aboutsummaryrefslogtreecommitdiffstats
path: root/x11/kde4-baseapps
diff options
context:
space:
mode:
authorlofi <lofi@FreeBSD.org>2007-08-19 23:36:01 +0800
committerlofi <lofi@FreeBSD.org>2007-08-19 23:36:01 +0800
commit3129cc3dcc39cdbe559c468b4ee7c09956a25b79 (patch)
tree418ab408c12c5a27ba0b6823750133f1061c8cd3 /x11/kde4-baseapps
parentd11ba1f82d33d541677ed865a8763050afb668fc (diff)
downloadfreebsd-ports-gnome-3129cc3dcc39cdbe559c468b4ee7c09956a25b79.tar.gz
freebsd-ports-gnome-3129cc3dcc39cdbe559c468b4ee7c09956a25b79.tar.zst
freebsd-ports-gnome-3129cc3dcc39cdbe559c468b4ee7c09956a25b79.zip
Fix Konqueror address bar spoofing attack vulnerability.
Security: CVE-2007-4224, CVE-2007-4224, CVE-2007-3820 Security: http://www.kde.org/info/security/advisory-20070816-1.txt
Diffstat (limited to 'x11/kde4-baseapps')
-rw-r--r--x11/kde4-baseapps/Makefile2
-rw-r--r--x11/kde4-baseapps/files/patch-post-3.5.7-kdebase-konqueror.diff49
2 files changed, 50 insertions, 1 deletions
diff --git a/x11/kde4-baseapps/Makefile b/x11/kde4-baseapps/Makefile
index 322f991ba7f2..42bda78adb66 100644
--- a/x11/kde4-baseapps/Makefile
+++ b/x11/kde4-baseapps/Makefile
@@ -8,7 +8,7 @@
PORTNAME= kdebase
PORTVERSION= ${KDE_VERSION}
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= x11 kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src
diff --git a/x11/kde4-baseapps/files/patch-post-3.5.7-kdebase-konqueror.diff b/x11/kde4-baseapps/files/patch-post-3.5.7-kdebase-konqueror.diff
new file mode 100644
index 000000000000..0d6e44ef4f82
--- /dev/null
+++ b/x11/kde4-baseapps/files/patch-post-3.5.7-kdebase-konqueror.diff
@@ -0,0 +1,49 @@
+--- konqueror/konq_combo.cc
++++ konqueror/konq_combo.cc
+@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u
+ kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
+ "addToCombo(QString,QCString)", data);
+ }
++ // important security consideration: always display the beginning
++ // of the url rather than its end to prevent spoofing attempts.
++ lineEdit()->setCursorPosition( 0 );
+ }
+
+ void KonqCombo::setTemporary( const QString& text )
+--- konqueror/konq_mainwindow.cc
++++ konqueror/konq_mainwindow.cc
+@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView *
+ }
+ else // no known serviceType, use KonqRun
+ {
+- if ( ( view && view == m_currentView ) ||
+- ( !view && !req.newTab ) ) // startup with argument
++ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument
+ {
+ // Show it for now in the location bar, but we'll need to store it in the view
+ // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called).
+- kdDebug(1202) << "setLocationBarURL : url = " << url << endl;
++ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl;
+ setLocationBarURL( url );
+ }
+
+@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s
+ if ( childView )
+ {
+ enableAllActions( true );
+-
+- m_pViewManager->setActivePart( childView->part() );
+ m_currentView = childView;
+ }
+ }
+--- konqueror/konq_viewmgr.cc
++++ konqueror/konq_viewmgr.cc
+@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan
+
+ void KonqViewManager::emitActivePartChanged()
+ {
++ // prevent unnecessary multiple calls to slotPartActivated:
++ m_activePartChangedTimer->stop();
+ m_pMainWindow->slotPartActivated( activePart() );
+ }
+