diff options
Diffstat (limited to 'archivers/ark/files/patch-cve_2020-24654')
-rw-r--r-- | archivers/ark/files/patch-cve_2020-24654 | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/archivers/ark/files/patch-cve_2020-24654 b/archivers/ark/files/patch-cve_2020-24654 deleted file mode 100644 index e1f8f3d7c50f..000000000000 --- a/archivers/ark/files/patch-cve_2020-24654 +++ /dev/null @@ -1,54 +0,0 @@ -From 8bf8c5ef07b0ac5e914d752681e470dea403a5bd Mon Sep 17 00:00:00 2001 -From: Fabian Vogt <fabian@ritter-vogt.de> -Date: Tue, 25 Aug 2020 22:14:37 +0200 -Subject: [PATCH] Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive - -There are archive types which allow to first create a symlink and then -later on dereference it. If the symlink points outside of the archive, -this results in writing outside of the destination directory. - -With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids -this situation by verifying that none of the target path components are -symlinks before writing. - -Remove the commented out code in the method, which would actually -misbehave if enabled again. - -Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de> ---- - plugins/libarchive/libarchiveplugin.cpp | 18 +++--------------- - 1 file changed, 3 insertions(+), 15 deletions(-) - -diff --git a/plugins/libarchive/libarchiveplugin.cpp b/plugins/libarchive/libarchiveplugin.cpp -index 50e81da1..8a0fed21 100644 ---- plugins/libarchive/libarchiveplugin.cpp -+++ plugins/libarchive/libarchiveplugin.cpp -@@ -509,21 +509,9 @@ void LibarchivePlugin::emitEntryFromArchiveEntry(struct archive_entry *aentry) - - int LibarchivePlugin::extractionFlags() const - { -- int result = ARCHIVE_EXTRACT_TIME; -- result |= ARCHIVE_EXTRACT_SECURE_NODOTDOT; -- -- // TODO: Don't use arksettings here -- /*if ( ArkSettings::preservePerms() ) -- { -- result &= ARCHIVE_EXTRACT_PERM; -- } -- -- if ( !ArkSettings::extractOverwrite() ) -- { -- result &= ARCHIVE_EXTRACT_NO_OVERWRITE; -- }*/ -- -- return result; -+ return ARCHIVE_EXTRACT_TIME -+ | ARCHIVE_EXTRACT_SECURE_NODOTDOT -+ | ARCHIVE_EXTRACT_SECURE_SYMLINKS; - } - - void LibarchivePlugin::copyData(const QString& filename, struct archive *dest, bool partialprogress) --- -GitLab - - |