[arch-commits] Commit in kdeutils/trunk (CVE-2011-2725.patch PKGBUILD)

Andrea Scarpino andrea at archlinux.org
Mon Oct 31 07:34:21 EDT 2011


    Date: Monday, October 31, 2011 @ 07:34:21
  Author: andrea
Revision: 141579

upgpkg: kdeutils 4.7.3-1

KDE 4.7.3

Modified:
  kdeutils/trunk/PKGBUILD
Deleted:
  kdeutils/trunk/CVE-2011-2725.patch

---------------------+
 CVE-2011-2725.patch |   20 --------------------
 PKGBUILD            |   16 ++++++----------
 2 files changed, 6 insertions(+), 30 deletions(-)

Deleted: CVE-2011-2725.patch
===================================================================
--- CVE-2011-2725.patch	2011-10-31 11:33:57 UTC (rev 141578)
+++ CVE-2011-2725.patch	2011-10-31 11:34:21 UTC (rev 141579)
@@ -1,20 +0,0 @@
---- a/part/part.cpp
-+++ b/part/part.cpp
-@@ -558,8 +558,15 @@ void Part::slotPreviewExtracted(KJob *jo
-     if (!job->error()) {
-         const ArchiveEntry& entry =
-             m_model->entryForIndex(m_view->selectionModel()->currentIndex());
--        const QString fullName =
--            m_previewDir->name() + QLatin1Char( '/' ) + entry[ FileName ].toString();
-+
-+        QString fullName =
-+            m_previewDir->name() + QLatin1Char('/') + entry[FileName].toString();
-+
-+        // Make sure a maliciously crafted archive with parent folders named ".." do
-+        // not cause the previewed file path to be located outside the temporary
-+        // directory, resulting in a directory traversal issue.
-+        fullName.remove(QLatin1String("../"));
-+
-         ArkViewer::view(fullName, widget());
-     } else {
-         KMessageBox::error(widget(), job->errorString());

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2011-10-31 11:33:57 UTC (rev 141578)
+++ PKGBUILD	2011-10-31 11:34:21 UTC (rev 141579)
@@ -16,8 +16,8 @@
          'kdeutils-printer-applet'
          'kdeutils-superkaramba'
          'kdeutils-sweeper')
-pkgver=4.7.2
-pkgrel=2
+pkgver=4.7.3
+pkgrel=1
 arch=('i686' 'x86_64')
 url='http://www.kde.org'
 license=('GPL' 'LGPL' 'FDL')
@@ -25,17 +25,13 @@
 makedepends=('pkgconfig' 'cmake' 'automoc4' 'kdebase-lib' 'kdebase-workspace'
 	'kdebindings-python' 'system-config-printer-common' 'libarchive' 'qimageblitz'
 	'qjson')
-source=("http://download.kde.org/stable/${pkgver}/src/${pkgbase}-${pkgver}.tar.bz2"
-        'CVE-2011-2725.patch')
-sha1sums=('52ce9b6b5f2c20475f46b6f7378ca4c530df37b4'
-          'bc7428edb6851b4f3dc772bc88ace576379e93f2')
+source=("http://download.kde.org/stable/${pkgver}/src/${pkgbase}-${pkgver}.tar.bz2")
+sha1sums=('23fc9823647152d5d8cc250a55402c8930db4059')
 
 build() {
-    cd "${srcdir}"/${pkgbase}-${pkgver}/ark
-    patch -p1 -i "${srcdir}"/CVE-2011-2725.patch
-
-    # Use Python2
     cd "${srcdir}"/${pkgbase}-${pkgver}
+    
+    # Use Python2
     sed -i 's|/usr/bin/python|/usr/bin/python2|' \
       kcharselect/kcharselect-generate-datafile.py \
       superkaramba/examples/richtext/rtext.py



More information about the arch-commits mailing list