diff options
| author | Tobias C. Berner <tcberner@FreeBSD.org> | 2020-08-28 05:47:31 +0000 |
|---|---|---|
| committer | Tobias C. Berner <tcberner@FreeBSD.org> | 2020-08-28 05:47:31 +0000 |
| commit | 054311d7253fd4468e37da2677e99e3446438b69 (patch) | |
| tree | 0fd36b5614bb250de6ff61866c860a3a00827ae2 /archivers/ark | |
| parent | fc5c7433e8ba1c1796a99cb98712eb14a7c62905 (diff) | |
| download | ports-054311d7253fd4468e37da2677e99e3446438b69.tar.gz ports-054311d7253fd4468e37da2677e99e3446438b69.zip | |
Notes
Diffstat (limited to 'archivers/ark')
| -rw-r--r-- | archivers/ark/Makefile | 1 | ||||
| -rw-r--r-- | archivers/ark/files/patch-cve_2020-24654 | 54 |
2 files changed, 55 insertions, 0 deletions
diff --git a/archivers/ark/Makefile b/archivers/ark/Makefile index 7a200dfcfaf5..5a46737b0d7f 100644 --- a/archivers/ark/Makefile +++ b/archivers/ark/Makefile @@ -2,6 +2,7 @@ PORTNAME= ark DISTVERSION= ${KDE_APPLICATIONS_VERSION} +PORTREVISION= 1 CATEGORIES= archivers kde kde-applications MAINTAINER= kde@FreeBSD.org diff --git a/archivers/ark/files/patch-cve_2020-24654 b/archivers/ark/files/patch-cve_2020-24654 new file mode 100644 index 000000000000..e1f8f3d7c50f --- /dev/null +++ b/archivers/ark/files/patch-cve_2020-24654 @@ -0,0 +1,54 @@ +From 8bf8c5ef07b0ac5e914d752681e470dea403a5bd Mon Sep 17 00:00:00 2001 +From: Fabian Vogt <fabian@ritter-vogt.de> +Date: Tue, 25 Aug 2020 22:14:37 +0200 +Subject: [PATCH] Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive + +There are archive types which allow to first create a symlink and then +later on dereference it. If the symlink points outside of the archive, +this results in writing outside of the destination directory. + +With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids +this situation by verifying that none of the target path components are +symlinks before writing. + +Remove the commented out code in the method, which would actually +misbehave if enabled again. + +Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de> +--- + plugins/libarchive/libarchiveplugin.cpp | 18 +++--------------- + 1 file changed, 3 insertions(+), 15 deletions(-) + +diff --git a/plugins/libarchive/libarchiveplugin.cpp b/plugins/libarchive/libarchiveplugin.cpp +index 50e81da1..8a0fed21 100644 +--- plugins/libarchive/libarchiveplugin.cpp ++++ plugins/libarchive/libarchiveplugin.cpp +@@ -509,21 +509,9 @@ void LibarchivePlugin::emitEntryFromArchiveEntry(struct archive_entry *aentry) + + int LibarchivePlugin::extractionFlags() const + { +- int result = ARCHIVE_EXTRACT_TIME; +- result |= ARCHIVE_EXTRACT_SECURE_NODOTDOT; +- +- // TODO: Don't use arksettings here +- /*if ( ArkSettings::preservePerms() ) +- { +- result &= ARCHIVE_EXTRACT_PERM; +- } +- +- if ( !ArkSettings::extractOverwrite() ) +- { +- result &= ARCHIVE_EXTRACT_NO_OVERWRITE; +- }*/ +- +- return result; ++ return ARCHIVE_EXTRACT_TIME ++ | ARCHIVE_EXTRACT_SECURE_NODOTDOT ++ | ARCHIVE_EXTRACT_SECURE_SYMLINKS; + } + + void LibarchivePlugin::copyData(const QString& filename, struct archive *dest, bool partialprogress) +-- +GitLab + + |