summaryrefslogtreecommitdiff
path: root/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch
diff options
context:
space:
mode:
Diffstat (limited to 'kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch')
-rw-r--r--kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch53
1 files changed, 0 insertions, 53 deletions
diff --git a/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch b/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch
deleted file mode 100644
index 8b3821893ef3..000000000000
--- a/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 8bf8c5ef07b0ac5e914d752681e470dea403a5bd Mon Sep 17 00:00:00 2001
-From: Fabian Vogt <fabian@ritter-vogt.de>
-Date: Tue, 25 Aug 2020 22:14:37 +0200
-Subject: [PATCH] Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive
-
-There are archive types which allow to first create a symlink and then
-later on dereference it. If the symlink points outside of the archive,
-this results in writing outside of the destination directory.
-
-With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids
-this situation by verifying that none of the target path components are
-symlinks before writing.
-
-Remove the commented out code in the method, which would actually
-misbehave if enabled again.
-
-Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
----
- plugins/libarchive/libarchiveplugin.cpp | 18 +++---------------
- 1 file changed, 3 insertions(+), 15 deletions(-)
-
-diff --git a/plugins/libarchive/libarchiveplugin.cpp b/plugins/libarchive/libarchiveplugin.cpp
-index 50e81da1..8a0fed21 100644
---- a/plugins/libarchive/libarchiveplugin.cpp
-+++ b/plugins/libarchive/libarchiveplugin.cpp
-@@ -509,21 +509,9 @@ void LibarchivePlugin::emitEntryFromArchiveEntry(struct archive_entry *aentry)
-
- int LibarchivePlugin::extractionFlags() const
- {
-- int result = ARCHIVE_EXTRACT_TIME;
-- result |= ARCHIVE_EXTRACT_SECURE_NODOTDOT;
--
-- // TODO: Don't use arksettings here
-- /*if ( ArkSettings::preservePerms() )
-- {
-- result &= ARCHIVE_EXTRACT_PERM;
-- }
--
-- if ( !ArkSettings::extractOverwrite() )
-- {
-- result &= ARCHIVE_EXTRACT_NO_OVERWRITE;
-- }*/
--
-- return result;
-+ return ARCHIVE_EXTRACT_TIME
-+ | ARCHIVE_EXTRACT_SECURE_NODOTDOT
-+ | ARCHIVE_EXTRACT_SECURE_SYMLINKS;
- }
-
- void LibarchivePlugin::copyData(const QString& filename, struct archive *dest, bool partialprogress)
---
-GitLab
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-27 04:58:32 +0000