1 |
commit: bd38ebeaf7ab220314d81699d0176c0be1600447 |
2 |
Author: Michael Palimaka <kensington <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Oct 6 18:11:32 2016 +0000 |
4 |
Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Oct 6 18:12:44 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd38ebea |
7 |
|
8 |
kde-frameworks/kcoreaddons: backport patch from upstream for CVE-2016-7966 |
9 |
|
10 |
Gentoo-bug: 596224 |
11 |
|
12 |
Package-Manager: portage-2.3.1 |
13 |
|
14 |
.../files/kcoreaddons-5.26.0-CVE-2016-7966.patch | 122 +++++++++++++++++++++ |
15 |
.../kcoreaddons/kcoreaddons-5.26.0-r1.ebuild | 33 ++++++ |
16 |
2 files changed, 155 insertions(+) |
17 |
|
18 |
diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch |
19 |
new file mode 100644 |
20 |
index 00000000..8374d5a |
21 |
--- /dev/null |
22 |
+++ b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch |
23 |
@@ -0,0 +1,122 @@ |
24 |
+From 96e562d9138c100498da38e4c5b4091a226dde12 Mon Sep 17 00:00:00 2001 |
25 |
+From: Montel Laurent <montel@×××.org> |
26 |
+Date: Fri, 30 Sep 2016 13:21:45 +0200 |
27 |
+Subject: [PATCH] Don't convert as url an url which has a " |
28 |
+ |
29 |
+--- |
30 |
+ autotests/ktexttohtmltest.cpp | 6 ++++++ |
31 |
+ src/lib/text/ktexttohtml.cpp | 25 +++++++++++++++++++------ |
32 |
+ src/lib/text/ktexttohtml_p.h | 2 +- |
33 |
+ 3 files changed, 26 insertions(+), 7 deletions(-) |
34 |
+ |
35 |
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp |
36 |
+index 8fc0c56..c5690e8 100644 |
37 |
+--- a/autotests/ktexttohtmltest.cpp |
38 |
++++ b/autotests/ktexttohtmltest.cpp |
39 |
+@@ -386,6 +386,12 @@ void KTextToHTMLTest::testHtmlConvert_data() |
40 |
+ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>" |
41 |
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
42 |
+ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>"; |
43 |
++ |
44 |
++ //Fix url exploit |
45 |
++ QTest::newRow("url-exec-html") << "https://\"><!--" |
46 |
++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) |
47 |
++ << "https://\"><!--"; |
48 |
++ |
49 |
+ } |
50 |
+ |
51 |
+ |
52 |
+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp |
53 |
+index c70d062..97c5eab 100644 |
54 |
+--- a/src/lib/text/ktexttohtml.cpp |
55 |
++++ b/src/lib/text/ktexttohtml.cpp |
56 |
+@@ -156,7 +156,6 @@ bool KTextToHTMLHelper::atUrl() |
57 |
+ (allowedSpecialChars.indexOf(mText[mPos - 1]) != -1))) { |
58 |
+ return false; |
59 |
+ } |
60 |
+- |
61 |
+ QChar ch = mText[mPos]; |
62 |
+ return |
63 |
+ (ch == QLatin1Char('h') && (mText.mid(mPos, 7) == QLatin1String("http://") || |
64 |
+@@ -192,7 +191,7 @@ bool KTextToHTMLHelper::isEmptyUrl(const QString &url) |
65 |
+ url == QLatin1String("news://"); |
66 |
+ } |
67 |
+ |
68 |
+-QString KTextToHTMLHelper::getUrl() |
69 |
++QString KTextToHTMLHelper::getUrl(bool *badurl) |
70 |
+ { |
71 |
+ QString url; |
72 |
+ if (atUrl()) { |
73 |
+@@ -229,6 +228,7 @@ QString KTextToHTMLHelper::getUrl() |
74 |
+ url.reserve(mMaxUrlLen); // avoid allocs |
75 |
+ int start = mPos; |
76 |
+ bool previousCharIsSpace = false; |
77 |
++ bool previousCharIsADoubleQuote = false; |
78 |
+ while ((mPos < mText.length()) && |
79 |
+ (mText[mPos].isPrint() || mText[mPos].isSpace()) && |
80 |
+ ((afterUrl.isNull() && !mText[mPos].isSpace()) || |
81 |
+@@ -241,6 +241,18 @@ QString KTextToHTMLHelper::getUrl() |
82 |
+ break; |
83 |
+ } |
84 |
+ previousCharIsSpace = false; |
85 |
++ if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) { |
86 |
++ //it's an invalid url |
87 |
++ if (badurl) { |
88 |
++ *badurl = true; |
89 |
++ } |
90 |
++ return QString(); |
91 |
++ } |
92 |
++ if (mText[mPos] == QLatin1Char('"')) { |
93 |
++ previousCharIsADoubleQuote = true; |
94 |
++ } else { |
95 |
++ previousCharIsADoubleQuote = false; |
96 |
++ } |
97 |
+ url.append(mText[mPos]); |
98 |
+ if (url.length() > mMaxUrlLen) { |
99 |
+ break; |
100 |
+@@ -341,7 +353,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
101 |
+ QChar ch; |
102 |
+ int x; |
103 |
+ bool startOfLine = true; |
104 |
+- //qDebug()<<" plainText"<<plainText; |
105 |
+ |
106 |
+ for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length(); |
107 |
+ ++helper.mPos, ++x) { |
108 |
+@@ -409,8 +420,11 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
109 |
+ } else { |
110 |
+ const int start = helper.mPos; |
111 |
+ if (!(flags & IgnoreUrls)) { |
112 |
+- str = helper.getUrl(); |
113 |
+- //qDebug()<<" str"<<str; |
114 |
++ bool badUrl = false; |
115 |
++ str = helper.getUrl(&badUrl); |
116 |
++ if (badUrl) { |
117 |
++ return helper.mText; |
118 |
++ } |
119 |
+ if (!str.isEmpty()) { |
120 |
+ QString hyperlink; |
121 |
+ if (str.left(4) == QLatin1String("www.")) { |
122 |
+@@ -464,7 +478,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: |
123 |
+ |
124 |
+ result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude); |
125 |
+ } |
126 |
+- //qDebug()<<" result "<<result; |
127 |
+ |
128 |
+ return result; |
129 |
+ } |
130 |
+diff --git a/src/lib/text/ktexttohtml_p.h b/src/lib/text/ktexttohtml_p.h |
131 |
+index 74ad7a0..fc43613 100644 |
132 |
+--- a/src/lib/text/ktexttohtml_p.h |
133 |
++++ b/src/lib/text/ktexttohtml_p.h |
134 |
+@@ -49,7 +49,7 @@ public: |
135 |
+ QString getEmailAddress(); |
136 |
+ bool atUrl(); |
137 |
+ bool isEmptyUrl(const QString &url); |
138 |
+- QString getUrl(); |
139 |
++ QString getUrl(bool *badurl = Q_NULLPTR); |
140 |
+ QString pngToDataUrl(const QString &pngPath); |
141 |
+ QString highlightedText(); |
142 |
+ |
143 |
+-- |
144 |
+2.7.3 |
145 |
+ |
146 |
|
147 |
diff --git a/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild |
148 |
new file mode 100644 |
149 |
index 00000000..ebb5cd8 |
150 |
--- /dev/null |
151 |
+++ b/kde-frameworks/kcoreaddons/kcoreaddons-5.26.0-r1.ebuild |
152 |
@@ -0,0 +1,33 @@ |
153 |
+# Copyright 1999-2016 Gentoo Foundation |
154 |
+# Distributed under the terms of the GNU General Public License v2 |
155 |
+# $Id$ |
156 |
+ |
157 |
+EAPI=6 |
158 |
+ |
159 |
+inherit kde5 |
160 |
+ |
161 |
+DESCRIPTION="Framework for solving common problems such as caching, randomisation, and more" |
162 |
+LICENSE="LGPL-2+" |
163 |
+KEYWORDS="~amd64 ~arm ~x86" |
164 |
+IUSE="fam nls" |
165 |
+ |
166 |
+RDEPEND=" |
167 |
+ $(add_qt_dep qtcore 'icu') |
168 |
+ fam? ( virtual/fam ) |
169 |
+ !<kde-frameworks/kservice-5.2.0:5 |
170 |
+" |
171 |
+DEPEND="${RDEPEND} |
172 |
+ x11-misc/shared-mime-info |
173 |
+ nls? ( $(add_qt_dep linguist-tools) ) |
174 |
+" |
175 |
+ |
176 |
+PATCHES=( "${FILESDIR}/${P}-CVE-2016-7966.patch" ) |
177 |
+ |
178 |
+src_configure() { |
179 |
+ local mycmakeargs=( |
180 |
+ -D_KDE4_DEFAULT_HOME_POSTFIX=4 |
181 |
+ $(cmake-utils_use_find_package fam FAM) |
182 |
+ ) |
183 |
+ |
184 |
+ kde5_src_configure |
185 |
+} |