head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2010Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2010.06.02.10.14.15;	author markd;	state dead;
branches;
next	1.1;

1.1
date	2010.05.16.21.21.39;	author markd;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2010.05.16.21.21.39;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2010.05.17.06.35.07;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update to KDE SC 4.4.4

* Several bugs in filename sorting in the Dolphin file manager have been
  fixed
* Issues with encoded filenames in ZIP archives have been fixed
* A number of bugs in games, such as KMines, KNetwalk and LSkat and
  KSpaceDuel have been fixed
The changelog lists more
@
text
@$NetBSD: patch-ba,v 1.1 2010/05/16 21:21:39 markd Exp $

--- kget/transfer-plugins/metalink/metalink.cpp.orig	2010-04-29 19:58:02.000000000 +0000
+++ kget/transfer-plugins/metalink/metalink.cpp
@@@@ -99,6 +99,7 @@@@ void Metalink::start()
 void Metalink::metalinkInit(const KUrl &src, const QByteArray &data)
 {
     kDebug(5001);
+
     bool justDownloaded = !m_localMetalinkLocation.isValid();
     if (!src.isEmpty())
     {
@@@@ -121,7 +122,9 @@@@ void Metalink::metalinkInit(const KUrl &
     //error
     if (!m_metalink.isValid())
     {
-        kDebug(5001) << "Unknown error when trying to load the .metalink-file";
+        kError(5001) << "Unknown error when trying to load the .metalink-file. Metalink is not valid.";
+        setStatus(Job::Aborted);
+        setTransferChange(Tc_Status, true);
         return;
     }
 
@@@@ -202,7 +205,7 @@@@ void Metalink::metalinkInit(const KUrl &
     if (!m_dataSourceFactory.size())
     {
         KMessageBox::error(0, i18n("Download failed, no working URLs were found."), i18n("Error"));
-        setStatus(Job::Aborted, i18n("An error occurred...."), SmallIcon("document-preview"));
+        setStatus(Job::Aborted);
         setTransferChange(Tc_Status, true);
         return;
     }
@@@@ -227,16 +230,29 @@@@ void Metalink::metalinkInit(const KUrl &
         ui.treeView->hideColumn(FileItem::SignatureVerified);
         dialog->setMainWidget(widget);
         dialog->setCaption(i18n("File Selection"));
-        dialog->setButtons(KDialog::Ok);
-        connect(dialog, SIGNAL(finished()), this, SLOT(filesSelected()));
+        dialog->setButtons(KDialog::Ok | KDialog::Cancel);
+        connect(dialog, SIGNAL(finished(int)), this, SLOT(fileDlgFinished(int)));
 
         dialog->show();
     }
 }
 
-void Metalink::filesSelected()
+void Metalink::fileDlgFinished(int result)
 {
+    //BEGIN HACK if the dialog was not accepted untick every file, so that the download does not start
+    //generally setStatus should do the job as well, but does not as it appears
+    if (result != QDialog::Accepted) {
+        for (int row = 0; row < fileModel()->rowCount(); ++row) {
+            QModelIndex index = fileModel()->index(row, FileItem::File);
+            if (index.isValid()) {
+                fileModel()->setData(index, Qt::Unchecked, Qt::CheckStateRole);
+            }
+        }
+    }
+    //END
+
     QModelIndexList files = fileModel()->fileIndexes(FileItem::File);
+    int numFilesSelected = 0;
     foreach (const QModelIndex &index, files)
     {
         const KUrl dest = fileModel()->getUrl(index);
@@@@ -244,6 +260,9 @@@@ void Metalink::filesSelected()
         if (m_dataSourceFactory.contains(dest))
         {
             m_dataSourceFactory[dest]->setDoDownload(doDownload);
+            if (doDownload) {
+                ++numFilesSelected;
+            }
         }
     }
 
@@@@ -252,9 +271,15 @@@@ void Metalink::filesSelected()
     processedSizeChanged();
     speedChanged();
 
+    //no files selected to download or dialog rejected, stop the download
+    if (!numFilesSelected  || (result != QDialog::Accepted)) {
+         setStatus(Job::Stopped);//FIXME
+         setTransferChange(Tc_Status, true);
+        return;
+    }
+
     //some files may be set to download, so start them as long as the transfer is not stopped
-    if (status() != Job::Stopped)
-    {
+    if (status() != Job::Stopped) {
         startMetalink();
     }
 }
@


1.1
log
@Fix from KDE security advisory 20100513-1.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-ba was added on branch pkgsrc-2010Q1 on 2010-05-17 06:35:07 +0000
@
text
@d1 93
@


1.1.2.2
log
@Pullup ticket #3118 - requested by markd
net/kdenetwork4: security patch

Revisions pulled up:
- net/kdenetwork4/Makefile			1.10 via patch
- net/kdenetwork4/distinfo			1.9 via patch
- net/kdenetwork4/patches/patch-ba		1.1 via patch
- net/kdenetwork4/patches/patch-bb		1.1 via patch
---
Subject: CVS commit: pkgsrc/net/kdenetwork4
Date: Monday 17 May 2010, 09:21:39
From: Mark Davies <markd@@netbsd.org>
To: pkgsrc-changes@@netbsd.org

Module Name:	pkgsrc
Committed By:	markd
Date:		Sun May 16 21:21:39 UTC 2010

Modified Files:
	pkgsrc/net/kdenetwork4: Makefile distinfo
Added Files:
	pkgsrc/net/kdenetwork4/patches: patch-ba patch-bb patch-bc patch-bd

Log Message:
Fix from KDE security advisory 20100513-1.
@
text
@a0 60
$NetBSD$

--- kget/transfer-plugins/metalink/metalinker.cpp.orig	2008-01-04 23:59:18.000000000 +0000
+++ kget/transfer-plugins/metalink/metalinker.cpp
@@@@ -1,6 +1,7 @@@@
 /* This file is part of the KDE project
 
    Copyright (C) 2007 Manolo Valdes <nolis71cu@@gmail.com>
+   Copyright (C) 2010 Matthias Fuchs <mat69@@gmx.net>
 
    This program is free software; you can redistribute it and/or
    modify it under the terms of the GNU General Public
@@@@ -16,6 +17,21 @@@@
 
 #include <QDomElement>
 
+bool MlinkFileData::isValidNameAttribute() const
+{
+    if (fileName.isEmpty()) {
+        kError(5001) << "Name attribute of Metalink::File is empty.";
+        return false;
+    }
+
+    if (fileName.contains(QRegExp("$(\\.\\.?)?/")) || fileName.contains("/../") || fileName.endsWith("/..")) {
+        kError(5001) << "Name attribute of Metalink::File contains directory traversal directives:" << fileName;
+        return false;
+    }
+
+    return true;
+}
+
 Metalinker::Metalinker()
 {
 }
@@@@ -36,12 +52,24 @@@@ QList<MlinkFileData> Metalinker::parseMe
 
     kDebug(5001) << files.length() << " <file> tags found";
 
+    QStringList fileNames;
     for( uint i=0 ; i < files.length() ; ++i )
     {
         QDomNode file = files.item(i);
         MlinkFileData data;
-        data.fileName = file.toElement().attribute("name");
+        data.fileName = QUrl::fromPercentEncoding(file.toElement().attribute("name").toAscii());
         kDebug(5001) << "filename: "<< data.fileName;
+        if (!data.isValidNameAttribute()) {
+            fileData.clear();
+            return fileData;
+        }
+
+        if (fileNames.contains(data.fileName)) {
+            kError(5001) << "Metalink::File name" << data.fileName << "exists multiple times.";
+            fileData.clear();
+            return fileData;
+        }
+        fileNames << data.fileName;
 
         QDomNodeList hashes = file.toElement().
             elementsByTagName("verification").
@