rpms
/
gnome-autoar
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:c8
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
..
compare: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c8' and 'c9' have entirely different histories.
c8 ... c9

9 changed files with 268 additions and 237 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/gnome-autoar-0.2.3.tar.xz
SOURCES/gnome-autoar-0.4.1.tar.xz

2
.gnome-autoar.metadata
Unescape View File

@ -1 +1 @@
f9b2d65e4fe4ea8b30918bc0e51fad39a5d1506c SOURCES/gnome-autoar-0.2.3.tar.xz
157eb8e8aabc988155d70320624bbf48abd04abe SOURCES/gnome-autoar-0.4.1.tar.xz

70
SOURCES/extractor-Detect-conflict-also-for-directories.patch
Unescape View File

@ -1,70 +0,0 @@
From 2c7a42b63913c05326cb66253960517ea0343c6a Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Thu, 25 Feb 2021 14:10:26 +0100
Subject: [PATCH] extractor: Detect conflict also for directories
Current logic doesn't detect conflics when extracting directory. This
is ok, but only for the case when the conflic is caused by directory.
Otherwise, the conflic should be detected and AutoarExtractor should
try to delete the file before creating new directory.
---
gnome-autoar/autoar-extractor.c | 27 ++++++++-------------------
1 file changed, 8 insertions(+), 19 deletions(-)
diff --git a/gnome-autoar/autoar-extractor.c b/gnome-autoar/autoar-extractor.c
index f1f49cf..376c864 100644
--- a/gnome-autoar/autoar-extractor.c
+++ b/gnome-autoar/autoar-extractor.c
@@ -897,7 +897,6 @@ autoar_extractor_check_file_conflict (GFile *file,
mode_t extracted_filetype)
{
GFileType file_type;
- gboolean conflict = FALSE;
file_type = g_file_query_file_type (file,
G_FILE_QUERY_INFO_NONE,
@@ -907,26 +906,13 @@ autoar_extractor_check_file_conflict (GFile *file,
return FALSE;
}
- switch (extracted_filetype) {
- case AE_IFDIR:
- break;
- case AE_IFREG:
- case AE_IFLNK:
-#if defined HAVE_MKFIFO || defined HAVE_MKNOD
- case AE_IFIFO:
-#endif
-#ifdef HAVE_MKNOD
- case AE_IFSOCK:
- case AE_IFBLK:
- case AE_IFCHR:
-#endif
- conflict = TRUE;
- break;
- default:
- break;
+ /* It is not problem if the directory already exists */
+ if (file_type == G_FILE_TYPE_DIRECTORY &&
+ extracted_filetype == AE_IFDIR) {
+ return FALSE;
}
- return conflict;
+ return TRUE;
}
static void
@@ -1850,6 +1836,9 @@ autoar_extractor_step_extract (AutoarExtractor *self) {
case AUTOAR_CONFLICT_OVERWRITE:
break;
case AUTOAR_CONFLICT_CHANGE_DESTINATION:
+ /* FIXME: If the destination is changed for directory, it should be
+ * changed also for its children...
+ */
g_assert_nonnull (new_extracted_filename);
g_clear_object (&extracted_filename);
extracted_filename = new_extracted_filename;
--
2.31.1

126
SOURCES/extractor-Do-not-allow-symlink-in-parents.patch
Unescape View File

@ -1,126 +0,0 @@
From 3e7b4aca4b0afe9fb1b1160bd26f791d7a636980 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Mon, 1 Mar 2021 17:16:27 +0100
Subject: [PATCH] extractor: Do not allow symlink in parents
Currently, it is still possible that some files are extracted outside of
the destination dir in case of malicious archives. The checks from commit
adb067e6 can be still bypassed in certain cases. See GNOME/file-roller#108
for more details. After some investigation, I am convinced that it would be
best to simply disallow symlinks in parents. For example, `tar` fails to
extract such files with the `ENOTDIR` error. Let's do the same here.
Fixes: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/12
---
gnome-autoar/autoar-extractor.c | 59 +++++++++++++++++++++++++--------
1 file changed, 46 insertions(+), 13 deletions(-)
diff --git a/gnome-autoar/autoar-extractor.c b/gnome-autoar/autoar-extractor.c
index ce6e6e9..79a7278 100644
--- a/gnome-autoar/autoar-extractor.c
+++ b/gnome-autoar/autoar-extractor.c
@@ -892,27 +892,42 @@ autoar_extractor_do_sanitize_pathname (AutoarExtractor *self,
return extracted_filename;
}
-static gboolean
-autoar_extractor_check_file_conflict (GFile *file,
+/* The function checks @file for conflicts with already existing files on the
+ * disk. It also recursively checks parents of @file to be sure it is directory.
+ * It doesn't follow symlinks, so symlinks in parents are also considered as
+ * conflicts even though they point to directory. It returns #GFile object for
+ * the file, which cause the conflict (so @file, or some of its parents). If
+ * there aren't any conflicts, NULL is returned.
+ */
+static GFile *
+autoar_extractor_check_file_conflict (AutoarExtractor *self,
+ GFile *file,
mode_t extracted_filetype)
{
GFileType file_type;
+ g_autoptr (GFile) parent = NULL;
file_type = g_file_query_file_type (file,
G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS,
NULL);
- /* If there is no file with the given name, there will be no conflict */
- if (file_type == G_FILE_TYPE_UNKNOWN) {
- return FALSE;
+
+ /* It is a conflict if the file already exists with an exception for already
+ * existing directories.
+ */
+ if (file_type != G_FILE_TYPE_UNKNOWN &&
+ (file_type != G_FILE_TYPE_DIRECTORY ||
+ extracted_filetype != AE_IFDIR)) {
+ return g_object_ref (file);
}
- /* It is not problem if the directory already exists */
- if (file_type == G_FILE_TYPE_DIRECTORY &&
- extracted_filetype == AE_IFDIR) {
- return FALSE;
+ if ((self->new_prefix && g_file_equal (self->new_prefix, file)) ||
+ (!self->new_prefix && g_file_equal (self->destination_dir, file))) {
+ return NULL;
}
- return TRUE;
+ /* Check also parents for conflict to be sure it is directory. */
+ parent = g_file_get_parent (file);
+ return autoar_extractor_check_file_conflict (self, parent, AE_IFDIR);
}
static void
@@ -1804,7 +1819,7 @@ autoar_extractor_step_extract (AutoarExtractor *self) {
g_autoptr (GFile) extracted_filename = NULL;
g_autoptr (GFile) hardlink_filename = NULL;
AutoarConflictAction action;
- gboolean file_conflict;
+ g_autoptr (GFile) file_conflict = NULL;
if (g_cancellable_is_cancelled (self->cancellable)) {
archive_read_free (a);
@@ -1823,11 +1838,27 @@ autoar_extractor_step_extract (AutoarExtractor *self) {
}
/* Attempt to solve any name conflict before doing any operations */
- file_conflict = autoar_extractor_check_file_conflict (extracted_filename,
+ file_conflict = autoar_extractor_check_file_conflict (self,
+ extracted_filename,
archive_entry_filetype (entry));
while (file_conflict) {
GFile *new_extracted_filename = NULL;
+ /* Do not try to solve any conflicts in parents for now. Especially
+ * symlinks in parents are dangerous as it can easily happen that files
+ * are written outside of the destination. The tar cmd fails to extract
+ * such archives with ENOTDIR. Let's do the same here. This is most
+ * probably malicious, or corrupted archive if the conflict was caused
+ * only by files from the archive...
+ */
+ if (!g_file_equal (file_conflict, extracted_filename)) {
+ self->error = g_error_new (G_IO_ERROR,
+ G_IO_ERROR_NOT_DIRECTORY,
+ "The file is not a directory");
+ archive_read_free (a);
+ return;
+ }
+
action = autoar_extractor_signal_conflict (self,
extracted_filename,
&new_extracted_filename);
@@ -1855,7 +1886,9 @@ autoar_extractor_step_extract (AutoarExtractor *self) {
break;
}
- file_conflict = autoar_extractor_check_file_conflict (extracted_filename,
+ g_clear_object (&file_conflict);
+ file_conflict = autoar_extractor_check_file_conflict (self,
+ extracted_filename,
archive_entry_filetype (entry));
}
--
2.31.1

27
SOURCES/extractor-Do-not-follow-symlinks-when-detecting-conf.patch
Unescape View File

@ -1,27 +0,0 @@
From c726022a46d780c0cf305788b8126f45704ef462 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Mon, 1 Mar 2021 10:13:17 +0100
Subject: [PATCH] extractor: Do not follow symlinks when detecting conflicts
Currently, symlinks are followed when detecting conflicts. But this
is not desired as the original file caused the conflict, not its target.
---
gnome-autoar/autoar-extractor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnome-autoar/autoar-extractor.c b/gnome-autoar/autoar-extractor.c
index 376c864..ce6e6e9 100644
--- a/gnome-autoar/autoar-extractor.c
+++ b/gnome-autoar/autoar-extractor.c
@@ -899,7 +899,7 @@ autoar_extractor_check_file_conflict (GFile *file,
GFileType file_type;
file_type = g_file_query_file_type (file,
- G_FILE_QUERY_INFO_NONE,
+ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS,
NULL);
/* If there is no file with the given name, there will be no conflict */
if (file_type == G_FILE_TYPE_UNKNOWN) {
--
2.31.1

108
SOURCES/extractor-Fix-extraction-of-raw-format-archives.patch
Unescape View File

@ -0,0 +1,108 @@
From b46a189982945d7154a12be59533f6385833a9cb Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Tue, 30 Nov 2021 13:39:55 +0100
Subject: [PATCH] extractor: Fix extraction of raw format archives
An extraction of raw format archives leads to crashes currently.
This is because the generic "data" string is returned from libarchive
instead of the real pathname, which is not expected currently. Let's
handle this case properly and fallback to the source basename.
Fixes: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/38
---
gnome-autoar/autoar-extractor.c | 53 +++++++++++++++++++--------------
1 file changed, 31 insertions(+), 22 deletions(-)
diff --git a/gnome-autoar/autoar-extractor.c b/gnome-autoar/autoar-extractor.c
index eb3edda..bb60901 100644
--- a/gnome-autoar/autoar-extractor.c
+++ b/gnome-autoar/autoar-extractor.c
@@ -964,6 +964,7 @@ autoar_extractor_check_file_conflict (AutoarExtractor *self,
/* Check also parents for conflict to be sure it is directory. */
parent = g_file_get_parent (file);
+ g_return_val_if_fail (parent, NULL);
return autoar_extractor_check_file_conflict (self, parent, AE_IFDIR);
}
@@ -1664,11 +1665,15 @@ autoar_extractor_step_scan_toplevel (AutoarExtractor *self)
return;
}
self->use_raw_format = TRUE;
+
+ g_debug ("autoar_extractor_step_scan_toplevel: using raw format");
}
while ((r = archive_read_next_header (a, &entry)) == ARCHIVE_OK) {
const char *pathname;
g_autofree char *utf8_pathname = NULL;
+ const char *symlink_pathname;
+ const char *hardlink_pathname;
if (g_cancellable_is_cancelled (self->cancellable)) {
archive_read_free (a);
@@ -1683,28 +1688,26 @@ autoar_extractor_step_scan_toplevel (AutoarExtractor *self)
}
}
- if (self->use_raw_format) {
- pathname = autoar_common_get_basename_remove_extension (g_file_peek_path (self->source_file));
- g_debug ("autoar_extractor_step_scan_toplevel: %d: raw pathname = %s",
- self->total_files, pathname);
- } else {
- const char *symlink_pathname;
- const char *hardlink_pathname;
-
- pathname = archive_entry_pathname (entry);
- utf8_pathname = autoar_common_get_utf8_pathname (pathname);
- symlink_pathname = archive_entry_symlink (entry);
- hardlink_pathname = archive_entry_hardlink (entry);
-
- g_debug ("autoar_extractor_step_scan_toplevel: %d: pathname = %s%s%s%s%s%s%s",
- self->total_files, pathname,
- utf8_pathname ? " utf8 pathname = " : "",
- utf8_pathname ? utf8_pathname : "",
- symlink_pathname ? " symlink = " : "",
- symlink_pathname ? symlink_pathname : "",
- hardlink_pathname ? " hardlink = " : "",
- hardlink_pathname ? hardlink_pathname : "");
- }
+ pathname = archive_entry_pathname (entry);
+ utf8_pathname = autoar_common_get_utf8_pathname (pathname);
+ symlink_pathname = archive_entry_symlink (entry);
+ hardlink_pathname = archive_entry_hardlink (entry);
+
+ /* The raw format usually doesn't propagate file name and the generic "data"
+ * string is returned instead. Let's use source basename in that case.
+ */
+ if (self->use_raw_format && g_str_equal (pathname, "data"))
+ pathname = autoar_common_get_basename_remove_extension (self->source_basename);
+
+ g_debug ("autoar_extractor_step_scan_toplevel: %d: pathname = %s%s%s%s%s%s%s",
+ self->total_files, pathname,
+ utf8_pathname ? " utf8 pathname = " : "",
+ utf8_pathname ? utf8_pathname : "",
+ symlink_pathname ? " symlink = " : "",
+ symlink_pathname ? symlink_pathname : "",
+ hardlink_pathname ? " hardlink = " : "",
+ hardlink_pathname ? hardlink_pathname : "");
+
self->files_list =
g_list_prepend (self->files_list,
autoar_extractor_do_sanitize_pathname (self,
@@ -1889,6 +1892,12 @@ autoar_extractor_step_extract (AutoarExtractor *self) {
pathname = archive_entry_pathname (entry);
hardlink = archive_entry_hardlink (entry);
+ /* The raw format usually doesn't propagate file name and the generic "data"
+ * string is returned instead. Let's use source basename in that case.
+ */
+ if (self->use_raw_format && g_str_equal (pathname, "data"))
+ pathname = autoar_common_get_basename_remove_extension (self->source_basename);
+
extracted_filename =
autoar_extractor_do_sanitize_pathname (self, pathname);
--
2.33.1

44
SOURCES/extractor-Fix-extraction-to-root-directory.patch
Unescape View File

@ -0,0 +1,44 @@
From 7237276439281abfedd619ecf6f5c17fae411137 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Tue, 30 Nov 2021 13:45:07 +0100
Subject: [PATCH] extractor: Fix extraction to root directory
An extraction to the root of an archive which contains the "/" path
leads to crashes. Let's handle this rare corner case.
Relates: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/38
---
gnome-autoar/autoar-extractor.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/gnome-autoar/autoar-extractor.c b/gnome-autoar/autoar-extractor.c
index bb60901..ab68c47 100644
--- a/gnome-autoar/autoar-extractor.c
+++ b/gnome-autoar/autoar-extractor.c
@@ -857,6 +857,14 @@ autoar_extractor_get_common_prefix (GList *files,
while (!g_file_has_parent (prefix, root)) {
file = g_file_get_parent (prefix);
g_object_unref (prefix);
+
+ /* This can happen if the archive contains the "/" path and the destination
+ * is "/" as well.
+ */
+ if (file == NULL) {
+ return NULL;
+ }
+
prefix = file;
}
@@ -984,7 +992,7 @@ autoar_extractor_do_write_entry (AutoarExtractor *self,
{
GFile *parent;
parent = g_file_get_parent (dest);
- if (!g_file_query_exists (parent, self->cancellable))
+ if (parent && !g_file_query_exists (parent, self->cancellable))
g_file_make_directory_with_parents (parent,
self->cancellable,
NULL);
--
2.33.1

42
SOURCES/tests-Do-not-left-read-only-directory-in-the-tree.patch
Unescape View File

@ -0,0 +1,42 @@
From 0f528ab688d4b01c51c0d33c3893854aae3d80ac Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Tue, 30 Nov 2021 10:53:22 +0100
Subject: [PATCH] tests: Do not left read-only directory in the tree
Currently, various tools fail to remove the read-only directory, which
is created as an output from the test suite. This for example breaks
package building when tests are enabled. Let's make it writable again
when test is done to fix the issue.
Fixes: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/34
---
tests/test-extract-unit.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tests/test-extract-unit.c b/tests/test-extract-unit.c
index 615ba22..5965f48 100644
--- a/tests/test-extract-unit.c
+++ b/tests/test-extract-unit.c
@@ -1264,6 +1264,7 @@ test_readonly_directory (void)
g_autoptr (ExtractTest) extract_test = NULL;
g_autoptr (ExtractTestData) data = NULL;
g_autoptr (GFile) archive = NULL;
+ g_autoptr (GFile) readonly = NULL;
g_autoptr (AutoarExtractor) extractor = NULL;
extract_test = extract_test_new ("test-readonly-directory");
@@ -1285,6 +1286,11 @@ test_readonly_directory (void)
g_assert_no_error (data->error);
g_assert_true (data->completed_signalled);
assert_reference_and_output_match (extract_test);
+
+ /* Make the directory writable again to avoid issues when deleting. */
+ readonly = g_file_get_child (extract_test->output, "arextract");
+ g_file_set_attribute_uint32 (readonly, G_FILE_ATTRIBUTE_UNIX_MODE, 0755,
+ G_FILE_QUERY_INFO_NONE, NULL, NULL);
}
static void
--
2.33.1

84
SPECS/gnome-autoar.spec
Unescape View File

@ -1,17 +1,22 @@
Name: gnome-autoar
Version: 0.2.3
Version: 0.4.1
Release: 2%{?dist}
Summary: Archive library
License: LGPLv2+
URL: https://git.gnome.org/browse/gnome-autoar
Source0: https://download.gnome.org/sources/gnome-autoar/0.2/gnome-autoar-%{version}.tar.xz
Source0: https://download.gnome.org/sources/gnome-autoar/0.4/gnome-autoar-%{version}.tar.xz
Patch0: extractor-Detect-conflict-also-for-directories.patch
Patch1: extractor-Do-not-follow-symlinks-when-detecting-conf.patch
Patch2: extractor-Do-not-allow-symlink-in-parents.patch
# https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/38
Patch0: extractor-Fix-extraction-of-raw-format-archives.patch
Patch1: extractor-Fix-extraction-to-root-directory.patch
# https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/34
Patch2: tests-Do-not-left-read-only-directory-in-the-tree.patch
BuildRequires: gcc
BuildRequires: meson
BuildRequires: gtk-doc
BuildRequires: pkgconfig(gio-2.0)
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(gobject-2.0)
@ -38,17 +43,19 @@ developing applications that use %{name}.
%build
%configure --disable-static
%make_build
%meson -Dvapi=true \
-Dgtk_doc=true \
-Dtests=true \
%{nil}
%meson_build
%install
%make_install
find $RPM_BUILD_ROOT -name '*.la' -delete
%meson_install
%check
make check
%meson_test
%files
@ -72,11 +79,64 @@ make check
%dir %{_datadir}/vala/vapi
%{_datadir}/vala/vapi/gnome-autoar-0.vapi
%{_datadir}/vala/vapi/gnome-autoar-gtk-0.vapi
%{_datadir}/vala/vapi/gnome-autoar-0.deps
%{_datadir}/vala/vapi/gnome-autoar-gtk-0.deps
%changelog
* Thu Apr 29 2021 Ondrej Holy <oholy@redhat.com> - 0.2.3-2
- CVE-2020-36241, CVE-2021-28650: Do not allow symlink in parents (rhbz#1928701)
* Tue Dec 07 2021 Ondrej Holy <oholy@redhat.com> - 0.4.1-2
- Fix extraction of raw format archives
- Run embedded test suite as a part of the build
* Mon Nov 01 2021 Kalev Lember <klember@redhat.com> - 0.4.1-1
- Update to 0.4.1
* Tue Aug 10 2021 Ondrej Holy <oholy@redhat.com> - 0.4.0-1
- Update to 0.4.0
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.3.3-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Jun 21 2021 Kalev Lember <klember@redhat.com> - 0.3.3-1
- Update to 0.3.3
* Wed May 05 2021 Kalev Lember <klember@redhat.com> - 0.3.2-1
- Update to 0.3.2
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.3.1-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Mar 15 2021 Kalev Lember <klember@redhat.com> - 0.3.1-1
- Update to 0.3.1
* Wed Feb 17 2021 Kalev Lember <klember@redhat.com> - 0.3.0-1
- Update to 0.3.0
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.4-4
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Jan 07 2020 Kalev Lember <klember@redhat.com> - 0.2.4-1
- Update to 0.2.4
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sat Mar 03 2018 Kalev Lember <klember@redhat.com> - 0.2.3-1
- Update to 0.2.3

Write Preview
Loading…
Cancel
Save