Your message dated Thu, 25 May 2017 20:42:00 +0000
with message-id <cf11d3a8-ddf1-1f63-3424-9ea4de28a...@thykier.net>
and subject line Re: Bug#863335: unblock: vcmi/0.99+dfsg-2
has caused the Debian Bug report #863335,
regarding unblock: vcmi/0.99+dfsg-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
863335: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863335
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package vcmi
The upload fixes a critical (causes dataloss) RC bug #863301 using a
minimal patch supplied by upstream.
Patch between the version of unstable and testing is attached.
unblock vcmi/0.99+dfsg-2
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf
Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru vcmi-0.99+dfsg/debian/changelog vcmi-0.99+dfsg/debian/changelog
--- vcmi-0.99+dfsg/debian/changelog 2016-11-08 13:35:01.000000000 +0100
+++ vcmi-0.99+dfsg/debian/changelog 2017-05-25 08:12:26.000000000 +0200
@@ -1,3 +1,10 @@
+vcmi (0.99+dfsg-2) unstable; urgency=medium
+
+ * Add patch from upstream which makes sure that removing a mod cannot
+ accidentally recursively delete $HOME (closes: #863301)
+
+ -- Johannes Schauer <jo...@debian.org> Thu, 25 May 2017 08:12:26 +0200
+
vcmi (0.99+dfsg-1) unstable; urgency=medium
* new upstream release
diff -Nru
vcmi-0.99+dfsg/debian/patches/0001-Launcher-add-sanity-checks-for-QDir-removeRecursivel.patch
vcmi-0.99+dfsg/debian/patches/0001-Launcher-add-sanity-checks-for-QDir-removeRecursivel.patch
---
vcmi-0.99+dfsg/debian/patches/0001-Launcher-add-sanity-checks-for-QDir-removeRecursivel.patch
1970-01-01 01:00:00.000000000 +0100
+++
vcmi-0.99+dfsg/debian/patches/0001-Launcher-add-sanity-checks-for-QDir-removeRecursivel.patch
2017-05-25 08:12:26.000000000 +0200
@@ -0,0 +1,72 @@
+From 5d8e943787666543df6b858c001ab4e59b09fe2d Mon Sep 17 00:00:00 2001
+From: Arseniy Shestakov <m...@arseniyshestakov.com>
+Date: Thu, 25 May 2017 03:03:02 +0300
+Subject: [PATCH] Launcher: add sanity checks for QDir::removeRecursively.
+ Issue 2673
+
+I'm not always fail to uninstall mod, but when I do I remove $HOME
+Bumblebee developers should be proud of us...
+---
+ launcher/modManager/cmodmanager.cpp | 22 ++++++++++++++++++++--
+ launcher/modManager/cmodmanager.h | 1 +
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/launcher/modManager/cmodmanager.cpp
b/launcher/modManager/cmodmanager.cpp
+index 59fd7faf..99a3df32 100644
+--- a/launcher/modManager/cmodmanager.cpp
++++ b/launcher/modManager/cmodmanager.cpp
+@@ -245,7 +245,7 @@ bool CModManager::doInstallMod(QString modname, QString
archivePath)
+
+ if (!ZipArchive::extract(qstringToPath(archivePath),
qstringToPath(destDir)))
+ {
+- QDir(destDir + modDirName).removeRecursively();
++ removeModDir(destDir + modDirName);
+ return addError(modname, "Failed to extract mod data");
+ }
+
+@@ -270,7 +270,7 @@ bool CModManager::doUninstallMod(QString modname)
+ if (!localMods.contains(modname))
+ return addError(modname, "Data with this mod was not found");
+
+- if (!QDir(modDir).removeRecursively())
++ if (!removeModDir(modDir))
+ return addError(modname, "Failed to delete mod data");
+
+ localMods.remove(modname);
+@@ -279,3 +279,21 @@ bool CModManager::doUninstallMod(QString modname)
+
+ return true;
+ }
++
++bool CModManager::removeModDir(QString path)
++{
++ // issues 2673 and 2680 its why you do not recursively remove without
sanity check
++ QDir checkDir(path);
++ if(!checkDir.cdUp() || QString::compare("Mods", checkDir.dirName(),
Qt::CaseInsensitive))
++ return false;
++ if(!checkDir.cdUp() || QString::compare("vcmi", checkDir.dirName(),
Qt::CaseInsensitive))
++ return false;
++
++ QDir dir(path);
++ if(!dir.absolutePath().contains("vcmi", Qt::CaseInsensitive))
++ return false;
++ if(!dir.absolutePath().contains("Mods", Qt::CaseInsensitive))
++ return false;
++
++ return dir.removeRecursively();
++}
+diff --git a/launcher/modManager/cmodmanager.h
b/launcher/modManager/cmodmanager.h
+index 800db6b5..b759ef06 100644
+--- a/launcher/modManager/cmodmanager.h
++++ b/launcher/modManager/cmodmanager.h
+@@ -18,6 +18,7 @@ class CModManager
+
+ QStringList recentErrors;
+ bool addError(QString modname, QString message);
++ bool removeModDir(QString mod);
+ public:
+ CModManager(CModList * modList);
+
+--
+2.11.0
+
diff -Nru vcmi-0.99+dfsg/debian/patches/series
vcmi-0.99+dfsg/debian/patches/series
--- vcmi-0.99+dfsg/debian/patches/series 2016-11-08 13:33:57.000000000
+0100
+++ vcmi-0.99+dfsg/debian/patches/series 2017-05-25 08:12:26.000000000
+0200
@@ -1,3 +1,4 @@
disable-privacy-breach
minizip_maxu32
fix-spelling
+0001-Launcher-add-sanity-checks-for-QDir-removeRecursivel.patch
--- End Message ---
--- Begin Message ---
Johannes Schauer:
> Package: release.debian.org
> Severity: normal
> User: release.debian....@packages.debian.org
> Usertags: unblock
>
> Please unblock package vcmi
>
> The upload fixes a critical (causes dataloss) RC bug #863301 using a
> minimal patch supplied by upstream.
>
> Patch between the version of unstable and testing is attached.
>
> unblock vcmi/0.99+dfsg-2
>
> [...]
Unblocked, thanks.
~Niels
--- End Message ---
