[arch-commits] Commit in kdeutils/trunk (CVE-2011-2725.patch PKGBUILD)
Andrea Scarpino
andrea at archlinux.org
Mon Oct 31 11:34:21 UTC 2011
Date: Monday, October 31, 2011 @ 07:34:21
Author: andrea
Revision: 141579
upgpkg: kdeutils 4.7.3-1
KDE 4.7.3
Modified:
kdeutils/trunk/PKGBUILD
Deleted:
kdeutils/trunk/CVE-2011-2725.patch
---------------------+
CVE-2011-2725.patch | 20 --------------------
PKGBUILD | 16 ++++++----------
2 files changed, 6 insertions(+), 30 deletions(-)
Deleted: CVE-2011-2725.patch
===================================================================
--- CVE-2011-2725.patch 2011-10-31 11:33:57 UTC (rev 141578)
+++ CVE-2011-2725.patch 2011-10-31 11:34:21 UTC (rev 141579)
@@ -1,20 +0,0 @@
---- a/part/part.cpp
-+++ b/part/part.cpp
-@@ -558,8 +558,15 @@ void Part::slotPreviewExtracted(KJob *jo
- if (!job->error()) {
- const ArchiveEntry& entry =
- m_model->entryForIndex(m_view->selectionModel()->currentIndex());
-- const QString fullName =
-- m_previewDir->name() + QLatin1Char( '/' ) + entry[ FileName ].toString();
-+
-+ QString fullName =
-+ m_previewDir->name() + QLatin1Char('/') + entry[FileName].toString();
-+
-+ // Make sure a maliciously crafted archive with parent folders named ".." do
-+ // not cause the previewed file path to be located outside the temporary
-+ // directory, resulting in a directory traversal issue.
-+ fullName.remove(QLatin1String("../"));
-+
- ArkViewer::view(fullName, widget());
- } else {
- KMessageBox::error(widget(), job->errorString());
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2011-10-31 11:33:57 UTC (rev 141578)
+++ PKGBUILD 2011-10-31 11:34:21 UTC (rev 141579)
@@ -16,8 +16,8 @@
'kdeutils-printer-applet'
'kdeutils-superkaramba'
'kdeutils-sweeper')
-pkgver=4.7.2
-pkgrel=2
+pkgver=4.7.3
+pkgrel=1
arch=('i686' 'x86_64')
url='http://www.kde.org'
license=('GPL' 'LGPL' 'FDL')
@@ -25,17 +25,13 @@
makedepends=('pkgconfig' 'cmake' 'automoc4' 'kdebase-lib' 'kdebase-workspace'
'kdebindings-python' 'system-config-printer-common' 'libarchive' 'qimageblitz'
'qjson')
-source=("http://download.kde.org/stable/${pkgver}/src/${pkgbase}-${pkgver}.tar.bz2"
- 'CVE-2011-2725.patch')
-sha1sums=('52ce9b6b5f2c20475f46b6f7378ca4c530df37b4'
- 'bc7428edb6851b4f3dc772bc88ace576379e93f2')
+source=("http://download.kde.org/stable/${pkgver}/src/${pkgbase}-${pkgver}.tar.bz2")
+sha1sums=('23fc9823647152d5d8cc250a55402c8930db4059')
build() {
- cd "${srcdir}"/${pkgbase}-${pkgver}/ark
- patch -p1 -i "${srcdir}"/CVE-2011-2725.patch
-
- # Use Python2
cd "${srcdir}"/${pkgbase}-${pkgver}
+
+ # Use Python2
sed -i 's|/usr/bin/python|/usr/bin/python2|' \
kcharselect/kcharselect-generate-datafile.py \
superkaramba/examples/richtext/rtext.py
More information about the arch-commits
mailing list