diff --git a/AppStream-0.12.10.tar.xz b/AppStream-0.12.10.tar.xz deleted file mode 100644 index 74d2af2..0000000 --- a/AppStream-0.12.10.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9f0a2c550729e4ccd29844c7a9d021f687fb133ffb37f23f928d50a125d7bd0f -size 2045744 diff --git a/AppStream-0.12.10.tar.xz.asc b/AppStream-0.12.10.tar.xz.asc deleted file mode 100644 index f5f23dc..0000000 --- a/AppStream-0.12.10.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEE0zo/DKFrCsxRpgc4SUyKX79N7OsFAl4jSrMACgkQSUyKX79N -7OumjhAAn1U7ksQKVk1pmUSnYaE+G3baDM5A7Zocd2C9bjwyqNOFMCawWLBez+MU -wX0eBijrO5uCsBw0wzSWwLdRA80E62HHLyoTClgCCXVQJ7lIcZFtKNTCSK3kYVsc -OH3x6WMS8uZly1AqunJmLl8UgF3dytLDjhNTSOZf0Kgt/2kYTV1XDo+h/z2JUCiG -gatrpdJ7P47MAUEl4iIrRCQa8fbuBXTKQ2608GvMSE52quS1PWiCHnX3oqc199Bc -6lF3p9opzSw5fsaIY+FeQdXDSJBLpa+r/HizoopO3oPRCBeBOENpTtk7QFM68Pnw -DqtaONR1gvgSj7fekb/GndW5DPiFCyG6NDvuGbYgX/Og4AXtcPBgAgbhFztiUMoj -oq49twAqgtsTA2ED5A+HJo1OVwgbyKsaterYG8Nb15M//5VmCFSqKjseejQZidt4 -XtnvcWAVTIUVoaJTM5Kb9sLvqXt+DAPH+83Lo86XDqj7UeK5ZbQmyL/YZ2Cbz7SQ -xwB1fJn4zoTKSNrya4Y80aWaeDC1c2lzDGLWQX7rcLZbwrzIDFea4AJQf1I7MMOT -u7BarmqJLDmIR/IoPXRskN9JET+Duh1vy+IRinJqP7qIGIaDBOKnLFIquRUj31nB -mT+mSlmtDYZ31d5udlDa79urv3YsDoyg6MYm13OfY1SU9S7gdrU= -=fY1b ------END PGP SIGNATURE----- diff --git a/AppStream-0.12.11.tar.xz b/AppStream-0.12.11.tar.xz new file mode 100644 index 0000000..ade845c --- /dev/null +++ b/AppStream-0.12.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:194d871ae057c6bf2b5a95e98d77da2b0107996f593b2ac0b0b88fa8ba452f11 +size 2120548 diff --git a/AppStream-0.12.11.tar.xz.asc b/AppStream-0.12.11.tar.xz.asc new file mode 100644 index 0000000..6f69fe9 --- /dev/null +++ b/AppStream-0.12.11.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE0zo/DKFrCsxRpgc4SUyKX79N7OsFAl661F4ACgkQSUyKX79N +7Os0kRAAglKoyxLdtFenC7254dDizmsuDRKz4kGgoNDhLwt/EaXdHdiEXAXijY1z +k+eOb0bkmjzsjlLciXRdivwZTP/azIAqPujzhqMsQTxxPj+Rt3BrE5ejKG3gvJo6 +vvfEZHr9ujtIANzsbuGGUdycDzGWQqkplcJ9h0r31AlS5ktCA7XH9/JqYtrB3d0C +IF0T2k7vQt+ZzXQgYNdBbVz9p+Xx3nEhZd2AxgzoMKANE2mXhFW3kqBf0yZHR67M +7C2k9BoDxtfqKXU2YkugbrAqVdgcHZMYN02ZklX5aR+MN0xk3MfMMk676v7GrfvK +TWEbq/XSsSQ85JqIErkic/PIC8wTIKecoOBp3L/2VfI/hzm3GaP1y/Cmc0kvGuFW +95//I0hES5IFRqjlX+DG63uDcnnEiohAeEMNP9qzqWIpETBAeyDHTnOhnWwn6OGP +3ocFPD7/Vfwd7FkEVdI44bdsGT6i6u9i06qtq7wO1OrNdtJ0WrmMksTv2kJfej5U +wyIscoM9RO+up1sH873Vj2qS2Sp/wpkp9keKMjpoSvClWUuVLiStdqByePS5iuCE +SsTnfWi4V41IMNspFsUCJwnPyrJjbjK+duTlsC0cwl2ewDmb+p6rWy5/Fwr5wZim +mDaQSj05Rwa4Zd0QNb1wHMuafiFXeYmUOwjfLOWTxDtOU0rqrJc= +=vNI0 +-----END PGP SIGNATURE----- diff --git a/AppStream.changes b/AppStream.changes index 72da08c..79eb709 100644 --- a/AppStream.changes +++ b/AppStream.changes @@ -1,3 +1,45 @@ +------------------------------------------------------------------- +Thu Jul 2 16:50:16 UTC 2020 - Fabian Vogt + +- Update to 0.12.11: + Features: + * Auto-update static category data from fd.o + * Implement support for input control relations + * validator: Validate input control relations + * validator: Put AppStream technical terms and tag names in backticks in + explanation texts + * Modernize the README + * validator: Check for uppercase letters in cids + * Strip beginning/trailing newlines in a number of places + * Make AsContext getter for AsComponent public API + * qt: Add support for name_variant_suffix + * Make component sort-score API public API + * Implement a YAML representation of release artifact information + Specification: + * Build specification and docs with DAPS + * docs: Add (HTML) anchors for requires/recommends items + * spec: Specify user input control recommendations + * docs: Don't show reference to nonexistent provides->service tag for services + * spec: Encourage the use of only lowercase letters for component-IDs + * docs: Document --explain flag in ascli manual page as well + * docs: Add permalink anchors to some list entries + * Formally support BLAKE2b/s as hash functions for release artifacts + * docs: Link to the MetaInfo Creator webapp in a few places + Bugfixes: + * Be less noisy about ignoring excessively long search tokens + * Tighten the "free license" check and prevent false positives + * cache: Use correct fts value per result (David Hewitt) + * validator: Control items can't have a version + * validator: Reduce download timeout + * yaml: Strip encoding when serializing keyword lists + * Allows arbitrary indentation when converting NEWS files + * Ignore NULL values silently in our stringstrip function + * Only dump valid metainfo description markup, sanitize it otherwise +- Add patch to avoid parser errors for invalid descriptions: + * properly-escape-markup.patch +- Add patch to fix build on Leap 15.2: + * fix-build-gcc7.patch + ------------------------------------------------------------------- Wed Feb 26 13:27:44 UTC 2020 - Christophe Giboudeaux diff --git a/AppStream.spec b/AppStream.spec index 9177ac3..0cee374 100644 --- a/AppStream.spec +++ b/AppStream.spec @@ -19,7 +19,7 @@ %define libappstream_sover 4 %define libAppStreamQt_sover 2 Name: AppStream -Version: 0.12.10 +Version: 0.12.11 Release: 0 Summary: Tools and libraries to work with AppStream metadata License: GPL-2.0-or-later AND LGPL-2.1-or-later @@ -28,6 +28,10 @@ URL: https://www.freedesktop.org/software/appstream/docs/ Source0: http://www.freedesktop.org/software/appstream/releases/%{name}-%{version}.tar.xz Source1: http://www.freedesktop.org/software/appstream/releases/%{name}-%{version}.tar.xz.asc Source2: %{name}.keyring +# PATCH-FIX-UPSTREAM +Patch1: properly-escape-markup.patch +# PATCH-FIX-OPENSUSE +Patch100: fix-build-gcc7.patch BuildRequires: docbook-xsl-stylesheets BuildRequires: gettext BuildRequires: gperf diff --git a/fix-build-gcc7.patch b/fix-build-gcc7.patch new file mode 100644 index 0000000..c7ec7fe --- /dev/null +++ b/fix-build-gcc7.patch @@ -0,0 +1,16 @@ +From: Fabian Vogt +Subject: Fix build with GCC 7 + +Index: AppStream-0.12.11/meson.build +=================================================================== +--- AppStream-0.12.11.orig/meson.build ++++ AppStream-0.12.11/meson.build +@@ -54,7 +54,7 @@ endif + + # a few compiler warning flags we always want enabled + add_global_arguments('-Werror=implicit-function-declaration', '-Wno-unused-parameter', language: 'c') +-add_global_arguments('-Wno-unused-parameter', '-Wno-error=deprecated-copy', language: 'cpp') ++add_global_arguments('-Wno-unused-parameter', language: 'cpp') + add_global_arguments('-DAS_COMPILATION', language : 'c') + + # diff --git a/properly-escape-markup.patch b/properly-escape-markup.patch new file mode 100644 index 0000000..aa6cbf2 --- /dev/null +++ b/properly-escape-markup.patch @@ -0,0 +1,94 @@ +From 178c01d2fa12fe8b0676e1676d0d40613f167c69 Mon Sep 17 00:00:00 2001 +From: Matthias Klumpp +Date: Wed, 13 May 2020 21:45:32 +0200 +Subject: [PATCH] Properly escape markup when fixing invalid description data + +This resolves https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960491 +and possibly more issues when AppStream was fed broken metainfo files. +--- + src/as-xml.c | 26 +++++++++++++++----------- + src/as-xml.h | 2 +- + 2 files changed, 16 insertions(+), 12 deletions(-) + +diff --git a/src/as-xml.c b/src/as-xml.c +index 962bdf9a..1935e37b 100644 +--- a/src/as-xml.c ++++ b/src/as-xml.c +@@ -112,10 +112,10 @@ as_xml_dump_node (xmlNode *node, gchar **content, gssize *len) + } + + /** +- * as_xml_dump_node_content: ++ * as_xml_dump_node_content_raw: + */ + gchar* +-as_xml_dump_node_content (xmlNode *node) ++as_xml_dump_node_content_raw (xmlNode *node) + { + g_autofree gchar *content = NULL; + gchar *tmp; +@@ -170,10 +170,10 @@ as_xml_dump_node_children (xmlNode *node) + } + + /** +- * as_xml_dump_desc_para_node_content: ++ * as_xml_dump_desc_para_node_content_raw: + */ + static gchar* +-as_xml_dump_desc_para_node_content (xmlNode *node) ++as_xml_dump_desc_para_node_content_raw (xmlNode *node) + { + gboolean is_valid_markup = TRUE; + +@@ -198,11 +198,15 @@ as_xml_dump_desc_para_node_content (xmlNode *node) + * was deemed valid. Otherwise we will just try to dump any string content, and hope + * people call the validator on their files to see that their metadata is broken. + * TODO: Parse the data properly, and remove only the bad nodes on error, if libxml permits +- * that somehow? */ +- if (is_valid_markup) +- return as_xml_dump_node_content (node); +- else +- return as_xml_get_node_value (node); ++ * that in an efficient way? */ ++ if (G_LIKELY (is_valid_markup)) { ++ return as_xml_dump_node_content_raw (node); ++ } else { ++ g_autofree gchar *tmp = as_xml_get_node_value (node); ++ if (G_UNLIKELY (tmp == NULL)) ++ return NULL; ++ return g_markup_escape_text (tmp, -1); ++ } + } + + /** +@@ -405,7 +409,7 @@ as_xml_parse_metainfo_description_node (AsContext *ctx, xmlNode *node, GHFunc fu + g_hash_table_insert (desc, g_strdup (lang), str); + } + +- content = as_xml_dump_desc_para_node_content (iter); ++ content = as_xml_dump_desc_para_node_content_raw (iter); + if (content != NULL) + g_string_append_printf (str, "

%s

\n", content); + +@@ -443,7 +447,7 @@ as_xml_parse_metainfo_description_node (AsContext *ctx, xmlNode *node, GHFunc fu + g_hash_table_insert (desc, g_strdup (lang), str); + } + +- content = as_xml_dump_desc_para_node_content (iter2); ++ content = as_xml_dump_desc_para_node_content_raw (iter2); + if (content != NULL) + g_string_append_printf (str, " <%s>%s\n", (gchar*) iter2->name, content, (gchar*) iter2->name); + } +diff --git a/src/as-xml.h b/src/as-xml.h +index 50a38082..ff1efc56 100644 +--- a/src/as-xml.h ++++ b/src/as-xml.h +@@ -53,7 +53,7 @@ void as_xml_parse_metainfo_description_node (AsContext *ctx, + GHFunc func, + gpointer entity); + +-gchar *as_xml_dump_node_content (xmlNode *node); ++gchar *as_xml_dump_node_content_raw (xmlNode *node); + gchar *as_xml_dump_node_children (xmlNode *node); + + void as_xml_add_description_node (AsContext *ctx,