diff options
| author | markd <markd> | 2005-01-05 10:36:23 +0000 |
|---|---|---|
| committer | markd <markd> | 2005-01-05 10:36:23 +0000 |
| commit | e3b5e97e2cdbf85dbf6a6a0b175ad0b25a6881c9 (patch) | |
| tree | a4b9e4f49ccbaabca7c309d2dc95f106e1275052 /x11 | |
| parent | 8775c8b9dc384045ca5a047de50fc47ebf2a8c6b (diff) | |
| download | pkgsrc-e3b5e97e2cdbf85dbf6a6a0b175ad0b25a6881c9.tar.gz | |
The FTP kioslave can be misused to execute any ftp command on the
server or be a vector for sending out unsolicited email.
http://www.kde.org/info/security/advisory-20050101-1.txt
Bump PKGREVISION.
Diffstat (limited to 'x11')
| -rw-r--r-- | x11/kdelibs3/Makefile | 4 | ||||
| -rw-r--r-- | x11/kdelibs3/distinfo | 3 | ||||
| -rw-r--r-- | x11/kdelibs3/patches/patch-aq | 19 |
3 files changed, 23 insertions, 3 deletions
diff --git a/x11/kdelibs3/Makefile b/x11/kdelibs3/Makefile index a1f55b262e9..8b222c4505d 100644 --- a/x11/kdelibs3/Makefile +++ b/x11/kdelibs3/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.74 2005/01/05 10:27:43 markd Exp $ +# $NetBSD: Makefile,v 1.75 2005/01/05 10:36:23 markd Exp $ DISTNAME= kdelibs-${_KDE_VERSION} -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= x11 COMMENT= Support libraries for the KDE integrated X11 desktop diff --git a/x11/kdelibs3/distinfo b/x11/kdelibs3/distinfo index 41d251cfbfa..001dadec9e7 100644 --- a/x11/kdelibs3/distinfo +++ b/x11/kdelibs3/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.47 2005/01/05 10:27:43 markd Exp $ +$NetBSD: distinfo,v 1.48 2005/01/05 10:36:23 markd Exp $ SHA1 (kdelibs-3.3.2.tar.bz2) = 69325b603375d31d4d537955383f4893e4a7945f Size (kdelibs-3.3.2.tar.bz2) = 15623180 bytes @@ -10,6 +10,7 @@ SHA1 (patch-ag) = e471fdf5428e0f515ef3fe5427622854886ef952 SHA1 (patch-an) = 0fccfa014212073f235945732ef3a3329756f9b5 SHA1 (patch-ao) = 5cc9be57db26a2615ae9c982eb2b894c2c193e6b SHA1 (patch-ap) = bd0aa3b4a4b56cd74b674ce191b48268adecc8b9 +SHA1 (patch-aq) = 0cbe989b24378a2f0218f6a32328ce56aa812de4 SHA1 (patch-bc) = 434a48d290aa9716b8c6e372419460ebd33cf8ea SHA1 (patch-bd) = 172e1146d4e1e49a1a61d7ddc415dbfa4e5c4088 SHA1 (patch-bu) = 65aca46f30be04c0d8177498eac149437b21ba56 diff --git a/x11/kdelibs3/patches/patch-aq b/x11/kdelibs3/patches/patch-aq new file mode 100644 index 00000000000..1b06efba3a4 --- /dev/null +++ b/x11/kdelibs3/patches/patch-aq @@ -0,0 +1,19 @@ +$NetBSD: patch-aq,v 1.7 2005/01/05 10:36:23 markd Exp $ + +--- kioslave/ftp/ftp.cc.orig 2004-10-03 20:40:52.000000000 +1300 ++++ kioslave/ftp/ftp.cc +@@ -751,6 +751,14 @@ bool Ftp::ftpSendCmd( const QCString& cm + { + assert(m_control != NULL); // must have control connection socket + ++ if ( cmd.find( '\r' ) != -1 || cmd.find( '\n' ) != -1) ++ { ++ kdWarning(7102) << "Invalid command received (contains CR or LF): " ++ << cmd.data() << endl; ++ error( ERR_UNSUPPORTED_ACTION, m_host ); ++ return false; ++ } ++ + // Don't print out the password... + bool isPassCmd = (cmd.left(4).lower() == "pass"); + if ( !isPassCmd ) |