0.6-4 Fix wrong file modification date when creating cab

2015-07-30 23:52:49 +02:00 · 2015-07-30 23:52:49 +02:00 · 52bd79b312
commit 52bd79b312
parent a27e14b823
3 changed files with 37 additions and 53 deletions
--- a/0001-Avoid-path-traversal.patch
+++ b/0001-Avoid-path-traversal.patch
@ -1,52 +0,0 @@
-From 0ccdf564b6a3e26522a8eb1858f1828844fa3536 Mon Sep 17 00:00:00 2001
-From: Stephen Kitt <steve@sk2.org>
-Date: Mon, 5 Jan 2015 06:28:00 +0000
-Subject: [PATCH] Avoid path traversal
-
-gcab suffers from a directory traversal bug: it doesn't filter leading
-slashes from paths in CAB files.
-(see https://bugs.debian.org/774580)
-
-The attached patch fixes this, at the cost of ugly paths when faced with
-relative traversals. At least all the CAB's contents can be extracted,
-without overwriting anything outside the extraction path.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=742331
---
- libgcab/gcab-folder.c | 18 +++++++++++++++++-
- 1 file changed, 17 insertions(+), 1 deletion(-)
-
-diff --git a/libgcab/gcab-folder.c b/libgcab/gcab-folder.c
-index a140e2c..9510cf3 100644
--- a/libgcab/gcab-folder.c
-+++ b/libgcab/gcab-folder.c
-@@ -362,9 +362,25 @@ gcab_folder_extract (GCabFolder *self,
-                 fname[i] = '/';
- 
-         GFile *gfile = g_file_resolve_relative_path (path, fname);
-        GFile *parent = g_file_get_parent (gfile);
-         g_free (fname);
- 
-+        if (!g_file_has_prefix (gfile, path)) {
-+            // "Rebase" the file in the given path, to ensure we never escape it
-+            char *rawpath = g_file_get_path (gfile);
-+            if (rawpath != NULL) {
-+                char *newpath = rawpath;
-+                while (*newpath != 0 && *newpath == G_DIR_SEPARATOR) {
-+                    newpath++;
-+                }
-+                GFile *newgfile = g_file_resolve_relative_path (path, newpath);
-+                g_free (rawpath);
-+                g_object_unref (gfile);
-+                gfile = newgfile;
-+            }
-+        }
-+
-+        GFile *parent = g_file_get_parent (gfile);
-+
-         if (!g_file_make_directory_with_parents (parent, cancellable, &my_error)) {
-             if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_EXISTS))
-                 g_clear_error (&my_error);
-- 
-2.1.0
-
--- a/0001-gcab-file-fix-wrong-file-modification-day.patch
+++ b/0001-gcab-file-fix-wrong-file-modification-day.patch
@ -0,0 +1,31 @@
+From 258e58715f404964a8417b2235431f565ae295e2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@gmail.com>
+Date: Thu, 30 Jul 2015 23:45:28 +0200
+Subject: [PATCH] gcab-file: fix wrong file modification day
+
+The day of the struct tm is not (0-30) but (1-31), no need to add +1!
+This fixes creation of cabinet file and MSI that Windows Installer
+rejects because of invalid date (29-02-2005 for ex).
+
+See bug:
+https://bugzilla.gnome.org/show_bug.cgi?id=753040
+---
+ libgcab/gcab-file.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libgcab/gcab-file.c b/libgcab/gcab-file.c
+index d97539d..b55fbb5 100644
+--- a/libgcab/gcab-file.c
+++ b/libgcab/gcab-file.c
+@@ -142,7 +142,7 @@ gcab_file_update_info (GCabFile *self, GFileInfo *info)
+     self->cfile.usize = g_file_info_get_size (info);
+     self->cfile.fattr = GCAB_FILE_ATTRIBUTE_ARCH;
+     self->cfile.date = ((m->tm_year + 1900 - 1980 ) << 9 ) +
+-        ((m->tm_mon+1) << 5 ) + (m->tm_mday+1);
+        ((m->tm_mon+1) << 5 ) + (m->tm_mday);
+     self->cfile.time = (m->tm_hour << 11) + (m->tm_min << 5) + (m->tm_sec / 2);
+ 
+     return TRUE;
+-- 
+2.4.3
+
--- a/gcab.spec
+++ b/gcab.spec
@ -1,12 +1,13 @@
 Name:           gcab
 Version:        0.6
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Cabinet file library and tool

 License:        LGPLv2+
 #VCS:           git:git://git.gnome.org/gcab
 URL:            http://ftp.gnome.org/pub/GNOME/sources/gcab
 Source0:        http://ftp.gnome.org/pub/GNOME/sources/gcab/%{version}/%{name}-%{version}.tar.xz
+Patch0:         0001-gcab-file-fix-wrong-file-modification-day.patch

 BuildRequires:  intltool
 BuildRequires:  vala-tools
@ -36,6 +37,7 @@ Libraries, includes, etc. to compile with the gcab library.

 %prep
 %setup -q
+%patch0 -p1

 %build
 # --enable-fast-install is needed to fix libtool "cannot relink `gcab'"
@ -73,6 +75,9 @@ rm -f %{buildroot}%{_libdir}/*.la
 %{_libdir}/pkgconfig/libgcab-1.0.pc

 %changelog
+* Thu Jul 30 2015 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6-4
+- Fix wrong file modification date when creating cab.
+
 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild