Resolves: bz#743074, CVE-2011-3365, input validation failure in KSSL

kdelibs-3.5.x-CVE-2011-3365.patch

@@ -0,0 +1,111 @@
+--- kdelibs-3.5.10/kio/kssl/ksslinfodlg.cc	2007-05-14 09:52:36.000000000 +0200
++++ kdelibs-3.5.10/kio/kssl/ksslinfodlg.cc	2011-10-07 20:38:30.000000000 +0200
+@@ -253,6 +253,14 @@ 
+     layout->addWidget(new QLabel(i18n("%1 bits used of a %2 bit cipher").arg(usedbits).arg(bits), this), 10, 1);
+     d->m_layout->addMultiCell(layout, 2, 2, 0, 2);
+ 
++    ipl->setTextFormat(Qt::PlainText);
++    urlLabel->setTextFormat(Qt::PlainText);
++    d->_serialNum->setTextFormat(Qt::PlainText);
++    d->_csl->setTextFormat(Qt::PlainText);
++    d->_validFrom->setTextFormat(Qt::PlainText);
++    d->_validUntil->setTextFormat(Qt::PlainText);
++    d->_digest->setTextFormat(Qt::PlainText);
++
+     displayCert(cert);
+ }
+ 
+@@ -400,32 +408,32 @@ 
+     if (!(tmp = cert.getValue("O")).isEmpty()) {
+         label = new QLabel(i18n("Organization:"), _frame);
+         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
+-        new QLabel(tmp, _frame);
++        (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
+     }
+     if (!(tmp = cert.getValue("OU")).isEmpty()) {
+         label = new QLabel(i18n("Organizational unit:"), _frame);
+         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
+-        new QLabel(tmp, _frame);
++        (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
+     }
+     if (!(tmp = cert.getValue("L")).isEmpty()) {
+         label = new QLabel(i18n("Locality:"), _frame);
+         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
+-        new QLabel(tmp, _frame);
++        (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
+     }
+     if (!(tmp = cert.getValue("ST")).isEmpty()) {
+         label = new QLabel(i18n("Federal State","State:"), _frame);
+         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
+-        new QLabel(tmp, _frame);
++        (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
+     }
+     if (!(tmp = cert.getValue("C")).isEmpty()) {
+         label = new QLabel(i18n("Country:"), _frame);
+         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
+-        new QLabel(tmp, _frame);
++        (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
+     }
+     if (!(tmp = cert.getValue("CN")).isEmpty()) {
+         label = new QLabel(i18n("Common name:"), _frame);
+         label->setAlignment(Qt::AlignLeft | Qt::AlignTop);
+-        new QLabel(tmp, _frame);
++        (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText);
+     }
+     if (!(tmp = cert.getValue("Email")).isEmpty()) {
+         label = new QLabel(i18n("Email:"), _frame);
+@@ -435,6 +443,7 @@ 
+             connect(mail, SIGNAL(leftClickedURL(const QString &)), mailCatcher, SLOT(mailClicked(const QString &)));
+         } else {
+             label = new QLabel(tmp, _frame);
++            label->setTextFormat(Qt::PlainText);
+         }
+     }
+     if (label && viewport()) {
+--- kdelibs-3.5.10/kioslave/http/http.cc	2008-02-13 10:41:06.000000000 +0100
++++ kdelibs-3.5.10-kio_http-qlabel/kioslave/http/http.cc	2011-10-07 21:09:39.000000000 +0200
+@@ -183,6 +183,26 @@
+   return sanitizedHeaders.stripWhiteSpace();
+ }
+ 
++static QString htmlEscape(const QString &plain)
++{
++    QString rich;
++    rich.reserve(uint(plain.length() * 1.1));
++    for (uint i = 0; i < plain.length(); ++i) {
++        if (plain.at(i) == '<')
++            rich += "&lt;";
++        else if (plain.at(i) == '>')
++            rich += "&gt;";
++        else if (plain.at(i) == '&')
++            rich += "&amp;";
++        else if (plain.at(i) == '"')
++            rich += "&quot;";
++        else
++            rich += plain.at(i);
++    }
++    rich.squeeze();
++    return rich;
++}
++
+ 
+ #define NO_SIZE		((KIO::filesize_t) -1)
+ 
+@@ -5173,7 +5193,7 @@
+       info.verifyPath = false;
+       info.digestInfo = m_strAuthorization;
+       info.commentLabel = i18n( "Site:" );
+-      info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( m_strRealm ).arg( m_request.hostname );
++      info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( htmlEscape(m_strRealm) ).arg( m_request.hostname );
+     }
+   }
+   else if ( m_responseCode == 407 )
+@@ -5190,7 +5210,7 @@
+       info.verifyPath = false;
+       info.digestInfo = m_strProxyAuthorization;
+       info.commentLabel = i18n( "Proxy:" );
+-      info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( m_strProxyRealm ).arg( m_proxyURL.host() );
++      info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( htmlEscape(m_strProxyRealm) ).arg( m_proxyURL.host() );
+     }
+   }
+ }

kdelibs3.spec

@@ -28,7 +28,7 @@
 Summary: KDE 3 Libraries
 Name:    kdelibs3
 Version: 3.5.10
-Release: 30%{?dist}
+Release: 31%{?dist}
 
 License: LGPLv2
 Url: http://www.kde.org/
@@ -107,6 +107,8 @@ Patch205: kdelibs-3.5.10-CVE-2009-2702.patch
 Patch206: kdelibs-3.5.10-oCERT-2009-015-xmlhttprequest.patch
 # CVE-2009-3736, libltdl may load and execute code from a library in the current directory
 Patch207: libltdl-CVE-2009-3736.patch
+# CVE-2011-3365, input validation failure in KSSL
+Patch208: kdelibs-3.5.x-CVE-2011-3365.patch
 
 Requires: hicolor-icon-theme
 %if %{kde_settings}
@@ -263,6 +265,7 @@ format for easy browsing
 %patch205 -p1 -b .cve-2009-2702
 %patch206 -p0 -b .oCERT-2009-015-xmlhttprequest
 %patch207 -p1 -b .CVE-2009-3736
+%patch208 -p1 -b .CVE-2011-3365
 
 sed -i -e "s,^#define KDE_VERSION_STRING .*,#define KDE_VERSION_STRING \"%{version}-%{release} %{distname}\"," kdecore/kdeversion.h
 
@@ -586,6 +589,9 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
 
 
 %changelog
+* Thu Oct 13 2011 Than Ngo <than@redhat.com> - 3.5.10-31
+- Resolves: bz#743074, CVE-2011-3365, input validation failure in KSSL
+
 * Fri Jun 17 2011 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-30
 - fix FTBFS (cups-util.c must include stdio.h, #714133)