Jose Manuel Santamaria Lema has proposed merging ~panfaust/kubuntu-packaging/+git/kde4libs:gcc6 into ~kubuntu-packagers/kubuntu-packaging/+git/kde4libs:kubuntu_yakkety_archive.
Requested reviews: Kubuntu Packagers (kubuntu-packagers) For more details, see: https://code.launchpad.net/~panfaust/kubuntu-packaging/+git/kde4libs/+merge/302758 1. Include patch to fix the GCC 6 FTBFS 2. Import security patch from debian to fix CVE-2016-6232 -- Your team Kubuntu Packagers is requested to review the proposed merge of ~panfaust/kubuntu-packaging/+git/kde4libs:gcc6 into ~kubuntu-packagers/kubuntu-packaging/+git/kde4libs:kubuntu_yakkety_archive.
diff --git a/debian/changelog b/debian/changelog index aafcf7e..bfd65c3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,10 @@ kde4libs (4:4.14.22-0ubuntu1) UNRELEASED; urgency=medium [ Clive Johnston ] * Refreshed symbols and removed MISSING + [ José Manuel Santamaría Lema ] + * Add kubuntu_gcc6.diff to avoid FTBFS'ing with GCC 6. + * Import cve-2016-6232.patch from debian. + -- Philip Muškovac <[email protected]> Sat, 09 Jul 2016 15:26:17 +0200 kde4libs (4:4.14.16-0ubuntu4) yakkety; urgency=medium diff --git a/debian/patches/cve-2016-6232.patch b/debian/patches/cve-2016-6232.patch new file mode 100644 index 0000000..7866b6b --- /dev/null +++ b/debian/patches/cve-2016-6232.patch @@ -0,0 +1,46 @@ +From: Debian/Kubuntu Qt/KDE Maintainers <[email protected]> +Date: Tue 19 Jul 10:38:59 CEST 2016 +Subject: Ensure extraction location to be in subfolder + +Behavior change: Switch to Tar's default behavior to avoid extraction +to arbitrary system locations outside of extraction folder. Instead, +extract such files to root location in extraction folder. + +REVIEW: 128185 +Author: Andreas Cord-Landwehr <[email protected]> +Taken from karchive commit 0cb243f64eef45565741b27364cece7d5c349c37 +the test was dropped in this patch as it depends on a binary file. +Fixes: CVE-2016-6232 + +--- a/kdecore/io/karchive.cpp ++++ b/kdecore/io/karchive.cpp +@@ -800,6 +800,7 @@ + void KArchiveDirectory::copyTo(const QString& dest, bool recursiveCopy ) const + { + QDir root; ++ const QString destDir(QDir(dest).absolutePath()); // get directory path without any "." or ".." + + QList<const KArchiveFile*> fileList; + QMap<qint64, QString> fileToDir; +@@ -809,10 +810,19 @@ + QStack<QString> dirNameStack; + + dirStack.push( this ); // init stack at current directory +- dirNameStack.push( dest ); // ... with given path ++ dirNameStack.push(destDir); // ... with given path + do { + const KArchiveDirectory* curDir = dirStack.pop(); +- const QString curDirName = dirNameStack.pop(); ++ ++ // extract only to specified folder if it is located within archive's extraction folder ++ // otherwise put file under root position in extraction folder ++ QString curDirName = dirNameStack.pop(); ++ if (!QDir(curDirName).absolutePath().startsWith(destDir)) { ++ qWarning() << "Attempted export into folder" << curDirName ++ << "which is outside of the extraction root folder" << destDir << "." ++ << "Changing export of contained files to extraction root folder."; ++ curDirName = destDir; ++ } + root.mkdir(curDirName); + + const QStringList dirEntries = curDir->entries(); diff --git a/debian/patches/kubuntu_gcc6.diff b/debian/patches/kubuntu_gcc6.diff new file mode 100644 index 0000000..56c3e46 --- /dev/null +++ b/debian/patches/kubuntu_gcc6.diff @@ -0,0 +1,25 @@ +Description: This patch avoids a build failure with GCC 6 +Origin: https://github.com/archlinuxarm/PKGBUILDs/blob/master/extra/kdelibs/kdelibs-gcc6.patch +Forwarded: no +--- a/khtml/dom/dom2_traversal.h ++++ b/khtml/dom/dom2_traversal.h +@@ -214,7 +214,7 @@ public: + * + */ + enum ShowCode { +- SHOW_ALL = 0xFFFFFFFF, ++ SHOW_ALL = (int)0xFFFFFFFF, + SHOW_ELEMENT = 0x00000001, + SHOW_ATTRIBUTE = 0x00000002, + SHOW_TEXT = 0x00000004, +--- a/ConfigureChecks.cmake ++++ b/ConfigureChecks.cmake +@@ -238,7 +238,7 @@ check_prototype_exists(unsetenv stdlib.h + check_prototype_exists(usleep unistd.h HAVE_USLEEP_PROTO) + check_prototype_exists(initgroups "unistd.h;sys/types.h;unistd.h;grp.h" HAVE_INITGROUPS_PROTO) + check_prototype_exists(setreuid unistd.h HAVE_SETREUID_PROTO) +-check_prototype_exists(trunc math.h HAVE_TRUNC) ++check_prototype_exists(truncf math.h HAVE_TRUNC) + + # check for existing datatypes + diff --git a/debian/patches/series b/debian/patches/series index a02855e..f681448 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -33,3 +33,5 @@ kubuntu_patched_l10n.diff kubuntu_raise_after_drkonqi.patch kubuntu_revert_findpythonlibrary.diff kubuntu_breezify.patch +kubuntu_gcc6.diff +cve-2016-6232.patch
-- kubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-devel
