about summary refs log tree commit diff
diff options
context:
space:
mode:
authorYury G. Kudryashov <urkud.urkud@gmail.com>2010-05-13 22:05:08 +0000
committerYury G. Kudryashov <urkud.urkud@gmail.com>2010-05-13 22:05:08 +0000
commit43106b4d045621bbf2cd5b52dbe68e65a22a6129 (patch)
treea8aeadbdac99af5f3a9adc3e30cf3e8db6d62171
parent975b88f57360abf047b2e9d5a8406da05424313d (diff)
downloadnixlib-43106b4d045621bbf2cd5b52dbe68e65a22a6129.tar
nixlib-43106b4d045621bbf2cd5b52dbe68e65a22a6129.tar.gz
nixlib-43106b4d045621bbf2cd5b52dbe68e65a22a6129.tar.bz2
nixlib-43106b4d045621bbf2cd5b52dbe68e65a22a6129.tar.lz
nixlib-43106b4d045621bbf2cd5b52dbe68e65a22a6129.tar.xz
nixlib-43106b4d045621bbf2cd5b52dbe68e65a22a6129.tar.zst
nixlib-43106b4d045621bbf2cd5b52dbe68e65a22a6129.zip
Apply upstream security patch to kget
svn path=/nixpkgs/trunk/; revision=21769
Diffstat
-rw-r--r--pkgs/desktops/kde-4.4/network/default.nix3
-rw-r--r--pkgs/desktops/kde-4.4/network/kget-cve.patch212
2 files changed, 214 insertions, 1 deletions
diff --git a/pkgs/desktops/kde-4.4/network/default.nix b/pkgs/desktops/kde-4.4/network/default.nix
index 54331b69b8d4..b91b97dfdf84 100644
--- a/pkgs/desktops/kde-4.4/network/default.nix
+++ b/pkgs/desktops/kde-4.4/network/default.nix
@@ -11,8 +11,9 @@ stdenv.mkDerivation {
   };
   buildInputs = [ cmake qt4 perl speex gmp libxml2 libxslt sqlite alsaLib libidn
                   libvncserver libmsn giflib gpgme boost stdenv.gcc.libc libv4l
-		  libXi libXtst libXdamage libXxf86vm
+                  libXi libXtst libXdamage libXxf86vm
                   kdelibs kdepimlibs automoc4 phonon qca2 soprano qimageblitz strigi ];
+  patches = [ ./kget-cve.patch ];
   meta = {
     description = "KDE network utilities";
     longDescription = "Various network utilities for KDE such as a messenger client and network configuration interface";
diff --git a/pkgs/desktops/kde-4.4/network/kget-cve.patch b/pkgs/desktops/kde-4.4/network/kget-cve.patch
new file mode 100644
index 000000000000..26b77e7b127b
--- /dev/null
+++ b/pkgs/desktops/kde-4.4/network/kget-cve.patch
@@ -0,0 +1,212 @@
+Index: kget/transfer-plugins/metalink/metalink.cpp
+===================================================================
+--- a/kget/transfer-plugins/metalink/metalink.cpp	(revision 1124973)
++++ b/kget/transfer-plugins/metalink/metalink.cpp	(revision 1124974)
+@@ -99,6 +99,7 @@
+ void Metalink::metalinkInit(const KUrl &src, const QByteArray &data)
+ {
+     kDebug(5001);
++
+     bool justDownloaded = !m_localMetalinkLocation.isValid();
+     if (!src.isEmpty())
+     {
+@@ -121,7 +122,9 @@
+     //error
+     if (!m_metalink.isValid())
+     {
+-        kDebug(5001) << "Unknown error when trying to load the .metalink-file";
++        kError(5001) << "Unknown error when trying to load the .metalink-file. Metalink is not valid.";
++        setStatus(Job::Aborted);
++        setTransferChange(Tc_Status, true);
+         return;
+     }
+ 
+@@ -202,7 +205,7 @@
+     if (!m_dataSourceFactory.size())
+     {
+         KMessageBox::error(0, i18n("Download failed, no working URLs were found."), i18n("Error"));
+-        setStatus(Job::Aborted, i18n("An error occurred...."), SmallIcon("document-preview"));
++        setStatus(Job::Aborted);
+         setTransferChange(Tc_Status, true);
+         return;
+     }
+@@ -227,16 +230,29 @@
+         ui.treeView->hideColumn(FileItem::SignatureVerified);
+         dialog->setMainWidget(widget);
+         dialog->setCaption(i18n("File Selection"));
+-        dialog->setButtons(KDialog::Ok);
+-        connect(dialog, SIGNAL(finished()), this, SLOT(filesSelected()));
++        dialog->setButtons(KDialog::Ok | KDialog::Cancel);
++        connect(dialog, SIGNAL(finished(int)), this, SLOT(fileDlgFinished(int)));
+ 
+         dialog->show();
+     }
+ }
+ 
+-void Metalink::filesSelected()
++void Metalink::fileDlgFinished(int result)
+ {
++    //BEGIN HACK if the dialog was not accepted untick every file, so that the download does not start
++    //generally setStatus should do the job as well, but does not as it appears
++    if (result != QDialog::Accepted) {
++        for (int row = 0; row < fileModel()->rowCount(); ++row) {
++            QModelIndex index = fileModel()->index(row, FileItem::File);
++            if (index.isValid()) {
++                fileModel()->setData(index, Qt::Unchecked, Qt::CheckStateRole);
++            }
++        }
++    }
++    //END
++
+     QModelIndexList files = fileModel()->fileIndexes(FileItem::File);
++    int numFilesSelected = 0;
+     foreach (const QModelIndex &index, files)
+     {
+         const KUrl dest = fileModel()->getUrl(index);
+@@ -244,6 +260,9 @@
+         if (m_dataSourceFactory.contains(dest))
+         {
+             m_dataSourceFactory[dest]->setDoDownload(doDownload);
++            if (doDownload) {
++                ++numFilesSelected;
++            }
+         }
+     }
+ 
+@@ -252,9 +271,15 @@
+     processedSizeChanged();
+     speedChanged();
+ 
++    //no files selected to download or dialog rejected, stop the download
++    if (!numFilesSelected  || (result != QDialog::Accepted)) {
++         setStatus(Job::Stopped);//FIXME
++         setTransferChange(Tc_Status, true);
++        return;
++    }
++
+     //some files may be set to download, so start them as long as the transfer is not stopped
+-    if (status() != Job::Stopped)
+-    {
++    if (status() != Job::Stopped) {
+         startMetalink();
+     }
+ }
+Index: kget/transfer-plugins/metalink/metalink.h
+===================================================================
+--- a/kget/transfer-plugins/metalink/metalink.h	(revision 1124973)
++++ b/kget/transfer-plugins/metalink/metalink.h	(revision 1124974)
+@@ -81,7 +81,7 @@
+ 
+     private Q_SLOTS:
+         void metalinkInit(const KUrl &url = KUrl(), const QByteArray &data = QByteArray());
+-        void filesSelected();
++        void fileDlgFinished(int result);
+         void totalSizeChanged(KIO::filesize_t size);
+         void processedSizeChanged();
+         void speedChanged();
+Index: kget/ui/metalinkcreator/metalinker.h
+===================================================================
+--- a/kget/ui/metalinkcreator/metalinker.h	(revision 1124973)
++++ b/kget/ui/metalinkcreator/metalinker.h	(revision 1124974)
+@@ -259,6 +259,14 @@
+         KIO::filesize_t size;
+         CommonData data;
+         Resources resources;
++
++    private:
++        /**
++         * Controlls if the name attribute is valid, i.e. it is not empty and
++         * does not contain any directory traversal directives or information,
++         * as described in the Metalink 4.0 specification 4.1.2.1.
++         */
++        bool isValidNameAttribute() const;
+ };
+ 
+ class Files
+Index: kget/ui/metalinkcreator/metalinker.cpp
+===================================================================
+--- a/kget/ui/metalinkcreator/metalinker.cpp	(revision 1124973)
++++ b/kget/ui/metalinkcreator/metalinker.cpp	(revision 1124974)
+@@ -528,14 +528,14 @@
+ 
+ bool KGetMetalink::File::isValid() const
+ {
+-    return !name.isEmpty() && resources.isValid();
++    return isValidNameAttribute() && resources.isValid();
+ }
+ 
+ void KGetMetalink::File::load(const QDomElement &e)
+ {
+     data.load(e);
+ 
+-    name = e.attribute("name");
++    name = QUrl::fromPercentEncoding(e.attribute("name").toAscii());
+     size = e.firstChildElement("size").text().toULongLong();
+ 
+     verification.load(e);
+@@ -575,6 +575,22 @@
+     resources.clear();
+ }
+ 
++
++bool KGetMetalink::File::isValidNameAttribute() const
++{
++    if (name.isEmpty()) {
++        kError(5001) << "Name attribute of Metalink::File is empty.";
++        return false;
++    }
++
++    if (name.contains(QRegExp("$(\\.\\.?)?/")) || name.contains("/../") || name.endsWith("/..")) {
++        kError(5001) << "Name attribute of Metalink::File contains directory traversal directives:" << name;
++        return false;
++    }
++
++    return true;
++}
++
+ #ifdef HAVE_NEPOMUK
+ QHash<QUrl, Nepomuk::Variant> KGetMetalink::File::properties() const
+ {
+@@ -584,13 +600,28 @@
+ 
+ bool KGetMetalink::Files::isValid() const
+ {
+-    bool isValid = !files.empty();
+-    foreach (const File &file, files)
+-    {
+-        isValid &= file.isValid();
++    if (files.isEmpty()) {
++        return false;
+     }
+ 
+-    return isValid;
++    QStringList fileNames;
++    foreach (const File &file, files) {
++        fileNames << file.name;
++        if (!file.isValid()) {
++            return false;
++        }
++    }
++
++    //The value of name must be unique for each file
++    while (!fileNames.isEmpty()) {
++        const QString fileName = fileNames.takeFirst();
++        if (fileNames.contains(fileName)) {
++            kError(5001) << "Metalink::File name" << fileName << "exists multiple times.";
++            return false;
++        }
++    }
++
++    return true;
+ }
+ 
+ void KGetMetalink::Files::load(const QDomElement &e)
+@@ -751,7 +782,7 @@
+ 
+     for (QDomElement elem = filesElem.firstChildElement("file"); !elem.isNull(); elem = elem.nextSiblingElement("file")) {
+         File file;
+-        file.name = elem.attribute("name");
++        file.name = QUrl::fromPercentEncoding(elem.attribute("name").toAscii());
+         file.size = elem.firstChildElement("size").text().toULongLong();
+ 
+         file.data = parseCommonData(elem);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-25 15:43:29 +0000