diff options
author | salo <salo@pkgsrc.org> | 2005-05-01 17:36:58 +0000 |
---|---|---|
committer | salo <salo@pkgsrc.org> | 2005-05-01 17:36:58 +0000 |
commit | 05fa643025d6dcfc3d0032e9adc64450bd6c5e92 (patch) | |
tree | c65b768335bcd6a0d4cad769a88426db5c96e28b /www | |
parent | 0e9a55a8a6f4a50e1d4a17826e4aa2ad9d51b480 (diff) | |
download | pkgsrc-05fa643025d6dcfc3d0032e9adc64450bd6c5e92.tar.gz |
Pullup ticket 474 - requested by Mark Davies
security fix for kdewebdev3
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: drochner
Date: Tue Apr 26 19:01:28 UTC 2005
Modified Files:
pkgsrc/www/kdewebdev3: Makefile distinfo
Added Files:
pkgsrc/www/kdewebdev3/patches: patch-ab
Log Message:
add a patch from KDE:
http://www.kde.org/info/security/advisory-20050420-1.txt
to fix untrusted code execution (CAN-2005-0754)
bump PKGREVISION
Diffstat (limited to 'www')
-rw-r--r-- | www/kdewebdev3/Makefile | 3 | ||||
-rw-r--r-- | www/kdewebdev3/distinfo | 3 | ||||
-rw-r--r-- | www/kdewebdev3/patches/patch-ab | 40 |
3 files changed, 44 insertions, 2 deletions
diff --git a/www/kdewebdev3/Makefile b/www/kdewebdev3/Makefile index ac7a127747d..f7580247693 100644 --- a/www/kdewebdev3/Makefile +++ b/www/kdewebdev3/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.4 2004/12/10 06:07:49 markd Exp $ +# $NetBSD: Makefile,v 1.4.4.1 2005/05/01 17:36:58 salo Exp $ DISTNAME= kdewebdev-${_KDE_VERSION} +PKGREVISION= 1 CATEGORIES= www COMMENT= HTML editor and tools suitable for experienced web developers diff --git a/www/kdewebdev3/distinfo b/www/kdewebdev3/distinfo index 5bcd74f03e2..90082306cb2 100644 --- a/www/kdewebdev3/distinfo +++ b/www/kdewebdev3/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.4 2005/02/24 14:08:33 wiz Exp $ +$NetBSD: distinfo,v 1.4.2.1 2005/05/01 17:36:58 salo Exp $ SHA1 (kdewebdev-3.3.2.tar.bz2) = 9046409534d1ebd9bd692a02cc1b5a5c259cfe63 RMD160 (kdewebdev-3.3.2.tar.bz2) = 2187fce40c3d31f49f88906a447f218c1b322259 Size (kdewebdev-3.3.2.tar.bz2) = 4797649 bytes SHA1 (patch-aa) = 9268bdb93739a1b4b9dc7cb2d03acd860c05788f +SHA1 (patch-ab) = 35c20f0769da688f0ba7e0d104783854701fd0bd diff --git a/www/kdewebdev3/patches/patch-ab b/www/kdewebdev3/patches/patch-ab new file mode 100644 index 00000000000..67dfbcbea33 --- /dev/null +++ b/www/kdewebdev3/patches/patch-ab @@ -0,0 +1,40 @@ +$NetBSD: patch-ab,v 1.1.2.1 2005/05/01 17:36:58 salo Exp $ + +--- kommander/executor/instance.cpp.orig 2004-08-05 21:28:57.000000000 +0200 ++++ kommander/executor/instance.cpp 2005-05-01 07:14:52.000000000 +0200 +@@ -131,6 +131,35 @@ + + bool Instance::run(QFile *a_file) + { ++ // Check whether extension is *.kmdr ++ if (!m_uiFileName.fileName().endsWith(".kmdr")) { ++ KMessageBox::error(0, i18n("<qt>This file does not have a <b>.kmdr</b> extension. As a security precaution " ++ "Kommander will only run Kommander scripts with a clear identity.</qt>"), ++ i18n("Wrong Extension")); ++ return false; ++ } ++ ++ // Check whether file is not in some temporary directory. ++ QStringList tmpDirs = KGlobal::dirs()->resourceDirs("tmp"); ++ tmpDirs += KGlobal::dirs()->resourceDirs("cache"); ++ tmpDirs.append("/tmp/"); ++ tmpDirs.append("/var/tmp/"); ++ ++ bool inTemp = false; ++ for (QStringList::ConstIterator I = tmpDirs.begin(); I != tmpDirs.end(); ++I) ++ if (m_uiFileName.directory().startsWith(*I)) ++ inTemp = true; ++ ++ if (inTemp) ++ { ++ if (KMessageBox::warningYesNo(0, i18n("<qt>This dialog is running from your <i>/tmp</i> directory. " ++ " This may mean that it was run from a KMail attachment or from a webpage. " ++ "<p>Any script contained in this dialog will have write access to all of your home directory; " ++ "<b>running such dialogs may be dangerous: </b>" ++ "<p>are you sure you want to continue?</qt>")) == KMessageBox::No) ++ return false; ++ } ++ + /* add runtime arguments */ + if (m_cmdArguments) { + QString args; |