1 |
commit: b77bfbf1331d5dfcce3cf6ebe084a76197238767 |
2 |
Author: Michael Palimaka <kensington <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Nov 2 11:25:46 2016 +0000 |
4 |
Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Nov 2 11:28:38 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b77bfbf1 |
7 |
|
8 |
kde-frameworks/kcoreaddons: backport additional commits from upstream to resolve CVE-2016-7966 |
9 |
|
10 |
Gentoo-bug: 596224 |
11 |
|
12 |
Package-Manager: portage-2.3.2 |
13 |
|
14 |
.../kcoreaddons-5.26.0-CVE-2016-7966-r1.patch | 342 +++++++++++++++++++++ |
15 |
.../files/kcoreaddons-5.27.0-CVE-2016-7966.patch | 117 +++++++ |
16 |
...-5.27.0.ebuild => kcoreaddons-5.26.0-r2.ebuild} | 2 + |
17 |
...-5.27.0.ebuild => kcoreaddons-5.27.0-r1.ebuild} | 2 + |
18 |
4 files changed, 463 insertions(+) |
19 |
|
20 |
diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch |
21 |
new file mode 100644 |
22 |
index 00000000..92e255a |
23 |
--- /dev/null |
24 |
+++ b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch |
25 |
@@ -0,0 +1,342 @@ |
26 |
+From 2a5142fecf8615ccfa3e7c1f9c088fa6ae5cc2a1 Mon Sep 17 00:00:00 2001 |
27 |
+From: Montel Laurent <montel@×××.org> |
28 |
+Date: Wed, 21 Sep 2016 07:24:30 +0200 |
29 |
+Subject: [PATCH 1/2] Fix very old bug when we remove space in url as "foo |
30 |
+ <<url> <url>>" |
31 |
+ |
32 |
+--- |
33 |
+ autotests/ktexttohtmltest.cpp | 14 ++++++++++++++ |
34 |
+ src/lib/text/ktexttohtml.cpp | 14 ++++++++++++-- |
35 |
+ 2 files changed, 26 insertions(+), 2 deletions(-) |
36 |
+ |
37 |
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp |
38 |
+index 474f0ca..8fc0c56 100644 |
39 |
+--- a/autotests/ktexttohtmltest.cpp |
40 |
++++ b/autotests/ktexttohtmltest.cpp |
41 |
+@@ -30,6 +30,15 @@ QTEST_MAIN(KTextToHTMLTest) |
42 |
+ |
43 |
+ Q_DECLARE_METATYPE(KTextToHTML::Options) |
44 |
+ |
45 |
++#ifndef Q_OS_WIN |
46 |
++void initLocale() |
47 |
++{ |
48 |
++ setenv("LC_ALL", "en_US.utf-8", 1); |
49 |
++} |
50 |
++Q_CONSTRUCTOR_FUNCTION(initLocale) |
51 |
++#endif |
52 |
++ |
53 |
++ |
54 |
+ void KTextToHTMLTest::testGetEmailAddress() |
55 |
+ { |
56 |
+ // empty input |
57 |
+@@ -372,6 +381,11 @@ void KTextToHTMLTest::testHtmlConvert_data() |
58 |
+ QTest::newRow("url-in-parenthesis-3") << "bla (http://www.kde.org - section 5.2)" |
59 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
60 |
+ << "bla (<a href=\"http://www.kde.org\">http://www.kde.org</a> - section 5.2)"; |
61 |
++ |
62 |
++ // Fix url as foo <<url> <url>> when we concatened them. |
63 |
++ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>" |
64 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
65 |
++ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>"; |
66 |
+ } |
67 |
+ |
68 |
+ |
69 |
+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp |
70 |
+index 8ed923d..b181f56 100644 |
71 |
+--- a/src/lib/text/ktexttohtml.cpp |
72 |
++++ b/src/lib/text/ktexttohtml.cpp |
73 |
+@@ -228,11 +228,19 @@ QString KTextToHTMLHelper::getUrl() |
74 |
+ |
75 |
+ url.reserve(mMaxUrlLen); // avoid allocs |
76 |
+ int start = mPos; |
77 |
++ bool previousCharIsSpace = false; |
78 |
+ while ((mPos < mText.length()) && |
79 |
+ (mText[mPos].isPrint() || mText[mPos].isSpace()) && |
80 |
+ ((afterUrl.isNull() && !mText[mPos].isSpace()) || |
81 |
+ (!afterUrl.isNull() && mText[mPos] != afterUrl))) { |
82 |
+- if (!mText[mPos].isSpace()) { // skip whitespace |
83 |
++ if (mText[mPos].isSpace()) { |
84 |
++ previousCharIsSpace = true; |
85 |
++ } else { // skip whitespace |
86 |
++ if (previousCharIsSpace && mText[mPos] == QLatin1Char('<')) { |
87 |
++ url.append(QLatin1Char(' ')); |
88 |
++ break; |
89 |
++ } |
90 |
++ previousCharIsSpace = false; |
91 |
+ url.append(mText[mPos]); |
92 |
+ if (url.length() > mMaxUrlLen) { |
93 |
+ break; |
94 |
+@@ -267,7 +275,6 @@ QString KTextToHTMLHelper::getUrl() |
95 |
+ } |
96 |
+ } while (url.length() > 1); |
97 |
+ } |
98 |
+- |
99 |
+ return url; |
100 |
+ } |
101 |
+ |
102 |
+@@ -334,6 +341,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
103 |
+ QChar ch; |
104 |
+ int x; |
105 |
+ bool startOfLine = true; |
106 |
++ //qDebug()<<" plainText"<<plainText; |
107 |
+ |
108 |
+ for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length(); |
109 |
+ ++helper.mPos, ++x) { |
110 |
+@@ -402,6 +410,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
111 |
+ const int start = helper.mPos; |
112 |
+ if (!(flags & IgnoreUrls)) { |
113 |
+ str = helper.getUrl(); |
114 |
++ //qDebug()<<" str"<<str; |
115 |
+ if (!str.isEmpty()) { |
116 |
+ QString hyperlink; |
117 |
+ if (str.left(4) == QLatin1String("www.")) { |
118 |
+@@ -455,6 +464,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
119 |
+ |
120 |
+ result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude); |
121 |
+ } |
122 |
++ //qDebug()<<" result "<<result; |
123 |
+ |
124 |
+ return result; |
125 |
+ } |
126 |
+-- |
127 |
+2.7.3 |
128 |
+ |
129 |
+From aa9281b7f95ce970603645d79f6f275d1ae7d2ed Mon Sep 17 00:00:00 2001 |
130 |
+From: Montel Laurent <montel@×××.org> |
131 |
+Date: Fri, 30 Sep 2016 13:21:45 +0200 |
132 |
+Subject: [PATCH 2/2] Don't convert as url an url which has a " |
133 |
+ |
134 |
+--- |
135 |
+ autotests/ktexttohtmltest.cpp | 6 ++++++ |
136 |
+ src/lib/text/ktexttohtml.cpp | 25 +++++++++++++++++++------ |
137 |
+ src/lib/text/ktexttohtml_p.h | 2 +- |
138 |
+ 3 files changed, 26 insertions(+), 7 deletions(-) |
139 |
+ |
140 |
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp |
141 |
+index 8fc0c56..c5690e8 100644 |
142 |
+--- a/autotests/ktexttohtmltest.cpp |
143 |
++++ b/autotests/ktexttohtmltest.cpp |
144 |
+@@ -386,6 +386,12 @@ void KTextToHTMLTest::testHtmlConvert_data() |
145 |
+ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>" |
146 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
147 |
+ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>"; |
148 |
++ |
149 |
++ //Fix url exploit |
150 |
++ QTest::newRow("url-exec-html") << "https://\"><!--" |
151 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
152 |
++ << "https://\"><!--"; |
153 |
++ |
154 |
+ } |
155 |
+ |
156 |
+ |
157 |
+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp |
158 |
+index b181f56..09b2483 100644 |
159 |
+--- a/src/lib/text/ktexttohtml.cpp |
160 |
++++ b/src/lib/text/ktexttohtml.cpp |
161 |
+@@ -156,7 +156,6 @@ bool KTextToHTMLHelper::atUrl() |
162 |
+ (allowedSpecialChars.indexOf(mText[mPos - 1]) != -1))) { |
163 |
+ return false; |
164 |
+ } |
165 |
+- |
166 |
+ QChar ch = mText[mPos]; |
167 |
+ return |
168 |
+ (ch == QLatin1Char('h') && (mText.mid(mPos, 7) == QLatin1String("http://") || |
169 |
+@@ -192,7 +191,7 @@ bool KTextToHTMLHelper::isEmptyUrl(const QString &url) |
170 |
+ url == QLatin1String("news://"); |
171 |
+ } |
172 |
+ |
173 |
+-QString KTextToHTMLHelper::getUrl() |
174 |
++QString KTextToHTMLHelper::getUrl(bool *badurl) |
175 |
+ { |
176 |
+ QString url; |
177 |
+ if (atUrl()) { |
178 |
+@@ -229,6 +228,7 @@ QString KTextToHTMLHelper::getUrl() |
179 |
+ url.reserve(mMaxUrlLen); // avoid allocs |
180 |
+ int start = mPos; |
181 |
+ bool previousCharIsSpace = false; |
182 |
++ bool previousCharIsADoubleQuote = false; |
183 |
+ while ((mPos < mText.length()) && |
184 |
+ (mText[mPos].isPrint() || mText[mPos].isSpace()) && |
185 |
+ ((afterUrl.isNull() && !mText[mPos].isSpace()) || |
186 |
+@@ -241,6 +241,18 @@ QString KTextToHTMLHelper::getUrl() |
187 |
+ break; |
188 |
+ } |
189 |
+ previousCharIsSpace = false; |
190 |
++ if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) { |
191 |
++ //it's an invalid url |
192 |
++ if (badurl) { |
193 |
++ *badurl = true; |
194 |
++ } |
195 |
++ return QString(); |
196 |
++ } |
197 |
++ if (mText[mPos] == QLatin1Char('"')) { |
198 |
++ previousCharIsADoubleQuote = true; |
199 |
++ } else { |
200 |
++ previousCharIsADoubleQuote = false; |
201 |
++ } |
202 |
+ url.append(mText[mPos]); |
203 |
+ if (url.length() > mMaxUrlLen) { |
204 |
+ break; |
205 |
+@@ -341,7 +353,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
206 |
+ QChar ch; |
207 |
+ int x; |
208 |
+ bool startOfLine = true; |
209 |
+- //qDebug()<<" plainText"<<plainText; |
210 |
+ |
211 |
+ for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length(); |
212 |
+ ++helper.mPos, ++x) { |
213 |
+@@ -409,8 +420,11 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
214 |
+ } else { |
215 |
+ const int start = helper.mPos; |
216 |
+ if (!(flags & IgnoreUrls)) { |
217 |
+- str = helper.getUrl(); |
218 |
+- //qDebug()<<" str"<<str; |
219 |
++ bool badUrl = false; |
220 |
++ str = helper.getUrl(&badUrl); |
221 |
++ if (badUrl) { |
222 |
++ return helper.mText; |
223 |
++ } |
224 |
+ if (!str.isEmpty()) { |
225 |
+ QString hyperlink; |
226 |
+ if (str.left(4) == QLatin1String("www.")) { |
227 |
+@@ -464,7 +478,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
228 |
+ |
229 |
+ result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude); |
230 |
+ } |
231 |
+- //qDebug()<<" result "<<result; |
232 |
+ |
233 |
+ return result; |
234 |
+ } |
235 |
+diff --git a/src/lib/text/ktexttohtml_p.h b/src/lib/text/ktexttohtml_p.h |
236 |
+index 74ad7a0..fc43613 100644 |
237 |
+--- a/src/lib/text/ktexttohtml_p.h |
238 |
++++ b/src/lib/text/ktexttohtml_p.h |
239 |
+@@ -49,7 +49,7 @@ public: |
240 |
+ QString getEmailAddress(); |
241 |
+ bool atUrl(); |
242 |
+ bool isEmptyUrl(const QString &url); |
243 |
+- QString getUrl(); |
244 |
++ QString getUrl(bool *badurl = Q_NULLPTR); |
245 |
+ QString pngToDataUrl(const QString &pngPath); |
246 |
+ QString highlightedText(); |
247 |
+ |
248 |
+-- |
249 |
+2.7.3 |
250 |
+ |
251 |
+From a06cef31cc4c908bc9b76bd9d103fe9c60e0953f Mon Sep 17 00:00:00 2001 |
252 |
+From: Montel Laurent <montel@×××.org> |
253 |
+Date: Tue, 11 Oct 2016 11:11:08 +0200 |
254 |
+Subject: [PATCH] Add more autotests |
255 |
+ |
256 |
+--- |
257 |
+ autotests/ktexttohtmltest.cpp | 15 +++++++++++++++ |
258 |
+ 1 file changed, 15 insertions(+) |
259 |
+ |
260 |
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp |
261 |
+index c5690e8..0179a00 100644 |
262 |
+--- a/autotests/ktexttohtmltest.cpp |
263 |
++++ b/autotests/ktexttohtmltest.cpp |
264 |
+@@ -392,6 +392,21 @@ void KTextToHTMLTest::testHtmlConvert_data() |
265 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
266 |
+ << "https://\"><!--"; |
267 |
+ |
268 |
++ QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--" |
269 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
270 |
++ << "https://192.168.1.1:\"><!--"; |
271 |
++ |
272 |
++ QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--" |
273 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
274 |
++ << "https://<IP>:\"><!--"; |
275 |
++ |
276 |
++ QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--" |
277 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
278 |
++ << "https://<IP>:/\"><!--"; |
279 |
++ |
280 |
++ QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--" |
281 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
282 |
++ << "https://<IP>:/\"><script>alert(1);</script><!--"; |
283 |
+ } |
284 |
+ |
285 |
+ |
286 |
+-- |
287 |
+2.7.3 |
288 |
+ |
289 |
+From 5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a Mon Sep 17 00:00:00 2001 |
290 |
+From: Montel Laurent <montel@×××.org> |
291 |
+Date: Tue, 11 Oct 2016 11:40:10 +0200 |
292 |
+Subject: [PATCH] Display bad url |
293 |
+ |
294 |
+--- |
295 |
+ autotests/ktexttohtmltest.cpp | 14 +++++++++----- |
296 |
+ src/lib/text/ktexttohtml.cpp | 18 +++++++++++++++++- |
297 |
+ 2 files changed, 26 insertions(+), 6 deletions(-) |
298 |
+ |
299 |
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp |
300 |
+index 0179a00..ccac29a 100644 |
301 |
+--- a/autotests/ktexttohtmltest.cpp |
302 |
++++ b/autotests/ktexttohtmltest.cpp |
303 |
+@@ -390,23 +390,27 @@ void KTextToHTMLTest::testHtmlConvert_data() |
304 |
+ //Fix url exploit |
305 |
+ QTest::newRow("url-exec-html") << "https://\"><!--" |
306 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
307 |
+- << "https://\"><!--"; |
308 |
++ << "https://"><!--"; |
309 |
+ |
310 |
+ QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--" |
311 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
312 |
+- << "https://192.168.1.1:\"><!--"; |
313 |
++ << "https://192.168.1.1:"><!--"; |
314 |
+ |
315 |
+ QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--" |
316 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
317 |
+- << "https://<IP>:\"><!--"; |
318 |
++ << "https://<IP>:"><!--"; |
319 |
+ |
320 |
+ QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--" |
321 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
322 |
+- << "https://<IP>:/\"><!--"; |
323 |
++ << "https://<IP>:/"><!--"; |
324 |
+ |
325 |
+ QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--" |
326 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
327 |
+- << "https://<IP>:/\"><script>alert(1);</script><!--"; |
328 |
++ << "https://<IP>:/"><script>alert(1);</script><!--"; |
329 |
++ |
330 |
++ QTest::newRow("url-exec-html-6") << "https://<IP>:/\"><script>alert(1);</script><!--\nTest2" |
331 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
332 |
++ << "https://<IP>:/"><script>alert(1);</script><!--\nTest2"; |
333 |
+ } |
334 |
+ |
335 |
+ |
336 |
+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp |
337 |
+index 97c5eab..30e0b5d 100644 |
338 |
+--- a/src/lib/text/ktexttohtml.cpp |
339 |
++++ b/src/lib/text/ktexttohtml.cpp |
340 |
+@@ -423,7 +423,23 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
341 |
+ bool badUrl = false; |
342 |
+ str = helper.getUrl(&badUrl); |
343 |
+ if (badUrl) { |
344 |
+- return helper.mText; |
345 |
++ QString resultBadUrl; |
346 |
++ const int helperTextSize(helper.mText.count()); |
347 |
++ for (int i = 0; i < helperTextSize; ++i) { |
348 |
++ const QChar chBadUrl = helper.mText[i]; |
349 |
++ if (chBadUrl == QLatin1Char('&')) { |
350 |
++ resultBadUrl += QLatin1String("&"); |
351 |
++ } else if (chBadUrl == QLatin1Char('"')) { |
352 |
++ resultBadUrl += QLatin1String("""); |
353 |
++ } else if (chBadUrl == QLatin1Char('<')) { |
354 |
++ resultBadUrl += QLatin1String("<"); |
355 |
++ } else if (chBadUrl == QLatin1Char('>')) { |
356 |
++ resultBadUrl += QLatin1String(">"); |
357 |
++ } else { |
358 |
++ resultBadUrl += chBadUrl; |
359 |
++ } |
360 |
++ } |
361 |
++ return resultBadUrl; |
362 |
+ } |
363 |
+ if (!str.isEmpty()) { |
364 |
+ QString hyperlink; |
365 |
+-- |
366 |
+2.7.3 |
367 |
+ |
368 |
|
369 |
diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch |
370 |
new file mode 100644 |
371 |
index 00000000..4fbd5e3 |
372 |
--- /dev/null |
373 |
+++ b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch |
374 |
@@ -0,0 +1,117 @@ |
375 |
+From a06cef31cc4c908bc9b76bd9d103fe9c60e0953f Mon Sep 17 00:00:00 2001 |
376 |
+From: Montel Laurent <montel@×××.org> |
377 |
+Date: Tue, 11 Oct 2016 11:11:08 +0200 |
378 |
+Subject: [PATCH] Add more autotests |
379 |
+ |
380 |
+--- |
381 |
+ autotests/ktexttohtmltest.cpp | 15 +++++++++++++++ |
382 |
+ 1 file changed, 15 insertions(+) |
383 |
+ |
384 |
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp |
385 |
+index c5690e8..0179a00 100644 |
386 |
+--- a/autotests/ktexttohtmltest.cpp |
387 |
++++ b/autotests/ktexttohtmltest.cpp |
388 |
+@@ -392,6 +392,21 @@ void KTextToHTMLTest::testHtmlConvert_data() |
389 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
390 |
+ << "https://\"><!--"; |
391 |
+ |
392 |
++ QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--" |
393 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
394 |
++ << "https://192.168.1.1:\"><!--"; |
395 |
++ |
396 |
++ QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--" |
397 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
398 |
++ << "https://<IP>:\"><!--"; |
399 |
++ |
400 |
++ QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--" |
401 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
402 |
++ << "https://<IP>:/\"><!--"; |
403 |
++ |
404 |
++ QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--" |
405 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
406 |
++ << "https://<IP>:/\"><script>alert(1);</script><!--"; |
407 |
+ } |
408 |
+ |
409 |
+ |
410 |
+-- |
411 |
+2.7.3 |
412 |
+ |
413 |
+From 5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a Mon Sep 17 00:00:00 2001 |
414 |
+From: Montel Laurent <montel@×××.org> |
415 |
+Date: Tue, 11 Oct 2016 11:40:10 +0200 |
416 |
+Subject: [PATCH] Display bad url |
417 |
+ |
418 |
+--- |
419 |
+ autotests/ktexttohtmltest.cpp | 14 +++++++++----- |
420 |
+ src/lib/text/ktexttohtml.cpp | 18 +++++++++++++++++- |
421 |
+ 2 files changed, 26 insertions(+), 6 deletions(-) |
422 |
+ |
423 |
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp |
424 |
+index 0179a00..ccac29a 100644 |
425 |
+--- a/autotests/ktexttohtmltest.cpp |
426 |
++++ b/autotests/ktexttohtmltest.cpp |
427 |
+@@ -390,23 +390,27 @@ void KTextToHTMLTest::testHtmlConvert_data() |
428 |
+ //Fix url exploit |
429 |
+ QTest::newRow("url-exec-html") << "https://\"><!--" |
430 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
431 |
+- << "https://\"><!--"; |
432 |
++ << "https://"><!--"; |
433 |
+ |
434 |
+ QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--" |
435 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
436 |
+- << "https://192.168.1.1:\"><!--"; |
437 |
++ << "https://192.168.1.1:"><!--"; |
438 |
+ |
439 |
+ QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--" |
440 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
441 |
+- << "https://<IP>:\"><!--"; |
442 |
++ << "https://<IP>:"><!--"; |
443 |
+ |
444 |
+ QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--" |
445 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
446 |
+- << "https://<IP>:/\"><!--"; |
447 |
++ << "https://<IP>:/"><!--"; |
448 |
+ |
449 |
+ QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--" |
450 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
451 |
+- << "https://<IP>:/\"><script>alert(1);</script><!--"; |
452 |
++ << "https://<IP>:/"><script>alert(1);</script><!--"; |
453 |
++ |
454 |
++ QTest::newRow("url-exec-html-6") << "https://<IP>:/\"><script>alert(1);</script><!--\nTest2" |
455 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
456 |
++ << "https://<IP>:/"><script>alert(1);</script><!--\nTest2"; |
457 |
+ } |
458 |
+ |
459 |
+ |
460 |
+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp |
461 |
+index 97c5eab..30e0b5d 100644 |
462 |
+--- a/src/lib/text/ktexttohtml.cpp |
463 |
++++ b/src/lib/text/ktexttohtml.cpp |
464 |
+@@ -423,7 +423,23 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
465 |
+ bool badUrl = false; |
466 |
+ str = helper.getUrl(&badUrl); |
467 |
+ if (badUrl) { |
468 |
+- return helper.mText; |
469 |
++ QString resultBadUrl; |
470 |
++ const int helperTextSize(helper.mText.count()); |
471 |
++ for (int i = 0; i < helperTextSize; ++i) { |
472 |
++ const QChar chBadUrl = helper.mText[i]; |
473 |
++ if (chBadUrl == QLatin1Char('&')) { |
474 |
++ resultBadUrl += QLatin1String("&"); |
475 |
++ } else if (chBadUrl == QLatin1Char('"')) { |
476 |
++ resultBadUrl += QLatin1String("""); |
477 |
++ } else if (chBadUrl == QLatin1Char('<')) { |
478 |
++ resultBadUrl += QLatin1String("<"); |
479 |
++ } else if (chBadUrl == QLatin1Char('>')) { |
480 |
++ resultBadUrl += QLatin1String(">"); |
481 |
++ } else { |
482 |
++ resultBadUrl += chBadUrl; |
483 |
++ } |
484 |
++ } |
485 |
++ return resultBadUrl; |
486 |
+ } |
487 |
+ if (!str.isEmpty()) { |
488 |
+ QString hyperlink; |
489 |
+-- |
490 |
+2.7.3 |
491 |
+ |
492 |
|
493 |
diff --git a/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r2.ebuild |
494 |
similarity index 91% |
495 |
copy from kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild |
496 |
copy to kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r2.ebuild |
497 |
index 037dde3..9db44a0 100644 |
498 |
--- a/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild |
499 |
+++ b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r2.ebuild |
500 |
@@ -21,6 +21,8 @@ DEPEND="${RDEPEND} |
501 |
nls? ( $(add_qt_dep linguist-tools) ) |
502 |
" |
503 |
|
504 |
+PATCHES=( "${FILESDIR}/${P}-CVE-2016-7966-r1.patch" ) |
505 |
+ |
506 |
src_configure() { |
507 |
local mycmakeargs=( |
508 |
-D_KDE4_DEFAULT_HOME_POSTFIX=4 |
509 |
|
510 |
diff --git a/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild b/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0-r1.ebuild |
511 |
similarity index 92% |
512 |
rename from kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild |
513 |
rename to kde-frameworks/kcoreaddons/kcoreaddons-5.27.0-r1.ebuild |
514 |
index 037dde3..ebb5cd8 100644 |
515 |
--- a/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0.ebuild |
516 |
+++ b/kde-frameworks/kcoreaddons/kcoreaddons-5.27.0-r1.ebuild |
517 |
@@ -21,6 +21,8 @@ DEPEND="${RDEPEND} |
518 |
nls? ( $(add_qt_dep linguist-tools) ) |
519 |
" |
520 |
|
521 |
+PATCHES=( "${FILESDIR}/${P}-CVE-2016-7966.patch" ) |
522 |
+ |
523 |
src_configure() { |
524 |
local mycmakeargs=( |
525 |
-D_KDE4_DEFAULT_HOME_POSTFIX=4 |