--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: carnil@debian.org,seb128@ubuntu.com
Hi Release team,
Please unblock package file-roller
file-roller uploadeds as 3.38.1-1 contains the 3.38.1 bugfix release
which includes
+ * libarchive: Skip files with symlinks in parents. (Ondrej Holy) (!108)
(which is CVE-2020-36314) and
+ * Fix use-after-free in error message reporting. (Badel2)
Additionally there are updated application translations, new or
updated manual translations.
Can you consider unblocking it? I did not perform the upload, which
was done by the package maintainer, but noticed the needed unblock
while reviewing uploads including security fixes.
I'm attaching (a filtered, expluding the '*.po files).
Regards,
Salvatore
diff -Nru file-roller-3.38.0/NEWS file-roller-3.38.1/NEWS
--- file-roller-3.38.0/NEWS 2020-09-12 21:05:43.792812000 +0200
+++ file-roller-3.38.1/NEWS 2021-04-11 17:45:18.127801000 +0200
@@ -1,3 +1,37 @@
+version 3.38.1
+--------------
+
+ Bugs fixed:
+
+ * libarchive: Skip files with symlinks in parents. (Ondrej Holy) (!108)
+ * Fix use-after-free in error message reporting. (Badel2)
+
+ New or updated application translations:
+
+ * Catalan (Gil Forcada)
+ * Chinese (Cheng-Chia Tseng)
+ * Danish (Ask Hjorth Larsen)
+ * Hebrew (Yosef Or Boczko)
+ * Norwegian bokmål (Åka Sikrom)
+ * Portuguese (Hugo Carvalho)
+ * Proxecto Trasno (Fran Dieguez)
+ * Punjabi (A S Alam)
+ * Vietnamese (Trần Ngọc Quân)
+
+ New or updated manual translations:
+
+ * Catalan (Manel Vidal)
+ * Danish (Ask Hjorth Larsen)
+ * French (Guillaume Bernard)
+ * Galician (Fran Dieguez)
+ * Hungarian (Balázs Úr)
+ * Indonesian (Andika Triwidada)
+ * Korea (Seong-ho Cho)
+ * Polish (Piotr Drąg)
+ * Swedish (Anders Jonsson)
+ * Turkish (Sabri Ünal)
+ * Ukrainian (Yuri Chornoivan)
+
version 3.38.0
--------------
diff -Nru file-roller-3.38.0/data/org.gnome.FileRoller.appdata.xml.in file-roller-3.38.1/data/org.gnome.FileRoller.appdata.xml.in
--- file-roller-3.38.0/data/org.gnome.FileRoller.appdata.xml.in 2020-09-12 21:05:43.792812000 +0200
+++ file-roller-3.38.1/data/org.gnome.FileRoller.appdata.xml.in 2021-04-11 17:45:18.127801000 +0200
@@ -46,4 +46,11 @@
<provides>
<id>org.gnome.FileRoller.desktop</id>
</provides>
+
+ <releases>
+ <release version="3.38.0" date="2020-09-12"/>
+ <release version="3.36.3" date="2020-08-08"/>
+ </releases>
+
+ <content_rating type="oars-1.1" />
</component>
diff -Nru file-roller-3.38.0/debian/changelog file-roller-3.38.1/debian/changelog
--- file-roller-3.38.0/debian/changelog 2020-09-14 14:10:32.000000000 +0200
+++ file-roller-3.38.1/debian/changelog 2021-04-12 11:45:26.000000000 +0200
@@ -1,3 +1,9 @@
+file-roller (3.38.1-1) unstable; urgency=medium
+
+ * New upstream release including a fix for CVE-2020-36314
+
+ -- Sebastien Bacher <seb128@ubuntu.com> Mon, 12 Apr 2021 11:45:26 +0200
+
file-roller (3.38.0-1) unstable; urgency=medium
* New upstream release
Binary files /tmp/qs62HkXZUC/file-roller-3.38.0/help/C/figures/file-roller-icon.png and /tmp/0CeKV7yUHu/file-roller-3.38.1/help/C/figures/file-roller-icon.png differ
diff -Nru file-roller-3.38.0/help/C/figures/org.gnome.ArchiveManager.svg file-roller-3.38.1/help/C/figures/org.gnome.ArchiveManager.svg
--- file-roller-3.38.0/help/C/figures/org.gnome.ArchiveManager.svg 1970-01-01 01:00:00.000000000 +0100
+++ file-roller-3.38.1/help/C/figures/org.gnome.ArchiveManager.svg 2021-04-11 17:45:18.127801000 +0200
@@ -0,0 +1,299 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/";
+ xmlns:cc="http://creativecommons.org/ns#";
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#";
+ xmlns:svg="http://www.w3.org/2000/svg";
+ xmlns="http://www.w3.org/2000/svg";
+ xmlns:xlink="http://www.w3.org/1999/xlink";
+ viewBox="0 0 128 128"
+ style="display:inline;enable-background:new"
+ version="1.0"
+ id="svg11300"
+ height="128"
+ width="128">
+ <title
+ id="title4162">Adwaita Icon Template</title>
+ <defs
+ id="defs3">
+ <linearGradient
+ gradientUnits="userSpaceOnUse"
+ y2="268"
+ x2="115.82323"
+ y1="268"
+ x1="11.823223"
+ id="linearGradient1329"
+ xlink:href="#linearGradient1357" />
+ <linearGradient
+ id="linearGradient1357">
+ <stop
+ id="stop1345"
+ offset="0"
+ style="stop-color:#986a44;stop-opacity:1" />
+ <stop
+ style="stop-color:#cdab8f;stop-opacity:1"
+ offset="0.02884588"
+ id="stop1347" />
+ <stop
+ id="stop1349"
+ offset="0.05769204"
+ style="stop-color:#b5835a;stop-opacity:1" />
+ <stop
+ style="stop-color:#b5835a;stop-opacity:1"
+ offset="0.94230765"
+ id="stop1351" />
+ <stop
+ id="stop1353"
+ offset="0.97133332"
+ style="stop-color:#cdab8f;stop-opacity:1" />
+ <stop
+ id="stop1355"
+ offset="1"
+ style="stop-color:#986a44;stop-opacity:1" />
+ </linearGradient>
+ <linearGradient
+ y2="23"
+ x2="60"
+ y1="53.254841"
+ x1="70.586235"
+ gradientTransform="translate(0,170)"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient1610"
+ xlink:href="#linearGradient1656" />
+ <linearGradient
+ id="linearGradient1656">
+ <stop
+ style="stop-color:#ffffff;stop-opacity:1"
+ offset="0"
+ id="stop1652" />
+ <stop
+ style="stop-color:#deddda;stop-opacity:1"
+ offset="1"
+ id="stop1654" />
+ </linearGradient>
+ <linearGradient
+ y2="268"
+ x2="68"
+ y1="268"
+ x1="60"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient1612"
+ xlink:href="#linearGradient1270" />
+ <linearGradient
+ id="linearGradient1270">
+ <stop
+ style="stop-color:#949390;stop-opacity:1;"
+ offset="0"
+ id="stop1258" />
+ <stop
+ id="stop1260"
+ offset="0.08333334"
+ style="stop-color:#d5d3cf;stop-opacity:1" />
+ <stop
+ style="stop-color:#949390;stop-opacity:1;"
+ offset="0.16666667"
+ id="stop1262" />
+ <stop
+ id="stop1264"
+ offset="0.83333331"
+ style="stop-color:#949390;stop-opacity:1;" />
+ <stop
+ style="stop-color:#d5d3cf;stop-opacity:1"
+ offset="0.91666669"
+ id="stop1266" />
+ <stop
+ style="stop-color:#949390;stop-opacity:1"
+ offset="1"
+ id="stop1268" />
+ </linearGradient>
+ </defs>
+ <metadata
+ id="metadata4">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage"; />
+ <dc:creator>
+ <cc:Agent>
+ <dc:title>GNOME Design Team</dc:title>
+ </cc:Agent>
+ </dc:creator>
+ <dc:source />
+ <cc:license
+ rdf:resource="http://creativecommons.org/licenses/by-sa/4.0/"; />
+ <dc:title>Adwaita Icon Template</dc:title>
+ <dc:subject>
+ <rdf:Bag />
+ </dc:subject>
+ <dc:date />
+ <dc:rights>
+ <cc:Agent>
+ <dc:title />
+ </cc:Agent>
+ </dc:rights>
+ <dc:publisher>
+ <cc:Agent>
+ <dc:title />
+ </cc:Agent>
+ </dc:publisher>
+ <dc:identifier />
+ <dc:relation />
+ <dc:language />
+ <dc:coverage />
+ <dc:description />
+ <dc:contributor>
+ <cc:Agent>
+ <dc:title />
+ </cc:Agent>
+ </dc:contributor>
+ </cc:Work>
+ <cc:License
+ rdf:about="http://creativecommons.org/licenses/by-sa/4.0/";>
+ <cc:permits
+ rdf:resource="http://creativecommons.org/ns#Reproduction"; />
+ <cc:permits
+ rdf:resource="http://creativecommons.org/ns#Distribution"; />
+ <cc:requires
+ rdf:resource="http://creativecommons.org/ns#Notice"; />
+ <cc:requires
+ rdf:resource="http://creativecommons.org/ns#Attribution"; />
+ <cc:permits
+ rdf:resource="http://creativecommons.org/ns#DerivativeWorks"; />
+ <cc:requires
+ rdf:resource="http://creativecommons.org/ns#ShareAlike"; />
+ </cc:License>
+ </rdf:RDF>
+ </metadata>
+ <g
+ transform="translate(0,-172)"
+ style="display:inline"
+ id="layer1">
+ <g
+ transform="translate(0.176777)"
+ id="g1149-5"
+ style="display:inline;enable-background:new">
+ <rect
+ ry="8"
+ rx="8"
+ style="display:inline;opacity:1;fill:url(#linearGradient1329);fill-opacity:1;stroke:none;stroke-width:31.99999428;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:4.00000007, 2.00000003;stroke-dashoffset:0;stroke-opacity:1;enable-background:new"
+ id="rect1000-3-4"
+ width="104"
+ height="76"
+ x="12"
+ y="212" />
+ <rect
+ y="186"
+ x="12"
+ height="68"
+ width="104"
+ id="rect1299"
+ style="display:inline;opacity:0.1;fill:#000000;fill-opacity:1;stroke:none;stroke-width:31.99999809;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:4.00000012, 2.00000007;stroke-dashoffset:0;stroke-opacity:1;enable-background:new"
+ rx="8"
+ ry="8" />
+ <rect
+ ry="8"
+ rx="8"
+ style="display:inline;opacity:1;fill:#cdab8f;fill-opacity:1;stroke:none;stroke-width:31.99999809;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:4.00000012, 2.00000007;stroke-dashoffset:0;stroke-opacity:1;enable-background:new"
+ id="rect1000-3-9-7"
+ width="104"
+ height="68"
+ x="12"
+ y="184" />
+ <rect
+ style="opacity:1;vector-effect:none;fill:#cdab8f;fill-opacity:1;stroke:none;stroke-width:1.54560292;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:none;marker-mid:none;marker-end:none;paint-order:normal"
+ id="rect1076-65"
+ width="2"
+ height="60"
+ x="62"
+ y="192" />
+ <rect
+ style="display:inline;opacity:1;vector-effect:none;fill:#eadcd0;fill-opacity:1;stroke:none;stroke-width:1.54560292;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:none;marker-mid:none;marker-end:none;paint-order:normal;enable-background:new"
+ id="rect1076-6-69"
+ width="2"
+ height="60.000008"
+ x="64"
+ y="-252"
+ transform="scale(1,-1)" />
+ <g
+ transform="translate(0,17)"
+ id="g1135-3"
+ style="display:inline;enable-background:new">
+ <path
+ style="opacity:1;fill:url(#linearGradient1610);fill-opacity:1;stroke:none;stroke-width:0.49999988;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;paint-order:normal"
+ d="m 60,178 v 4 h 4 v -2 h 4 v -2 h -4 z m 4,4 v 2 h -4 v 4 h 4 v -2 h 4 v -4 z m 0,6 v 2 h -4 v 4 h 4 v -2 h 4 v -4 z m 0,6 v 2 h -4 v 4 h 4 v -2 h 4 v -2 -2 z m 0,6 v 2 h -4 v 4 h 4 v -2 h 4 v -4 z m 0,6 v 2 h -4 v 4 h 4 v -2 h 4 v -4 z m 0,6 v 2 h -4 v 4 h 4 v -2 h 4 v -2 -2 z m 0,6 v 2 h -4 v 4 h 4 v -2 h 4 v -4 z m 0,6 v 2 h -4 v 4 h 4 v -2 h 4 v -4 z m 0,6 v 2 h -4 v 4 h 4 v -2 h 4 v -2 -2 z"
+ id="rect5175-2-7" />
+ <path
+ style="opacity:0.4;fill:#241f31;fill-opacity:1;stroke:none;stroke-width:0.49999988;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;paint-order:normal"
+ d="m 64,179 v 1 h 4 v -1 z m -4,2 v 1 h 4 v -1 z m 4,4 v 1 h 4 v -1 z m -4,2 v 1 h 4 v -1 z m 4,4 v 1 h 4 v -1 z m -4,2 v 1 h 4 v -1 z m 4,4 v 1 h 4 v -1 z m -4,2 v 1 h 4 v -1 z m 4,4 v 1 h 4 v -1 z m -4,2 v 1 h 4 v -1 z m 4,4 v 1 h 4 v -1 z m -4,2 v 1 h 4 v -1 z m 4,4 v 1 h 4 v -1 z m -4,2 v 1 h 4 v -1 z m 4,4 v 1 h 4 v -1 z m -4,2 v 1 h 4 v -1 z m 4,4 v 1 h 4 v -1 z m -4,2 v 1 h 4 v -1 z m 4,4 v 1 h 4 v -1 z m -4,2 v 1 h 4 v -1 z"
+ id="path1183-4" />
+ </g>
+ <path
+ id="path1340-5-4"
+ d="m 60,186 c -2.216,0 -4,1.784 -4,4 v 10 c 0,2.216 1.784,4 4,4 v 8 c 0,1.108 0.892,2 2,2 h 4 c 1.108,0 2,-0.892 2,-2 v -8 c 2.216,0 4,-1.784 4,-4 v -10 c 0,-2.216 -1.784,-4 -4,-4 z m 2,22 h 4 v 4 h -4 z"
+ style="display:inline;opacity:0.1;fill:#000000;fill-opacity:1;stroke:none;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;enable-background:new" />
+ <g
+ id="g1352-52"
+ transform="translate(0,-66)"
+ style="display:inline;enable-background:new">
+ <path
+ style="opacity:1;fill:url(#linearGradient1612);fill-opacity:1;stroke:none;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ d="m 62,258 c -1.108,0 -2,0.892 -2,2 v 16 c 0,1.108 0.892,2 2,2 h 4 c 1.108,0 2,-0.892 2,-2 v -16 c 0,-1.108 -0.892,-2 -2,-2 z m 0,14 h 4 v 4 h -4 z"
+ id="path1340-5" />
+ <rect
+ ry="4"
+ rx="4"
+ y="250"
+ x="56"
+ height="18"
+ width="16"
+ id="rect1051-6-7-4"
+ style="display:inline;opacity:1;vector-effect:none;fill:#3d3846;fill-opacity:1;stroke:none;stroke-width:7.99999857;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;enable-background:new" />
+ <rect
+ ry="4"
+ rx="4"
+ y="248"
+ x="56"
+ height="18"
+ width="16"
+ id="rect1051-6-74"
+ style="display:inline;opacity:1;vector-effect:none;fill:#5e5c64;fill-opacity:1;stroke:none;stroke-width:7.99999857;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;enable-background:new" />
+ <path
+ id="rect1335-4"
+ d="m 62,254 c -1.108,0 -2,0.892 -2,2 v 18 c 0,1.108 0.892,2 2,2 h 4 c 1.108,0 2,-0.892 2,-2 v -18 c 0,-1.108 -0.892,-2 -2,-2 z m 0,16 h 4 v 4 h -4 z"
+ style="opacity:1;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <rect
+ transform="scale(1,-1)"
+ ry="2"
+ rx="2"
+ y="-260"
+ x="62"
+ height="10"
+ width="3.9999993"
+ id="rect5037-3-3"
+ style="display:inline;opacity:1;fill:#68676b;fill-opacity:1;stroke:none;stroke-width:0.49999991;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;paint-order:normal;enable-background:new" />
+ <rect
+ style="display:inline;opacity:1;fill:#949390;fill-opacity:1;stroke:none;stroke-width:0.49999991;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;paint-order:normal;enable-background:new"
+ id="rect1089-0"
+ width="3.9999993"
+ height="8"
+ x="62"
+ y="-258"
+ rx="2"
+ ry="2"
+ transform="scale(1,-1)" />
+ </g>
+ <path
+ transform="translate(-0.1767767,172)"
+ id="rect1236"
+ d="m 16.177734,13.072266 c -0.754705,0.43517 -1.427824,0.989659 -2,1.638672 v 62.578124 c 0.572176,0.649013 1.245295,1.203502 2,1.638672 z"
+ style="opacity:0.1;vector-effect:none;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:none;marker-mid:none;marker-end:none;paint-order:normal" />
+ <path
+ id="rect1236-3"
+ transform="translate(-0.1767767,172)"
+ d="m 112.17773,13.072266 v 65.855468 c 0.75493,-0.435507 1.42781,-0.991137 2,-1.640625 V 14.712891 c -0.57219,-0.649488 -1.24507,-1.205118 -2,-1.640625 z"
+ style="display:inline;opacity:0.1;vector-effect:none;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:none;marker-mid:none;marker-end:none;paint-order:normal;enable-background:new" />
+ </g>
+ </g>
+</svg>
diff -Nru file-roller-3.38.0/help/C/index.page file-roller-3.38.1/help/C/index.page
--- file-roller-3.38.0/help/C/index.page 2020-09-12 21:05:43.792812000 +0200
+++ file-roller-3.38.1/help/C/index.page 2021-04-11 17:45:18.127801000 +0200
@@ -4,6 +4,7 @@
id="index">
<info>
+ <title type="link" role="trail">Archive Manager</title>
<title type="link">Archive Manager Help</title>
<title type="text">Archive Manager Help</title>
<revision pkgversion="3.8" date="2013-02-24" status="review"/>
@@ -26,7 +27,8 @@
</info>
<title>
- <media type="image" mime="image/png" its:translate="no" height="32" src="figures/file-roller-icon.png" />
+ <media type="image" its:translate="no" width="48px" height="48px"
+ src="figures/org.gnome.ArchiveManager.svg" />
Archive Manager
</title>
diff -Nru file-roller-3.38.0/help/meson.build file-roller-3.38.1/help/meson.build
--- file-roller-3.38.0/help/meson.build 2020-09-12 21:05:43.799478500 +0200
+++ file-roller-3.38.1/help/meson.build 2021-04-11 17:45:18.174467600 +0200
@@ -17,6 +17,6 @@
'troubleshooting-password.page'
],
media : [
- 'figures/file-roller-icon.png'
+ 'figures/org.gnome.ArchiveManager.svg'
]
)
diff -Nru file-roller-3.38.0/meson.build file-roller-3.38.1/meson.build
--- file-roller-3.38.0/meson.build 2020-09-12 21:05:43.802811600 +0200
+++ file-roller-3.38.1/meson.build 2021-04-11 17:45:18.231134200 +0200
@@ -1,6 +1,6 @@
project('file-roller', 'c',
license : 'GPL2+',
- version : '3.38.0',
+ version : '3.38.1',
meson_version : '>=0.50'
)
diff -Nru file-roller-3.38.0/src/fr-application.c file-roller-3.38.1/src/fr-application.c
--- file-roller-3.38.0/src/fr-application.c 2020-09-12 21:05:43.826144000 +0200
+++ file-roller-3.38.1/src/fr-application.c 2021-04-11 17:45:18.394467400 +0200
@@ -454,7 +454,7 @@
G_APPLICATION_CLASS (fr_application_parent_class)->startup (application);
g_set_application_name (_("Archive Manager"));
- gtk_window_set_default_icon_name ("file-roller");
+ gtk_window_set_default_icon_name ("org.gnome.ArchiveManager");
#ifdef ENABLE_NOTIFICATION
if (! notify_init (g_get_application_name ()))
diff -Nru file-roller-3.38.0/src/fr-archive-libarchive.c file-roller-3.38.1/src/fr-archive-libarchive.c
--- file-roller-3.38.0/src/fr-archive-libarchive.c 2020-09-12 21:05:43.826144000 +0200
+++ file-roller-3.38.1/src/fr-archive-libarchive.c 2021-04-11 17:45:18.414467300 +0200
@@ -498,7 +498,6 @@
archive_read_data_skip (a);
}
- archive_read_free (a);
if ((load_data->error == NULL) && (r != ARCHIVE_EOF) && (archive_error_string (a) != NULL))
load_data->error = _g_error_new_from_archive_error (archive_error_string (a));
@@ -507,6 +506,7 @@
if (load_data->error != NULL)
g_simple_async_result_set_from_error (result, load_data->error);
+ archive_read_free (a);
load_data_free (load_data);
}
@@ -697,115 +697,12 @@
return success;
}
-
-static gboolean
-_symlink_is_external_to_destination (GFile *file,
- const char *symlink,
- GFile *destination,
- GHashTable *external_links);
-
-
-static gboolean
-_g_file_is_external_link (GFile *file,
- GFile *destination,
- GHashTable *external_links)
-{
- GFileInfo *info;
- gboolean external;
-
- if (g_hash_table_lookup (external_links, file) != NULL)
- return TRUE;
-
- info = g_file_query_info (file,
- G_FILE_ATTRIBUTE_STANDARD_IS_SYMLINK "," G_FILE_ATTRIBUTE_STANDARD_SYMLINK_TARGET,
- G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS,
- NULL,
- NULL);
-
- if (info == NULL)
- return FALSE;
-
- external = FALSE;
-
- if (g_file_info_get_is_symlink (info)) {
- if (_symlink_is_external_to_destination (file,
- g_file_info_get_symlink_target (info),
- destination,
- external_links))
- {
- g_hash_table_insert (external_links, g_object_ref (file), GINT_TO_POINTER (1));
- external = TRUE;
- }
- }
-
- g_object_unref (info);
-
- return external;
-}
-
-
-static gboolean
-_symlink_is_external_to_destination (GFile *file,
- const char *symlink,
- GFile *destination,
- GHashTable *external_links)
-{
- gboolean external = FALSE;
- GFile *parent;
- char **components;
- int i;
-
- if ((file == NULL) || (symlink == NULL))
- return FALSE;
-
- if (symlink[0] == '/')
- return TRUE;
-
- parent = g_file_get_parent (file);
- components = g_strsplit (symlink, "/", -1);
- for (i = 0; components[i] != NULL; i++) {
- char *name = components[i];
- GFile *tmp;
-
- if ((name[0] == 0) || ((name[0] == '.') && (name[1] == 0)))
- continue;
-
- if ((name[0] == '.') && (name[1] == '.') && (name[2] == 0)) {
- if (g_file_equal (parent, destination)) {
- external = TRUE;
- break;
- }
- else {
- tmp = g_file_get_parent (parent);
- g_object_unref (parent);
- parent = tmp;
- }
- }
- else {
- tmp = g_file_get_child (parent, components[i]);
- g_object_unref (parent);
- parent = tmp;
- }
-
- if (_g_file_is_external_link (parent, destination, external_links)) {
- external = TRUE;
- break;
- }
- }
-
- g_strfreev (components);
- g_object_unref (parent);
-
- return external;
-}
-
-
static gboolean
-_g_path_is_external_to_destination (const char *relative_path,
- GFile *destination,
- GHashTable *external_links)
+_g_file_contains_symlinks_in_path (const char *relative_path,
+ GFile *destination,
+ GHashTable *symlinks)
{
- gboolean external = FALSE;
+ gboolean contains_symlinks = FALSE;
GFile *parent;
char **components;
int i;
@@ -828,8 +725,8 @@
g_object_unref (parent);
parent = tmp;
- if (_g_file_is_external_link (parent, destination, external_links)) {
- external = TRUE;
+ if (g_hash_table_contains (symlinks, parent)) {
+ contains_symlinks = TRUE;
break;
}
}
@@ -837,7 +734,7 @@
g_strfreev (components);
g_object_unref (parent);
- return external;
+ return contains_symlinks;
}
@@ -851,7 +748,7 @@
GHashTable *checked_folders;
GHashTable *created_files;
GHashTable *folders_created_during_extraction;
- GHashTable *external_links;
+ GHashTable *symlinks;
struct archive *a;
struct archive_entry *entry;
int r;
@@ -868,7 +765,7 @@
checked_folders = g_hash_table_new_full (g_file_hash, (GEqualFunc) g_file_equal, g_object_unref, NULL);
created_files = g_hash_table_new_full (g_file_hash, (GEqualFunc) g_file_equal, g_object_unref, g_object_unref);
folders_created_during_extraction = g_hash_table_new_full (g_file_hash, (GEqualFunc) g_file_equal, g_object_unref, NULL);
- external_links = g_hash_table_new_full (g_file_hash, (GEqualFunc) g_file_equal, g_object_unref, NULL);
+ symlinks = g_hash_table_new_full (g_file_hash, (GEqualFunc) g_file_equal, g_object_unref, NULL);
fr_archive_progress_set_total_files (load_data->archive, extract_data->n_files_to_extract);
while ((r = archive_read_next_header (a, &entry)) == ARCHIVE_OK) {
@@ -902,7 +799,14 @@
continue;
}
- if (_g_path_is_external_to_destination (relative_path, extract_data->destination, external_links)) {
+ /* Symlinks in parents are dangerous as it can easily happen
+ * that files are written outside of the destination. The tar
+ * cmd fails to extract such archives with ENOTDIR. Let's skip
+ * those files here for sure. This is most probably malicious,
+ * or corrupted archive.
+ */
+ if (_g_file_contains_symlinks_in_path (relative_path, extract_data->destination, symlinks)) {
+ g_warning ("Skipping '%s' file as it has symlink in parents.", relative_path);
fr_archive_progress_inc_completed_files (load_data->archive, 1);
fr_archive_progress_inc_completed_bytes (load_data->archive, archive_entry_size_is_set (entry) ? archive_entry_size (entry) : 0);
archive_read_data_skip (a);
@@ -1123,8 +1027,8 @@
load_data->error = g_error_copy (local_error);
g_clear_error (&local_error);
}
- if ((load_data->error == NULL) && _symlink_is_external_to_destination (file, archive_entry_symlink (entry), extract_data->destination, external_links))
- g_hash_table_insert (external_links, g_object_ref (file), GINT_TO_POINTER (1));
+ if (load_data->error == NULL)
+ g_hash_table_add (symlinks, g_object_ref (file));
archive_read_data_skip (a);
break;
@@ -1159,7 +1063,7 @@
g_hash_table_unref (folders_created_during_extraction);
g_hash_table_unref (created_files);
g_hash_table_unref (checked_folders);
- g_hash_table_unref (external_links);
+ g_hash_table_unref (symlinks);
archive_read_free (a);
extract_data_free (extract_data);
}
diff -Nru file-roller-3.38.0/src/ui/new-archive-dialog.ui file-roller-3.38.1/src/ui/new-archive-dialog.ui
--- file-roller-3.38.0/src/ui/new-archive-dialog.ui 2020-09-12 21:05:43.836143500 +0200
+++ file-roller-3.38.1/src/ui/new-archive-dialog.ui 2021-04-11 17:45:18.431134000 +0200
@@ -174,6 +174,7 @@
<property name="can_focus">True</property>
<property name="visibility">False</property>
<property name="invisible_char">●</property>
+ <property name="activates_default">True</property>
</object>
<packing>
<property name="expand">False</property>
--- End Message ---