Date: Sat, 7 Mar 2015 13:53:54 +0000 (UTC) From: Koop Mast <kwm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r380698 - in head/archivers: . gcab gcab/files Message-ID: <201503071353.t27Drs9K058721@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kwm Date: Sat Mar 7 13:53:53 2015 New Revision: 380698 URL: https://svnweb.freebsd.org/changeset/ports/380698 QAT: https://qat.redports.org/buildarchive/r380698/ Log: Gcab is a utility and library mainly made to create Cabinet files, using GObject/GIO API and provides GIR bindings. - creation supports plain and basic MSZIP compression - can open and list files from cabinet, no extraction - provided API/ABI stable Added: head/archivers/gcab/ head/archivers/gcab/Makefile (contents, props changed) head/archivers/gcab/distinfo (contents, props changed) head/archivers/gcab/files/ head/archivers/gcab/files/patch-libgcab_gcab-folder.c (contents, props changed) head/archivers/gcab/pkg-descr (contents, props changed) head/archivers/gcab/pkg-plist (contents, props changed) Modified: head/archivers/Makefile Modified: head/archivers/Makefile ============================================================================== --- head/archivers/Makefile Sat Mar 7 13:50:45 2015 (r380697) +++ head/archivers/Makefile Sat Mar 7 13:53:53 2015 (r380698) @@ -30,6 +30,7 @@ SUBDIR += fpc-unzip SUBDIR += freetar SUBDIR += freeze + SUBDIR += gcab SUBDIR += gcpio SUBDIR += grzip SUBDIR += gtar Added: head/archivers/gcab/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/archivers/gcab/Makefile Sat Mar 7 13:53:53 2015 (r380698) @@ -0,0 +1,18 @@ +# Created by: kwm@FreeBSD.org +# $FreeBSD$ + +PORTNAME= gcab +PORTVERSION= 0.4 +CATEGORIES= archivers gnome +MASTER_SITES= GNOME + +MAINTAINER= gnome@FreeBSD.org +COMMENT= GObject library to create cabinet files + +BUILD_DEPENDS= vala:${PORTSDIR}/lang/vala + +USES= gettext gmake libtool pathfix pkgconfig tar:xz +GNU_CONFIGURE= yes +USE_GNOME= glib20 intlhack introspection:build + +.include <bsd.port.mk> Added: head/archivers/gcab/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/archivers/gcab/distinfo Sat Mar 7 13:53:53 2015 (r380698) @@ -0,0 +1,2 @@ +SHA256 (gcab-0.4.tar.xz) = f907b16f1246fbde9397363d9c4ad2291f2a8a53dcd4f5979d3912bb856991b8 +SIZE (gcab-0.4.tar.xz) = 294684 Added: head/archivers/gcab/files/patch-libgcab_gcab-folder.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/archivers/gcab/files/patch-libgcab_gcab-folder.c Sat Mar 7 13:53:53 2015 (r380698) @@ -0,0 +1,49 @@ +From 0ccdf564b6a3e26522a8eb1858f1828844fa3536 Mon Sep 17 00:00:00 2001 +From: Stephen Kitt <steve@sk2.org> +Date: Mon, 5 Jan 2015 06:28:00 +0000 +Subject: Avoid path traversal + +gcab suffers from a directory traversal bug: it doesn't filter leading +slashes from paths in CAB files. +(see https://bugs.debian.org/774580) + +The attached patch fixes this, at the cost of ugly paths when faced with +relative traversals. At least all the CAB's contents can be extracted, +without overwriting anything outside the extraction path. + +https://bugzilla.gnome.org/show_bug.cgi?id=742331 + +diff --git a/libgcab/gcab-folder.c b/libgcab/gcab-folder.c +index a140e2c..9510cf3 100644 +--- libgcab/gcab-folder.c ++++ libgcab/gcab-folder.c +@@ -362,9 +362,25 @@ gcab_folder_extract (GCabFolder *self, + fname[i] = '/'; + + GFile *gfile = g_file_resolve_relative_path (path, fname); +- GFile *parent = g_file_get_parent (gfile); + g_free (fname); + ++ if (!g_file_has_prefix (gfile, path)) { ++ // "Rebase" the file in the given path, to ensure we never escape it ++ char *rawpath = g_file_get_path (gfile); ++ if (rawpath != NULL) { ++ char *newpath = rawpath; ++ while (*newpath != 0 && *newpath == G_DIR_SEPARATOR) { ++ newpath++; ++ } ++ GFile *newgfile = g_file_resolve_relative_path (path, newpath); ++ g_free (rawpath); ++ g_object_unref (gfile); ++ gfile = newgfile; ++ } ++ } ++ ++ GFile *parent = g_file_get_parent (gfile); ++ + if (!g_file_make_directory_with_parents (parent, cancellable, &my_error)) { + if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_EXISTS)) + g_clear_error (&my_error); +-- +cgit v0.10.2 + Added: head/archivers/gcab/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/archivers/gcab/pkg-descr Sat Mar 7 13:53:53 2015 (r380698) @@ -0,0 +1,6 @@ +Gcab is a utility and library mainly made to create Cabinet files, using +GObject/GIO API and provides GIR bindings. +- creation supports plain and basic MSZIP compression +- can open and list files from cabinet, no extraction + +WWW: https://wiki.gnome.org/msitools Added: head/archivers/gcab/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/archivers/gcab/pkg-plist Sat Mar 7 13:53:53 2015 (r380698) @@ -0,0 +1,38 @@ +bin/gcab +include/libgcab-1.0/libgcab.h +include/libgcab-1.0/libgcab/gcab-cabinet.h +include/libgcab-1.0/libgcab/gcab-enums.h +include/libgcab-1.0/libgcab/gcab-file.h +include/libgcab-1.0/libgcab/gcab-folder.h +lib/girepository-1.0/GCab-1.0.typelib +lib/libgcab-1.0.a +lib/libgcab-1.0.so +lib/libgcab-1.0.so.0 +lib/libgcab-1.0.so.0.0.0 +libdata/pkgconfig/libgcab-1.0.pc +man/man1/gcab.1.gz +share/gir-1.0/GCab-1.0.gir +share/gtk-doc/html/gcab/GCabCabinet.html +share/gtk-doc/html/gcab/GCabFile.html +share/gtk-doc/html/gcab/GCabFolder.html +share/gtk-doc/html/gcab/annotation-glossary.html +share/gtk-doc/html/gcab/api-index-full.html +share/gtk-doc/html/gcab/ch01.html +share/gtk-doc/html/gcab/deprecated-api-index.html +share/gtk-doc/html/gcab/gcab.devhelp2 +share/gtk-doc/html/gcab/home.png +share/gtk-doc/html/gcab/index.html +share/gtk-doc/html/gcab/index.sgml +share/gtk-doc/html/gcab/left.png +share/gtk-doc/html/gcab/object-tree.html +share/gtk-doc/html/gcab/right.png +share/gtk-doc/html/gcab/style.css +share/gtk-doc/html/gcab/up.png +share/locale/de/LC_MESSAGES/gcab.mo +share/locale/es/LC_MESSAGES/gcab.mo +share/locale/pl/LC_MESSAGES/gcab.mo +share/locale/pt_BR/LC_MESSAGES/gcab.mo +share/locale/sl/LC_MESSAGES/gcab.mo +share/locale/sr/LC_MESSAGES/gcab.mo +share/locale/sr@latin/LC_MESSAGES/gcab.mo +share/vala/vapi/libgcab-1.0.vapi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201503071353.t27Drs9K058721>