forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Revision bump adds upstream patch which backports the fix for CVE 2017-5593. Will be fixed in release 16.12.3. Versions >=16.11.80 are affected. Package-Manager: Portage-2.3.3, Repoman-2.3.1
- Loading branch information
Showing
2 changed files
with
281 additions
and
0 deletions.
There are no files selected for viewing
119 changes: 119 additions & 0 deletions
119
kde-apps/kopete/files/kopete-16.12.2-CVE-2017-5593.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,119 @@ | ||
commit 6243764c4fd0985320d4a10b48051cc418d584ad | ||
Author: Pali Rohár <[email protected]> | ||
Date: Sat Feb 11 13:24:59 2017 +0100 | ||
|
||
Fix CVE 2017-5593 (User Impersonation Vulnerability) in jabber protocol | ||
|
||
BUG: 376348 | ||
FIXED-IN: 16.12.3 | ||
|
||
diff --git a/protocols/jabber/libiris/patches/01_cve_2017-5593.patch b/protocols/jabber/libiris/patches/01_cve_2017-5593.patch | ||
new file mode 100644 | ||
index 000000000..573ca66bc | ||
--- /dev/null | ||
+++ b/protocols/jabber/libiris/patches/01_cve_2017-5593.patch | ||
@@ -0,0 +1,52 @@ | ||
+diff --git a/src/xmpp/xmpp-im/xmpp_tasks.cpp b/src/xmpp/xmpp-im/xmpp_tasks.cpp | ||
+index 0e74b71..0837548 100644 | ||
+--- a/src/xmpp/xmpp-im/xmpp_tasks.cpp | ||
++++ b/src/xmpp/xmpp-im/xmpp_tasks.cpp | ||
+@@ -888,14 +888,18 @@ bool JT_PushMessage::take(const QDomElement &e) | ||
+ QDomElement forward; | ||
+ Message::CarbonDir cd = Message::NoCarbon; | ||
+ | ||
++ Jid fromJid = Jid(e1.attribute(QLatin1String("from"))); | ||
+ // Check for Carbon | ||
+ QDomNodeList list = e1.childNodes(); | ||
+ for (int i = 0; i < list.size(); ++i) { | ||
+ QDomElement el = list.at(i).toElement(); | ||
+ | ||
+- if (el.attribute("xmlns") == QLatin1String("urn:xmpp:carbons:2") && (el.tagName() == QLatin1String("received") || el.tagName() == QLatin1String("sent"))) { | ||
++ if (el.attribute("xmlns") == QLatin1String("urn:xmpp:carbons:2") | ||
++ && (el.tagName() == QLatin1String("received") || el.tagName() == QLatin1String("sent")) | ||
++ && fromJid.compare(Jid(e1.attribute(QLatin1String("to"))), false)) { | ||
+ QDomElement el1 = el.firstChildElement(); | ||
+- if (el1.tagName() == QLatin1String("forwarded") && el1.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) { | ||
++ if (el1.tagName() == QLatin1String("forwarded") | ||
++ && el1.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) { | ||
+ QDomElement el2 = el1.firstChildElement(QLatin1String("message")); | ||
+ if (!el2.isNull()) { | ||
+ forward = el2; | ||
+@@ -904,7 +908,8 @@ bool JT_PushMessage::take(const QDomElement &e) | ||
+ } | ||
+ } | ||
+ } | ||
+- else if (el.tagName() == QLatin1String("forwarded") && el.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) { | ||
++ else if (el.tagName() == QLatin1String("forwarded") | ||
++ && el.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) { | ||
+ forward = el.firstChildElement(QLatin1String("message")); // currently only messages are supportted | ||
+ // TODO <delay> element support | ||
+ if (!forward.isNull()) { | ||
+@@ -913,7 +918,6 @@ bool JT_PushMessage::take(const QDomElement &e) | ||
+ } | ||
+ } | ||
+ | ||
+- QString from = e1.attribute(QLatin1String("from")); | ||
+ Stanza s = client()->stream().createStanza(addCorrectNS(forward.isNull()? e1 : forward)); | ||
+ if(s.isNull()) { | ||
+ //printf("take: bad stanza??\n"); | ||
+@@ -926,7 +930,7 @@ bool JT_PushMessage::take(const QDomElement &e) | ||
+ return false; | ||
+ } | ||
+ if (!forward.isNull()) { | ||
+- m.setForwardedFrom(Jid(from)); | ||
++ m.setForwardedFrom(fromJid); | ||
+ m.setCarbonDirection(cd); | ||
+ } | ||
+ | ||
diff --git a/protocols/jabber/libiris/src/xmpp/xmpp-im/xmpp_tasks.cpp b/protocols/jabber/libiris/src/xmpp/xmpp-im/xmpp_tasks.cpp | ||
index 0e74b7126..083754867 100644 | ||
--- a/protocols/jabber/libiris/src/xmpp/xmpp-im/xmpp_tasks.cpp | ||
+++ b/protocols/jabber/libiris/src/xmpp/xmpp-im/xmpp_tasks.cpp | ||
@@ -888,14 +888,18 @@ bool JT_PushMessage::take(const QDomElement &e) | ||
QDomElement forward; | ||
Message::CarbonDir cd = Message::NoCarbon; | ||
|
||
+ Jid fromJid = Jid(e1.attribute(QLatin1String("from"))); | ||
// Check for Carbon | ||
QDomNodeList list = e1.childNodes(); | ||
for (int i = 0; i < list.size(); ++i) { | ||
QDomElement el = list.at(i).toElement(); | ||
|
||
- if (el.attribute("xmlns") == QLatin1String("urn:xmpp:carbons:2") && (el.tagName() == QLatin1String("received") || el.tagName() == QLatin1String("sent"))) { | ||
+ if (el.attribute("xmlns") == QLatin1String("urn:xmpp:carbons:2") | ||
+ && (el.tagName() == QLatin1String("received") || el.tagName() == QLatin1String("sent")) | ||
+ && fromJid.compare(Jid(e1.attribute(QLatin1String("to"))), false)) { | ||
QDomElement el1 = el.firstChildElement(); | ||
- if (el1.tagName() == QLatin1String("forwarded") && el1.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) { | ||
+ if (el1.tagName() == QLatin1String("forwarded") | ||
+ && el1.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) { | ||
QDomElement el2 = el1.firstChildElement(QLatin1String("message")); | ||
if (!el2.isNull()) { | ||
forward = el2; | ||
@@ -904,7 +908,8 @@ bool JT_PushMessage::take(const QDomElement &e) | ||
} | ||
} | ||
} | ||
- else if (el.tagName() == QLatin1String("forwarded") && el.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) { | ||
+ else if (el.tagName() == QLatin1String("forwarded") | ||
+ && el.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) { | ||
forward = el.firstChildElement(QLatin1String("message")); // currently only messages are supportted | ||
// TODO <delay> element support | ||
if (!forward.isNull()) { | ||
@@ -913,7 +918,6 @@ bool JT_PushMessage::take(const QDomElement &e) | ||
} | ||
} | ||
|
||
- QString from = e1.attribute(QLatin1String("from")); | ||
Stanza s = client()->stream().createStanza(addCorrectNS(forward.isNull()? e1 : forward)); | ||
if(s.isNull()) { | ||
//printf("take: bad stanza??\n"); | ||
@@ -926,7 +930,7 @@ bool JT_PushMessage::take(const QDomElement &e) | ||
return false; | ||
} | ||
if (!forward.isNull()) { | ||
- m.setForwardedFrom(Jid(from)); | ||
+ m.setForwardedFrom(fromJid); | ||
m.setCarbonDirection(cd); | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,162 @@ | ||
# Copyright 1999-2017 Gentoo Foundation | ||
# Distributed under the terms of the GNU General Public License v2 | ||
# $Id$ | ||
|
||
EAPI=6 | ||
|
||
KDE_HANDBOOK="optional" | ||
inherit kde4-base | ||
|
||
DESCRIPTION="KDE multi-protocol IM client" | ||
HOMEPAGE="https://kopete.kde.org https://www.kde.org/applications/internet/kopete" | ||
KEYWORDS="~amd64 ~arm ~x86" | ||
IUSE="debug ssl v4l" | ||
|
||
# tests hang, last checked for 4.2.96 | ||
RESTRICT+=" test" | ||
|
||
# Available plugins | ||
# | ||
# addbookmarks: NO DEPS | ||
# alias: NO DEPS (disabled upstream) | ||
# autoreplace: NO DEPS | ||
# contactnotes: NO DEPS | ||
# highlight: NO DEPS | ||
# history: NO DEPS | ||
# latex: virtual/latex as RDEPEND | ||
# nowlistening: NO DEPS | ||
# otr: libotr | ||
# pipes: NO DEPS | ||
# privacy: NO DEPS | ||
# statistics: dev-db/sqlite:3 | ||
# texteffect: NO DEPS | ||
# translator: NO DEPS | ||
# urlpicpreview: NO DEPS | ||
# webpresence: libxml2 libxslt | ||
# NOTE: By default we enable all plugins that don't have any dependencies | ||
PLUGINS="+addbookmarks +autoreplace +contactnotes +highlight +history latex | ||
+nowlistening otr +pipes +privacy +statistics +texteffect +translator | ||
+urlpicpreview webpresence" | ||
|
||
# Available protocols | ||
# | ||
# gadu: net-libs/libgadu @since 4.3 | ||
# groupwise: app-crypt/qca:2 | ||
# irc: NO DEPS, probably will fail so inform user about it | ||
# xmpp: net-dns/libidn app-crypt/qca:2 ENABLED BY DEFAULT NETWORK | ||
# jingle: media-libs/speex net-libs/ortp DISABLED BY UPSTREAM | ||
# meanwhile: net-libs/meanwhile | ||
# oscar: NO DEPS | ||
# telepathy: net-libs/decibel | ||
# testbed: NO DEPS | ||
# winpopup: NO DEPS (we're adding samba as RDEPEND so it works) | ||
# yahoo: media-libs/jasper | ||
# zeroconf (bonjour): NO DEPS | ||
PROTOCOLS="gadu groupwise jingle meanwhile oscar skype | ||
testbed winpopup +xmpp yahoo zeroconf" | ||
|
||
# disabled protocols | ||
# telepathy: net-libs/decibel | ||
# irc: NO DEPS | ||
# msn: net-libs/libmsn | ||
# qq: NO DEPS | ||
|
||
IUSE="${IUSE} ${PLUGINS} ${PROTOCOLS}" | ||
|
||
COMMONDEPEND=" | ||
$(add_kdeapps_dep kdepimlibs) | ||
dev-libs/libpcre | ||
>=dev-qt/qtgui-4.4.0:4[mng] | ||
kde-frameworks/kdelibs:4[zeroconf?] | ||
media-libs/phonon[qt4] | ||
media-libs/qimageblitz | ||
!aqua? ( | ||
x11-libs/libX11 | ||
x11-libs/libXScrnSaver | ||
) | ||
gadu? ( >=net-libs/libgadu-1.8.0[threads] ) | ||
groupwise? ( app-crypt/qca:2[qt4(+)] ) | ||
jingle? ( | ||
dev-libs/expat | ||
dev-libs/openssl:0 | ||
>=media-libs/mediastreamer-2.3.0 | ||
media-libs/speex | ||
net-libs/libsrtp | ||
net-libs/ortp:= | ||
) | ||
meanwhile? ( net-libs/meanwhile ) | ||
otr? ( >=net-libs/libotr-4.0.0 ) | ||
statistics? ( dev-db/sqlite:3 ) | ||
v4l? ( media-libs/libv4l ) | ||
webpresence? ( | ||
dev-libs/libxml2 | ||
dev-libs/libxslt | ||
) | ||
xmpp? ( | ||
app-crypt/qca:2[qt4(+)] | ||
dev-libs/qjson | ||
net-dns/libidn | ||
sys-libs/zlib | ||
) | ||
yahoo? ( media-libs/jasper ) | ||
" | ||
RDEPEND="${COMMONDEPEND} | ||
latex? ( | ||
|| ( | ||
media-gfx/imagemagick | ||
media-gfx/graphicsmagick[imagemagick] | ||
) | ||
virtual/latex-base | ||
) | ||
ssl? ( app-crypt/qca:2[ssl] ) | ||
winpopup? ( net-fs/samba ) | ||
" | ||
DEPEND="${COMMONDEPEND} | ||
jingle? ( dev-libs/jsoncpp ) | ||
!aqua? ( x11-proto/scrnsaverproto ) | ||
" | ||
|
||
PATCHES=( "${FILESDIR}/${P}-CVE-2017-5593.patch" ) | ||
|
||
src_configure() { | ||
local x x2 | ||
# Handle common stuff | ||
local mycmakeargs=( | ||
-DWITH_GOOGLETALK=$(usex jingle) | ||
-DWITH_LiboRTP=$(usex jingle) | ||
-DWITH_Mediastreamer=$(usex jingle) | ||
-DWITH_Speex=$(usex jingle) | ||
-DDISABLE_VIDEOSUPPORT=$(usex !v4l) | ||
) | ||
# enable protocols | ||
for x in ${PROTOCOLS}; do | ||
case ${x/+/} in | ||
zeroconf) x2=bonjour ;; | ||
xmpp) x2=jabber ;; | ||
*) x2=${x/+/} ;; | ||
esac | ||
mycmakeargs+=( -DWITH_${x2}=$(usex ${x/+/}) ) | ||
done | ||
|
||
mycmakeargs+=( -DWITH_Libmsn=OFF -DWITH_qq=OFF -DWITH_sms=OFF ) | ||
|
||
# enable plugins | ||
for x in ${PLUGINS}; do | ||
mycmakeargs+=( -DWITH_${x/+/}=$(usex ${x/+/}) ) | ||
done | ||
|
||
kde4-base_src_configure | ||
} | ||
|
||
pkg_postinst() { | ||
kde4-base_pkg_postinst | ||
|
||
if ! use ssl; then | ||
if use xmpp ; then # || use irc; then | ||
if ! has_version "app-crypt/qca:2[ssl]" ; then | ||
elog "In order to use ssl in xmpp you'll need to" | ||
elog "install app-crypt/qca package with USE=ssl." | ||
fi | ||
fi | ||
fi | ||
} |