diff --git a/0001-Never-include-in-attribute-values.patch b/0001-Never-include-in-attribute-values.patch new file mode 100644 index 0000000..b4edda3 --- /dev/null +++ b/0001-Never-include-in-attribute-values.patch @@ -0,0 +1,61 @@ +From 6048520484101df5d33f3c852c10640e630d20cf Mon Sep 17 00:00:00 2001 +From: Richard Hughes +Date: Tue, 30 Jan 2018 23:03:59 +0000 +Subject: [PATCH] Never include '&' in attribute values + +Fixes: https://github.com/hughsie/lvfs-website/issues/33 +--- + libappstream-glib/as-node.c | 7 ++++++- + libappstream-glib/as-self-test.c | 6 +++--- + 2 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/libappstream-glib/as-node.c b/libappstream-glib/as-node.c +index f8199a9..945c465 100644 +--- a/libappstream-glib/as-node.c ++++ b/libappstream-glib/as-node.c +@@ -327,12 +327,17 @@ as_node_get_attr_string (AsNodeData *data) + + str = g_string_new (""); + for (l = data->attrs; l != NULL; l = l->next) { ++ g_autoptr(GString) value_safe = NULL; + attr = l->data; + if (g_strcmp0 (attr->key, "@comment") == 0 || + g_strcmp0 (attr->key, "@comment-tmp") == 0) + continue; ++ value_safe = g_string_new (attr->value); ++ as_utils_string_replace (value_safe, "&", "&"); ++ as_utils_string_replace (value_safe, "<", "<"); ++ as_utils_string_replace (value_safe, ">", ">"); + g_string_append_printf (str, " %s=\"%s\"", +- attr->key, attr->value); ++ attr->key, value_safe->str); + } + return g_string_free (str, FALSE); + } +diff --git a/libappstream-glib/as-self-test.c b/libappstream-glib/as-self-test.c +index 9800c03..fb4ccf8 100644 +--- a/libappstream-glib/as-self-test.c ++++ b/libappstream-glib/as-self-test.c +@@ -1047,7 +1047,7 @@ as_test_checksum_func (void) + AsNode *n; + AsNode *root; + GString *xml; +- const gchar *src = "12345"; ++ const gchar *src = "12&45"; + gboolean ret; + g_autoptr(AsNodeContext) ctx = NULL; + g_autoptr(AsChecksum) csum = NULL; +@@ -1077,8 +1077,8 @@ as_test_checksum_func (void) + /* verify */ + g_assert_cmpint (as_checksum_get_kind (csum), ==, G_CHECKSUM_SHA1); + g_assert_cmpint (as_checksum_get_target (csum), ==, AS_CHECKSUM_TARGET_CONTAINER); +- g_assert_cmpstr (as_checksum_get_filename (csum), ==, "fn.cab"); +- g_assert_cmpstr (as_checksum_get_value (csum), ==, "12345"); ++ g_assert_cmpstr (as_checksum_get_filename (csum), ==, "f&n.cab"); ++ g_assert_cmpstr (as_checksum_get_value (csum), ==, "12&45"); + + /* back to node */ + root = as_node_new (); +-- +2.14.3 + diff --git a/libappstream-glib.spec b/libappstream-glib.spec index 318734e..6cb1252 100644 --- a/libappstream-glib.spec +++ b/libappstream-glib.spec @@ -6,7 +6,7 @@ Summary: Library for AppStream metadata Name: libappstream-glib Version: 0.7.5 -Release: 2%{?dist} +Release: 3%{?dist} License: LGPLv2+ URL: http://people.freedesktop.org/~hughsient/appstream-glib/ Source0: http://people.freedesktop.org/~hughsient/appstream-glib/releases/appstream-glib-%{version}.tar.xz @@ -14,6 +14,7 @@ Source0: http://people.freedesktop.org/~hughsient/appstream-glib/releases/apps # from upstream git master Patch0: 0001-as-app-desktop-don-t-deference-invalid-lists.patch Patch1: 0002-Fix-an-invalid-read-when-using-as_app_parse_data-fro.patch +Patch2: 0001-Never-include-in-attribute-values.patch BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: docbook-utils @@ -89,6 +90,7 @@ GLib headers and libraries for appstream-builder. %setup -q -n appstream-glib-%{version} %patch0 -p1 -b .crash1 %patch1 -p1 -b .crash2 +%patch2 -p1 -b .invalid-xml %build %meson \ @@ -154,6 +156,9 @@ GLib headers and libraries for appstream-builder. %{_datadir}/gir-1.0/AppStreamBuilder-1.0.gir %changelog +* Tue Jan 30 2018 Richard Hughes 0.7.5-3 +- Backport a fix from master to fix XML generation. + * Wed Jan 24 2018 Richard Hughes 0.7.5-2 - Backport two crash fixes from master.