!30 fix spec changelog date

From: @loong-C 
Reviewed-by: @zhang__3125 
Signed-off-by: @zhang__3125

backport-0001-CVE-2021-28650.patch

@@ -0,0 +1,72 @@
+From 88e21e8aa2841216fa1d7fba617a8692912af51e Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Thu, 25 Feb 2021 14:10:26 +0100
+Subject: [PATCH] extractor: Detect conflict also for directories
+
+Current logic doesn't detect conflics when extracting directory. This
+is ok, but only for the case when the conflic is caused by directory.
+Otherwise, the conflic should be detected and AutoarExtractor should
+try to delete the file before creating new directory.
+Conflict:NA
+Reference:https://gitlab.gnome.org/GNOME/gnome-autoar/-/merge_requests/15/diffs?commit_id=88e21e8aa2841216fa1d7fba617a8692912af51e
+---
+ gnome-autoar/autoar-extractor.c | 27 ++++++++-------------------
+ 1 file changed, 8 insertions(+), 19 deletions(-)
+
+diff --git a/gnome-autoar/autoar-extractor.c b/gnome-autoar/autoar-extractor.c
+index f1f49cf..376c864 100644
+--- a/gnome-autoar/autoar-extractor.c
++++ b/gnome-autoar/autoar-extractor.c
+@@ -897,7 +897,6 @@ autoar_extractor_check_file_conflict (GFile  *file,
+                                       mode_t  extracted_filetype)
+ {
+   GFileType file_type;
+-  gboolean conflict = FALSE;
+ 
+   file_type = g_file_query_file_type (file,
+                                       G_FILE_QUERY_INFO_NONE,
+@@ -907,26 +906,13 @@ autoar_extractor_check_file_conflict (GFile  *file,
+     return FALSE;
+   }
+ 
+-  switch (extracted_filetype) {
+-    case AE_IFDIR:
+-      break;
+-    case AE_IFREG:
+-    case AE_IFLNK:
+-#if defined HAVE_MKFIFO || defined HAVE_MKNOD
+-    case AE_IFIFO:
+-#endif
+-#ifdef HAVE_MKNOD
+-    case AE_IFSOCK:
+-    case AE_IFBLK:
+-    case AE_IFCHR:
+-#endif
+-      conflict = TRUE;
+-      break;
+-    default:
+-      break;
++  /* It is not problem if the directory already exists */
++  if (file_type == G_FILE_TYPE_DIRECTORY &&
++      extracted_filetype == AE_IFDIR) {
++    return FALSE;
+   }
+ 
+-  return conflict;
++  return TRUE;
+ }
+ 
+ static void
+@@ -1850,6 +1836,9 @@ autoar_extractor_step_extract (AutoarExtractor *self) {
+         case AUTOAR_CONFLICT_OVERWRITE:
+           break;
+         case AUTOAR_CONFLICT_CHANGE_DESTINATION:
++          /* FIXME: If the destination is changed for directory, it should be
++           * changed also for its children...
++           */
+           g_assert_nonnull (new_extracted_filename);
+           g_clear_object (&extracted_filename);
+           extracted_filename = new_extracted_filename;
+-- 
+2.19.1
+

backport-0002-CVE-2021-28650.patch

@@ -0,0 +1,129 @@
+From 8109c368c6cfdb593faaf698c2bf5da32bb1ace4 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Mon, 1 Mar 2021 17:16:27 +0100
+Subject: [PATCH] extractor: Do not allow symlink in parents
+
+Currently, it is still possible that some files are extracted outside of
+the destination dir in case of malicious archives. The checks from commit
+adb067e6 can be still bypassed in certain cases. See GNOME/file-roller#108
+for more details. After some investigation, I am convinced that it would be
+best to	simply disallow symlinks in parents. For example, `tar` fails to
+extract such files with the `ENOTDIR` error. Let's do the same here.
+
+Fixes: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/12
+Conflict:NA
+Reference:https://gitlab.gnome.org/GNOME/gnome-autoar/-/merge_requests/15/diffs?commit_id=8109c368c6cfdb593faaf698c2bf5da32bb1ace4
+---
+ gnome-autoar/autoar-extractor.c | 60 +++++++++++++++++++++++++--------
+ 1 file changed, 46 insertions(+), 14 deletions(-)
+
+diff --git a/gnome-autoar/autoar-extractor.c b/gnome-autoar/autoar-extractor.c
+index 376c864..d84a726 100644
+--- a/gnome-autoar/autoar-extractor.c
++++ b/gnome-autoar/autoar-extractor.c
+@@ -892,27 +892,42 @@ autoar_extractor_do_sanitize_pathname (AutoarExtractor *self,
+   return extracted_filename;
+ }
+ 
+-static gboolean
+-autoar_extractor_check_file_conflict (GFile  *file,
++/* The function checks @file for conflicts with already existing files on the
++ * disk. It also recursively checks parents of @file to be sure it is directory.
++ * It doesn't follow symlinks, so symlinks in parents are also considered as
++ * conflicts even though they point to directory. It returns #GFile object for
++ * the file, which cause the conflict (so @file, or some of its parents). If
++ * there aren't any conflicts, NULL is returned.
++ */
++static GFile *
++autoar_extractor_check_file_conflict (AutoarExtractor *self,
++                                      GFile  *file,
+                                       mode_t  extracted_filetype)
+ {
+   GFileType file_type;
++  g_autoptr (GFile) parent = NULL;
+ 
+   file_type = g_file_query_file_type (file,
+                                       G_FILE_QUERY_INFO_NONE,
+                                       NULL);
+-  /* If there is no file with the given name, there will be no conflict */
+-  if (file_type == G_FILE_TYPE_UNKNOWN) {
+-    return FALSE;
++  
++  /* It is a conflict if the file already exists with an exception for already
++   * existing directories.
++   */
++  if (file_type != G_FILE_TYPE_UNKNOWN &&
++      (file_type != G_FILE_TYPE_DIRECTORY ||
++       extracted_filetype != AE_IFDIR)) {
++    return g_object_ref (file);
+   }
+ 
+-  /* It is not problem if the directory already exists */
+-  if (file_type == G_FILE_TYPE_DIRECTORY &&
+-      extracted_filetype == AE_IFDIR) {
+-    return FALSE;
++  if ((self->new_prefix && g_file_equal (self->new_prefix, file)) ||
++      (!self->new_prefix && g_file_equal (self->destination_dir, file))) {
++    return NULL;
+   }
+ 
+-  return TRUE;
++  /* Check also parents for conflict to be sure it is directory. */
++  parent = g_file_get_parent (file);
++  return autoar_extractor_check_file_conflict (self, parent, AE_IFDIR);
+ }
+ 
+ static void
+@@ -1804,7 +1819,7 @@ autoar_extractor_step_extract (AutoarExtractor *self) {
+     g_autoptr (GFile) extracted_filename = NULL;
+     g_autoptr (GFile) hardlink_filename = NULL;
+     AutoarConflictAction action;
+-    gboolean file_conflict;
++    g_autoptr (GFile) file_conflict = NULL;
+ 
+     if (g_cancellable_is_cancelled (self->cancellable)) {
+       archive_read_free (a);
+@@ -1822,12 +1837,27 @@ autoar_extractor_step_extract (AutoarExtractor *self) {
+         autoar_extractor_do_sanitize_pathname (self, hardlink);
+     }
+ 
+-    /* Attempt to solve any name conflict before doing any operations */
+-    file_conflict = autoar_extractor_check_file_conflict (extracted_filename,
++    file_conflict = autoar_extractor_check_file_conflict (self,
++                                                          extracted_filename,
+                                                           archive_entry_filetype (entry));
+     while (file_conflict) {
+       GFile *new_extracted_filename = NULL;
+ 
++      /* Do not try to solve any conflicts in parents for now. Especially
++       * symlinks in parents are dangerous as it can easily happen that files
++       * are written outside of the destination. The tar cmd fails to extract
++       * such archives with ENOTDIR. Let's do the same here. This is most
++       * probably malicious, or corrupted archive if the conflict was caused
++       * only by files from the archive...
++       */
++      if (!g_file_equal (file_conflict, extracted_filename)) {
++        self->error = g_error_new (G_IO_ERROR,
++                                   G_IO_ERROR_NOT_DIRECTORY,
++                                   "The file is not a directory");
++        archive_read_free (a);
++        return;
++      }
++
+       action = autoar_extractor_signal_conflict (self,
+                                                  extracted_filename,
+                                                  &new_extracted_filename);
+@@ -1855,7 +1885,9 @@ autoar_extractor_step_extract (AutoarExtractor *self) {
+         break;
+       }
+ 
+-      file_conflict = autoar_extractor_check_file_conflict (extracted_filename,
++      g_clear_object (&file_conflict);
++      file_conflict = autoar_extractor_check_file_conflict (self,
++                                                            extracted_filename,
+                                                             archive_entry_filetype (entry));
+     }
+ 
+-- 
+2.19.1
+

gnome-autoar.spec

@@ -1,12 +1,15 @@
 Name:           gnome-autoar
-Version:        0.2.3
-Release:        4
+Version:        0.2.4
+Release:        5
 Summary:        Creating and extracting archives
 License:        LGPLv2+
 URL:            https://git.gnome.org/browse/gnome-autoar
 Source0:        https://download.gnome.org/sources/gnome-autoar/0.2/gnome-autoar-%{version}.tar.xz
 
-BuildRequires:  gcc vala pkgconfig(gio-2.0) pkgconfig(glib-2.0) pkgconfig(gobject-2.0) gdb
+Patch6000:      backport-0001-CVE-2021-28650.patch 
+Patch6001:      backport-0002-CVE-2021-28650.patch
+
+BuildRequires:  gcc vala pkgconfig(gio-2.0) pkgconfig(glib-2.0) pkgconfig(gobject-2.0)
 BuildRequires:  pkgconfig(gobject-introspection-1.0) pkgconfig(gtk+-3.0) pkgconfig(libarchive)
 
 %description
@@ -48,6 +51,27 @@ make check
 %{_datadir}/vala/vapi/*.vapi
 
 %changelog
+* Wed May 18 2022 loong_C <loong_c@yeah.net> - 0.2.4-5
+- fix spec changelog date
+
+* Tue Jul 20 2021 liuyumeng <liuyumeng5@huawei.com> - 0.2.4-4
+- delete gdb in buildrequires
+
+* Wed Apr 14 2021 Dehui Fan <fandehui1@huawei.com> - 0.2.4-3
+- Type: CVE
+- ID:   CVE-2021-28650 
+- SUG:  NA
+- DESC: fix CVE-2021-28650, remove CVE-2020-36241 
+
+* Fri Mar 19 2021 Dehui Fan <fandehui1@huawei.com> - 0.2.4-2
+Type: CVE
+ID:   CVE-2020-36241
+SUG:  NA
+DESC: fix CVE-2020-36241
+
+* Fri Jan 29 2021 yanglu <yanglu60@huawei.com> - 0.2.4-1
+- update to 0.2.4
+
 * Fri Mar 20 2020 songnnannan <songnannan2@huawei.com> - 0.2.3-4
 - add gdb in buildrequires