From b0e980dddedcaa93585b9fba05b99c2e8966f4c5 Mon Sep 17 00:00:00 2001
From: Helmut Pozimski <helmut@pozimski.eu>
Date: Mon, 8 Aug 2016 19:11:42 +0200
Subject: [PATCH] kdelibs: add security fix CVE-2016-6232.patch

Fixes CVE-2016-6232
---
 srcpkgs/kdelibs/patches/CVE-2016-6232.patch | 32 +++++++++++++++++++++
 srcpkgs/kdelibs/template                    |  2 +-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/kdelibs/patches/CVE-2016-6232.patch

diff --git a/srcpkgs/kdelibs/patches/CVE-2016-6232.patch b/srcpkgs/kdelibs/patches/CVE-2016-6232.patch
new file mode 100644
index 00000000000..bcc6073f798
--- /dev/null
+++ b/srcpkgs/kdelibs/patches/CVE-2016-6232.patch
@@ -0,0 +1,32 @@
+--- kdecore/io/karchive.cpp
++++ kdecore/io/karchive.cpp
+@@ -800,6 +800,7 @@
+ void KArchiveDirectory::copyTo(const QString& dest, bool recursiveCopy ) const
+ {
+   QDir root;
++  const QString destDir(QDir(dest).absolutePath()); // get directory path without any "." or ".."
+ 
+   QList<const KArchiveFile*> fileList;
+   QMap<qint64, QString> fileToDir;
+@@ -809,10 +810,19 @@
+   QStack<QString> dirNameStack;
+ 
+   dirStack.push( this );     // init stack at current directory
+-  dirNameStack.push( dest ); // ... with given path
++  dirNameStack.push(destDir);   // ... with given path
+   do {
+     const KArchiveDirectory* curDir = dirStack.pop();
+-    const QString curDirName = dirNameStack.pop();
++
++    // extract only to specified folder if it is located within archive's extraction folder
++    // otherwise put file under root position in extraction folder
++    QString curDirName = dirNameStack.pop();
++    if (!QDir(curDirName).absolutePath().startsWith(destDir)) {
++        qWarning() << "Attempted export into folder" << curDirName
++            << "which is outside of the extraction root folder" << destDir << "."
++            << "Changing export of contained files to extraction root folder.";
++        curDirName = destDir;
++    }
+     root.mkdir(curDirName);
+ 
+     const QStringList dirEntries = curDir->entries();
diff --git a/srcpkgs/kdelibs/template b/srcpkgs/kdelibs/template
index d482ee13ce7..093cf49e0e7 100644
--- a/srcpkgs/kdelibs/template
+++ b/srcpkgs/kdelibs/template
@@ -1,7 +1,7 @@
 # Template file for 'kdelibs'
 pkgname=kdelibs
 version=4.14.3
-revision=2
+revision=3
 short_desc="KDE core libraries"
 maintainer="Juan RP <xtraeme@voidlinux.eu>"
 license="GPL-2.0, LGPL-2.1, FDL"