diff --git a/CVE-2021-39358.patch b/CVE-2021-39358.patch deleted file mode 100644 index c1deae86b57a24e960e2b894cd0c26987724947a..0000000000000000000000000000000000000000 --- a/CVE-2021-39358.patch +++ /dev/null @@ -1,33 +0,0 @@ -From a7d3d5cbf64647c1ed8978b2a33a3be35f888129 Mon Sep 17 00:00:00 2001 -From: "Douglas R. Reno" -Date: Wed, 15 Sep 2021 17:40:00 +0000 -Subject: [PATCH] Fix CVE-2021-39358 by forcing TLS certificate -validation - -This is similar to the fix performed in other packages. See -https://gitlab.gnome.org/Teams/Releng/security/-/issues/57 for more -details. - -Tested on Linux From Scratch 11.0 and on Debian 11. - -Fixes #17 - ---- - gfbgraph/gfbgraph-photo.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/gfbgraph/gfbgraph-photo.c b/gfbgraph/gfbgraph-photo.c -index 1e8955c..f6281a6 100644 ---- a/gfbgraph/gfbgraph-photo.c -+++ b/gfbgraph/gfbgraph-photo.c -@@ -424,6 +424,7 @@ gfbgraph_photo_download_default_size (GFBGraphPhoto *photo, GFBGraphAuthorizer * - - session = soup_session_sync_new (); - requester = soup_requester_new (); -+ g_object_set (G_OBJECT (session), "ssl-use-system-ca-file", TRUE, NULL); - soup_session_add_feature (session, SOUP_SESSION_FEATURE (requester)); - - request = soup_requester_request (requester, priv->source, error); --- -2.27.0 - diff --git a/gfbgraph-0.2.4.tar.xz b/gfbgraph-0.2.4.tar.xz deleted file mode 100644 index a85846c49cbb6d5cc37129a1afa685d34a762fb4..0000000000000000000000000000000000000000 Binary files a/gfbgraph-0.2.4.tar.xz and /dev/null differ diff --git a/gfbgraph-0.2.5.tar.xz b/gfbgraph-0.2.5.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..6ec621c55197037f65db5a9b2c456015844efcec Binary files /dev/null and b/gfbgraph-0.2.5.tar.xz differ diff --git a/gfbgraph.spec b/gfbgraph.spec index 304738032257a15c04cb4f792d5e73ede0e09b7b..fd10bf6073a49ad130747dea0767ebd01bcfc2eb 100644 --- a/gfbgraph.spec +++ b/gfbgraph.spec @@ -1,32 +1,34 @@ Name: gfbgraph -Version: 0.2.4 -Release: 2 +Version: 0.2.5 +Release: 1 Summary: GLib/GObject wrapper for the Facebook Graph API License: LGPLv2+ URL: https://wiki.gnome.org/Projects/GFBGraph Source0: https://download.gnome.org/sources/gfbgraph/0.2/gfbgraph-%{version}.tar.xz -Patch0: CVE-2021-39358.patch -BuildRequires: pkgconfig(gio-2.0) pkgconfig(glib-2.0) pkgconfig(gobject-2.0) -BuildRequires: pkgconfig(goa-1.0) gobject-introspection-devel gtk-doc pkgconfig(json-glib-1.0) + +BuildRequires: autoconf automake make libtool glib2-devel gobject-introspection-devel gtk-doc +BuildRequires: pkgconfig(goa-1.0) pkgconfig(json-glib-1.0) BuildRequires: pkgconfig(libsoup-2.4) pkgconfig(rest-0.7) + Requires: gobject-introspection + %description GLib/GObject wrapper for the Facebook Graph API that integrates with GNOME Online Accounts. -%package devel +%package devel Summary: Development files for gfbgraph Requires: gobject-introspection-devel gfbgraph%{?_isa} = %{version}-%{release} -%description devel +%description devel The gfbgraph-devel package contains libraries and header files for developing applications that use gfbgraph. %prep -%setup -q -%patch0 -p1 +%autosetup -p1 %build -sh autogen.sh +gtkdocize +autoreconf --install --verbose %configure \ --disable-silent-rules \ --disable-static \ @@ -42,26 +44,21 @@ rm -rf $RPM_BUILD_ROOT%{_prefix}/doc %ldconfig_scriptlets %files -%doc AUTHORS -%doc COPYING -%doc NEWS -%doc README +%doc AUTHORS COPYING NEWS README %{_libdir}/libgfbgraph-0.2.so.* -%dir %{_libdir}/girepository-1.0 %{_libdir}/girepository-1.0/GFBGraph-0.2.typelib %files devel %{_libdir}/libgfbgraph-0.2.so %{_libdir}/pkgconfig/libgfbgraph-0.2.pc -%dir %{_datadir}/gir-1.0 %{_datadir}/gir-1.0/GFBGraph-0.2.gir -%dir %{_datadir}/gtk-doc -%dir %{_datadir}/gtk-doc/html %doc %{_datadir}/gtk-doc/html/gfbgraph-0.2 -%dir %{_includedir}/gfbgraph-0.2 %{_includedir}/gfbgraph-0.2/gfbgraph %changelog +* Mon Mar 28 2022 lin zhang - 0.2.5-1 +- Update to 0.2.5 + * Mon Nov 15 2021 liwu - 0.2.4-2 - Fix CVE-2021-39358