4.7.2
This commit is contained in:
parent
ca3920c5b0
commit
3e5dba2ecf
|
@ -1,2 +1 @@
|
||||||
/kdelibs-4.7.0.tar.bz2
|
/kdelibs-4.7.2.tar.bz2
|
||||||
/kdelibs-4.7.1.tar.bz2
|
|
||||||
|
|
|
@ -1,63 +0,0 @@
|
||||||
diff -ur kdelibs-orig/kio/kssl/ksslcertificatebox.cpp kdelibs-4.7.1/kio/kssl/ksslcertificatebox.cpp
|
|
||||||
--- kdelibs-orig/kio/kssl/ksslcertificatebox.cpp 2011-05-20 22:24:54.000000000 +0200
|
|
||||||
+++ kdelibs-4.7.1/kio/kssl/ksslcertificatebox.cpp 2011-10-04 18:05:51.542741747 +0200
|
|
||||||
@@ -36,6 +36,10 @@
|
|
||||||
d(new KSslCertificateBoxPrivate())
|
|
||||||
{
|
|
||||||
d->ui.setupUi(this);
|
|
||||||
+ // No fooling us with html tags
|
|
||||||
+ Q_FOREACH(QLabel* label, qFindChildren<QLabel *>(this)) {
|
|
||||||
+ label->setTextFormat(Qt::PlainText);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
diff -ur kdelibs-orig/kioslave/http/http.cpp kdelibs-4.7.1/kioslave/http/http.cpp
|
|
||||||
--- kdelibs-orig/kioslave/http/http.cpp 2011-08-22 15:22:03.000000000 +0200
|
|
||||||
+++ kdelibs-4.7.1/kioslave/http/http.cpp 2011-10-04 18:05:51.544741717 +0200
|
|
||||||
@@ -86,6 +86,27 @@
|
|
||||||
//string parsing helpers and HeaderTokenizer implementation
|
|
||||||
#include "parsinghelpers.cpp"
|
|
||||||
|
|
||||||
+// KDE5 TODO (QT5) : use QString::htmlEscape or whatever https://qt.gitorious.org/qt/qtbase/merge_requests/56
|
|
||||||
+// ends up with.
|
|
||||||
+static QString htmlEscape(const QString &plain)
|
|
||||||
+{
|
|
||||||
+ QString rich;
|
|
||||||
+ rich.reserve(int(plain.length() * 1.1));
|
|
||||||
+ for (int i = 0; i < plain.length(); ++i) {
|
|
||||||
+ if (plain.at(i) == QLatin1Char('<'))
|
|
||||||
+ rich += QLatin1String("<");
|
|
||||||
+ else if (plain.at(i) == QLatin1Char('>'))
|
|
||||||
+ rich += QLatin1String(">");
|
|
||||||
+ else if (plain.at(i) == QLatin1Char('&'))
|
|
||||||
+ rich += QLatin1String("&");
|
|
||||||
+ else if (plain.at(i) == QLatin1Char('"'))
|
|
||||||
+ rich += QLatin1String(""");
|
|
||||||
+ else
|
|
||||||
+ rich += plain.at(i);
|
|
||||||
+ }
|
|
||||||
+ rich.squeeze();
|
|
||||||
+ return rich;
|
|
||||||
+}
|
|
||||||
|
|
||||||
// see filenameFromUrl(): a sha1 hash is 160 bits
|
|
||||||
static const int s_hashedUrlBits = 160; // this number should always be divisible by eight
|
|
||||||
@@ -3431,7 +3452,7 @@
|
|
||||||
authinfo.url = reqUrl;
|
|
||||||
authinfo.keepPassword = true;
|
|
||||||
authinfo.comment = i18n("<b>%1</b> at <b>%2</b>",
|
|
||||||
- authinfo.realmValue, authinfo.url.host());
|
|
||||||
+ htmlEscape(authinfo.realmValue), authinfo.url.host());
|
|
||||||
|
|
||||||
if (!openPasswordDialog(authinfo, errorMsg)) {
|
|
||||||
if (sendErrorPageNotification()) {
|
|
||||||
@@ -5262,7 +5283,7 @@
|
|
||||||
"to access any sites.");
|
|
||||||
info.keepPassword = true;
|
|
||||||
info.commentLabel = i18n("Proxy:");
|
|
||||||
- info.comment = i18n("<b>%1</b> at <b>%2</b>", info.realmValue, m_request.proxyUrl.host());
|
|
||||||
+ info.comment = i18n("<b>%1</b> at <b>%2</b>", htmlEscape(info.realmValue), m_request.proxyUrl.host());
|
|
||||||
const bool dataEntered = openPasswordDialog(info, i18n("Proxy Authentication Failed."));
|
|
||||||
if (!dataEntered) {
|
|
||||||
kDebug(7103) << "looks like the user canceled proxy authentication.";
|
|
11
kdelibs.spec
11
kdelibs.spec
|
@ -19,8 +19,8 @@
|
||||||
%global dbusmenu_qt_version %(pkg-config --modversion dbusmenu-qt 2>/dev/null || echo %{dbusmenu_qt_ver})
|
%global dbusmenu_qt_version %(pkg-config --modversion dbusmenu-qt 2>/dev/null || echo %{dbusmenu_qt_ver})
|
||||||
|
|
||||||
Summary: KDE Libraries
|
Summary: KDE Libraries
|
||||||
Version: 4.7.1
|
Version: 4.7.2
|
||||||
Release: 6%{?dist}
|
Release: 1%{?dist}
|
||||||
|
|
||||||
Name: kdelibs
|
Name: kdelibs
|
||||||
Epoch: 6
|
Epoch: 6
|
||||||
|
@ -127,9 +127,6 @@ Patch51: kdelibs-4.6.2-uri_mimetypes.patch
|
||||||
# Not Upstreamed? why not ? -- Rex
|
# Not Upstreamed? why not ? -- Rex
|
||||||
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
|
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
|
||||||
|
|
||||||
# kdelibs KSSL/kio_http vulnerability
|
|
||||||
Patch201: kdelibs-4.7.1-CVE-2011-3365.patch
|
|
||||||
|
|
||||||
## Fedora specific patches
|
## Fedora specific patches
|
||||||
# make forcefully hal-free build
|
# make forcefully hal-free build
|
||||||
Patch300: kdelibs-4.6.80-halectomy.patch
|
Patch300: kdelibs-4.6.80-halectomy.patch
|
||||||
|
@ -319,7 +316,6 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
|
||||||
|
|
||||||
# security fixes
|
# security fixes
|
||||||
%patch200 -p1 -b .CVE-2009-2702
|
%patch200 -p1 -b .CVE-2009-2702
|
||||||
%patch201 -p1 -b .CVE-2011-3365
|
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch300 -p1 -b .halectomy
|
%patch300 -p1 -b .halectomy
|
||||||
|
@ -566,6 +562,9 @@ rm -rf %{buildroot}
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Oct 04 2011 Rex Dieter <rdieter@fedoraproject.org> 4.7.2-1
|
||||||
|
- 4.7.2
|
||||||
|
|
||||||
* Tue Oct 04 2011 Lukas Tinkl <ltinkl@redhat.com> - 4.7.1-6
|
* Tue Oct 04 2011 Lukas Tinkl <ltinkl@redhat.com> - 4.7.1-6
|
||||||
- Resolves #743056 - CVE-2011-3365 kdelibs: input validation failure in KSSL
|
- Resolves #743056 - CVE-2011-3365 kdelibs: input validation failure in KSSL
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue