diff options
Diffstat (limited to 'kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch')
-rw-r--r-- | kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch | 342 |
1 files changed, 0 insertions, 342 deletions
diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch deleted file mode 100644 index 92e255a4007..00000000000 --- a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966-r1.patch +++ /dev/null @@ -1,342 +0,0 @@ -From 2a5142fecf8615ccfa3e7c1f9c088fa6ae5cc2a1 Mon Sep 17 00:00:00 2001 -From: Montel Laurent <montel@kde.org> -Date: Wed, 21 Sep 2016 07:24:30 +0200 -Subject: [PATCH 1/2] Fix very old bug when we remove space in url as "foo - <<url> <url>>" - ---- - autotests/ktexttohtmltest.cpp | 14 ++++++++++++++ - src/lib/text/ktexttohtml.cpp | 14 ++++++++++++-- - 2 files changed, 26 insertions(+), 2 deletions(-) - -diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp -index 474f0ca..8fc0c56 100644 ---- a/autotests/ktexttohtmltest.cpp -+++ b/autotests/ktexttohtmltest.cpp -@@ -30,6 +30,15 @@ QTEST_MAIN(KTextToHTMLTest) - - Q_DECLARE_METATYPE(KTextToHTML::Options) - -+#ifndef Q_OS_WIN -+void initLocale() -+{ -+ setenv("LC_ALL", "en_US.utf-8", 1); -+} -+Q_CONSTRUCTOR_FUNCTION(initLocale) -+#endif -+ -+ - void KTextToHTMLTest::testGetEmailAddress() - { - // empty input -@@ -372,6 +381,11 @@ void KTextToHTMLTest::testHtmlConvert_data() - QTest::newRow("url-in-parenthesis-3") << "bla (http://www.kde.org - section 5.2)" - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) - << "bla (<a href=\"http://www.kde.org\">http://www.kde.org</a> - section 5.2)"; -+ -+ // Fix url as foo <<url> <url>> when we concatened them. -+ QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>"; - } - - -diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp -index 8ed923d..b181f56 100644 ---- a/src/lib/text/ktexttohtml.cpp -+++ b/src/lib/text/ktexttohtml.cpp -@@ -228,11 +228,19 @@ QString KTextToHTMLHelper::getUrl() - - url.reserve(mMaxUrlLen); // avoid allocs - int start = mPos; -+ bool previousCharIsSpace = false; - while ((mPos < mText.length()) && - (mText[mPos].isPrint() || mText[mPos].isSpace()) && - ((afterUrl.isNull() && !mText[mPos].isSpace()) || - (!afterUrl.isNull() && mText[mPos] != afterUrl))) { -- if (!mText[mPos].isSpace()) { // skip whitespace -+ if (mText[mPos].isSpace()) { -+ previousCharIsSpace = true; -+ } else { // skip whitespace -+ if (previousCharIsSpace && mText[mPos] == QLatin1Char('<')) { -+ url.append(QLatin1Char(' ')); -+ break; -+ } -+ previousCharIsSpace = false; - url.append(mText[mPos]); - if (url.length() > mMaxUrlLen) { - break; -@@ -267,7 +275,6 @@ QString KTextToHTMLHelper::getUrl() - } - } while (url.length() > 1); - } -- - return url; - } - -@@ -334,6 +341,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: - QChar ch; - int x; - bool startOfLine = true; -+ //qDebug()<<" plainText"<<plainText; - - for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length(); - ++helper.mPos, ++x) { -@@ -402,6 +410,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: - const int start = helper.mPos; - if (!(flags & IgnoreUrls)) { - str = helper.getUrl(); -+ //qDebug()<<" str"<<str; - if (!str.isEmpty()) { - QString hyperlink; - if (str.left(4) == QLatin1String("www.")) { -@@ -455,6 +464,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: - - result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude); - } -+ //qDebug()<<" result "<<result; - - return result; - } --- -2.7.3 - -From aa9281b7f95ce970603645d79f6f275d1ae7d2ed Mon Sep 17 00:00:00 2001 -From: Montel Laurent <montel@kde.org> -Date: Fri, 30 Sep 2016 13:21:45 +0200 -Subject: [PATCH 2/2] Don't convert as url an url which has a " - ---- - autotests/ktexttohtmltest.cpp | 6 ++++++ - src/lib/text/ktexttohtml.cpp | 25 +++++++++++++++++++------ - src/lib/text/ktexttohtml_p.h | 2 +- - 3 files changed, 26 insertions(+), 7 deletions(-) - -diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp -index 8fc0c56..c5690e8 100644 ---- a/autotests/ktexttohtmltest.cpp -+++ b/autotests/ktexttohtmltest.cpp -@@ -386,6 +386,12 @@ void KTextToHTMLTest::testHtmlConvert_data() - QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>" - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) - << "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>"; -+ -+ //Fix url exploit -+ QTest::newRow("url-exec-html") << "https://\"><!--" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "https://\"><!--"; -+ - } - - -diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp -index b181f56..09b2483 100644 ---- a/src/lib/text/ktexttohtml.cpp -+++ b/src/lib/text/ktexttohtml.cpp -@@ -156,7 +156,6 @@ bool KTextToHTMLHelper::atUrl() - (allowedSpecialChars.indexOf(mText[mPos - 1]) != -1))) { - return false; - } -- - QChar ch = mText[mPos]; - return - (ch == QLatin1Char('h') && (mText.mid(mPos, 7) == QLatin1String("http://") || -@@ -192,7 +191,7 @@ bool KTextToHTMLHelper::isEmptyUrl(const QString &url) - url == QLatin1String("news://"); - } - --QString KTextToHTMLHelper::getUrl() -+QString KTextToHTMLHelper::getUrl(bool *badurl) - { - QString url; - if (atUrl()) { -@@ -229,6 +228,7 @@ QString KTextToHTMLHelper::getUrl() - url.reserve(mMaxUrlLen); // avoid allocs - int start = mPos; - bool previousCharIsSpace = false; -+ bool previousCharIsADoubleQuote = false; - while ((mPos < mText.length()) && - (mText[mPos].isPrint() || mText[mPos].isSpace()) && - ((afterUrl.isNull() && !mText[mPos].isSpace()) || -@@ -241,6 +241,18 @@ QString KTextToHTMLHelper::getUrl() - break; - } - previousCharIsSpace = false; -+ if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) { -+ //it's an invalid url -+ if (badurl) { -+ *badurl = true; -+ } -+ return QString(); -+ } -+ if (mText[mPos] == QLatin1Char('"')) { -+ previousCharIsADoubleQuote = true; -+ } else { -+ previousCharIsADoubleQuote = false; -+ } - url.append(mText[mPos]); - if (url.length() > mMaxUrlLen) { - break; -@@ -341,7 +353,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: - QChar ch; - int x; - bool startOfLine = true; -- //qDebug()<<" plainText"<<plainText; - - for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length(); - ++helper.mPos, ++x) { -@@ -409,8 +420,11 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: - } else { - const int start = helper.mPos; - if (!(flags & IgnoreUrls)) { -- str = helper.getUrl(); -- //qDebug()<<" str"<<str; -+ bool badUrl = false; -+ str = helper.getUrl(&badUrl); -+ if (badUrl) { -+ return helper.mText; -+ } - if (!str.isEmpty()) { - QString hyperlink; - if (str.left(4) == QLatin1String("www.")) { -@@ -464,7 +478,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: - - result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude); - } -- //qDebug()<<" result "<<result; - - return result; - } -diff --git a/src/lib/text/ktexttohtml_p.h b/src/lib/text/ktexttohtml_p.h -index 74ad7a0..fc43613 100644 ---- a/src/lib/text/ktexttohtml_p.h -+++ b/src/lib/text/ktexttohtml_p.h -@@ -49,7 +49,7 @@ public: - QString getEmailAddress(); - bool atUrl(); - bool isEmptyUrl(const QString &url); -- QString getUrl(); -+ QString getUrl(bool *badurl = Q_NULLPTR); - QString pngToDataUrl(const QString &pngPath); - QString highlightedText(); - --- -2.7.3 - -From a06cef31cc4c908bc9b76bd9d103fe9c60e0953f Mon Sep 17 00:00:00 2001 -From: Montel Laurent <montel@kde.org> -Date: Tue, 11 Oct 2016 11:11:08 +0200 -Subject: [PATCH] Add more autotests - ---- - autotests/ktexttohtmltest.cpp | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp -index c5690e8..0179a00 100644 ---- a/autotests/ktexttohtmltest.cpp -+++ b/autotests/ktexttohtmltest.cpp -@@ -392,6 +392,21 @@ void KTextToHTMLTest::testHtmlConvert_data() - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) - << "https://\"><!--"; - -+ QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "https://192.168.1.1:\"><!--"; -+ -+ QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "https://<IP>:\"><!--"; -+ -+ QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "https://<IP>:/\"><!--"; -+ -+ QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "https://<IP>:/\"><script>alert(1);</script><!--"; - } - - --- -2.7.3 - -From 5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a Mon Sep 17 00:00:00 2001 -From: Montel Laurent <montel@kde.org> -Date: Tue, 11 Oct 2016 11:40:10 +0200 -Subject: [PATCH] Display bad url - ---- - autotests/ktexttohtmltest.cpp | 14 +++++++++----- - src/lib/text/ktexttohtml.cpp | 18 +++++++++++++++++- - 2 files changed, 26 insertions(+), 6 deletions(-) - -diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp -index 0179a00..ccac29a 100644 ---- a/autotests/ktexttohtmltest.cpp -+++ b/autotests/ktexttohtmltest.cpp -@@ -390,23 +390,27 @@ void KTextToHTMLTest::testHtmlConvert_data() - //Fix url exploit - QTest::newRow("url-exec-html") << "https://\"><!--" - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -- << "https://\"><!--"; -+ << "https://"><!--"; - - QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--" - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -- << "https://192.168.1.1:\"><!--"; -+ << "https://192.168.1.1:"><!--"; - - QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--" - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -- << "https://<IP>:\"><!--"; -+ << "https://<IP>:"><!--"; - - QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--" - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -- << "https://<IP>:/\"><!--"; -+ << "https://<IP>:/"><!--"; - - QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--" - << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -- << "https://<IP>:/\"><script>alert(1);</script><!--"; -+ << "https://<IP>:/"><script>alert(1);</script><!--"; -+ -+ QTest::newRow("url-exec-html-6") << "https://<IP>:/\"><script>alert(1);</script><!--\nTest2" -+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) -+ << "https://<IP>:/"><script>alert(1);</script><!--\nTest2"; - } - - -diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp -index 97c5eab..30e0b5d 100644 ---- a/src/lib/text/ktexttohtml.cpp -+++ b/src/lib/text/ktexttohtml.cpp -@@ -423,7 +423,23 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: - bool badUrl = false; - str = helper.getUrl(&badUrl); - if (badUrl) { -- return helper.mText; -+ QString resultBadUrl; -+ const int helperTextSize(helper.mText.count()); -+ for (int i = 0; i < helperTextSize; ++i) { -+ const QChar chBadUrl = helper.mText[i]; -+ if (chBadUrl == QLatin1Char('&')) { -+ resultBadUrl += QLatin1String("&"); -+ } else if (chBadUrl == QLatin1Char('"')) { -+ resultBadUrl += QLatin1String("""); -+ } else if (chBadUrl == QLatin1Char('<')) { -+ resultBadUrl += QLatin1String("<"); -+ } else if (chBadUrl == QLatin1Char('>')) { -+ resultBadUrl += QLatin1String(">"); -+ } else { -+ resultBadUrl += chBadUrl; -+ } -+ } -+ return resultBadUrl; - } - if (!str.isEmpty()) { - QString hyperlink; --- -2.7.3 - |