Update to 0.3.14

2022-04-13 14:02:30 +08:00 · 2022-04-13 14:02:30 +08:00 · 9ecffc0d40
commit 9ecffc0d40
parent e0b26202e8
4 changed files with 18 additions and 53 deletions
--- a/backport-fix-CVE-2021-39365.patch
+++ b/backport-fix-CVE-2021-39365.patch
@ -1,32 +0,0 @@
 From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001
 From: Bastien Nocera <hadess@hadess.net>
 Date: Mon, 21 Jun 2021 15:00:14 +0200
 Subject: [PATCH] net: Fix TLS cert validation not being done for any network
 call
 The default SoupSessionAsync behaviour does not perform any TLS certificate
 validation, unless the ssl-use-system-ca-file property is set to true.
 See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
 This mitigates CVE-2016-20011.
 Closes: #146
 ---
 libs/net/grl-net-wc.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c
 index 9bd4922..1193d4b 100644
 --- a/libs/net/grl-net-wc.c
 +++ b/libs/net/grl-net-wc.c
@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc)
   wc->priv = grl_net_wc_get_instance_private (wc);
   wc->priv->session = soup_session_async_new ();
 +  g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
   wc->priv->pending = g_queue_new ();
   set_thread_context (wc);
 --
 2.27.0
--- a/grilo-0.3.13.tar.xz
+++ b/grilo-0.3.13.tar.xz
--- a/grilo-0.3.14.tar.xz
+++ b/grilo-0.3.14.tar.xz
--- a/grilo.spec
+++ b/grilo.spec
@ -1,17 +1,13 @@
 # first two digits of version
 %define release_version %(echo %{version} | awk -F. '{print $1"."$2}')
 Name:           grilo
-Version:        0.3.13
+Version:        0.3.14
-Release:        2
+Release:        1
 Summary:        A framework for browsing and searching media content
 License:        LGPLv2+
 URL:            https://wiki.gnome.org/Projects/Grilo
 Source0:        https://download.gnome.org/sources/grilo/%{release_version}/grilo-%{version}.tar.xz
 Patch6000:	backport-fix-CVE-2021-39365.patch
 BuildRequires:  chrpath glib2-devel gettext gobject-introspection-devel >= 0.9.0
 BuildRequires:  gtk-doc gtk3-devel liboauth-devel libsoup-devel libxml2-devel
 BuildRequires:  meson totem-pl-parser-devel vala >= 0.27.1 libxslt
@ -51,36 +47,37 @@ install the %{name}-devel package if you want to develop applications that use
 %install
 %meson_install
-mkdir -p %{buildroot}%{_libdir}/grilo-%{release_version}/
+mkdir -p $RPM_BUILD_ROOT%{_libdir}/grilo-%{release_version}/
-mkdir -p %{buildroot}%{_datadir}/grilo-%{release_version}/plugins/
+mkdir -p $RPM_BUILD_ROOT%{_datadir}/grilo-%{release_version}/plugins/
 %find_lang grilo
 %ldconfig_scriptlets
 %files -f grilo.lang
-%doc NEWS AUTHORS
+%license COPYING
-%{_bindir}/*-0.3
+%{_bindir}/*
-%{_libdir}/*-0.3.so.*
+%{_libdir}/*.so.*
-%dir %{_libdir}/grilo-0.3/
+%{_libdir}/grilo-0.3/
-%{_libdir}/girepository-1.0/*-0.3.typelib
+%{_libdir}/girepository-1.0/
-%dir %{_datadir}/grilo-0.3/plugins/
+%{_datadir}/grilo-0.3/
 %license COPYING
 %files devel
-%{_includedir}/grilo-0.3/*.h
+%{_includedir}/grilo-0.3/
 %{_includedir}/grilo-0.3/net/*.h
 %{_includedir}/grilo-0.3/pls/*.h
 %{_libdir}/pkgconfig/*.pc
-%{_datadir}/gir-1.0/*.gir
+%{_datadir}/gir-1.0/
-%{_datadir}/vala/vapi/*
+%{_datadir}/vala/
 %{_libdir}/*.so
 %files help
-%doc README.md TODO
+%doc AUTHORS NEWS README.md TODO
-%{_mandir}/man1/*.gz
+%{_mandir}/man1/*.1*
 %{_datadir}/gtk-doc/html/grilo/
 %changelog
 * Mon Mar 28 2022 lin zhang <lin.zhang@turbolinux.com.cn> - 0.3.14-1
 - Update to 0.3.14
 * Mon Sep 13 2021 yangcheng<yangcheng87@huawei.com> - 0.3.13-2
 - Type:CVE
 - CVE:CVE-2021-39365