diff options
author | lofi <lofi@FreeBSD.org> | 2007-08-19 23:36:01 +0800 |
---|---|---|
committer | lofi <lofi@FreeBSD.org> | 2007-08-19 23:36:01 +0800 |
commit | 3129cc3dcc39cdbe559c468b4ee7c09956a25b79 (patch) | |
tree | 418ab408c12c5a27ba0b6823750133f1061c8cd3 /x11 | |
parent | d11ba1f82d33d541677ed865a8763050afb668fc (diff) | |
download | freebsd-ports-gnome-3129cc3dcc39cdbe559c468b4ee7c09956a25b79.tar.gz freebsd-ports-gnome-3129cc3dcc39cdbe559c468b4ee7c09956a25b79.tar.zst freebsd-ports-gnome-3129cc3dcc39cdbe559c468b4ee7c09956a25b79.zip |
Fix Konqueror address bar spoofing attack vulnerability.
Security: CVE-2007-4224, CVE-2007-4224, CVE-2007-3820
Security: http://www.kde.org/info/security/advisory-20070816-1.txt
Diffstat (limited to 'x11')
-rw-r--r-- | x11/kde4-baseapps/Makefile | 2 | ||||
-rw-r--r-- | x11/kde4-baseapps/files/patch-post-3.5.7-kdebase-konqueror.diff | 49 | ||||
-rw-r--r-- | x11/kde4-runtime/Makefile | 2 | ||||
-rw-r--r-- | x11/kde4-runtime/files/patch-post-3.5.7-kdebase-konqueror.diff | 49 | ||||
-rw-r--r-- | x11/kde4-workspace/Makefile | 2 | ||||
-rw-r--r-- | x11/kde4-workspace/files/patch-post-3.5.7-kdebase-konqueror.diff | 49 | ||||
-rw-r--r-- | x11/kdebase3/Makefile | 2 | ||||
-rw-r--r-- | x11/kdebase3/files/patch-post-3.5.7-kdebase-konqueror.diff | 49 | ||||
-rw-r--r-- | x11/kdebase4-runtime/Makefile | 2 | ||||
-rw-r--r-- | x11/kdebase4-runtime/files/patch-post-3.5.7-kdebase-konqueror.diff | 49 | ||||
-rw-r--r-- | x11/kdebase4-workspace/Makefile | 2 | ||||
-rw-r--r-- | x11/kdebase4-workspace/files/patch-post-3.5.7-kdebase-konqueror.diff | 49 | ||||
-rw-r--r-- | x11/kdebase4/Makefile | 2 | ||||
-rw-r--r-- | x11/kdebase4/files/patch-post-3.5.7-kdebase-konqueror.diff | 49 | ||||
-rw-r--r-- | x11/kdelibs3/Makefile | 2 | ||||
-rw-r--r-- | x11/kdelibs3/files/patch-post-3.5.7-kdelibs-kdecore.diff | 61 | ||||
-rw-r--r-- | x11/kdelibs4/Makefile | 2 | ||||
-rw-r--r-- | x11/kdelibs4/files/patch-post-3.5.7-kdelibs-kdecore.diff | 61 |
18 files changed, 474 insertions, 9 deletions
diff --git a/x11/kde4-baseapps/Makefile b/x11/kde4-baseapps/Makefile index 322f991ba7f2..42bda78adb66 100644 --- a/x11/kde4-baseapps/Makefile +++ b/x11/kde4-baseapps/Makefile @@ -8,7 +8,7 @@ PORTNAME= kdebase PORTVERSION= ${KDE_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11 kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/x11/kde4-baseapps/files/patch-post-3.5.7-kdebase-konqueror.diff b/x11/kde4-baseapps/files/patch-post-3.5.7-kdebase-konqueror.diff new file mode 100644 index 000000000000..0d6e44ef4f82 --- /dev/null +++ b/x11/kde4-baseapps/files/patch-post-3.5.7-kdebase-konqueror.diff @@ -0,0 +1,49 @@ +--- konqueror/konq_combo.cc ++++ konqueror/konq_combo.cc +@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u + kapp->dcopClient()->send( "konqueror*", "KonquerorIface", + "addToCombo(QString,QCString)", data); + } ++ // important security consideration: always display the beginning ++ // of the url rather than its end to prevent spoofing attempts. ++ lineEdit()->setCursorPosition( 0 ); + } + + void KonqCombo::setTemporary( const QString& text ) +--- konqueror/konq_mainwindow.cc ++++ konqueror/konq_mainwindow.cc +@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView * + } + else // no known serviceType, use KonqRun + { +- if ( ( view && view == m_currentView ) || +- ( !view && !req.newTab ) ) // startup with argument ++ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument + { + // Show it for now in the location bar, but we'll need to store it in the view + // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called). +- kdDebug(1202) << "setLocationBarURL : url = " << url << endl; ++ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl; + setLocationBarURL( url ); + } + +@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s + if ( childView ) + { + enableAllActions( true ); +- +- m_pViewManager->setActivePart( childView->part() ); + m_currentView = childView; + } + } +--- konqueror/konq_viewmgr.cc ++++ konqueror/konq_viewmgr.cc +@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan + + void KonqViewManager::emitActivePartChanged() + { ++ // prevent unnecessary multiple calls to slotPartActivated: ++ m_activePartChangedTimer->stop(); + m_pMainWindow->slotPartActivated( activePart() ); + } + diff --git a/x11/kde4-runtime/Makefile b/x11/kde4-runtime/Makefile index 322f991ba7f2..42bda78adb66 100644 --- a/x11/kde4-runtime/Makefile +++ b/x11/kde4-runtime/Makefile @@ -8,7 +8,7 @@ PORTNAME= kdebase PORTVERSION= ${KDE_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11 kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/x11/kde4-runtime/files/patch-post-3.5.7-kdebase-konqueror.diff b/x11/kde4-runtime/files/patch-post-3.5.7-kdebase-konqueror.diff new file mode 100644 index 000000000000..0d6e44ef4f82 --- /dev/null +++ b/x11/kde4-runtime/files/patch-post-3.5.7-kdebase-konqueror.diff @@ -0,0 +1,49 @@ +--- konqueror/konq_combo.cc ++++ konqueror/konq_combo.cc +@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u + kapp->dcopClient()->send( "konqueror*", "KonquerorIface", + "addToCombo(QString,QCString)", data); + } ++ // important security consideration: always display the beginning ++ // of the url rather than its end to prevent spoofing attempts. ++ lineEdit()->setCursorPosition( 0 ); + } + + void KonqCombo::setTemporary( const QString& text ) +--- konqueror/konq_mainwindow.cc ++++ konqueror/konq_mainwindow.cc +@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView * + } + else // no known serviceType, use KonqRun + { +- if ( ( view && view == m_currentView ) || +- ( !view && !req.newTab ) ) // startup with argument ++ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument + { + // Show it for now in the location bar, but we'll need to store it in the view + // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called). +- kdDebug(1202) << "setLocationBarURL : url = " << url << endl; ++ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl; + setLocationBarURL( url ); + } + +@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s + if ( childView ) + { + enableAllActions( true ); +- +- m_pViewManager->setActivePart( childView->part() ); + m_currentView = childView; + } + } +--- konqueror/konq_viewmgr.cc ++++ konqueror/konq_viewmgr.cc +@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan + + void KonqViewManager::emitActivePartChanged() + { ++ // prevent unnecessary multiple calls to slotPartActivated: ++ m_activePartChangedTimer->stop(); + m_pMainWindow->slotPartActivated( activePart() ); + } + diff --git a/x11/kde4-workspace/Makefile b/x11/kde4-workspace/Makefile index 322f991ba7f2..42bda78adb66 100644 --- a/x11/kde4-workspace/Makefile +++ b/x11/kde4-workspace/Makefile @@ -8,7 +8,7 @@ PORTNAME= kdebase PORTVERSION= ${KDE_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11 kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/x11/kde4-workspace/files/patch-post-3.5.7-kdebase-konqueror.diff b/x11/kde4-workspace/files/patch-post-3.5.7-kdebase-konqueror.diff new file mode 100644 index 000000000000..0d6e44ef4f82 --- /dev/null +++ b/x11/kde4-workspace/files/patch-post-3.5.7-kdebase-konqueror.diff @@ -0,0 +1,49 @@ +--- konqueror/konq_combo.cc ++++ konqueror/konq_combo.cc +@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u + kapp->dcopClient()->send( "konqueror*", "KonquerorIface", + "addToCombo(QString,QCString)", data); + } ++ // important security consideration: always display the beginning ++ // of the url rather than its end to prevent spoofing attempts. ++ lineEdit()->setCursorPosition( 0 ); + } + + void KonqCombo::setTemporary( const QString& text ) +--- konqueror/konq_mainwindow.cc ++++ konqueror/konq_mainwindow.cc +@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView * + } + else // no known serviceType, use KonqRun + { +- if ( ( view && view == m_currentView ) || +- ( !view && !req.newTab ) ) // startup with argument ++ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument + { + // Show it for now in the location bar, but we'll need to store it in the view + // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called). +- kdDebug(1202) << "setLocationBarURL : url = " << url << endl; ++ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl; + setLocationBarURL( url ); + } + +@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s + if ( childView ) + { + enableAllActions( true ); +- +- m_pViewManager->setActivePart( childView->part() ); + m_currentView = childView; + } + } +--- konqueror/konq_viewmgr.cc ++++ konqueror/konq_viewmgr.cc +@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan + + void KonqViewManager::emitActivePartChanged() + { ++ // prevent unnecessary multiple calls to slotPartActivated: ++ m_activePartChangedTimer->stop(); + m_pMainWindow->slotPartActivated( activePart() ); + } + diff --git a/x11/kdebase3/Makefile b/x11/kdebase3/Makefile index 322f991ba7f2..42bda78adb66 100644 --- a/x11/kdebase3/Makefile +++ b/x11/kdebase3/Makefile @@ -8,7 +8,7 @@ PORTNAME= kdebase PORTVERSION= ${KDE_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11 kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/x11/kdebase3/files/patch-post-3.5.7-kdebase-konqueror.diff b/x11/kdebase3/files/patch-post-3.5.7-kdebase-konqueror.diff new file mode 100644 index 000000000000..0d6e44ef4f82 --- /dev/null +++ b/x11/kdebase3/files/patch-post-3.5.7-kdebase-konqueror.diff @@ -0,0 +1,49 @@ +--- konqueror/konq_combo.cc ++++ konqueror/konq_combo.cc +@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u + kapp->dcopClient()->send( "konqueror*", "KonquerorIface", + "addToCombo(QString,QCString)", data); + } ++ // important security consideration: always display the beginning ++ // of the url rather than its end to prevent spoofing attempts. ++ lineEdit()->setCursorPosition( 0 ); + } + + void KonqCombo::setTemporary( const QString& text ) +--- konqueror/konq_mainwindow.cc ++++ konqueror/konq_mainwindow.cc +@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView * + } + else // no known serviceType, use KonqRun + { +- if ( ( view && view == m_currentView ) || +- ( !view && !req.newTab ) ) // startup with argument ++ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument + { + // Show it for now in the location bar, but we'll need to store it in the view + // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called). +- kdDebug(1202) << "setLocationBarURL : url = " << url << endl; ++ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl; + setLocationBarURL( url ); + } + +@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s + if ( childView ) + { + enableAllActions( true ); +- +- m_pViewManager->setActivePart( childView->part() ); + m_currentView = childView; + } + } +--- konqueror/konq_viewmgr.cc ++++ konqueror/konq_viewmgr.cc +@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan + + void KonqViewManager::emitActivePartChanged() + { ++ // prevent unnecessary multiple calls to slotPartActivated: ++ m_activePartChangedTimer->stop(); + m_pMainWindow->slotPartActivated( activePart() ); + } + diff --git a/x11/kdebase4-runtime/Makefile b/x11/kdebase4-runtime/Makefile index 322f991ba7f2..42bda78adb66 100644 --- a/x11/kdebase4-runtime/Makefile +++ b/x11/kdebase4-runtime/Makefile @@ -8,7 +8,7 @@ PORTNAME= kdebase PORTVERSION= ${KDE_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11 kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/x11/kdebase4-runtime/files/patch-post-3.5.7-kdebase-konqueror.diff b/x11/kdebase4-runtime/files/patch-post-3.5.7-kdebase-konqueror.diff new file mode 100644 index 000000000000..0d6e44ef4f82 --- /dev/null +++ b/x11/kdebase4-runtime/files/patch-post-3.5.7-kdebase-konqueror.diff @@ -0,0 +1,49 @@ +--- konqueror/konq_combo.cc ++++ konqueror/konq_combo.cc +@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u + kapp->dcopClient()->send( "konqueror*", "KonquerorIface", + "addToCombo(QString,QCString)", data); + } ++ // important security consideration: always display the beginning ++ // of the url rather than its end to prevent spoofing attempts. ++ lineEdit()->setCursorPosition( 0 ); + } + + void KonqCombo::setTemporary( const QString& text ) +--- konqueror/konq_mainwindow.cc ++++ konqueror/konq_mainwindow.cc +@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView * + } + else // no known serviceType, use KonqRun + { +- if ( ( view && view == m_currentView ) || +- ( !view && !req.newTab ) ) // startup with argument ++ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument + { + // Show it for now in the location bar, but we'll need to store it in the view + // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called). +- kdDebug(1202) << "setLocationBarURL : url = " << url << endl; ++ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl; + setLocationBarURL( url ); + } + +@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s + if ( childView ) + { + enableAllActions( true ); +- +- m_pViewManager->setActivePart( childView->part() ); + m_currentView = childView; + } + } +--- konqueror/konq_viewmgr.cc ++++ konqueror/konq_viewmgr.cc +@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan + + void KonqViewManager::emitActivePartChanged() + { ++ // prevent unnecessary multiple calls to slotPartActivated: ++ m_activePartChangedTimer->stop(); + m_pMainWindow->slotPartActivated( activePart() ); + } + diff --git a/x11/kdebase4-workspace/Makefile b/x11/kdebase4-workspace/Makefile index 322f991ba7f2..42bda78adb66 100644 --- a/x11/kdebase4-workspace/Makefile +++ b/x11/kdebase4-workspace/Makefile @@ -8,7 +8,7 @@ PORTNAME= kdebase PORTVERSION= ${KDE_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11 kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/x11/kdebase4-workspace/files/patch-post-3.5.7-kdebase-konqueror.diff b/x11/kdebase4-workspace/files/patch-post-3.5.7-kdebase-konqueror.diff new file mode 100644 index 000000000000..0d6e44ef4f82 --- /dev/null +++ b/x11/kdebase4-workspace/files/patch-post-3.5.7-kdebase-konqueror.diff @@ -0,0 +1,49 @@ +--- konqueror/konq_combo.cc ++++ konqueror/konq_combo.cc +@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u + kapp->dcopClient()->send( "konqueror*", "KonquerorIface", + "addToCombo(QString,QCString)", data); + } ++ // important security consideration: always display the beginning ++ // of the url rather than its end to prevent spoofing attempts. ++ lineEdit()->setCursorPosition( 0 ); + } + + void KonqCombo::setTemporary( const QString& text ) +--- konqueror/konq_mainwindow.cc ++++ konqueror/konq_mainwindow.cc +@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView * + } + else // no known serviceType, use KonqRun + { +- if ( ( view && view == m_currentView ) || +- ( !view && !req.newTab ) ) // startup with argument ++ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument + { + // Show it for now in the location bar, but we'll need to store it in the view + // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called). +- kdDebug(1202) << "setLocationBarURL : url = " << url << endl; ++ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl; + setLocationBarURL( url ); + } + +@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s + if ( childView ) + { + enableAllActions( true ); +- +- m_pViewManager->setActivePart( childView->part() ); + m_currentView = childView; + } + } +--- konqueror/konq_viewmgr.cc ++++ konqueror/konq_viewmgr.cc +@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan + + void KonqViewManager::emitActivePartChanged() + { ++ // prevent unnecessary multiple calls to slotPartActivated: ++ m_activePartChangedTimer->stop(); + m_pMainWindow->slotPartActivated( activePart() ); + } + diff --git a/x11/kdebase4/Makefile b/x11/kdebase4/Makefile index 322f991ba7f2..42bda78adb66 100644 --- a/x11/kdebase4/Makefile +++ b/x11/kdebase4/Makefile @@ -8,7 +8,7 @@ PORTNAME= kdebase PORTVERSION= ${KDE_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11 kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/x11/kdebase4/files/patch-post-3.5.7-kdebase-konqueror.diff b/x11/kdebase4/files/patch-post-3.5.7-kdebase-konqueror.diff new file mode 100644 index 000000000000..0d6e44ef4f82 --- /dev/null +++ b/x11/kdebase4/files/patch-post-3.5.7-kdebase-konqueror.diff @@ -0,0 +1,49 @@ +--- konqueror/konq_combo.cc ++++ konqueror/konq_combo.cc +@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u + kapp->dcopClient()->send( "konqueror*", "KonquerorIface", + "addToCombo(QString,QCString)", data); + } ++ // important security consideration: always display the beginning ++ // of the url rather than its end to prevent spoofing attempts. ++ lineEdit()->setCursorPosition( 0 ); + } + + void KonqCombo::setTemporary( const QString& text ) +--- konqueror/konq_mainwindow.cc ++++ konqueror/konq_mainwindow.cc +@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView * + } + else // no known serviceType, use KonqRun + { +- if ( ( view && view == m_currentView ) || +- ( !view && !req.newTab ) ) // startup with argument ++ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument + { + // Show it for now in the location bar, but we'll need to store it in the view + // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called). +- kdDebug(1202) << "setLocationBarURL : url = " << url << endl; ++ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl; + setLocationBarURL( url ); + } + +@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s + if ( childView ) + { + enableAllActions( true ); +- +- m_pViewManager->setActivePart( childView->part() ); + m_currentView = childView; + } + } +--- konqueror/konq_viewmgr.cc ++++ konqueror/konq_viewmgr.cc +@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan + + void KonqViewManager::emitActivePartChanged() + { ++ // prevent unnecessary multiple calls to slotPartActivated: ++ m_activePartChangedTimer->stop(); + m_pMainWindow->slotPartActivated( activePart() ); + } + diff --git a/x11/kdelibs3/Makefile b/x11/kdelibs3/Makefile index f72461ffa31d..dcc1e875c6f6 100644 --- a/x11/kdelibs3/Makefile +++ b/x11/kdelibs3/Makefile @@ -8,7 +8,7 @@ PORTNAME= kdelibs PORTVERSION= ${KDE_VERSION} -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= x11 kde ipv6 MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/x11/kdelibs3/files/patch-post-3.5.7-kdelibs-kdecore.diff b/x11/kdelibs3/files/patch-post-3.5.7-kdelibs-kdecore.diff new file mode 100644 index 000000000000..eb7e89e13579 --- /dev/null +++ b/x11/kdelibs3/files/patch-post-3.5.7-kdelibs-kdecore.diff @@ -0,0 +1,61 @@ +------------------------------------------------------------------------ +r700053 | mueller | 2007-08-14 18:37:30 +0200 (Tue, 14 Aug 2007) | 2 lines + +be more robust against addressbar spoofing (CVE-2007-4225) + +------------------------------------------------------------------------ +--- kdecore/tests/kurltest.cpp ++++ kdecore/tests/kurltest.cpp +@@ -288,6 +288,16 @@ int main(int argc, char *argv[]) + check("KURL::prettyURL()", url15582.prettyURL(), "http://alain.knaff.linux.lu/bug-reports/kde/percentage%in%url.html"); + check("KURL::url()", url15582.url(), "http://alain.knaff.linux.lu/bug-reports/kde/percentage%25in%25url.html"); + ++ KURL whitespaceInUser("http://www.google.com%20%20%20%20%20@foobar.com/"); ++ check("KURL::prettyURL()", whitespaceInUser.prettyURL(), "http://www.google.com%20%20%20%20%20@foobar.com/"); ++ ++ KURL whitespaceInPath("http://www.google.com/foo%20bar/"); ++ check("KURL::prettyURL()", whitespaceInPath.prettyURL(), "http://www.google.com/foo bar/"); ++ ++ KURL whitespaceInPath2("http://www.google.com/foo%20%20%20%20%20%20%20bar/"); ++ check("KURL::prettyURL()", whitespaceInPath2.prettyURL(), ++ "http://www.google.com/foo%20%20%20%20%20%20 bar/"); ++ + KURL carsten; + carsten.setPath("/home/gis/src/kde/kdelibs/kfile/.#kfiledetailview.cpp.1.18"); + check("KURL::path()", carsten.path(), "/home/gis/src/kde/kdelibs/kfile/.#kfiledetailview.cpp.1.18"); +@@ -594,6 +604,15 @@ int main(int argc, char *argv[]) + check("http: URL with empty path string path", waba1.path(), + ""); + ++ waba1 = "http://www.meinestadt.de&url_plain=http"; ++ check("http: URL with empty path string", waba1.host(), ++ "www.meinestadt.de&url_plain=http"); ++ check("http: URL with empty path string", waba1.htmlURL(), ++ "http://www.meinestadt.de&url_plain=http"); ++ ++ check("http: URL with empty path string", waba1.path(), ++ ""); ++ + waba1 = "http://a:389#b=c"; + check( "http: URL with port, ref, and empty path; url", waba1.url(), "http://a:389#b=c" ); + check( "http: URL with port, ref, and empty path; host", waba1.host(), "a" ); +--- kdecore/kurl.cpp ++++ kdecore/kurl.cpp +@@ -183,7 +183,7 @@ static QString lazy_encode( const QStrin + (character == '?') || // Start of query delimiter + ((character == '@') && encodeAt) || // Username delimiter + (character == '#') || // Start of reference delimiter +- ((character == 32) && (i+1 == old_length))) // A trailing space ++ ((character == 32) && (i+1 == old_length || segment[i+1] == ' '))) // A trailing space + { + new_segment[ new_length++ ] = '%'; + +@@ -1540,7 +1540,7 @@ QString KURL::prettyURL( int _trailing ) + u += "//"; + if ( hasUser() ) + { +- u += lazy_encode(m_strUser); ++ u += encode(m_strUser, 0, 0); + // Don't show password! + u += "@"; + } diff --git a/x11/kdelibs4/Makefile b/x11/kdelibs4/Makefile index f72461ffa31d..dcc1e875c6f6 100644 --- a/x11/kdelibs4/Makefile +++ b/x11/kdelibs4/Makefile @@ -8,7 +8,7 @@ PORTNAME= kdelibs PORTVERSION= ${KDE_VERSION} -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= x11 kde ipv6 MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/x11/kdelibs4/files/patch-post-3.5.7-kdelibs-kdecore.diff b/x11/kdelibs4/files/patch-post-3.5.7-kdelibs-kdecore.diff new file mode 100644 index 000000000000..eb7e89e13579 --- /dev/null +++ b/x11/kdelibs4/files/patch-post-3.5.7-kdelibs-kdecore.diff @@ -0,0 +1,61 @@ +------------------------------------------------------------------------ +r700053 | mueller | 2007-08-14 18:37:30 +0200 (Tue, 14 Aug 2007) | 2 lines + +be more robust against addressbar spoofing (CVE-2007-4225) + +------------------------------------------------------------------------ +--- kdecore/tests/kurltest.cpp ++++ kdecore/tests/kurltest.cpp +@@ -288,6 +288,16 @@ int main(int argc, char *argv[]) + check("KURL::prettyURL()", url15582.prettyURL(), "http://alain.knaff.linux.lu/bug-reports/kde/percentage%in%url.html"); + check("KURL::url()", url15582.url(), "http://alain.knaff.linux.lu/bug-reports/kde/percentage%25in%25url.html"); + ++ KURL whitespaceInUser("http://www.google.com%20%20%20%20%20@foobar.com/"); ++ check("KURL::prettyURL()", whitespaceInUser.prettyURL(), "http://www.google.com%20%20%20%20%20@foobar.com/"); ++ ++ KURL whitespaceInPath("http://www.google.com/foo%20bar/"); ++ check("KURL::prettyURL()", whitespaceInPath.prettyURL(), "http://www.google.com/foo bar/"); ++ ++ KURL whitespaceInPath2("http://www.google.com/foo%20%20%20%20%20%20%20bar/"); ++ check("KURL::prettyURL()", whitespaceInPath2.prettyURL(), ++ "http://www.google.com/foo%20%20%20%20%20%20 bar/"); ++ + KURL carsten; + carsten.setPath("/home/gis/src/kde/kdelibs/kfile/.#kfiledetailview.cpp.1.18"); + check("KURL::path()", carsten.path(), "/home/gis/src/kde/kdelibs/kfile/.#kfiledetailview.cpp.1.18"); +@@ -594,6 +604,15 @@ int main(int argc, char *argv[]) + check("http: URL with empty path string path", waba1.path(), + ""); + ++ waba1 = "http://www.meinestadt.de&url_plain=http"; ++ check("http: URL with empty path string", waba1.host(), ++ "www.meinestadt.de&url_plain=http"); ++ check("http: URL with empty path string", waba1.htmlURL(), ++ "http://www.meinestadt.de&url_plain=http"); ++ ++ check("http: URL with empty path string", waba1.path(), ++ ""); ++ + waba1 = "http://a:389#b=c"; + check( "http: URL with port, ref, and empty path; url", waba1.url(), "http://a:389#b=c" ); + check( "http: URL with port, ref, and empty path; host", waba1.host(), "a" ); +--- kdecore/kurl.cpp ++++ kdecore/kurl.cpp +@@ -183,7 +183,7 @@ static QString lazy_encode( const QStrin + (character == '?') || // Start of query delimiter + ((character == '@') && encodeAt) || // Username delimiter + (character == '#') || // Start of reference delimiter +- ((character == 32) && (i+1 == old_length))) // A trailing space ++ ((character == 32) && (i+1 == old_length || segment[i+1] == ' '))) // A trailing space + { + new_segment[ new_length++ ] = '%'; + +@@ -1540,7 +1540,7 @@ QString KURL::prettyURL( int _trailing ) + u += "//"; + if ( hasUser() ) + { +- u += lazy_encode(m_strUser); ++ u += encode(m_strUser, 0, 0); + // Don't show password! + u += "@"; + } |