Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package vcmi The upload fixes a critical (causes dataloss) RC bug #863301 using a minimal patch supplied by upstream. Patch between the version of unstable and testing is attached. unblock vcmi/0.99+dfsg-2 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
diff -Nru vcmi-0.99+dfsg/debian/changelog vcmi-0.99+dfsg/debian/changelog --- vcmi-0.99+dfsg/debian/changelog 2016-11-08 13:35:01.000000000 +0100 +++ vcmi-0.99+dfsg/debian/changelog 2017-05-25 08:12:26.000000000 +0200 @@ -1,3 +1,10 @@ +vcmi (0.99+dfsg-2) unstable; urgency=medium + + * Add patch from upstream which makes sure that removing a mod cannot + accidentally recursively delete $HOME (closes: #863301) + + -- Johannes Schauer <[email protected]> Thu, 25 May 2017 08:12:26 +0200 + vcmi (0.99+dfsg-1) unstable; urgency=medium * new upstream release diff -Nru vcmi-0.99+dfsg/debian/patches/0001-Launcher-add-sanity-checks-for-QDir-removeRecursivel.patch vcmi-0.99+dfsg/debian/patches/0001-Launcher-add-sanity-checks-for-QDir-removeRecursivel.patch --- vcmi-0.99+dfsg/debian/patches/0001-Launcher-add-sanity-checks-for-QDir-removeRecursivel.patch 1970-01-01 01:00:00.000000000 +0100 +++ vcmi-0.99+dfsg/debian/patches/0001-Launcher-add-sanity-checks-for-QDir-removeRecursivel.patch 2017-05-25 08:12:26.000000000 +0200 @@ -0,0 +1,72 @@ +From 5d8e943787666543df6b858c001ab4e59b09fe2d Mon Sep 17 00:00:00 2001 +From: Arseniy Shestakov <[email protected]> +Date: Thu, 25 May 2017 03:03:02 +0300 +Subject: [PATCH] Launcher: add sanity checks for QDir::removeRecursively. + Issue 2673 + +I'm not always fail to uninstall mod, but when I do I remove $HOME +Bumblebee developers should be proud of us... +--- + launcher/modManager/cmodmanager.cpp | 22 ++++++++++++++++++++-- + launcher/modManager/cmodmanager.h | 1 + + 2 files changed, 21 insertions(+), 2 deletions(-) + +diff --git a/launcher/modManager/cmodmanager.cpp b/launcher/modManager/cmodmanager.cpp +index 59fd7faf..99a3df32 100644 +--- a/launcher/modManager/cmodmanager.cpp ++++ b/launcher/modManager/cmodmanager.cpp +@@ -245,7 +245,7 @@ bool CModManager::doInstallMod(QString modname, QString archivePath) + + if (!ZipArchive::extract(qstringToPath(archivePath), qstringToPath(destDir))) + { +- QDir(destDir + modDirName).removeRecursively(); ++ removeModDir(destDir + modDirName); + return addError(modname, "Failed to extract mod data"); + } + +@@ -270,7 +270,7 @@ bool CModManager::doUninstallMod(QString modname) + if (!localMods.contains(modname)) + return addError(modname, "Data with this mod was not found"); + +- if (!QDir(modDir).removeRecursively()) ++ if (!removeModDir(modDir)) + return addError(modname, "Failed to delete mod data"); + + localMods.remove(modname); +@@ -279,3 +279,21 @@ bool CModManager::doUninstallMod(QString modname) + + return true; + } ++ ++bool CModManager::removeModDir(QString path) ++{ ++ // issues 2673 and 2680 its why you do not recursively remove without sanity check ++ QDir checkDir(path); ++ if(!checkDir.cdUp() || QString::compare("Mods", checkDir.dirName(), Qt::CaseInsensitive)) ++ return false; ++ if(!checkDir.cdUp() || QString::compare("vcmi", checkDir.dirName(), Qt::CaseInsensitive)) ++ return false; ++ ++ QDir dir(path); ++ if(!dir.absolutePath().contains("vcmi", Qt::CaseInsensitive)) ++ return false; ++ if(!dir.absolutePath().contains("Mods", Qt::CaseInsensitive)) ++ return false; ++ ++ return dir.removeRecursively(); ++} +diff --git a/launcher/modManager/cmodmanager.h b/launcher/modManager/cmodmanager.h +index 800db6b5..b759ef06 100644 +--- a/launcher/modManager/cmodmanager.h ++++ b/launcher/modManager/cmodmanager.h +@@ -18,6 +18,7 @@ class CModManager + + QStringList recentErrors; + bool addError(QString modname, QString message); ++ bool removeModDir(QString mod); + public: + CModManager(CModList * modList); + +-- +2.11.0 + diff -Nru vcmi-0.99+dfsg/debian/patches/series vcmi-0.99+dfsg/debian/patches/series --- vcmi-0.99+dfsg/debian/patches/series 2016-11-08 13:33:57.000000000 +0100 +++ vcmi-0.99+dfsg/debian/patches/series 2017-05-25 08:12:26.000000000 +0200 @@ -1,3 +1,4 @@ disable-privacy-breach minizip_maxu32 fix-spelling +0001-Launcher-add-sanity-checks-for-QDir-removeRecursivel.patch
