From d7d373ffcc5464a1237e01caf223c03304f61a7955d029c2881d69a1cdeee34a Mon Sep 17 00:00:00 2001 From: Fabian Vogt Date: Wed, 1 Mar 2017 21:08:23 +0000 Subject: [PATCH] - Add patch to fix security issue with proxy configuration (boo#1027520) * sanitize-url-for-proxy.patch OBS-URL: https://build.opensuse.org/package/show/KDE:Frameworks5/kio?expand=0&rev=169 --- kio.changes | 6 ++++++ kio.spec | 5 ++++- sanitize-url-for-proxy.patch | 40 ++++++++++++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 sanitize-url-for-proxy.patch diff --git a/kio.changes b/kio.changes index 3c87ffe..f56fe3d 100644 --- a/kio.changes +++ b/kio.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Mar 1 21:02:49 UTC 2017 - fabian@ritter-vogt.de + +- Add patch to fix security issue with proxy configuration (boo#1027520) + * sanitize-url-for-proxy.patch + ------------------------------------------------------------------- Thu Feb 9 09:30:01 UTC 2017 - hrvoje.senjan@gmail.com diff --git a/kio.spec b/kio.spec index 69a8226..6a0e119 100644 --- a/kio.spec +++ b/kio.spec @@ -75,6 +75,8 @@ Source: http://download.kde.org/stable/frameworks/%{_tar_path}/%{name}-% Source1: baselibs.conf # PATCH-FIX-OPENSUSE kio_help-fallback-to-kde4-docs.patch -- allow kio_help to see into kde4 documentation, needed especially for khelpcenter5 Patch0: kio_help-fallback-to-kde4-docs.patch +# PATCH-FIX-UPSTREAM sanitize-url-for-proxy.patch +Patch1: sanitize-url-for-proxy.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -84,8 +86,8 @@ file dialog also uses this to provide its network-enabled file management. %package core Summary: Network transparent access to files and data -Group: System/GUI/KDE # core subpackage created with 5.9.0 +Group: System/GUI/KDE Conflicts: kio <= 5.8.0 %description core @@ -121,6 +123,7 @@ Development files. %prep %setup -q %patch0 -p1 +%patch1 -p1 %build %cmake_kf5 -d build diff --git a/sanitize-url-for-proxy.patch b/sanitize-url-for-proxy.patch new file mode 100644 index 0000000..835f962 --- /dev/null +++ b/sanitize-url-for-proxy.patch @@ -0,0 +1,40 @@ +From f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Tue, 28 Feb 2017 19:00:48 +0100 +Subject: [PATCH] Sanitize URLs before passing them to FindProxyForURL + +Remove user/password information +For https: remove path and query + +Thanks to safebreach.com for reporting the problem + +CCMAIL: yoni.fridburg@safebreach.com +CCMAIL: amit.klein@safebreach.com +CCMAIL: itzik.kotler@safebreach.com +--- + src/kpac/script.cpp | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/kpac/script.cpp b/src/kpac/script.cpp +index a0235f7..2485c54 100644 +--- a/src/kpac/script.cpp ++++ b/src/kpac/script.cpp +@@ -754,9 +754,16 @@ QString Script::evaluate(const QUrl &url) + } + } + ++ QUrl cleanUrl = url; ++ cleanUrl.setUserInfo(QString()); ++ if (cleanUrl.scheme() == QLatin1String("https")) { ++ cleanUrl.setPath(QString()); ++ cleanUrl.setQuery(QString()); ++ } ++ + QScriptValueList args; +- args << url.url(); +- args << url.host(); ++ args << cleanUrl.url(); ++ args << cleanUrl.host(); + + QScriptValue result = func.call(QScriptValue(), args); + if (result.isError()) {