CVE-2010-1000, bug 319719

Package-Manager: portage-2.2_rc67/cvs/Linux x86_64

5 files changed, 181 insertions, 2 deletions

diff --git a/kde-base/kget/ChangeLog b/kde-base/kget/ChangeLog
index f74978751cbf..f7b347b6a63f 100644
--- a/kde-base/kget/ChangeLog
+++ b/kde-base/kget/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for kde-base/kget
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kget/ChangeLog,v 1.158 2010/05/10 22:08:32 reavertm Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kget/ChangeLog,v 1.159 2010/05/14 15:49:06 reavertm Exp $
+
+*kget-4.3.5-r1 (14 May 2010)
+*kget-4.3.3-r1 (14 May 2010)
+
+  14 May 2010; Maciej Mrozowski <reavertm@gentoo.org> +kget-4.3.3-r1.ebuild,
+  +kget-4.3.5-r1.ebuild, +files/kget-4.3.5_CVE-2010-1000.patch:
+  CVE-2010-1000, bug 319719
 
 *kget-4.4.3-r1 (10 May 2010)
 *kget-4.4.2-r1 (10 May 2010)
diff --git a/kde-base/kget/Manifest b/kde-base/kget/Manifest
index 009244daa874..a53dd37f6b17 100644
--- a/kde-base/kget/Manifest
+++ b/kde-base/kget/Manifest
@@ -1,11 +1,14 @@
+AUX kget-4.3.5_CVE-2010-1000.patch 3074 RMD160 eebc63836dee7b84f53e94691b0e4afef163a637 SHA1 dc1b2af664fb4c74c018e9c6b02859b5c42ecd65 SHA256 0fd505cec01e928b55ec73ad7a6cfc33a30fb6f91ae47a4a19d9f5f71beecfa0
 AUX kget-4.4.3_CVE-2010-1000.patch 7534 RMD160 fb949345da07032b8054a3293525340ce23ecac9 SHA1 5604dfcf0ab6c5e98ba4a20a1971419abb85c608 SHA256 256ea5b2eeef1352db9591e1632128ef084ace13701d42c9694cd95f481818f4
 DIST kdenetwork-4.3.3.tar.bz2 7379886 RMD160 191dfbd73112b8194bcebf63c6e26abe9f6df299 SHA1 b842f0cfe629a597e74b367037d53d95215efc0c SHA256 dfb58714eb7a97175641f7ddd68cf52fe2ad628f75386958db4bd0a027890279
 DIST kdenetwork-4.3.5.tar.bz2 7384719 RMD160 fc631b631957ba49084c2b006d8cef35f2ea3435 SHA1 b94ad996624e170c3a3c3d3a82dd54ca7f2d7910 SHA256 32b1f3d8522bbf98ea141838e8ac9d63fe9a913a59a331ff61f0364b6f3f7ccf
 DIST kdenetwork-4.4.2.tar.bz2 8318434 RMD160 0ce46b379edb72fcdcba956fbe0d9be1026903eb SHA1 c76ffbae19941d800e3daee54e8fac991f1acec2 SHA256 a63828de08d4782b52f35f7b480a572f8f91db95223bcff41f7de0b07b5c3423
 DIST kdenetwork-4.4.3.tar.bz2 8319875 RMD160 90814afa79a259ee36b82ae160b64fe79c90a837 SHA1 67237e0142f5d4edc893a7dcafffa79f998c534e SHA256 8f79ec7084114434f30ae02d2b782e297859fe830c6bd048cf3b0494f7e94cdc
+EBUILD kget-4.3.3-r1.ebuild 1094 RMD160 0a7ce38e77e5af968a7f0881a47811d9aa5001bb SHA1 0766109eba37b8f988f0512f12481391b14f7908 SHA256 8098edacef494ce9b9f3e9c6d12f6851f782b2d4f38d95a7b374d580a8af9675
 EBUILD kget-4.3.3.ebuild 1021 RMD160 830a47ef2654c60b363f65b1050963283a94ad8b SHA1 56d18cd81d15555e071bc03eb0f75c581bc76698 SHA256 b9cad40fe8ee28c5f0a0ed37c3f3d07f0bc10af4385f49fb07d860de98ed567d
+EBUILD kget-4.3.5-r1.ebuild 1058 RMD160 452e62ea6c0fc0ab0f5e05bfa30bd28a5cd87508 SHA1 25644821a0287196a02464467c253faf235561fc SHA256 ebaf8428d6232bbe88e2b8acbd884f5bd2c022be8ae5d7623bbc8a0734328203
 EBUILD kget-4.3.5.ebuild 990 RMD160 f40d46934c1d05d9df59372ee8a43a33d486d043 SHA1 16e2e05211ddfdfc0b8dd2a1e2c8b5d35ed540d0 SHA256 46f5c996daae80179b73cc5f6418ea8106a2de894455cd79453245b020ad2f36
 EBUILD kget-4.4.2-r1.ebuild 1060 RMD160 d0d388a416b7361a1d563cbdb1b7076aba1d56f2 SHA1 876240075b248ae91064b1f595fe1d884386cbae SHA256 653da1bf1f2a4b8dff5a380c6ae7e53c991474d372b6a04c0cc078aaecf4419b
 EBUILD kget-4.4.3-r1.ebuild 1060 RMD160 acd1450b5cf35f90924ca782e5e6791ae400da6e SHA1 80cbcbf1c426b3a28ab9ebfc4b5a590535bd1a7c SHA256 afb1619efc7e367321ad4b545516bd50e6851ff4fb6860bd5daa3e5edd4d983f
-MISC ChangeLog 18273 RMD160 6482a01d748eff1179755313e6a102f54ffb1208 SHA1 7daf82bc544e99d565f585c6d1cdf87beccf86b3 SHA256 20e61f904b07a9b5534c34ea9a8e302613769a559b7f2cff9923b14156e033bc
+MISC ChangeLog 18502 RMD160 a617699decb39f173792e312b74f3ff3150688f5 SHA1 e2a228701b4254b71780c653ca7997e7c82d338f SHA256 375ed777168f6ce2d66f55f1abe639a7530daabb3287eae42a026b067551ae57
 MISC metadata.xml 156 RMD160 ecce3b981f150c45ae1e84e2d208e678d6124259 SHA1 b64f7c0b4e5db816d82ad19848f72118af129d35 SHA256 2f4da28506b9d4185f320f67a6191d30c7a921217ed4447ed46ea0bc4aefc79a
diff --git a/kde-base/kget/files/kget-4.3.5_CVE-2010-1000.patch b/kde-base/kget/files/kget-4.3.5_CVE-2010-1000.patch
new file mode 100644
index 000000000000..09b4bcb56ed7
--- /dev/null
+++ b/kde-base/kget/files/kget-4.3.5_CVE-2010-1000.patch
@@ -0,0 +1,88 @@
+Index: kget/transfer-plugins/metalink/metalinker.h
+===================================================================
+--- kget/transfer-plugins/metalink/metalinker.h	(revision 1126226)
++++ kget/transfer-plugins/metalink/metalinker.h	(revision 1126227)
+@@ -1,6 +1,7 @@
+ /* This file is part of the KDE project
+ 
+    Copyright (C) 2007 Manolo Valdes <nolis71cu@gmail.com>
++   Copyright (C) 2010 Matthias Fuchs <mat69@gmx.net>
+ 
+    This program is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public
+@@ -18,6 +19,14 @@
+ {
+     public:
+         MlinkFileData() {}
++
++        /**
++         * Controlls if the name attribute is valid, i.e. it is not empty and
++         * does not contain any directory traversal directives or information
++         * In case of faulty fileNames the MlinkFile gets discarded
++         */
++        bool isValidNameAttribute() const;
++
+         QString fileName;
+         QString md5;
+         QString sha256;
+Index: kget/transfer-plugins/metalink/metalinker.cpp
+===================================================================
+--- kget/transfer-plugins/metalink/metalinker.cpp	(revision 1126226)
++++ kget/transfer-plugins/metalink/metalinker.cpp	(revision 1126227)
+@@ -1,6 +1,7 @@
+ /* This file is part of the KDE project
+ 
+    Copyright (C) 2007 Manolo Valdes <nolis71cu@gmail.com>
++   Copyright (C) 2010 Matthias Fuchs <mat69@gmx.net>
+ 
+    This program is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public
+@@ -16,6 +17,21 @@
+ 
+ #include <QDomElement>
+ 
++bool MlinkFileData::isValidNameAttribute() const
++{
++    if (fileName.isEmpty()) {
++        kError(5001) << "Name attribute of Metalink::File is empty.";
++        return false;
++    }
++
++    if (fileName.contains(QRegExp("$(\\.\\.?)?/")) || fileName.contains("/../") || fileName.endsWith("/..")) {
++        kError(5001) << "Name attribute of Metalink::File contains directory traversal directives:" << fileName;
++        return false;
++    }
++
++    return true;
++}
++
+ Metalinker::Metalinker()
+ {
+ }
+@@ -36,13 +52,25 @@
+ 
+     kDebug(5001) << files.length() << " <file> tags found";
+ 
++    QStringList fileNames;
+     for( uint i=0 ; i < files.length() ; ++i )
+     {
+         QDomNode file = files.item(i);
+         MlinkFileData data;
+-        data.fileName = file.toElement().attribute("name");
++        data.fileName = QUrl::fromPercentEncoding(file.toElement().attribute("name").toAscii());
+         kDebug(5001) << "filename: "<< data.fileName;
++        if (!data.isValidNameAttribute()) {
++            fileData.clear();
++            return fileData;
++        }
+ 
++        if (fileNames.contains(data.fileName)) {
++            kError(5001) << "Metalink::File name" << data.fileName << "exists multiple times.";
++            fileData.clear();
++            return fileData;
++        }
++        fileNames << data.fileName;
++
+         QDomNodeList hashes = file.toElement().
+             elementsByTagName("verification").
+             item(0).toElement().elementsByTagName("hash");
diff --git a/kde-base/kget/kget-4.3.3-r1.ebuild b/kde-base/kget/kget-4.3.3-r1.ebuild
new file mode 100644
index 000000000000..bba33263ce0f
--- /dev/null
+++ b/kde-base/kget/kget-4.3.3-r1.ebuild
@@ -0,0 +1,40 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kget/kget-4.3.3-r1.ebuild,v 1.1 2010/05/14 15:49:06 reavertm Exp $
+
+EAPI="2"
+
+KMNAME="kdenetwork"
+inherit kde4-meta
+
+DESCRIPTION="An advanced download manager for KDE"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="debug +handbook +plasma +semantic-desktop sqlite"
+
+DEPEND="
+	app-crypt/qca:2
+	dev-libs/gmp
+	dev-libs/libpcre
+	$(add_kdebase_dep kdelibs 'semantic-desktop?')
+	$(add_kdebase_dep libkonq)
+	$(add_kdebase_dep libkworkspace)
+	sqlite? ( dev-db/sqlite:3 )
+"
+RDEPEND="${DEPEND}
+	semantic-desktop? ( $(add_kdebase_dep nepomuk) )
+"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-4.3.5_CVE-2010-1000.patch"
+)
+
+src_configure() {
+	mycmakeargs="${mycmakeargs}
+		-DENABLE_EMBEDDED_TORRENT_SUPPORT=ON -DWITH_KdeWebKit=OFF -DWITH_WebKitPart=OFF
+		$(cmake-utils_use_with plasma)
+		$(cmake-utils_use_with semantic-desktop Nepomuk)
+		$(cmake-utils_use_with semantic-desktop Soprano)
+		$(cmake-utils_use_with sqlite)"
+
+	kde4-meta_src_configure
+}
diff --git a/kde-base/kget/kget-4.3.5-r1.ebuild b/kde-base/kget/kget-4.3.5-r1.ebuild
new file mode 100644
index 000000000000..d4e105977ae7
--- /dev/null
+++ b/kde-base/kget/kget-4.3.5-r1.ebuild
@@ -0,0 +1,41 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kget/kget-4.3.5-r1.ebuild,v 1.1 2010/05/14 15:49:06 reavertm Exp $
+
+EAPI="2"
+
+KMNAME="kdenetwork"
+inherit kde4-meta
+
+DESCRIPTION="An advanced download manager for KDE"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="debug +handbook +plasma semantic-desktop sqlite"
+
+DEPEND="
+	app-crypt/qca:2
+	dev-libs/gmp
+	dev-libs/libpcre
+	$(add_kdebase_dep kdelibs 'semantic-desktop?')
+	$(add_kdebase_dep libkonq)
+	$(add_kdebase_dep libkworkspace)
+	sqlite? ( dev-db/sqlite:3 )
+"
+RDEPEND="${DEPEND}"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-4.3.5_CVE-2010-1000.patch"
+)
+
+src_configure() {
+	mycmakeargs=(
+		-DENABLE_EMBEDDED_TORRENT_SUPPORT=ON
+		-DWITH_KdeWebKit=OFF
+		-DWITH_WebKitPart=OFF
+		$(cmake-utils_use_with plasma)
+		$(cmake-utils_use_with semantic-desktop Nepomuk)
+		$(cmake-utils_use_with semantic-desktop Soprano)
+		$(cmake-utils_use_with sqlite)
+	)
+
+	kde4-meta_src_configure
+}