pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2004Q4]: pkgsrc/x11/kdelibs3 Pullup ticket 208 - requested by ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/92a06ed06a0d
branches:  pkgsrc-2004Q4
changeset: 485798:92a06ed06a0d
user:      salo <salo%pkgsrc.org@localhost>
date:      Thu Jan 06 00:23:49 2005 +0000

description:
Pullup ticket 208 - requested by Mark Davies
security fix for kdelibs3

        Module Name:    pkgsrc
        Committed       By: markd
        Date:           Wed Jan  5 10:36:23 UTC 2005

        Modified Files:
                 pkgsrc/x11/kdelibs3: Makefile distinfo
        Added Files:
                pkgsrc/x11/kdelibs3/patches: patch-aq

        Log Message:
        The FTP kioslave can be misused to execute any ftp command on the
        server or be a vector for sending out unsolicited email.
        http://www.kde.org/info/security/advisory-20050101-1.txt
        Bump PKGREVISION.

diffstat:

 x11/kdelibs3/Makefile         |   4 ++--
 x11/kdelibs3/distinfo         |   3 ++-
 x11/kdelibs3/patches/patch-aq |  19 +++++++++++++++++++
 3 files changed, 23 insertions(+), 3 deletions(-)

diffs (53 lines):

diff -r 0ed04f90a1d8 -r 92a06ed06a0d x11/kdelibs3/Makefile
--- a/x11/kdelibs3/Makefile     Thu Jan 06 00:19:42 2005 +0000
+++ b/x11/kdelibs3/Makefile     Thu Jan 06 00:23:49 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.71.2.1 2005/01/06 00:19:42 salo Exp $
+# $NetBSD: Makefile,v 1.71.2.2 2005/01/06 00:23:49 salo Exp $
 
 DISTNAME=      kdelibs-${_KDE_VERSION}
-PKGREVISION=   5
+PKGREVISION=   6
 CATEGORIES=    x11
 COMMENT=       Support libraries for the KDE integrated X11 desktop
 
diff -r 0ed04f90a1d8 -r 92a06ed06a0d x11/kdelibs3/distinfo
--- a/x11/kdelibs3/distinfo     Thu Jan 06 00:19:42 2005 +0000
+++ b/x11/kdelibs3/distinfo     Thu Jan 06 00:23:49 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.46.2.1 2005/01/06 00:19:42 salo Exp $
+$NetBSD: distinfo,v 1.46.2.2 2005/01/06 00:23:49 salo Exp $
 
 SHA1 (kdelibs-3.3.2.tar.bz2) = 69325b603375d31d4d537955383f4893e4a7945f
 Size (kdelibs-3.3.2.tar.bz2) = 15623180 bytes
@@ -10,6 +10,7 @@
 SHA1 (patch-an) = 0fccfa014212073f235945732ef3a3329756f9b5
 SHA1 (patch-ao) = 5cc9be57db26a2615ae9c982eb2b894c2c193e6b
 SHA1 (patch-ap) = bd0aa3b4a4b56cd74b674ce191b48268adecc8b9
+SHA1 (patch-aq) = 0cbe989b24378a2f0218f6a32328ce56aa812de4
 SHA1 (patch-bc) = 434a48d290aa9716b8c6e372419460ebd33cf8ea
 SHA1 (patch-bd) = 172e1146d4e1e49a1a61d7ddc415dbfa4e5c4088
 SHA1 (patch-bu) = 65aca46f30be04c0d8177498eac149437b21ba56
diff -r 0ed04f90a1d8 -r 92a06ed06a0d x11/kdelibs3/patches/patch-aq
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-aq     Thu Jan 06 00:23:49 2005 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-aq,v 1.6.4.1 2005/01/06 00:23:49 salo Exp $
+
+--- kioslave/ftp/ftp.cc.orig   2004-10-03 20:40:52.000000000 +1300
++++ kioslave/ftp/ftp.cc
+@@ -751,6 +751,14 @@ bool Ftp::ftpSendCmd( const QCString& cm
+ {
+   assert(m_control != NULL);    // must have control connection socket
+ 
++  if ( cmd.find( '\r' ) != -1 || cmd.find( '\n' ) != -1)
++  {
++    kdWarning(7102) << "Invalid command received (contains CR or LF): "
++                    << cmd.data() << endl;
++    error( ERR_UNSUPPORTED_ACTION, m_host );
++    return false;
++  }
++
+   // Don't print out the password...
+   bool isPassCmd = (cmd.left(4).lower() == "pass");
+   if ( !isPassCmd )



Home | Main Index | Thread Index | Old Index