[kdelibs] 4.10.3-2
Rex Dieter
rdieter at fedoraproject.org
Thu May 9 12:57:24 UTC 2013
commit 1d5f527063ab182317f7d430ae22e87319ca1432
Author: Rex Dieter <rdieter at math.unl.edu>
Date: Thu May 9 07:57:13 2013 -0500
4.10.3-2
- pull in a few upstream fixes, including a couple minor security issues
- Crash in DialogShadows::Private::freeX11Pixmaps() (kde#319137)
...ransparent-background-for-checkBox-and-ra.patch | 61 ++++++++++++++++++++
...-of-Subject-Alternate-Names-in-kssl-CVE-2.patch | 56 +++++++++++-------
0005-Already-trimmed-string.patch | 25 ++++++++
0006-Use-just-calculated-variable.patch | 25 ++++++++
...passwords-contained-in-HTTP-URLs-in-error.patch | 38 ++++++++++++
kdelibs-4.10.3-kde319137.patch | 12 ++++
kdelibs.spec | 40 +++++++++----
7 files changed, 224 insertions(+), 33 deletions(-)
---
diff --git a/0001-Do-no-set-transparent-background-for-checkBox-and-ra.patch b/0001-Do-no-set-transparent-background-for-checkBox-and-ra.patch
new file mode 100644
index 0000000..2d43e08
--- /dev/null
+++ b/0001-Do-no-set-transparent-background-for-checkBox-and-ra.patch
@@ -0,0 +1,61 @@
+From c0daa108d8f6935d4e451e3f3ec3ecbdf5a5944f Mon Sep 17 00:00:00 2001
+From: Andrea Iacovitti <aiacovitti at libero.it>
+Date: Sun, 5 May 2013 19:38:55 +0200
+Subject: [PATCH 1/7] Do no set transparent background for checkBox and
+ radioButton unless they have a background image to show. Otherwise, when
+ using oxygen style, they could end up to be invisible (as for the "Remember
+ me" checkBox in twitter).
+
+CCBUG: 162905
+---
+ khtml/rendering/render_replaced.cpp | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/khtml/rendering/render_replaced.cpp b/khtml/rendering/render_replaced.cpp
+index 379e607..fcab77e 100644
+--- a/khtml/rendering/render_replaced.cpp
++++ b/khtml/rendering/render_replaced.cpp
+@@ -37,6 +37,8 @@
+ #include <QtGui/QApplication>
+ #include <QtGui/QLineEdit>
+ #include <QtGui/QComboBox>
++#include <QtGui/QCheckBox>
++#include <QtGui/QRadioButton>
+ #include <kglobalsettings.h>
+ #include <kurlrequester.h>
+ #include <QtCore/QObject>
+@@ -381,9 +383,10 @@ void RenderWidget::updateFromElement()
+ if (!backgroundColor.isValid() && !style()->htmlHacks())
+ backgroundColor = Qt::transparent;
+
++ bool hasBackgroundImage = style()->hasBackgroundImage();
+ // check if we have to paint our background and let it show through the widget
+ bool trans = ( isRedirectedWidget() && !qobject_cast<KUrlRequester*>(m_widget) &&
+- (style()->hasBackgroundImage() || (style()->hasBackground() && shouldPaintCSSBorders())) );
++ (hasBackgroundImage || (style()->hasBackground() && shouldPaintCSSBorders())) );
+
+ QPalette pal(QApplication::palette(m_widget));
+ // We need a non-transparent version for widgets with popups (e.g. kcombobox). The popups must not let
+@@ -459,12 +462,17 @@ void RenderWidget::updateFromElement()
+ }
+ }
+
+- m_widget->setPalette(pal);
++ if ( (qobject_cast<QCheckBox*>(m_widget) || qobject_cast<QRadioButton*>(m_widget)) &&
++ (backgroundColor == Qt::transparent && !hasBackgroundImage) ) {
++ m_widget->setPalette(non_trans_pal);
++ } else {
++ m_widget->setPalette(pal);
++ }
+
+ // Combobox's popup colors
+ if (qobject_cast<QComboBox*>(m_widget)) {
+ // Background
+- if (style()->hasBackgroundImage()) {
++ if (hasBackgroundImage) {
+ non_trans_pal = QApplication::palette();
+ }
+ else if (backgroundColor.isValid() && backgroundColor != Qt::transparent) {
+--
+1.8.1.4
+
diff --git a/kdelibs-4.10.0-CVE-2009-2702.patch b/0004-Fix-parsing-of-Subject-Alternate-Names-in-kssl-CVE-2.patch
similarity index 53%
rename from kdelibs-4.10.0-CVE-2009-2702.patch
rename to 0004-Fix-parsing-of-Subject-Alternate-Names-in-kssl-CVE-2.patch
index 9aee863..da988e0 100644
--- a/kdelibs-4.10.0-CVE-2009-2702.patch
+++ b/0004-Fix-parsing-of-Subject-Alternate-Names-in-kssl-CVE-2.patch
@@ -1,7 +1,23 @@
-diff -up kdelibs-4.10.0/kio/kssl/kopenssl.cpp.CVE-2009-2702 kdelibs-4.10.0/kio/kssl/kopenssl.cpp
---- kdelibs-4.10.0/kio/kssl/kopenssl.cpp.CVE-2009-2702 2013-01-23 15:44:24.000000000 -0600
-+++ kdelibs-4.10.0/kio/kssl/kopenssl.cpp 2013-01-31 07:37:12.210503883 -0600
-@@ -196,6 +196,7 @@ static int (*K_X509_NAME_add_entry_by_tx
+From e2de9d0925699471cdfb9a8d26feffb4a18f4f4d Mon Sep 17 00:00:00 2001
+From: Jonathan Riddell <jr at jriddell.org>
+Date: Mon, 6 May 2013 15:54:24 +0100
+Subject: [PATCH 4/7] Fix parsing of Subject Alternate Names in kssl
+ (CVE-2009-2702) fix vulnerability with NULL byte in Subject Alternate Names
+ field of X.509 certificates by verifying that the QString length of the SAN
+ is not shorter than the ASN1 length
+ https://bugzilla.redhat.com/show_bug.cgi?id=520661
+
+---
+ kio/kssl/kopenssl.cpp | 9 +++++++++
+ kio/kssl/kopenssl.h | 5 +++++
+ kio/kssl/ksslcertificate.cpp | 4 +++-
+ 3 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/kio/kssl/kopenssl.cpp b/kio/kssl/kopenssl.cpp
+index 38c7c93..e3ca535 100644
+--- a/kio/kssl/kopenssl.cpp
++++ b/kio/kssl/kopenssl.cpp
+@@ -196,6 +196,7 @@ static int (*K_X509_NAME_add_entry_by_txt)(X509_NAME*, char*, int, unsigned char
static X509_NAME *(*K_X509_NAME_new)() = 0L;
static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L;
static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L;
@@ -17,7 +33,7 @@ diff -up kdelibs-4.10.0/kio/kssl/kopenssl.cpp.CVE-2009-2702 kdelibs-4.10.0/kio/k
#endif
}
-@@ -1572,6 +1574,13 @@ unsigned char *KOpenSSLProxy::ASN1_STRIN
+@@ -1572,6 +1574,13 @@ unsigned char *KOpenSSLProxy::ASN1_STRING_data(ASN1_STRING *x) {
return 0L;
}
@@ -31,21 +47,15 @@ diff -up kdelibs-4.10.0/kio/kssl/kopenssl.cpp.CVE-2009-2702 kdelibs-4.10.0/kio/k
STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) {
if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl);
return 0L;
-diff -up kdelibs-4.10.0/kio/kssl/kopenssl.h.CVE-2009-2702 kdelibs-4.10.0/kio/kssl/kopenssl.h
---- kdelibs-4.10.0/kio/kssl/kopenssl.h.CVE-2009-2702 2013-01-23 15:44:24.000000000 -0600
-+++ kdelibs-4.10.0/kio/kssl/kopenssl.h 2013-01-31 07:37:12.210503883 -0600
-@@ -607,13 +607,17 @@ public:
- */
- void ASN1_INTEGER_free(ASN1_INTEGER *x);
-
--
- /*
- * ASN1_STRING_data
- */
+diff --git a/kio/kssl/kopenssl.h b/kio/kssl/kopenssl.h
+index 3a41189..ab05486 100644
+--- a/kio/kssl/kopenssl.h
++++ b/kio/kssl/kopenssl.h
+@@ -614,6 +614,11 @@ public:
unsigned char *ASN1_STRING_data(ASN1_STRING *x);
/*
-+ * ASN1_STRING_length
++ * ASN1_STRING_length
+ */
+ int ASN1_STRING_length(ASN1_STRING *x);
+
@@ -53,10 +63,11 @@ diff -up kdelibs-4.10.0/kio/kssl/kopenssl.h.CVE-2009-2702 kdelibs-4.10.0/kio/kss
*
*/
int OBJ_obj2nid(ASN1_OBJECT *o);
-diff -up kdelibs-4.10.0/kio/kssl/ksslcertificate.cpp.CVE-2009-2702 kdelibs-4.10.0/kio/kssl/ksslcertificate.cpp
---- kdelibs-4.10.0/kio/kssl/ksslcertificate.cpp.CVE-2009-2702 2013-01-23 15:44:24.000000000 -0600
-+++ kdelibs-4.10.0/kio/kssl/ksslcertificate.cpp 2013-01-31 07:37:12.210503883 -0600
-@@ -1301,7 +1301,9 @@ QStringList KSSLCertificate::subjAltName
+diff --git a/kio/kssl/ksslcertificate.cpp b/kio/kssl/ksslcertificate.cpp
+index 4388bfb..e90ec5a 100644
+--- a/kio/kssl/ksslcertificate.cpp
++++ b/kio/kssl/ksslcertificate.cpp
+@@ -1301,7 +1301,9 @@ QStringList KSSLCertificate::subjAltNames() const {
}
QString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5);
@@ -67,3 +78,6 @@ diff -up kdelibs-4.10.0/kio/kssl/ksslcertificate.cpp.CVE-2009-2702 kdelibs-4.10.
rc += s;
}
}
+--
+1.8.1.4
+
diff --git a/0005-Already-trimmed-string.patch b/0005-Already-trimmed-string.patch
new file mode 100644
index 0000000..1a5be0b
--- /dev/null
+++ b/0005-Already-trimmed-string.patch
@@ -0,0 +1,25 @@
+From 1ad51d1470069cf69eb932dc40095c2978407839 Mon Sep 17 00:00:00 2001
+From: Andrea Iacovitti <aiacovitti at libero.it>
+Date: Tue, 7 May 2013 23:19:32 +0200
+Subject: [PATCH 5/7] Already trimmed string.
+
+---
+ khtml/ecma/xmlhttprequest.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/khtml/ecma/xmlhttprequest.cpp b/khtml/ecma/xmlhttprequest.cpp
+index cd72fe8..8649954 100644
+--- a/khtml/ecma/xmlhttprequest.cpp
++++ b/khtml/ecma/xmlhttprequest.cpp
+@@ -631,7 +631,7 @@ void XMLHttpRequest::setRequestHeader(const QString& _name, const QString& _valu
+ // TODO: Do something about "put" which kio_http sort of supports and
+ // the webDAV headers such as PROPFIND etc...
+ if (name == "get" || name == "post") {
+- KUrl reqURL (doc->URL(), value.trimmed());
++ KUrl reqURL(doc->URL(), value);
+ open(name, reqURL, async, ec);
+ return;
+ }
+--
+1.8.1.4
+
diff --git a/0006-Use-just-calculated-variable.patch b/0006-Use-just-calculated-variable.patch
new file mode 100644
index 0000000..eeef242
--- /dev/null
+++ b/0006-Use-just-calculated-variable.patch
@@ -0,0 +1,25 @@
+From dfac74f852ff248990d047e5305d4e8deef9d540 Mon Sep 17 00:00:00 2001
+From: Andrea Iacovitti <aiacovitti at libero.it>
+Date: Wed, 8 May 2013 01:01:31 +0200
+Subject: [PATCH 6/7] Use just calculated variable.
+
+---
+ khtml/xml/dom_docimpl.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/khtml/xml/dom_docimpl.cpp b/khtml/xml/dom_docimpl.cpp
+index bb65a89..c100400 100644
+--- a/khtml/xml/dom_docimpl.cpp
++++ b/khtml/xml/dom_docimpl.cpp
+@@ -1995,7 +1995,7 @@ void DocumentImpl::processHttpEquiv(const DOMString &equiv, const DOMString &con
+ str = parseURL( DOMString(str) ).string();
+ QString newURL = document()->completeURL( str );
+ if ( ok )
+- v->part()->scheduleRedirection(delay, document()->completeURL( str ), delay < 2 || newURL == URL().url());
++ v->part()->scheduleRedirection(delay, newURL, delay < 2 || newURL == URL().url());
+ }
+ }
+ else if(strcasecmp(equiv, "expires") == 0)
+--
+1.8.1.4
+
diff --git a/0007-Don-t-show-passwords-contained-in-HTTP-URLs-in-error.patch b/0007-Don-t-show-passwords-contained-in-HTTP-URLs-in-error.patch
new file mode 100644
index 0000000..2a477e9
--- /dev/null
+++ b/0007-Don-t-show-passwords-contained-in-HTTP-URLs-in-error.patch
@@ -0,0 +1,38 @@
+From 65d736dab592bced4410ccfa4699de89f78c96ca Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Gr=C3=A9gory=20Oestreicher?= <greg at kamago.net>
+Date: Wed, 8 May 2013 23:16:00 +0200
+Subject: [PATCH 7/7] Don't show passwords contained in HTTP URLs in error
+ messages BUG: 319428
+
+---
+ kioslave/http/http.cpp | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/kioslave/http/http.cpp b/kioslave/http/http.cpp
+index 2d139a9..129fc7b 100644
+--- a/kioslave/http/http.cpp
++++ b/kioslave/http/http.cpp
+@@ -3056,7 +3056,7 @@ try_again:
+ ; // Ignore error
+ } else {
+ if (!sendErrorPageNotification()) {
+- error(ERR_INTERNAL_SERVER, m_request.url.url());
++ error(ERR_INTERNAL_SERVER, m_request.url.prettyUrl());
+ return false;
+ }
+ }
+@@ -3072,9 +3072,9 @@ try_again:
+ // Tell that we will only get an error page here.
+ if (!sendErrorPageNotification()) {
+ if (m_request.responseCode == 403)
+- error(ERR_ACCESS_DENIED, m_request.url.url());
++ error(ERR_ACCESS_DENIED, m_request.url.prettyUrl());
+ else
+- error(ERR_DOES_NOT_EXIST, m_request.url.url());
++ error(ERR_DOES_NOT_EXIST, m_request.url.prettyUrl());
+ return false;
+ }
+ } else if (m_request.responseCode >= 301 && m_request.responseCode<= 303) {
+--
+1.8.1.4
+
diff --git a/kdelibs-4.10.3-kde319137.patch b/kdelibs-4.10.3-kde319137.patch
new file mode 100644
index 0000000..e7c9dae
--- /dev/null
+++ b/kdelibs-4.10.3-kde319137.patch
@@ -0,0 +1,12 @@
+diff -up kdelibs-4.10.3/plasma/private/dialogshadows.cpp.kde319137 kdelibs-4.10.3/plasma/private/dialogshadows.cpp
+--- kdelibs-4.10.3/plasma/private/dialogshadows.cpp.kde319137 2013-05-02 23:41:11.209607748 -0500
++++ kdelibs-4.10.3/plasma/private/dialogshadows.cpp 2013-05-09 07:54:48.329139462 -0500
+@@ -335,6 +335,8 @@ void DialogShadows::Private::setupData(P
+ void DialogShadows::Private::freeX11Pixmaps()
+ {
+ #ifdef Q_WS_X11
++ if (!QX11Info::display())
++ return;
+ foreach (const QPixmap &pixmap, m_shadowPixmaps) {
+ if (!pixmap.isNull()) {
+ XFreePixmap(QX11Info::display(), pixmap.handle());
diff --git a/kdelibs.spec b/kdelibs.spec
index 000f866..eb98b68 100644
--- a/kdelibs.spec
+++ b/kdelibs.spec
@@ -34,7 +34,7 @@
Summary: KDE Libraries
Version: 4.10.3
-Release: 1%{?dist}
+Release: 2%{?dist}
Name: kdelibs
Epoch: 6
@@ -157,13 +157,21 @@ Patch61: kdelibs-4.9.3-dot.patch
#https://bugs.kde.org/315578
# for now, causes regression,
#https://bugs.kde.org/317138
-Patch100: return-not-break.-copy-paste-error.patch
-Patch101: coding-style-fixes.patch
-Patch102: return-application-icons-properly.patch
+Patch090: return-not-break.-copy-paste-error.patch
+Patch091: coding-style-fixes.patch
+Patch092: return-application-icons-properly.patch
+
+# workaround "Crash in DialogShadows::Private::freeX11Pixmaps()"
+# https://bugs.kde.org/319137
+Patch100: kdelibs-4.10.3-kde319137.patch
+
+Patch101: 0001-Do-no-set-transparent-background-for-checkBox-and-ra.patch
+Patch104: 0004-Fix-parsing-of-Subject-Alternate-Names-in-kssl-CVE-2.patch
+Patch105: 0005-Already-trimmed-string.patch
+Patch106: 0006-Use-just-calculated-variable.patch
+Patch107: 0007-Don-t-show-passwords-contained-in-HTTP-URLs-in-error.patch
## security fix
-# Not Upstreamed? why not ? -- Rex
-Patch200: kdelibs-4.10.0-CVE-2009-2702.patch
# rhel patches
@@ -351,12 +359,17 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
%patch61 -p1 -b .dot
# upstream patches
-%patch100 -p1 -R -b .return-not-break.-copy-paste-error
-%patch101 -p1 -R -b .coding-style-fixes.patch
-%patch102 -p1 -R -b .return-application-icons-properly
+%patch090 -p1 -R -b .return-not-break.-copy-paste-error
+%patch091 -p1 -R -b .coding-style-fixes.patch
+%patch092 -p1 -R -b .return-application-icons-properly
+%patch100 -p1 -b .kde319137
+%patch101 -p1 -b .0001-Do-no-set-transparent-background-for-checkBox-and-ra
+%patch104 -p1 -b .0004-Fix-parsing-of-Subject-Alternate-Names-in-kssl-CVE-2
+%patch105 -p1 -b .0005-Already-trimmed-string
+%patch106 -p1 -b .0006-Use-just-calculated-variable
+%patch107 -p1 -b .0007-Don-t-show-passwords-contained-in-HTTP-URLs-in-error
# security fixes
-%patch200 -p1 -b .CVE-2009-2702
# rhel patches
%if ! 0%{?webkit}
@@ -366,6 +379,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
%patch301 -p1 -b .abrt
%endif
+
%build
mkdir -p %{_target_platform}
@@ -393,8 +407,6 @@ doc/api/doxygen.sh .
%install
-rm -rf %{buildroot}
-
make install/fast DESTDIR=%{buildroot} -C %{_target_platform}
# see also use-of/patching of XDG_MENU_PREFIX in kdebase/kde-settings
@@ -597,6 +609,10 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :
%changelog
+* Thu May 09 2013 Rex Dieter <rdieter at fedoraproject.org> - 4.10.3-2
+- pull in a few upstream fixes, including a couple minor security issues
+- Crash in DialogShadows::Private::freeX11Pixmaps() (kde#319137)
+
* Mon May 06 2013 Than Ngo <than at redhat.com> - 4.10.3-1
- 4.10.3
More information about the scm-commits
mailing list