summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kde/patch/kopete.patch4
-rw-r--r--kde/patch/kopete/kopete_kdebug376348.patch127
2 files changed, 131 insertions, 0 deletions
diff --git a/kde/patch/kopete.patch b/kde/patch/kopete.patch
new file mode 100644
index 0000000..4d79a08
--- /dev/null
+++ b/kde/patch/kopete.patch
@@ -0,0 +1,4 @@
+# Fix for jabber protocol vulnerability in Kopete: CVE-2017-5593
+# (User Impersonation Vulnerability)
+cat $CWD/patch/kopete/kopete_kdebug376348.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+
diff --git a/kde/patch/kopete/kopete_kdebug376348.patch b/kde/patch/kopete/kopete_kdebug376348.patch
new file mode 100644
index 0000000..d9bb057
--- /dev/null
+++ b/kde/patch/kopete/kopete_kdebug376348.patch
@@ -0,0 +1,127 @@
+From 6243764c4fd0985320d4a10b48051cc418d584ad Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pali=20Roh=C3=A1r?= <pali.rohar@gmail.com>
+Date: Sat, 11 Feb 2017 13:24:59 +0100
+Subject: Fix CVE 2017-5593 (User Impersonation Vulnerability) in jabber
+ protocol
+
+BUG: 376348
+FIXED-IN: 16.12.3
+---
+ .../jabber/libiris/patches/01_cve_2017-5593.patch | 52 ++++++++++++++++++++++
+ .../jabber/libiris/src/xmpp/xmpp-im/xmpp_tasks.cpp | 14 +++---
+ 2 files changed, 61 insertions(+), 5 deletions(-)
+ create mode 100644 protocols/jabber/libiris/patches/01_cve_2017-5593.patch
+
+diff --git a/protocols/jabber/libiris/patches/01_cve_2017-5593.patch b/protocols/jabber/libiris/patches/01_cve_2017-5593.patch
+new file mode 100644
+index 0000000..573ca66
+--- /dev/null
++++ b/protocols/jabber/libiris/patches/01_cve_2017-5593.patch
+@@ -0,0 +1,52 @@
++diff --git a/src/xmpp/xmpp-im/xmpp_tasks.cpp b/src/xmpp/xmpp-im/xmpp_tasks.cpp
++index 0e74b71..0837548 100644
++--- a/src/xmpp/xmpp-im/xmpp_tasks.cpp
+++++ b/src/xmpp/xmpp-im/xmpp_tasks.cpp
++@@ -888,14 +888,18 @@ bool JT_PushMessage::take(const QDomElement &e)
++ QDomElement forward;
++ Message::CarbonDir cd = Message::NoCarbon;
++
+++ Jid fromJid = Jid(e1.attribute(QLatin1String("from")));
++ // Check for Carbon
++ QDomNodeList list = e1.childNodes();
++ for (int i = 0; i < list.size(); ++i) {
++ QDomElement el = list.at(i).toElement();
++
++- if (el.attribute("xmlns") == QLatin1String("urn:xmpp:carbons:2") && (el.tagName() == QLatin1String("received") || el.tagName() == QLatin1String("sent"))) {
+++ if (el.attribute("xmlns") == QLatin1String("urn:xmpp:carbons:2")
+++ && (el.tagName() == QLatin1String("received") || el.tagName() == QLatin1String("sent"))
+++ && fromJid.compare(Jid(e1.attribute(QLatin1String("to"))), false)) {
++ QDomElement el1 = el.firstChildElement();
++- if (el1.tagName() == QLatin1String("forwarded") && el1.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) {
+++ if (el1.tagName() == QLatin1String("forwarded")
+++ && el1.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) {
++ QDomElement el2 = el1.firstChildElement(QLatin1String("message"));
++ if (!el2.isNull()) {
++ forward = el2;
++@@ -904,7 +908,8 @@ bool JT_PushMessage::take(const QDomElement &e)
++ }
++ }
++ }
++- else if (el.tagName() == QLatin1String("forwarded") && el.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) {
+++ else if (el.tagName() == QLatin1String("forwarded")
+++ && el.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) {
++ forward = el.firstChildElement(QLatin1String("message")); // currently only messages are supportted
++ // TODO <delay> element support
++ if (!forward.isNull()) {
++@@ -913,7 +918,6 @@ bool JT_PushMessage::take(const QDomElement &e)
++ }
++ }
++
++- QString from = e1.attribute(QLatin1String("from"));
++ Stanza s = client()->stream().createStanza(addCorrectNS(forward.isNull()? e1 : forward));
++ if(s.isNull()) {
++ //printf("take: bad stanza??\n");
++@@ -926,7 +930,7 @@ bool JT_PushMessage::take(const QDomElement &e)
++ return false;
++ }
++ if (!forward.isNull()) {
++- m.setForwardedFrom(Jid(from));
+++ m.setForwardedFrom(fromJid);
++ m.setCarbonDirection(cd);
++ }
++
+diff --git a/protocols/jabber/libiris/src/xmpp/xmpp-im/xmpp_tasks.cpp b/protocols/jabber/libiris/src/xmpp/xmpp-im/xmpp_tasks.cpp
+index 0e74b71..0837548 100644
+--- a/protocols/jabber/libiris/src/xmpp/xmpp-im/xmpp_tasks.cpp
++++ b/protocols/jabber/libiris/src/xmpp/xmpp-im/xmpp_tasks.cpp
+@@ -888,14 +888,18 @@ bool JT_PushMessage::take(const QDomElement &e)
+ QDomElement forward;
+ Message::CarbonDir cd = Message::NoCarbon;
+
++ Jid fromJid = Jid(e1.attribute(QLatin1String("from")));
+ // Check for Carbon
+ QDomNodeList list = e1.childNodes();
+ for (int i = 0; i < list.size(); ++i) {
+ QDomElement el = list.at(i).toElement();
+
+- if (el.attribute("xmlns") == QLatin1String("urn:xmpp:carbons:2") && (el.tagName() == QLatin1String("received") || el.tagName() == QLatin1String("sent"))) {
++ if (el.attribute("xmlns") == QLatin1String("urn:xmpp:carbons:2")
++ && (el.tagName() == QLatin1String("received") || el.tagName() == QLatin1String("sent"))
++ && fromJid.compare(Jid(e1.attribute(QLatin1String("to"))), false)) {
+ QDomElement el1 = el.firstChildElement();
+- if (el1.tagName() == QLatin1String("forwarded") && el1.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) {
++ if (el1.tagName() == QLatin1String("forwarded")
++ && el1.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) {
+ QDomElement el2 = el1.firstChildElement(QLatin1String("message"));
+ if (!el2.isNull()) {
+ forward = el2;
+@@ -904,7 +908,8 @@ bool JT_PushMessage::take(const QDomElement &e)
+ }
+ }
+ }
+- else if (el.tagName() == QLatin1String("forwarded") && el.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) {
++ else if (el.tagName() == QLatin1String("forwarded")
++ && el.attribute(QLatin1String("xmlns")) == QLatin1String("urn:xmpp:forward:0")) {
+ forward = el.firstChildElement(QLatin1String("message")); // currently only messages are supportted
+ // TODO <delay> element support
+ if (!forward.isNull()) {
+@@ -913,7 +918,6 @@ bool JT_PushMessage::take(const QDomElement &e)
+ }
+ }
+
+- QString from = e1.attribute(QLatin1String("from"));
+ Stanza s = client()->stream().createStanza(addCorrectNS(forward.isNull()? e1 : forward));
+ if(s.isNull()) {
+ //printf("take: bad stanza??\n");
+@@ -926,7 +930,7 @@ bool JT_PushMessage::take(const QDomElement &e)
+ return false;
+ }
+ if (!forward.isNull()) {
+- m.setForwardedFrom(Jid(from));
++ m.setForwardedFrom(fromJid);
+ m.setCarbonDirection(cd);
+ }
+
+--
+cgit v0.11.2
+