From 0f053b07ab3a4bd4519dfadd80595ef957e171b7 Mon Sep 17 00:00:00 2001
From: markd <markd@pkgsrc.org>
Date: Sun, 20 Nov 2011 02:10:58 +0000
Subject: [PATCH] Fix directory traversal issue (CVE-2011-2725).

---
 misc/kdeutils4/Makefile                       |  4 +-
 misc/kdeutils4/distinfo                       |  3 +-
 .../kdeutils4/patches/patch-ark_part_part.cpp | 37 +++++++++++++++++++
 3 files changed, 41 insertions(+), 3 deletions(-)
 create mode 100644 misc/kdeutils4/patches/patch-ark_part_part.cpp

diff --git a/misc/kdeutils4/Makefile b/misc/kdeutils4/Makefile
index d8c2c035e332..8469bf7aa8f7 100644
--- a/misc/kdeutils4/Makefile
+++ b/misc/kdeutils4/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.26 2011/11/01 06:50:28 sbd Exp $
+# $NetBSD: Makefile,v 1.27 2011/11/20 02:10:58 markd Exp $
 
 DISTNAME=	kdeutils-${_KDE_VERSION}
-PKGREVISION=	6
+PKGREVISION=	7
 CATEGORIES=	misc
 COMMENT=	Utilities for the KDE integrated X11 desktop
 
diff --git a/misc/kdeutils4/distinfo b/misc/kdeutils4/distinfo
index 790571117840..b7723e256f92 100644
--- a/misc/kdeutils4/distinfo
+++ b/misc/kdeutils4/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.14 2011/01/23 07:55:14 markd Exp $
+$NetBSD: distinfo,v 1.15 2011/11/20 02:10:58 markd Exp $
 
 SHA1 (kdeutils-4.5.5.tar.bz2) = f3bf2bd808e4540f6666cb9b26471a90f2c0135e
 RMD160 (kdeutils-4.5.5.tar.bz2) = 9a381df068d99b13f96ce9ef2e7f479fd453aaa4
 Size (kdeutils-4.5.5.tar.bz2) = 3818433 bytes
+SHA1 (patch-ark_part_part.cpp) = 83fb376f59c25530b3155fc1ba54f012b3c2fbbe
diff --git a/misc/kdeutils4/patches/patch-ark_part_part.cpp b/misc/kdeutils4/patches/patch-ark_part_part.cpp
new file mode 100644
index 000000000000..a88da592e228
--- /dev/null
+++ b/misc/kdeutils4/patches/patch-ark_part_part.cpp
@@ -0,0 +1,37 @@
+$NetBSD: patch-ark_part_part.cpp,v 1.1 2011/11/20 02:10:58 markd Exp $
+
+commit 6f6c0b18b3569ae2b5b6f65dc7ea626a8b7c03c0
+Author: Raphael Kubo da Costa <rakuco@FreeBSD.org>
+Date:   Mon Oct 17 20:40:01 2011 -0200
+
+    Fix directory traversal issue (CVE-2011-2725).
+    
+    Tim Brown from Nth Dimension noticed a possible traversal issue where
+    the previewer dialog would show (and then remove) the wrong file when
+    a maliciously crafted archive had a file previewed.
+    
+    We now do the same thing as infozip and filter out "../" from the
+    paths being previewed.
+
+diff --git a/part/part.cpp b/part/part.cpp
+index c213f01..b034fbf 100644
+--- ark/part/part.cpp
++++ ark/part/part.cpp
+@@ -504,8 +504,15 @@ void Part::slotPreviewExtracted(KJob *job)
+     if (!job->error()) {
+         const ArchiveEntry& entry =
+             m_model->entryForIndex(m_view->selectionModel()->currentIndex());
+-        const QString fullName =
+-            m_previewDir->name() + '/' + entry[ FileName ].toString();
++
++        QString fullName =
++            m_previewDir->name() + QLatin1Char('/') + entry[ FileName ].toString();
++
++        // Make sure a maliciously crafted archive with parent folders named ".." do
++        // not cause the previewed file path to be located outside the temporary
++        // directory, resulting in a directory traversal issue.
++        fullName.remove(QLatin1String("../"));
++
+         ArkViewer::view(fullName, widget());
+     } else {
+         KMessageBox::error(widget(), job->errorString());