[arch-commits] Commit in kdenetwork (3 files)
Andrea Scarpino
andrea at archlinux.org
Mon May 24 00:54:23 UTC 2010
Date: Sunday, May 23, 2010 @ 20:54:23
Author: andrea
Revision: 80941
first set of KDE 4.5 tarballs (4.4.80)
Added:
kdenetwork/kde-unstable/
Modified:
kdenetwork/kde-unstable/PKGBUILD
Deleted:
kdenetwork/kde-unstable/CVE-2010-1000.patch
---------------------+
CVE-2010-1000.patch | 213 --------------------------------------------------
PKGBUILD | 20 +---
2 files changed, 7 insertions(+), 226 deletions(-)
Deleted: kde-unstable/CVE-2010-1000.patch
===================================================================
--- trunk/CVE-2010-1000.patch 2010-05-20 13:36:36 UTC (rev 80615)
+++ kde-unstable/CVE-2010-1000.patch 2010-05-24 00:54:23 UTC (rev 80941)
@@ -1,213 +0,0 @@
-diff --git a/kget/transfer-plugins/metalink/metalink.cpp b/kget/transfer-plugins/metalink/metalink.cpp
-index 605d4e1..c7d5d75 100644
---- a/kget/transfer-plugins/metalink/metalink.cpp
-+++ b/kget/transfer-plugins/metalink/metalink.cpp
-@@ -99,6 +99,7 @@ void Metalink::start()
- void Metalink::metalinkInit(const KUrl &src, const QByteArray &data)
- {
- kDebug(5001);
-+
- bool justDownloaded = !m_localMetalinkLocation.isValid();
- if (!src.isEmpty())
- {
-@@ -121,7 +122,9 @@ void Metalink::metalinkInit(const KUrl &src, const QByteArray &data)
- //error
- if (!m_metalink.isValid())
- {
-- kDebug(5001) << "Unknown error when trying to load the .metalink-file";
-+ kError(5001) << "Unknown error when trying to load the .metalink-file. Metalink is not valid.";
-+ setStatus(Job::Aborted);
-+ setTransferChange(Tc_Status, true);
- return;
- }
-
-@@ -202,7 +205,7 @@ void Metalink::metalinkInit(const KUrl &src, const QByteArray &data)
- if (!m_dataSourceFactory.size())
- {
- KMessageBox::error(0, i18n("Download failed, no working URLs were found."), i18n("Error"));
-- setStatus(Job::Aborted, i18n("An error occurred...."), SmallIcon("document-preview"));
-+ setStatus(Job::Aborted);
- setTransferChange(Tc_Status, true);
- return;
- }
-@@ -227,16 +230,29 @@ void Metalink::metalinkInit(const KUrl &src, const QByteArray &data)
- ui.treeView->hideColumn(FileItem::SignatureVerified);
- dialog->setMainWidget(widget);
- dialog->setCaption(i18n("File Selection"));
-- dialog->setButtons(KDialog::Ok);
-- connect(dialog, SIGNAL(finished()), this, SLOT(filesSelected()));
-+ dialog->setButtons(KDialog::Ok | KDialog::Cancel);
-+ connect(dialog, SIGNAL(finished(int)), this, SLOT(fileDlgFinished(int)));
-
- dialog->show();
- }
- }
-
--void Metalink::filesSelected()
-+void Metalink::fileDlgFinished(int result)
- {
-+ //BEGIN HACK if the dialog was not accepted untick every file, so that the download does not start
-+ //generally setStatus should do the job as well, but does not as it appears
-+ if (result != QDialog::Accepted) {
-+ for (int row = 0; row < fileModel()->rowCount(); ++row) {
-+ QModelIndex index = fileModel()->index(row, FileItem::File);
-+ if (index.isValid()) {
-+ fileModel()->setData(index, Qt::Unchecked, Qt::CheckStateRole);
-+ }
-+ }
-+ }
-+ //END
-+
- QModelIndexList files = fileModel()->fileIndexes(FileItem::File);
-+ int numFilesSelected = 0;
- foreach (const QModelIndex &index, files)
- {
- const KUrl dest = fileModel()->getUrl(index);
-@@ -244,6 +260,9 @@ void Metalink::filesSelected()
- if (m_dataSourceFactory.contains(dest))
- {
- m_dataSourceFactory[dest]->setDoDownload(doDownload);
-+ if (doDownload) {
-+ ++numFilesSelected;
-+ }
- }
- }
-
-@@ -252,9 +271,15 @@ void Metalink::filesSelected()
- processedSizeChanged();
- speedChanged();
-
-+ //no files selected to download or dialog rejected, stop the download
-+ if (!numFilesSelected || (result != QDialog::Accepted)) {
-+ setStatus(Job::Stopped);//FIXME
-+ setTransferChange(Tc_Status, true);
-+ return;
-+ }
-+
- //some files may be set to download, so start them as long as the transfer is not stopped
-- if (status() != Job::Stopped)
-- {
-+ if (status() != Job::Stopped) {
- startMetalink();
- }
- }
-diff --git a/kget/transfer-plugins/metalink/metalink.h b/kget/transfer-plugins/metalink/metalink.h
-index 41988cb..15e8698 100644
---- a/kget/transfer-plugins/metalink/metalink.h
-+++ b/kget/transfer-plugins/metalink/metalink.h
-@@ -81,7 +81,7 @@ class Metalink : public Transfer
-
- private Q_SLOTS:
- void metalinkInit(const KUrl &url = KUrl(), const QByteArray &data = QByteArray());
-- void filesSelected();
-+ void fileDlgFinished(int result);
- void totalSizeChanged(KIO::filesize_t size);
- void processedSizeChanged();
- void speedChanged();
-diff --git a/kget/ui/metalinkcreator/metalinker.cpp b/kget/ui/metalinkcreator/metalinker.cpp
-index 9487c6f..019b571 100644
---- a/kget/ui/metalinkcreator/metalinker.cpp
-+++ b/kget/ui/metalinkcreator/metalinker.cpp
-@@ -528,14 +528,14 @@ void KGetMetalink::Verification::clear()
-
- bool KGetMetalink::File::isValid() const
- {
-- return !name.isEmpty() && resources.isValid();
-+ return isValidNameAttribute() && resources.isValid();
- }
-
- void KGetMetalink::File::load(const QDomElement &e)
- {
- data.load(e);
-
-- name = e.attribute("name");
-+ name = QUrl::fromPercentEncoding(e.attribute("name").toAscii());
- size = e.firstChildElement("size").text().toULongLong();
-
- verification.load(e);
-@@ -575,6 +575,22 @@ void KGetMetalink::File::clear()
- resources.clear();
- }
-
-+
-+bool KGetMetalink::File::isValidNameAttribute() const
-+{
-+ if (name.isEmpty()) {
-+ kError(5001) << "Name attribute of Metalink::File is empty.";
-+ return false;
-+ }
-+
-+ if (name.contains(QRegExp("$(\\.\\.?)?/")) || name.contains("/../") || name.endsWith("/..")) {
-+ kError(5001) << "Name attribute of Metalink::File contains directory traversal directives:" << name;
-+ return false;
-+ }
-+
-+ return true;
-+}
-+
- #ifdef HAVE_NEPOMUK
- QHash<QUrl, Nepomuk::Variant> KGetMetalink::File::properties() const
- {
-@@ -584,13 +600,28 @@ QHash<QUrl, Nepomuk::Variant> KGetMetalink::File::properties() const
-
- bool KGetMetalink::Files::isValid() const
- {
-- bool isValid = !files.empty();
-- foreach (const File &file, files)
-- {
-- isValid &= file.isValid();
-+ if (files.isEmpty()) {
-+ return false;
- }
-
-- return isValid;
-+ QStringList fileNames;
-+ foreach (const File &file, files) {
-+ fileNames << file.name;
-+ if (!file.isValid()) {
-+ return false;
-+ }
-+ }
-+
-+ //The value of name must be unique for each file
-+ while (!fileNames.isEmpty()) {
-+ const QString fileName = fileNames.takeFirst();
-+ if (fileNames.contains(fileName)) {
-+ kError(5001) << "Metalink::File name" << fileName << "exists multiple times.";
-+ return false;
-+ }
-+ }
-+
-+ return true;
- }
-
- void KGetMetalink::Files::load(const QDomElement &e)
-@@ -751,7 +782,7 @@ void KGetMetalink::Metalink_v3::parseFiles(const QDomElement &e)
-
- for (QDomElement elem = filesElem.firstChildElement("file"); !elem.isNull(); elem = elem.nextSiblingElement("file")) {
- File file;
-- file.name = elem.attribute("name");
-+ file.name = QUrl::fromPercentEncoding(elem.attribute("name").toAscii());
- file.size = elem.firstChildElement("size").text().toULongLong();
-
- file.data = parseCommonData(elem);
-diff --git a/kget/ui/metalinkcreator/metalinker.h b/kget/ui/metalinkcreator/metalinker.h
-index 36b5b82..867d1a7 100644
---- a/kget/ui/metalinkcreator/metalinker.h
-+++ b/kget/ui/metalinkcreator/metalinker.h
-@@ -259,6 +259,14 @@ class File
- KIO::filesize_t size;
- CommonData data;
- Resources resources;
-+
-+ private:
-+ /**
-+ * Controlls if the name attribute is valid, i.e. it is not empty and
-+ * does not contain any directory traversal directives or information,
-+ * as described in the Metalink 4.0 specification 4.1.2.1.
-+ */
-+ bool isValidNameAttribute() const;
- };
-
- class Files
-
Modified: kde-unstable/PKGBUILD
===================================================================
--- trunk/PKGBUILD 2010-05-20 13:36:36 UTC (rev 80615)
+++ kde-unstable/PKGBUILD 2010-05-24 00:54:23 UTC (rev 80941)
@@ -1,5 +1,6 @@
# $Id$
-# Maintainer: Pierre Schmitz <pierre at archlinux.de>
+# Maintainer: Andrea Scarpino <andrea at archlinux.org>
+# Contributor: Pierre Schmitz <pierre at archlinux.de>
pkgbase=kdenetwork
pkgname=('kdenetwork-filesharing'
@@ -9,8 +10,8 @@
'kdenetwork-kppp'
'kdenetwork-krdc'
'kdenetwork-krfb')
-pkgver=4.4.3
-pkgrel=2
+pkgver=4.4.80
+pkgrel=1
arch=('i686' 'x86_64')
url='http://www.kde.org'
license=('GPL' 'LGPL' 'FDL')
@@ -19,18 +20,11 @@
'qca-ossl' 'kdebase-workspace' 'kdebase-lib' 'libvncserver' 'libmsn'
'ppp' 'libv4l' 'libidn' 'rdesktop' 'qimageblitz' 'libxss' 'libxdamage'
'libgadu' 'telepathy-qt4')
-source=("http://download.kde.org/stable/${pkgver}/src/${pkgbase}-${pkgver}.tar.bz2" "CVE-2010-1000.patch")
-sha1sums=('67237e0142f5d4edc893a7dcafffa79f998c534e'
- 'a1b599df1f9701f6c6ca77412a3793058cb47f4a')
+source=("http://download.kde.org/unstable/${pkgver}/src/${pkgbase}-${pkgver}.tar.bz2")
+sha1sums=('0fec0b209976af8d58b6aedabd819fdfd32147cf')
build() {
cd ${srcdir}
-
- # apply security patch
- cd ${pkgbase}-${pkgver}
- patch -Np1 -i ${srcdir}/CVE-2010-1000.patch || return 1
- cd ..
-
mkdir build
cd build
cmake ../${pkgbase}-${pkgver} \
@@ -52,7 +46,7 @@
}
package_kdenetwork-kdnssd() {
- pkgdesc='Network Services'
+ pkgdesc='Monitors the network for DNS-SD services'
depends=('kdelibs')
cd $srcdir/build/kdnssd
make DESTDIR=$pkgdir install
More information about the arch-commits
mailing list