[arora] CVE-2011-3367 - input validation flaw (rhbz#746875)
Jaroslav Reznik
jreznik at fedoraproject.org
Thu Oct 20 14:34:26 UTC 2011
commit e2e1d5f1f606fa4bfc952fb12411960e7237070f
Author: Jaroslav Reznik <jreznik at redhat.com>
Date: Thu Oct 20 16:34:17 2011 +0200
CVE-2011-3367 - input validation flaw (rhbz#746875)
arora-0.11.0-fake-certificate-issuer.patch | 40 ++++++++++++++++++++++++++++
arora.spec | 7 ++++-
2 files changed, 46 insertions(+), 1 deletions(-)
---
diff --git a/arora-0.11.0-fake-certificate-issuer.patch b/arora-0.11.0-fake-certificate-issuer.patch
new file mode 100644
index 0000000..f6c2e59
--- /dev/null
+++ b/arora-0.11.0-fake-certificate-issuer.patch
@@ -0,0 +1,40 @@
+diff -up arora-0.11.0/src/network/networkaccessmanager.cpp.fake-certificate-issuer arora-0.11.0/src/network/networkaccessmanager.cpp
+--- arora-0.11.0/src/network/networkaccessmanager.cpp.fake-certificate-issuer 2010-09-27 04:42:17.000000000 +0200
++++ arora-0.11.0/src/network/networkaccessmanager.cpp 2011-10-20 16:22:39.119469071 +0200
+@@ -249,12 +249,35 @@ void NetworkAccessManager::proxyAuthenti
+ }
+ }
+
++// TODO (QT5): use QString::htmlEscape or whatever https://qt.gitorious.org/qt/qtbase/merge_requests/56
++// ends up with.
++// original author: David Faure
++static QString htmlEscape(const QString &plain)
++{
++ QString rich;
++ rich.reserve(int(plain.length() * 1.1));
++ for (int i = 0; i < plain.length(); ++i) {
++ if (plain.at(i) == QLatin1Char('<'))
++ rich += QLatin1String("<");
++ else if (plain.at(i) == QLatin1Char('>'))
++ rich += QLatin1String(">");
++ else if (plain.at(i) == QLatin1Char('&'))
++ rich += QLatin1String("&");
++ else if (plain.at(i) == QLatin1Char('"'))
++ rich += QLatin1String(""");
++ else
++ rich += plain.at(i);
++ }
++ rich.squeeze();
++ return rich;
++}
++
+ #ifndef QT_NO_OPENSSL
+ QString NetworkAccessManager::certToFormattedString(QSslCertificate cert)
+ {
+ QStringList message;
+ message << cert.subjectInfo(QSslCertificate::CommonName);
+- message << tr("Issuer: %1").arg(cert.issuerInfo(QSslCertificate::CommonName));
++ message << tr("Issuer: %1").arg(htmlEscape(cert.issuerInfo(QSslCertificate::CommonName)));
+ message << tr("Not valid before: %1").arg(cert.effectiveDate().toString());
+ message << tr("Valid until: %1").arg(cert.expiryDate().toString());
+
diff --git a/arora.spec b/arora.spec
index 5d9a9bf..cf6c870 100644
--- a/arora.spec
+++ b/arora.spec
@@ -1,6 +1,6 @@
Name: arora
Version: 0.11.0
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: A cross platform web browser
Group: Applications/Internet
@@ -9,6 +9,7 @@ URL: http://code.google.com/p/arora/
Source0: http://arora.googlecode.com/files/%{name}-%{version}.tar.gz
Patch1: arora-0.10.0-fedorabookmarks.patch
Patch2: arora-0.10.2-fedorahome.patch
+Patch3: arora-0.11.0-fake-certificate-issuer.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -32,6 +33,7 @@ browsing and other common features such as web history and bookmarks.
%patch1 -p1 -b .fedorabookmarks
%patch2 -p1 -b .fedorahome
+%patch3 -p1 -b .fake-certificate-issuer
%build
qmake-qt4 PREFIX=%{_prefix}
@@ -87,6 +89,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &> /dev/null || :
%changelog
+* Thu Oct 20 2011 Jaroslav Reznik <jreznik at redhat.com> - 0.11.0-3
+- CVE-2011-3367 - input validation flaw (rhbz#746875)
+
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.11.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
- Remove Gnome support as it's not possible to set preferred apps in Gnome 3
More information about the scm-commits
mailing list