Gcab is a utility and library mainly made to create Cabinet files, using

GObject/GIO API and provides GIR bindings.
- creation supports plain and basic MSZIP compression
- can open and list files from cabinet, no extraction
- provided API/ABI stable

6 files changed, 114 insertions, 0 deletions

diff --git a/archivers/Makefile b/archivers/Makefile
index 377698da9af9..e05b52319465 100644
--- a/archivers/Makefile
+++ b/archivers/Makefile
@@ -30,6 +30,7 @@
     SUBDIR += fpc-unzip
     SUBDIR += freetar
     SUBDIR += freeze
+    SUBDIR += gcab
     SUBDIR += gcpio
     SUBDIR += grzip
     SUBDIR += gtar
diff --git a/archivers/gcab/Makefile b/archivers/gcab/Makefile
new file mode 100644
index 000000000000..b009eab7162a
--- /dev/null
+++ b/archivers/gcab/Makefile
@@ -0,0 +1,18 @@
+# Created by: kwm@FreeBSD.org
+# $FreeBSD$
+
+PORTNAME=	gcab
+PORTVERSION=	0.4
+CATEGORIES=	archivers gnome
+MASTER_SITES=	GNOME
+
+MAINTAINER=	gnome@FreeBSD.org
+COMMENT=	GObject library to create cabinet files
+
+BUILD_DEPENDS=	vala:${PORTSDIR}/lang/vala
+
+USES=		gettext gmake libtool pathfix pkgconfig tar:xz
+GNU_CONFIGURE=	yes
+USE_GNOME=	glib20 intlhack introspection:build
+
+.include <bsd.port.mk>
diff --git a/archivers/gcab/distinfo b/archivers/gcab/distinfo
new file mode 100644
index 000000000000..16b2bf65e3d4
--- /dev/null
+++ b/archivers/gcab/distinfo
@@ -0,0 +1,2 @@
+SHA256 (gcab-0.4.tar.xz) = f907b16f1246fbde9397363d9c4ad2291f2a8a53dcd4f5979d3912bb856991b8
+SIZE (gcab-0.4.tar.xz) = 294684
diff --git a/archivers/gcab/files/patch-libgcab_gcab-folder.c b/archivers/gcab/files/patch-libgcab_gcab-folder.c
new file mode 100644
index 000000000000..8b5ceac4ae8b
--- /dev/null
+++ b/archivers/gcab/files/patch-libgcab_gcab-folder.c
@@ -0,0 +1,49 @@
+From 0ccdf564b6a3e26522a8eb1858f1828844fa3536 Mon Sep 17 00:00:00 2001
+From: Stephen Kitt <steve@sk2.org>
+Date: Mon, 5 Jan 2015 06:28:00 +0000
+Subject: Avoid path traversal
+
+gcab suffers from a directory traversal bug: it doesn't filter leading
+slashes from paths in CAB files.
+(see https://bugs.debian.org/774580)
+
+The attached patch fixes this, at the cost of ugly paths when faced with
+relative traversals. At least all the CAB's contents can be extracted,
+without overwriting anything outside the extraction path.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=742331
+
+diff --git a/libgcab/gcab-folder.c b/libgcab/gcab-folder.c
+index a140e2c..9510cf3 100644
+--- libgcab/gcab-folder.c
++++ libgcab/gcab-folder.c
+@@ -362,9 +362,25 @@ gcab_folder_extract (GCabFolder *self,
+                 fname[i] = '/';
+ 
+         GFile *gfile = g_file_resolve_relative_path (path, fname);
+-        GFile *parent = g_file_get_parent (gfile);
+         g_free (fname);
+ 
++        if (!g_file_has_prefix (gfile, path)) {
++            // "Rebase" the file in the given path, to ensure we never escape it
++            char *rawpath = g_file_get_path (gfile);
++            if (rawpath != NULL) {
++                char *newpath = rawpath;
++                while (*newpath != 0 && *newpath == G_DIR_SEPARATOR) {
++                    newpath++;
++                }
++                GFile *newgfile = g_file_resolve_relative_path (path, newpath);
++                g_free (rawpath);
++                g_object_unref (gfile);
++                gfile = newgfile;
++            }
++        }
++
++        GFile *parent = g_file_get_parent (gfile);
++
+         if (!g_file_make_directory_with_parents (parent, cancellable, &my_error)) {
+             if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_EXISTS))
+                 g_clear_error (&my_error);
+-- 
+cgit v0.10.2
+
diff --git a/archivers/gcab/pkg-descr b/archivers/gcab/pkg-descr
new file mode 100644
index 000000000000..e405e3f41731
--- /dev/null
+++ b/archivers/gcab/pkg-descr
@@ -0,0 +1,6 @@
+Gcab is a utility and library mainly made to create Cabinet files, using
+GObject/GIO API and provides GIR bindings.
+- creation supports plain and basic MSZIP compression
+- can open and list files from cabinet, no extraction
+
+WWW: https://wiki.gnome.org/msitools
diff --git a/archivers/gcab/pkg-plist b/archivers/gcab/pkg-plist
new file mode 100644
index 000000000000..d7bd70e42e00
--- /dev/null
+++ b/archivers/gcab/pkg-plist
@@ -0,0 +1,38 @@
+bin/gcab
+include/libgcab-1.0/libgcab.h
+include/libgcab-1.0/libgcab/gcab-cabinet.h
+include/libgcab-1.0/libgcab/gcab-enums.h
+include/libgcab-1.0/libgcab/gcab-file.h
+include/libgcab-1.0/libgcab/gcab-folder.h
+lib/girepository-1.0/GCab-1.0.typelib
+lib/libgcab-1.0.a
+lib/libgcab-1.0.so
+lib/libgcab-1.0.so.0
+lib/libgcab-1.0.so.0.0.0
+libdata/pkgconfig/libgcab-1.0.pc
+man/man1/gcab.1.gz
+share/gir-1.0/GCab-1.0.gir
+share/gtk-doc/html/gcab/GCabCabinet.html
+share/gtk-doc/html/gcab/GCabFile.html
+share/gtk-doc/html/gcab/GCabFolder.html
+share/gtk-doc/html/gcab/annotation-glossary.html
+share/gtk-doc/html/gcab/api-index-full.html
+share/gtk-doc/html/gcab/ch01.html
+share/gtk-doc/html/gcab/deprecated-api-index.html
+share/gtk-doc/html/gcab/gcab.devhelp2
+share/gtk-doc/html/gcab/home.png
+share/gtk-doc/html/gcab/index.html
+share/gtk-doc/html/gcab/index.sgml
+share/gtk-doc/html/gcab/left.png
+share/gtk-doc/html/gcab/object-tree.html
+share/gtk-doc/html/gcab/right.png
+share/gtk-doc/html/gcab/style.css
+share/gtk-doc/html/gcab/up.png
+share/locale/de/LC_MESSAGES/gcab.mo
+share/locale/es/LC_MESSAGES/gcab.mo
+share/locale/pl/LC_MESSAGES/gcab.mo
+share/locale/pt_BR/LC_MESSAGES/gcab.mo
+share/locale/sl/LC_MESSAGES/gcab.mo
+share/locale/sr/LC_MESSAGES/gcab.mo
+share/locale/sr@latin/LC_MESSAGES/gcab.mo
+share/vala/vapi/libgcab-1.0.vapi