060 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/grilo-0.3.13.tar.xz diff --git a/.grilo.metadata b/.grilo.metadata new file mode 100644 index 0000000..cd9647c --- /dev/null +++ b/.grilo.metadata @@ -0,0 +1 @@ +aa5f1fd521727c4aeb02b7c6af46930b12183083 SOURCES/grilo-0.3.13.tar.xz diff --git a/SOURCES/0001-build-Clarify-LGPLv2.1-or-later-license.patch b/SOURCES/0001-build-Clarify-LGPLv2.1-or-later-license.patch new file mode 100644 index 0000000..c702dd0 --- /dev/null +++ b/SOURCES/0001-build-Clarify-LGPLv2.1-or-later-license.patch @@ -0,0 +1,59 @@ +From 89537b8c4bae8857078de5d084f79ffe532a7ba8 Mon Sep 17 00:00:00 2001 +From: Bastien Nocera +Date: Mon, 21 Jun 2021 14:16:37 +0200 +Subject: [PATCH 1/2] build: Clarify LGPLv2.1 or later license + +The COPYING file by itself isn't enough to know under which license the +project is released, as a combined work. + +Clarify this in the build system and the README. +--- + README.md | 5 +++++ + doc/grilo/overview.xml | 3 ++- + meson.build | 2 +- + 3 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/README.md b/README.md +index c6fe38e..16f9453 100644 +--- a/README.md ++++ b/README.md +@@ -89,4 +89,9 @@ ninja -C build + ./build/tools/grilo-test-ui/grilo-test-ui-0.3 + ``` + ++## License ++ ++grilo is available under the [GNU Lesser General Public License v2.1 or later](https://spdx.org/licenses/LGPL-2.1-or-later.html). ++Check the sources themselves for individual copyrights and licenses. ++ + Enjoy! +diff --git a/doc/grilo/overview.xml b/doc/grilo/overview.xml +index aa169ae..52b8e41 100644 +--- a/doc/grilo/overview.xml ++++ b/doc/grilo/overview.xml +@@ -99,7 +99,8 @@ developers. + + + +-Grilo is licensed under the GNU Lesser General Public License (LGPL). ++Grilo is licensed under the GNU Lesser General Public License (LGPL) ++version 2.1 or later. + + + +diff --git a/meson.build b/meson.build +index cf12454..f76d790 100644 +--- a/meson.build ++++ b/meson.build +@@ -12,7 +12,7 @@ project('grilo', 'c', + 'c_std=gnu99', + 'warning_level=1' + ], +- license: 'LGPL 2.1', ++ license: 'LGPL-2.1-or-later', + meson_version: '>= 0.46.0') + + grilo_version = meson.project_version() +-- +2.31.1 + diff --git a/SOURCES/0002-net-Fix-TLS-cert-validation-not-being-done-for-any-n.patch b/SOURCES/0002-net-Fix-TLS-cert-validation-not-being-done-for-any-n.patch new file mode 100644 index 0000000..743d4bc --- /dev/null +++ b/SOURCES/0002-net-Fix-TLS-cert-validation-not-being-done-for-any-n.patch @@ -0,0 +1,33 @@ +From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001 +From: Bastien Nocera +Date: Mon, 21 Jun 2021 15:00:14 +0200 +Subject: [PATCH 2/2] net: Fix TLS cert validation not being done for any + network call + +The default SoupSessionAsync behaviour does not perform any TLS certificate +validation, unless the ssl-use-system-ca-file property is set to true. + +See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ + +This mitigates CVE-2016-20011. + +Closes: #146 +--- + libs/net/grl-net-wc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c +index 5a8e89f..5ff1d17 100644 +--- a/libs/net/grl-net-wc.c ++++ b/libs/net/grl-net-wc.c +@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc) + wc->priv = grl_net_wc_get_instance_private (wc); + + wc->priv->session = soup_session_async_new (); ++ g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL); + wc->priv->pending = g_queue_new (); + + set_thread_context (wc); +-- +2.31.1 + diff --git a/SPECS/grilo.spec b/SPECS/grilo.spec new file mode 100644 index 0000000..292be01 --- /dev/null +++ b/SPECS/grilo.spec @@ -0,0 +1,322 @@ +# first two digits of version +%define release_version %(echo %{version} | awk -F. '{print $1"."$2}') + +Name: grilo +Version: 0.3.13 +Release: 7%{?dist} +Summary: Content discovery framework + +License: LGPLv2+ +URL: https://wiki.gnome.org/Projects/Grilo +Source0: https://download.gnome.org/sources/grilo/%{release_version}/grilo-%{version}.tar.xz + +BuildRequires: meson +BuildRequires: git +BuildRequires: chrpath +BuildRequires: gettext +BuildRequires: vala >= 0.27.1 +BuildRequires: gtk-doc +BuildRequires: gobject-introspection-devel >= 0.9.0 +BuildRequires: libxml2-devel +BuildRequires: libsoup-devel +BuildRequires: glib2-devel +# For the test UI +BuildRequires: gtk3-devel +BuildRequires: totem-pl-parser-devel + +# https://gitlab.gnome.org/GNOME/grilo/-/merge_requests/77 +Patch0: 0001-build-Clarify-LGPLv2.1-or-later-license.patch +# https://gitlab.gnome.org/GNOME/grilo/-/merge_requests/78 +Patch1: 0002-net-Fix-TLS-cert-validation-not-being-done-for-any-n.patch + +%description +Grilo is a framework that provides access to different sources of +multimedia content, using a pluggable system. +This package contains the core library and elements. + +%package devel +Summary: Libraries/include files for Grilo framework +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +Grilo is a framework that provides access to different sources of +multimedia content, using a pluggable system. +This package contains the core library and elements, as well as +general and API documentation. + +%prep +%autosetup -p1 -S git + +%build +%meson -Denable-gtk-doc=true + +%meson_build + +%install +%meson_install + +mkdir -p $RPM_BUILD_ROOT%{_libdir}/grilo-%{release_version}/ +mkdir -p $RPM_BUILD_ROOT%{_datadir}/grilo-%{release_version}/plugins/ + +%find_lang grilo + +%ldconfig_scriptlets + +%files -f grilo.lang +%license COPYING +%doc AUTHORS NEWS README.md TODO +%{_libdir}/*.so.* +%{_libdir}/girepository-1.0/ +%{_bindir}/grl-inspect-%{release_version} +%{_bindir}/grl-launch-%{release_version} +%{_bindir}/grilo-test-ui-%{release_version} +%{_libdir}/grilo-%{release_version}/ +%{_datadir}/grilo-%{release_version}/ +%{_mandir}/man1/grilo-test-ui-%{release_version}.1* +%{_mandir}/man1/grl-inspect-%{release_version}.1* +%{_mandir}/man1/grl-launch-%{release_version}.1* + +%files devel +%{_datadir}/gtk-doc/html/%{name} +%{_includedir}/%{name}-%{release_version}/ +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc +%{_datadir}/gir-1.0/ +%{_datadir}/vala/ + +%changelog +* Mon Aug 23 2021 Debarshi Ray - 0.3.13-7 +- Drop the BuildRequires on liboauth +Resolves: #1996880 + +* Mon Aug 09 2021 Mohan Boddu - 0.3.13-6 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Mon Jun 28 2021 Bastien Nocera - 0.3.13-5 ++ grilo-0.3.13-5 +- Clarify license +- Fix TLS not being validated correctly +- Resolves: rhbz#1976719 + +* Thu Apr 15 2021 Mohan Boddu - 0.3.13-4 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 0.3.13-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Sep 09 2020 Kalev Lember - 0.3.13-2 +- Rebuild to include in GNOME megaupdate + +* Thu Sep 3 2020 Victor Toso - 0.3.13-1 +- Update to 0.3.13 + +* Tue Jul 28 2020 Fedora Release Engineering - 0.3.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Feb 14 2020 Victor Toso - 0.3.12-1 +- Update to 0.3.12 + +* Wed Jan 29 2020 Fedora Release Engineering - 0.3.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jan 10 2020 Kalev Lember - 0.3.11-1 +- Update to 0.3.11 + +* Thu Nov 28 2019 Kalev Lember - 0.3.10-2 +- Fix the build with totem-pl-parser 3.26.4 + +* Thu Sep 12 2019 Victor Toso - 0.3.10-1 +- Update to 0.3.10 + +* Thu Jul 25 2019 Fedora Release Engineering - 0.3.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jul 18 2019 Kalev Lember - 0.3.9-2 +- BR gettext, instead of intltool + +* Wed Jul 17 2019 Victor Toso - 0.3.9-1 +- Update to 0.3.9, fixes introspection regression + +* Mon Jul 15 2019 Kalev Lember - 0.3.8-1 +- Update to 0.3.8 + +* Fri Feb 01 2019 Fedora Release Engineering - 0.3.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Nov 19 2018 Victor Toso - 0.3.7-1 +- Update to 0.3.7 + +* Tue Jul 31 2018 Florian Weimer - 0.3.6-4 +- Rebuild with fixed binutils + +* Fri Jul 27 2018 Victor Toso - 0.3.6-3 +- Switch to meson build system + +* Fri Jul 27 2018 Igor Gnatenko - 0.3.6-2 +- Rebuild for new binutils + +* Fri Jul 27 2018 Victor Toso - 0.3.6-1 +- Update to 0.3.6 + +* Tue Jul 17 2018 Victor Toso - 0.3.5-1 +- Update to 0.3.5 + +* Fri Jul 13 2018 Fedora Release Engineering - 0.3.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 07 2018 Fedora Release Engineering - 0.3.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Feb 03 2018 Igor Gnatenko - 0.3.4-2 +- Switch to %%ldconfig_scriptlets + +* Thu Aug 24 2017 Bastien Nocera - 0.3.4-1 ++ grilo-0.3.4-1 +- Update to 0.3.4 + +* Thu Aug 10 2017 Kalev Lember - 0.3.3-4 +- Rebuilt for libtotem-plparser soname bump + +* Mon Jul 31 2017 Kalev Lember - 0.3.3-3 +- Rebuilt for libtotem-plparser soname bump + +* Wed Jul 26 2017 Fedora Release Engineering - 0.3.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Feb 14 2017 Kalev Lember - 0.3.3-1 +- Update to 0.3.3 + +* Fri Feb 10 2017 Fedora Release Engineering - 0.3.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Oct 17 2016 Kalev Lember - 0.3.2-4 +- Stop providing grilo 0.2 ABI compatibility + +* Thu Sep 22 2016 Kalev Lember - 0.3.2-3 +- BR vala instead of obsolete vala-tools subpackage + +* Wed Sep 21 2016 Bastien Nocera - 0.3.2-2 ++ grilo-0.3.2-1 +- Take ownership of /usr/share/grilo-0.3 not just its plugins subdir + +* Mon Sep 12 2016 Kalev Lember - 0.3.2-1 +- Update to 0.3.2 +- Don't set group tags +- Avoid requiring gobject-introspection for directory ownership +- Use make_install macro + +* Wed Jun 22 2016 Richard Hughes - 0.3.1-1 +- Update to 0.3.1 + +* Wed Feb 03 2016 Fedora Release Engineering - 0.3.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Dec 18 2015 Kalev Lember - 0.3.0-1 +- Update to 0.3.0 +- Update project URL +- Include previous ABI version for temporary binary compatibility + +* Wed Sep 09 2015 Kalev Lember - 0.2.15-1 +- Update to 0.2.15 + +* Tue Sep 08 2015 Kalev Lember - 0.2.13-1 +- Update to 0.2.13 +- Merge -vala subpackage into -devel +- Tighten -devel subpackage deps with the _isa macro +- Don't duplicate %%doc-marked files in -devel +- Mark COPYING as %%license + +* Wed Jun 17 2015 Fedora Release Engineering - 0.2.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu Feb 19 2015 Richard Hughes - 0.2.12-1 +- Update to 0.2.12 + +* Sun Aug 24 2014 Kalev Lember - 0.2.11-1 +- Update to 0.2.11 + +* Sat Aug 16 2014 Fedora Release Engineering - 0.2.10-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Jul 22 2014 Kalev Lember - 0.2.10-3 +- Rebuilt for gobject-introspection 1.41.4 + +* Sat Jun 07 2014 Fedora Release Engineering - 0.2.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Mar 19 2014 Richard Hughes - 0.2.10-1 +- Update to 0.2.10 + +* Wed Feb 19 2014 Kalev Lember - 0.2.9-2 +- Build with totem-pl-parser and oauth support + +* Wed Feb 19 2014 Kalev Lember - 0.2.9-1 +- Update to 0.2.9 + +* Wed Feb 05 2014 Adam Williamson - 0.2.7-2 +- backport some patches from upstream that are needed for totem + +* Wed Sep 18 2013 Kalev Lember - 0.2.7-1 +- Update to 0.2.7 + +* Sat Aug 03 2013 Fedora Release Engineering - 0.2.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Sat May 18 2013 Kalev Lember - 0.2.6-1 +- Update to 0.2.6 +- Drop the vala sed hack, 0.2.6 now works with recent vala +- Include man pages + +* Wed Mar 20 2013 Kalev Lember - 0.2.5-1 +- Update to 0.2.5 + +* Thu Feb 14 2013 Fedora Release Engineering - 0.2.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Dec 04 2012 Bastien Nocera 0.2.4-1 +- Update to 0.2.4 + +* Tue Nov 13 2012 Kalev Lember 0.2.3-1 +- Update to 0.2.3 + +* Fri Oct 05 2012 Bastien Nocera 0.2.2-1 +- Update to 0.2.2 + +* Wed Oct 03 2012 Bastien Nocera 0.2.1-1 +- Update to 0.2.1 + +* Fri Aug 31 2012 Debarshi Ray 0.2.0-1 +- update to 0.2.0 + +* Thu Jul 19 2012 Fedora Release Engineering - 0.1.19-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri May 25 2012 Bastien Nocera 0.1.19-1 +- Update to 0.1.19 + +* Wed Mar 7 2012 Peter Robinson 0.1.18-3 +- fix build with vala 0.15/0.16 + +* Fri Jan 13 2012 Fedora Release Engineering - 0.1.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Dec 12 2011 Bastien Nocera 0.1.18-1 +- Update to 0.1.18 + +* Fri Oct 14 2011 Adam Williamson 0.1.17-1 +- update to 0.1.17 + +* Mon Jul 04 2011 Bastien Nocera 0.1.16-1 +- Update to 0.1.16 + +* Fri May 20 2011 Bastien Nocera 0.1.15-3 +- Own the grilo plugins directories + +* Wed Apr 27 2011 Bastien Nocera 0.1.15-2 +- Update with review comments + +* Thu Apr 21 2011 Bastien Nocera 0.1.15-1 +- Fist package, based on upstream work by Juan A. + Suarez Romero +