diff options
| author |   Maciej Mrozowski <reavertm@gentoo.org> | 2010-05-14 15:49:06 +0000 |
|---|---|---|
| committer | Maciej Mrozowski <reavertm@gentoo.org> | 2010-05-14 15:49:06 +0000 |
| commit | ddef7831d75acf27d6a52e30def2e072848ffc7c (patch) | |
| tree | 0495e741d107933953cadc5aa55f22ee0791cee9 | |
| parent | Marked ~hppa (bug #317877). (diff) | |
| download | gentoo-2-ddef7831d75acf27d6a52e30def2e072848ffc7c.tar.gz gentoo-2-ddef7831d75acf27d6a52e30def2e072848ffc7c.tar.bz2 gentoo-2-ddef7831d75acf27d6a52e30def2e072848ffc7c.zip | |
CVE-2010-1000, bug 319719
(Portage version: 2.2_rc67/cvs/Linux x86_64)
| -rw-r--r-- | kde-base/kget/ChangeLog | 9 | ||||
| -rw-r--r-- | kde-base/kget/files/kget-4.3.5_CVE-2010-1000.patch | 88 | ||||
| -rw-r--r-- | kde-base/kget/kget-4.3.3-r1.ebuild | 40 | ||||
| -rw-r--r-- | kde-base/kget/kget-4.3.5-r1.ebuild | 41 |
4 files changed, 177 insertions, 1 deletions
diff --git a/kde-base/kget/ChangeLog b/kde-base/kget/ChangeLog index f74978751cbf..f7b347b6a63f 100644 --- a/kde-base/kget/ChangeLog +++ b/kde-base/kget/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for kde-base/kget # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/kde-base/kget/ChangeLog,v 1.158 2010/05/10 22:08:32 reavertm Exp $ +# $Header: /var/cvsroot/gentoo-x86/kde-base/kget/ChangeLog,v 1.159 2010/05/14 15:49:06 reavertm Exp $ + +*kget-4.3.5-r1 (14 May 2010) +*kget-4.3.3-r1 (14 May 2010) + + 14 May 2010; Maciej Mrozowski <reavertm@gentoo.org> +kget-4.3.3-r1.ebuild, + +kget-4.3.5-r1.ebuild, +files/kget-4.3.5_CVE-2010-1000.patch: + CVE-2010-1000, bug 319719 *kget-4.4.3-r1 (10 May 2010) *kget-4.4.2-r1 (10 May 2010) diff --git a/kde-base/kget/files/kget-4.3.5_CVE-2010-1000.patch b/kde-base/kget/files/kget-4.3.5_CVE-2010-1000.patch new file mode 100644 index 000000000000..09b4bcb56ed7 --- /dev/null +++ b/kde-base/kget/files/kget-4.3.5_CVE-2010-1000.patch @@ -0,0 +1,88 @@ +Index: kget/transfer-plugins/metalink/metalinker.h +=================================================================== +--- kget/transfer-plugins/metalink/metalinker.h (revision 1126226) ++++ kget/transfer-plugins/metalink/metalinker.h (revision 1126227) +@@ -1,6 +1,7 @@ + /* This file is part of the KDE project + + Copyright (C) 2007 Manolo Valdes <nolis71cu@gmail.com> ++ Copyright (C) 2010 Matthias Fuchs <mat69@gmx.net> + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public +@@ -18,6 +19,14 @@ + { + public: + MlinkFileData() {} ++ ++ /** ++ * Controlls if the name attribute is valid, i.e. it is not empty and ++ * does not contain any directory traversal directives or information ++ * In case of faulty fileNames the MlinkFile gets discarded ++ */ ++ bool isValidNameAttribute() const; ++ + QString fileName; + QString md5; + QString sha256; +Index: kget/transfer-plugins/metalink/metalinker.cpp +=================================================================== +--- kget/transfer-plugins/metalink/metalinker.cpp (revision 1126226) ++++ kget/transfer-plugins/metalink/metalinker.cpp (revision 1126227) +@@ -1,6 +1,7 @@ + /* This file is part of the KDE project + + Copyright (C) 2007 Manolo Valdes <nolis71cu@gmail.com> ++ Copyright (C) 2010 Matthias Fuchs <mat69@gmx.net> + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public +@@ -16,6 +17,21 @@ + + #include <QDomElement> + ++bool MlinkFileData::isValidNameAttribute() const ++{ ++ if (fileName.isEmpty()) { ++ kError(5001) << "Name attribute of Metalink::File is empty."; ++ return false; ++ } ++ ++ if (fileName.contains(QRegExp("$(\\.\\.?)?/")) || fileName.contains("/../") || fileName.endsWith("/..")) { ++ kError(5001) << "Name attribute of Metalink::File contains directory traversal directives:" << fileName; ++ return false; ++ } ++ ++ return true; ++} ++ + Metalinker::Metalinker() + { + } +@@ -36,13 +52,25 @@ + + kDebug(5001) << files.length() << " <file> tags found"; + ++ QStringList fileNames; + for( uint i=0 ; i < files.length() ; ++i ) + { + QDomNode file = files.item(i); + MlinkFileData data; +- data.fileName = file.toElement().attribute("name"); ++ data.fileName = QUrl::fromPercentEncoding(file.toElement().attribute("name").toAscii()); + kDebug(5001) << "filename: "<< data.fileName; ++ if (!data.isValidNameAttribute()) { ++ fileData.clear(); ++ return fileData; ++ } + ++ if (fileNames.contains(data.fileName)) { ++ kError(5001) << "Metalink::File name" << data.fileName << "exists multiple times."; ++ fileData.clear(); ++ return fileData; ++ } ++ fileNames << data.fileName; ++ + QDomNodeList hashes = file.toElement(). + elementsByTagName("verification"). + item(0).toElement().elementsByTagName("hash"); diff --git a/kde-base/kget/kget-4.3.3-r1.ebuild b/kde-base/kget/kget-4.3.3-r1.ebuild new file mode 100644 index 000000000000..bba33263ce0f --- /dev/null +++ b/kde-base/kget/kget-4.3.3-r1.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/kde-base/kget/kget-4.3.3-r1.ebuild,v 1.1 2010/05/14 15:49:06 reavertm Exp $ + +EAPI="2" + +KMNAME="kdenetwork" +inherit kde4-meta + +DESCRIPTION="An advanced download manager for KDE" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" +IUSE="debug +handbook +plasma +semantic-desktop sqlite" + +DEPEND=" + app-crypt/qca:2 + dev-libs/gmp + dev-libs/libpcre + $(add_kdebase_dep kdelibs 'semantic-desktop?') + $(add_kdebase_dep libkonq) + $(add_kdebase_dep libkworkspace) + sqlite? ( dev-db/sqlite:3 ) +" +RDEPEND="${DEPEND} + semantic-desktop? ( $(add_kdebase_dep nepomuk) ) +" + +PATCHES=( + "${FILESDIR}/${PN}-4.3.5_CVE-2010-1000.patch" +) + +src_configure() { + mycmakeargs="${mycmakeargs} + -DENABLE_EMBEDDED_TORRENT_SUPPORT=ON -DWITH_KdeWebKit=OFF -DWITH_WebKitPart=OFF + $(cmake-utils_use_with plasma) + $(cmake-utils_use_with semantic-desktop Nepomuk) + $(cmake-utils_use_with semantic-desktop Soprano) + $(cmake-utils_use_with sqlite)" + + kde4-meta_src_configure +} diff --git a/kde-base/kget/kget-4.3.5-r1.ebuild b/kde-base/kget/kget-4.3.5-r1.ebuild new file mode 100644 index 000000000000..d4e105977ae7 --- /dev/null +++ b/kde-base/kget/kget-4.3.5-r1.ebuild @@ -0,0 +1,41 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/kde-base/kget/kget-4.3.5-r1.ebuild,v 1.1 2010/05/14 15:49:06 reavertm Exp $ + +EAPI="2" + +KMNAME="kdenetwork" +inherit kde4-meta + +DESCRIPTION="An advanced download manager for KDE" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux" +IUSE="debug +handbook +plasma semantic-desktop sqlite" + +DEPEND=" + app-crypt/qca:2 + dev-libs/gmp + dev-libs/libpcre + $(add_kdebase_dep kdelibs 'semantic-desktop?') + $(add_kdebase_dep libkonq) + $(add_kdebase_dep libkworkspace) + sqlite? ( dev-db/sqlite:3 ) +" +RDEPEND="${DEPEND}" + +PATCHES=( + "${FILESDIR}/${PN}-4.3.5_CVE-2010-1000.patch" +) + +src_configure() { + mycmakeargs=( + -DENABLE_EMBEDDED_TORRENT_SUPPORT=ON + -DWITH_KdeWebKit=OFF + -DWITH_WebKitPart=OFF + $(cmake-utils_use_with plasma) + $(cmake-utils_use_with semantic-desktop Nepomuk) + $(cmake-utils_use_with semantic-desktop Soprano) + $(cmake-utils_use_with sqlite) + ) + + kde4-meta_src_configure +} |