Adding patch wrt security bug #189255

Package-Manager: portage-2.1.3.7

5 files changed, 108 insertions, 9 deletions

diff --git a/net-irc/konversation/ChangeLog b/net-irc/konversation/ChangeLog
index d5cc7eeba0b7..0dace6de8a45 100644
--- a/net-irc/konversation/ChangeLog
+++ b/net-irc/konversation/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-irc/konversation
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-irc/konversation/ChangeLog,v 1.55 2007/08/16 16:20:19 philantrop Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-irc/konversation/ChangeLog,v 1.56 2007/09/05 12:54:37 keytoaster Exp $
+
+*konversation-1.0.1-r3 (05 Sep 2007)
+
+  05 Sep 2007; Tobias Heinlein <keytoaster@gentoo.org>
+  +files/konversation-1.0.1-media-script-vulnerability.patch,
+  +konversation-1.0.1-r3.ebuild:
+  Adding patch wrt security bug #189255
 
 *konversation-1.0.1-r2 (16 Aug 2007)
 
diff --git a/net-irc/konversation/Manifest b/net-irc/konversation/Manifest
index 6e990a06bd98..ce4620d846a0 100644
--- a/net-irc/konversation/Manifest
+++ b/net-irc/konversation/Manifest
@@ -9,6 +9,10 @@ AUX konversation-1.0.1-konsolepanel.patch 1586 RMD160 50be8366aa4276ad176206b5e5
 MD5 282b693a31f6e76504c4dbc2ffb36708 files/konversation-1.0.1-konsolepanel.patch 1586
 RMD160 50be8366aa4276ad176206b5e559e37771094f35 files/konversation-1.0.1-konsolepanel.patch 1586
 SHA256 20ce86652f7e2e4eb24e0a855e7c52dc12729a9139cf9f7ef29dffe35e49f56e files/konversation-1.0.1-konsolepanel.patch 1586
+AUX konversation-1.0.1-media-script-vulnerability.patch 1963 RMD160 f7cc1a2dfe90ec33fab1c25b9a4895b4f87bcff3 SHA1 5b7d1ee37f3bb736d4aa2774b09ca6e55025853a SHA256 40b6250533293cb37fd86aed31ac814c875d025f4798a01fc51af9de7e0fed48
+MD5 4e7f4e0417fad74657ae3cf80648cf8a files/konversation-1.0.1-media-script-vulnerability.patch 1963
+RMD160 f7cc1a2dfe90ec33fab1c25b9a4895b4f87bcff3 files/konversation-1.0.1-media-script-vulnerability.patch 1963
+SHA256 40b6250533293cb37fd86aed31ac814c875d025f4798a01fc51af9de7e0fed48 files/konversation-1.0.1-media-script-vulnerability.patch 1963
 DIST konversation-1.0.1.tar.bz2 5848563 RMD160 1cf79a87f451aa2718560f00ddf987b68938310a SHA1 7e4b2356e942848fb83584db1bf2a1b6ef63234d SHA256 8be736289c52c21fe5ada7dd153767abd5155424a510ab9781b9d2f585cc00fd
 EBUILD konversation-1.0.1-r1.ebuild 699 RMD160 0c2ae48c2e1c762fb0eb8abc6b5b2c0f01b4b101 SHA1 c71ac2bc61ff07206c0dacc1d59e16353c892039 SHA256 20a4b22f973b576224f313cdef9834daba0c2ace8c4b71e004d46005cecc65cb
 MD5 5dbd7a25f72ed7ff92399ecea47e5aed konversation-1.0.1-r1.ebuild 699
@@ -18,14 +22,18 @@ EBUILD konversation-1.0.1-r2.ebuild 1013 RMD160 a3ef6f2fe19429bcf0782c906daa429a
 MD5 820a1e6eaae3ff937bfcce4a2e2774c2 konversation-1.0.1-r2.ebuild 1013
 RMD160 a3ef6f2fe19429bcf0782c906daa429af4932231 konversation-1.0.1-r2.ebuild 1013
 SHA256 a6db86ae0d4bb420210b9e0d4d7cd03b082d9601253eb5cbefa43e8c4aca3b51 konversation-1.0.1-r2.ebuild 1013
+EBUILD konversation-1.0.1-r3.ebuild 1065 RMD160 b9b6de8eb1916553679276f99698597c0954d1aa SHA1 c5475961a160ce76a7682215e6a99c7c3bed4a9f SHA256 d520b2b826bb89d168da46b504895f6bd463140d3bf1921f139029eed8125b99
+MD5 01c358a9da6436c528bc16b9d693f8b4 konversation-1.0.1-r3.ebuild 1065
+RMD160 b9b6de8eb1916553679276f99698597c0954d1aa konversation-1.0.1-r3.ebuild 1065
+SHA256 d520b2b826bb89d168da46b504895f6bd463140d3bf1921f139029eed8125b99 konversation-1.0.1-r3.ebuild 1065
 EBUILD konversation-1.0.1.ebuild 657 RMD160 ab1ecf9bc9909dc27caab08fa9769b869c5855e5 SHA1 58d27e21dea113d894a43a934072840085514f72 SHA256 bd9d1bfc7640346582158a7f2f9475b8bf2a49964948ca3980e174841d6afac1
 MD5 ffaeb45abfc346c3329ead8b0941b7e0 konversation-1.0.1.ebuild 657
 RMD160 ab1ecf9bc9909dc27caab08fa9769b869c5855e5 konversation-1.0.1.ebuild 657
 SHA256 bd9d1bfc7640346582158a7f2f9475b8bf2a49964948ca3980e174841d6afac1 konversation-1.0.1.ebuild 657
-MISC ChangeLog 7251 RMD160 20dd9c7facf304ac0240f4163e3682247552a7b2 SHA1 97235540061bdf386665e47693d63aa6f97594ef SHA256 a4a651ef1bfa2b8c80c1c990177138adce3d7a75e679148cfaa44376fa7c0a21
-MD5 696dc84da567c93206d5ac36016844ac ChangeLog 7251
-RMD160 20dd9c7facf304ac0240f4163e3682247552a7b2 ChangeLog 7251
-SHA256 a4a651ef1bfa2b8c80c1c990177138adce3d7a75e679148cfaa44376fa7c0a21 ChangeLog 7251
+MISC ChangeLog 7480 RMD160 fea47b15a1bd88877372daf5285873f7f881aba5 SHA1 71a2ccfbc7cfb1dba7c90224bccb499c87f4e1f5 SHA256 c65f1860d9b9337d843cf5c1f3b387b04549b01f35f804d5501cba1900962e59
+MD5 2147d53f7ce3fe9cad7ca3fde5ac2b79 ChangeLog 7480
+RMD160 fea47b15a1bd88877372daf5285873f7f881aba5 ChangeLog 7480
+SHA256 c65f1860d9b9337d843cf5c1f3b387b04549b01f35f804d5501cba1900962e59 ChangeLog 7480
 MISC metadata.xml 177 RMD160 8850c5b17b8777a62f670a0ade3bab8144c2b2dc SHA1 500abb13eb9ab623336557bb1246056b39896046 SHA256 0d969af6afa28170dac4b321dd8489b27d322f49f40c39aa3f614953f85292ce
 MD5 71e1e6f08f072eec25aeb364865de8ef metadata.xml 177
 RMD160 8850c5b17b8777a62f670a0ade3bab8144c2b2dc metadata.xml 177
@@ -39,10 +47,13 @@ SHA256 e905fba1709b730342f4e0cb8b2791f8434aadd38cc90c2804123bfc7e864680 files/di
 MD5 7c7e86e03d533fc23d42a755deae605b files/digest-konversation-1.0.1-r2 262
 RMD160 ee7c62af8dabf95b5523d4e37bc502c9743c09f0 files/digest-konversation-1.0.1-r2 262
 SHA256 e905fba1709b730342f4e0cb8b2791f8434aadd38cc90c2804123bfc7e864680 files/digest-konversation-1.0.1-r2 262
+MD5 7c7e86e03d533fc23d42a755deae605b files/digest-konversation-1.0.1-r3 262
+RMD160 ee7c62af8dabf95b5523d4e37bc502c9743c09f0 files/digest-konversation-1.0.1-r3 262
+SHA256 e905fba1709b730342f4e0cb8b2791f8434aadd38cc90c2804123bfc7e864680 files/digest-konversation-1.0.1-r3 262
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.5 (GNU/Linux)
+Version: GnuPG v2.0.6 (GNU/Linux)
 
-iD8DBQFGxHlLCkvF58q80IkRAthRAKCKmNSVSQMKjGReblN3lD/HUBcneACgpXuf
-GI0NvZkaJOv/iFcLYtAoXGQ=
-=YY3e
+iD8DBQFG3qb9l1Qf6C0PV04RAjwsAJ49+1lH+2BPd262rcb1aRz5eGR29QCggigu
+DG/KBF/yHCrga/iXeSgaClE=
+=Mora
 -----END PGP SIGNATURE-----
diff --git a/net-irc/konversation/files/digest-konversation-1.0.1-r3 b/net-irc/konversation/files/digest-konversation-1.0.1-r3
new file mode 100644
index 000000000000..f5304937b259
--- /dev/null
+++ b/net-irc/konversation/files/digest-konversation-1.0.1-r3
@@ -0,0 +1,3 @@
+MD5 60c2c5f94d4a916055db09728304b19f konversation-1.0.1.tar.bz2 5848563
+RMD160 1cf79a87f451aa2718560f00ddf987b68938310a konversation-1.0.1.tar.bz2 5848563
+SHA256 8be736289c52c21fe5ada7dd153767abd5155424a510ab9781b9d2f585cc00fd konversation-1.0.1.tar.bz2 5848563
diff --git a/net-irc/konversation/files/konversation-1.0.1-media-script-vulnerability.patch b/net-irc/konversation/files/konversation-1.0.1-media-script-vulnerability.patch
new file mode 100644
index 000000000000..7c7bd32cf6e3
--- /dev/null
+++ b/net-irc/konversation/files/konversation-1.0.1-media-script-vulnerability.patch
@@ -0,0 +1,41 @@
+diff -aur konversation-1.0.1/konversation/src/channel.cpp konversation-1.0.1-fixed/konversation/src/channel.cpp
+--- konversation-1.0.1/konversation/src/channel.cpp	2006-10-06 18:43:29.000000000 +0200
++++ konversation-1.0.1-fixed/konversation/src/channel.cpp	2007-09-05 01:10:52.000000000 +0200
+@@ -890,7 +890,7 @@
+     }
+ 
+     // Send all strings, one after another
+-    QStringList outList=QStringList::split('\n',outputAll);
++    QStringList outList=QStringList::split(QRegExp("[\r\n]+"),outputAll);
+     for(unsigned int index=0;index<outList.count();index++)
+     {
+         QString output(outList[index]);
+diff -aur konversation-1.0.1/konversation/src/konvdcop.cpp konversation-1.0.1-fixed/konversation/src/konvdcop.cpp
+--- konversation-1.0.1/konversation/src/konvdcop.cpp	2006-10-06 18:43:29.000000000 +0200
++++ konversation-1.0.1-fixed/konversation/src/konvdcop.cpp	2007-09-05 01:11:08.000000000 +0200
+@@ -82,15 +82,23 @@
+     emit dcopMultiServerRaw("me " + message);
+ }
+ 
+-void KonvDCOP::say(const QString& server,const QString& target,const QString& command)
++void KonvDCOP::say(const QString& _server,const QString& _target,const QString& _command)
+ {
++    //Sadly, copy on write doesn't exist with QString::replace
++    QString server(_server), target(_target), command(_command);
++
+     // TODO: this just masks a greater problem - Server::addQuery will return a query for '' --argonel
+     // TODO: other DCOP calls need argument checking too --argonel
+     if (server.isEmpty() || target.isEmpty() || command.isEmpty())
+         kdDebug() <<  "KonvDCOP::say() requires 3 arguments." << endl;
+     else
+     {
+-        kdDebug() << "KonvDCOP::say()" << endl;
++        command.replace('\n',"\\n");
++        command.replace('\r',"\\r");
++        target.remove('\n');
++        target.remove('\r');
++        server.remove('\n');
++        server.remove('\r');
+         // Act as if the user typed it
+         emit dcopSay(server,target,command);
+     }
diff --git a/net-irc/konversation/konversation-1.0.1-r3.ebuild b/net-irc/konversation/konversation-1.0.1-r3.ebuild
new file mode 100644
index 000000000000..4f4b00820fdf
--- /dev/null
+++ b/net-irc/konversation/konversation-1.0.1-r3.ebuild
@@ -0,0 +1,37 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-irc/konversation/konversation-1.0.1-r3.ebuild,v 1.1 2007/09/05 12:54:37 keytoaster Exp $
+
+LANGS="bg ca da de el en_GB es et fi fr hu it ja ka ko nl pt ru sr sr@Latn sv tr zh_TW
+	ar cs gl he lt pa pt_BR ta"
+LANGS_DOC="da es et it nl pt ru sv"
+
+USE_KEG_PACKAGING=1
+
+inherit kde
+
+DESCRIPTION="A user friendly IRC Client for KDE3.x"
+HOMEPAGE="http://konversation.kde.org/"
+SRC_URI="http://download.berlios.de/${PN}/${P}.tar.bz2"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE=""
+
+need-kde 3
+
+PATCHES="${FILESDIR}/${P}-crash.patch
+		${FILESDIR}/${P}-konsolepanel.patch
+		${FILESDIR}/${P}-media-script-vulnerability.patch"
+
+pkg_postinst() {
+	kde_pkg_postinst
+
+	if ! has_version kde-base/konsole && ! has_version kde-base/kdebase; then
+		echo
+		elog "If you want to be able to use Konsole from inside ${PN}, please emerge either"
+		elog "kde-base/konsole or kde-base/kdebase."
+		echo
+	fi
+}