diff --git a/.gfbgraph.metadata b/.gfbgraph.metadata new file mode 100644 index 0000000..c4ec8c9 --- /dev/null +++ b/.gfbgraph.metadata @@ -0,0 +1 @@ +bba9d7149b975e59e5831fb2287ebaad98f85ec1 SOURCES/gfbgraph-0.2.4.tar.xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..48257f6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/gfbgraph-0.2.4.tar.xz diff --git a/SOURCES/gfbgraph-Fix-CVE-2021-39358-by-forcing-TLS-certificate-valida.patch b/SOURCES/gfbgraph-Fix-CVE-2021-39358-by-forcing-TLS-certificate-valida.patch new file mode 100644 index 0000000..4a5504e --- /dev/null +++ b/SOURCES/gfbgraph-Fix-CVE-2021-39358-by-forcing-TLS-certificate-valida.patch @@ -0,0 +1,29 @@ +From c294b06ec0f3a0b8e3f6292de962e048bbd7774a Mon Sep 17 00:00:00 2001 +From: "Douglas R. Reno" +Date: Wed, 15 Sep 2021 17:40:00 +0000 +Subject: [PATCH] Fix CVE-2021-39358 by forcing TLS certificate validation. + +This is similar to the fix performed in other packages. See https://gitlab.gnome.org/Teams/Releng/security/-/issues/57 for more details. Note that this is my first non-documentation commit to a GNOME package, but I'm a distributor and want to see this fixed. + +Tested on Linux From Scratch 11.0 and on Debian 11. + +Fixes #17 +--- + gfbgraph/gfbgraph-photo.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/gfbgraph/gfbgraph-photo.c b/gfbgraph/gfbgraph-photo.c +index 69eb98db2576..2ebb9aaf8db1 100644 +--- a/gfbgraph/gfbgraph-photo.c ++++ b/gfbgraph/gfbgraph-photo.c +@@ -422,6 +422,7 @@ gfbgraph_photo_download_default_size (GFBGraphPhoto *photo, GFBGraphAuthorizer * + + session = soup_session_sync_new (); + requester = soup_requester_new (); ++ g_object_set (G_OBJECT (session), "ssl-use-system-ca-file", TRUE, NULL); + soup_session_add_feature (session, SOUP_SESSION_FEATURE (requester)); + + request = soup_requester_request (requester, priv->source, error); +-- +2.31.1 + diff --git a/SPECS/gfbgraph.spec b/SPECS/gfbgraph.spec new file mode 100644 index 0000000..1e2afc1 --- /dev/null +++ b/SPECS/gfbgraph.spec @@ -0,0 +1,141 @@ +%global api 0.2 + +Name: gfbgraph +Version: %{api}.4 +Release: 1%{?dist} +Summary: GLib/GObject wrapper for the Facebook Graph API + +License: LGPLv2+ +URL: https://wiki.gnome.org/Projects/GFBGraph +Source0: https://download.gnome.org/sources/%{name}/%{api}/%{name}-%{version}.tar.xz + +# https://bugzilla.redhat.com/show_bug.cgi?id=1997941 +Patch0: %{name}-Fix-CVE-2021-39358-by-forcing-TLS-certificate-valida.patch + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: pkgconfig(gio-2.0) +BuildRequires: pkgconfig(glib-2.0) +BuildRequires: pkgconfig(gobject-2.0) +BuildRequires: pkgconfig(goa-1.0) +BuildRequires: gobject-introspection-devel +BuildRequires: gtk-doc +BuildRequires: pkgconfig(json-glib-1.0) +BuildRequires: pkgconfig(libsoup-2.4) +BuildRequires: pkgconfig(rest-0.7) +Requires: gobject-introspection + +%description +GLib/GObject wrapper for the Facebook Graph API that integrates with GNOME +Online Accounts. + +%package devel +Summary: Development files for %{name} +Requires: gobject-introspection-devel +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + + +%prep +%setup -q +%patch0 -p1 + + +%build +gtkdocize +autoreconf --install --verbose +%configure \ + --disable-silent-rules \ + --disable-static \ + --enable-gtk-doc \ + --enable-introspection + +# Omit unused direct shared library dependencies. +sed --in-place --expression 's! -shared ! -Wl,--as-needed\0!g' libtool + +%make_build + + +%install +%make_install + +find $RPM_BUILD_ROOT -name '*.la' -delete +rm -rf $RPM_BUILD_ROOT%{_prefix}/doc + +%ldconfig_scriptlets + + +%files +%doc AUTHORS +%doc COPYING +%doc NEWS +%doc README +%{_libdir}/lib%{name}-%{api}.so.* + +%dir %{_libdir}/girepository-1.0 +%{_libdir}/girepository-1.0/GFBGraph-%{api}.typelib + +%files devel +%{_libdir}/lib%{name}-%{api}.so +%{_libdir}/pkgconfig/libgfbgraph-%{api}.pc + +%dir %{_datadir}/gir-1.0 +%{_datadir}/gir-1.0/GFBGraph-%{api}.gir + +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/%{name}-%{api} + +%dir %{_includedir}/%{name}-%{api} +%{_includedir}/%{name}-%{api}/%{name} + + +%changelog +* Tue Oct 12 2021 Debarshi Ray - 0.2.4-1 +- Update to 0.2.4 +Resolves: #1997941 + +* Wed Feb 07 2018 Fedora Release Engineering - 0.2.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 0.2.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.2.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 0.2.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Feb 03 2016 Fedora Release Engineering - 0.2.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jul 31 2015 Debarshi Ray - 0.2.3-1 +- Update to 0.2.3 + +* Wed Jun 17 2015 Fedora Release Engineering - 0.2.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Aug 16 2014 Fedora Release Engineering - 0.2.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Jul 22 2014 Kalev Lember - 0.2.2-3 +- Rebuilt for gobject-introspection 1.41.4 + +* Sat Jun 07 2014 Fedora Release Engineering - 0.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Dec 18 2013 Debarshi Ray - 0.2.2-1 +- Update to 0.2.2 + +* Thu Nov 28 2013 Debarshi Ray - 0.2.1-2 +- Use %%global instead of %%define +- Define Version in terms of %%{api} +- Drop redundant Requires: pkgconfig from devel + +* Wed Nov 27 2013 Debarshi Ray - 0.2.1-1 +- Initial spec.