diff options
Diffstat (limited to 'kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch')
-rw-r--r-- | kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch b/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch deleted file mode 100644 index 8b3821893ef3..000000000000 --- a/kde-apps/ark/files/ark-20.04.3-CVE-2020-24654.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 8bf8c5ef07b0ac5e914d752681e470dea403a5bd Mon Sep 17 00:00:00 2001 -From: Fabian Vogt <fabian@ritter-vogt.de> -Date: Tue, 25 Aug 2020 22:14:37 +0200 -Subject: [PATCH] Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive - -There are archive types which allow to first create a symlink and then -later on dereference it. If the symlink points outside of the archive, -this results in writing outside of the destination directory. - -With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids -this situation by verifying that none of the target path components are -symlinks before writing. - -Remove the commented out code in the method, which would actually -misbehave if enabled again. - -Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de> ---- - plugins/libarchive/libarchiveplugin.cpp | 18 +++--------------- - 1 file changed, 3 insertions(+), 15 deletions(-) - -diff --git a/plugins/libarchive/libarchiveplugin.cpp b/plugins/libarchive/libarchiveplugin.cpp -index 50e81da1..8a0fed21 100644 ---- a/plugins/libarchive/libarchiveplugin.cpp -+++ b/plugins/libarchive/libarchiveplugin.cpp -@@ -509,21 +509,9 @@ void LibarchivePlugin::emitEntryFromArchiveEntry(struct archive_entry *aentry) - - int LibarchivePlugin::extractionFlags() const - { -- int result = ARCHIVE_EXTRACT_TIME; -- result |= ARCHIVE_EXTRACT_SECURE_NODOTDOT; -- -- // TODO: Don't use arksettings here -- /*if ( ArkSettings::preservePerms() ) -- { -- result &= ARCHIVE_EXTRACT_PERM; -- } -- -- if ( !ArkSettings::extractOverwrite() ) -- { -- result &= ARCHIVE_EXTRACT_NO_OVERWRITE; -- }*/ -- -- return result; -+ return ARCHIVE_EXTRACT_TIME -+ | ARCHIVE_EXTRACT_SECURE_NODOTDOT -+ | ARCHIVE_EXTRACT_SECURE_SYMLINKS; - } - - void LibarchivePlugin::copyData(const QString& filename, struct archive *dest, bool partialprogress) --- -GitLab - |