From cb927be5c8763e9063ec97c90ccf37b10c671874 Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Wed, 9 Dec 2009 18:02:04 +0000 Subject: [PATCH] backport upstream patches --- kdelibs-3.5.0-kio.patch | 32 ++++++++++++++++++++++++++++++++ kdelibs3.spec | 10 ++++++++++ 2 files changed, 42 insertions(+) create mode 100644 kdelibs-3.5.0-kio.patch diff --git a/kdelibs-3.5.0-kio.patch b/kdelibs-3.5.0-kio.patch new file mode 100644 index 0000000..9e09347 --- /dev/null +++ b/kdelibs-3.5.0-kio.patch @@ -0,0 +1,32 @@ +--- kdelibs-3.5.10/kio/kio/kzip.cpp.orig 2009-12-09 18:42:47.000000000 +0100 ++++ kdelibs-3.5.10/kio/kio/kzip.cpp 2009-12-09 18:45:43.000000000 +0100 +@@ -1051,6 +1051,20 @@ + return true; + } + ++bool KZip::writeDir(const QString& name, const QString& user, const QString& group) ++{ ++ // Zip files have no explicit directories, they are implicitly created during extraction time ++ // when file entries have paths in them. ++ // However, to support empty directories, we must create a dummy file entry which ends with '/'. ++ QString dirName = name; ++ if (!name.endsWith("/")) ++ dirName = dirName.append('/'); ++ ++ mode_t perm = 040755; ++ time_t the_time = time(0); ++ return writeFile(dirName, user, group, 0, perm, the_time, the_time, the_time, 0); ++} ++ + // Doesn't need to be reimplemented anymore. Remove for KDE-4.0 + bool KZip::writeFile( const QString& name, const QString& user, const QString& group, uint size, const char* data ) + { +@@ -1114,7 +1128,7 @@ + } + + // delete entries in the filelist with the same filename as the one we want +- // to save, so that we don´t have duplicate file entries when viewing the zip ++ // to save, so that we don�t have duplicate file entries when viewing the zip + // with konqi... + // CAUTION: the old file itself is still in the zip and won't be removed !!! + QPtrListIterator it( d->m_fileList ); diff --git a/kdelibs3.spec b/kdelibs3.spec index 0801e41..b0f8c15 100644 --- a/kdelibs3.spec +++ b/kdelibs3.spec @@ -81,6 +81,11 @@ Patch101: kde-3.5-libtool-shlibext.patch Patch103: kdelibs-3.5.0-101956.patch Patch104: kdelibs-3.5.10-gcc44.patch Patch105: kdelibs-3.5.10-ossl-1.x.patch +Patch106: kdelibs-3.5.0-kio.patch +Patch107: kdelibs-3.5.10-assert.patch +Patch108: kdelibs-3.5.10-dtoa.patch +Patch109: kdelibs-3.5.10-kabc.patch + ## security fixes # fix CVE-2009-2537 - select length DoS @@ -242,6 +247,10 @@ format for easy browsing %patch101 -p1 -b .libtool-shlibext %patch104 -p1 -b .gcc44 %patch105 -p1 -b .ossl-1.x +%patch106 -p1 -b .kio +%patch107 -p1 -b .assert +%patch108 -p1 -b .alias +%patch109 -p1 -b .kabc # security fixes %patch200 -p1 -b .cve-2009-2537 @@ -577,6 +586,7 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || : %changelog * Mon Dec 07 2009 Than Ngo - 3.5.10-21 - fix security issues in libltdl bundle within kdelibs CVE-2009-3736 +- backport upstream patches * Mon Nov 2 2009 Lukáš Tinkl - 3.5.10-20 - fix unrestricted XMLHttpRequest access to local URLs (oCERT-2009-015), #532428