From 112040abc17fa65a2f4afeada8802f12239cbf28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@gmail.com>
Date: Tue, 6 Jan 2015 12:33:15 +0100
Subject: [PATCH] Avoid directory traversal CVE-2015-0552. rhbz#1179126

---
 gcab.spec | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/gcab.spec b/gcab.spec
index 9ec56ca..a60d4a2 100644
--- a/gcab.spec
+++ b/gcab.spec
@@ -1,12 +1,13 @@
 Name:           gcab
 Version:        0.4
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        Cabinet file library and tool
 
 License:        LGPLv2+
 #VCS:           git:git://git.gnome.org/gcab
 URL:            http://ftp.gnome.org/pub/GNOME/sources/gcab
 Source0:        http://ftp.gnome.org/pub/GNOME/sources/gcab/%{version}/%{name}-%{version}.tar.xz
+Patch0001:         0001-Avoid-path-traversal.patch
 
 BuildRequires:  intltool
 BuildRequires:  vala-tools
@@ -35,6 +36,7 @@ Libraries, includes, etc. to compile with the gcab library.
 
 %prep
 %setup -q
+%patch0001 -p1
 
 %build
 # --enable-fast-install is needed to fix libtool "cannot relink `gcab'"
@@ -72,6 +74,9 @@ rm -f %{buildroot}%{_libdir}/*.la
 %{_libdir}/pkgconfig/libgcab-1.0.pc
 
 %changelog
+* Tue Jan 06 2015 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.4-7
+- Avoid directory traversal CVE-2015-0552. rhbz#1179126
+
 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild