aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBart Ribbers <bribbers@disroot.org>2020-08-28 12:56:15 +0200
committerBart Ribbers <bribbers@disroot.org>2020-08-28 14:17:01 +0200
commit2040d075c608cd6e3206ec11996d12c551224490 (patch)
tree8892f70ae41a88ceda76460124670f16bdb0e003
parentf2a2ffc32b6da02e1a60b3bdabdacb9cf65a4df8 (diff)
downloadaports-2040d075c608cd6e3206ec11996d12c551224490.tar.gz
aports-2040d075c608cd6e3206ec11996d12c551224490.tar.bz2
aports-2040d075c608cd6e3206ec11996d12c551224490.tar.xz
community/ark: fix CVE-2020-24654
-rw-r--r--community/ark/APKBUILD9
-rw-r--r--community/ark/CVE-2020-24654.patch53
2 files changed, 60 insertions, 2 deletions
diff --git a/community/ark/APKBUILD b/community/ark/APKBUILD
index 04799dac5f..d2f44d0b8c 100644
--- a/community/ark/APKBUILD
+++ b/community/ark/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Bart Ribbers <bribbers@disroot.org>
pkgname=ark
pkgver=20.04.2
-pkgrel=1
+pkgrel=2
pkgdesc="Graphical file compression/decompression utility with support for multiple formats"
arch="all !armhf" # armhf blocked by extra-cmake-modules
url="https://kde.org/applications/utilities/org.kde.ark"
@@ -12,13 +12,17 @@ makedepends="extra-cmake-modules qt5-qtbase-dev karchive-dev kconfig-dev kcrash-
checkdepends="xvfb-run"
source="https://download.kde.org/stable/release-service/$pkgver/src/ark-$pkgver.tar.xz
CVE-2020-16116.patch
+ CVE-2020-24654.patch
"
subpackages="$pkgname-doc $pkgname-lang"
# secfixes:
+# 20.04.2-r2:
+# - CVE-2020-24654
# 20.04.2-r1:
# - CVE-2020-16116
+
build() {
cmake -B build \
-DCMAKE_BUILD_TYPE=None \
@@ -37,4 +41,5 @@ package() {
DESTDIR="$pkgdir" cmake --build build --target install
}
sha512sums="35f0d17655e9a38c4d9ff4d9777a4198416258cb73d368085d8eaa6eb40622a3e8f8573826789fb978794b84519f131f9e0193b8b279598015dcd89597187cb5 ark-20.04.2.tar.xz
-953ca28531a92198f9d5e429cea85e2887b88e5132093845c3f52615e7f736b592bea8d80c98a7c198685062ef47efc463e5cecacca5470cf920f00bfc461e41 CVE-2020-16116.patch"
+953ca28531a92198f9d5e429cea85e2887b88e5132093845c3f52615e7f736b592bea8d80c98a7c198685062ef47efc463e5cecacca5470cf920f00bfc461e41 CVE-2020-16116.patch
+c8ab491d58bea0c6fe81df7ec2c89ab8351f3d1a89c5632b1db669b418671715e7f10e96058b783672d5f0cad6b6c959f10130eda264859d951859622f59f2e4 CVE-2020-24654.patch"
diff --git a/community/ark/CVE-2020-24654.patch b/community/ark/CVE-2020-24654.patch
new file mode 100644
index 0000000000..8b3821893e
--- /dev/null
+++ b/community/ark/CVE-2020-24654.patch
@@ -0,0 +1,53 @@
+From 8bf8c5ef07b0ac5e914d752681e470dea403a5bd Mon Sep 17 00:00:00 2001
+From: Fabian Vogt <fabian@ritter-vogt.de>
+Date: Tue, 25 Aug 2020 22:14:37 +0200
+Subject: [PATCH] Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive
+
+There are archive types which allow to first create a symlink and then
+later on dereference it. If the symlink points outside of the archive,
+this results in writing outside of the destination directory.
+
+With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids
+this situation by verifying that none of the target path components are
+symlinks before writing.
+
+Remove the commented out code in the method, which would actually
+misbehave if enabled again.
+
+Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
+---
+ plugins/libarchive/libarchiveplugin.cpp | 18 +++---------------
+ 1 file changed, 3 insertions(+), 15 deletions(-)
+
+diff --git a/plugins/libarchive/libarchiveplugin.cpp b/plugins/libarchive/libarchiveplugin.cpp
+index 50e81da1..8a0fed21 100644
+--- a/plugins/libarchive/libarchiveplugin.cpp
++++ b/plugins/libarchive/libarchiveplugin.cpp
+@@ -509,21 +509,9 @@ void LibarchivePlugin::emitEntryFromArchiveEntry(struct archive_entry *aentry)
+
+ int LibarchivePlugin::extractionFlags() const
+ {
+- int result = ARCHIVE_EXTRACT_TIME;
+- result |= ARCHIVE_EXTRACT_SECURE_NODOTDOT;
+-
+- // TODO: Don't use arksettings here
+- /*if ( ArkSettings::preservePerms() )
+- {
+- result &= ARCHIVE_EXTRACT_PERM;
+- }
+-
+- if ( !ArkSettings::extractOverwrite() )
+- {
+- result &= ARCHIVE_EXTRACT_NO_OVERWRITE;
+- }*/
+-
+- return result;
++ return ARCHIVE_EXTRACT_TIME
++ | ARCHIVE_EXTRACT_SECURE_NODOTDOT
++ | ARCHIVE_EXTRACT_SECURE_SYMLINKS;
+ }
+
+ void LibarchivePlugin::copyData(const QString& filename, struct archive *dest, bool partialprogress)
+--
+GitLab
+