Date: Sat, 11 Mar 2017 21:11:18 +0000 (UTC) From: Raphael Kubo da Costa <rakuco@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r435960 - in head/deskutils/kdepimlibs4: . files Message-ID: <201703112111.v2BLBIk5060958@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rakuco Date: Sat Mar 11 21:11:17 2017 New Revision: 435960 URL: https://svnweb.freebsd.org/changeset/ports/435960 Log: Patch a directory traversal vulnerability in the KTNEF parser. Backported from https://commits.kde.org/ktnef/4ff38aa15487d69021aacad4b078500f77fb4ae8 Security announcement: https://www.kde.org/info/security/advisory-20170227-1.txt MFH: 2017Q1 Security: e550fc62-069a-11e7-8e3e-5453ed2e2b49 Added: head/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp (contents, props changed) Modified: head/deskutils/kdepimlibs4/Makefile Modified: head/deskutils/kdepimlibs4/Makefile ============================================================================== --- head/deskutils/kdepimlibs4/Makefile Sat Mar 11 21:09:58 2017 (r435959) +++ head/deskutils/kdepimlibs4/Makefile Sat Mar 11 21:11:17 2017 (r435960) @@ -3,7 +3,7 @@ PORTNAME= kdepimlibs PORTVERSION= ${KDE4_KDELIBS_VERSION} -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= deskutils kde MASTER_SITES= KDE/${KDE4_APPLICATIONS_BRANCH}/applications/${KDE4_APPLICATIONS_VERSION}/src DIST_SUBDIR= KDE/${PORTVERSION} Added: head/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp Sat Mar 11 21:11:17 2017 (r435960) @@ -0,0 +1,38 @@ +Fix for https://www.kde.org/info/security/advisory-20170227-1.txt +--- ktnef/ktnefparser.cpp.orig 2017-03-11 20:23:43 UTC ++++ ktnef/ktnefparser.cpp +@@ -40,7 +40,9 @@ + + #include <QtCore/QDateTime> + #include <QtCore/QDataStream> ++#include <QtCore/QDir> + #include <QtCore/QFile> ++#include <QtCore/QFileInfo> + #include <QtCore/QVariant> + #include <QtCore/QList> + +@@ -446,7 +448,9 @@ bool KTNEFParser::extractFile( const QSt + bool KTNEFParser::ParserPrivate::extractAttachmentTo( KTNEFAttach *att, + const QString &dirname ) + { +- QString filename = dirname + '/'; ++ const QString destDir( QDir( dirname ).absolutePath() ); // get directory path without any "." or ".." ++ ++ QString filename = destDir + '/'; + if ( !att->fileName().isEmpty()) { + filename += att->fileName(); + } else { +@@ -462,6 +466,13 @@ bool KTNEFParser::ParserPrivate::extract + if ( !device_->seek( att->offset() ) ) { + return false; + } ++ const QFileInfo fi( filename ); ++ if ( !fi.absoluteFilePath().startsWith( destDir ) ) { ++ kWarning() << "Attempted extract into" << fi.absoluteFilePath() ++ << "which is outside of the extraction root folder" << destDir << "." ++ << "Changing export of contained files to extraction root folder."; ++ filename = destDir + QLatin1Char( '/' ) + fi.fileName(); ++ } + KSaveFile outfile( filename ); + if ( !outfile.open() ) { + return false;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703112111.v2BLBIk5060958>