From 43abbac86707aac4c07ebde21334bbbc86ebaeea Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Jun 07 2010 11:16:29 +0000 Subject: 4.4.4 --- diff --git a/kdenetwork-4.4.3-cve-2010-1000_1511.patch b/kdenetwork-4.4.3-cve-2010-1000_1511.patch deleted file mode 100644 index fdabbff..0000000 --- a/kdenetwork-4.4.3-cve-2010-1000_1511.patch +++ /dev/null @@ -1,212 +0,0 @@ -Index: kget/transfer-plugins/metalink/metalink.cpp -=================================================================== ---- kget/transfer-plugins/metalink/metalink.cpp (revision 1124973) -+++ kget/transfer-plugins/metalink/metalink.cpp (revision 1124974) -@@ -99,6 +99,7 @@ - void Metalink::metalinkInit(const KUrl &src, const QByteArray &data) - { - kDebug(5001); -+ - bool justDownloaded = !m_localMetalinkLocation.isValid(); - if (!src.isEmpty()) - { -@@ -121,7 +122,9 @@ - //error - if (!m_metalink.isValid()) - { -- kDebug(5001) << "Unknown error when trying to load the .metalink-file"; -+ kError(5001) << "Unknown error when trying to load the .metalink-file. Metalink is not valid."; -+ setStatus(Job::Aborted); -+ setTransferChange(Tc_Status, true); - return; - } - -@@ -202,7 +205,7 @@ - if (!m_dataSourceFactory.size()) - { - KMessageBox::error(0, i18n("Download failed, no working URLs were found."), i18n("Error")); -- setStatus(Job::Aborted, i18n("An error occurred...."), SmallIcon("document-preview")); -+ setStatus(Job::Aborted); - setTransferChange(Tc_Status, true); - return; - } -@@ -227,16 +230,29 @@ - ui.treeView->hideColumn(FileItem::SignatureVerified); - dialog->setMainWidget(widget); - dialog->setCaption(i18n("File Selection")); -- dialog->setButtons(KDialog::Ok); -- connect(dialog, SIGNAL(finished()), this, SLOT(filesSelected())); -+ dialog->setButtons(KDialog::Ok | KDialog::Cancel); -+ connect(dialog, SIGNAL(finished(int)), this, SLOT(fileDlgFinished(int))); - - dialog->show(); - } - } - --void Metalink::filesSelected() -+void Metalink::fileDlgFinished(int result) - { -+ //BEGIN HACK if the dialog was not accepted untick every file, so that the download does not start -+ //generally setStatus should do the job as well, but does not as it appears -+ if (result != QDialog::Accepted) { -+ for (int row = 0; row < fileModel()->rowCount(); ++row) { -+ QModelIndex index = fileModel()->index(row, FileItem::File); -+ if (index.isValid()) { -+ fileModel()->setData(index, Qt::Unchecked, Qt::CheckStateRole); -+ } -+ } -+ } -+ //END -+ - QModelIndexList files = fileModel()->fileIndexes(FileItem::File); -+ int numFilesSelected = 0; - foreach (const QModelIndex &index, files) - { - const KUrl dest = fileModel()->getUrl(index); -@@ -244,6 +260,9 @@ - if (m_dataSourceFactory.contains(dest)) - { - m_dataSourceFactory[dest]->setDoDownload(doDownload); -+ if (doDownload) { -+ ++numFilesSelected; -+ } - } - } - -@@ -252,9 +271,15 @@ - processedSizeChanged(); - speedChanged(); - -+ //no files selected to download or dialog rejected, stop the download -+ if (!numFilesSelected || (result != QDialog::Accepted)) { -+ setStatus(Job::Stopped);//FIXME -+ setTransferChange(Tc_Status, true); -+ return; -+ } -+ - //some files may be set to download, so start them as long as the transfer is not stopped -- if (status() != Job::Stopped) -- { -+ if (status() != Job::Stopped) { - startMetalink(); - } - } -Index: kget/transfer-plugins/metalink/metalink.h -=================================================================== ---- kget/transfer-plugins/metalink/metalink.h (revision 1124973) -+++ kget/transfer-plugins/metalink/metalink.h (revision 1124974) -@@ -81,7 +81,7 @@ - - private Q_SLOTS: - void metalinkInit(const KUrl &url = KUrl(), const QByteArray &data = QByteArray()); -- void filesSelected(); -+ void fileDlgFinished(int result); - void totalSizeChanged(KIO::filesize_t size); - void processedSizeChanged(); - void speedChanged(); -Index: kget/ui/metalinkcreator/metalinker.h -=================================================================== ---- kget/ui/metalinkcreator/metalinker.h (revision 1124973) -+++ kget/ui/metalinkcreator/metalinker.h (revision 1124974) -@@ -259,6 +259,14 @@ - KIO::filesize_t size; - CommonData data; - Resources resources; -+ -+ private: -+ /** -+ * Controlls if the name attribute is valid, i.e. it is not empty and -+ * does not contain any directory traversal directives or information, -+ * as described in the Metalink 4.0 specification 4.1.2.1. -+ */ -+ bool isValidNameAttribute() const; - }; - - class Files -Index: kget/ui/metalinkcreator/metalinker.cpp -=================================================================== ---- kget/ui/metalinkcreator/metalinker.cpp (revision 1124973) -+++ kget/ui/metalinkcreator/metalinker.cpp (revision 1124974) -@@ -528,14 +528,14 @@ - - bool KGetMetalink::File::isValid() const - { -- return !name.isEmpty() && resources.isValid(); -+ return isValidNameAttribute() && resources.isValid(); - } - - void KGetMetalink::File::load(const QDomElement &e) - { - data.load(e); - -- name = e.attribute("name"); -+ name = QUrl::fromPercentEncoding(e.attribute("name").toAscii()); - size = e.firstChildElement("size").text().toULongLong(); - - verification.load(e); -@@ -575,6 +575,22 @@ - resources.clear(); - } - -+ -+bool KGetMetalink::File::isValidNameAttribute() const -+{ -+ if (name.isEmpty()) { -+ kError(5001) << "Name attribute of Metalink::File is empty."; -+ return false; -+ } -+ -+ if (name.contains(QRegExp("$(\\.\\.?)?/")) || name.contains("/../") || name.endsWith("/..")) { -+ kError(5001) << "Name attribute of Metalink::File contains directory traversal directives:" << name; -+ return false; -+ } -+ -+ return true; -+} -+ - #ifdef HAVE_NEPOMUK - QHash KGetMetalink::File::properties() const - { -@@ -584,13 +600,28 @@ - - bool KGetMetalink::Files::isValid() const - { -- bool isValid = !files.empty(); -- foreach (const File &file, files) -- { -- isValid &= file.isValid(); -+ if (files.isEmpty()) { -+ return false; - } - -- return isValid; -+ QStringList fileNames; -+ foreach (const File &file, files) { -+ fileNames << file.name; -+ if (!file.isValid()) { -+ return false; -+ } -+ } -+ -+ //The value of name must be unique for each file -+ while (!fileNames.isEmpty()) { -+ const QString fileName = fileNames.takeFirst(); -+ if (fileNames.contains(fileName)) { -+ kError(5001) << "Metalink::File name" << fileName << "exists multiple times."; -+ return false; -+ } -+ } -+ -+ return true; - } - - void KGetMetalink::Files::load(const QDomElement &e) -@@ -751,7 +782,7 @@ - - for (QDomElement elem = filesElem.firstChildElement("file"); !elem.isNull(); elem = elem.nextSiblingElement("file")) { - File file; -- file.name = elem.attribute("name"); -+ file.name = QUrl::fromPercentEncoding(elem.attribute("name").toAscii()); - file.size = elem.firstChildElement("size").text().toULongLong(); - - file.data = parseCommonData(elem); diff --git a/kdenetwork.spec b/kdenetwork.spec index 14b8e75..c3176e6 100644 --- a/kdenetwork.spec +++ b/kdenetwork.spec @@ -2,8 +2,8 @@ Summary: KDE Network Applications Name: kdenetwork Epoch: 7 -Version: 4.4.3 -Release: 3%{?dist} +Version: 4.4.4 +Release: 1%{?dist} License: GPLv2 Group: Applications/Internet @@ -22,9 +22,6 @@ Patch2: kdenetwork-4.3.3-resolv-conf-path.patch ## upstream patches ## security patches -# rhbz#591966 - CVE-2010-1000 CVE-2010-1511 kdenetwork: improper sanitization -# of metalink attribute for downloading files -Patch100: kdenetwork-4.4.3-cve-2010-1000_1511.patch %if 0%{?fedora} BuildRequires: avahi-compat-libdns_sd-devel @@ -113,7 +110,6 @@ Requires: kdelibs4-devel %setup -q -a 1 -n kdenetwork-%{version}%{?alphatag} %patch1 -p1 -b .icon %patch2 -p1 -b .resolv-conf-path -%patch100 -p0 -b .cve-2010-1000_1511 %build mkdir -p %{_target_platform} @@ -216,6 +212,9 @@ fi %changelog +* Sun May 30 2010 Than Ngo - 7:4.4.4-1 +- 4.4.4 + * Thu May 13 2010 Jaroslav Reznik - 7:4.4.3-3 - security fixes: CVE-2010-1000, CVE-2010-1511 (#591966) diff --git a/sources b/sources index 4ddcfa3..6c23b42 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -9e8e285aff018807fd5967806cebf083 kdenetwork-4.4.3.tar.bz2 7dd360a790100c952090410c2c89937c krdc-icons.tar.bz2 +42619dc65cf8b8a6e483dff23a4a5127 kdenetwork-4.4.4.tar.bz2