From 21065e34b68fd2038a269f57007a86b100b3b130 Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Thu, 13 Oct 2011 13:58:18 +0200 Subject: [PATCH] Resolves: bz#743074, CVE-2011-3365, input validation failure in KSSL --- kdelibs-3.5.x-CVE-2011-3365.patch | 111 ++++++++++++++++++++++++++++++ kdelibs3.spec | 8 ++- 2 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 kdelibs-3.5.x-CVE-2011-3365.patch diff --git a/kdelibs-3.5.x-CVE-2011-3365.patch b/kdelibs-3.5.x-CVE-2011-3365.patch new file mode 100644 index 0000000..15c72c4 --- /dev/null +++ b/kdelibs-3.5.x-CVE-2011-3365.patch @@ -0,0 +1,111 @@ +--- kdelibs-3.5.10/kio/kssl/ksslinfodlg.cc 2007-05-14 09:52:36.000000000 +0200 ++++ kdelibs-3.5.10/kio/kssl/ksslinfodlg.cc 2011-10-07 20:38:30.000000000 +0200 +@@ -253,6 +253,14 @@ + layout->addWidget(new QLabel(i18n("%1 bits used of a %2 bit cipher").arg(usedbits).arg(bits), this), 10, 1); + d->m_layout->addMultiCell(layout, 2, 2, 0, 2); + ++ ipl->setTextFormat(Qt::PlainText); ++ urlLabel->setTextFormat(Qt::PlainText); ++ d->_serialNum->setTextFormat(Qt::PlainText); ++ d->_csl->setTextFormat(Qt::PlainText); ++ d->_validFrom->setTextFormat(Qt::PlainText); ++ d->_validUntil->setTextFormat(Qt::PlainText); ++ d->_digest->setTextFormat(Qt::PlainText); ++ + displayCert(cert); + } + +@@ -400,32 +408,32 @@ + if (!(tmp = cert.getValue("O")).isEmpty()) { + label = new QLabel(i18n("Organization:"), _frame); + label->setAlignment(Qt::AlignLeft | Qt::AlignTop); +- new QLabel(tmp, _frame); ++ (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); + } + if (!(tmp = cert.getValue("OU")).isEmpty()) { + label = new QLabel(i18n("Organizational unit:"), _frame); + label->setAlignment(Qt::AlignLeft | Qt::AlignTop); +- new QLabel(tmp, _frame); ++ (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); + } + if (!(tmp = cert.getValue("L")).isEmpty()) { + label = new QLabel(i18n("Locality:"), _frame); + label->setAlignment(Qt::AlignLeft | Qt::AlignTop); +- new QLabel(tmp, _frame); ++ (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); + } + if (!(tmp = cert.getValue("ST")).isEmpty()) { + label = new QLabel(i18n("Federal State","State:"), _frame); + label->setAlignment(Qt::AlignLeft | Qt::AlignTop); +- new QLabel(tmp, _frame); ++ (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); + } + if (!(tmp = cert.getValue("C")).isEmpty()) { + label = new QLabel(i18n("Country:"), _frame); + label->setAlignment(Qt::AlignLeft | Qt::AlignTop); +- new QLabel(tmp, _frame); ++ (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); + } + if (!(tmp = cert.getValue("CN")).isEmpty()) { + label = new QLabel(i18n("Common name:"), _frame); + label->setAlignment(Qt::AlignLeft | Qt::AlignTop); +- new QLabel(tmp, _frame); ++ (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); + } + if (!(tmp = cert.getValue("Email")).isEmpty()) { + label = new QLabel(i18n("Email:"), _frame); +@@ -435,6 +443,7 @@ + connect(mail, SIGNAL(leftClickedURL(const QString &)), mailCatcher, SLOT(mailClicked(const QString &))); + } else { + label = new QLabel(tmp, _frame); ++ label->setTextFormat(Qt::PlainText); + } + } + if (label && viewport()) { +--- kdelibs-3.5.10/kioslave/http/http.cc 2008-02-13 10:41:06.000000000 +0100 ++++ kdelibs-3.5.10-kio_http-qlabel/kioslave/http/http.cc 2011-10-07 21:09:39.000000000 +0200 +@@ -183,6 +183,26 @@ + return sanitizedHeaders.stripWhiteSpace(); + } + ++static QString htmlEscape(const QString &plain) ++{ ++ QString rich; ++ rich.reserve(uint(plain.length() * 1.1)); ++ for (uint i = 0; i < plain.length(); ++i) { ++ if (plain.at(i) == '<') ++ rich += "<"; ++ else if (plain.at(i) == '>') ++ rich += ">"; ++ else if (plain.at(i) == '&') ++ rich += "&"; ++ else if (plain.at(i) == '"') ++ rich += """; ++ else ++ rich += plain.at(i); ++ } ++ rich.squeeze(); ++ return rich; ++} ++ + + #define NO_SIZE ((KIO::filesize_t) -1) + +@@ -5173,7 +5193,7 @@ + info.verifyPath = false; + info.digestInfo = m_strAuthorization; + info.commentLabel = i18n( "Site:" ); +- info.comment = i18n("%1 at %2").arg( m_strRealm ).arg( m_request.hostname ); ++ info.comment = i18n("%1 at %2").arg( htmlEscape(m_strRealm) ).arg( m_request.hostname ); + } + } + else if ( m_responseCode == 407 ) +@@ -5190,7 +5210,7 @@ + info.verifyPath = false; + info.digestInfo = m_strProxyAuthorization; + info.commentLabel = i18n( "Proxy:" ); +- info.comment = i18n("%1 at %2").arg( m_strProxyRealm ).arg( m_proxyURL.host() ); ++ info.comment = i18n("%1 at %2").arg( htmlEscape(m_strProxyRealm) ).arg( m_proxyURL.host() ); + } + } + } diff --git a/kdelibs3.spec b/kdelibs3.spec index 70cc605..dfcbc90 100644 --- a/kdelibs3.spec +++ b/kdelibs3.spec @@ -28,7 +28,7 @@ Summary: KDE 3 Libraries Name: kdelibs3 Version: 3.5.10 -Release: 30%{?dist} +Release: 31%{?dist} License: LGPLv2 Url: http://www.kde.org/ @@ -107,6 +107,8 @@ Patch205: kdelibs-3.5.10-CVE-2009-2702.patch Patch206: kdelibs-3.5.10-oCERT-2009-015-xmlhttprequest.patch # CVE-2009-3736, libltdl may load and execute code from a library in the current directory Patch207: libltdl-CVE-2009-3736.patch +# CVE-2011-3365, input validation failure in KSSL +Patch208: kdelibs-3.5.x-CVE-2011-3365.patch Requires: hicolor-icon-theme %if %{kde_settings} @@ -263,6 +265,7 @@ format for easy browsing %patch205 -p1 -b .cve-2009-2702 %patch206 -p0 -b .oCERT-2009-015-xmlhttprequest %patch207 -p1 -b .CVE-2009-3736 +%patch208 -p1 -b .CVE-2011-3365 sed -i -e "s,^#define KDE_VERSION_STRING .*,#define KDE_VERSION_STRING \"%{version}-%{release} %{distname}\"," kdecore/kdeversion.h @@ -586,6 +589,9 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || : %changelog +* Thu Oct 13 2011 Than Ngo - 3.5.10-31 +- Resolves: bz#743074, CVE-2011-3365, input validation failure in KSSL + * Fri Jun 17 2011 Kevin Kofler - 3.5.10-30 - fix FTBFS (cups-util.c must include stdio.h, #714133)