From a0966354d0d94a965f2ca23d0b6a68898ff2d10e Mon Sep 17 00:00:00 2001
From: markd <markd@pkgsrc.org>
Date: Thu, 17 Mar 2005 09:46:36 +0000
Subject: Fix some security issues with dcop, docpidlng and IDN's in Konqueror.
 See  http://www.kde.org/info/security/advisory-20050316-1.txt     
 http://www.kde.org/info/security/advisory-20050316-2.txt     
 http://www.kde.org/info/security/advisory-20050316-3.txt Bump PKGREVISION.

---
 x11/kdelibs3/Makefile         |  4 +--
 x11/kdelibs3/distinfo         |  8 ++++-
 x11/kdelibs3/patches/patch-ch | 76 +++++++++++++++++++++++++++++++++++++++++++
 x11/kdelibs3/patches/patch-ci | 13 ++++++++
 x11/kdelibs3/patches/patch-cj | 26 +++++++++++++++
 x11/kdelibs3/patches/patch-ck | 13 ++++++++
 x11/kdelibs3/patches/patch-cl | 37 +++++++++++++++++++++
 x11/kdelibs3/patches/patch-cm | 23 +++++++++++++
 8 files changed, 197 insertions(+), 3 deletions(-)
 create mode 100644 x11/kdelibs3/patches/patch-ch
 create mode 100644 x11/kdelibs3/patches/patch-ci
 create mode 100644 x11/kdelibs3/patches/patch-cj
 create mode 100644 x11/kdelibs3/patches/patch-ck
 create mode 100644 x11/kdelibs3/patches/patch-cl
 create mode 100644 x11/kdelibs3/patches/patch-cm

(limited to 'x11')

diff --git a/x11/kdelibs3/Makefile b/x11/kdelibs3/Makefile
index 88944d3fb3f..b485fbb017d 100644
--- a/x11/kdelibs3/Makefile
+++ b/x11/kdelibs3/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.77 2005/03/06 12:48:09 markd Exp $
+# $NetBSD: Makefile,v 1.78 2005/03/17 09:46:36 markd Exp $
 
 DISTNAME=	kdelibs-${_KDE_VERSION}
-PKGREVISION=	7
+PKGREVISION=	8
 CATEGORIES=	x11
 COMMENT=	Support libraries for the KDE integrated X11 desktop
 
diff --git a/x11/kdelibs3/distinfo b/x11/kdelibs3/distinfo
index 8f7d438e4d0..71d47f36e29 100644
--- a/x11/kdelibs3/distinfo
+++ b/x11/kdelibs3/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.50 2005/03/06 12:48:09 markd Exp $
+$NetBSD: distinfo,v 1.51 2005/03/17 09:46:36 markd Exp $
 
 SHA1 (kdelibs-3.3.2.tar.bz2) = 69325b603375d31d4d537955383f4893e4a7945f
 RMD160 (kdelibs-3.3.2.tar.bz2) = 66d8bf05cff7aaf875a640a08b1a259085385036
@@ -21,3 +21,9 @@ SHA1 (patch-cc) = d52e3beff19ed287a4635c8da5ab7a69a8e3c0f3
 SHA1 (patch-ce) = e9f7a348b0e4be1475ba8f56a8b474f139eb7781
 SHA1 (patch-cf) = 0409b64ee00f355bfc2056e596b519a241fcf522
 SHA1 (patch-cg) = 7954707b14994d6ed78d36bb4f6aa0b249fa6772
+SHA1 (patch-ch) = e374704c7091622a97bae729f40ec405c4ba9c68
+SHA1 (patch-ci) = 2b323c2cc762ba18b41815c37c8d1a1647ffd6ed
+SHA1 (patch-cj) = 7884472b4faff1152ed0b60aa99c5c4160a7d7d9
+SHA1 (patch-ck) = 74385ed9563c6d28874a230a4ff38ac8786ade5e
+SHA1 (patch-cl) = 92a3dc086cc706a79f1f3dfe7568fcd1f1fb8dce
+SHA1 (patch-cm) = 56663d0a1c0fa1174ba2f31ed0373add6f838deb
diff --git a/x11/kdelibs3/patches/patch-ch b/x11/kdelibs3/patches/patch-ch
new file mode 100644
index 00000000000..f636954deaa
--- /dev/null
+++ b/x11/kdelibs3/patches/patch-ch
@@ -0,0 +1,76 @@
+$NetBSD: patch-ch,v 1.1 2005/03/17 09:46:36 markd Exp $
+
+--- kdecore/network/kresolver.cpp.orig	2004-11-29 06:30:44.000000000 +1300
++++ kdecore/network/kresolver.cpp
+@@ -32,6 +32,7 @@
+ #include <time.h>
+ #include <arpa/inet.h>
+ #include <netinet/in.h>
++#include <stdlib.h>
+ 
+ // Qt includes
+ #include <qapplication.h>
+@@ -298,6 +299,9 @@ void KResolverResults::virtual_hook( int
+ ///////////////////////
+ // class KResolver
+ 
++QStringList *KResolver::idnDomains = 0;
++
++
+ // default constructor
+ KResolver::KResolver(QObject *parent, const char *name)
+   : QObject(parent, name), d(new KResolverPrivate(this))
+@@ -885,10 +889,21 @@ QStrList KResolver::serviceName(int port
+ static QStringList splitLabels(const QString& unicodeDomain);
+ static QCString ToASCII(const QString& label);
+ static QString ToUnicode(const QString& label);
+-  
++
++static QStringList *KResolver_initIdnDomains()
++{
++  const char *kde_use_idn = getenv("KDE_USE_IDN");
++  if (!kde_use_idn)
++     kde_use_idn = "at:ch:cn:de:dk:kr:jp:li:no:se:tw";
++  return new QStringList(QStringList::split(':', QString::fromLatin1(kde_use_idn).lower()));
++}
++
+ // implement the ToAscii function, as described by IDN documents
+ QCString KResolver::domainToAscii(const QString& unicodeDomain)
+ {
++  if (!idnDomains)
++    idnDomains = KResolver_initIdnDomains();
++
+   QCString retval;
+   // RFC 3490, section 4 describes the operation:
+   // 1) this is a query, so don't allow unassigned
+@@ -897,6 +912,10 @@ QCString KResolver::domainToAscii(const 
+   // separators.
+   QStringList input = splitLabels(unicodeDomain);
+ 
++  // Do we allow IDN names for this TLD?
++  if (input.count() && !idnDomains->contains(input[input.count()-1].lower()))
++    return unicodeDomain.lower().latin1(); // No IDN allowed for this TLD
++
+   // 3) decide whether to enforce the STD3 rules for chars < 0x7F
+   // we don't enforce
+ 
+@@ -928,6 +947,8 @@ QString KResolver::domainToUnicode(const
+ {
+   if (asciiDomain.isEmpty())
+     return asciiDomain;
++  if (!idnDomains)
++    idnDomains = KResolver_initIdnDomains();
+ 
+   QString retval;
+ 
+@@ -939,6 +960,10 @@ QString KResolver::domainToUnicode(const
+   // separators.
+   QStringList input = splitLabels(asciiDomain);
+ 
++  // Do we allow IDN names for this TLD?
++  if (input.count() && !idnDomains->contains(input[input.count()-1].lower()))
++    return asciiDomain.lower(); // No TLDs allowed
++
+   // 3) decide whether to enforce the STD3 rules for chars < 0x7F
+   // we don't enforce
+ 
diff --git a/x11/kdelibs3/patches/patch-ci b/x11/kdelibs3/patches/patch-ci
new file mode 100644
index 00000000000..6d728fc5d82
--- /dev/null
+++ b/x11/kdelibs3/patches/patch-ci
@@ -0,0 +1,13 @@
+$NetBSD: patch-ci,v 1.1 2005/03/17 09:46:36 markd Exp $
+
+--- kdecore/network/kresolver.h.orig	2004-07-18 07:22:34.000000000 +1200
++++ kdecore/network/kresolver.h
+@@ -926,6 +926,8 @@ private:
+   KResolverPrivate* d;
+   friend class KResolverResults;
+   friend class ::KNetwork::Internal::KResolverManager;
++  
++  static QStringList *idnDomains;
+ };
+ 
+ }				// namespace KNetwork
diff --git a/x11/kdelibs3/patches/patch-cj b/x11/kdelibs3/patches/patch-cj
new file mode 100644
index 00000000000..fadcc753900
--- /dev/null
+++ b/x11/kdelibs3/patches/patch-cj
@@ -0,0 +1,26 @@
+$NetBSD: patch-cj,v 1.1 2005/03/17 09:46:36 markd Exp $
+
+--- kio/kssl/ksslpeerinfo.cc.orig	2003-06-02 19:05:20.000000000 +1200
++++ kio/kssl/ksslpeerinfo.cc
+@@ -30,6 +30,9 @@
+ #include <ksockaddr.h>
+ #include <kextsock.h>
+ #include <netsupp.h>
++#ifndef Q_WS_WIN //TODO kresolver not ported
++#include "network/kresolver.h"
++#endif
+ 
+ #include "ksslx509map.h"
+ 
+@@ -59,7 +62,11 @@ void KSSLPeerInfo::setPeerHost(QString r
+ 	while(d->peerHost.endsWith("."))
+ 		d->peerHost.truncate(d->peerHost.length()-1);
+ 
++#ifdef Q_WS_WIN //TODO kresolver not ported
+ 	d->peerHost = d->peerHost.lower();
++#else	
++	d->peerHost = QString::fromLatin1(KNetwork::KResolver::domainToAscii(d->peerHost));
++#endif	
+ }
+ 
+ bool KSSLPeerInfo::certMatchesAddress() {
diff --git a/x11/kdelibs3/patches/patch-ck b/x11/kdelibs3/patches/patch-ck
new file mode 100644
index 00000000000..131de6f4738
--- /dev/null
+++ b/x11/kdelibs3/patches/patch-ck
@@ -0,0 +1,13 @@
+$NetBSD: patch-ck,v 1.1 2005/03/17 09:46:36 markd Exp $
+
+--- dcop/dcopserver.cpp.orig	2004-08-09 21:25:42.000000000 +1200
++++ dcop/dcopserver.cpp
+@@ -952,7 +952,7 @@ DCOPServer::DCOPServer(bool _suicide)
+ 	}
+ 
+     char errormsg[256];
+-    int orig_umask = umask(0); /*old libICE's don't reset the umask() they set */
++    int orig_umask = umask(077); /*old libICE's don't reset the umask() they set */
+     if (!IceListenForConnections (&numTransports, &listenObjs,
+ 				  256, errormsg))
+ 	{
diff --git a/x11/kdelibs3/patches/patch-cl b/x11/kdelibs3/patches/patch-cl
new file mode 100644
index 00000000000..d4c8cb53df6
--- /dev/null
+++ b/x11/kdelibs3/patches/patch-cl
@@ -0,0 +1,37 @@
+$NetBSD: patch-cl,v 1.1 2005/03/17 09:46:36 markd Exp $
+
+--- dcop/KDE-ICE/Xtranssock.c.orig	2004-06-23 05:36:31.000000000 +1200
++++ dcop/KDE-ICE/Xtranssock.c
+@@ -940,6 +940,7 @@ TRANS(SocketUNIXCreateListener) (XtransC
+ #endif
+ 
+     unlink (sockname.sun_path);
++    (void) umask (oldUmask);
+ 
+     if ((status = TRANS(SocketCreateListener) (ciptr,
+ 	(struct sockaddr *) &sockname, namelen)) < 0)
+@@ -947,7 +948,6 @@ TRANS(SocketUNIXCreateListener) (XtransC
+ 	PRMSG (1,
+     "SocketUNIXCreateListener: ...SocketCreateListener() failed\n",
+ 	    0, 0, 0);
+-	(void) umask (oldUmask);
+ 	return status;
+     }
+ 
+@@ -965,7 +965,6 @@ TRANS(SocketUNIXCreateListener) (XtransC
+         PRMSG (1,
+         "SocketUNIXCreateListener: Can't allocate space for the addr\n",
+ 	    0, 0, 0);
+-	(void) umask (oldUmask);
+         return TRANS_CREATE_LISTENER_FAILED;
+     }
+ 
+@@ -973,8 +972,6 @@ TRANS(SocketUNIXCreateListener) (XtransC
+     ciptr->addrlen = namelen;
+     memcpy (ciptr->addr, &sockname, ciptr->addrlen);
+ 
+-    (void) umask (oldUmask);
+-
+     return 0;
+ }
+ 
diff --git a/x11/kdelibs3/patches/patch-cm b/x11/kdelibs3/patches/patch-cm
new file mode 100644
index 00000000000..d20cd2e0d13
--- /dev/null
+++ b/x11/kdelibs3/patches/patch-cm
@@ -0,0 +1,23 @@
+$NetBSD: patch-cm,v 1.1 2005/03/17 09:46:36 markd Exp $
+
+--- dcop/dcopidlng/dcopidlng.orig	2004-05-23 08:55:01.000000000 +1200
++++ dcop/dcopidlng/dcopidlng
+@@ -1,13 +1,15 @@
+ #!/bin/sh
++
++trap "rm -f dcopidlng.stderr.$$" 0 1 2 15
++
+ if test -z "$KDECONFIG"; then
+     KDECONFIG=kde-config
+ fi
+ LIBDIR="`$KDECONFIG --install data --expandvars`/dcopidlng"
+-perl -I"$LIBDIR" "$LIBDIR/kalyptus" --allow_k_dcop_accessors -f dcopidl $1 2>/tmp/dcopidlng.stderr.$$
++perl -I"$LIBDIR" "$LIBDIR/kalyptus" --allow_k_dcop_accessors -f dcopidl $1 2> dcopidlng.stderr.$$
+ RET=$?
+ if [ $RET -ne 0 ]
+ then
+-   cat /tmp/dcopidlng.stderr.$$ >&2
++   cat dcopidlng.stderr.$$ >&2
+ fi
+-rm /tmp/dcopidlng.stderr.$$
+ exit $RET
-- 
cgit v1.2.3