svn commit: r436915 - in branches/2017Q1: devel/kf5-kio devel/kf5-kio/files x11/kdelibs4 x11/kdelibs4/files
Tobias C. Berner
tcberner at FreeBSD.org
Sat Mar 25 20:39:47 UTC 2017
Author: tcberner
Date: Sat Mar 25 20:39:45 2017
New Revision: 436915
URL: https://svnweb.freebsd.org/changeset/ports/436915
Log:
MFH: r435896 r431563
Adress CVE-2017-6410 in devel/kf5-kio and x11/kdelibs4
Using a malicious PAC file, and then using exfiltration methods in the PAC
function FindProxyForURL() enables the attacker to expose full https URLs.
This is a security issue since https URLs may contain sensitive
information in the URL authentication part (user:password at host), and in the
path and the query (e.g. access tokens).
This attack can be carried out remotely (over the LAN) since proxy settings
allow ``Detect Proxy Configuration Automatically''
This setting uses WPAD to retrieve the PAC file, and an attacker who has access
to the victim's LAN can interfere with the WPAD protocols (DHCP/DNS+HTTP)
and inject his/her own malicious PAC instead of the legitimate one.
Reviewed by: mat, rakuco
Approved by: rakuco (mentor), mat (mentor)
Obtained from: https://marc.info/?l=kde-announce&m=148831226706885&w=2
Security: CVE-2017-6410
Differential Revision: https://reviews.freebsd.org/D9908
Centralize all cmake/modules/FindHUNSPELL.cmake patches in one file.
While here, note that the addition of hunspell-1.6 was done upstream too.
Approved by: ports-secteam (junovitch), rakuco (mentor)
Added:
branches/2017Q1/devel/kf5-kio/files/
- copied from r435896, head/devel/kf5-kio/files/
branches/2017Q1/x11/kdelibs4/files/patch-cmake_modules_FindHUNSPELL.cmake
- copied unchanged from r431563, head/x11/kdelibs4/files/patch-cmake_modules_FindHUNSPELL.cmake
branches/2017Q1/x11/kdelibs4/files/patch-git_1804c2f_cve-2017-6410
- copied unchanged from r435896, head/x11/kdelibs4/files/patch-git_1804c2f_cve-2017-6410
Deleted:
branches/2017Q1/x11/kdelibs4/files/patch-git_2ab2745
branches/2017Q1/x11/kdelibs4/files/patch-z-cmake_modules_FindHUNSPELL.cmake
Modified:
branches/2017Q1/devel/kf5-kio/Makefile
branches/2017Q1/x11/kdelibs4/Makefile
Directory Properties:
branches/2017Q1/ (props changed)
Modified: branches/2017Q1/devel/kf5-kio/Makefile
==============================================================================
--- branches/2017Q1/devel/kf5-kio/Makefile Sat Mar 25 20:29:13 2017 (r436914)
+++ branches/2017Q1/devel/kf5-kio/Makefile Sat Mar 25 20:39:45 2017 (r436915)
@@ -3,6 +3,7 @@
PORTNAME= kio
PORTVERSION= ${KDE_FRAMEWORKS_VERSION}
+PORTREVISION= 1
CATEGORIES= devel kde kde-frameworks
MAINTAINER= kde at FreeBSD.org
Modified: branches/2017Q1/x11/kdelibs4/Makefile
==============================================================================
--- branches/2017Q1/x11/kdelibs4/Makefile Sat Mar 25 20:29:13 2017 (r436914)
+++ branches/2017Q1/x11/kdelibs4/Makefile Sat Mar 25 20:39:45 2017 (r436915)
@@ -3,7 +3,7 @@
PORTNAME= kdelibs
PORTVERSION= ${KDE4_KDELIBS_VERSION}
-PORTREVISION= 9
+PORTREVISION= 10
CATEGORIES= x11 kde
MASTER_SITES= KDE/${KDE4_APPLICATIONS_BRANCH}/applications/${KDE4_APPLICATIONS_VERSION}/src
DIST_SUBDIR= KDE/${PORTVERSION}
Copied: branches/2017Q1/x11/kdelibs4/files/patch-cmake_modules_FindHUNSPELL.cmake (from r431563, head/x11/kdelibs4/files/patch-cmake_modules_FindHUNSPELL.cmake)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q1/x11/kdelibs4/files/patch-cmake_modules_FindHUNSPELL.cmake Sat Mar 25 20:39:45 2017 (r436915, copy of r431563, head/x11/kdelibs4/files/patch-cmake_modules_FindHUNSPELL.cmake)
@@ -0,0 +1,27 @@
+Includes the following two upstream commits:
+
+commit c828f8592fcfd6c2a66ebc18a826de38d6a2fef2
+Author: Pino Toscano <pino at kde.org>
+Date: Sat Dec 31 12:08:59 2016 +0100
+
+ cmake: look for hunspell-1.6 as well
+
+commit 2ab2745eb01f73355c490ac8d5d1837dec84fd6c
+Author: Wolfgang Bauer <wbauer at tmo.at>
+Date: Thu Oct 20 15:51:29 2016 +0200
+
+ Support newer hunspell versions in FindHUNSPELL.cmake
+
+ REVIEW: 128600
+
+--- cmake/modules/FindHUNSPELL.cmake
++++ cmake/modules/FindHUNSPELL.cmake
+@@ -14,7 +14,7 @@ ENDIF (HUNSPELL_INCLUDE_DIR AND HUNSPELL_LIBRARIES)
+
+ FIND_PATH(HUNSPELL_INCLUDE_DIR hunspell/hunspell.hxx )
+
+-FIND_LIBRARY(HUNSPELL_LIBRARIES NAMES hunspell-1.3 hunspell-1.2)
++FIND_LIBRARY(HUNSPELL_LIBRARIES NAMES hunspell-2.0 hunspell-1.6 hunspell-1.5 hunspell-1.4 hunspell-1.3 hunspell-1.2)
+
+ # handle the QUIETLY and REQUIRED arguments and set HUNSPELL_FOUND to TRUE if
+ # all listed variables are TRUE
Copied: branches/2017Q1/x11/kdelibs4/files/patch-git_1804c2f_cve-2017-6410 (from r435896, head/x11/kdelibs4/files/patch-git_1804c2f_cve-2017-6410)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q1/x11/kdelibs4/files/patch-git_1804c2f_cve-2017-6410 Sat Mar 25 20:39:45 2017 (r436915, copy of r435896, head/x11/kdelibs4/files/patch-git_1804c2f_cve-2017-6410)
@@ -0,0 +1,39 @@
+From 1804c2fde7bf4e432c6cf5bb8cce5701c7010559 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid at kde.org>
+Date: Tue, 28 Feb 2017 19:08:50 +0100
+Subject: [PATCH] Sanitize URLs before passing them to FindProxyForURL
+
+Remove user/password information
+For https: remove path and query
+
+Backport from kio f9d0cb47cf94e209f6171ac0e8d774e68156a6e4
+---
+ kio/misc/kpac/script.cpp | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/kio/misc/kpac/script.cpp b/kio/misc/kpac/script.cpp
+index a595301307..9ab360a0b5 100644
+--- kio/misc/kpac/script.cpp
++++ kio/misc/kpac/script.cpp
+@@ -754,9 +754,16 @@ namespace KPAC
+ }
+ }
+
++ KUrl cleanUrl = url;
++ cleanUrl.setUserInfo(QString());
++ if (cleanUrl.scheme().toLower() == QLatin1String("https")) {
++ cleanUrl.setPath(QString());
++ cleanUrl.setQuery(QString());
++ }
++
+ QScriptValueList args;
+- args << url.url();
+- args << url.host();
++ args << cleanUrl.url();
++ args << cleanUrl.host();
+
+ QScriptValue result = func.call(QScriptValue(), args);
+ if (result.isError()) {
+--
+2.11.1
+
More information about the svn-ports-all
mailing list