Merge branch 'f15' into f14
This commit is contained in:
commit
23f8a38cad
@ -1,12 +0,0 @@
|
||||
diff -up kdelibs-4.3.1/kdeui/util/kcrash.cpp.orig kdelibs-4.3.1/kdeui/util/kcrash.cpp
|
||||
--- kdelibs-4.3.1/kdeui/util/kcrash.cpp.orig 2009-09-21 17:42:19.000000000 +0200
|
||||
+++ kdelibs-4.3.1/kdeui/util/kcrash.cpp 2009-09-21 17:43:44.000000000 +0200
|
||||
@@ -67,7 +67,7 @@ static char *s_autoRestartCommand = 0;
|
||||
static char *s_appPath = 0;
|
||||
static char *s_drkonqiPath = 0;
|
||||
static KCrash::CrashFlags s_flags = 0;
|
||||
-static bool s_launchDrKonqi = true;
|
||||
+static bool s_launchDrKonqi = false;
|
||||
|
||||
namespace KCrash
|
||||
{
|
61
kdelibs-4.6.5-CVE-2011-3365-kio.patch
Normal file
61
kdelibs-4.6.5-CVE-2011-3365-kio.patch
Normal file
@ -0,0 +1,61 @@
|
||||
t 90607b28d21fefc43657ca08b889bdb174c31fab
|
||||
Author: David Faure <faure@kde.org>
|
||||
Date: Wed Sep 28 17:26:47 2011 +0200
|
||||
|
||||
Use HTML escaping on texts that come from the website
|
||||
|
||||
Interestingly enough, this is yet another use case for moving Qt::escape
|
||||
to QtCore, which I made a merge request for.
|
||||
(cherry picked from commit 86622e4db182f4b914169f72ebd1e66d708e9f87)
|
||||
|
||||
diff --git a/kioslave/http/http.cpp b/kioslave/http/http.cpp
|
||||
index 33f4cb1..6447a02 100644
|
||||
--- a/kioslave/http/http.cpp
|
||||
+++ b/kioslave/http/http.cpp
|
||||
@@ -99,6 +99,27 @@
|
||||
//authentication handlers
|
||||
#include "httpauthentication.cpp"
|
||||
|
||||
+// KDE5 TODO (QT5) : use QString::htmlEscape or whatever https://qt.gitorious.org/qt/qtbase/merge_requests/56
|
||||
+// ends up with.
|
||||
+static QString htmlEscape(const QString &plain)
|
||||
+{
|
||||
+ QString rich;
|
||||
+ rich.reserve(int(plain.length() * 1.1));
|
||||
+ for (int i = 0; i < plain.length(); ++i) {
|
||||
+ if (plain.at(i) == QLatin1Char('<'))
|
||||
+ rich += QLatin1String("<");
|
||||
+ else if (plain.at(i) == QLatin1Char('>'))
|
||||
+ rich += QLatin1String(">");
|
||||
+ else if (plain.at(i) == QLatin1Char('&'))
|
||||
+ rich += QLatin1String("&");
|
||||
+ else if (plain.at(i) == QLatin1Char('"'))
|
||||
+ rich += QLatin1String(""");
|
||||
+ else
|
||||
+ rich += plain.at(i);
|
||||
+ }
|
||||
+ rich.squeeze();
|
||||
+ return rich;
|
||||
+}
|
||||
|
||||
// see filenameFromUrl(): a sha1 hash is 160 bits
|
||||
static const int s_hashedUrlBits = 160; // this number should always be divisible by eight
|
||||
@@ -3410,7 +3431,7 @@ endParsing:
|
||||
authinfo.url = reqUrl;
|
||||
authinfo.keepPassword = true;
|
||||
authinfo.comment = i18n("<b>%1</b> at <b>%2</b>",
|
||||
- authinfo.realmValue, authinfo.url.host());
|
||||
+ htmlEscape(authinfo.realmValue), authinfo.url.host());
|
||||
|
||||
if (!openPasswordDialog(authinfo, errorMsg)) {
|
||||
if (sendErrorPageNotification()) {
|
||||
@@ -5122,7 +5143,7 @@ void HTTPProtocol::proxyAuthenticationForSocket(const QNetworkProxy &proxy, QAut
|
||||
"to access any sites.");
|
||||
info.keepPassword = true;
|
||||
info.commentLabel = i18n("Proxy:");
|
||||
- info.comment = i18n("<b>%1</b> at <b>%2</b>", info.realmValue, m_request.proxyUrl.host());
|
||||
+ info.comment = i18n("<b>%1</b> at <b>%2</b>", htmlEscape(info.realmValue), m_request.proxyUrl.host());
|
||||
const bool dataEntered = openPasswordDialog(info, i18n("Proxy Authentication Failed."));
|
||||
if (!dataEntered) {
|
||||
kDebug(7103) << "looks like the user canceled proxy authentication.";
|
||||
|
25
kdelibs-4.6.5-CVE-2011-3365-kssl.patch
Normal file
25
kdelibs-4.6.5-CVE-2011-3365-kssl.patch
Normal file
@ -0,0 +1,25 @@
|
||||
commit 9ca2b26fc67c3f921e1943c1725fca623e395854
|
||||
Author: David Faure <faure@kde.org>
|
||||
Date: Thu Jun 30 23:43:45 2011 +0200
|
||||
|
||||
Security fix: don't interpret html tags
|
||||
|
||||
Credits to Tim Brown for the find.
|
||||
(cherry picked from commit bd70d4e589711fda9ab07738c46e37eee8376214)
|
||||
|
||||
diff --git a/kio/kssl/ksslcertificatebox.cpp b/kio/kssl/ksslcertificatebox.cpp
|
||||
index 4ffc613..094787a 100644
|
||||
--- a/kio/kssl/ksslcertificatebox.cpp
|
||||
+++ b/kio/kssl/ksslcertificatebox.cpp
|
||||
@@ -36,6 +36,10 @@ KSslCertificateBox::KSslCertificateBox(QWidget *parent)
|
||||
d(new KSslCertificateBoxPrivate())
|
||||
{
|
||||
d->ui.setupUi(this);
|
||||
+ // No fooling us with html tags
|
||||
+ Q_FOREACH(QLabel* label, qFindChildren<QLabel *>(this)) {
|
||||
+ label->setTextFormat(Qt::PlainText);
|
||||
+ }
|
||||
}
|
||||
|
||||
|
||||
|
52
kdelibs.spec
52
kdelibs.spec
@ -7,16 +7,20 @@
|
||||
%define qt4_ver 4.7.0
|
||||
%define soprano_ver 2.6.0
|
||||
%define strigi_ver 0.7.2
|
||||
# to build/include apidocs or not
|
||||
%define apidocs 1
|
||||
# to build/include QCH apidocs or not (currently broken)
|
||||
#define apidocs_qch 1
|
||||
|
||||
%define halectomy 1
|
||||
|
||||
%global dbusmenu_qt_version %(pkg-config --modversion dbusmenu-qt 2>/dev/null || echo %{dbusmenu_qt_ver})
|
||||
%global phonon_version %(pkg-config --modversion phonon 2>/dev/null || echo %{phonon_ver})
|
||||
%global soprano_version %(pkg-config --modversion soprano 2>/dev/null || echo %{soprano_ver})
|
||||
%global strigi_version %(pkg-config --modversion libstreams 2>/dev/null || echo %{strigi_ver})
|
||||
|
||||
Summary: KDE Libraries
|
||||
Version: 4.6.5
|
||||
Release: 2%{?dist}
|
||||
Release: 6%{?dist}
|
||||
|
||||
Name: kdelibs
|
||||
Epoch: 6
|
||||
@ -36,7 +40,6 @@ BuildRequires: kde-filesystem >= 4-23
|
||||
BuildRequires: docbook-dtds
|
||||
BuildRequires: docbook-style-xsl >= %{docbook_style_xsl_ver}
|
||||
Requires: ca-certificates
|
||||
%global dbusmenu_qt_version %(pkg-config --modversion dbusmenu-qt 2>/dev/null || echo %{dbusmenu_qt_ver})
|
||||
Requires: dbusmenu-qt%{?_isa} >= %{dbusmenu_qt_version}
|
||||
Requires: docbook-dtds
|
||||
Requires: docbook-style-xsl >= %{docbook_style_xsl_ver}
|
||||
@ -50,38 +53,42 @@ Requires: hunspell
|
||||
# beware of possible bootstrapping problems -- Rex
|
||||
# reverted %%{version} => 4.6.2 due to some (hopefully temporary) regressions seen in 4.6.3 -- Rex
|
||||
Requires: oxygen-icon-theme >= 4.6.2
|
||||
%global phonon_version %(pkg-config --modversion phonon 2>/dev/null || echo %{phonon_ver})
|
||||
Requires: phonon%{?_isa} >= %{phonon_version}
|
||||
Requires: shared-desktop-ontologies >= 0.4
|
||||
Requires: shared-mime-info
|
||||
%global soprano_version %(pkg-config --modversion soprano 2>/dev/null || echo %{soprano_ver})
|
||||
Requires: soprano%{?_isa} >= %{soprano_version}
|
||||
%global strigi_version %(pkg-config --modversion libstreams 2>/dev/null || echo %{strigi_ver})
|
||||
Requires: strigi-libs%{?_isa} >= %{strigi_version}
|
||||
|
||||
# make kdelibs-devel parallel-installable with kdelibs3-devel
|
||||
Patch0: kdelibs-4.5.80-parallel_devel.patch
|
||||
|
||||
# fix kde#149705
|
||||
Patch2: kdelibs-4.2.85-kde149705.patch
|
||||
|
||||
# install all .css files and Doxyfile.global in kdelibs-common to build
|
||||
# kdepimlibs-apidocs against
|
||||
Patch8: kdelibs-4.3.90-install_all_css.patch
|
||||
|
||||
# add Fedora/V-R to KHTML UA string
|
||||
Patch9: kdelibs-4.5.80-branding.patch
|
||||
|
||||
# don't cache kdeglobals paths because they change after profile directories
|
||||
# are loaded from kde4rc
|
||||
Patch10: kdelibs-4.1.72-no-cache-kdeglobals-paths.patch
|
||||
|
||||
# adds the Administration menu from redhat-menus which equals System + Settings
|
||||
# This prevents the stuff getting listed twice, under both System and Settings.
|
||||
Patch12: kdelibs-4.1.0-xdg-menu.patch
|
||||
|
||||
# patch KStandardDirs to use %{_libexecdir}/kde4 instead of %{_libdir}/kde4/libexec
|
||||
Patch14: kdelibs-4.5.80-libexecdir.patch
|
||||
|
||||
# kstandarddirs changes: search /etc/kde, find %{_kde4_libexecdir}
|
||||
Patch18: kdelibs-4.5.80-kstandarddirs.patch
|
||||
# COMMENT ME PLEASE
|
||||
|
||||
# set build type
|
||||
Patch20: kdelibs-4.1.70-cmake.patch
|
||||
# disable drkonqi by default, RHEL prefers/wants abrt
|
||||
Patch24: kdelibs-4.3.1-drkonq.patch
|
||||
|
||||
# die rpath die, since we're using standard paths, we can avoid
|
||||
# this extra hassle (even though cmake is *supposed* to not add standard
|
||||
# paths (like /usr/lib64) already! With this, we can drop
|
||||
@ -93,9 +100,11 @@ Patch27: kdelibs-4.5.80-no_rpath.patch
|
||||
# reverting to our past gnupg2-only setup.
|
||||
# TODO: try to use either gpg or gpg2, whichever is available
|
||||
Patch50: kdelibs-4.5.1-knewstuff_gpg2.patch
|
||||
|
||||
# https://bugs.kde.org/show_bug.cgi?id=269045
|
||||
# https://git.reviewboard.kde.org/r/101231/
|
||||
Patch51: kdelibs-4.6.2-uri_mimetypes.patch
|
||||
|
||||
# Fix for KHTML form completion regression (kde#277457) from bugs.kde.org
|
||||
# attachment (patch by Andrea Iacovitti)
|
||||
# https://bugs.kde.org/show_bug.cgi?id=277457#c2
|
||||
@ -104,6 +113,7 @@ Patch52: kdelibs-4.6.5-khtml-kde#277457.patch
|
||||
## 4.6 upstream
|
||||
# fix docbook-style-xsl borkage
|
||||
Patch101: kdelibs-4.6.4-kdoctools_docbook.patch
|
||||
|
||||
# http://bugzilla.redhat.com/667787
|
||||
# http://bugs.kde.org/261180
|
||||
Patch102: kdelibs-4.6.4-kstatusnotifieritemdbus_leak.patch
|
||||
@ -111,6 +121,9 @@ Patch102: kdelibs-4.6.4-kstatusnotifieritemdbus_leak.patch
|
||||
## security fix
|
||||
# Not Upstreamed? why not ? -- Rex
|
||||
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=743056
|
||||
Patch201: kdelibs-4.6.5-CVE-2011-3365-kio.patch
|
||||
Patch202: kdelibs-4.6.5-CVE-2011-3365-kssl.patch
|
||||
|
||||
## Fedora specific patches
|
||||
# make forcefully hal-free build
|
||||
@ -186,6 +199,8 @@ BuildRequires: graphviz
|
||||
BuildRequires: qt4-doc
|
||||
%endif
|
||||
|
||||
Provides: kate-part = %{version}-%{release}
|
||||
%{?_isa:Provides: kate-part%{?_isa} = %{version}-%{release}}
|
||||
Provides: kross(javascript) = %{version}-%{release}
|
||||
Provides: kross(qtscript) = %{version}-%{release}
|
||||
|
||||
@ -278,9 +293,6 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
|
||||
%patch14 -p1 -b .libexecdir
|
||||
%patch18 -p1 -b .kstandarddirs
|
||||
%patch20 -p1 -b .xxcmake
|
||||
%if 0%{?rhel} > 5
|
||||
%patch24 -p1 -b .drkonq
|
||||
%endif
|
||||
%patch27 -p1 -b .no_rpath
|
||||
|
||||
# upstreamable patches
|
||||
@ -294,6 +306,8 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
|
||||
|
||||
# security fix
|
||||
%patch200 -p1 -b .CVE-2009-2702
|
||||
%patch201 -p1 -b .CVE-2011-3365-kio
|
||||
%patch202 -p1 -b .CVE-2011-3365-kssl
|
||||
|
||||
# Fedora patches
|
||||
%if 0%{?halectomy}
|
||||
@ -335,7 +349,7 @@ mv %{buildroot}%{_kde4_sysconfdir}/xdg/menus/applications.menu \
|
||||
# create/own stuff
|
||||
# see http://bugzilla.redhat.com/483318
|
||||
mkdir -p %{buildroot}%{_kde4_libdir}/kconf_update_bin
|
||||
%if 0%{?fedora} < 15
|
||||
%if 0%{?fedora} && 0%{?fedora} < 15
|
||||
# moved to kde-filesystem f15+
|
||||
mkdir -p %{buildroot}%{_kde4_libdir}/kde4/plugins/{gui_platform,styles}
|
||||
%endif
|
||||
@ -546,6 +560,18 @@ rm -rf %{buildroot}
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Oct 11 2011 Rex Dieter <rdieter@fedoraproject.org> 4.6.5-6
|
||||
- CVE-2011-3365 kdelibs: input validation failure in KSSL (#743056)
|
||||
|
||||
* Sat Oct 08 2011 Rex Dieter <rdieter@fedoraproject.org> 4.6.5-5
|
||||
- Provides: kate-part
|
||||
|
||||
* Tue Aug 30 2011 Than Ngo <than@redhat.com> - 4.6.5-4
|
||||
- clean fedora conditional
|
||||
|
||||
* Fri Aug 26 2011 Than Ngo <than@redhat.com> - 4.6.5-3
|
||||
- drop kdelibs-4.3.1-drkonq.patch which is merged in upstream
|
||||
|
||||
* Mon Jul 25 2011 Kevin Kofler <Kevin@tigcc.ticalc.org> 4.6.5-2
|
||||
- fix KHTML form completion regression (kde#277457, patch by Andrea Iacovitti)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user