From 644387152237b06ce08515db15e8fba727d133ab Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Sat, 1 Jun 2013 09:07:01 -0500 Subject: [PATCH] 4.10.4 --- .gitignore | 3 +- ...arent-background-for-checkBox-and-ra.patch | 61 -------------- ...ubject-Alternate-Names-in-kssl-CVE-2.patch | 83 ------------------- 0005-Already-trimmed-string.patch | 25 ------ 0006-Use-just-calculated-variable.patch | 25 ------ ...ords-contained-in-HTTP-URLs-in-error.patch | 38 --------- kdelibs-4.10.3-kde319137.patch | 12 --- kdelibs.spec | 29 ++----- sources | 2 +- 9 files changed, 10 insertions(+), 268 deletions(-) delete mode 100644 0001-Do-no-set-transparent-background-for-checkBox-and-ra.patch delete mode 100644 0004-Fix-parsing-of-Subject-Alternate-Names-in-kssl-CVE-2.patch delete mode 100644 0005-Already-trimmed-string.patch delete mode 100644 0006-Use-just-calculated-variable.patch delete mode 100644 0007-Don-t-show-passwords-contained-in-HTTP-URLs-in-error.patch delete mode 100644 kdelibs-4.10.3-kde319137.patch diff --git a/.gitignore b/.gitignore index c8f02d3..e683a3b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ -/kdelibs-4.10.2.tar.xz -/kdelibs-4.10.3.tar.xz +/kdelibs-4.10.4.tar.xz diff --git a/0001-Do-no-set-transparent-background-for-checkBox-and-ra.patch b/0001-Do-no-set-transparent-background-for-checkBox-and-ra.patch deleted file mode 100644 index 2d43e08..0000000 --- a/0001-Do-no-set-transparent-background-for-checkBox-and-ra.patch +++ /dev/null @@ -1,61 +0,0 @@ -From c0daa108d8f6935d4e451e3f3ec3ecbdf5a5944f Mon Sep 17 00:00:00 2001 -From: Andrea Iacovitti -Date: Sun, 5 May 2013 19:38:55 +0200 -Subject: [PATCH 1/7] Do no set transparent background for checkBox and - radioButton unless they have a background image to show. Otherwise, when - using oxygen style, they could end up to be invisible (as for the "Remember - me" checkBox in twitter). - -CCBUG: 162905 ---- - khtml/rendering/render_replaced.cpp | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/khtml/rendering/render_replaced.cpp b/khtml/rendering/render_replaced.cpp -index 379e607..fcab77e 100644 ---- a/khtml/rendering/render_replaced.cpp -+++ b/khtml/rendering/render_replaced.cpp -@@ -37,6 +37,8 @@ - #include - #include - #include -+#include -+#include - #include - #include - #include -@@ -381,9 +383,10 @@ void RenderWidget::updateFromElement() - if (!backgroundColor.isValid() && !style()->htmlHacks()) - backgroundColor = Qt::transparent; - -+ bool hasBackgroundImage = style()->hasBackgroundImage(); - // check if we have to paint our background and let it show through the widget - bool trans = ( isRedirectedWidget() && !qobject_cast(m_widget) && -- (style()->hasBackgroundImage() || (style()->hasBackground() && shouldPaintCSSBorders())) ); -+ (hasBackgroundImage || (style()->hasBackground() && shouldPaintCSSBorders())) ); - - QPalette pal(QApplication::palette(m_widget)); - // We need a non-transparent version for widgets with popups (e.g. kcombobox). The popups must not let -@@ -459,12 +462,17 @@ void RenderWidget::updateFromElement() - } - } - -- m_widget->setPalette(pal); -+ if ( (qobject_cast(m_widget) || qobject_cast(m_widget)) && -+ (backgroundColor == Qt::transparent && !hasBackgroundImage) ) { -+ m_widget->setPalette(non_trans_pal); -+ } else { -+ m_widget->setPalette(pal); -+ } - - // Combobox's popup colors - if (qobject_cast(m_widget)) { - // Background -- if (style()->hasBackgroundImage()) { -+ if (hasBackgroundImage) { - non_trans_pal = QApplication::palette(); - } - else if (backgroundColor.isValid() && backgroundColor != Qt::transparent) { --- -1.8.1.4 - diff --git a/0004-Fix-parsing-of-Subject-Alternate-Names-in-kssl-CVE-2.patch b/0004-Fix-parsing-of-Subject-Alternate-Names-in-kssl-CVE-2.patch deleted file mode 100644 index da988e0..0000000 --- a/0004-Fix-parsing-of-Subject-Alternate-Names-in-kssl-CVE-2.patch +++ /dev/null @@ -1,83 +0,0 @@ -From e2de9d0925699471cdfb9a8d26feffb4a18f4f4d Mon Sep 17 00:00:00 2001 -From: Jonathan Riddell -Date: Mon, 6 May 2013 15:54:24 +0100 -Subject: [PATCH 4/7] Fix parsing of Subject Alternate Names in kssl - (CVE-2009-2702) fix vulnerability with NULL byte in Subject Alternate Names - field of X.509 certificates by verifying that the QString length of the SAN - is not shorter than the ASN1 length - https://bugzilla.redhat.com/show_bug.cgi?id=520661 - ---- - kio/kssl/kopenssl.cpp | 9 +++++++++ - kio/kssl/kopenssl.h | 5 +++++ - kio/kssl/ksslcertificate.cpp | 4 +++- - 3 files changed, 17 insertions(+), 1 deletion(-) - -diff --git a/kio/kssl/kopenssl.cpp b/kio/kssl/kopenssl.cpp -index 38c7c93..e3ca535 100644 ---- a/kio/kssl/kopenssl.cpp -+++ b/kio/kssl/kopenssl.cpp -@@ -196,6 +196,7 @@ static int (*K_X509_NAME_add_entry_by_txt)(X509_NAME*, char*, int, unsigned char - static X509_NAME *(*K_X509_NAME_new)() = 0L; - static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L; - static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L; -+static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L; - static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L; - - #endif -@@ -525,6 +526,7 @@ KOpenSSLProxy::KOpenSSLProxy() - K_X509_NAME_new = (X509_NAME *(*)()) d->cryptoLib->resolveFunction("X509_NAME_new"); - K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) d->cryptoLib->resolveFunction("X509_REQ_set_subject_name"); - K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) d->cryptoLib->resolveFunction("ASN1_STRING_data"); -+ K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) d->cryptoLib->resolveFunction("ASN1_STRING_length"); - #endif - } - -@@ -1572,6 +1574,13 @@ unsigned char *KOpenSSLProxy::ASN1_STRING_data(ASN1_STRING *x) { - return 0L; - } - -+ -+int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) { -+ if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x); -+ return 0L; -+} -+ -+ - STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) { - if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl); - return 0L; -diff --git a/kio/kssl/kopenssl.h b/kio/kssl/kopenssl.h -index 3a41189..ab05486 100644 ---- a/kio/kssl/kopenssl.h -+++ b/kio/kssl/kopenssl.h -@@ -614,6 +614,11 @@ public: - unsigned char *ASN1_STRING_data(ASN1_STRING *x); - - /* -+ * ASN1_STRING_length -+ */ -+ int ASN1_STRING_length(ASN1_STRING *x); -+ -+ /* - * - */ - int OBJ_obj2nid(ASN1_OBJECT *o); -diff --git a/kio/kssl/ksslcertificate.cpp b/kio/kssl/ksslcertificate.cpp -index 4388bfb..e90ec5a 100644 ---- a/kio/kssl/ksslcertificate.cpp -+++ b/kio/kssl/ksslcertificate.cpp -@@ -1301,7 +1301,9 @@ QStringList KSSLCertificate::subjAltNames() const { - } - - QString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5); -- if (!s.isEmpty()) { -+ if (!s.isEmpty() && -+ /* skip subjectAltNames with embedded NULs */ -+ s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) { - rc += s; - } - } --- -1.8.1.4 - diff --git a/0005-Already-trimmed-string.patch b/0005-Already-trimmed-string.patch deleted file mode 100644 index 1a5be0b..0000000 --- a/0005-Already-trimmed-string.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 1ad51d1470069cf69eb932dc40095c2978407839 Mon Sep 17 00:00:00 2001 -From: Andrea Iacovitti -Date: Tue, 7 May 2013 23:19:32 +0200 -Subject: [PATCH 5/7] Already trimmed string. - ---- - khtml/ecma/xmlhttprequest.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/khtml/ecma/xmlhttprequest.cpp b/khtml/ecma/xmlhttprequest.cpp -index cd72fe8..8649954 100644 ---- a/khtml/ecma/xmlhttprequest.cpp -+++ b/khtml/ecma/xmlhttprequest.cpp -@@ -631,7 +631,7 @@ void XMLHttpRequest::setRequestHeader(const QString& _name, const QString& _valu - // TODO: Do something about "put" which kio_http sort of supports and - // the webDAV headers such as PROPFIND etc... - if (name == "get" || name == "post") { -- KUrl reqURL (doc->URL(), value.trimmed()); -+ KUrl reqURL(doc->URL(), value); - open(name, reqURL, async, ec); - return; - } --- -1.8.1.4 - diff --git a/0006-Use-just-calculated-variable.patch b/0006-Use-just-calculated-variable.patch deleted file mode 100644 index eeef242..0000000 --- a/0006-Use-just-calculated-variable.patch +++ /dev/null @@ -1,25 +0,0 @@ -From dfac74f852ff248990d047e5305d4e8deef9d540 Mon Sep 17 00:00:00 2001 -From: Andrea Iacovitti -Date: Wed, 8 May 2013 01:01:31 +0200 -Subject: [PATCH 6/7] Use just calculated variable. - ---- - khtml/xml/dom_docimpl.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/khtml/xml/dom_docimpl.cpp b/khtml/xml/dom_docimpl.cpp -index bb65a89..c100400 100644 ---- a/khtml/xml/dom_docimpl.cpp -+++ b/khtml/xml/dom_docimpl.cpp -@@ -1995,7 +1995,7 @@ void DocumentImpl::processHttpEquiv(const DOMString &equiv, const DOMString &con - str = parseURL( DOMString(str) ).string(); - QString newURL = document()->completeURL( str ); - if ( ok ) -- v->part()->scheduleRedirection(delay, document()->completeURL( str ), delay < 2 || newURL == URL().url()); -+ v->part()->scheduleRedirection(delay, newURL, delay < 2 || newURL == URL().url()); - } - } - else if(strcasecmp(equiv, "expires") == 0) --- -1.8.1.4 - diff --git a/0007-Don-t-show-passwords-contained-in-HTTP-URLs-in-error.patch b/0007-Don-t-show-passwords-contained-in-HTTP-URLs-in-error.patch deleted file mode 100644 index 2a477e9..0000000 --- a/0007-Don-t-show-passwords-contained-in-HTTP-URLs-in-error.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 65d736dab592bced4410ccfa4699de89f78c96ca Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Gr=C3=A9gory=20Oestreicher?= -Date: Wed, 8 May 2013 23:16:00 +0200 -Subject: [PATCH 7/7] Don't show passwords contained in HTTP URLs in error - messages BUG: 319428 - ---- - kioslave/http/http.cpp | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/kioslave/http/http.cpp b/kioslave/http/http.cpp -index 2d139a9..129fc7b 100644 ---- a/kioslave/http/http.cpp -+++ b/kioslave/http/http.cpp -@@ -3056,7 +3056,7 @@ try_again: - ; // Ignore error - } else { - if (!sendErrorPageNotification()) { -- error(ERR_INTERNAL_SERVER, m_request.url.url()); -+ error(ERR_INTERNAL_SERVER, m_request.url.prettyUrl()); - return false; - } - } -@@ -3072,9 +3072,9 @@ try_again: - // Tell that we will only get an error page here. - if (!sendErrorPageNotification()) { - if (m_request.responseCode == 403) -- error(ERR_ACCESS_DENIED, m_request.url.url()); -+ error(ERR_ACCESS_DENIED, m_request.url.prettyUrl()); - else -- error(ERR_DOES_NOT_EXIST, m_request.url.url()); -+ error(ERR_DOES_NOT_EXIST, m_request.url.prettyUrl()); - return false; - } - } else if (m_request.responseCode >= 301 && m_request.responseCode<= 303) { --- -1.8.1.4 - diff --git a/kdelibs-4.10.3-kde319137.patch b/kdelibs-4.10.3-kde319137.patch deleted file mode 100644 index e7c9dae..0000000 --- a/kdelibs-4.10.3-kde319137.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up kdelibs-4.10.3/plasma/private/dialogshadows.cpp.kde319137 kdelibs-4.10.3/plasma/private/dialogshadows.cpp ---- kdelibs-4.10.3/plasma/private/dialogshadows.cpp.kde319137 2013-05-02 23:41:11.209607748 -0500 -+++ kdelibs-4.10.3/plasma/private/dialogshadows.cpp 2013-05-09 07:54:48.329139462 -0500 -@@ -335,6 +335,8 @@ void DialogShadows::Private::setupData(P - void DialogShadows::Private::freeX11Pixmaps() - { - #ifdef Q_WS_X11 -+ if (!QX11Info::display()) -+ return; - foreach (const QPixmap &pixmap, m_shadowPixmaps) { - if (!pixmap.isNull()) { - XFreePixmap(QX11Info::display(), pixmap.handle()); diff --git a/kdelibs.spec b/kdelibs.spec index eb98b68..9fda1fc 100644 --- a/kdelibs.spec +++ b/kdelibs.spec @@ -33,8 +33,8 @@ %global dbusmenu_qt_version %(pkg-config --modversion dbusmenu-qt 2>/dev/null || echo %{dbusmenu_qt_ver}) Summary: KDE Libraries -Version: 4.10.3 -Release: 2%{?dist} +Version: 4.10.4 +Release: 1%{?dist} Name: kdelibs Epoch: 6 @@ -161,16 +161,6 @@ Patch090: return-not-break.-copy-paste-error.patch Patch091: coding-style-fixes.patch Patch092: return-application-icons-properly.patch -# workaround "Crash in DialogShadows::Private::freeX11Pixmaps()" -# https://bugs.kde.org/319137 -Patch100: kdelibs-4.10.3-kde319137.patch - -Patch101: 0001-Do-no-set-transparent-background-for-checkBox-and-ra.patch -Patch104: 0004-Fix-parsing-of-Subject-Alternate-Names-in-kssl-CVE-2.patch -Patch105: 0005-Already-trimmed-string.patch -Patch106: 0006-Use-just-calculated-variable.patch -Patch107: 0007-Don-t-show-passwords-contained-in-HTTP-URLs-in-error.patch - ## security fix # rhel patches @@ -362,12 +352,6 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage %patch090 -p1 -R -b .return-not-break.-copy-paste-error %patch091 -p1 -R -b .coding-style-fixes.patch %patch092 -p1 -R -b .return-application-icons-properly -%patch100 -p1 -b .kde319137 -%patch101 -p1 -b .0001-Do-no-set-transparent-background-for-checkBox-and-ra -%patch104 -p1 -b .0004-Fix-parsing-of-Subject-Alternate-Names-in-kssl-CVE-2 -%patch105 -p1 -b .0005-Already-trimmed-string -%patch106 -p1 -b .0006-Use-just-calculated-variable -%patch107 -p1 -b .0007-Don-t-show-passwords-contained-in-HTTP-URLs-in-error # security fixes @@ -609,14 +593,17 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || : %changelog -* Thu May 09 2013 Rex Dieter - 4.10.3-2 +* Sat Jun 01 2013 Rex Dieter - 6:4.10.4-1 +- 4.10.4 + +* Thu May 09 2013 Rex Dieter - 6:4.10.3-2 - pull in a few upstream fixes, including a couple minor security issues - Crash in DialogShadows::Private::freeX11Pixmaps() (kde#319137) -* Mon May 06 2013 Than Ngo - 4.10.3-1 +* Mon May 06 2013 Than Ngo - 6:4.10.1-1 - 4.10.3 -* Tue Apr 30 2013 Than Ngo - 4.10.2-4 +* Tue Apr 30 2013 Than Ngo - 6:4.10.2-4 - drop old kdelibs-4.1.72-no-cache-kdeglobals-paths.patch * Wed Apr 24 2013 Rex Dieter 6:4.10.2-3 diff --git a/sources b/sources index eead253..764ffe2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -190db40af4b9534515a62c327e6f4976 kdelibs-4.10.3.tar.xz +82eb2e7610af83cf69bf3b0f8b2cfc5f kdelibs-4.10.4.tar.xz