From owner-svn-ports-all@freebsd.org  Sat Mar 11 21:11:19 2017
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4F022D08671;
 Sat, 11 Mar 2017 21:11:19 +0000 (UTC)
 (envelope-from rakuco@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0FEF3880;
 Sat, 11 Mar 2017 21:11:18 +0000 (UTC)
 (envelope-from rakuco@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v2BLBI5W060960;
 Sat, 11 Mar 2017 21:11:18 GMT (envelope-from rakuco@FreeBSD.org)
Received: (from rakuco@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v2BLBIk5060958;
 Sat, 11 Mar 2017 21:11:18 GMT (envelope-from rakuco@FreeBSD.org)
Message-Id: <201703112111.v2BLBIk5060958@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: rakuco set sender to
 rakuco@FreeBSD.org using -f
From: Raphael Kubo da Costa <rakuco@FreeBSD.org>
Date: Sat, 11 Mar 2017 21:11:18 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r435960 - in head/deskutils/kdepimlibs4: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Mar 2017 21:11:19 -0000

Author: rakuco
Date: Sat Mar 11 21:11:17 2017
New Revision: 435960
URL: https://svnweb.freebsd.org/changeset/ports/435960

Log:
  Patch a directory traversal vulnerability in the KTNEF parser.
  
  Backported from
  https://commits.kde.org/ktnef/4ff38aa15487d69021aacad4b078500f77fb4ae8
  
  Security announcement:
  https://www.kde.org/info/security/advisory-20170227-1.txt
  
  MFH:		2017Q1
  Security:	e550fc62-069a-11e7-8e3e-5453ed2e2b49

Added:
  head/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp   (contents, props changed)
Modified:
  head/deskutils/kdepimlibs4/Makefile

Modified: head/deskutils/kdepimlibs4/Makefile
==============================================================================
--- head/deskutils/kdepimlibs4/Makefile	Sat Mar 11 21:09:58 2017	(r435959)
+++ head/deskutils/kdepimlibs4/Makefile	Sat Mar 11 21:11:17 2017	(r435960)
@@ -3,7 +3,7 @@
 
 PORTNAME=	kdepimlibs
 PORTVERSION=	${KDE4_KDELIBS_VERSION}
-PORTREVISION=	6
+PORTREVISION=	7
 CATEGORIES=	deskutils kde
 MASTER_SITES=	KDE/${KDE4_APPLICATIONS_BRANCH}/applications/${KDE4_APPLICATIONS_VERSION}/src
 DIST_SUBDIR=	KDE/${PORTVERSION}

Added: head/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp	Sat Mar 11 21:11:17 2017	(r435960)
@@ -0,0 +1,38 @@
+Fix for https://www.kde.org/info/security/advisory-20170227-1.txt
+--- ktnef/ktnefparser.cpp.orig	2017-03-11 20:23:43 UTC
++++ ktnef/ktnefparser.cpp
+@@ -40,7 +40,9 @@
+ 
+ #include <QtCore/QDateTime>
+ #include <QtCore/QDataStream>
++#include <QtCore/QDir>
+ #include <QtCore/QFile>
++#include <QtCore/QFileInfo>
+ #include <QtCore/QVariant>
+ #include <QtCore/QList>
+ 
+@@ -446,7 +448,9 @@ bool KTNEFParser::extractFile( const QSt
+ bool KTNEFParser::ParserPrivate::extractAttachmentTo( KTNEFAttach *att,
+                                                       const QString &dirname )
+ {
+-  QString filename = dirname + '/';
++  const QString destDir( QDir( dirname ).absolutePath() ); // get directory path without any "." or ".."
++
++  QString filename = destDir + '/';
+   if ( !att->fileName().isEmpty()) {
+     filename += att->fileName();
+   } else {
+@@ -462,6 +466,13 @@ bool KTNEFParser::ParserPrivate::extract
+   if ( !device_->seek( att->offset() ) ) {
+     return false;
+   }
++  const QFileInfo fi( filename );
++  if ( !fi.absoluteFilePath().startsWith( destDir ) ) {
++      kWarning() << "Attempted extract into" << fi.absoluteFilePath()
++                 << "which is outside of the extraction root folder" << destDir << "."
++                 << "Changing export of contained files to extraction root folder.";
++      filename = destDir + QLatin1Char( '/' ) + fi.fileName();
++  }
+   KSaveFile outfile( filename );
+   if ( !outfile.open() ) {
+     return false;