| 1 |
commit: d370ca0f6eb6fe7fcbe2978fd1b0cc9036c1c651 |
| 2 |
Author: Michael Palimaka <kensington <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri Oct 7 15:51:13 2016 +0000 |
| 4 |
Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Oct 7 15:53:48 2016 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d370ca0f |
| 7 |
|
| 8 |
kde-frameworks/kcoreaddons: backport patch from upstream to resolve CVE-2016-7966 |
| 9 |
|
| 10 |
This also backports an unrelated bugfix patch (1be7272) as it is required for |
| 11 |
the CVE patch (96e562d) to apply cleanly. |
| 12 |
|
| 13 |
Gentoo-bug: 596224 |
| 14 |
|
| 15 |
Package-Manager: portage-2.3.1 |
| 16 |
|
| 17 |
.../files/kcoreaddons-5.26.0-CVE-2016-7966.patch | 225 +++++++++++++++++++++ |
| 18 |
...-5.26.0.ebuild => kcoreaddons-5.26.0-r1.ebuild} | 2 + |
| 19 |
2 files changed, 227 insertions(+) |
| 20 |
|
| 21 |
diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch |
| 22 |
new file mode 100644 |
| 23 |
index 00000000..71dc769 |
| 24 |
--- /dev/null |
| 25 |
+++ b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch |
| 26 |
@@ -0,0 +1,225 @@ |
| 27 |
+From 2a5142fecf8615ccfa3e7c1f9c088fa6ae5cc2a1 Mon Sep 17 00:00:00 2001 |
| 28 |
+From: Montel Laurent <montel@×××.org> |
| 29 |
+Date: Wed, 21 Sep 2016 07:24:30 +0200 |
| 30 |
+Subject: [PATCH 1/2] Fix very old bug when we remove space in url as "foo |
| 31 |
+ <<url> <url>>" |
| 32 |
+ |
| 33 |
+--- |
| 34 |
+ autotests/ktexttohtmltest.cpp | 14 ++++++++++++++ |
| 35 |
+ src/lib/text/ktexttohtml.cpp | 14 ++++++++++++-- |
| 36 |
+ 2 files changed, 26 insertions(+), 2 deletions(-) |
| 37 |
+ |
| 38 |
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp |
| 39 |
+index 474f0ca..8fc0c56 100644 |
| 40 |
+--- a/autotests/ktexttohtmltest.cpp |
| 41 |
++++ b/autotests/ktexttohtmltest.cpp |
| 42 |
+@@ -30,6 +30,15 @@ QTEST_MAIN(KTextToHTMLTest) |
| 43 |
+ |
| 44 |
+ Q_DECLARE_METATYPE(KTextToHTML::Options) |
| 45 |
+ |
| 46 |
++#ifndef Q_OS_WIN |
| 47 |
++void initLocale() |
| 48 |
++{ |
| 49 |
++ setenv("LC_ALL", "en_US.utf-8", 1); |
| 50 |
++} |
| 51 |
++Q_CONSTRUCTOR_FUNCTION(initLocale) |
| 52 |
++#endif |
| 53 |
++ |
| 54 |
++ |
| 55 |
+ void KTextToHTMLTest::testGetEmailAddress() |
| 56 |
+ { |
| 57 |
+ // empty input |
| 58 |
+@@ -372,6 +381,11 @@ void KTextToHTMLTest::testHtmlConvert_data() |
| 59 |
+ QTest::newRow("url-in-parenthesis-3") << "bla (http://www.kde.org - section 5.2)" |
| 60 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
| 61 |
+ << "bla (<a href=\"http://www.kde.org\">http://www.kde.org</a> - section 5.2)"; |
| 62 |
++ |
| 63 |
++ // Fix url as foo <<url> <url>> when we concatened them. |
| 64 |
++ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>" |
| 65 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
| 66 |
++ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>"; |
| 67 |
+ } |
| 68 |
+ |
| 69 |
+ |
| 70 |
+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp |
| 71 |
+index 8ed923d..b181f56 100644 |
| 72 |
+--- a/src/lib/text/ktexttohtml.cpp |
| 73 |
++++ b/src/lib/text/ktexttohtml.cpp |
| 74 |
+@@ -228,11 +228,19 @@ QString KTextToHTMLHelper::getUrl() |
| 75 |
+ |
| 76 |
+ url.reserve(mMaxUrlLen); // avoid allocs |
| 77 |
+ int start = mPos; |
| 78 |
++ bool previousCharIsSpace = false; |
| 79 |
+ while ((mPos < mText.length()) && |
| 80 |
+ (mText[mPos].isPrint() || mText[mPos].isSpace()) && |
| 81 |
+ ((afterUrl.isNull() && !mText[mPos].isSpace()) || |
| 82 |
+ (!afterUrl.isNull() && mText[mPos] != afterUrl))) { |
| 83 |
+- if (!mText[mPos].isSpace()) { // skip whitespace |
| 84 |
++ if (mText[mPos].isSpace()) { |
| 85 |
++ previousCharIsSpace = true; |
| 86 |
++ } else { // skip whitespace |
| 87 |
++ if (previousCharIsSpace && mText[mPos] == QLatin1Char('<')) { |
| 88 |
++ url.append(QLatin1Char(' ')); |
| 89 |
++ break; |
| 90 |
++ } |
| 91 |
++ previousCharIsSpace = false; |
| 92 |
+ url.append(mText[mPos]); |
| 93 |
+ if (url.length() > mMaxUrlLen) { |
| 94 |
+ break; |
| 95 |
+@@ -267,7 +275,6 @@ QString KTextToHTMLHelper::getUrl() |
| 96 |
+ } |
| 97 |
+ } while (url.length() > 1); |
| 98 |
+ } |
| 99 |
+- |
| 100 |
+ return url; |
| 101 |
+ } |
| 102 |
+ |
| 103 |
+@@ -334,6 +341,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
| 104 |
+ QChar ch; |
| 105 |
+ int x; |
| 106 |
+ bool startOfLine = true; |
| 107 |
++ //qDebug()<<" plainText"<<plainText; |
| 108 |
+ |
| 109 |
+ for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length(); |
| 110 |
+ ++helper.mPos, ++x) { |
| 111 |
+@@ -402,6 +410,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
| 112 |
+ const int start = helper.mPos; |
| 113 |
+ if (!(flags & IgnoreUrls)) { |
| 114 |
+ str = helper.getUrl(); |
| 115 |
++ //qDebug()<<" str"<<str; |
| 116 |
+ if (!str.isEmpty()) { |
| 117 |
+ QString hyperlink; |
| 118 |
+ if (str.left(4) == QLatin1String("www.")) { |
| 119 |
+@@ -455,6 +464,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
| 120 |
+ |
| 121 |
+ result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude); |
| 122 |
+ } |
| 123 |
++ //qDebug()<<" result "<<result; |
| 124 |
+ |
| 125 |
+ return result; |
| 126 |
+ } |
| 127 |
+-- |
| 128 |
+2.7.3 |
| 129 |
+ |
| 130 |
+From aa9281b7f95ce970603645d79f6f275d1ae7d2ed Mon Sep 17 00:00:00 2001 |
| 131 |
+From: Montel Laurent <montel@×××.org> |
| 132 |
+Date: Fri, 30 Sep 2016 13:21:45 +0200 |
| 133 |
+Subject: [PATCH 2/2] Don't convert as url an url which has a " |
| 134 |
+ |
| 135 |
+--- |
| 136 |
+ autotests/ktexttohtmltest.cpp | 6 ++++++ |
| 137 |
+ src/lib/text/ktexttohtml.cpp | 25 +++++++++++++++++++------ |
| 138 |
+ src/lib/text/ktexttohtml_p.h | 2 +- |
| 139 |
+ 3 files changed, 26 insertions(+), 7 deletions(-) |
| 140 |
+ |
| 141 |
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp |
| 142 |
+index 8fc0c56..c5690e8 100644 |
| 143 |
+--- a/autotests/ktexttohtmltest.cpp |
| 144 |
++++ b/autotests/ktexttohtmltest.cpp |
| 145 |
+@@ -386,6 +386,12 @@ void KTextToHTMLTest::testHtmlConvert_data() |
| 146 |
+ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>" |
| 147 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
| 148 |
+ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>"; |
| 149 |
++ |
| 150 |
++ //Fix url exploit |
| 151 |
++ QTest::newRow("url-exec-html") << "https://\"><!--" |
| 152 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
| 153 |
++ << "https://\"><!--"; |
| 154 |
++ |
| 155 |
+ } |
| 156 |
+ |
| 157 |
+ |
| 158 |
+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp |
| 159 |
+index b181f56..09b2483 100644 |
| 160 |
+--- a/src/lib/text/ktexttohtml.cpp |
| 161 |
++++ b/src/lib/text/ktexttohtml.cpp |
| 162 |
+@@ -156,7 +156,6 @@ bool KTextToHTMLHelper::atUrl() |
| 163 |
+ (allowedSpecialChars.indexOf(mText[mPos - 1]) != -1))) { |
| 164 |
+ return false; |
| 165 |
+ } |
| 166 |
+- |
| 167 |
+ QChar ch = mText[mPos]; |
| 168 |
+ return |
| 169 |
+ (ch == QLatin1Char('h') && (mText.mid(mPos, 7) == QLatin1String("http://") || |
| 170 |
+@@ -192,7 +191,7 @@ bool KTextToHTMLHelper::isEmptyUrl(const QString &url) |
| 171 |
+ url == QLatin1String("news://"); |
| 172 |
+ } |
| 173 |
+ |
| 174 |
+-QString KTextToHTMLHelper::getUrl() |
| 175 |
++QString KTextToHTMLHelper::getUrl(bool *badurl) |
| 176 |
+ { |
| 177 |
+ QString url; |
| 178 |
+ if (atUrl()) { |
| 179 |
+@@ -229,6 +228,7 @@ QString KTextToHTMLHelper::getUrl() |
| 180 |
+ url.reserve(mMaxUrlLen); // avoid allocs |
| 181 |
+ int start = mPos; |
| 182 |
+ bool previousCharIsSpace = false; |
| 183 |
++ bool previousCharIsADoubleQuote = false; |
| 184 |
+ while ((mPos < mText.length()) && |
| 185 |
+ (mText[mPos].isPrint() || mText[mPos].isSpace()) && |
| 186 |
+ ((afterUrl.isNull() && !mText[mPos].isSpace()) || |
| 187 |
+@@ -241,6 +241,18 @@ QString KTextToHTMLHelper::getUrl() |
| 188 |
+ break; |
| 189 |
+ } |
| 190 |
+ previousCharIsSpace = false; |
| 191 |
++ if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) { |
| 192 |
++ //it's an invalid url |
| 193 |
++ if (badurl) { |
| 194 |
++ *badurl = true; |
| 195 |
++ } |
| 196 |
++ return QString(); |
| 197 |
++ } |
| 198 |
++ if (mText[mPos] == QLatin1Char('"')) { |
| 199 |
++ previousCharIsADoubleQuote = true; |
| 200 |
++ } else { |
| 201 |
++ previousCharIsADoubleQuote = false; |
| 202 |
++ } |
| 203 |
+ url.append(mText[mPos]); |
| 204 |
+ if (url.length() > mMaxUrlLen) { |
| 205 |
+ break; |
| 206 |
+@@ -341,7 +353,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
| 207 |
+ QChar ch; |
| 208 |
+ int x; |
| 209 |
+ bool startOfLine = true; |
| 210 |
+- //qDebug()<<" plainText"<<plainText; |
| 211 |
+ |
| 212 |
+ for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length(); |
| 213 |
+ ++helper.mPos, ++x) { |
| 214 |
+@@ -409,8 +420,11 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
| 215 |
+ } else { |
| 216 |
+ const int start = helper.mPos; |
| 217 |
+ if (!(flags & IgnoreUrls)) { |
| 218 |
+- str = helper.getUrl(); |
| 219 |
+- //qDebug()<<" str"<<str; |
| 220 |
++ bool badUrl = false; |
| 221 |
++ str = helper.getUrl(&badUrl); |
| 222 |
++ if (badUrl) { |
| 223 |
++ return helper.mText; |
| 224 |
++ } |
| 225 |
+ if (!str.isEmpty()) { |
| 226 |
+ QString hyperlink; |
| 227 |
+ if (str.left(4) == QLatin1String("www.")) { |
| 228 |
+@@ -464,7 +478,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
| 229 |
+ |
| 230 |
+ result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude); |
| 231 |
+ } |
| 232 |
+- //qDebug()<<" result "<<result; |
| 233 |
+ |
| 234 |
+ return result; |
| 235 |
+ } |
| 236 |
+diff --git a/src/lib/text/ktexttohtml_p.h b/src/lib/text/ktexttohtml_p.h |
| 237 |
+index 74ad7a0..fc43613 100644 |
| 238 |
+--- a/src/lib/text/ktexttohtml_p.h |
| 239 |
++++ b/src/lib/text/ktexttohtml_p.h |
| 240 |
+@@ -49,7 +49,7 @@ public: |
| 241 |
+ QString getEmailAddress(); |
| 242 |
+ bool atUrl(); |
| 243 |
+ bool isEmptyUrl(const QString &url); |
| 244 |
+- QString getUrl(); |
| 245 |
++ QString getUrl(bool *badurl = Q_NULLPTR); |
| 246 |
+ QString pngToDataUrl(const QString &pngPath); |
| 247 |
+ QString highlightedText(); |
| 248 |
+ |
| 249 |
+-- |
| 250 |
+2.7.3 |
| 251 |
+ |
| 252 |
|
| 253 |
diff --git a/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0.ebuild b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild |
| 254 |
similarity index 92% |
| 255 |
rename from kde-frameworks/kcoreaddons/kcoreaddons-5.26.0.ebuild |
| 256 |
rename to kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild |
| 257 |
index 037dde3..ebb5cd8 100644 |
| 258 |
--- a/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0.ebuild |
| 259 |
+++ b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild |
| 260 |
@@ -21,6 +21,8 @@ DEPEND="${RDEPEND} |
| 261 |
nls? ( $(add_qt_dep linguist-tools) ) |
| 262 |
" |
| 263 |
|
| 264 |
+PATCHES=( "${FILESDIR}/${P}-CVE-2016-7966.patch" ) |
| 265 |
+ |
| 266 |
src_configure() { |
| 267 |
local mycmakeargs=( |
| 268 |
-D_KDE4_DEFAULT_HOME_POSTFIX=4 |
Archives