summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Huber <johu@gentoo.org>2017-02-28 22:01:11 +0100
committerJohannes Huber <johu@gentoo.org>2017-02-28 22:01:11 +0100
commit7a00da32661a8ba729193fa8cc1c483f3a6dddec (patch)
tree3b8ef31f54ea59fc7242f4d1f98f7237d8132ec7 /kde-frameworks/kio
parentkde-frameworks/kdelibs: Remove 4.14.29 (r0) (diff)
downloadgentoo-7a00da32661a8ba729193fa8cc1c483f3a6dddec.tar.gz
gentoo-7a00da32661a8ba729193fa8cc1c483f3a6dddec.tar.bz2
gentoo-7a00da32661a8ba729193fa8cc1c483f3a6dddec.zip
kde-frameworks/kio: Fix information leak
Revision bump backports upstream patch to fix a information leak when accessing https when using a malicious PAC file. https://www.kde.org/info/security/advisory-20170228-1.txt Gentoo-bug: 611256 Package-Manager: Portage-2.3.3, Repoman-2.3.1
Diffstat (limited to 'kde-frameworks/kio')
-rw-r--r--kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch38
-rw-r--r--kde-frameworks/kio/kio-5.29.0-r1.ebuild81
-rw-r--r--kde-frameworks/kio/kio-5.31.0-r1.ebuild81
3 files changed, 200 insertions, 0 deletions
diff --git a/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch b/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch
new file mode 100644
index 000000000000..f9f398652d95
--- /dev/null
+++ b/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch
@@ -0,0 +1,38 @@
+commit f9d0cb47cf94e209f6171ac0e8d774e68156a6e4
+Author: Albert Astals Cid <aacid@kde.org>
+Date: Tue Feb 28 19:00:48 2017 +0100
+
+ Sanitize URLs before passing them to FindProxyForURL
+
+ Remove user/password information
+ For https: remove path and query
+
+ Thanks to safebreach.com for reporting the problem
+
+ CCMAIL: yoni.fridburg@safebreach.com
+ CCMAIL: amit.klein@safebreach.com
+ CCMAIL: itzik.kotler@safebreach.com
+
+diff --git a/src/kpac/script.cpp b/src/kpac/script.cpp
+index a0235f73..2485c54d 100644
+--- a/src/kpac/script.cpp
++++ b/src/kpac/script.cpp
+@@ -754,9 +754,16 @@ QString Script::evaluate(const QUrl &url)
+ }
+ }
+
++ QUrl cleanUrl = url;
++ cleanUrl.setUserInfo(QString());
++ if (cleanUrl.scheme() == QLatin1String("https")) {
++ cleanUrl.setPath(QString());
++ cleanUrl.setQuery(QString());
++ }
++
+ QScriptValueList args;
+- args << url.url();
+- args << url.host();
++ args << cleanUrl.url();
++ args << cleanUrl.host();
+
+ QScriptValue result = func.call(QScriptValue(), args);
+ if (result.isError()) {
diff --git a/kde-frameworks/kio/kio-5.29.0-r1.ebuild b/kde-frameworks/kio/kio-5.29.0-r1.ebuild
new file mode 100644
index 000000000000..3e102a991655
--- /dev/null
+++ b/kde-frameworks/kio/kio-5.29.0-r1.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+KDE_TEST="forceoptional"
+VIRTUALX_REQUIRED="test"
+inherit kde5
+
+DESCRIPTION="Framework providing transparent file and data management"
+LICENSE="LGPL-2+"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE="acl +handbook kerberos +kwallet X"
+
+COMMON_DEPEND="
+ $(add_frameworks_dep karchive)
+ $(add_frameworks_dep kbookmarks)
+ $(add_frameworks_dep kcodecs)
+ $(add_frameworks_dep kcompletion)
+ $(add_frameworks_dep kconfig)
+ $(add_frameworks_dep kconfigwidgets)
+ $(add_frameworks_dep kcoreaddons)
+ $(add_frameworks_dep kdbusaddons)
+ $(add_frameworks_dep ki18n)
+ $(add_frameworks_dep kiconthemes)
+ $(add_frameworks_dep kitemviews)
+ $(add_frameworks_dep kjobwidgets)
+ $(add_frameworks_dep knotifications)
+ $(add_frameworks_dep kservice)
+ $(add_frameworks_dep ktextwidgets)
+ $(add_frameworks_dep kwidgetsaddons)
+ $(add_frameworks_dep kwindowsystem)
+ $(add_frameworks_dep kxmlgui)
+ $(add_frameworks_dep solid)
+ $(add_qt_dep qtdbus)
+ $(add_qt_dep qtgui)
+ $(add_qt_dep qtnetwork 'ssl')
+ $(add_qt_dep qtscript)
+ $(add_qt_dep qtwidgets)
+ $(add_qt_dep qtxml)
+ dev-libs/libxml2
+ dev-libs/libxslt
+ acl? (
+ sys-apps/attr
+ virtual/acl
+ )
+ kerberos? ( virtual/krb5 )
+ kwallet? ( $(add_frameworks_dep kwallet) )
+ X? ( $(add_qt_dep qtx11extras) )
+"
+DEPEND="${COMMON_DEPEND}
+ $(add_qt_dep qtconcurrent)
+ handbook? ( $(add_frameworks_dep kdoctools) )
+ test? ( sys-libs/zlib )
+ X? (
+ x11-libs/libX11
+ x11-libs/libXrender
+ x11-proto/xproto
+ )
+"
+PDEPEND="
+ $(add_frameworks_dep kded)
+"
+RDEPEND="${COMMON_DEPEND}"
+
+# tests hang
+RESTRICT+=" test"
+
+PATCHES=( "${FILESDIR}/${P}-sanitize-url.patch" )
+
+src_configure() {
+ local mycmakeargs=(
+ $(cmake-utils_use_find_package acl ACL)
+ $(cmake-utils_use_find_package handbook KF5DocTools)
+ $(cmake-utils_use_find_package kerberos GSSAPI)
+ $(cmake-utils_use_find_package kwallet KF5Wallet)
+ $(cmake-utils_use_find_package X X11)
+ )
+
+ kde5_src_configure
+}
diff --git a/kde-frameworks/kio/kio-5.31.0-r1.ebuild b/kde-frameworks/kio/kio-5.31.0-r1.ebuild
new file mode 100644
index 000000000000..b634e48d89c7
--- /dev/null
+++ b/kde-frameworks/kio/kio-5.31.0-r1.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+KDE_TEST="forceoptional-recursive"
+VIRTUALX_REQUIRED="test"
+inherit kde5
+
+DESCRIPTION="Framework providing transparent file and data management"
+LICENSE="LGPL-2+"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE="acl +handbook kerberos +kwallet X"
+
+COMMON_DEPEND="
+ $(add_frameworks_dep karchive)
+ $(add_frameworks_dep kbookmarks)
+ $(add_frameworks_dep kcodecs)
+ $(add_frameworks_dep kcompletion)
+ $(add_frameworks_dep kconfig)
+ $(add_frameworks_dep kconfigwidgets)
+ $(add_frameworks_dep kcoreaddons)
+ $(add_frameworks_dep kdbusaddons)
+ $(add_frameworks_dep ki18n)
+ $(add_frameworks_dep kiconthemes)
+ $(add_frameworks_dep kitemviews)
+ $(add_frameworks_dep kjobwidgets)
+ $(add_frameworks_dep knotifications)
+ $(add_frameworks_dep kservice)
+ $(add_frameworks_dep ktextwidgets)
+ $(add_frameworks_dep kwidgetsaddons)
+ $(add_frameworks_dep kwindowsystem)
+ $(add_frameworks_dep kxmlgui)
+ $(add_frameworks_dep solid)
+ $(add_qt_dep qtdbus)
+ $(add_qt_dep qtgui)
+ $(add_qt_dep qtnetwork 'ssl')
+ $(add_qt_dep qtscript)
+ $(add_qt_dep qtwidgets)
+ $(add_qt_dep qtxml)
+ dev-libs/libxml2
+ dev-libs/libxslt
+ acl? (
+ sys-apps/attr
+ virtual/acl
+ )
+ kerberos? ( virtual/krb5 )
+ kwallet? ( $(add_frameworks_dep kwallet) )
+ X? ( $(add_qt_dep qtx11extras) )
+"
+DEPEND="${COMMON_DEPEND}
+ $(add_qt_dep qtconcurrent)
+ handbook? ( $(add_frameworks_dep kdoctools) )
+ test? ( sys-libs/zlib )
+ X? (
+ x11-libs/libX11
+ x11-libs/libXrender
+ x11-proto/xproto
+ )
+"
+PDEPEND="
+ $(add_frameworks_dep kded)
+"
+RDEPEND="${COMMON_DEPEND}"
+
+# tests hang
+RESTRICT+=" test"
+
+PATCHES=( "${FILESDIR}/${PN}-5.29.0-sanitize-url.patch" )
+
+src_configure() {
+ local mycmakeargs=(
+ $(cmake-utils_use_find_package acl ACL)
+ $(cmake-utils_use_find_package handbook KF5DocTools)
+ $(cmake-utils_use_find_package kerberos GSSAPI)
+ $(cmake-utils_use_find_package kwallet KF5Wallet)
+ $(cmake-utils_use_find_package X X11)
+ )
+
+ kde5_src_configure
+}