From a3159758806eaf63a66a73938d535f8ec7a93358 Mon Sep 17 00:00:00 2001
From: Raphael Kubo da Costa <rakuco@FreeBSD.org>
Date: Mon, 13 Mar 2017 10:04:12 +0000
Subject: MFH: r435960

Patch a directory traversal vulnerability in the KTNEF parser.

Backported from
https://commits.kde.org/ktnef/4ff38aa15487d69021aacad4b078500f77fb4ae8

Security announcement:
https://www.kde.org/info/security/advisory-20170227-1.txt

Security:	e550fc62-069a-11e7-8e3e-5453ed2e2b49

Approved by:	ports-secteam (junovitch)
---
 deskutils/kdepimlibs4/Makefile                     |  2 +-
 .../kdepimlibs4/files/patch-ktnef_ktnefparser.cpp  | 38 ++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp

diff --git a/deskutils/kdepimlibs4/Makefile b/deskutils/kdepimlibs4/Makefile
index 3d3ed829ab06..6ad9b93b7626 100644
--- a/deskutils/kdepimlibs4/Makefile
+++ b/deskutils/kdepimlibs4/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	kdepimlibs
 PORTVERSION=	${KDE4_KDELIBS_VERSION}
-PORTREVISION=	6
+PORTREVISION=	7
 CATEGORIES=	deskutils kde
 MASTER_SITES=	KDE/${KDE4_APPLICATIONS_BRANCH}/applications/${KDE4_APPLICATIONS_VERSION}/src
 DIST_SUBDIR=	KDE/${PORTVERSION}
diff --git a/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp b/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp
new file mode 100644
index 000000000000..29f035a3c9fc
--- /dev/null
+++ b/deskutils/kdepimlibs4/files/patch-ktnef_ktnefparser.cpp
@@ -0,0 +1,38 @@
+Fix for https://www.kde.org/info/security/advisory-20170227-1.txt
+--- ktnef/ktnefparser.cpp.orig	2017-03-11 20:23:43 UTC
++++ ktnef/ktnefparser.cpp
+@@ -40,7 +40,9 @@
+ 
+ #include <QtCore/QDateTime>
+ #include <QtCore/QDataStream>
++#include <QtCore/QDir>
+ #include <QtCore/QFile>
++#include <QtCore/QFileInfo>
+ #include <QtCore/QVariant>
+ #include <QtCore/QList>
+ 
+@@ -446,7 +448,9 @@ bool KTNEFParser::extractFile( const QSt
+ bool KTNEFParser::ParserPrivate::extractAttachmentTo( KTNEFAttach *att,
+                                                       const QString &dirname )
+ {
+-  QString filename = dirname + '/';
++  const QString destDir( QDir( dirname ).absolutePath() ); // get directory path without any "." or ".."
++
++  QString filename = destDir + '/';
+   if ( !att->fileName().isEmpty()) {
+     filename += att->fileName();
+   } else {
+@@ -462,6 +466,13 @@ bool KTNEFParser::ParserPrivate::extract
+   if ( !device_->seek( att->offset() ) ) {
+     return false;
+   }
++  const QFileInfo fi( filename );
++  if ( !fi.absoluteFilePath().startsWith( destDir ) ) {
++      kWarning() << "Attempted extract into" << fi.absoluteFilePath()
++                 << "which is outside of the extraction root folder" << destDir << "."
++                 << "Changing export of contained files to extraction root folder.";
++      filename = destDir + QLatin1Char( '/' ) + fi.fileName();
++  }
+   KSaveFile outfile( filename );
+   if ( !outfile.open() ) {
+     return false;
-- 
cgit v1.2.3