pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2004Q4]: pkgsrc/x11/kdelibs3 Pullup ticket 208 - requested by ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/92a06ed06a0d
branches: pkgsrc-2004Q4
changeset: 485798:92a06ed06a0d
user: salo <salo%pkgsrc.org@localhost>
date: Thu Jan 06 00:23:49 2005 +0000
description:
Pullup ticket 208 - requested by Mark Davies
security fix for kdelibs3
Module Name: pkgsrc
Committed By: markd
Date: Wed Jan 5 10:36:23 UTC 2005
Modified Files:
pkgsrc/x11/kdelibs3: Makefile distinfo
Added Files:
pkgsrc/x11/kdelibs3/patches: patch-aq
Log Message:
The FTP kioslave can be misused to execute any ftp command on the
server or be a vector for sending out unsolicited email.
http://www.kde.org/info/security/advisory-20050101-1.txt
Bump PKGREVISION.
diffstat:
x11/kdelibs3/Makefile | 4 ++--
x11/kdelibs3/distinfo | 3 ++-
x11/kdelibs3/patches/patch-aq | 19 +++++++++++++++++++
3 files changed, 23 insertions(+), 3 deletions(-)
diffs (53 lines):
diff -r 0ed04f90a1d8 -r 92a06ed06a0d x11/kdelibs3/Makefile
--- a/x11/kdelibs3/Makefile Thu Jan 06 00:19:42 2005 +0000
+++ b/x11/kdelibs3/Makefile Thu Jan 06 00:23:49 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.71.2.1 2005/01/06 00:19:42 salo Exp $
+# $NetBSD: Makefile,v 1.71.2.2 2005/01/06 00:23:49 salo Exp $
DISTNAME= kdelibs-${_KDE_VERSION}
-PKGREVISION= 5
+PKGREVISION= 6
CATEGORIES= x11
COMMENT= Support libraries for the KDE integrated X11 desktop
diff -r 0ed04f90a1d8 -r 92a06ed06a0d x11/kdelibs3/distinfo
--- a/x11/kdelibs3/distinfo Thu Jan 06 00:19:42 2005 +0000
+++ b/x11/kdelibs3/distinfo Thu Jan 06 00:23:49 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.46.2.1 2005/01/06 00:19:42 salo Exp $
+$NetBSD: distinfo,v 1.46.2.2 2005/01/06 00:23:49 salo Exp $
SHA1 (kdelibs-3.3.2.tar.bz2) = 69325b603375d31d4d537955383f4893e4a7945f
Size (kdelibs-3.3.2.tar.bz2) = 15623180 bytes
@@ -10,6 +10,7 @@
SHA1 (patch-an) = 0fccfa014212073f235945732ef3a3329756f9b5
SHA1 (patch-ao) = 5cc9be57db26a2615ae9c982eb2b894c2c193e6b
SHA1 (patch-ap) = bd0aa3b4a4b56cd74b674ce191b48268adecc8b9
+SHA1 (patch-aq) = 0cbe989b24378a2f0218f6a32328ce56aa812de4
SHA1 (patch-bc) = 434a48d290aa9716b8c6e372419460ebd33cf8ea
SHA1 (patch-bd) = 172e1146d4e1e49a1a61d7ddc415dbfa4e5c4088
SHA1 (patch-bu) = 65aca46f30be04c0d8177498eac149437b21ba56
diff -r 0ed04f90a1d8 -r 92a06ed06a0d x11/kdelibs3/patches/patch-aq
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-aq Thu Jan 06 00:23:49 2005 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-aq,v 1.6.4.1 2005/01/06 00:23:49 salo Exp $
+
+--- kioslave/ftp/ftp.cc.orig 2004-10-03 20:40:52.000000000 +1300
++++ kioslave/ftp/ftp.cc
+@@ -751,6 +751,14 @@ bool Ftp::ftpSendCmd( const QCString& cm
+ {
+ assert(m_control != NULL); // must have control connection socket
+
++ if ( cmd.find( '\r' ) != -1 || cmd.find( '\n' ) != -1)
++ {
++ kdWarning(7102) << "Invalid command received (contains CR or LF): "
++ << cmd.data() << endl;
++ error( ERR_UNSUPPORTED_ACTION, m_host );
++ return false;
++ }
++
+ // Don't print out the password...
+ bool isPassCmd = (cmd.left(4).lower() == "pass");
+ if ( !isPassCmd )
Home |
Main Index |
Thread Index |
Old Index