Page MenuHomeSolus
Differential D3394

Update quazip to 0.7.6 to address CVE-2018-1002209
ClosedPublic
Actions

Authored by kyrios123 on Jul 24 2018, 7:25 PM.
Tags
Referenced Files
F11003642: D3394.id8409.diff
Mon, Jul 31, 5:01 PM
F10973550: D3394.id8481.diff
Fri, Jul 21, 8:41 PM
F10970552: D3394.id8375.diff
Fri, Jul 21, 2:59 AM
F10964586: D3394.id8409.diff
Wed, Jul 19, 12:37 PM
F10958819: D3394.id8406.diff
Tue, Jul 18, 3:01 AM
F10932480: D3394.diff
Jul 12 2023, 2:24 AM
F10930555: D3394.diff
Jul 11 2023, 2:23 PM
F10837383: D3394.id8481.diff
Jun 9 2023, 2:33 AM
View All 13 Files
Subscribers
DataDrake

Details

Reviewers
DataDrake
Group Reviewers
Triage Team
Commits
R2770:ed269042c27d: Update quazip to 0.7.6 to address CVE-2018-1002209
Summary
  • Fixed the Zip Slip vulnerability in JlCompress
  • Renamed crypt.h to minizip_crypt.h to avoid conflicts
  • Fixed target_link_libraries call in CMakeLists
  • Removed Q_FOREACH uses to avoid conflicts
  • Static analysis patch from Intel Deutschland GmbH
  • Replaced UNUSED with QUAZIP_UNUSED to avoid name clashes
  • Minor bug fixes

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan

Needed to build qmapshack (ref. task T3229)

Diff Detail

Repository
R2770 quazip
Branch
master
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

kyrios123 created this revision.Jul 24 2018, 7:25 PM
Herald added a reviewer: Triage Team. · View Herald TranscriptJul 24 2018, 7:25 PM
kyrios123 requested review of this revision.Jul 24 2018, 7:25 PM
DataDrake requested changes to this revision.Jul 25 2018, 11:25 AM
DataDrake added a project: Requires Rebuilds.
DataDrake added a subscriber: DataDrake.

Need testing for:

  • cvassistant
  • nomacs
  • texstudio
  • tomahawk
This revision now requires changes to proceed.Jul 25 2018, 11:25 AM
kyrios123 added a child revision: D3400: Inclusion of qmapshack in the repository.Jul 25 2018, 11:48 AM
kyrios123 updated this revision to Diff 8406.Jul 25 2018, 4:32 PM

Remove static lib

kyrios123 added a child revision: D3406: Patch cvassistant for quazip.Jul 25 2018, 4:46 PM
kyrios123 retitled this revision from Update quazip to 0.7.6 to Update quazip to 0.7.6 to address CVE-2018-1002209.Jul 25 2018, 5:21 PM
kyrios123 added a project: Restricted Project.
kyrios123 updated this revision to Diff 8409.Jul 25 2018, 5:22 PM

With the patch uncommented it works better !

kyrios123 added a child revision: D3407: Patch texstudio for quazip.Jul 26 2018, 1:57 PM
kyrios123 added a child revision: D3408: Patch tomahawk for quazip.Jul 26 2018, 3:02 PM
kyrios123 added a child revision: D3409: Update nomacs to 3.10.2 & patch for quazip.Jul 26 2018, 3:53 PM
DataDrake accepted this revision.Jul 30 2018, 1:26 AM

LGTM. Thanks!

This revision is now accepted and ready to land.Jul 30 2018, 1:26 AM
Closed by commit R2770:ed269042c27d: Update quazip to 0.7.6 to address CVE-2018-1002209 (authored by kyrios123, committed by DataDrake). · Explain WhyJul 30 2018, 1:26 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
616 lines
files/
25 lines
16 lines
46 lines

Diff 8406

View Options

abi_symbols

Loading...
View Options

files/quazip-0.7.6-fix_static.patch

Loading...
View Options

package.yml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.