[kdeutils/f15] Resolves: bz#744215, CVE-2011-2725 KDE Utilities Ark path traversal

[Than Ngo]

commit 69ac072f04a72ec40ae236222c3eec3dbb4b06af
Author: Than Ngo <than at redhat.com>
Date:   Wed Oct 19 14:07:34 2011 +0200

    Resolves: bz#744215, CVE-2011-2725 KDE Utilities Ark path traversal

 kdeutils-4.7.2-CVE-2011-2725.patch |   21 +++++++++++++++++++++
 kdeutils.spec                      |    9 +++++++--
 2 files changed, 28 insertions(+), 2 deletions(-)
---
diff --git a/kdeutils-4.7.2-CVE-2011-2725.patch b/kdeutils-4.7.2-CVE-2011-2725.patch
new file mode 100644
index 0000000..50315c0
--- /dev/null
+++ b/kdeutils-4.7.2-CVE-2011-2725.patch
@@ -0,0 +1,21 @@
+diff -up kdeutils-4.7.2/ark/part/part.cpp.orig kdeutils-4.7.2/ark/part/part.cpp
+--- kdeutils-4.7.2/ark/part/part.cpp.orig	2011-10-18 16:57:02.000000000 +0200
++++ kdeutils-4.7.2/ark/part/part.cpp	2011-10-18 16:57:45.000000000 +0200
+@@ -558,8 +558,15 @@ void Part::slotPreviewExtracted(KJob *jo
+     if (!job->error()) {
+         const ArchiveEntry& entry =
+             m_model->entryForIndex(m_view->selectionModel()->currentIndex());
+-        const QString fullName =
+-            m_previewDir->name() + QLatin1Char( '/' ) + entry[ FileName ].toString();
++
++        QString fullName =
++            m_previewDir->name() + QLatin1Char('/') + entry[FileName].toString();
++
++        // Make sure a maliciously crafted archive with parent folders named ".." do
++        // not cause the previewed file path to be located outside the temporary
++        // directory, resulting in a directory traversal issue.
++        fullName.remove(QLatin1String("../"));
++
+         ArkViewer::view(fullName, widget());
+     } else {
+         KMessageBox::error(widget(), job->errorString());
diff --git a/kdeutils.spec b/kdeutils.spec
index badcfe5..345a3ec 100644
--- a/kdeutils.spec
+++ b/kdeutils.spec
@@ -1,4 +1,3 @@
-
 %if 0%{?fedora}
 %define printer_applet 1
 %endif
@@ -6,7 +5,7 @@
 Name:           kdeutils
 Epoch:          6
 Version:        4.6.5
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        KDE Utilities
 
 Group:          Applications/System
@@ -23,6 +22,8 @@ Patch50: kdeutils-4.6.1-gpg2.patch
 ## upstream patches
 # Number buttons cannot be used in kcalc, kde#256591
 Patch100: kdeutils-4.6.5-kcalc-bz#719306.patch
+# CVE-2011-2725 KDE Utilities Ark path traversal
+Patch101: kdeutils-4.7.2-CVE-2011-2725.patch
 
 ## trunk, added to trunk/4.7, add support for automatic printer driver installation (Tim Waugh, #576660)
 Patch200: kdeutils-4.4.1-printer-applet-InstallPrinterDrivers.patch
@@ -126,6 +127,7 @@ Requires: kdelibs4-devel
 
 %patch50 -p1 -b .gpg2
 %patch100 -p1 -b .kcalc
+%patch101 -p1 -b .CVE-2011-2725
 %patch200 -p1 -b .InstallPrinterDrivers
 
 
@@ -337,6 +339,9 @@ fi
 
 
 %changelog
+* Wed Oct 19 2011 Than Ngo <than at redhat.com> 6:4.6.5-3
+- Resolves: bz#744215, CVE-2011-2725 KDE Utilities Ark path traversal
+
 * Thu Jul 07 2011 Than Ngo <than at redhat.com> - 6:4.6.5-2
 - fix bz#719306, Number buttons cannot be used in kcalc