aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-03-02 17:35:43 -0500
committerLeo Famulari <leo@famulari.name>2017-03-04 18:35:17 -0500
commitc35745edc4e78defba4a82e32974d729cf159c34 (patch)
tree6fed78aeba3c97885dceebd6cfaea05f7e6a690c
parent5e0535a7e6b0ca292a792c45bf3e432059a06a2b (diff)
downloadguix-c35745edc4e78defba4a82e32974d729cf159c34.tar
guix-c35745edc4e78defba4a82e32974d729cf159c34.tar.gz
gnu: kio: Fix CVE-2017-6410.
* gnu/packages/patches/kio-CVE-2017-6410.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/kde-frameworks.scm (kio)[source]: Use it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/kde-frameworks.scm1
-rw-r--r--gnu/packages/patches/kio-CVE-2017-6410.patch53
3 files changed, 55 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index ce8ea3d37b..a44c4072b0 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -648,6 +648,7 @@ dist_patch_DATA = \
%D%/packages/patches/jq-CVE-2015-8863.patch \
%D%/packages/patches/kdbusaddons-kinit-file-name.patch \
%D%/packages/patches/khmer-use-libraries.patch \
+ %D%/packages/patches/kio-CVE-2017-6410.patch \
%D%/packages/patches/kmod-module-directory.patch \
%D%/packages/patches/kobodeluxe-paths.patch \
%D%/packages/patches/kobodeluxe-enemies-pipe-decl.patch \
diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm
index 36c2851567..ba4ead2d67 100644
--- a/gnu/packages/kde-frameworks.scm
+++ b/gnu/packages/kde-frameworks.scm
@@ -2206,6 +2206,7 @@ makes starting KDE applications faster and reduces memory consumption.")
"mirror://kde/stable/frameworks/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
+ (patches (search-patches "kio-CVE-2017-6410.patch"))
(sha256
(base32
"1hqc88c2idi9fkb7jy82csb0i740lghv0p2fg1gaglcarjdz7nia"))))
diff --git a/gnu/packages/patches/kio-CVE-2017-6410.patch b/gnu/packages/patches/kio-CVE-2017-6410.patch
new file mode 100644
index 0000000000..748636f806
--- /dev/null
+++ b/gnu/packages/patches/kio-CVE-2017-6410.patch
@@ -0,0 +1,53 @@
+Fix CVE-2017-6410, "Information Leak when accessing https when using a
+malicious PAC file":
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6410
+https://www.kde.org/info/security/advisory-20170228-1.txt
+
+Patch copied from upstream source repository:
+
+https://cgit.kde.org/kio.git/commit/?id=f9d0cb47cf94e209f6171ac0e8d774e68156a6e4
+
+From f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Tue, 28 Feb 2017 19:00:48 +0100
+Subject: Sanitize URLs before passing them to FindProxyForURL
+
+Remove user/password information
+For https: remove path and query
+
+Thanks to safebreach.com for reporting the problem
+
+CCMAIL: yoni.fridburg@safebreach.com
+CCMAIL: amit.klein@safebreach.com
+CCMAIL: itzik.kotler@safebreach.com
+---
+ src/kpac/script.cpp | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/kpac/script.cpp b/src/kpac/script.cpp
+index a0235f7..2485c54 100644
+--- a/src/kpac/script.cpp
++++ b/src/kpac/script.cpp
+@@ -754,9 +754,16 @@ QString Script::evaluate(const QUrl &url)
+ }
+ }
+
++ QUrl cleanUrl = url;
++ cleanUrl.setUserInfo(QString());
++ if (cleanUrl.scheme() == QLatin1String("https")) {
++ cleanUrl.setPath(QString());
++ cleanUrl.setQuery(QString());
++ }
++
+ QScriptValueList args;
+- args << url.url();
+- args << url.host();
++ args << cleanUrl.url();
++ args << cleanUrl.host();
+
+ QScriptValue result = func.call(QScriptValue(), args);
+ if (result.isError()) {
+--
+cgit v0.11.2
+