backport fix for CVE-2016-6232 from Trinity (itself backported from KF5)
This commit is contained in:
parent
0baabbdf03
commit
8985e9f610
|
@ -0,0 +1,48 @@
|
||||||
|
From 261a3b7a126b7a1d28e263085b85bf1905eb4c19 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Sl=C3=A1vek=20Banko?= <slavek.banko@axis.cz>
|
||||||
|
Date: Sun, 23 Oct 2016 10:48:01 +0200
|
||||||
|
Subject: Fix security issue CVE-2016-6232 Based on
|
||||||
|
https://quickgit.kde.org/?p=karchive.git&a=commitdiff&h=0cb243f6
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
|
||||||
|
|
||||||
|
diff --git a/kio/kio/karchive.cpp b/kio/kio/karchive.cpp
|
||||||
|
index b0e0dc6..69e54d1 100644
|
||||||
|
--- a/kio/kio/karchive.cpp
|
||||||
|
+++ b/kio/kio/karchive.cpp
|
||||||
|
@@ -601,6 +601,7 @@ void KArchiveDirectory::addEntry( KArchiveEntry* entry )
|
||||||
|
void KArchiveDirectory::copyTo(const QString& dest, bool recursiveCopy ) const
|
||||||
|
{
|
||||||
|
QDir root;
|
||||||
|
+ const QString destDir(QDir(dest).absPath()); // get directory path without any "." or ".."
|
||||||
|
|
||||||
|
PosSortedPtrList fileList;
|
||||||
|
QMap<int, QString> fileToDir;
|
||||||
|
@@ -620,10 +621,19 @@ void KArchiveDirectory::copyTo(const QString& dest, bool recursiveCopy ) const
|
||||||
|
QValueStack<QString> dirNameStack;
|
||||||
|
|
||||||
|
dirStack.push( this ); // init stack at current directory
|
||||||
|
- dirNameStack.push( dest ); // ... with given path
|
||||||
|
+ dirNameStack.push( destDir ); // ... with given path
|
||||||
|
do {
|
||||||
|
curDir = dirStack.pop();
|
||||||
|
- curDirName = dirNameStack.pop();
|
||||||
|
+
|
||||||
|
+ // extract only to specified folder if it is located within archive's extraction folder
|
||||||
|
+ // otherwise put file under root position in extraction folder
|
||||||
|
+ QString curDirName = dirNameStack.pop();
|
||||||
|
+ if (!QDir(curDirName).absPath().startsWith(destDir)) {
|
||||||
|
+ kdWarning() << "Attempted export into folder" << curDirName
|
||||||
|
+ << "which is outside of the extraction root folder" << destDir << "."
|
||||||
|
+ << "Changing export of contained files to extraction root folder.";
|
||||||
|
+ curDirName = destDir;
|
||||||
|
+ }
|
||||||
|
root.mkdir(curDirName);
|
||||||
|
|
||||||
|
dirEntries = curDir->entries();
|
||||||
|
--
|
||||||
|
cgit v0.10.2
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
Summary: KDE 3 Libraries
|
Summary: KDE 3 Libraries
|
||||||
Name: kdelibs3
|
Name: kdelibs3
|
||||||
Version: 3.5.10
|
Version: 3.5.10
|
||||||
Release: 79%{?dist}
|
Release: 80%{?dist}
|
||||||
|
|
||||||
License: LGPLv2
|
License: LGPLv2
|
||||||
Url: http://www.kde.org/
|
Url: http://www.kde.org/
|
||||||
|
@ -119,6 +119,9 @@ Patch209: kdelibs-3.5.10-CVE-2013-2074.patch
|
||||||
# http://commits.kde.org/kdelibs/cc5515ed7ce8884c9b18169158ba29ab2f7a3db7
|
# http://commits.kde.org/kdelibs/cc5515ed7ce8884c9b18169158ba29ab2f7a3db7
|
||||||
# upstream fix by Joseph Wenninger, rediffed for kdelibs 3.5.10 by Kevin Kofler
|
# upstream fix by Joseph Wenninger, rediffed for kdelibs 3.5.10 by Kevin Kofler
|
||||||
Patch210: kdelibs-3.5.10-CVE-2015-7543.patch
|
Patch210: kdelibs-3.5.10-CVE-2015-7543.patch
|
||||||
|
# CVE-2016-6232 - directory traversal vulnerability in KArchive
|
||||||
|
# patch from Trinity (Slávek Banko), based on KF5 fix (Andreas Cord-Landwehr)
|
||||||
|
Patch211: kdelibs-3.5.10-CVE-2016-6232.patch
|
||||||
|
|
||||||
## fixes to common KDE 3 autotools machinery
|
## fixes to common KDE 3 autotools machinery
|
||||||
# tweak autoconfigury so that it builds with autoconf 2.64 or 2.65
|
# tweak autoconfigury so that it builds with autoconf 2.64 or 2.65
|
||||||
|
@ -300,6 +303,7 @@ This package includes tools kgrantpty and kpac_dhcp_helper.
|
||||||
%patch208 -p1 -b .CVE-2011-3365
|
%patch208 -p1 -b .CVE-2011-3365
|
||||||
%patch209 -p1 -b .CVE-2013-2074
|
%patch209 -p1 -b .CVE-2013-2074
|
||||||
%patch210 -p1 -b .CVE-2015-7543
|
%patch210 -p1 -b .CVE-2015-7543
|
||||||
|
%patch211 -p1 -b .CVE-2016-6232
|
||||||
|
|
||||||
%patch300 -p1 -b .acinclude
|
%patch300 -p1 -b .acinclude
|
||||||
%patch301 -p1 -b .automake-version
|
%patch301 -p1 -b .automake-version
|
||||||
|
@ -627,6 +631,9 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
|
||||||
%attr(4755,root,root) %{_bindir}/kpac_dhcp_helper
|
%attr(4755,root,root) %{_bindir}/kpac_dhcp_helper
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jan 23 2017 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-80
|
||||||
|
- backport fix for CVE-2016-6232 from Trinity (itself backported from KF5)
|
||||||
|
|
||||||
* Sun Jan 22 2017 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-79
|
* Sun Jan 22 2017 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-79
|
||||||
- use DrKonqi from Plasma 5 rather than from kde-runtime 4
|
- use DrKonqi from Plasma 5 rather than from kde-runtime 4
|
||||||
- build against compat-openssl10 for now (F26+)
|
- build against compat-openssl10 for now (F26+)
|
||||||
|
|
Loading…
Reference in New Issue