Hello community,
here is the log from the commit of package ghc-zip-archive for openSUSE:Factory
checked in at 2019-04-28 20:14:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-zip-archive (Old)
and /work/SRC/openSUSE:Factory/.ghc-zip-archive.new.5536 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-zip-archive"
Sun Apr 28 20:14:02 2019 rev:14 rq:698565 version:0.4.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/ghc-zip-archive/ghc-zip-archive.changes
2018-12-10 12:29:51.914435394 +0100
+++
/work/SRC/openSUSE:Factory/.ghc-zip-archive.new.5536/ghc-zip-archive.changes
2019-04-28 20:14:05.958394394 +0200
@@ -1,0 +2,14 @@
+Wed Apr 24 02:02:17 UTC 2019 - [email protected]
+
+- Update zip-archive to version 0.4.1.
+ zip-archive 0.4.1
+
+ * writEntry behavior change: Improve raising of UnsafePath error (#55).
+ Previously we raised this error spuriously when archives were unpacked
+ outside the working directory. Now we raise it if eRelativePath contains
+ ".." as a path component, or eRelativePath path is an absolute path and
+ there is no separate destination directory. (Note that `/foo/bar` is
fine
+ as a path as long as a destination directory, e.g. `/usr/local`, is
+ specified.)
+
+-------------------------------------------------------------------
Old:
----
zip-archive-0.4.tar.gz
New:
----
zip-archive-0.4.1.tar.gz
zip-archive.cabal
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ghc-zip-archive.spec ++++++
--- /var/tmp/diff_new_pack.dyKPzk/_old 2019-04-28 20:14:07.886393197 +0200
+++ /var/tmp/diff_new_pack.dyKPzk/_new 2019-04-28 20:14:07.886393197 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ghc-zip-archive
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,13 +19,14 @@
%global pkg_name zip-archive
%bcond_with tests
Name: ghc-%{pkg_name}
-Version: 0.4
+Version: 0.4.1
Release: 0
Summary: Library for creating and modifying zip archives
License: BSD-3-Clause
Group: Development/Libraries/Haskell
URL: https://hackage.haskell.org/package/%{pkg_name}
Source0:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
+Source1:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/revision/1.cabal#/%{pkg_name}.cabal
BuildRequires: ghc-Cabal-devel
BuildRequires: ghc-array-devel
BuildRequires: ghc-binary-devel
@@ -82,6 +83,7 @@
%prep
%setup -q -n %{pkg_name}-%{version}
+cp -p %{SOURCE1} %{pkg_name}.cabal
%build
%ghc_lib_build
++++++ zip-archive-0.4.tar.gz -> zip-archive-0.4.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/zip-archive-0.4/changelog
new/zip-archive-0.4.1/changelog
--- old/zip-archive-0.4/changelog 2018-12-04 01:24:06.000000000 +0100
+++ new/zip-archive-0.4.1/changelog 2019-04-23 08:10:30.000000000 +0200
@@ -1,3 +1,13 @@
+zip-archive 0.4.1
+
+ * writEntry behavior change: Improve raising of UnsafePath error (#55).
+ Previously we raised this error spuriously when archives were unpacked
+ outside the working directory. Now we raise it if eRelativePath contains
+ ".." as a path component, or eRelativePath path is an absolute path and
+ there is no separate destination directory. (Note that `/foo/bar` is fine
+ as a path as long as a destination directory, e.g. `/usr/local`, is
+ specified.)
+
zip-archive 0.4
* Implement read-only support for PKWARE encryption (Sergii Rudchenko).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/zip-archive-0.4/src/Codec/Archive/Zip.hs
new/zip-archive-0.4.1/src/Codec/Archive/Zip.hs
--- old/zip-archive-0.4/src/Codec/Archive/Zip.hs 2018-12-04
01:24:06.000000000 +0100
+++ new/zip-archive-0.4.1/src/Codec/Archive/Zip.hs 2019-04-23
08:10:30.000000000 +0200
@@ -77,15 +77,14 @@
import Data.Binary
import Data.Binary.Get
import Data.Binary.Put
-import Data.List (nub, find, intercalate, isPrefixOf, isInfixOf)
+import Data.List (nub, find, intercalate)
import Data.Data (Data)
import Data.Typeable (Typeable)
import Text.Printf
import System.FilePath
import System.Directory
(doesDirectoryExist, getDirectoryContents,
- createDirectoryIfMissing, getModificationTime, getCurrentDirectory,
- makeAbsolute)
+ createDirectoryIfMissing, getModificationTime)
import Control.Monad ( when, unless, zipWithM_ )
import qualified Control.Exception as E
import System.IO ( stderr, hPutStrLn )
@@ -350,14 +349,16 @@
writeEntry opts entry = do
when (isEncryptedEntry entry) $
E.throwIO $ CannotWriteEncryptedEntry (eRelativePath entry)
- let path = case [d | OptDestination d <- opts] of
- (x:_) -> x </> eRelativePath entry
- _ -> eRelativePath entry
- absPath <- makeAbsolute path
- curDir <- getCurrentDirectory
- let isUnsafePath = ".." `isInfixOf` absPath ||
- not (curDir `isPrefixOf` absPath)
- when isUnsafePath $ E.throwIO $ UnsafePath path
+ let relpath = eRelativePath entry
+ let isUnsafePath = ".." `elem` splitDirectories relpath
+ when isUnsafePath $
+ E.throwIO $ UnsafePath relpath
+ path <- case [d | OptDestination d <- opts] of
+ (x:_) -> return (x </> relpath)
+ _ | isAbsolute relpath
+ -> E.throwIO $ UnsafePath relpath
+ | otherwise
+ -> return relpath
-- create directories if needed
let dir = takeDirectory path
exists <- doesDirectoryExist dir
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/zip-archive-0.4/zip-archive.cabal
new/zip-archive-0.4.1/zip-archive.cabal
--- old/zip-archive-0.4/zip-archive.cabal 2018-12-04 01:24:06.000000000
+0100
+++ new/zip-archive-0.4.1/zip-archive.cabal 2019-04-23 08:10:30.000000000
+0200
@@ -1,5 +1,5 @@
Name: zip-archive
-Version: 0.4
+Version: 0.4.1
Cabal-Version: 2.0
Build-type: Simple
Synopsis: Library for creating and modifying zip archives.
++++++ zip-archive.cabal ++++++
Name: zip-archive
Version: 0.4.1
x-revision: 1
Cabal-Version: 2.0
Build-type: Simple
Synopsis: Library for creating and modifying zip archives.
Description:
The zip-archive library provides functions for creating, modifying, and
extracting files from zip archives. The zip archive format is
documented in <http://www.pkware.com/documents/casestudies/APPNOTE.TXT>.
.
Certain simplifying assumptions are made about the zip archives: in
particular, there is no support for strong encryption, zip files that
span multiple disks, ZIP64, OS-specific file attributes, or compression
methods other than Deflate. However, the library should be able to read
the most common zip archives, and the archives it produces should be
readable by all standard unzip programs.
.
Archives are built and extracted in memory, so manipulating large zip
files will consume a lot of memory. If you work with large zip files or
need features not supported by this library, a better choice may be
<http://hackage.haskell.org/package/zip zip>, which uses a
memory-efficient streaming approach. However, zip can only read and
write archives inside instances of MonadIO, so zip-archive is a better
choice if you want to manipulate zip archives in "pure" contexts.
.
As an example of the use of the library, a standalone zip archiver and
extracter is provided in the source distribution.
Category: Codec
Tested-with: GHC == 7.8.2, GHC == 7.10.3, GHC == 8.0.2,
GHC == 8.2.2, GHC == 8.4.3, GHC == 8.6.1
License: BSD3
License-file: LICENSE
Homepage: http://github.com/jgm/zip-archive
Author: John MacFarlane
Maintainer: [email protected]
Extra-Source-Files: changelog
README.markdown
tests/test4.zip
tests/test4/a.txt
tests/test4/b.bin
"tests/test4/c/with spaces.txt"
tests/zip_with_symlinks.zip
tests/zip_with_password.zip
tests/zip_with_evil_path.zip
Source-repository head
type: git
location: git://github.com/jgm/zip-archive.git
flag executable
Description: Build the Zip executable.
Default: False
Library
Build-depends: base >= 4.5 && < 5,
pretty,
containers,
binary >= 0.6,
zlib,
filepath,
bytestring >= 0.10.0,
array,
mtl,
text >= 0.11,
digest >= 0.0.0.1,
directory >= 1.2.0,
time
Exposed-modules: Codec.Archive.Zip
Default-Language: Haskell98
Hs-Source-Dirs: src
Ghc-Options: -Wall
if os(windows)
cpp-options: -D_WINDOWS
else
Build-depends: unix
Executable zip-archive
if flag(executable)
Buildable: True
else
Buildable: False
Main-is: Main.hs
Hs-Source-Dirs: .
Build-Depends: base >= 4.2 && < 5,
directory >= 1.1,
bytestring >= 0.9.0,
zip-archive
Other-Modules: Paths_zip_archive
Autogen-Modules: Paths_zip_archive
Ghc-Options: -Wall
Default-Language: Haskell98
Test-Suite test-zip-archive
Type: exitcode-stdio-1.0
Main-Is: test-zip-archive.hs
Hs-Source-Dirs: tests
Build-Depends: base >= 4.2 && < 5,
directory >= 1.3, bytestring >= 0.9.0, process, time,
HUnit, zip-archive, temporary, filepath
Default-Language: Haskell98
Ghc-Options: -Wall
if os(windows)
cpp-options: -D_WINDOWS
else
Build-depends: unix
build-tools: unzip
