CVE-2017-6410 (#1427808)

2017-03-02 12:49:09 -06:00 · 2017-03-02 12:49:09 -06:00 · 8ab470f20f
parent a0636f60be
commit 8ab470f20f
3 changed files with 9 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 /kdelibs-4.14.29.tar.xz
+/0002-Sanitize-URLs-before-passing-them-to-FindProxyForURL.patch
--- a/kdelibs.spec
+++ b/kdelibs.spec
@ -51,7 +51,7 @@ Summary: KDE Libraries
 # shipped with kde applications, version...
 %global apps_version 16.12.2
 Version: 4.14.29
-Release: 1%{?dist}
+Release: 2%{?dist}

 Name: kdelibs
 Epoch: 6
@ -200,7 +200,8 @@ Patch65: kdelibs-4.14.17-glibc_trunc.patch
 Patch67: kdelibs-4.14.17-gcc6_narrowing_hack.patch

 ## upstream
-# 4.14 branch
+# 4.14 branch (lookaside cache)
+Patch102: 0002-Sanitize-URLs-before-passing-them-to-FindProxyForURL.patch

 ## security fix

@ -495,6 +496,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
 %patch67 -p1 -b .gcc6_narrowing_hack

 # upstream patches
+%patch102 -p1 -b .0002

 # security fixes

@ -877,6 +879,9 @@ update-mime-database %{?fedora:-n} %{_datadir}/mime &> /dev/null || :


 %changelog
+* Thu Mar 02 2017 Rex Dieter <rdieter@fedoraproject.org> - 6:4.14.29-2
+- CVE-2017-6410 (#1427808)
+
 * Wed Feb 08 2017 Rex Dieter <rdieter@fedoraproject.org> - 6:4.14.29-1
 - 4.14.29 (kde-apps-16.12.2)

--- a/1
+++ b/1
@ -1 +1,2 @@
 SHA512 (kdelibs-4.14.29.tar.xz) = caf5f840533bd99c42d74583ef97004500de4d73f14bf442e6b3d83bbf6bb1130e735a8f7a45955d60b318a3587e4e08f168c11e1159c26445875b907f5f0976
+SHA512 (0002-Sanitize-URLs-before-passing-them-to-FindProxyForURL.patch) = 1c34e0de68d3c5eea5daa76b4b07ca983cf5dc088d8d3fe1e443e6fcf66a35b25fbd986e754d843c2587142d18c1aae0811a26d71b1227323e54ea542d4b7cec