Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package gcab for openSUSE:Factory checked in
at 2023-09-10 13:09:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gcab (Old)
and /work/SRC/openSUSE:Factory/.gcab.new.1766 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gcab"
Sun Sep 10 13:09:53 2023 rev:17 rq:1109869 version:1.6
Changes:
--------
--- /work/SRC/openSUSE:Factory/gcab/gcab.changes 2022-08-07
18:33:52.813144206 +0200
+++ /work/SRC/openSUSE:Factory/.gcab.new.1766/gcab.changes 2023-09-10
13:10:26.587010719 +0200
@@ -1,0 +2,10 @@
+Wed Jul 5 07:49:15 UTC 2023 - Bjørn Lie <bjorn....@gmail.com>
+
+- Update to version 1.6:
+ + New Features: Allow specifying the allowed compression formats
+ at runtime. This would allow us, for example, to disable the
+ slightly scary LZX compression format when parsing unknown
+ files.
+ + Bugfixes: Do not require git when building from a tarball.
+
+-------------------------------------------------------------------
Old:
----
gcab-1.5.tar.xz
New:
----
gcab-1.6.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gcab.spec ++++++
--- /var/tmp/diff_new_pack.FN6AXL/_old 2023-09-10 13:10:27.583046304 +0200
+++ /var/tmp/diff_new_pack.FN6AXL/_new 2023-09-10 13:10:27.587046447 +0200
@@ -1,7 +1,7 @@
#
# spec file for package gcab
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: gcab
-Version: 1.5
+Version: 1.6
Release: 0
Summary: Cabinet file library and tool
License: LGPL-2.1-or-later
++++++ gcab-1.5.tar.xz -> gcab-1.6.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gcab-1.5/NEWS new/gcab-1.6/NEWS
--- old/gcab-1.5/NEWS 2022-08-05 08:58:25.000000000 +0200
+++ new/gcab-1.6/NEWS 2023-07-05 00:51:50.000000000 +0200
@@ -1,3 +1,15 @@
+v1.6
+====
+
+New Features:
+ - Allow specifying the allowed compression formats at runtime (!15)
+
+ This would allow us, for example, to disable the slightly scary LZX
compression
+ format when parsing unknown files.
+
+Bugfixes:
+ - Do not require git when building from a tarball
+
v1.5
====
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gcab-1.5/libgcab/gcab-cabinet.c
new/gcab-1.6/libgcab/gcab-cabinet.c
--- old/gcab-1.5/libgcab/gcab-cabinet.c 2022-08-05 08:58:25.000000000 +0200
+++ new/gcab-1.6/libgcab/gcab-cabinet.c 2023-07-05 00:51:50.000000000 +0200
@@ -44,6 +44,7 @@
cheader_t *cheader;
GByteArray *signature;
GInputStream *stream;
+ guint8 allowed_compression;
};
enum {
@@ -64,6 +65,7 @@
static void
gcab_cabinet_init (GCabCabinet *self)
{
+ self->allowed_compression = GCAB_COMPRESSION_MASK;
self->folders = g_ptr_array_new_with_free_func (g_object_unref);
}
@@ -416,6 +418,41 @@
return g_object_new (GCAB_TYPE_CABINET, NULL);
}
+static gboolean
+gcab_cabinet_is_compression_allowed(GCabCabinet *self, GCabCompression
compression)
+{
+ /* for the fuzzing self tests */
+ if (self->allowed_compression == 0)
+ return TRUE;
+ return (self->allowed_compression & (1ull << compression)) > 0;
+}
+
+/**
+ * gcab_cabinet_add_allowed_compression:
+ * @cabinet: a #GCabCabinet
+ * @compression: a #GCabCompression kind, e.g. %GCAB_COMPRESSION_MSZIP
+ *
+ * Adds a compression kind to the allow-list. By default, GCab will use all
decompression support
+ * compiled in at build time. Once this function has been called only specific
compression kinds
+ * will be used in functions like gcab_cabinet_load().
+ *
+ * Since: 1.6
+ **/
+void
+gcab_cabinet_add_allowed_compression (GCabCabinet *self, GCabCompression
compression)
+{
+ g_return_if_fail (GCAB_IS_CABINET (self));
+ g_return_if_fail (compression < GCAB_COMPRESSION_MASK);
+
+ /* clear all */
+ if (self->allowed_compression == GCAB_COMPRESSION_MASK)
+ self->allowed_compression = 0x0;
+
+ /* enable this */
+ if (g_getenv ("GCAB_SKIP_COMPRESSION_CHECK") == NULL)
+ self->allowed_compression |= 1ull << compression;
+}
+
/**
* gcab_cabinet_load:
* @cabinet: a #GCabCabinet
@@ -460,9 +497,20 @@
for (guint i = 0; i < cheader->nfolders; i++) {
g_autoptr(cfolder_t) cfolder = g_new0 (cfolder_t, 1);
g_autoptr(GByteArray) blob = NULL;
+
if (!cfolder_read (cfolder, cheader->res_folder, in, cancellable,
error))
return FALSE;
+ /* only allow some compression types at runtime */
+ if (!gcab_cabinet_is_compression_allowed (self, cfolder->typecomp)) {
+ g_set_error (error,
+ GCAB_ERROR,
+ GCAB_ERROR_NOT_SUPPORTED,
+ "compression kind 0x%x not allowed",
+ cfolder->typecomp);
+ return FALSE;
+ }
+
/* steal this inelegantly */
if (cfolder->reserved != NULL) {
blob = g_byte_array_new_take (cfolder->reserved,
cheader->res_folder);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gcab-1.5/libgcab/gcab-cabinet.h
new/gcab-1.6/libgcab/gcab-cabinet.h
--- old/gcab-1.5/libgcab/gcab-cabinet.h 2022-08-05 08:58:25.000000000 +0200
+++ new/gcab-1.6/libgcab/gcab-cabinet.h 2023-07-05 00:51:50.000000000 +0200
@@ -64,6 +64,8 @@
} GCabError;
GCabCabinet * gcab_cabinet_new (void);
+void gcab_cabinet_add_allowed_compression (GCabCabinet *self,
+ GCabCompression compression);
gboolean gcab_cabinet_load (GCabCabinet *cabinet,
GInputStream *stream,
GCancellable *cancellable,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gcab-1.5/libgcab/libgcab.syms
new/gcab-1.6/libgcab/libgcab.syms
--- old/gcab-1.5/libgcab/libgcab.syms 2022-08-05 08:58:25.000000000 +0200
+++ new/gcab-1.6/libgcab/libgcab.syms 2023-07-05 00:51:50.000000000 +0200
@@ -60,3 +60,7 @@
LIBGCAB1_1.5 {
gcab_file_set_bytes;
} LIBGCAB1_1.4;
+
+LIBGCAB1_1.6 {
+ gcab_cabinet_add_allowed_compression;
+} LIBGCAB1_1.5;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gcab-1.5/meson.build new/gcab-1.6/meson.build
--- old/gcab-1.5/meson.build 2022-08-05 08:58:25.000000000 +0200
+++ new/gcab-1.6/meson.build 2023-07-05 00:51:50.000000000 +0200
@@ -1,5 +1,5 @@
project('gcab', 'c',
- version : '1.5',
+ version : '1.6',
license : 'LGPL-2.1+',
meson_version : '>=0.50.0',
default_options : ['warning_level=2', 'c_std=c99'],
@@ -8,13 +8,13 @@
git_version = []
git = find_program('git', required: false)
if git.found()
- git_version = run_command(git, 'describe', '--abbrev=4', '--dirty', check:
true).stdout().strip().split('-')
+ git_version = run_command(git, 'describe', '--abbrev=4', '--dirty', check:
false).stdout().strip().split('-')
endif
# libtool versioning
-lt_current = 2
+lt_current = 3
lt_revision = 0
-lt_age = 2
+lt_age = 3
lt_version = '@0@.@1@.@2@'.format(lt_current - lt_age, lt_age, lt_revision)
darwin_versions = [lt_current + 1, '@0@.@1@.0'.format(lt_current + 1,
lt_revision)]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gcab-1.5/po/fur.po new/gcab-1.6/po/fur.po
--- old/gcab-1.5/po/fur.po 2022-08-05 08:58:25.000000000 +0200
+++ new/gcab-1.6/po/fur.po 2023-07-05 00:51:50.000000000 +0200
@@ -7,14 +7,15 @@
msgstr ""
"Project-Id-Version: gcab master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/gcab/issues\n";
-"POT-Creation-Date: 2018-06-10 16:11+0000\n"
-"PO-Revision-Date: 2019-03-06 09:13+0100\n"
-"Last-Translator: Fabio Tomat <f.t.pub...@gmail.com>\n"
-"Language-Team: Friulian <f...@li.org>\n"
+"POT-Creation-Date: 2022-07-28 06:59+0000\n"
+"PO-Revision-Date: 2023-01-11 20:42+0000\n"
+"Last-Translator: Fabio T. <f.t.pub...@gmail.com>\n"
+"Language-Team: Friulian <f.t.pub...@gmail.com>\n"
"Language: fur\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Editor: HaiPO 1.4 beta\n"
"X-Generator: Poedit 2.2.1\n"
#: src/gcab.c:82
@@ -67,7 +68,8 @@
#: src/gcab.c:124
msgid "Reserve space in cabinet for signing (e.g. -s 6144 reserves 6K bytes)"
-msgstr "Riserve spazi tal archivi cabinet pe firme (p.e. -s 6144 al riserve 6K
byte)"
+msgstr ""
+"Riserve spazi tal archivi cabinet pe firme (p.e. -s 6144 al riserve 6K byte)"
#: src/gcab.c:125
msgid "FILE INPUT_FILES..."
@@ -109,35 +111,39 @@
msgid "Error reading"
msgstr "Erôr tal lei"
-#: src/gcab.c:220
+#: src/gcab.c:206
+msgid "<unknown-date>"
+msgstr "<date-no-cognossude>"
+
+#: src/gcab.c:219
msgid "Error during extraction"
msgstr "Erôr dilunc la estrazion"
-#: src/gcab.c:235
+#: src/gcab.c:234
msgid "Error while reading signature"
msgstr "Erôr inte leture de firme"
-#: src/gcab.c:247
+#: src/gcab.c:246
msgid "No input files specified"
msgstr "Nissun file di input specificât"
-#: src/gcab.c:266
+#: src/gcab.c:265
msgid "Cannot add file"
msgstr "Impussibil zontâ il file"
-#: src/gcab.c:272
+#: src/gcab.c:271
msgid "No files to be archived"
msgstr "Nissun file di archiviâ"
-#: src/gcab.c:280
+#: src/gcab.c:279
msgid "Cannot create cab file"
msgstr "Impussibil creâ il file cab"
-#: src/gcab.c:286
+#: src/gcab.c:285
msgid "Cannot add folder to cab file"
msgstr "Impussibil zontâ la cartele sul file cab"
-#: src/gcab.c:296
+#: src/gcab.c:295
msgid "Cannot write cab file"
msgstr "Impussibil scrivi il file cab"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gcab-1.5/po/tr.po new/gcab-1.6/po/tr.po
--- old/gcab-1.5/po/tr.po 2022-08-05 08:58:25.000000000 +0200
+++ new/gcab-1.6/po/tr.po 2023-07-05 00:51:50.000000000 +0200
@@ -9,7 +9,7 @@
msgstr ""
"Project-Id-Version: gcab master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/gcab/issues\n";
-"POT-Creation-Date: 2022-04-13 12:09+0000\n"
+"POT-Creation-Date: 2022-07-28 06:59+0000\n"
"PO-Revision-Date: 2019-01-09 12:52+0200\n"
"Last-Translator: Sabri Ãnal <libreaj...@gmail.com>\n"
"Language-Team: Türkçe <gnome-t...@gnome.org>\n"
@@ -148,18 +148,3 @@
#: src/gcab.c:295
msgid "Cannot write cab file"
msgstr "Cab dosyası yazılamıyor"
-
-#~ msgid "Removing leading '%s' from member names"
-#~ msgstr "Ãye adlarının baÅındaki '%s' siliniyor"
-
-#~ msgid "can't write file %s: %s"
-#~ msgstr "%s dosyası yazılamıyor: %s"
-
-#~ msgid "please specify input files."
-#~ msgstr "Lütfen girdi dosyalarını belirtin."
-
-#~ msgid "unsupported compression method %d"
-#~ msgstr "desteklenmeyen sıkıÅtırma yöntemi %d"
-
-#~ msgid "incorrect checksum detected"
-#~ msgstr "hatalı saÄlama toplamı saptandı"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gcab-1.5/tests/gcab-self-test.c
new/gcab-1.6/tests/gcab-self-test.c
--- old/gcab-1.5/tests/gcab-self-test.c 2022-08-05 08:58:25.000000000 +0200
+++ new/gcab-1.6/tests/gcab-self-test.c 2023-07-05 00:51:50.000000000 +0200
@@ -420,6 +420,7 @@
"CVE-2015-4471.cab",
NULL };
(void)g_setenv ("GCAB_SKIP_CHECKSUM", "1", TRUE);
+ (void)g_setenv ("GCAB_SKIP_COMPRESSION_CHECK", "1", TRUE);
for (guint i = 0; tests[i] != NULL; i++) {
gboolean ret;
g_autofree gchar *fn = NULL;
@@ -438,6 +439,7 @@
g_assert_no_error (error);
g_assert (in != NULL);
cabinet = gcab_cabinet_new ();
+ gcab_cabinet_add_allowed_compression (cabinet, GCAB_COMPRESSION_NONE);
ret = gcab_cabinet_load (cabinet, in, NULL, &error);
g_assert_no_error (error);
g_assert (ret);
@@ -447,6 +449,44 @@
g_assert (!ret);
}
g_unsetenv ("GCAB_SKIP_CHECKSUM");
+ g_unsetenv ("GCAB_SKIP_COMPRESSION_CHECK");
+}
+
+static void
+gcab_test_cabinet_allowed_compression_func (void)
+{
+ gboolean ret;
+ g_autofree gchar *fn = NULL;
+ g_autoptr(GCabCabinet) cabinet = NULL;
+ g_autoptr(GError) error = NULL;
+ g_autoptr(GFile) file = NULL;
+ g_autoptr(GInputStream) in = NULL;
+
+ /* load file */
+ fn = gcab_test_get_filename ("test-mszip.cab");
+ g_assert (fn != NULL);
+ file = g_file_new_for_path (fn);
+ in = G_INPUT_STREAM (g_file_read (file, NULL, &error));
+ g_assert_no_error (error);
+ g_assert (in != NULL);
+
+ /* add the one it is not for a failure */
+ cabinet = gcab_cabinet_new ();
+ gcab_cabinet_add_allowed_compression (cabinet, GCAB_COMPRESSION_LZX);
+ ret = gcab_cabinet_load (cabinet, in, NULL, &error);
+ g_assert_error (error, GCAB_ERROR, GCAB_ERROR_NOT_SUPPORTED);
+ g_assert_false (ret);
+ g_clear_error (&error);
+ g_clear_object (&in);
+
+ /* add the correct one and try again */
+ in = G_INPUT_STREAM (g_file_read (file, NULL, &error));
+ g_assert_no_error (error);
+ g_assert (in != NULL);
+ gcab_cabinet_add_allowed_compression (cabinet, GCAB_COMPRESSION_MSZIP);
+ ret = gcab_cabinet_load (cabinet, in, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (ret);
}
static void
@@ -468,6 +508,7 @@
g_assert_no_error (error);
g_assert (in != NULL);
cabinet = gcab_cabinet_new ();
+ gcab_cabinet_add_allowed_compression (cabinet, GCAB_COMPRESSION_NONE);
ret = gcab_cabinet_load (cabinet, in, NULL, &error);
g_assert_no_error (error);
g_assert (ret);
@@ -587,5 +628,6 @@
g_test_add_func ("/GCab/cabinet{write}", gcab_test_cabinet_write_func);
g_test_add_func ("/GCab/cabinet{blob}", gcab_test_cabinet_blob_func);
g_test_add_func ("/GCab/cabinet{signature}",
gcab_test_cabinet_signature_func);
+ g_test_add_func ("/GCab/cabinet{allowed-compression}",
gcab_test_cabinet_allowed_compression_func);
return g_test_run ();
}
