diff options
| author |   Wulf Krueger <philantrop@gentoo.org> | 2007-09-12 23:21:22 +0000 |
|---|---|---|
| committer | Wulf Krueger <philantrop@gentoo.org> | 2007-09-12 23:21:22 +0000 |
| commit | ace20c4029c74db2295775a4ae06fe538133cfa5 (patch) | |
| tree | d1a50653322e4322708c5684bcab9cd5148c09a8 /kde-base/kdebase/files | |
| parent | Added two security patches for konqueror. Fixes bug 185603. (diff) | |
| download | historical-ace20c4029c74db2295775a4ae06fe538133cfa5.tar.gz historical-ace20c4029c74db2295775a4ae06fe538133cfa5.tar.bz2 historical-ace20c4029c74db2295775a4ae06fe538133cfa5.zip | |
Added two security patches for konqueror. Fixes bug 185603. Added an upstream patch to correct a potential kdm login issue.
Package-Manager: portage-2.1.3.9
Diffstat (limited to 'kde-base/kdebase/files')
| -rw-r--r-- | kde-base/kdebase/files/digest-kdebase-3.5.7-r4 | 6 | ||||
| -rw-r--r-- | kde-base/kdebase/files/kdm-3.5.7-login.diff | 63 | ||||
| -rw-r--r-- | kde-base/kdebase/files/konqueror-3.5.7-185603-spoofing.diff | 49 |
3 files changed, 118 insertions, 0 deletions
diff --git a/kde-base/kdebase/files/digest-kdebase-3.5.7-r4 b/kde-base/kdebase/files/digest-kdebase-3.5.7-r4 new file mode 100644 index 000000000000..ce2d5ae895f7 --- /dev/null +++ b/kde-base/kdebase/files/digest-kdebase-3.5.7-r4 @@ -0,0 +1,6 @@ +MD5 f6f2574fc332dd1123144bb6a00e5e26 kdebase-3.5-patchset-06.tar.bz2 19825 +RMD160 ab7358b635e912ed9912cb95e48e3187064abae7 kdebase-3.5-patchset-06.tar.bz2 19825 +SHA256 c9ab23f648f84ebc66054f4db48685cbed3d99e9c87fa3df2c0d8a282b9a2394 kdebase-3.5-patchset-06.tar.bz2 19825 +MD5 b421e01b3ee712549ee967f58ed24de0 kdebase-3.5.7.tar.bz2 24395088 +RMD160 f43070b5428c3099c0abceed56041e5b4ff3c656 kdebase-3.5.7.tar.bz2 24395088 +SHA256 3c6d739abefc55b6cb64e1cf37b79f5993b666a5b40492471754794416b5c28d kdebase-3.5.7.tar.bz2 24395088 diff --git a/kde-base/kdebase/files/kdm-3.5.7-login.diff b/kde-base/kdebase/files/kdm-3.5.7-login.diff new file mode 100644 index 000000000000..40b6abb8ec0e --- /dev/null +++ b/kde-base/kdebase/files/kdm-3.5.7-login.diff @@ -0,0 +1,63 @@ +--- kdm/backend/session.c ++++ kdm/bakcend/session.c +@@ -121,8 +121,9 @@ + static void + DoAutoLogon( void ) + { +- StrDup( &curuser, td->autoUser ); +- StrDup( &curpass, td->autoPass ); ++ ReStr( &curuser, td->autoUser ); ++ ReStr( &curpass, td->autoPass ); ++ ReStr( &curtype, "classic" ); + cursource = PWSRC_AUTOLOGIN; + } + +@@ -141,7 +142,9 @@ + td->hstent->npass = 0; + newdmrc = td->hstent->nargs; + td->hstent->nargs = 0; ++ ReStr( &curtype, "classic" ); + cursource = (td->hstent->rLogin == 1) ? PWSRC_RELOGIN : PWSRC_MANUAL; ++ return 1; + } else if (*td->autoUser && !td->autoDelay && (tdiff > 0 || td->autoAgain)) + { + unsigned int lmask; +@@ -153,11 +156,9 @@ + if (lmask & ShiftMask) + return 0; + DoAutoLogon(); +- } else { +- cursource = PWSRC_MANUAL; +- return 0; ++ return 1; + } +- return 1; ++ return 0; + } + + +@@ -369,6 +370,7 @@ + if (curtype) free( curtype ); + curtype = GRecvStr(); + Debug( " type %\"s\n", curtype ); ++ cursource = PWSRC_MANUAL; + if (Verify( conv_interact, rootok )) { + Debug( " -> return success\n" ); + GSendInt( V_OK ); +@@ -378,7 +380,6 @@ + case G_AutoLogin: + Debug( "G_AutoLogin\n" ); + DoAutoLogon(); +- StrDup( &curtype, "classic" ); + if (Verify( conv_auto, FALSE )) { + Debug( " -> return success\n" ); + GSendInt( V_OK ); +@@ -565,7 +566,7 @@ + tdiff = td->autoAgain ? + 1 : time( 0 ) - td->hstent->lastExit - td->openDelay; + if (AutoLogon( tdiff )) { +- if (!StrDup( &curtype, "classic" ) || !Verify( conv_auto, FALSE )) ++ if (!Verify( conv_auto, FALSE )) + goto gcont; + if (greeter) + GSendInt( V_OK ); diff --git a/kde-base/kdebase/files/konqueror-3.5.7-185603-spoofing.diff b/kde-base/kdebase/files/konqueror-3.5.7-185603-spoofing.diff new file mode 100644 index 000000000000..0d6e44ef4f82 --- /dev/null +++ b/kde-base/kdebase/files/konqueror-3.5.7-185603-spoofing.diff @@ -0,0 +1,49 @@ +--- konqueror/konq_combo.cc ++++ konqueror/konq_combo.cc +@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u + kapp->dcopClient()->send( "konqueror*", "KonquerorIface", + "addToCombo(QString,QCString)", data); + } ++ // important security consideration: always display the beginning ++ // of the url rather than its end to prevent spoofing attempts. ++ lineEdit()->setCursorPosition( 0 ); + } + + void KonqCombo::setTemporary( const QString& text ) +--- konqueror/konq_mainwindow.cc ++++ konqueror/konq_mainwindow.cc +@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView * + } + else // no known serviceType, use KonqRun + { +- if ( ( view && view == m_currentView ) || +- ( !view && !req.newTab ) ) // startup with argument ++ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument + { + // Show it for now in the location bar, but we'll need to store it in the view + // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called). +- kdDebug(1202) << "setLocationBarURL : url = " << url << endl; ++ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl; + setLocationBarURL( url ); + } + +@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s + if ( childView ) + { + enableAllActions( true ); +- +- m_pViewManager->setActivePart( childView->part() ); + m_currentView = childView; + } + } +--- konqueror/konq_viewmgr.cc ++++ konqueror/konq_viewmgr.cc +@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan + + void KonqViewManager::emitActivePartChanged() + { ++ // prevent unnecessary multiple calls to slotPartActivated: ++ m_activePartChangedTimer->stop(); + m_pMainWindow->slotPartActivated( activePart() ); + } + |