Untrusted code execution, #89092

(Portage version: 2.0.51.19)

5 files changed, 93 insertions, 3 deletions

diff --git a/kde-base/kommander/ChangeLog b/kde-base/kommander/ChangeLog
index 2f3a15928c8a..7b979e8bd323 100644
--- a/kde-base/kommander/ChangeLog
+++ b/kde-base/kommander/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for kde-base/kommander
 # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kommander/ChangeLog,v 1.6 2005/03/18 17:48:50 morfic Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kommander/ChangeLog,v 1.7 2005/04/19 23:59:30 carlo Exp $
+
+*kommander-3.4.0-r1 (19 Apr 2005)
+
+  19 Apr 2005; Carsten Lohrke <carlo@gentoo.org>
+  +files/post-3.4-kdewebdev.diff, +kommander-3.4.0-r1.ebuild:
+  Untrusted code execution, #89092
 
   18 Mar 2005; Daniel Goller <morfic@gentoo.org> kommander-3.4.0.ebuild:
   Added to ~ppc
diff --git a/kde-base/kommander/Manifest b/kde-base/kommander/Manifest
index 31f0c529c7dd..e68b564c6113 100644
--- a/kde-base/kommander/Manifest
+++ b/kde-base/kommander/Manifest
@@ -1,4 +1,7 @@
-MD5 acc03a4b12bb0433a57e95bd253b9501 metadata.xml 156
-MD5 7ed1401f579269c01abb1eed163ee23f ChangeLog 1247
 MD5 5140df9fc6c95a2e04e723b97ae50de3 kommander-3.4.0.ebuild 394
+MD5 ad2281c0a29f91f154d3b5b4688b871b kommander-3.4.0-r1.ebuild 372
+MD5 b0cac6e2e53b079a53c1c3dc48a04487 ChangeLog 1429
+MD5 acc03a4b12bb0433a57e95bd253b9501 metadata.xml 156
+MD5 a6863fd743a5d77407c2de68efec9b90 files/digest-kommander-3.4.0-r1 69
+MD5 2f00cda39a0f9cbf68aae452944b79d8 files/post-3.4-kdewebdev.diff 2660
 MD5 a6863fd743a5d77407c2de68efec9b90 files/digest-kommander-3.4.0 69
diff --git a/kde-base/kommander/files/digest-kommander-3.4.0-r1 b/kde-base/kommander/files/digest-kommander-3.4.0-r1
new file mode 100644
index 000000000000..0af1ae241535
--- /dev/null
+++ b/kde-base/kommander/files/digest-kommander-3.4.0-r1
@@ -0,0 +1 @@
+MD5 a131b9a14c5da402417b43ed8bc61df1 kdewebdev-3.4.0.tar.bz2 6243584
diff --git a/kde-base/kommander/files/post-3.4-kdewebdev.diff b/kde-base/kommander/files/post-3.4-kdewebdev.diff
new file mode 100644
index 000000000000..f1e5982c6775
--- /dev/null
+++ b/kde-base/kommander/files/post-3.4-kdewebdev.diff
@@ -0,0 +1,63 @@
+Index: instance.cpp
+===================================================================
+RCS file: /home/kde/kdewebdev/kommander/executor/instance.cpp,v
+retrieving revision 1.49
+diff -u -3 -d -p -r1.49 instance.cpp
+--- instance.cpp	29 Dec 2004 09:58:46 -0000	1.49
++++ instance.cpp	13 Apr 2005 19:18:57 -0000
+@@ -131,6 +131,35 @@ bool Instance::build(QFile *a_file)
+ 
+ bool Instance::run(QFile *a_file)
+ {
++  // Check whether extension is *.kmdr
++  if (!m_uiFileName.fileName().endsWith(".kmdr")) {
++    KMessageBox::error(0, i18n("<qt>This file does not have a <b>.kmdr</b> extension. As a security precaution "
++           "Kommander will only run Kommander scripts with a clear identity.</qt>"),
++           i18n("Wrong Extension"));
++    return false;
++  }
++  
++  // Check whether file is not in some temporary directory.
++  QStringList tmpDirs = KGlobal::dirs()->resourceDirs("tmp");
++  tmpDirs += KGlobal::dirs()->resourceDirs("cache");
++  tmpDirs.append("/tmp/");
++  tmpDirs.append("/var/tmp/");
++  
++  bool inTemp = false;
++  for (QStringList::ConstIterator I = tmpDirs.begin(); I != tmpDirs.end(); ++I)
++    if (m_uiFileName.directory().startsWith(*I))
++      inTemp = true;
++        
++  if (inTemp)
++  {
++     if (KMessageBox::warningYesNo(0, i18n("<qt>This dialog is running from your <i>/tmp</i> directory. "
++         " This may mean that it was run from a KMail attachment or from a webpage. "
++         "<p>Any script contained in this dialog will have write access to all of your home directory; "
++         "<b>running such dialogs may be dangerous: </b>"
++         "<p>are you sure you want to continue?</qt>")) == KMessageBox::No)
++       return false;
++  }
++  
+   /* add runtime arguments */
+   if (m_cmdArguments) {
+     QString args;
+@@ -143,18 +172,7 @@ bool Instance::run(QFile *a_file)
+     KommanderWidget::setGlobal("ARGS", args);
+   }
+   KommanderWidget::setGlobal("ARGCOUNT", QString("%1").arg(m_cmdArguments));
+-    
+-  if (m_uiFileName.directory().startsWith(locateLocal("tmp", "") + "/") ||
+-      m_uiFileName.directory().startsWith("/tmp/"))
+-  {
+-     if (KMessageBox::warningYesNo(0, i18n("<qt>This dialog is running from your <i>/tmp</i> directory. "
+-         " This may mean that it was run from a KMail attachment or from a webpage. "
+-         "<p>Any script contained in this dialog will have write access to all of your home directory; "
+-         "<b>running such dialogs may be dangerous: </b>"
+-         "<p>are you sure you want to continue?</qt>")) == KMessageBox::No)
+-       return false;
+-  }
+-  
++     
+   if (!m_uiFileName.isEmpty()) 
+   {
+     KommanderWidget::setGlobal("_KDDIR", m_uiFileName.directory());
diff --git a/kde-base/kommander/kommander-3.4.0-r1.ebuild b/kde-base/kommander/kommander-3.4.0-r1.ebuild
new file mode 100644
index 000000000000..0f27954a74c7
--- /dev/null
+++ b/kde-base/kommander/kommander-3.4.0-r1.ebuild
@@ -0,0 +1,17 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kommander/kommander-3.4.0-r1.ebuild,v 1.1 2005/04/19 23:59:30 carlo Exp $
+KMNAME=kdewebdev
+MAXKDEVER=$PV
+KM_DEPRANGE="$PV $MAXKDEVER"
+inherit kde-meta
+
+DESCRIPTION="KDE dialog system for scripting"
+KEYWORDS="~x86 ~amd64 ~ppc"
+IUSE=""
+DEPEND=""
+
+src_unpack(){
+	kde-meta_src_unpack
+	epatch ${FILESDIR}/post-3.4-kdewebdev.diff
+}