1 |
commit: 7a00da32661a8ba729193fa8cc1c483f3a6dddec |
2 |
Author: Johannes Huber <johu <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Feb 28 21:01:11 2017 +0000 |
4 |
Commit: Johannes Huber <johu <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Feb 28 21:01:11 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a00da32 |
7 |
|
8 |
kde-frameworks/kio: Fix information leak |
9 |
|
10 |
Revision bump backports upstream patch to fix a information leak when accessing |
11 |
https when using a malicious PAC file. |
12 |
https://www.kde.org/info/security/advisory-20170228-1.txt |
13 |
|
14 |
Gentoo-bug: 611256 |
15 |
|
16 |
Package-Manager: Portage-2.3.3, Repoman-2.3.1 |
17 |
|
18 |
.../kio/files/kio-5.29.0-sanitize-url.patch | 38 ++++++++++ |
19 |
kde-frameworks/kio/kio-5.29.0-r1.ebuild | 81 ++++++++++++++++++++++ |
20 |
kde-frameworks/kio/kio-5.31.0-r1.ebuild | 81 ++++++++++++++++++++++ |
21 |
3 files changed, 200 insertions(+) |
22 |
|
23 |
diff --git a/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch b/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch |
24 |
new file mode 100644 |
25 |
index 00000000000..f9f398652d9 |
26 |
--- /dev/null |
27 |
+++ b/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch |
28 |
@@ -0,0 +1,38 @@ |
29 |
+commit f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 |
30 |
+Author: Albert Astals Cid <aacid@×××.org> |
31 |
+Date: Tue Feb 28 19:00:48 2017 +0100 |
32 |
+ |
33 |
+ Sanitize URLs before passing them to FindProxyForURL |
34 |
+ |
35 |
+ Remove user/password information |
36 |
+ For https: remove path and query |
37 |
+ |
38 |
+ Thanks to safebreach.com for reporting the problem |
39 |
+ |
40 |
+ CCMAIL: yoni.fridburg@××××××××××.com |
41 |
+ CCMAIL: amit.klein@××××××××××.com |
42 |
+ CCMAIL: itzik.kotler@××××××××××.com |
43 |
+ |
44 |
+diff --git a/src/kpac/script.cpp b/src/kpac/script.cpp |
45 |
+index a0235f73..2485c54d 100644 |
46 |
+--- a/src/kpac/script.cpp |
47 |
++++ b/src/kpac/script.cpp |
48 |
+@@ -754,9 +754,16 @@ QString Script::evaluate(const QUrl &url) |
49 |
+ } |
50 |
+ } |
51 |
+ |
52 |
++ QUrl cleanUrl = url; |
53 |
++ cleanUrl.setUserInfo(QString()); |
54 |
++ if (cleanUrl.scheme() == QLatin1String("https")) { |
55 |
++ cleanUrl.setPath(QString()); |
56 |
++ cleanUrl.setQuery(QString()); |
57 |
++ } |
58 |
++ |
59 |
+ QScriptValueList args; |
60 |
+- args << url.url(); |
61 |
+- args << url.host(); |
62 |
++ args << cleanUrl.url(); |
63 |
++ args << cleanUrl.host(); |
64 |
+ |
65 |
+ QScriptValue result = func.call(QScriptValue(), args); |
66 |
+ if (result.isError()) { |
67 |
|
68 |
diff --git a/kde-frameworks/kio/kio-5.29.0-r1.ebuild b/kde-frameworks/kio/kio-5.29.0-r1.ebuild |
69 |
new file mode 100644 |
70 |
index 00000000000..3e102a99165 |
71 |
--- /dev/null |
72 |
+++ b/kde-frameworks/kio/kio-5.29.0-r1.ebuild |
73 |
@@ -0,0 +1,81 @@ |
74 |
+# Copyright 1999-2017 Gentoo Foundation |
75 |
+# Distributed under the terms of the GNU General Public License v2 |
76 |
+ |
77 |
+EAPI=6 |
78 |
+ |
79 |
+KDE_TEST="forceoptional" |
80 |
+VIRTUALX_REQUIRED="test" |
81 |
+inherit kde5 |
82 |
+ |
83 |
+DESCRIPTION="Framework providing transparent file and data management" |
84 |
+LICENSE="LGPL-2+" |
85 |
+KEYWORDS="~amd64 ~arm ~x86" |
86 |
+IUSE="acl +handbook kerberos +kwallet X" |
87 |
+ |
88 |
+COMMON_DEPEND=" |
89 |
+ $(add_frameworks_dep karchive) |
90 |
+ $(add_frameworks_dep kbookmarks) |
91 |
+ $(add_frameworks_dep kcodecs) |
92 |
+ $(add_frameworks_dep kcompletion) |
93 |
+ $(add_frameworks_dep kconfig) |
94 |
+ $(add_frameworks_dep kconfigwidgets) |
95 |
+ $(add_frameworks_dep kcoreaddons) |
96 |
+ $(add_frameworks_dep kdbusaddons) |
97 |
+ $(add_frameworks_dep ki18n) |
98 |
+ $(add_frameworks_dep kiconthemes) |
99 |
+ $(add_frameworks_dep kitemviews) |
100 |
+ $(add_frameworks_dep kjobwidgets) |
101 |
+ $(add_frameworks_dep knotifications) |
102 |
+ $(add_frameworks_dep kservice) |
103 |
+ $(add_frameworks_dep ktextwidgets) |
104 |
+ $(add_frameworks_dep kwidgetsaddons) |
105 |
+ $(add_frameworks_dep kwindowsystem) |
106 |
+ $(add_frameworks_dep kxmlgui) |
107 |
+ $(add_frameworks_dep solid) |
108 |
+ $(add_qt_dep qtdbus) |
109 |
+ $(add_qt_dep qtgui) |
110 |
+ $(add_qt_dep qtnetwork 'ssl') |
111 |
+ $(add_qt_dep qtscript) |
112 |
+ $(add_qt_dep qtwidgets) |
113 |
+ $(add_qt_dep qtxml) |
114 |
+ dev-libs/libxml2 |
115 |
+ dev-libs/libxslt |
116 |
+ acl? ( |
117 |
+ sys-apps/attr |
118 |
+ virtual/acl |
119 |
+ ) |
120 |
+ kerberos? ( virtual/krb5 ) |
121 |
+ kwallet? ( $(add_frameworks_dep kwallet) ) |
122 |
+ X? ( $(add_qt_dep qtx11extras) ) |
123 |
+" |
124 |
+DEPEND="${COMMON_DEPEND} |
125 |
+ $(add_qt_dep qtconcurrent) |
126 |
+ handbook? ( $(add_frameworks_dep kdoctools) ) |
127 |
+ test? ( sys-libs/zlib ) |
128 |
+ X? ( |
129 |
+ x11-libs/libX11 |
130 |
+ x11-libs/libXrender |
131 |
+ x11-proto/xproto |
132 |
+ ) |
133 |
+" |
134 |
+PDEPEND=" |
135 |
+ $(add_frameworks_dep kded) |
136 |
+" |
137 |
+RDEPEND="${COMMON_DEPEND}" |
138 |
+ |
139 |
+# tests hang |
140 |
+RESTRICT+=" test" |
141 |
+ |
142 |
+PATCHES=( "${FILESDIR}/${P}-sanitize-url.patch" ) |
143 |
+ |
144 |
+src_configure() { |
145 |
+ local mycmakeargs=( |
146 |
+ $(cmake-utils_use_find_package acl ACL) |
147 |
+ $(cmake-utils_use_find_package handbook KF5DocTools) |
148 |
+ $(cmake-utils_use_find_package kerberos GSSAPI) |
149 |
+ $(cmake-utils_use_find_package kwallet KF5Wallet) |
150 |
+ $(cmake-utils_use_find_package X X11) |
151 |
+ ) |
152 |
+ |
153 |
+ kde5_src_configure |
154 |
+} |
155 |
|
156 |
diff --git a/kde-frameworks/kio/kio-5.31.0-r1.ebuild b/kde-frameworks/kio/kio-5.31.0-r1.ebuild |
157 |
new file mode 100644 |
158 |
index 00000000000..b634e48d89c |
159 |
--- /dev/null |
160 |
+++ b/kde-frameworks/kio/kio-5.31.0-r1.ebuild |
161 |
@@ -0,0 +1,81 @@ |
162 |
+# Copyright 1999-2017 Gentoo Foundation |
163 |
+# Distributed under the terms of the GNU General Public License v2 |
164 |
+ |
165 |
+EAPI=6 |
166 |
+ |
167 |
+KDE_TEST="forceoptional-recursive" |
168 |
+VIRTUALX_REQUIRED="test" |
169 |
+inherit kde5 |
170 |
+ |
171 |
+DESCRIPTION="Framework providing transparent file and data management" |
172 |
+LICENSE="LGPL-2+" |
173 |
+KEYWORDS="~amd64 ~arm ~x86" |
174 |
+IUSE="acl +handbook kerberos +kwallet X" |
175 |
+ |
176 |
+COMMON_DEPEND=" |
177 |
+ $(add_frameworks_dep karchive) |
178 |
+ $(add_frameworks_dep kbookmarks) |
179 |
+ $(add_frameworks_dep kcodecs) |
180 |
+ $(add_frameworks_dep kcompletion) |
181 |
+ $(add_frameworks_dep kconfig) |
182 |
+ $(add_frameworks_dep kconfigwidgets) |
183 |
+ $(add_frameworks_dep kcoreaddons) |
184 |
+ $(add_frameworks_dep kdbusaddons) |
185 |
+ $(add_frameworks_dep ki18n) |
186 |
+ $(add_frameworks_dep kiconthemes) |
187 |
+ $(add_frameworks_dep kitemviews) |
188 |
+ $(add_frameworks_dep kjobwidgets) |
189 |
+ $(add_frameworks_dep knotifications) |
190 |
+ $(add_frameworks_dep kservice) |
191 |
+ $(add_frameworks_dep ktextwidgets) |
192 |
+ $(add_frameworks_dep kwidgetsaddons) |
193 |
+ $(add_frameworks_dep kwindowsystem) |
194 |
+ $(add_frameworks_dep kxmlgui) |
195 |
+ $(add_frameworks_dep solid) |
196 |
+ $(add_qt_dep qtdbus) |
197 |
+ $(add_qt_dep qtgui) |
198 |
+ $(add_qt_dep qtnetwork 'ssl') |
199 |
+ $(add_qt_dep qtscript) |
200 |
+ $(add_qt_dep qtwidgets) |
201 |
+ $(add_qt_dep qtxml) |
202 |
+ dev-libs/libxml2 |
203 |
+ dev-libs/libxslt |
204 |
+ acl? ( |
205 |
+ sys-apps/attr |
206 |
+ virtual/acl |
207 |
+ ) |
208 |
+ kerberos? ( virtual/krb5 ) |
209 |
+ kwallet? ( $(add_frameworks_dep kwallet) ) |
210 |
+ X? ( $(add_qt_dep qtx11extras) ) |
211 |
+" |
212 |
+DEPEND="${COMMON_DEPEND} |
213 |
+ $(add_qt_dep qtconcurrent) |
214 |
+ handbook? ( $(add_frameworks_dep kdoctools) ) |
215 |
+ test? ( sys-libs/zlib ) |
216 |
+ X? ( |
217 |
+ x11-libs/libX11 |
218 |
+ x11-libs/libXrender |
219 |
+ x11-proto/xproto |
220 |
+ ) |
221 |
+" |
222 |
+PDEPEND=" |
223 |
+ $(add_frameworks_dep kded) |
224 |
+" |
225 |
+RDEPEND="${COMMON_DEPEND}" |
226 |
+ |
227 |
+# tests hang |
228 |
+RESTRICT+=" test" |
229 |
+ |
230 |
+PATCHES=( "${FILESDIR}/${PN}-5.29.0-sanitize-url.patch" ) |
231 |
+ |
232 |
+src_configure() { |
233 |
+ local mycmakeargs=( |
234 |
+ $(cmake-utils_use_find_package acl ACL) |
235 |
+ $(cmake-utils_use_find_package handbook KF5DocTools) |
236 |
+ $(cmake-utils_use_find_package kerberos GSSAPI) |
237 |
+ $(cmake-utils_use_find_package kwallet KF5Wallet) |
238 |
+ $(cmake-utils_use_find_package X X11) |
239 |
+ ) |
240 |
+ |
241 |
+ kde5_src_configure |
242 |
+} |