[gentoo-commits] repo/gentoo:master commit in: kde-frameworks/kio/, kde-frameworks/kio/files/

Tue, 28 Feb 2017 13:02:24 -0800 

commit:     7a00da32661a8ba729193fa8cc1c483f3a6dddec
Author:     Johannes Huber <johu <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 28 21:01:11 2017 +0000
Commit:     Johannes Huber <johu <AT> gentoo <DOT> org>
CommitDate: Tue Feb 28 21:01:11 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a00da32

kde-frameworks/kio: Fix information leak

Revision bump backports upstream patch to fix a information leak when accessing
https when using a malicious PAC file.
https://www.kde.org/info/security/advisory-20170228-1.txt

Gentoo-bug: 611256

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 .../kio/files/kio-5.29.0-sanitize-url.patch        | 38 ++++++++++
 kde-frameworks/kio/kio-5.29.0-r1.ebuild            | 81 ++++++++++++++++++++++
 kde-frameworks/kio/kio-5.31.0-r1.ebuild            | 81 ++++++++++++++++++++++
 3 files changed, 200 insertions(+)

diff --git a/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch 
b/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch
new file mode 100644
index 00000000000..f9f398652d9
--- /dev/null
+++ b/kde-frameworks/kio/files/kio-5.29.0-sanitize-url.patch
@@ -0,0 +1,38 @@
+commit f9d0cb47cf94e209f6171ac0e8d774e68156a6e4
+Author: Albert Astals Cid <[email protected]>
+Date:   Tue Feb 28 19:00:48 2017 +0100
+
+    Sanitize URLs before passing them to FindProxyForURL
+    
+    Remove user/password information
+    For https: remove path and query
+    
+    Thanks to safebreach.com for reporting the problem
+    
+    CCMAIL: [email protected]
+    CCMAIL: [email protected]
+    CCMAIL: [email protected]
+
+diff --git a/src/kpac/script.cpp b/src/kpac/script.cpp
+index a0235f73..2485c54d 100644
+--- a/src/kpac/script.cpp
++++ b/src/kpac/script.cpp
+@@ -754,9 +754,16 @@ QString Script::evaluate(const QUrl &url)
+         }
+     }
+ 
++    QUrl cleanUrl = url;
++    cleanUrl.setUserInfo(QString());
++    if (cleanUrl.scheme() == QLatin1String("https")) {
++        cleanUrl.setPath(QString());
++        cleanUrl.setQuery(QString());
++    }
++
+     QScriptValueList args;
+-    args << url.url();
+-    args << url.host();
++    args << cleanUrl.url();
++    args << cleanUrl.host();
+ 
+     QScriptValue result = func.call(QScriptValue(), args);
+     if (result.isError()) {

diff --git a/kde-frameworks/kio/kio-5.29.0-r1.ebuild 
b/kde-frameworks/kio/kio-5.29.0-r1.ebuild
new file mode 100644
index 00000000000..3e102a99165
--- /dev/null
+++ b/kde-frameworks/kio/kio-5.29.0-r1.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+KDE_TEST="forceoptional"
+VIRTUALX_REQUIRED="test"
+inherit kde5
+
+DESCRIPTION="Framework providing transparent file and data management"
+LICENSE="LGPL-2+"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE="acl +handbook kerberos +kwallet X"
+
+COMMON_DEPEND="
+       $(add_frameworks_dep karchive)
+       $(add_frameworks_dep kbookmarks)
+       $(add_frameworks_dep kcodecs)
+       $(add_frameworks_dep kcompletion)
+       $(add_frameworks_dep kconfig)
+       $(add_frameworks_dep kconfigwidgets)
+       $(add_frameworks_dep kcoreaddons)
+       $(add_frameworks_dep kdbusaddons)
+       $(add_frameworks_dep ki18n)
+       $(add_frameworks_dep kiconthemes)
+       $(add_frameworks_dep kitemviews)
+       $(add_frameworks_dep kjobwidgets)
+       $(add_frameworks_dep knotifications)
+       $(add_frameworks_dep kservice)
+       $(add_frameworks_dep ktextwidgets)
+       $(add_frameworks_dep kwidgetsaddons)
+       $(add_frameworks_dep kwindowsystem)
+       $(add_frameworks_dep kxmlgui)
+       $(add_frameworks_dep solid)
+       $(add_qt_dep qtdbus)
+       $(add_qt_dep qtgui)
+       $(add_qt_dep qtnetwork 'ssl')
+       $(add_qt_dep qtscript)
+       $(add_qt_dep qtwidgets)
+       $(add_qt_dep qtxml)
+       dev-libs/libxml2
+       dev-libs/libxslt
+       acl? (
+               sys-apps/attr
+               virtual/acl
+       )
+       kerberos? ( virtual/krb5 )
+       kwallet? ( $(add_frameworks_dep kwallet) )
+       X? ( $(add_qt_dep qtx11extras) )
+"
+DEPEND="${COMMON_DEPEND}
+       $(add_qt_dep qtconcurrent)
+       handbook? ( $(add_frameworks_dep kdoctools) )
+       test? ( sys-libs/zlib )
+       X? (
+               x11-libs/libX11
+               x11-libs/libXrender
+               x11-proto/xproto
+       )
+"
+PDEPEND="
+       $(add_frameworks_dep kded)
+"
+RDEPEND="${COMMON_DEPEND}"
+
+# tests hang
+RESTRICT+=" test"
+
+PATCHES=( "${FILESDIR}/${P}-sanitize-url.patch" )
+
+src_configure() {
+       local mycmakeargs=(
+               $(cmake-utils_use_find_package acl ACL)
+               $(cmake-utils_use_find_package handbook KF5DocTools)
+               $(cmake-utils_use_find_package kerberos GSSAPI)
+               $(cmake-utils_use_find_package kwallet KF5Wallet)
+               $(cmake-utils_use_find_package X X11)
+       )
+
+       kde5_src_configure
+}

diff --git a/kde-frameworks/kio/kio-5.31.0-r1.ebuild 
b/kde-frameworks/kio/kio-5.31.0-r1.ebuild
new file mode 100644
index 00000000000..b634e48d89c
--- /dev/null
+++ b/kde-frameworks/kio/kio-5.31.0-r1.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+KDE_TEST="forceoptional-recursive"
+VIRTUALX_REQUIRED="test"
+inherit kde5
+
+DESCRIPTION="Framework providing transparent file and data management"
+LICENSE="LGPL-2+"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE="acl +handbook kerberos +kwallet X"
+
+COMMON_DEPEND="
+       $(add_frameworks_dep karchive)
+       $(add_frameworks_dep kbookmarks)
+       $(add_frameworks_dep kcodecs)
+       $(add_frameworks_dep kcompletion)
+       $(add_frameworks_dep kconfig)
+       $(add_frameworks_dep kconfigwidgets)
+       $(add_frameworks_dep kcoreaddons)
+       $(add_frameworks_dep kdbusaddons)
+       $(add_frameworks_dep ki18n)
+       $(add_frameworks_dep kiconthemes)
+       $(add_frameworks_dep kitemviews)
+       $(add_frameworks_dep kjobwidgets)
+       $(add_frameworks_dep knotifications)
+       $(add_frameworks_dep kservice)
+       $(add_frameworks_dep ktextwidgets)
+       $(add_frameworks_dep kwidgetsaddons)
+       $(add_frameworks_dep kwindowsystem)
+       $(add_frameworks_dep kxmlgui)
+       $(add_frameworks_dep solid)
+       $(add_qt_dep qtdbus)
+       $(add_qt_dep qtgui)
+       $(add_qt_dep qtnetwork 'ssl')
+       $(add_qt_dep qtscript)
+       $(add_qt_dep qtwidgets)
+       $(add_qt_dep qtxml)
+       dev-libs/libxml2
+       dev-libs/libxslt
+       acl? (
+               sys-apps/attr
+               virtual/acl
+       )
+       kerberos? ( virtual/krb5 )
+       kwallet? ( $(add_frameworks_dep kwallet) )
+       X? ( $(add_qt_dep qtx11extras) )
+"
+DEPEND="${COMMON_DEPEND}
+       $(add_qt_dep qtconcurrent)
+       handbook? ( $(add_frameworks_dep kdoctools) )
+       test? ( sys-libs/zlib )
+       X? (
+               x11-libs/libX11
+               x11-libs/libXrender
+               x11-proto/xproto
+       )
+"
+PDEPEND="
+       $(add_frameworks_dep kded)
+"
+RDEPEND="${COMMON_DEPEND}"
+
+# tests hang
+RESTRICT+=" test"
+
+PATCHES=( "${FILESDIR}/${PN}-5.29.0-sanitize-url.patch" )
+
+src_configure() {
+       local mycmakeargs=(
+               $(cmake-utils_use_find_package acl ACL)
+               $(cmake-utils_use_find_package handbook KF5DocTools)
+               $(cmake-utils_use_find_package kerberos GSSAPI)
+               $(cmake-utils_use_find_package kwallet KF5Wallet)
+               $(cmake-utils_use_find_package X X11)
+       )
+
+       kde5_src_configure
+}

Reply via email to