diff options
author | tcberner <tcberner@FreeBSD.org> | 2016-08-28 03:30:03 +0800 |
---|---|---|
committer | tcberner <tcberner@FreeBSD.org> | 2016-08-28 03:30:03 +0800 |
commit | 7640f0eff15a073fcbd8ed8cbbc05fb37e6b277a (patch) | |
tree | e1c8cc6631abea99645b54fc5fb3517dc92c4543 /x11/kdelibs4 | |
parent | e6400a2fe3cfc11f6f8c2998ee75c97a586fafae (diff) | |
download | freebsd-ports-gnome-7640f0eff15a073fcbd8ed8cbbc05fb37e6b277a.tar.gz freebsd-ports-gnome-7640f0eff15a073fcbd8ed8cbbc05fb37e6b277a.tar.zst freebsd-ports-gnome-7640f0eff15a073fcbd8ed8cbbc05fb37e6b277a.zip |
Add upstream patch for a security issue in karchive:
Directory traversal vulnerability in KArchive before 5.24, as
used in KDE Frameworks, allows remote attackers to write to
arbitrary files via a ../ (dot dot slash) in a filename in an
archive file, related to KNewsstuff downloads.
Review the patch is from: https://git.reviewboard.kde.org/r/128749/
Original KF5 review: https://git.reviewboard.kde.org/r/128185/
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6232
Approved by: rakuco (mentor)
Security: 4472ab39-6c66-11e6-9ca5-50e549ebab6c, CVE-2016-6232
MFH: 2016Q3
Diffstat (limited to 'x11/kdelibs4')
-rw-r--r-- | x11/kdelibs4/Makefile | 2 | ||||
-rw-r--r-- | x11/kdelibs4/files/patch-git_dd1c2da | 44 |
2 files changed, 45 insertions, 1 deletions
diff --git a/x11/kdelibs4/Makefile b/x11/kdelibs4/Makefile index e0daf79cee9f..73ec13993021 100644 --- a/x11/kdelibs4/Makefile +++ b/x11/kdelibs4/Makefile @@ -3,7 +3,7 @@ PORTNAME= kdelibs PORTVERSION= ${KDE4_KDELIBS_VERSION} -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= x11 kde MASTER_SITES= KDE/${KDE4_APPLICATIONS_BRANCH}/applications/${KDE4_APPLICATIONS_VERSION}/src DIST_SUBDIR= KDE/${PORTVERSION} diff --git a/x11/kdelibs4/files/patch-git_dd1c2da b/x11/kdelibs4/files/patch-git_dd1c2da new file mode 100644 index 000000000000..f70609e81c86 --- /dev/null +++ b/x11/kdelibs4/files/patch-git_dd1c2da @@ -0,0 +1,44 @@ +From dd1c2da9d26fd4cfc7fe0a25f413e536d56cf2db Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Fri, 26 Aug 2016 00:30:34 +0200 +Subject: [PATCH] Backport karchive fix for out of directory files + +REVIEW: 128749 +--- + kdecore/io/karchive.cpp | 15 +++++++++++++-- + +diff --git kdecore/io/karchive.cpp kdecore/io/karchive.cpp +index eb0bf2e..d3f8c67 100644 +--- kdecore/io/karchive.cpp ++++ kdecore/io/karchive.cpp +@@ -800,6 +800,7 @@ static bool sortByPosition( const KArchiveFile* file1, const KArchiveFile* file2 + void KArchiveDirectory::copyTo(const QString& dest, bool recursiveCopy ) const + { + QDir root; ++ const QString destDir(QDir(dest).absolutePath()); // get directory path without any "." or ".." + + QList<const KArchiveFile*> fileList; + QMap<qint64, QString> fileToDir; +@@ -809,10 +810,20 @@ void KArchiveDirectory::copyTo(const QString& dest, bool recursiveCopy ) const + QStack<QString> dirNameStack; + + dirStack.push( this ); // init stack at current directory +- dirNameStack.push( dest ); // ... with given path ++ dirNameStack.push( destDir ); // ... with given path + do { + const KArchiveDirectory* curDir = dirStack.pop(); +- const QString curDirName = dirNameStack.pop(); ++ ++ // extract only to specified folder if it is located within archive's extraction folder ++ // otherwise put file under root position in extraction folder ++ QString curDirName = dirNameStack.pop(); ++ if (!QDir(curDirName).absolutePath().startsWith(destDir)) { ++ qWarning() << "Attempted export into folder" << curDirName ++ << "which is outside of the extraction root folder" << destDir << "." ++ << "Changing export of contained files to extraction root folder."; ++ curDirName = destDir; ++ } ++ + root.mkdir(curDirName); + + const QStringList dirEntries = curDir->entries(); |