Commit dd3b86c4 authored by David Fuhrmann's avatar David Fuhrmann

contribs: Update sparkle to 1.13.1

This version of Sparkle requires 10.7 at least, local patches
can be all dropped.
parent 0bd51bde
93bf6063bf83cd04bd7724490fa8219ec2df9a79b9e1117a8df13bc8acb4e3ad277faaad0e7358ae7ab611a8c5596816f3db93f98cc82e6795afe88bb2d79434 Sparkle-1.6.1.zip
9873a576f00b6c471afc8122a2623ee9c99fa76d2c2c54d1843ce1bb5d5b1a3190eb556b989ae41e9a23b0c0466aa5138277e50e07695f1a9855d981d80c2a09 Sparkle-1.13.1.zip
# sparkle
SPARKLE_VERSION := 1.6.1
SPARKLE_VERSION := 1.13.1
SPARKLE_URL := https://github.com/sparkle-project/Sparkle/archive/$(SPARKLE_VERSION).zip
ifdef HAVE_MACOSX
......@@ -14,10 +14,6 @@ $(TARBALLS)/Sparkle-$(SPARKLE_VERSION).zip:
sparkle: Sparkle-$(SPARKLE_VERSION).zip .sum-sparkle
$(UNPACK)
$(APPLY) $(SRC)/sparkle/sparkle-fix-compilation-on-snowleopard.patch
$(APPLY) $(SRC)/sparkle/sparkle-fix-runtime-exception-on-snowleopard.patch
$(APPLY) $(SRC)/sparkle/sparkle-disable-redirects-to-non-HTTP-URLs-in-release-notes.patch
$(APPLY) $(SRC)/sparkle/sparkle-prevent-inclusion-of-local-files-via-file-XML-entiti.patch
$(MOVE)
.sparkle: sparkle
......
diff -ru Sparkle-1.6.1/SUUpdateAlert.m Sparkle-1.6.1-fixed/SUUpdateAlert.m
--- Sparkle-1.6.1/SUUpdateAlert.m 2014-04-26 00:22:59.000000000 +0200
+++ Sparkle-1.6.1-fixed/SUUpdateAlert.m 2016-01-20 11:38:47.000000000 +0100
@@ -313,6 +313,16 @@
- (void)webView:sender decidePolicyForNavigationAction:(NSDictionary *)actionInformation request:(NSURLRequest *)request frame:frame decisionListener:listener
{
+ NSURL *requestURL = request.URL;
+ NSString *scheme = requestURL.scheme;
+ BOOL whitelistedSafe = [@"http" isEqualToString:scheme] || [@"https" isEqualToString:scheme] || [@"about:blank" isEqualToString:requestURL.absoluteString];
+
+ // Do not allow redirects to dangerous protocols such as file://
+ if (!whitelistedSafe) {
+ [listener ignore];
+ return;
+ }
+
if (webViewFinishedLoading) {
[[NSWorkspace sharedWorkspace] openURL:[request URL]];
diff -ru sparkle/SUAppcast.h sparkle-fixed/SUAppcast.h
--- sparkle/SUAppcast.h 2014-04-26 00:22:59.000000000 +0200
+++ sparkle-fixed/SUAppcast.h 2014-08-18 20:18:30.000000000 +0200
@@ -12,7 +12,7 @@
@protocol SUAppcastDelegate;
@class SUAppcastItem;
-@interface SUAppcast : NSObject<NSURLDownloadDelegate>
+@interface SUAppcast : NSObject
{
@private
NSArray *items;
diff -ru sparkle/SUAppcast.m sparkle-fixed/SUAppcast.m
--- sparkle/SUAppcast.m 2014-04-26 00:22:59.000000000 +0200
+++ sparkle-fixed/SUAppcast.m 2014-08-18 20:18:36.000000000 +0200
@@ -32,7 +32,7 @@
}
@end
-@interface SUAppcast () <NSURLDownloadDelegate>
+@interface SUAppcast ()
@property (copy) NSString *downloadFilename;
@property (retain) NSURLDownload *download;
@property (copy) NSArray *items;
@@ -92,14 +92,7 @@
if (downloadFilename)
{
- NSUInteger options = 0;
- if (NSAppKitVersionNumber < NSAppKitVersionNumber10_7) {
- // In order to avoid including external entities when parsing the appcast (a potential security vulnerability; see https://github.com/andymatuschak/Sparkle/issues/169), we ask NSXMLDocument to "tidy" the XML first. This happens to remove these external entities; it wouldn't be a future-proof approach, but it worked in these historical versions of OS X, and we have a more rigorous approach for 10.7+.
- options = NSXMLDocumentTidyXML;
- } else {
- // In 10.7 and later, there's a real option for the behavior we desire.
- options = NSXMLNodeLoadExternalEntitiesSameOriginOnly;
- }
+ NSUInteger options = NSXMLDocumentTidyXML;
document = [[[NSXMLDocument alloc] initWithContentsOfURL:[NSURL fileURLWithPath:downloadFilename] options:options error:&error] autorelease];
[[NSFileManager defaultManager] removeItemAtPath:downloadFilename error:nil];
diff -ru sparkle/SUAppcastItem.h sparkle-fixed/SUAppcastItem.h
--- sparkle/SUAppcastItem.h 2014-04-26 00:22:59.000000000 +0200
+++ sparkle-fixed/SUAppcastItem.h 2014-08-18 20:14:01.000000000 +0200
@@ -46,8 +46,8 @@
@property (retain, readonly) NSURL *infoURL;
// Initializes with data from a dictionary provided by the RSS class.
-- (instancetype)initWithDictionary:(NSDictionary *)dict;
-- (instancetype)initWithDictionary:(NSDictionary *)dict failureReason:(NSString**)error;
+- (id)initWithDictionary:(NSDictionary *)dict;
+- (id)initWithDictionary:(NSDictionary *)dict failureReason:(NSString**)error;
- (BOOL)isDeltaUpdate;
- (BOOL)isCriticalUpdate;
diff -ru sparkle/SUBasicUpdateDriver.h sparkle-fixed/SUBasicUpdateDriver.h
--- sparkle/SUBasicUpdateDriver.h 2014-04-26 00:22:59.000000000 +0200
+++ sparkle-fixed/SUBasicUpdateDriver.h 2014-08-18 20:18:41.000000000 +0200
@@ -15,7 +15,7 @@
#import "SUAppcast.h"
@class SUAppcastItem, SUHost;
-@interface SUBasicUpdateDriver : SUUpdateDriver<NSURLDownloadDelegate, SUUnarchiverDelegate, SUAppcastDelegate> {
+@interface SUBasicUpdateDriver : SUUpdateDriver<SUUnarchiverDelegate, SUAppcastDelegate> {
SUAppcastItem *updateItem;
SUAppcastItem *nonDeltaUpdateItem;
diff -ru sparkle/SUBasicUpdateDriver.m sparkle-fixed/SUBasicUpdateDriver.m
--- sparkle/SUBasicUpdateDriver.m 2014-04-26 00:22:59.000000000 +0200
+++ sparkle-fixed/SUBasicUpdateDriver.m 2014-08-18 20:16:53.000000000 +0200
@@ -106,7 +106,7 @@
if ([[updater delegate] respondsToSelector:@selector(updater:didFinishLoadingAppcast:)])
[[updater delegate] updater:updater didFinishLoadingAppcast:ac];
- NSDictionary *userInfo = (ac != nil) ? @{SUUpdaterAppcastNotificationKey : ac} : nil;
+ NSDictionary *userInfo = (ac != nil) ? [NSDictionary dictionaryWithObject:SUUpdaterAppcastNotificationKey forKey:ac] : nil;
[[NSNotificationCenter defaultCenter] postNotificationName:SUUpdaterDidFinishLoadingAppCastNotification object:updater userInfo:userInfo];
SUAppcastItem *item = nil;
@@ -153,7 +153,7 @@
{
if ([[updater delegate] respondsToSelector:@selector(updater:didFindValidUpdate:)])
[[updater delegate] updater:updater didFindValidUpdate:updateItem];
- NSDictionary *userInfo = (updateItem != nil) ? @{SUUpdaterAppcastItemNotificationKey : updateItem} : nil;
+ NSDictionary *userInfo = (updateItem != nil) ? [NSDictionary dictionaryWithObject:SUUpdaterAppcastItemNotificationKey forKey:updateItem] : nil;
[[NSNotificationCenter defaultCenter] postNotificationName:SUUpdaterDidFinishLoadingAppCastNotification object:updater userInfo:userInfo];
[self downloadUpdate];
}
diff -ru sparkle/SUProbingUpdateDriver.m sparkle-fixed/SUProbingUpdateDriver.m
--- sparkle/SUProbingUpdateDriver.m 2014-04-26 00:22:59.000000000 +0200
+++ sparkle-fixed/SUProbingUpdateDriver.m 2014-08-18 20:17:38.000000000 +0200
@@ -17,7 +17,7 @@
{
if ([[updater delegate] respondsToSelector:@selector(updater:didFindValidUpdate:)])
[[updater delegate] updater:updater didFindValidUpdate:updateItem];
- NSDictionary *userInfo = (updateItem != nil) ? @{SUUpdaterAppcastItemNotificationKey : updateItem} : nil;
+ NSDictionary *userInfo = (updateItem != nil) ? [NSDictionary dictionaryWithObject:SUUpdaterAppcastItemNotificationKey forKey:updateItem] : nil;
[[NSNotificationCenter defaultCenter] postNotificationName:SUUpdaterDidFindValidUpdateNotification object:updater userInfo:userInfo];
[self abortUpdate];
}
diff -ru sparkle/SUUpdateDriver.h sparkle-fixed/SUUpdateDriver.h
--- sparkle/SUUpdateDriver.h 2014-04-26 00:22:59.000000000 +0200
+++ sparkle-fixed/SUUpdateDriver.h 2014-08-18 20:15:46.000000000 +0200
@@ -14,7 +14,7 @@
extern NSString * const SUUpdateDriverFinishedNotification;
@class SUHost, SUUpdater;
-@interface SUUpdateDriver : NSObject<NSURLDownloadDelegate>
+@interface SUUpdateDriver : NSObject
{
SUHost *host;
SUUpdater *updater;
diff -ru sparkle/SUUpdater.h sparkle-fixed/SUUpdater.h
--- sparkle/SUUpdater.h 2014-04-26 00:22:59.000000000 +0200
+++ sparkle-fixed/SUUpdater.h 2014-08-18 20:14:31.000000000 +0200
@@ -28,7 +28,7 @@
+ (SUUpdater *)sharedUpdater;
+ (SUUpdater *)updaterForBundle:(NSBundle *)bundle;
-- (instancetype)initForBundle:(NSBundle *)bundle;
+- (id)initForBundle:(NSBundle *)bundle;
- (NSBundle *)hostBundle;
diff -ru sparkle/SUBasicUpdateDriver.m sparkled/SUBasicUpdateDriver.m
--- sparkle/SUBasicUpdateDriver.m 2014-11-05 00:05:47.000000000 +0100
+++ sparkled-fixed/SUBasicUpdateDriver.m 2014-11-04 23:48:19.000000000 +0100
@@ -105,9 +105,6 @@
{
if ([[updater delegate] respondsToSelector:@selector(updater:didFinishLoadingAppcast:)])
[[updater delegate] updater:updater didFinishLoadingAppcast:ac];
-
- NSDictionary *userInfo = (ac != nil) ? [NSDictionary dictionaryWithObject:SUUpdaterAppcastNotificationKey forKey:ac] : nil;
- [[NSNotificationCenter defaultCenter] postNotificationName:SUUpdaterDidFinishLoadingAppCastNotification object:updater userInfo:userInfo];
SUAppcastItem *item = nil;
diff -ru Sparkle-1.6.1/SUAppcast.m Sparkle-1.6.1-fixed/SUAppcast.m
--- Sparkle-1.6.1/SUAppcast.m 2016-01-20 11:39:11.000000000 +0100
+++ Sparkle-1.6.1-fixed/SUAppcast.m 2016-01-20 11:40:53.000000000 +0100
@@ -92,7 +92,7 @@
if (downloadFilename)
{
- NSUInteger options = NSXMLDocumentTidyXML;
+ NSUInteger options = NSXMLDocumentTidyXML | NSXMLNodeLoadExternalEntitiesNever;
document = [[[NSXMLDocument alloc] initWithContentsOfURL:[NSURL fileURLWithPath:downloadFilename] options:options error:&error] autorelease];
[[NSFileManager defaultManager] removeItemAtPath:downloadFilename error:nil];
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment