pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q1]: pkgsrc/www/kdewebdev3 Pullup ticket 474 - requested b...
details: https://anonhg.NetBSD.org/pkgsrc/rev/9c2003fce301
branches: pkgsrc-2005Q1
changeset: 491000:9c2003fce301
user: salo <salo%pkgsrc.org@localhost>
date: Sun May 01 17:36:58 2005 +0000
description:
Pullup ticket 474 - requested by Mark Davies
security fix for kdewebdev3
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: drochner
Date: Tue Apr 26 19:01:28 UTC 2005
Modified Files:
pkgsrc/www/kdewebdev3: Makefile distinfo
Added Files:
pkgsrc/www/kdewebdev3/patches: patch-ab
Log Message:
add a patch from KDE:
http://www.kde.org/info/security/advisory-20050420-1.txt
to fix untrusted code execution (CAN-2005-0754)
bump PKGREVISION
diffstat:
www/kdewebdev3/Makefile | 3 ++-
www/kdewebdev3/distinfo | 3 ++-
www/kdewebdev3/patches/patch-ab | 40 ++++++++++++++++++++++++++++++++++++++++
3 files changed, 44 insertions(+), 2 deletions(-)
diffs (68 lines):
diff -r 776c28ee5533 -r 9c2003fce301 www/kdewebdev3/Makefile
--- a/www/kdewebdev3/Makefile Sat Apr 30 05:36:27 2005 +0000
+++ b/www/kdewebdev3/Makefile Sun May 01 17:36:58 2005 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.4 2004/12/10 06:07:49 markd Exp $
+# $NetBSD: Makefile,v 1.4.4.1 2005/05/01 17:36:58 salo Exp $
DISTNAME= kdewebdev-${_KDE_VERSION}
+PKGREVISION= 1
CATEGORIES= www
COMMENT= HTML editor and tools suitable for experienced web developers
diff -r 776c28ee5533 -r 9c2003fce301 www/kdewebdev3/distinfo
--- a/www/kdewebdev3/distinfo Sat Apr 30 05:36:27 2005 +0000
+++ b/www/kdewebdev3/distinfo Sun May 01 17:36:58 2005 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.4 2005/02/24 14:08:33 wiz Exp $
+$NetBSD: distinfo,v 1.4.2.1 2005/05/01 17:36:58 salo Exp $
SHA1 (kdewebdev-3.3.2.tar.bz2) = 9046409534d1ebd9bd692a02cc1b5a5c259cfe63
RMD160 (kdewebdev-3.3.2.tar.bz2) = 2187fce40c3d31f49f88906a447f218c1b322259
Size (kdewebdev-3.3.2.tar.bz2) = 4797649 bytes
SHA1 (patch-aa) = 9268bdb93739a1b4b9dc7cb2d03acd860c05788f
+SHA1 (patch-ab) = 35c20f0769da688f0ba7e0d104783854701fd0bd
diff -r 776c28ee5533 -r 9c2003fce301 www/kdewebdev3/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/kdewebdev3/patches/patch-ab Sun May 01 17:36:58 2005 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-ab,v 1.1.2.1 2005/05/01 17:36:58 salo Exp $
+
+--- kommander/executor/instance.cpp.orig 2004-08-05 21:28:57.000000000 +0200
++++ kommander/executor/instance.cpp 2005-05-01 07:14:52.000000000 +0200
+@@ -131,6 +131,35 @@
+
+ bool Instance::run(QFile *a_file)
+ {
++ // Check whether extension is *.kmdr
++ if (!m_uiFileName.fileName().endsWith(".kmdr")) {
++ KMessageBox::error(0, i18n("<qt>This file does not have a <b>.kmdr</b> extension. As a security precaution "
++ "Kommander will only run Kommander scripts with a clear identity.</qt>"),
++ i18n("Wrong Extension"));
++ return false;
++ }
++
++ // Check whether file is not in some temporary directory.
++ QStringList tmpDirs = KGlobal::dirs()->resourceDirs("tmp");
++ tmpDirs += KGlobal::dirs()->resourceDirs("cache");
++ tmpDirs.append("/tmp/");
++ tmpDirs.append("/var/tmp/");
++
++ bool inTemp = false;
++ for (QStringList::ConstIterator I = tmpDirs.begin(); I != tmpDirs.end(); ++I)
++ if (m_uiFileName.directory().startsWith(*I))
++ inTemp = true;
++
++ if (inTemp)
++ {
++ if (KMessageBox::warningYesNo(0, i18n("<qt>This dialog is running from your <i>/tmp</i> directory. "
++ " This may mean that it was run from a KMail attachment or from a webpage. "
++ "<p>Any script contained in this dialog will have write access to all of your home directory; "
++ "<b>running such dialogs may be dangerous: </b>"
++ "<p>are you sure you want to continue?</qt>")) == KMessageBox::No)
++ return false;
++ }
++
+ /* add runtime arguments */
+ if (m_cmdArguments) {
+ QString args;
Home |
Main Index |
Thread Index |
Old Index