Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package asar for openSUSE:Factory checked in at 2024-11-07 16:26:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/asar (Old) and /work/SRC/openSUSE:Factory/.asar.new.2020 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "asar" Thu Nov 7 16:26:26 2024 rev:11 rq:1222126 version:3.2.17 Changes: -------- --- /work/SRC/openSUSE:Factory/asar/asar.changes 2024-09-11 16:56:31.704877466 +0200 +++ /work/SRC/openSUSE:Factory/.asar.new.2020/asar.changes 2024-11-07 16:26:32.115516902 +0100 @@ -1,0 +2,13 @@ +Thu Nov 7 10:57:33 UTC 2024 - Bruno Pitrus <[email protected]> + +- New upstream release 3.2.17 + * isUnpackedDir matches non-child directories that have same folder name prefix (gh#electron/asar#333) + * checking if symlink with same prefix points outside the directory (gh#electron/asar#335) + +------------------------------------------------------------------- +Wed Nov 6 15:52:11 UTC 2024 - Bruno Pitrus <[email protected]> + +- New upstream release 3.2.16 + * Enable getNode to follow directory links (gh#electron/asar#248) + +------------------------------------------------------------------- Old: ---- v3.2.13.tar.gz New: ---- v3.2.17.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ asar.spec ++++++ --- /var/tmp/diff_new_pack.LKRXRx/_old 2024-11-07 16:26:33.051555907 +0100 +++ /var/tmp/diff_new_pack.LKRXRx/_new 2024-11-07 16:26:33.055556074 +0100 @@ -17,7 +17,7 @@ Name: asar -Version: 3.2.13 +Version: 3.2.17 Release: 0 Summary: Creating atom-shell (electron) app packages License: MIT and ISC ++++++ v3.2.13.tar.gz -> v3.2.17.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/.circleci/config.yml new/asar-3.2.17/.circleci/config.yml --- old/asar-3.2.13/.circleci/config.yml 2024-09-11 02:45:18.000000000 +0200 +++ new/asar-3.2.17/.circleci/config.yml 2024-11-06 19:15:40.000000000 +0100 @@ -1,8 +1,8 @@ version: 2.1 orbs: - cfa: continuousauth/[email protected] - node: electronjs/[email protected] + cfa: continuousauth/[email protected] + node: electronjs/[email protected] workflows: test_and_release: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/.github/workflows/add-to-project.yml new/asar-3.2.17/.github/workflows/add-to-project.yml --- old/asar-3.2.13/.github/workflows/add-to-project.yml 2024-09-11 02:45:18.000000000 +0200 +++ new/asar-3.2.17/.github/workflows/add-to-project.yml 2024-11-06 19:15:40.000000000 +0100 @@ -21,7 +21,7 @@ creds: ${{ secrets.ECOSYSTEM_ISSUE_TRIAGE_GH_APP_CREDS }} org: electron - name: Add to Project - uses: dsanders11/project-actions/add-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0 + uses: dsanders11/project-actions/add-item@438b25e007c2f4efec324497fadc6402e7cc61a6 # v1.4.0 with: field: Opened field-value: ${{ github.event.pull_request.created_at || github.event.issue.created_at }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/package.json new/asar-3.2.17/package.json --- old/asar-3.2.13/package.json 2024-09-11 02:45:18.000000000 +0200 +++ new/asar-3.2.17/package.json 2024-11-06 19:15:40.000000000 +0100 @@ -18,7 +18,7 @@ "homepage": "https://github.com/electron/asar";, "repository": { "type": "git", - "url": "https://github.com/electron/asar.git"; + "url": "git+https://github.com/electron/asar.git"; }, "bugs": { "url": "https://github.com/electron/asar/issues"; @@ -34,7 +34,6 @@ "prepare": "tsc" }, "dependencies": { - "@types/glob": "^7.1.0", "commander": "^5.0.0", "glob": "^7.1.6", "minimatch": "^3.0.4" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/src/asar.ts new/asar-3.2.17/src/asar.ts --- old/asar-3.2.13/src/asar.ts 2024-09-11 02:45:18.000000000 +0200 +++ new/asar-3.2.17/src/asar.ts 2024-11-06 19:15:40.000000000 +0100 @@ -10,7 +10,7 @@ } from './filesystem'; import * as disk from './disk'; import { crawl as crawlFilesystem, determineFileType } from './crawlfs'; -import { IOptions } from 'glob'; +import { IOptions } from './types/glob'; /** * Whether a directory should be excluded from packing due to the `--unpack-dir" option. @@ -26,7 +26,10 @@ } return true; } else { - return unpackDirs.some((unpackDir) => dirPath.startsWith(unpackDir)); + return unpackDirs.some( + (unpackDir) => + dirPath.startsWith(unpackDir) && !path.relative(unpackDir, dirPath).startsWith('..'), + ); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/src/crawlfs.ts new/asar-3.2.17/src/crawlfs.ts --- old/asar-3.2.13/src/crawlfs.ts 2024-09-11 02:45:18.000000000 +0200 +++ new/asar-3.2.17/src/crawlfs.ts 2024-11-06 19:15:40.000000000 +0100 @@ -1,8 +1,10 @@ import { promisify } from 'util'; -import { glob as _glob, IOptions } from 'glob'; +import { glob as _glob } from 'glob'; import fs from './wrapped-fs'; import { Stats } from 'fs'; +import * as path from 'path'; +import { IOptions } from './types/glob'; const glob = promisify(_glob); @@ -31,7 +33,7 @@ const metadata: Record<string, CrawledFileType> = {}; const crawled = await glob(dir, options); const results = await Promise.all( - crawled.map(async (filename) => <const>[filename, await determineFileType(filename)]), + crawled.map(async (filename) => [filename, await determineFileType(filename)] as const), ); const links: string[] = []; const filenames = results @@ -47,9 +49,14 @@ // those appearing in archives we need to manually exclude theme here const exactLinkIndex = links.findIndex((link) => filename === link); return links.every((link, index) => { - if (index === exactLinkIndex) return true; - return !filename.startsWith(link); + if (index === exactLinkIndex) { + return true; + } + const isFileWithinSymlinkDir = filename.startsWith(link); + // symlink may point outside the directory: https://github.com/electron/asar/issues/303 + const relativePath = path.relative(link, path.dirname(filename)); + return !isFileWithinSymlinkDir || relativePath.startsWith('..'); }); }); - return <const>[filenames, metadata]; + return [filenames, metadata] as const; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/src/filesystem.ts new/asar-3.2.17/src/filesystem.ts --- old/asar-3.2.13/src/filesystem.ts 2024-09-11 02:45:18.000000000 +0200 +++ new/asar-3.2.17/src/filesystem.ts 2024-11-06 19:15:40.000000000 +0100 @@ -190,9 +190,12 @@ return files; } - getNode(p: string) { + getNode(p: string, followLinks: boolean = true): FilesystemEntry { const node = this.searchNodeFromDirectory(path.dirname(p)); const name = path.basename(p); + if ('link' in node && followLinks) { + return this.getNode(path.join(node.link, name)); + } if (name) { return (node as FilesystemDirectoryEntry).files[name]; } else { @@ -201,7 +204,7 @@ } getFile(p: string, followLinks: boolean = true): FilesystemEntry { - const info = this.getNode(p); + const info = this.getNode(p, followLinks); if (!info) { throw new Error(`"${p}" was not found in this archive`); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/src/types/ambient.d.ts new/asar-3.2.17/src/types/ambient.d.ts --- old/asar-3.2.13/src/types/ambient.d.ts 1970-01-01 01:00:00.000000000 +0100 +++ new/asar-3.2.17/src/types/ambient.d.ts 2024-11-06 19:15:40.000000000 +0100 @@ -0,0 +1,11 @@ +/** + * TODO(erikian): remove this file once we upgrade to the latest `glob` version. + * https://github.com/electron/asar/pull/332#issuecomment-2435407933 + */ +declare module 'glob' { + export function glob( + pattern: string, + options: import('./glob').IOptions, + cb: (err: Error | null, matches: string[]) => void, + ): unknown; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/src/types/glob.ts new/asar-3.2.17/src/types/glob.ts --- old/asar-3.2.13/src/types/glob.ts 1970-01-01 01:00:00.000000000 +0100 +++ new/asar-3.2.17/src/types/glob.ts 2024-11-06 19:15:40.000000000 +0100 @@ -0,0 +1,159 @@ +/** + * TODO(erikian): remove this file once we upgrade to the latest `glob` version. + * https://github.com/electron/asar/pull/332#issuecomment-2435407933 + */ +interface IMinimatchOptions { + /** + * Dump a ton of stuff to stderr. + * + * @default false + */ + debug?: boolean | undefined; + + /** + * Do not expand `{a,b}` and `{1..3}` brace sets. + * + * @default false + */ + nobrace?: boolean | undefined; + + /** + * Disable `**` matching against multiple folder names. + * + * @default false + */ + noglobstar?: boolean | undefined; + + /** + * Allow patterns to match filenames starting with a period, + * even if the pattern does not explicitly have a period in that spot. + * + * Note that by default, `'a/**' + '/b'` will **not** match `a/.d/b`, unless `dot` is set. + * + * @default false + */ + dot?: boolean | undefined; + + /** + * Disable "extglob" style patterns like `+(a|b)`. + * + * @default false + */ + noext?: boolean | undefined; + + /** + * Perform a case-insensitive match. + * + * @default false + */ + nocase?: boolean | undefined; + + /** + * When a match is not found by `minimatch.match`, + * return a list containing the pattern itself if this option is set. + * Otherwise, an empty list is returned if there are no matches. + * + * @default false + */ + nonull?: boolean | undefined; + + /** + * If set, then patterns without slashes will be matched + * against the basename of the path if it contains slashes. For example, + * `a?b` would match the path `/xyz/123/acb`, but not `/xyz/acb/123`. + * + * @default false + */ + matchBase?: boolean | undefined; + + /** + * Suppress the behavior of treating `#` at the start of a pattern as a comment. + * + * @default false + */ + nocomment?: boolean | undefined; + + /** + * Suppress the behavior of treating a leading `!` character as negation. + * + * @default false + */ + nonegate?: boolean | undefined; + + /** + * Returns from negate expressions the same as if they were not negated. + * (Ie, true on a hit, false on a miss.) + * + * @default false + */ + flipNegate?: boolean | undefined; + + /** + * Compare a partial path to a pattern. As long as the parts of the path that + * are present are not contradicted by the pattern, it will be treated as a + * match. This is useful in applications where you're walking through a + * folder structure, and don't yet have the full path, but want to ensure that + * you do not walk down paths that can never be a match. + * + * @default false + * + * @example + * import minimatch = require("minimatch"); + * + * minimatch('/a/b', '/a/*' + '/c/d', { partial: true }) // true, might be /a/b/c/d + * minimatch('/a/b', '/**' + '/d', { partial: true }) // true, might be /a/b/.../d + * minimatch('/x/y/z', '/a/**' + '/z', { partial: true }) // false, because x !== a + */ + partial?: boolean; + + /** + * Use `\\` as a path separator _only_, and _never_ as an escape + * character. If set, all `\\` characters are replaced with `/` in + * the pattern. Note that this makes it **impossible** to match + * against paths containing literal glob pattern characters, but + * allows matching with patterns constructed using `path.join()` and + * `path.resolve()` on Windows platforms, mimicking the (buggy!) + * behavior of earlier versions on Windows. Please use with + * caution, and be mindful of the caveat about Windows paths + * + * For legacy reasons, this is also set if + * `options.allowWindowsEscape` is set to the exact value `false`. + * + * @default false + */ + windowsPathsNoEscape?: boolean; +} + +export interface IOptions extends IMinimatchOptions { + cwd?: string | undefined; + root?: string | undefined; + dot?: boolean | undefined; + nomount?: boolean | undefined; + mark?: boolean | undefined; + nosort?: boolean | undefined; + stat?: boolean | undefined; + silent?: boolean | undefined; + strict?: boolean | undefined; + cache?: { [path: string]: boolean | 'DIR' | 'FILE' | ReadonlyArray<string> } | undefined; + statCache?: { [path: string]: false | { isDirectory(): boolean } | undefined } | undefined; + symlinks?: { [path: string]: boolean | undefined } | undefined; + realpathCache?: { [path: string]: string } | undefined; + sync?: boolean | undefined; + nounique?: boolean | undefined; + nonull?: boolean | undefined; + debug?: boolean | undefined; + nobrace?: boolean | undefined; + noglobstar?: boolean | undefined; + noext?: boolean | undefined; + nocase?: boolean | undefined; + matchBase?: any; + nodir?: boolean | undefined; + ignore?: string | ReadonlyArray<string> | undefined; + follow?: boolean | undefined; + realpath?: boolean | undefined; + nonegate?: boolean | undefined; + nocomment?: boolean | undefined; + absolute?: boolean | undefined; + allowWindowsEscape?: boolean | undefined; + fs?: typeof import('fs'); +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/test/api-spec.js new/asar-3.2.17/test/api-spec.js --- old/asar-3.2.13/test/api-spec.js 2024-09-11 02:45:18.000000000 +0200 +++ new/asar-3.2.17/test/api-spec.js 2024-11-06 19:15:40.000000000 +0100 @@ -119,6 +119,21 @@ 'test/input/packthis-with-symlink/real.txt', ); }); + it('should extract an archive with symlink having the same prefix', async () => { + await asar.createPackageWithOptions( + 'test/input/packthis-with-symlink-same-prefix/', + 'tmp/packthis-with-symlink-same-prefix.asar', + { dot: false }, + ); + asar.extractAll( + 'tmp/packthis-with-symlink-same-prefix.asar', + 'tmp/packthis-with-symlink-same-prefix/', + ); + return compFiles( + 'tmp/packthis-with-symlink-same-prefix/real.txt', + 'test/input/packthis-with-symlink-same-prefix/real.txt', + ); + }); it('should not extract an archive with a bad symlink', async () => { assert.throws(() => { asar.extractAll('test/input/bad-symlink.asar', 'tmp/bad-symlink/'); @@ -168,4 +183,8 @@ assert.deepStrictEqual(topLevelFunctions, defaultExportFunctions); }); + it('should stat a symlinked file', async () => { + const stats = asar.statFile('test/input/stat-symlink.asar', 'real.txt', true); + return assert.strictEqual(stats.link, undefined); + }); }); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/test/cli-spec.js new/asar-3.2.17/test/cli-spec.js --- old/asar-3.2.13/test/cli-spec.js 2024-09-11 02:45:18.000000000 +0200 +++ new/asar-3.2.17/test/cli-spec.js 2024-11-06 19:15:40.000000000 +0100 @@ -174,13 +174,18 @@ 'test/expected/packthis-unpack-dir.asar', ); }); - it('should create archive from directory with unpacked subdirs and files', async () => { + it('should create archive from directory with unpacked subdirs and files using minimatch', async () => { await execAsar( - 'p test/input/packthis-subdir/ tmp/packthis-unpack-subdir-cli.asar --unpack *.txt --unpack-dir dir2/subdir --exclude-hidden', + 'p test/input/packthis-subdir/ tmp/packthis-unpack-subdir-cli.asar --unpack *.txt --unpack-dir "{dir2/subdir,dir2/subdir}" --exclude-hidden', ); assert.ok(fs.existsSync('tmp/packthis-unpack-subdir-cli.asar.unpacked/file0.txt')); assert.ok(fs.existsSync('tmp/packthis-unpack-subdir-cli.asar.unpacked/dir1/file1.txt')); assert.ok(fs.existsSync('tmp/packthis-unpack-subdir-cli.asar.unpacked/dir2/subdir/file2.png')); assert.ok(fs.existsSync('tmp/packthis-unpack-subdir-cli.asar.unpacked/dir2/subdir/file3.txt')); + assert.ok( + fs.existsSync( + 'tmp/packthis-unpack-subdir-cli.asar.unpacked/dir2/subdir-do-not-unpack/file2.png', + ) === false, + ); }); }); Binary files old/asar-3.2.13/test/input/packthis-subdir/dir2/subdir-do-not-unpack/file2.png and new/asar-3.2.17/test/input/packthis-subdir/dir2/subdir-do-not-unpack/file2.png differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/test/input/packthis-with-symlink-same-prefix/A new/asar-3.2.17/test/input/packthis-with-symlink-same-prefix/A --- old/asar-3.2.13/test/input/packthis-with-symlink-same-prefix/A 1970-01-01 01:00:00.000000000 +0100 +++ new/asar-3.2.17/test/input/packthis-with-symlink-same-prefix/A 2024-11-07 16:26:33.163560575 +0100 @@ -0,0 +1 @@ +symbolic link to AA diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/test/input/packthis-with-symlink-same-prefix/AA/real.txt new/asar-3.2.17/test/input/packthis-with-symlink-same-prefix/AA/real.txt --- old/asar-3.2.13/test/input/packthis-with-symlink-same-prefix/AA/real.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/asar-3.2.17/test/input/packthis-with-symlink-same-prefix/AA/real.txt 2024-11-06 19:15:40.000000000 +0100 @@ -0,0 +1 @@ +I AM REAL TXT FILE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/test/input/packthis-with-symlink-same-prefix/real.txt new/asar-3.2.17/test/input/packthis-with-symlink-same-prefix/real.txt --- old/asar-3.2.13/test/input/packthis-with-symlink-same-prefix/real.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/asar-3.2.17/test/input/packthis-with-symlink-same-prefix/real.txt 2024-11-07 16:26:33.155560241 +0100 @@ -0,0 +1 @@ +symbolic link to AA/real.txt Binary files old/asar-3.2.13/test/input/stat-symlink.asar and new/asar-3.2.17/test/input/stat-symlink.asar differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/tsconfig.json new/asar-3.2.17/tsconfig.json --- old/asar-3.2.13/tsconfig.json 2024-09-11 02:45:18.000000000 +0200 +++ new/asar-3.2.17/tsconfig.json 2024-11-06 19:15:40.000000000 +0100 @@ -11,6 +11,10 @@ "types": [ "node" ], + "typeRoots": [ + "node_modules/@types", + "src/types" + ], "allowSyntheticDefaultImports": true, "moduleResolution": "node", "declaration": true, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/asar-3.2.13/yarn.lock new/asar-3.2.17/yarn.lock --- old/asar-3.2.13/yarn.lock 2024-09-11 02:45:18.000000000 +0200 +++ new/asar-3.2.17/yarn.lock 2024-11-06 19:15:40.000000000 +0100 @@ -39,14 +39,6 @@ "@types/node" "*" "@types/responselike" "^1.0.0" -"@types/glob@^7.1.0": - version "7.2.0" - resolved "https://registry.yarnpkg.com/@types/glob/-/glob-7.2.0.tgz#bc1b5bf3aa92f25bd5dd39f35c57361bdce5b2eb"; - integrity sha512-ZUxbzKl0IfJILTS6t7ip5fQQM/J3TJYubDm3nMbgubNNYS62eXeUpoLUC8/7fJNiFYHTrGPQn7hspDUzIHX3UA== - dependencies: - "@types/minimatch" "*" - "@types/node" "*" - "@types/http-cache-semantics@*": version "4.0.1" resolved "https://registry.yarnpkg.com/@types/http-cache-semantics/-/http-cache-semantics-4.0.1.tgz#0ea7b61496902b95890dc4c3a116b60cb8dae812"; @@ -59,11 +51,6 @@ dependencies: "@types/node" "*" -"@types/minimatch@*": - version "5.1.2" - resolved "https://registry.yarnpkg.com/@types/minimatch/-/minimatch-5.1.2.tgz#07508b45797cb81ec3f273011b054cd0755eddca"; - integrity sha512-K0VQKziLUWkVKiRVrx4a40iPaxTUefQmjtkQofBkYRcoaaL/8rhwDWww9qWbrgicNOgnpIsMxyNIUM4+n6dUIA== - "@types/minimatch@^3.0.5": version "3.0.5" resolved "https://registry.yarnpkg.com/@types/minimatch/-/minimatch-3.0.5.tgz#1001cc5e6a3704b83c236027e77f2f58ea010f40"; ++++++ vendor.tar.zst ++++++ ++++ 79341 lines of diff (skipped)
