Added two security patches for konqueror. Fixes bug 185603.

(Portage version: 2.1.3.9)
author: Wulf Krueger <philantrop@gentoo.org> 2007-09-12 23:24:34 +0000
committer: Wulf Krueger <philantrop@gentoo.org> 2007-09-12 23:24:34 +0000
commit: 69eb98ecfb5480783c7815e97a7216d6e1b1a51f (patch)
tree: c626aab038e24dafbd5ad17b00aab88536b4b2d3 /kde-base/konqueror
parent: Added an upstream patch to correct a potential login issue. (diff)
download: gentoo-2-69eb98ecfb5480783c7815e97a7216d6e1b1a51f.tar.gz
gentoo-2-69eb98ecfb5480783c7815e97a7216d6e1b1a51f.tar.bz2
gentoo-2-69eb98ecfb5480783c7815e97a7216d6e1b1a51f.zip
4 files changed, 131 insertions, 1 deletions
diff --git a/kde-base/konqueror/ChangeLog b/kde-base/konqueror/ChangeLog
index 298fc7356aa8..bfd9dea7cef6 100644
--- a/kde-base/konqueror/ChangeLog
+++ b/kde-base/konqueror/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for kde-base/konqueror
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/konqueror/ChangeLog,v 1.88 2007/08/11 16:49:56 armin76 Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/konqueror/ChangeLog,v 1.89 2007/09/12 23:24:33 philantrop Exp $
+
+*konqueror-3.5.7-r3 (12 Sep 2007)
+
+  12 Sep 2007; Wulf C. Krueger <philantrop@gentoo.org>
+  +files/konqueror-3.5.7-185603-spoofing.diff, +konqueror-3.5.7-r3.ebuild:
+  Added two security patches for konqueror. Fixes bug 185603.
 
   11 Aug 2007; Raúl Porcel <armin76@gentoo.org> konqueror-3.5.7-r2.ebuild:
   x86 stable wrt #185823
diff --git a/kde-base/konqueror/files/digest-konqueror-3.5.7-r3 b/kde-base/konqueror/files/digest-konqueror-3.5.7-r3
new file mode 100644
index 000000000000..ce2d5ae895f7
--- /dev/null
+++ b/kde-base/konqueror/files/digest-konqueror-3.5.7-r3
@@ -0,0 +1,6 @@
+MD5 f6f2574fc332dd1123144bb6a00e5e26 kdebase-3.5-patchset-06.tar.bz2 19825
+RMD160 ab7358b635e912ed9912cb95e48e3187064abae7 kdebase-3.5-patchset-06.tar.bz2 19825
+SHA256 c9ab23f648f84ebc66054f4db48685cbed3d99e9c87fa3df2c0d8a282b9a2394 kdebase-3.5-patchset-06.tar.bz2 19825
+MD5 b421e01b3ee712549ee967f58ed24de0 kdebase-3.5.7.tar.bz2 24395088
+RMD160 f43070b5428c3099c0abceed56041e5b4ff3c656 kdebase-3.5.7.tar.bz2 24395088
+SHA256 3c6d739abefc55b6cb64e1cf37b79f5993b666a5b40492471754794416b5c28d kdebase-3.5.7.tar.bz2 24395088
diff --git a/kde-base/konqueror/files/konqueror-3.5.7-185603-spoofing.diff b/kde-base/konqueror/files/konqueror-3.5.7-185603-spoofing.diff
new file mode 100644
index 000000000000..0d6e44ef4f82
--- /dev/null
+++ b/kde-base/konqueror/files/konqueror-3.5.7-185603-spoofing.diff
@@ -0,0 +1,49 @@
+--- konqueror/konq_combo.cc
++++ konqueror/konq_combo.cc
+@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u
+         kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
+                                   "addToCombo(QString,QCString)", data);
+     }
++    // important security consideration: always display the beginning
++    // of the url rather than its end to prevent spoofing attempts.
++    lineEdit()->setCursorPosition( 0 );
+ }
+ 
+ void KonqCombo::setTemporary( const QString& text )
+--- konqueror/konq_mainwindow.cc
++++ konqueror/konq_mainwindow.cc
+@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView *
+   }
+   else // no known serviceType, use KonqRun
+   {
+-      if ( ( view && view == m_currentView ) ||
+-              ( !view && !req.newTab ) ) // startup with argument
++      if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument
+       {
+           // Show it for now in the location bar, but we'll need to store it in the view
+           // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called).
+-          kdDebug(1202) << "setLocationBarURL : url = " << url << endl;
++          kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl;
+           setLocationBarURL( url );
+       }
+ 
+@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s
+         if ( childView )
+         {
+             enableAllActions( true );
+-
+-            m_pViewManager->setActivePart( childView->part() );
+             m_currentView = childView;
+         }
+       }
+--- konqueror/konq_viewmgr.cc
++++ konqueror/konq_viewmgr.cc
+@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan
+ 
+ void KonqViewManager::emitActivePartChanged()
+ {
++    // prevent unnecessary multiple calls to slotPartActivated:
++    m_activePartChangedTimer->stop();
+     m_pMainWindow->slotPartActivated( activePart() );
+ }
+ 
diff --git a/kde-base/konqueror/konqueror-3.5.7-r3.ebuild b/kde-base/konqueror/konqueror-3.5.7-r3.ebuild
new file mode 100644
index 000000000000..5d21bc37cfda
--- /dev/null
+++ b/kde-base/konqueror/konqueror-3.5.7-r3.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/konqueror/konqueror-3.5.7-r3.ebuild,v 1.1 2007/09/12 23:24:33 philantrop Exp $
+
+KMNAME=kdebase
+# Note: we need >=kdelibs-3.3.2-r1, but we don't want 3.3.3!
+MAXKDEVER=$PV
+KM_DEPRANGE="$PV $MAXKDEVER"
+inherit kde-meta eutils
+
+SRC_URI="${SRC_URI}
+	mirror://gentoo/kdebase-3.5-patchset-06.tar.bz2"
+
+DESCRIPTION="KDE: Web browser, file manager, ..."
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="branding java kdehiddenvisibility"
+
+DEPEND="
+$(deprange $PV $MAXKDEVER kde-base/libkonq)"
+
+RDEPEND="${DEPEND}
+	$(deprange $PV $MAXKDEVER kde-base/kcontrol)
+	$(deprange $PV $MAXKDEVER kde-base/kdebase-kioslaves)
+	$(deprange $PV $MAXKDEVER kde-base/kfind)
+	java? ( >=virtual/jre-1.4 )"
+
+KMCOPYLIB="libkonq libkonq"
+KMEXTRACTONLY=kdesktop/KDesktopIface.h
+
+PATCHES="${FILESDIR}/${P}-185603-spoofing.diff"
+
+pkg_preinst() {
+	kde_pkg_preinst
+
+	# We need to symlink here, as kfmclient freaks out completely,
+	# if it does not find konqueror.desktop in the legacy path.
+	dodir ${PREFIX}/share/applications/kde
+	dosym ../../applnk/konqueror.desktop ${PREFIX}/share/applications/kde/konqueror.desktop
+}
+
+src_install() {
+	kde_src_install
+
+	if use branding ; then
+		dodir ${PREFIX}/share/services/searchproviders
+		insinto ${PREFIX}/share/services/searchproviders
+		doins ${WORKDIR}/patches/*.desktop
+	fi
+}
+
+pkg_postinst() {
+	kde_pkg_postinst
+
+	if use branding ; then
+		echo
+		elog "We've added three Gentoo-related web shortcuts:"
+		elog "- gb           Gentoo Bugzilla searching"
+		elog "- gf           Gentoo Forums searching"
+		elog "- gp           Gentoo Package searching"
+		echo
+		elog "You'll have to activate them in 'Configure Konqueror...'."
+	fi
+	echo
+	elog "If you can't open new ${PN} windows and get something like"
+	elog "'WARNING: Outdated database found' when starting ${PN} in a console, run"
+	elog "kbuildsycoca as the user you're running KDE under."
+	elog "This is NOT a bug."
+	echo
+}
author	Wulf Krueger <philantrop@gentoo.org>	2007-09-12 23:24:34 +0000
committer	Wulf Krueger <philantrop@gentoo.org>	2007-09-12 23:24:34 +0000
commit	69eb98ecfb5480783c7815e97a7216d6e1b1a51f (patch)
tree	c626aab038e24dafbd5ad17b00aab88536b4b2d3 /kde-base/konqueror
parent	Added an upstream patch to correct a potential login issue. (diff)
download	gentoo-2-69eb98ecfb5480783c7815e97a7216d6e1b1a51f.tar.gz gentoo-2-69eb98ecfb5480783c7815e97a7216d6e1b1a51f.tar.bz2 gentoo-2-69eb98ecfb5480783c7815e97a7216d6e1b1a51f.zip