Accepting request 568732 from GNOME:Apps

OBS-URL: https://build.opensuse.org/request/show/568732
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gcab?expand=0&rev=9

gcab-0.7.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a16e5ef88f1c547c6c8c05962f684ec127e078d302549f3dfd2291e167d4adef
-size 332248

gcab-0.8.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0c5f602ca4a89904e045b97762b470726383e399d34a161d0ba26cc6023c7086
+size 337016

gcab.changes

@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Tue Jan 23 16:09:51 UTC 2018 - bjorn.lie@gmail.com
+
+- Update to version 0.8 (CVE-2018-5345):
+  + This fixes the security bug known as CVE-2018-5345.
+  + Always check the return value when writing to the stream.
+  + Do not crash when ncbytes is larger than the buffer size.
+  + Don't encode timezone in generated files.
+  + Don't use version script if unsupported.
+  + Explicitly enable C99 support.
+  + Fix a few 'Dereference of null pointer' warnings.
+  + Fix buffer overrun when generating Huffman codes.
+  + Fix builddir != srcdir builds.
+  + Fix dependency on generated .h file.
+  + Fix invalid return annotation.
+  + Fix the calculation of the checksum on big endian machines.
+  + Fix -Wimplicit-fallthrough=.
+  + Use glib-mkenum's prefixes to avoid sed.
+  + Updated translations.
+- Minor spec cleanup, use autosetup macro.
+
 -------------------------------------------------------------------
 Sat Mar 12 16:10:10 UTC 2016 - zaitor@opensuse.org
 

gcab.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package gcab
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,20 +17,20 @@
 
 
 Name:           gcab
-Version:        0.7
+Version:        0.8
 Release:        0
 Summary:        Cabinet file library and tool
 License:        LGPL-2.1+
 Group:          Productivity/Archiving/Compression
 Url:            http://ftp.gnome.org/pub/GNOME/sources/gcab
-Source:         http://download.gnome.org/sources/gcab/0.7/%{name}-%{version}.tar.xz
+Source:         http://download.gnome.org/sources/gcab/0.8/%{name}-%{version}.tar.xz
+
 BuildRequires:  gobject-introspection >= 0.9.4
 BuildRequires:  intltool >= 0.40.0
 BuildRequires:  vala >= 0.14
 BuildRequires:  zlib-devel
 BuildRequires:  pkgconfig(glib-2.0) >= 2.22.0
 Recommends:     %{name}-lang
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
 gcab is a tool and library for manipulating cabinet files.
@@ -64,8 +64,9 @@ It supports creation of archives with simple MSZIP compression.
 This package provides development files to build code against libgcab
 
 %lang_package
+
 %prep
-%setup -q
+%autosetup
 
 %build
 %configure \
@@ -78,23 +79,19 @@ find %{buildroot} -type f -name '*.la' -delete -print
 %find_lang %{name}
 
 %post -n libgcab-1_0-0 -p /sbin/ldconfig
-
 %postun -n libgcab-1_0-0 -p /sbin/ldconfig
 
 %files
-%defattr(-,root,root)
 %doc COPYING
 %{_bindir}/%{name}
-%{_mandir}/man1/%{name}.1%{?ext_man}
+%{_mandir}/man?/%{name}.?%{?ext_man}
 
 %files lang -f %{name}.lang
 
 %files -n libgcab-1_0-0
-%defattr(-,root,root)
 %{_libdir}/libgcab-1.0.so.*
 
 %files devel
-%defattr(-,root,root)
 %doc %{_datadir}/gtk-doc/html/%{name}/
 %{_includedir}/libgcab-1.0/
 %{_libdir}/libgcab-1.0.so