[psi] Change certificate ui to use plain-text fields to avoid security issue with qlabel. rhbz #746877
Sven Lankes
slankes at fedoraproject.org
Sun Nov 27 15:29:36 UTC 2011
commit 9ce5b90c901d31497305515818eff2327310531d
Author: Sven Lankes <sven at lank.es>
Date: Sun Nov 27 16:28:50 2011 +0100
Change certificate ui to use plain-text fields to avoid security
issue with qlabel. rhbz #746877
psi-0.14-input-validation.patch | 257 +++++++++++++++++++++++++++++++++++++++
psi.spec | 9 ++-
2 files changed, 265 insertions(+), 1 deletions(-)
---
diff --git a/psi-0.14-input-validation.patch b/psi-0.14-input-validation.patch
new file mode 100644
index 0000000..7260c80
--- /dev/null
+++ b/psi-0.14-input-validation.patch
@@ -0,0 +1,257 @@
+commit c68fdd9926a38b2820bc5df97fd1905355a2640d
+Author: rion <rion4ik at gmail.com>
+Date: Fri Oct 7 22:19:05 2011 +0600
+
+ Fixed QLabel CVE
+
+--- src/Certificates/CertificateDisplay.ui 2011-10-19 08:30:15 +0000
++++ src/Certificates/CertificateDisplay.ui 2011-10-19 08:31:23 +0000
+@@ -1,105 +1,118 @@
+-<ui version="4.0" >
++<?xml version="1.0" encoding="UTF-8"?>
++<ui version="4.0">
+ <class>CertificateDisplay</class>
+- <widget class="QDialog" name="CertificateDisplay" >
+- <property name="geometry" >
++ <widget class="QDialog" name="CertificateDisplay">
++ <property name="geometry">
+ <rect>
+ <x>0</x>
+ <y>0</y>
+- <width>518</width>
++ <width>525</width>
+ <height>369</height>
+ </rect>
+ </property>
+- <property name="windowTitle" >
++ <property name="windowTitle">
+ <string>Certificate Information</string>
+ </property>
+- <layout class="QVBoxLayout" >
+- <property name="margin" >
++ <layout class="QVBoxLayout">
++ <property name="spacing">
++ <number>6</number>
++ </property>
++ <property name="margin">
+ <number>11</number>
+ </property>
+- <property name="spacing" >
+- <number>6</number>
+- </property>
+ <item>
+- <layout class="QHBoxLayout" >
+- <property name="margin" >
++ <layout class="QHBoxLayout">
++ <property name="spacing">
++ <number>6</number>
++ </property>
++ <property name="margin">
+ <number>0</number>
+ </property>
+- <property name="spacing" >
+- <number>6</number>
+- </property>
+ <item>
+- <layout class="QVBoxLayout" >
+- <property name="margin" >
++ <layout class="QVBoxLayout">
++ <property name="spacing">
++ <number>6</number>
++ </property>
++ <property name="margin">
+ <number>0</number>
+ </property>
+- <property name="spacing" >
+- <number>6</number>
+- </property>
+ <item>
+- <widget class="QLabel" name="textLabel4" >
+- <property name="text" >
++ <widget class="QLabel" name="textLabel4">
++ <property name="text">
+ <string>Certificate Validation:</string>
+ </property>
+ </widget>
+ </item>
+ <item>
+- <widget class="QLabel" name="lb_valid" >
+- <property name="text" >
++ <widget class="QLabel" name="lb_valid">
++ <property name="text">
+ <string/>
+ </property>
++ <property name="textFormat">
++ <enum>Qt::PlainText</enum>
++ </property>
+ </widget>
+ </item>
+ <item>
+- <widget class="QLabel" name="textLabel2" >
+- <property name="text" >
++ <widget class="QLabel" name="textLabel2">
++ <property name="text">
+ <string>Valid From:</string>
+ </property>
+ </widget>
+ </item>
+ <item>
+- <widget class="QLabel" name="lb_notBefore" >
+- <property name="text" >
++ <widget class="QLabel" name="lb_notBefore">
++ <property name="text">
+ <string/>
+ </property>
++ <property name="textFormat">
++ <enum>Qt::PlainText</enum>
++ </property>
+ </widget>
+ </item>
+ <item>
+- <widget class="QLabel" name="textLabel3" >
+- <property name="text" >
++ <widget class="QLabel" name="textLabel3">
++ <property name="text">
+ <string>Valid Until:</string>
+ </property>
+ </widget>
+ </item>
+ <item>
+- <widget class="QLabel" name="lb_notAfter" >
+- <property name="text" >
++ <widget class="QLabel" name="lb_notAfter">
++ <property name="text">
+ <string/>
+ </property>
++ <property name="textFormat">
++ <enum>Qt::PlainText</enum>
++ </property>
+ </widget>
+ </item>
+ <item>
+- <widget class="QLabel" name="textLabel1" >
+- <property name="text" >
++ <widget class="QLabel" name="textLabel1">
++ <property name="text">
+ <string>Serial Number:</string>
+ </property>
+ </widget>
+ </item>
+ <item>
+- <widget class="QLabel" name="lb_sn" >
+- <property name="text" >
++ <widget class="QLabel" name="lb_sn">
++ <property name="text">
+ <string/>
+ </property>
++ <property name="textFormat">
++ <enum>Qt::PlainText</enum>
++ </property>
+ </widget>
+ </item>
+ <item>
+ <spacer>
+- <property name="orientation" >
++ <property name="orientation">
+ <enum>Qt::Vertical</enum>
+ </property>
+- <property name="sizeType" >
++ <property name="sizeType">
+ <enum>QSizePolicy::Expanding</enum>
+ </property>
+- <property name="sizeHint" >
++ <property name="sizeHint" stdset="0">
+ <size>
+ <width>20</width>
+ <height>106</height>
+@@ -110,14 +123,14 @@
+ </layout>
+ </item>
+ <item>
+- <widget class="QTextBrowser" name="tb_cert" >
+- <property name="minimumSize" >
++ <widget class="QTextBrowser" name="tb_cert">
++ <property name="minimumSize">
+ <size>
+ <width>350</width>
+ <height>300</height>
+ </size>
+ </property>
+- <property name="horizontalScrollBarPolicy" >
++ <property name="horizontalScrollBarPolicy">
+ <enum>Qt::ScrollBarAlwaysOff</enum>
+ </property>
+ </widget>
+@@ -125,35 +138,35 @@
+ </layout>
+ </item>
+ <item>
+- <widget class="Line" name="line1" >
+- <property name="frameShape" >
++ <widget class="Line" name="line1">
++ <property name="frameShape">
+ <enum>QFrame::HLine</enum>
+ </property>
+- <property name="frameShadow" >
++ <property name="frameShadow">
+ <enum>QFrame::Sunken</enum>
+ </property>
+- <property name="orientation" >
++ <property name="orientation">
+ <enum>Qt::Horizontal</enum>
+ </property>
+ </widget>
+ </item>
+ <item>
+- <layout class="QHBoxLayout" >
+- <property name="margin" >
++ <layout class="QHBoxLayout">
++ <property name="spacing">
++ <number>6</number>
++ </property>
++ <property name="margin">
+ <number>0</number>
+ </property>
+- <property name="spacing" >
+- <number>6</number>
+- </property>
+ <item>
+ <spacer>
+- <property name="orientation" >
++ <property name="orientation">
+ <enum>Qt::Horizontal</enum>
+ </property>
+- <property name="sizeType" >
++ <property name="sizeType">
+ <enum>QSizePolicy::Expanding</enum>
+ </property>
+- <property name="sizeHint" >
++ <property name="sizeHint" stdset="0">
+ <size>
+ <width>421</width>
+ <height>20</height>
+@@ -162,17 +175,17 @@
+ </spacer>
+ </item>
+ <item>
+- <widget class="QPushButton" native="1" name="pb_close">
+- <property name="text">
+- <string>Close</string>
+- </property>
+- </widget>
++ <widget class="QPushButton" name="pb_close">
++ <property name="text">
++ <string>Close</string>
++ </property>
++ </widget>
+ </item>
+ </layout>
+ </item>
+ </layout>
+ </widget>
+- <layoutdefault spacing="6" margin="11" />
++ <layoutdefault spacing="6" margin="11"/>
+ <pixmapfunction>qPixmapFromMimeSource</pixmapfunction>
+ <tabstops>
+ <tabstop>tb_cert</tabstop>
+
diff --git a/psi.spec b/psi.spec
index 1a19f84..02b0a9e 100644
--- a/psi.spec
+++ b/psi.spec
@@ -1,6 +1,6 @@
Name: psi
Version: 0.14
-Release: 6%{?dist}
+Release: 7%{?dist}
Summary: Jabber client based on Qt
License: GPLv2+
Group: Applications/Internet
@@ -11,6 +11,8 @@ Patch0: psi-0.12-qca.patch
# be dropped on the next upstream release
Patch1: psi-0.14-configureroomcrash.patch
Patch2: psi-0.14-affiliationlistconfigmuc.patch
+# Fix QLabel CVE - rhbz 746877
+Patch3: psi-0.14-input-validation.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -76,6 +78,7 @@ More icons can be found on http://jisp.netflint.net
%patch0 -p1 -b .qca
%patch1 -p1 -b .configureroom
%patch2 -p1 -b .affiliationlistmuc
+%patch3 -p0 -b .qlabelcve
%build
unset QTDIR
@@ -164,6 +167,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &> /dev/null || :
%changelog
+* Sun Nov 27 2011 Sven Lankes <sven at lank.es> 0.14-7
+- Change certificate ui to use plain-text fields to avoid security
+ issue with qlabel. rhbz #746877
+
* Wed Mar 16 2011 Rex Dieter <rdieter at fedoraproject.org> 0.14-6
- fix FTBFS (drop Requires(hint) usage)
- make qca plugin deps arched
More information about the scm-commits
mailing list