!31 update to version 0.4.4

From: @lwg99 Reviewed-by: @open-bot Signed-off-by: @open-bot
update to version 0.4.4
2023-11-29 07:07:04 +00:00 · 2023-11-22 09:51:20 +08:00 · 2022-06-01 02:18:53 +00:00 · 2022-05-18 20:49:09 +08:00 · 2022-04-13 03:24:33 +00:00 · 2022-04-13 11:01:39 +08:00
5 changed files with 37 additions and 114 deletions
--- a/backport-CVE-2020-36241.patch
+++ b/backport-CVE-2020-36241.patch
@ -1,101 +0,0 @@
-diff -Naur gnome-autoar-0.2.4.old/gnome-autoar/autoar-extractor.c gnome-autoar-0.2.4/gnome-autoar/autoar-extractor.c
--- gnome-autoar-0.2.4.old/gnome-autoar/autoar-extractor.c	2019-03-09 00:53:15.000000000 +0800
-+++ gnome-autoar-0.2.4/gnome-autoar/autoar-extractor.c	2021-03-18 22:01:20.838393707 +0800
-@@ -881,32 +881,67 @@
-   return prefix;
- }
- 
-+static gboolean
-+is_valid_filename (GFile *file, GFile *destination)
-+{
-+  g_autoptr (GFile) parent = NULL;
-+  g_autoptr (GFileInfo) info = NULL;
-+
-+  if (g_file_equal (file, destination))
-+    return TRUE;
-+
-+  if (!g_file_has_prefix (file, destination))
-+    return FALSE;
-+
-+  /* Resolve symbolic link ancestors to confirm file is actually inside destination. */
-+  parent = g_file_get_parent (file);
-+  info = g_file_query_info (parent,
-+                            G_FILE_ATTRIBUTE_STANDARD_IS_SYMLINK ","
-+                            G_FILE_ATTRIBUTE_STANDARD_SYMLINK_TARGET,
-+                            G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS,
-+                            NULL,
-+                            NULL);
-+  if (info == NULL)
-+    return FALSE;
-+
-+  if (g_file_info_get_is_symlink (info)) {
-+    g_autoptr (GFile) cwd = NULL;
-+    const gchar *target;
-+
-+    target = g_file_info_get_symlink_target (info);
-+    if (g_path_is_absolute (target))
-+      return FALSE;
-+
-+    cwd = g_file_get_parent (parent);
-+    g_object_unref (parent);
-+    parent = g_file_resolve_relative_path (cwd, target);
-+  }
-+
-+  /* Climb up the path to resolve every symbolic link ancestor found */
-+  return is_valid_filename (parent, destination);
-+}
-+
- static GFile*
- autoar_extractor_do_sanitize_pathname (AutoarExtractor *self,
-                                        const char      *pathname_bytes)
- {
-   GFile *extracted_filename;
-   gboolean valid_filename;
-  g_autofree char *sanitized_pathname;
-+  g_autofree char *sanitized_pathname = NULL;
-   g_autofree char *utf8_pathname;
- 
-   utf8_pathname = autoar_common_get_utf8_pathname (pathname_bytes);
-   extracted_filename = g_file_get_child (self->destination_dir,
-                                          utf8_pathname ?  utf8_pathname : pathname_bytes);
- 
-  valid_filename =
-    g_file_equal (extracted_filename, self->destination_dir) ||
-    g_file_has_prefix (extracted_filename, self->destination_dir);
-
-+  valid_filename = is_valid_filename (extracted_filename, self->destination_dir);
-   if (!valid_filename) {
-    g_autofree char *basename;
-
-    basename = g_file_get_basename (extracted_filename);
-
-+    g_warning ("autoar_extractor_do_sanitize_pathname: %s is outside of the destination dir",
-+                g_file_peek_path (extracted_filename));
-+				
-     g_object_unref (extracted_filename);
- 
-    extracted_filename = g_file_get_child (self->destination_dir,
-                                           basename);
-+    return NULL;
-   }
- 
-   if (self->prefix != NULL && self->new_prefix != NULL) {
-@@ -1862,10 +1897,17 @@
- 
-     extracted_filename =
-       autoar_extractor_do_sanitize_pathname (self, pathname);
-
-+    if (extracted_filename == NULL) {
-+      archive_read_data_skip (a);
-+      continue;
-+    }
-     if (hardlink != NULL) {
-       hardlink_filename =
-         autoar_extractor_do_sanitize_pathname (self, hardlink);
-+        if (hardlink_filename == NULL) {
-+          archive_read_data_skip (a);
-+          continue;
-+        }
-     }
- 
-     /* Attempt to solve any name conflict before doing any operations */
--- a/gnome-autoar-0.2.4.tar.xz
+++ b/gnome-autoar-0.2.4.tar.xz
--- a/gnome-autoar-0.4.4.tar.xz
+++ b/gnome-autoar-0.4.4.tar.xz
--- a/gnome-autoar.spec
+++ b/gnome-autoar.spec
@ -1,15 +1,14 @@
 Name:           gnome-autoar
-Version:        0.2.4
-Release:        2
+Version:        0.4.4
+Release:        1
 Summary:        Creating and extracting archives
 License:        LGPLv2+
-URL:            https://git.gnome.org/browse/gnome-autoar
-Source0:        https://download.gnome.org/sources/gnome-autoar/0.2/gnome-autoar-%{version}.tar.xz
+URL:            https://gitlab.gnome.org/GNOME/gnome-autoar
+Source0:        https://download.gnome.org/sources/%{name}/0.4/%{name}-%{version}.tar.xz

-Patch6000:      backport-CVE-2020-36241.patch 
-
-BuildRequires:  gcc vala pkgconfig(gio-2.0) pkgconfig(glib-2.0) pkgconfig(gobject-2.0) gdb
+BuildRequires:  gcc vala pkgconfig(gio-2.0) pkgconfig(glib-2.0) pkgconfig(gobject-2.0)
 BuildRequires:  pkgconfig(gobject-introspection-1.0) pkgconfig(gtk+-3.0) pkgconfig(libarchive)
+BuildRequires:  meson gtk-doc

 %description
 Automatic archives creating and extracting library.
@ -22,20 +21,25 @@ Requires:  %{name} = %{version}-%{release}
 development header files, libraries for programs using the gnome-autoar library.

 %prep
-%autosetup -n %{name}-%{version} -p1
+%autosetup -p1

 %build
-%configure --disable-static
-%make_build
+%meson -Dvapi=true \
+       -Dgtk_doc=true \
+       -Dtests=true \
+       %{nil}
+
+%meson_build

 %install
-%make_install
+%meson_install
 %delete_la

 %check
-make check
+%meson_test

 %files
+%doc NEWS
 %license COPYING
 %{_libdir}/girepository-1.0/*.typelib
 %{_libdir}/libgnome-autoar-0.so.0*
@ -48,8 +52,28 @@ make check
 %{_datadir}/gir-1.0/*.gir
 %{_datadir}/gtk-doc/
 %{_datadir}/vala/vapi/*.vapi
+%{_datadir}/vala/vapi/gnome-autoar-0.deps
+%{_datadir}/vala/vapi/gnome-autoar-gtk-0.deps

 %changelog
+* Wed Nov 22 2023 lwg <liweiganga@uniontech.com> - 0.4.4-1
+- update to version 0.4.4
+
+* Wed May 18 2022 lwg <liweiganga@uniontech.com> - 0.4.3-2
+- fix spec changelog date
+
+* Mon Mar 28 2022 lin zhang <lin.zhang@turbolinux.com.cn> - 0.4.3-1
+- Upgrade to 0.4.3
+
+* Tue Jul 20 2021 liuyumeng <liuyumeng5@huawei.com> - 0.2.4-4
+- delete gdb in buildrequires
+
+* Wed Apr 14 2021 Dehui Fan <fandehui1@huawei.com> - 0.2.4-3
+- Type: CVE
+- ID:   CVE-2021-28650 
+- SUG:  NA
+- DESC: fix CVE-2021-28650, remove CVE-2020-36241 
+
 * Fri Mar 19 2021 Dehui Fan <fandehui1@huawei.com> - 0.2.4-2
 Type: CVE
 ID:   CVE-2020-36241
--- a/gnome-autoar.yaml
+++ b/gnome-autoar.yaml
@ -1,4 +1,4 @@
 version_control: gitlab.gnome
 src_repo: gnome-autoar
 tag_prefix: ^v
-seperator: .
+separator: .
Author	SHA1	Message	Date
openeuler-ci-bot	67a7cfd102	!31 update to version 0.4.4 From: @lwg99 Reviewed-by: @open-bot Signed-off-by: @open-bot	2023-11-29 07:07:04 +00:00
lwg K	aea1c575f1	update to version 0.4.4	2023-11-22 09:51:20 +08:00
openeuler-ci-bot	82e9ebb23b	!27 fix spec changelog date From: @loong-C Reviewed-by: @zhang__3125 Signed-off-by: @zhang__3125	2022-06-01 02:18:53 +00:00
mylee	a113ccbec9	fix spec changelog date	2022-05-18 20:49:09 +08:00
openeuler-ci-bot	890f39b84f	!26 Upgrade to 0.4.3 From: @zhang__3125 Reviewed-by: @dwl301 Signed-off-by: @dwl301	2022-04-13 03:24:33 +00:00
zhang__3125	b0d3384e26	0.4.3	2022-04-13 11:01:39 +08:00
openeuler-ci-bot	f3f0c552e4	!24 delete gdb in buildrequires From: @liuyumeng1 Reviewed-by: @dwl301 Signed-off-by: @dwl301	2021-07-20 08:26:09 +00:00
liuyumeng	d2e2275f19	delete gdb in buildrequires	2021-07-20 16:06:19 +08:00
openeuler-ci-bot	1ec29174a4	!15 fix CVE-2021-28650, remove CVE-2020-36241 From: @linker99 Reviewed-by: @compile_success,@orange-snn Signed-off-by: @orange-snn	2021-04-16 11:23:02 +08:00
linker	d2f19492e8	fix CVE-2021-28650, remove CVE-2020-36241	2021-04-14 16:18:40 +08:00