[vcmi] 01/02: Add patch from upstream which makes sure that removing a mod cannot accidentally recursively delete $HOME

Johannes Schauer josch at moszumanska.debian.org
Thu May 25 07:05:18 UTC 2017 

This is an automated email from the git hooks/post-receive script.

josch pushed a commit to branch master
in repository vcmi.

commit 4d970d92a2d565e2f0e9b35e31c0ddcf3b4761f7
Author: Johannes Schauer <josch at debian.org>
Date:   Thu May 25 08:08:41 2017 +0200

    Add patch from upstream which makes sure that removing a mod cannot accidentally recursively delete $HOME
---
 debian/changelog                                   |  7 +++
 ...d-sanity-checks-for-QDir-removeRecursivel.patch | 72 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 80 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 5f7f05e..a12d64d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+vcmi (0.99+dfsg-2) UNRELEASED; urgency=medium
+
+  * Add patch from upstream which makes sure that removing a mod cannot
+    accidentally recursively delete $HOME (closes: #863301)
+
+ -- Johannes Schauer <josch at debian.org>  Thu, 25 May 2017 08:04:15 +0200
+
 vcmi (0.99+dfsg-1) unstable; urgency=medium
 
   * new upstream release
diff --git a/debian/patches/0001-Launcher-add-sanity-checks-for-QDir-removeRecursivel.patch b/debian/patches/0001-Launcher-add-sanity-checks-for-QDir-removeRecursivel.patch
new file mode 100644
index 0000000..c4847d3
--- /dev/null
+++ b/debian/patches/0001-Launcher-add-sanity-checks-for-QDir-removeRecursivel.patch
@@ -0,0 +1,72 @@
+From 5d8e943787666543df6b858c001ab4e59b09fe2d Mon Sep 17 00:00:00 2001
+From: Arseniy Shestakov <me at arseniyshestakov.com>
+Date: Thu, 25 May 2017 03:03:02 +0300
+Subject: [PATCH] Launcher: add sanity checks for QDir::removeRecursively.
+ Issue 2673
+
+I'm not always fail to uninstall mod, but when I do I remove $HOME
+Bumblebee developers should be proud of us...
+---
+ launcher/modManager/cmodmanager.cpp | 22 ++++++++++++++++++++--
+ launcher/modManager/cmodmanager.h   |  1 +
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/launcher/modManager/cmodmanager.cpp b/launcher/modManager/cmodmanager.cpp
+index 59fd7faf..99a3df32 100644
+--- a/launcher/modManager/cmodmanager.cpp
++++ b/launcher/modManager/cmodmanager.cpp
+@@ -245,7 +245,7 @@ bool CModManager::doInstallMod(QString modname, QString archivePath)
+ 
+ 	if (!ZipArchive::extract(qstringToPath(archivePath), qstringToPath(destDir)))
+ 	{
+-		QDir(destDir + modDirName).removeRecursively();
++		removeModDir(destDir + modDirName);
+ 		return addError(modname, "Failed to extract mod data");
+ 	}
+ 
+@@ -270,7 +270,7 @@ bool CModManager::doUninstallMod(QString modname)
+ 	if (!localMods.contains(modname))
+ 		return addError(modname, "Data with this mod was not found");
+ 
+-	if (!QDir(modDir).removeRecursively())
++	if (!removeModDir(modDir))
+ 		return addError(modname, "Failed to delete mod data");
+ 
+ 	localMods.remove(modname);
+@@ -279,3 +279,21 @@ bool CModManager::doUninstallMod(QString modname)
+ 
+ 	return true;
+ }
++
++bool CModManager::removeModDir(QString path)
++{
++	// issues 2673 and 2680 its why you do not recursively remove without sanity check
++	QDir checkDir(path);
++	if(!checkDir.cdUp() || QString::compare("Mods", checkDir.dirName(), Qt::CaseInsensitive))
++		return false;
++	if(!checkDir.cdUp() || QString::compare("vcmi", checkDir.dirName(), Qt::CaseInsensitive))
++		return false;
++
++	QDir dir(path);
++	if(!dir.absolutePath().contains("vcmi", Qt::CaseInsensitive))
++		return false;
++	if(!dir.absolutePath().contains("Mods", Qt::CaseInsensitive))
++		return false;
++
++	return dir.removeRecursively();
++}
+diff --git a/launcher/modManager/cmodmanager.h b/launcher/modManager/cmodmanager.h
+index 800db6b5..b759ef06 100644
+--- a/launcher/modManager/cmodmanager.h
++++ b/launcher/modManager/cmodmanager.h
+@@ -18,6 +18,7 @@ class CModManager
+ 
+ 	QStringList recentErrors;
+ 	bool addError(QString modname, QString message);
++	bool removeModDir(QString mod);
+ public:
+ 	CModManager(CModList * modList);
+ 
+-- 
+2.11.0
+
diff --git a/debian/patches/series b/debian/patches/series
index 40435f7..f426026 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 disable-privacy-breach
 minizip_maxu32
 fix-spelling
+0001-Launcher-add-sanity-checks-for-QDir-removeRecursivel.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/vcmi.git

More information about the Pkg-games-commits mailing list