From 21809fd338030dadf0826467e9b260917ab16270 Mon Sep 17 00:00:00 2001 From: James Antill Date: Thu, 26 May 2022 07:42:57 -0400 Subject: [PATCH] Auto sync2gitlab import of gnome-autoar-0.2.3-2.el8.src.rpm --- .gitignore | 1 + EMPTY | 1 - ...Detect-conflict-also-for-directories.patch | 70 ++++++++++ ...ctor-Do-not-allow-symlink-in-parents.patch | 126 ++++++++++++++++++ ...-follow-symlinks-when-detecting-conf.patch | 27 ++++ gnome-autoar.spec | 114 ++++++++++++++++ sources | 1 + 7 files changed, 339 insertions(+), 1 deletion(-) create mode 100644 .gitignore delete mode 100644 EMPTY create mode 100644 extractor-Detect-conflict-also-for-directories.patch create mode 100644 extractor-Do-not-allow-symlink-in-parents.patch create mode 100644 extractor-Do-not-follow-symlinks-when-detecting-conf.patch create mode 100644 gnome-autoar.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f07667c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/gnome-autoar-0.2.3.tar.xz diff --git a/EMPTY b/EMPTY deleted file mode 100644 index 0519ecb..0000000 --- a/EMPTY +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/extractor-Detect-conflict-also-for-directories.patch b/extractor-Detect-conflict-also-for-directories.patch new file mode 100644 index 0000000..fc24527 --- /dev/null +++ b/extractor-Detect-conflict-also-for-directories.patch @@ -0,0 +1,70 @@ +From 2c7a42b63913c05326cb66253960517ea0343c6a Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Thu, 25 Feb 2021 14:10:26 +0100 +Subject: [PATCH] extractor: Detect conflict also for directories + +Current logic doesn't detect conflics when extracting directory. This +is ok, but only for the case when the conflic is caused by directory. +Otherwise, the conflic should be detected and AutoarExtractor should +try to delete the file before creating new directory. +--- + gnome-autoar/autoar-extractor.c | 27 ++++++++------------------- + 1 file changed, 8 insertions(+), 19 deletions(-) + +diff --git a/gnome-autoar/autoar-extractor.c b/gnome-autoar/autoar-extractor.c +index f1f49cf..376c864 100644 +--- a/gnome-autoar/autoar-extractor.c ++++ b/gnome-autoar/autoar-extractor.c +@@ -897,7 +897,6 @@ autoar_extractor_check_file_conflict (GFile *file, + mode_t extracted_filetype) + { + GFileType file_type; +- gboolean conflict = FALSE; + + file_type = g_file_query_file_type (file, + G_FILE_QUERY_INFO_NONE, +@@ -907,26 +906,13 @@ autoar_extractor_check_file_conflict (GFile *file, + return FALSE; + } + +- switch (extracted_filetype) { +- case AE_IFDIR: +- break; +- case AE_IFREG: +- case AE_IFLNK: +-#if defined HAVE_MKFIFO || defined HAVE_MKNOD +- case AE_IFIFO: +-#endif +-#ifdef HAVE_MKNOD +- case AE_IFSOCK: +- case AE_IFBLK: +- case AE_IFCHR: +-#endif +- conflict = TRUE; +- break; +- default: +- break; ++ /* It is not problem if the directory already exists */ ++ if (file_type == G_FILE_TYPE_DIRECTORY && ++ extracted_filetype == AE_IFDIR) { ++ return FALSE; + } + +- return conflict; ++ return TRUE; + } + + static void +@@ -1850,6 +1836,9 @@ autoar_extractor_step_extract (AutoarExtractor *self) { + case AUTOAR_CONFLICT_OVERWRITE: + break; + case AUTOAR_CONFLICT_CHANGE_DESTINATION: ++ /* FIXME: If the destination is changed for directory, it should be ++ * changed also for its children... ++ */ + g_assert_nonnull (new_extracted_filename); + g_clear_object (&extracted_filename); + extracted_filename = new_extracted_filename; +-- +2.31.1 + diff --git a/extractor-Do-not-allow-symlink-in-parents.patch b/extractor-Do-not-allow-symlink-in-parents.patch new file mode 100644 index 0000000..facc6df --- /dev/null +++ b/extractor-Do-not-allow-symlink-in-parents.patch @@ -0,0 +1,126 @@ +From 3e7b4aca4b0afe9fb1b1160bd26f791d7a636980 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Mon, 1 Mar 2021 17:16:27 +0100 +Subject: [PATCH] extractor: Do not allow symlink in parents + +Currently, it is still possible that some files are extracted outside of +the destination dir in case of malicious archives. The checks from commit +adb067e6 can be still bypassed in certain cases. See GNOME/file-roller#108 +for more details. After some investigation, I am convinced that it would be +best to simply disallow symlinks in parents. For example, `tar` fails to +extract such files with the `ENOTDIR` error. Let's do the same here. + +Fixes: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/12 +--- + gnome-autoar/autoar-extractor.c | 59 +++++++++++++++++++++++++-------- + 1 file changed, 46 insertions(+), 13 deletions(-) + +diff --git a/gnome-autoar/autoar-extractor.c b/gnome-autoar/autoar-extractor.c +index ce6e6e9..79a7278 100644 +--- a/gnome-autoar/autoar-extractor.c ++++ b/gnome-autoar/autoar-extractor.c +@@ -892,27 +892,42 @@ autoar_extractor_do_sanitize_pathname (AutoarExtractor *self, + return extracted_filename; + } + +-static gboolean +-autoar_extractor_check_file_conflict (GFile *file, ++/* The function checks @file for conflicts with already existing files on the ++ * disk. It also recursively checks parents of @file to be sure it is directory. ++ * It doesn't follow symlinks, so symlinks in parents are also considered as ++ * conflicts even though they point to directory. It returns #GFile object for ++ * the file, which cause the conflict (so @file, or some of its parents). If ++ * there aren't any conflicts, NULL is returned. ++ */ ++static GFile * ++autoar_extractor_check_file_conflict (AutoarExtractor *self, ++ GFile *file, + mode_t extracted_filetype) + { + GFileType file_type; ++ g_autoptr (GFile) parent = NULL; + + file_type = g_file_query_file_type (file, + G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, + NULL); +- /* If there is no file with the given name, there will be no conflict */ +- if (file_type == G_FILE_TYPE_UNKNOWN) { +- return FALSE; ++ ++ /* It is a conflict if the file already exists with an exception for already ++ * existing directories. ++ */ ++ if (file_type != G_FILE_TYPE_UNKNOWN && ++ (file_type != G_FILE_TYPE_DIRECTORY || ++ extracted_filetype != AE_IFDIR)) { ++ return g_object_ref (file); + } + +- /* It is not problem if the directory already exists */ +- if (file_type == G_FILE_TYPE_DIRECTORY && +- extracted_filetype == AE_IFDIR) { +- return FALSE; ++ if ((self->new_prefix && g_file_equal (self->new_prefix, file)) || ++ (!self->new_prefix && g_file_equal (self->destination_dir, file))) { ++ return NULL; + } + +- return TRUE; ++ /* Check also parents for conflict to be sure it is directory. */ ++ parent = g_file_get_parent (file); ++ return autoar_extractor_check_file_conflict (self, parent, AE_IFDIR); + } + + static void +@@ -1804,7 +1819,7 @@ autoar_extractor_step_extract (AutoarExtractor *self) { + g_autoptr (GFile) extracted_filename = NULL; + g_autoptr (GFile) hardlink_filename = NULL; + AutoarConflictAction action; +- gboolean file_conflict; ++ g_autoptr (GFile) file_conflict = NULL; + + if (g_cancellable_is_cancelled (self->cancellable)) { + archive_read_free (a); +@@ -1823,11 +1838,27 @@ autoar_extractor_step_extract (AutoarExtractor *self) { + } + + /* Attempt to solve any name conflict before doing any operations */ +- file_conflict = autoar_extractor_check_file_conflict (extracted_filename, ++ file_conflict = autoar_extractor_check_file_conflict (self, ++ extracted_filename, + archive_entry_filetype (entry)); + while (file_conflict) { + GFile *new_extracted_filename = NULL; + ++ /* Do not try to solve any conflicts in parents for now. Especially ++ * symlinks in parents are dangerous as it can easily happen that files ++ * are written outside of the destination. The tar cmd fails to extract ++ * such archives with ENOTDIR. Let's do the same here. This is most ++ * probably malicious, or corrupted archive if the conflict was caused ++ * only by files from the archive... ++ */ ++ if (!g_file_equal (file_conflict, extracted_filename)) { ++ self->error = g_error_new (G_IO_ERROR, ++ G_IO_ERROR_NOT_DIRECTORY, ++ "The file is not a directory"); ++ archive_read_free (a); ++ return; ++ } ++ + action = autoar_extractor_signal_conflict (self, + extracted_filename, + &new_extracted_filename); +@@ -1855,7 +1886,9 @@ autoar_extractor_step_extract (AutoarExtractor *self) { + break; + } + +- file_conflict = autoar_extractor_check_file_conflict (extracted_filename, ++ g_clear_object (&file_conflict); ++ file_conflict = autoar_extractor_check_file_conflict (self, ++ extracted_filename, + archive_entry_filetype (entry)); + } + +-- +2.31.1 + diff --git a/extractor-Do-not-follow-symlinks-when-detecting-conf.patch b/extractor-Do-not-follow-symlinks-when-detecting-conf.patch new file mode 100644 index 0000000..3464e28 --- /dev/null +++ b/extractor-Do-not-follow-symlinks-when-detecting-conf.patch @@ -0,0 +1,27 @@ +From c726022a46d780c0cf305788b8126f45704ef462 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Mon, 1 Mar 2021 10:13:17 +0100 +Subject: [PATCH] extractor: Do not follow symlinks when detecting conflicts + +Currently, symlinks are followed when detecting conflicts. But this +is not desired as the original file caused the conflict, not its target. +--- + gnome-autoar/autoar-extractor.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gnome-autoar/autoar-extractor.c b/gnome-autoar/autoar-extractor.c +index 376c864..ce6e6e9 100644 +--- a/gnome-autoar/autoar-extractor.c ++++ b/gnome-autoar/autoar-extractor.c +@@ -899,7 +899,7 @@ autoar_extractor_check_file_conflict (GFile *file, + GFileType file_type; + + file_type = g_file_query_file_type (file, +- G_FILE_QUERY_INFO_NONE, ++ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, + NULL); + /* If there is no file with the given name, there will be no conflict */ + if (file_type == G_FILE_TYPE_UNKNOWN) { +-- +2.31.1 + diff --git a/gnome-autoar.spec b/gnome-autoar.spec new file mode 100644 index 0000000..83cb062 --- /dev/null +++ b/gnome-autoar.spec @@ -0,0 +1,114 @@ +Name: gnome-autoar +Version: 0.2.3 +Release: 2%{?dist} +Summary: Archive library + +License: LGPLv2+ +URL: https://git.gnome.org/browse/gnome-autoar +Source0: https://download.gnome.org/sources/gnome-autoar/0.2/gnome-autoar-%{version}.tar.xz + +Patch0: extractor-Detect-conflict-also-for-directories.patch +Patch1: extractor-Do-not-follow-symlinks-when-detecting-conf.patch +Patch2: extractor-Do-not-allow-symlink-in-parents.patch + +BuildRequires: gcc +BuildRequires: pkgconfig(gio-2.0) +BuildRequires: pkgconfig(glib-2.0) +BuildRequires: pkgconfig(gobject-2.0) +BuildRequires: pkgconfig(gobject-introspection-1.0) +BuildRequires: pkgconfig(gtk+-3.0) +BuildRequires: pkgconfig(libarchive) +BuildRequires: vala + +%description +gnome-autoar is a GObject based library for handling archives. + + +%package devel +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + + +%prep +%autosetup -p1 + + +%build +%configure --disable-static +%make_build + + +%install +%make_install +find $RPM_BUILD_ROOT -name '*.la' -delete + + +%check +make check + + +%files +%license COPYING +%dir %{_libdir}/girepository-1.0 +%{_libdir}/girepository-1.0/GnomeAutoar-0.1.typelib +%{_libdir}/girepository-1.0/GnomeAutoarGtk-0.1.typelib +%{_libdir}/libgnome-autoar-0.so.0* +%{_libdir}/libgnome-autoar-gtk-0.so.0* + +%files devel +%{_includedir}/gnome-autoar-0/ +%{_libdir}/pkgconfig/gnome-autoar-0.pc +%{_libdir}/pkgconfig/gnome-autoar-gtk-0.pc +%{_libdir}/*.so +%dir %{_datadir}/gir-1.0 +%{_datadir}/gir-1.0/GnomeAutoar-0.1.gir +%{_datadir}/gir-1.0/GnomeAutoarGtk-0.1.gir +%{_datadir}/gtk-doc/ +%dir %{_datadir}/vala +%dir %{_datadir}/vala/vapi +%{_datadir}/vala/vapi/gnome-autoar-0.vapi +%{_datadir}/vala/vapi/gnome-autoar-gtk-0.vapi + + +%changelog +* Thu Apr 29 2021 Ondrej Holy - 0.2.3-2 +- CVE-2020-36241, CVE-2021-28650: Do not allow symlink in parents (rhbz#1928701) + +* Sat Mar 03 2018 Kalev Lember - 0.2.3-1 +- Update to 0.2.3 +- Drop ldconfig scriptlets + +* Wed Feb 07 2018 Fedora Release Engineering - 0.2.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Feb 03 2018 Igor Gnatenko - 0.2.2-4 +- Switch to %%ldconfig_scriptlets + +* Wed Aug 02 2017 Fedora Release Engineering - 0.2.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Mar 21 2017 Kalev Lember - 0.2.2-1 +- Update to 0.2.2 + +* Fri Mar 03 2017 Kalev Lember - 0.2.1-1 +- Update to 0.2.1 + +* Fri Feb 24 2017 Kalev Lember - 0.2.0-1 +- Update to 0.2.0 +- Build with vala support + +* Fri Feb 10 2017 Fedora Release Engineering - 0.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sat Sep 03 2016 Kalev Lember - 0.1.1-1 +- Update to 0.1.1 + +* Fri Sep 02 2016 Kalev Lember - 0.1.0-1 +- Initial Fedora build diff --git a/sources b/sources new file mode 100644 index 0000000..2e76870 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (gnome-autoar-0.2.3.tar.xz) = f87299817c52e7862a6c1cc950b1c362db8e7465e008d988e70245a203c728a9179400aac8601c399abe361e5a1ac4558b1190641ad3afa7224f883546fae7bc