[SCM] kcoreaddons packaging branch, master, updated. debian/5.26.0-2-3-gd581f93

Sandro Knauß hefee at moszumanska.debian.org
Thu Oct 13 09:58:05 UTC 2016


Gitweb-URL: http://git.debian.org/?p=pkg-kde/frameworks/kcoreaddons.git;a=commitdiff;h=3a75d0b

The following commit has been merged in the master branch:
commit 3a75d0b1e7edd04cb6ae2523a02fa902d3ae44fd
Author: Sandro Knauß <hefee at debian.org>
Date:   Thu Oct 13 11:52:19 2016 +0200

    Additional patches to complete the fix for CVE-2016-7966
---
 debian/changelog                             |  4 ++
 debian/patches/0003-Add-more-autotests.patch | 38 +++++++++++++
 debian/patches/0004-Display-bad-url.patch    | 79 ++++++++++++++++++++++++++++
 debian/patches/series                        |  2 +
 4 files changed, 123 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 24ee2fe..677774d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,9 @@
 kcoreaddons (5.26.0-3~) UNRELEASED; urgency=medium
 
+  [ Sandro Knauß ]
+  * Additional patches to complete the fix for CVE-2016-7966
+    0003-Add-more-autotests.patch
+    0004-Display-bad-url.patch
 
  -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Wed, 12 Oct 2016 23:22:53 +0200
 
diff --git a/debian/patches/0003-Add-more-autotests.patch b/debian/patches/0003-Add-more-autotests.patch
new file mode 100644
index 0000000..0005e12
--- /dev/null
+++ b/debian/patches/0003-Add-more-autotests.patch
@@ -0,0 +1,38 @@
+From a06cef31cc4c908bc9b76bd9d103fe9c60e0953f Mon Sep 17 00:00:00 2001
+From: Montel Laurent <montel at kde.org>
+Date: Tue, 11 Oct 2016 11:11:08 +0200
+Subject: [PATCH 1/2] Add more autotests
+
+---
+ autotests/ktexttohtmltest.cpp | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
+index c5690e8..0179a00 100644
+--- a/autotests/ktexttohtmltest.cpp
++++ b/autotests/ktexttohtmltest.cpp
+@@ -392,6 +392,21 @@ void KTextToHTMLTest::testHtmlConvert_data()
+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+                                << "https://\"><!--";
+ 
++   QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"
++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++                               << "https://192.168.1.1:\"><!--";
++
++   QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"
++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++                               << "https://<IP>:\"><!--";
++
++   QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"
++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++                               << "https://<IP>:/\"><!--";
++
++   QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"
++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++                               << "https://<IP>:/\"><script>alert(1);</script><!--";
+ }
+ 
+ 
+-- 
+2.9.3
+
diff --git a/debian/patches/0004-Display-bad-url.patch b/debian/patches/0004-Display-bad-url.patch
new file mode 100644
index 0000000..72ed74a
--- /dev/null
+++ b/debian/patches/0004-Display-bad-url.patch
@@ -0,0 +1,79 @@
+From 5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a Mon Sep 17 00:00:00 2001
+From: Montel Laurent <montel at kde.org>
+Date: Tue, 11 Oct 2016 11:40:10 +0200
+Subject: [PATCH 2/2] Display bad url
+
+---
+ autotests/ktexttohtmltest.cpp | 14 +++++++++-----
+ src/lib/text/ktexttohtml.cpp  | 18 +++++++++++++++++-
+ 2 files changed, 26 insertions(+), 6 deletions(-)
+
+diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
+index 0179a00..ccac29a 100644
+--- a/autotests/ktexttohtmltest.cpp
++++ b/autotests/ktexttohtmltest.cpp
+@@ -390,23 +390,27 @@ void KTextToHTMLTest::testHtmlConvert_data()
+    //Fix url exploit
+    QTest::newRow("url-exec-html") << "https://\"><!--"
+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+-                               << "https://\"><!--";
++                               << "https://"><!--";
+ 
+    QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"
+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+-                               << "https://192.168.1.1:\"><!--";
++                               << "https://192.168.1.1:"><!--";
+ 
+    QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"
+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+-                               << "https://<IP>:\"><!--";
++                               << "https://<IP>:"><!--";
+ 
+    QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"
+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+-                               << "https://<IP>:/\"><!--";
++                               << "https://<IP>:/"><!--";
+ 
+    QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"
+                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+-                               << "https://<IP>:/\"><script>alert(1);</script><!--";
++                               << "https://<IP>:/"><script>alert(1);</script><!--";
++
++   QTest::newRow("url-exec-html-6") << "https://<IP>:/\"><script>alert(1);</script><!--
Test2"
++                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
++                               << "https://<IP>:/"><script>alert(1);</script><!--
Test2";
+ }
+ 
+ 
+diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
+index 97c5eab..30e0b5d 100644
+--- a/src/lib/text/ktexttohtml.cpp
++++ b/src/lib/text/ktexttohtml.cpp
+@@ -423,7 +423,23 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
+                 bool badUrl = false;
+                 str = helper.getUrl(&badUrl);
+                 if (badUrl) {
+-                    return helper.mText;
++                    QString resultBadUrl;
++                    const int helperTextSize(helper.mText.count());
++                    for (int i = 0; i < helperTextSize; ++i) {
++                        const QChar chBadUrl = helper.mText[i];
++                        if (chBadUrl == QLatin1Char('&')) {
++                            resultBadUrl += QLatin1String("&");
++                        } else if (chBadUrl == QLatin1Char('"')) {
++                            resultBadUrl += QLatin1String(""");
++                        } else if (chBadUrl == QLatin1Char('<')) {
++                            resultBadUrl += QLatin1String("<");
++                        } else if (chBadUrl == QLatin1Char('>')) {
++                            resultBadUrl += QLatin1String(">");
++                        } else {
++                            resultBadUrl += chBadUrl;
++                        }
++                    }
++                    return resultBadUrl;
+                 }
+                 if (!str.isEmpty()) {
+                     QString hyperlink;
+-- 
+2.9.3
+
diff --git a/debian/patches/series b/debian/patches/series
index 8ac2f60..d37aad4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,4 @@
 0001-Fix-very-old-bug-when-we-remove-space-in-url-as-foo-.patch
 0002-Don-t-convert-as-url-an-url-which-has-a.patch
+0003-Add-more-autotests.patch
+0004-Display-bad-url.patch

-- 
kcoreaddons packaging



More information about the pkg-kde-commits mailing list