diff options
| author |   Johannes Huber <johu@gentoo.org> | 2017-02-28 22:01:11 +0100 |
|---|---|---|
| committer | Johannes Huber <johu@gentoo.org> | 2017-02-28 22:01:11 +0100 |
| commit | 7a00da32661a8ba729193fa8cc1c483f3a6dddec (patch) | |
| tree | 3b8ef31f54ea59fc7242f4d1f98f7237d8132ec7 /kde-frameworks/kio | |
| parent | kde-frameworks/kdelibs: Remove 4.14.29 (r0) (diff) | |
| download | gentoo-7a00da32661a8ba729193fa8cc1c483f3a6dddec.tar.gz gentoo-7a00da32661a8ba729193fa8cc1c483f3a6dddec.tar.bz2 gentoo-7a00da32661a8ba729193fa8cc1c483f3a6dddec.zip | |
kde-frameworks/kio: Fix information leak
Revision bump backports upstream patch to fix a information leak when accessing
https when using a malicious PAC file.
https://www.kde.org/info/security/advisory-20170228-1.txt
Gentoo-bug: 611256
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Diffstat (limited to 'kde-frameworks/kio')
| -rw-r--r-- | kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch | 38 | ||||
| -rw-r--r-- | kde-frameworks/kio/kio-5.29.0-r1.ebuild | 81 | ||||
| -rw-r--r-- | kde-frameworks/kio/kio-5.31.0-r1.ebuild | 81 |
3 files changed, 200 insertions, 0 deletions
diff --git a/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch b/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch new file mode 100644 index 000000000000..f9f398652d95 --- /dev/null +++ b/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch @@ -0,0 +1,38 @@ +commit f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 +Author: Albert Astals Cid <aacid@kde.org> +Date: Tue Feb 28 19:00:48 2017 +0100 + + Sanitize URLs before passing them to FindProxyForURL + + Remove user/password information + For https: remove path and query + + Thanks to safebreach.com for reporting the problem + + CCMAIL: yoni.fridburg@safebreach.com + CCMAIL: amit.klein@safebreach.com + CCMAIL: itzik.kotler@safebreach.com + +diff --git a/src/kpac/script.cpp b/src/kpac/script.cpp +index a0235f73..2485c54d 100644 +--- a/src/kpac/script.cpp ++++ b/src/kpac/script.cpp +@@ -754,9 +754,16 @@ QString Script::evaluate(const QUrl &url) + } + } + ++ QUrl cleanUrl = url; ++ cleanUrl.setUserInfo(QString()); ++ if (cleanUrl.scheme() == QLatin1String("https")) { ++ cleanUrl.setPath(QString()); ++ cleanUrl.setQuery(QString()); ++ } ++ + QScriptValueList args; +- args << url.url(); +- args << url.host(); ++ args << cleanUrl.url(); ++ args << cleanUrl.host(); + + QScriptValue result = func.call(QScriptValue(), args); + if (result.isError()) { diff --git a/kde-frameworks/kio/kio-5.29.0-r1.ebuild b/kde-frameworks/kio/kio-5.29.0-r1.ebuild new file mode 100644 index 000000000000..3e102a991655 --- /dev/null +++ b/kde-frameworks/kio/kio-5.29.0-r1.ebuild @@ -0,0 +1,81 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +KDE_TEST="forceoptional" +VIRTUALX_REQUIRED="test" +inherit kde5 + +DESCRIPTION="Framework providing transparent file and data management" +LICENSE="LGPL-2+" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="acl +handbook kerberos +kwallet X" + +COMMON_DEPEND=" + $(add_frameworks_dep karchive) + $(add_frameworks_dep kbookmarks) + $(add_frameworks_dep kcodecs) + $(add_frameworks_dep kcompletion) + $(add_frameworks_dep kconfig) + $(add_frameworks_dep kconfigwidgets) + $(add_frameworks_dep kcoreaddons) + $(add_frameworks_dep kdbusaddons) + $(add_frameworks_dep ki18n) + $(add_frameworks_dep kiconthemes) + $(add_frameworks_dep kitemviews) + $(add_frameworks_dep kjobwidgets) + $(add_frameworks_dep knotifications) + $(add_frameworks_dep kservice) + $(add_frameworks_dep ktextwidgets) + $(add_frameworks_dep kwidgetsaddons) + $(add_frameworks_dep kwindowsystem) + $(add_frameworks_dep kxmlgui) + $(add_frameworks_dep solid) + $(add_qt_dep qtdbus) + $(add_qt_dep qtgui) + $(add_qt_dep qtnetwork 'ssl') + $(add_qt_dep qtscript) + $(add_qt_dep qtwidgets) + $(add_qt_dep qtxml) + dev-libs/libxml2 + dev-libs/libxslt + acl? ( + sys-apps/attr + virtual/acl + ) + kerberos? ( virtual/krb5 ) + kwallet? ( $(add_frameworks_dep kwallet) ) + X? ( $(add_qt_dep qtx11extras) ) +" +DEPEND="${COMMON_DEPEND} + $(add_qt_dep qtconcurrent) + handbook? ( $(add_frameworks_dep kdoctools) ) + test? ( sys-libs/zlib ) + X? ( + x11-libs/libX11 + x11-libs/libXrender + x11-proto/xproto + ) +" +PDEPEND=" + $(add_frameworks_dep kded) +" +RDEPEND="${COMMON_DEPEND}" + +# tests hang +RESTRICT+=" test" + +PATCHES=( "${FILESDIR}/${P}-sanitize-url.patch" ) + +src_configure() { + local mycmakeargs=( + $(cmake-utils_use_find_package acl ACL) + $(cmake-utils_use_find_package handbook KF5DocTools) + $(cmake-utils_use_find_package kerberos GSSAPI) + $(cmake-utils_use_find_package kwallet KF5Wallet) + $(cmake-utils_use_find_package X X11) + ) + + kde5_src_configure +} diff --git a/kde-frameworks/kio/kio-5.31.0-r1.ebuild b/kde-frameworks/kio/kio-5.31.0-r1.ebuild new file mode 100644 index 000000000000..b634e48d89c7 --- /dev/null +++ b/kde-frameworks/kio/kio-5.31.0-r1.ebuild @@ -0,0 +1,81 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +KDE_TEST="forceoptional-recursive" +VIRTUALX_REQUIRED="test" +inherit kde5 + +DESCRIPTION="Framework providing transparent file and data management" +LICENSE="LGPL-2+" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="acl +handbook kerberos +kwallet X" + +COMMON_DEPEND=" + $(add_frameworks_dep karchive) + $(add_frameworks_dep kbookmarks) + $(add_frameworks_dep kcodecs) + $(add_frameworks_dep kcompletion) + $(add_frameworks_dep kconfig) + $(add_frameworks_dep kconfigwidgets) + $(add_frameworks_dep kcoreaddons) + $(add_frameworks_dep kdbusaddons) + $(add_frameworks_dep ki18n) + $(add_frameworks_dep kiconthemes) + $(add_frameworks_dep kitemviews) + $(add_frameworks_dep kjobwidgets) + $(add_frameworks_dep knotifications) + $(add_frameworks_dep kservice) + $(add_frameworks_dep ktextwidgets) + $(add_frameworks_dep kwidgetsaddons) + $(add_frameworks_dep kwindowsystem) + $(add_frameworks_dep kxmlgui) + $(add_frameworks_dep solid) + $(add_qt_dep qtdbus) + $(add_qt_dep qtgui) + $(add_qt_dep qtnetwork 'ssl') + $(add_qt_dep qtscript) + $(add_qt_dep qtwidgets) + $(add_qt_dep qtxml) + dev-libs/libxml2 + dev-libs/libxslt + acl? ( + sys-apps/attr + virtual/acl + ) + kerberos? ( virtual/krb5 ) + kwallet? ( $(add_frameworks_dep kwallet) ) + X? ( $(add_qt_dep qtx11extras) ) +" +DEPEND="${COMMON_DEPEND} + $(add_qt_dep qtconcurrent) + handbook? ( $(add_frameworks_dep kdoctools) ) + test? ( sys-libs/zlib ) + X? ( + x11-libs/libX11 + x11-libs/libXrender + x11-proto/xproto + ) +" +PDEPEND=" + $(add_frameworks_dep kded) +" +RDEPEND="${COMMON_DEPEND}" + +# tests hang +RESTRICT+=" test" + +PATCHES=( "${FILESDIR}/${PN}-5.29.0-sanitize-url.patch" ) + +src_configure() { + local mycmakeargs=( + $(cmake-utils_use_find_package acl ACL) + $(cmake-utils_use_find_package handbook KF5DocTools) + $(cmake-utils_use_find_package kerberos GSSAPI) + $(cmake-utils_use_find_package kwallet KF5Wallet) + $(cmake-utils_use_find_package X X11) + ) + + kde5_src_configure +} |