author: Michael Nottebrock <lofi@FreeBSD.org> 2007-03-29 00:30:26 +0000
committer: Michael Nottebrock <lofi@FreeBSD.org> 2007-03-29 00:30:26 +0000
commit: 9dc6a902017d4d75653802729100a4af9f6acc68 (patch)
tree: a0b550d4fc84e93970e952b972cec502d084ca45 /x11/kdelibs4
parent: 839a4d6725bd5253eed65c1f010da7e973af07fc (diff)
3 files changed, 82 insertions, 36 deletions
diff --git a/x11/kdelibs4/Makefile b/x11/kdelibs4/Makefile
index 9b19292a79d8..29e6ba4a6d11 100644
--- a/x11/kdelibs4/Makefile
+++ b/x11/kdelibs4/Makefile
@@ -8,6 +8,7 @@
 
 PORTNAME=	kdelibs
 PORTVERSION=	${KDE_VERSION}
+PORTREVISION=	1
 CATEGORIES=	x11 kde ipv6
 MASTER_SITES=	${MASTER_SITE_KDE}
 MASTER_SITE_SUBDIR=	stable/${PORTVERSION:S/.0//}/src
diff --git a/x11/kdelibs4/files/patch-CVE-2007-1564-kdelibs-3.5.6 b/x11/kdelibs4/files/patch-CVE-2007-1564-kdelibs-3.5.6
new file mode 100644
index 000000000000..b026d67a3db0
--- /dev/null
+++ b/x11/kdelibs4/files/patch-CVE-2007-1564-kdelibs-3.5.6
@@ -0,0 +1,81 @@
+--- khtml/ecma/kjs_html.cpp
++++ khtml/ecma/kjs_html.cpp
+@@ -1866,9 +1866,11 @@ Value KJS::HTMLElement::getValueProperty
+ 				      getDOMNode(exec, frameElement.contentDocument()) : Undefined();
+     case FrameContentWindow:   {
+         KHTMLPart* part = static_cast<DOM::HTMLFrameElementImpl*>(frameElement.handle())->contentPart();
+-        if (part)
+-            return Value(Window::retrieveWindow(part));
+-        else
++        if (part) {
++          Window *w = Window::retrieveWindow(part);
++          if (w)
++            return Value(w);
++        }
+             return Undefined();
+     }
+     case FrameFrameBorder:     return String(frameElement.frameBorder());
+@@ -1899,9 +1901,11 @@ Value KJS::HTMLElement::getValueProperty
+ 				       getDOMNode(exec, iFrame.contentDocument()) : Undefined();
+     case IFrameContentWindow:       {
+         KHTMLPart* part = static_cast<DOM::HTMLIFrameElementImpl*>(iFrame.handle())->contentPart();
+-        if (part)
+-            return Value(Window::retrieveWindow(part));
+-        else
++        if (part) {
++          Window *w = Window::retrieveWindow(part);
++          if (w)
++            return Value(w);
++        }
+             return Undefined();
+     }
+     case IFrameFrameBorder:     return String(iFrame.frameBorder());
+--- kioslave/ftp/ftp.cc
++++ kioslave/ftp/ftp.cc
+@@ -58,6 +58,7 @@
+ #include <kmimemagic.h>
+ #include <kmimetype.h>
+ #include <ksockaddr.h>
++#include <ksocketaddress.h>
+ #include <kio/ioslave_defaults.h>
+ #include <kio/slaveconfig.h>
+ #include <kremoteencoding.h>
+@@ -835,7 +836,6 @@ bool Ftp::ftpSendCmd( const QCString& cm
+   return true;
+ }
+ 
+-
+ /*
+  * ftpOpenPASVDataConnection - set up data connection, using PASV mode
+  *
+@@ -853,6 +853,8 @@ int Ftp::ftpOpenPASVDataConnection()
+   if (sa != NULL && sa->family() != PF_INET)
+     return ERR_INTERNAL;       // no PASV for non-PF_INET connections
+ 
++  const KInetSocketAddress *sin = static_cast<const KInetSocketAddress*>(sa);
++
+   if (m_extControl & pasvUnknown)
+     return ERR_INTERNAL;       // already tried and got "unknown command"
+ 
+@@ -886,14 +888,17 @@ int Ftp::ftpOpenPASVDataConnection()
+   }
+ 
+   // Make hostname and port number ...
+-  QString host;
+-  host.sprintf("%d.%d.%d.%d", i[0], i[1], i[2], i[3]);
+   int port = i[4] << 8 | i[5];
+ 
++  // we ignore the host part on purpose for two reasons
++  // a) it might be wrong anyway
++  // b) it would make us being suceptible to a port scanning attack
++
+   // now connect the data socket ...
+   m_data = new FtpSocket("PASV");
+-  m_data->setAddress(host, port);
+-  kdDebug(7102) << "Connecting to " << host << " on port " << port << endl;
++  m_data->setAddress(sin->nodeName(), port);
++
++  kdDebug(7102) << "Connecting to " << sin->nodeName() << " on port " << port << endl;
+   return m_data->connectSocket(connectTimeout(), false);
+ }
+ 
diff --git a/x11/kdelibs4/files/patch-khtml_ecma-kjs_html.cpp b/x11/kdelibs4/files/patch-khtml_ecma-kjs_html.cpp
deleted file mode 100644
index 57e66a5b95f8..000000000000
--- a/x11/kdelibs4/files/patch-khtml_ecma-kjs_html.cpp
+++ /dev/null
@@ -1,36 +0,0 @@
---- khtml/ecma/kjs_html.cpp	2007/02/26 16:39:44	637497
-+++ khtml/ecma/kjs_html.cpp	2007/03/05 13:15:20	639609
-@@ -1866,10 +1866,12 @@
- 				      getDOMNode(exec, frameElement.contentDocument()) : Undefined();
-     case FrameContentWindow:   {
-         KHTMLPart* part = static_cast<DOM::HTMLFrameElementImpl*>(frameElement.handle())->contentPart();
--        if (part)
--            return Value(Window::retrieveWindow(part));
--        else
--            return Undefined();
-+        if (part) {
-+          Window *w = Window::retrieveWindow(part);
-+          if (w)
-+            return Value(w);
-+        }
-+        return Undefined();
-     }
-     case FrameFrameBorder:     return String(frameElement.frameBorder());
-     case FrameLongDesc:        return String(frameElement.longDesc());
-@@ -1899,10 +1901,12 @@
- 				       getDOMNode(exec, iFrame.contentDocument()) : Undefined();
-     case IFrameContentWindow:       {
-         KHTMLPart* part = static_cast<DOM::HTMLIFrameElementImpl*>(iFrame.handle())->contentPart();
--        if (part)
--            return Value(Window::retrieveWindow(part));
--        else
--            return Undefined();
-+        if (part) {
-+          Window *w = Window::retrieveWindow(part);
-+          if (w)
-+            return Value(w);
-+        }
-+        return Undefined();
-     }
-     case IFrameFrameBorder:     return String(iFrame.frameBorder());
-     case IFrameHeight:          return String(iFrame.height());
author	Michael Nottebrock <lofi@FreeBSD.org>	2007-03-29 00:30:26 +0000
committer	Michael Nottebrock <lofi@FreeBSD.org>	2007-03-29 00:30:26 +0000
commit	9dc6a902017d4d75653802729100a4af9f6acc68 (patch)
tree	a0b550d4fc84e93970e952b972cec502d084ca45 /x11/kdelibs4
parent	839a4d6725bd5253eed65c1f010da7e973af07fc (diff)