Hello community, here is the log from the commit of package ktnef for openSUSE:Factory checked in at 2017-03-15 00:57:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ktnef (Old) and /work/SRC/openSUSE:Factory/.ktnef.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ktnef" Wed Mar 15 00:57:09 2017 rev:18 rq:478234 version:16.12.3 Changes: -------- --- /work/SRC/openSUSE:Factory/ktnef/ktnef.changes 2017-02-13 07:28:54.392894969 +0100 +++ /work/SRC/openSUSE:Factory/.ktnef.new/ktnef.changes 2017-03-15 01:57:53.952655625 +0100 @@ -1,0 +2,12 @@ +Thu Mar 9 12:41:31 CET 2017 - [email protected] + +- Update to 16.12.3 + * New bugfix release + * For more details please see: + * https://www.kde.org/announcements/announce-applications-16.12.3.php +- Changes since 16.12.2: + * Fix Directory Traversal problem in ktnef + * Fixes for some fuzzed files + + +------------------------------------------------------------------- Old: ---- ktnef-16.12.2.tar.xz New: ---- ktnef-16.12.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ktnef.spec ++++++ --- /var/tmp/diff_new_pack.YY0Ugi/_old 2017-03-15 01:57:54.432587775 +0100 +++ /var/tmp/diff_new_pack.YY0Ugi/_new 2017-03-15 01:57:54.436587209 +0100 @@ -17,10 +17,10 @@ Name: ktnef -Version: 16.12.2 +Version: 16.12.3 Release: 0 %define kf5_version 5.26.0 -# Latest stable Applications (e.g. 16.08 in KA, but 16.12.2 in KUA) +# Latest stable Applications (e.g. 16.08 in KA, but 16.12.3 in KUA) %{!?_kapp_version: %global _kapp_version %(echo %{version}| awk -F. '{print $1"."$2}')} Summary: KDE PIM Libraries: TNEF support License: LGPL-2.1+ ++++++ ktnef-16.12.2.tar.xz -> ktnef-16.12.3.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ktnef-16.12.2/CMakeLists.txt new/ktnef-16.12.3/CMakeLists.txt --- old/ktnef-16.12.2/CMakeLists.txt 2017-01-16 06:53:11.000000000 +0100 +++ new/ktnef-16.12.3/CMakeLists.txt 2017-02-27 19:04:52.000000000 +0100 @@ -19,11 +19,11 @@ include(ECMQtDeclareLoggingCategory) -set(PIM_VERSION "5.4.2") +set(PIM_VERSION "5.4.3") set(KTNEF_LIB_VERSION ${PIM_VERSION}) -set(CALENDARCORE_LIB_VERSION "5.4.2") -set(CALENDARUTILS_LIB_VERSION "5.4.2") -set(KCONTACTS_LIB_VERSION "5.4.2") +set(CALENDARCORE_LIB_VERSION "5.4.3") +set(CALENDARUTILS_LIB_VERSION "5.4.3") +set(KCONTACTS_LIB_VERSION "5.4.3") ecm_setup_version(${KTNEF_LIB_VERSION} VARIABLE_PREFIX KTNEF VERSION_HEADER "${CMAKE_CURRENT_BINARY_DIR}/ktnef_version.h" PACKAGE_VERSION_FILE "${CMAKE_CURRENT_BINARY_DIR}/KF5TnefConfigVersion.cmake" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ktnef-16.12.2/src/ktnefparser.cpp new/ktnef-16.12.3/src/ktnefparser.cpp --- old/ktnef-16.12.2/src/ktnefparser.cpp 2017-01-16 06:53:11.000000000 +0100 +++ new/ktnef-16.12.3/src/ktnefparser.cpp 2017-02-27 19:04:52.000000000 +0100 @@ -41,7 +41,9 @@ #include <QtCore/QDateTime> #include <QtCore/QDataStream> +#include <QtCore/QDir> #include <QtCore/QFile> +#include <QtCore/QFileInfo> #include <QtCore/QVariant> #include <QtCore/QList> @@ -248,6 +250,8 @@ quint32 rows; QList<QVariant> recipTable; stream_ >> rows; + if (rows > (INT_MAX / sizeof(QVariant))) + return false; recipTable.reserve(rows); for (uint i = 0; i < rows; i++) { QMap<int, KTNEFProperty *> props; @@ -444,7 +448,9 @@ bool KTNEFParser::ParserPrivate::extractAttachmentTo(KTNEFAttach *att, const QString &dirname) { - QString filename = dirname + QLatin1Char('/'); + const QString destDir(QDir(dirname).absolutePath()); // get directory path without any "." or ".." + + QString filename = destDir + QLatin1Char('/'); if (!att->fileName().isEmpty()) { filename += att->fileName(); } else { @@ -460,6 +466,15 @@ if (!device_->seek(att->offset())) { return false; } + + const QFileInfo fi(filename); + if (!fi.absoluteFilePath().startsWith(destDir)) { + qWarning() << "Attempted extract into" << fi.absoluteFilePath() + << "which is outside of the extraction root folder" << destDir << "." + << "Changing export of contained files to extraction root folder."; + filename = destDir + QLatin1Char('/') + fi.fileName(); + } + QSaveFile outfile(filename); if (!outfile.open(QIODevice::WriteOnly)) { return false; @@ -706,6 +721,9 @@ } else { len = len_; } + if (len > INT_MAX) + return QString(); + quint32 fullLen = len; if (align) { ALIGN(fullLen, 4); @@ -806,17 +824,17 @@ } else { stream >> d; } - for (uint i = 0; i < d; i++) { + for (uint i = 0; i < d && !stream.atEnd(); i++) { value.clear(); quint32 len; stream >> len; value = QByteArray(len, '\0'); - if (len > 0) { - int fullLen = len; + if (len > 0 && len <= INT_MAX) { + uint fullLen = len; ALIGN(fullLen, 4); stream.readRawData(value.toByteArray().data(), len); quint8 c; - for (int i = len; i < fullLen; i++) { + for (uint i = len; i < fullLen; i++) { stream >> c; } // FIXME: Shouldn't we do something with the value???
