rpms/konversation/devel konversation-1.0.1-dcop-newline-removal.patch, NONE, 1.1 konversation.spec, 1.14, 1.15
Dennis Gilmore (ausil)
fedora-extras-commits at redhat.com
Wed Apr 9 17:02:54 UTC 2008
Author: ausil
Update of /cvs/extras/rpms/konversation/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12114
Modified Files:
konversation.spec
Added Files:
konversation-1.0.1-dcop-newline-removal.patch
Log Message:
apply patch from upstream for CVE
konversation-1.0.1-dcop-newline-removal.patch:
--- NEW FILE konversation-1.0.1-dcop-newline-removal.patch ---
diff -ru konversation-old/konversation/src/konvdcop.cpp konversation-new/konversation/src/konvdcop.cpp
--- konversation-old/konversation/src/konvdcop.cpp 2006-10-06 18:43:29.000000000 +0200
+++ konversation-new/konversation/src/konvdcop.cpp 2008-04-09 17:36:38.000000000 +0200
@@ -82,15 +82,23 @@
emit dcopMultiServerRaw("me " + message);
}
-void KonvDCOP::say(const QString& server,const QString& target,const QString& command)
+void KonvDCOP::say(const QString& _server,const QString& _target,const QString& _command)
{
+ //Sadly, copy on write doesn't exist with QString::replace
+ QString server(_server), target(_target), command(_command);
+
// TODO: this just masks a greater problem - Server::addQuery will return a query for '' --argonel
// TODO: other DCOP calls need argument checking too --argonel
if (server.isEmpty() || target.isEmpty() || command.isEmpty())
kdDebug() << "KonvDCOP::say() requires 3 arguments." << endl;
else
{
- kdDebug() << "KonvDCOP::say()" << endl;
+ command.replace('\n',"\\n");
+ command.replace('\r',"\\r");
+ target.remove('\n');
+ target.remove('\r');
+ server.remove('\n');
+ server.remove('\r');
// Act as if the user typed it
emit dcopSay(server,target,command);
}
Index: konversation.spec
===================================================================
RCS file: /cvs/extras/rpms/konversation/devel/konversation.spec,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- konversation.spec 10 Mar 2008 12:41:52 -0000 1.14
+++ konversation.spec 9 Apr 2008 17:01:56 -0000 1.15
@@ -1,6 +1,6 @@
Name: konversation
Version: 1.0.1
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: Konversation is a user friendly IRC client for KDE
Group: Applications/Internet
@@ -8,6 +8,7 @@
URL: http://konversation.kde.org
Source0: http://download.berlios.de/konversation/konversation-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Patch0: konversation-1.0.1-dcop-newline-removal.patch
BuildRequires: desktop-file-utils
@@ -31,6 +32,7 @@
%prep
%setup -q
+%patch0 -p1 -b .dcop
%build
unset QTDIR || : ; . /etc/profile.d/qt.sh
@@ -54,9 +56,6 @@
--delete-original \
$RPM_BUILD_ROOT%{_datadir}/applications/kde/konversation.desktop
-# CVE-2007-4400
-rm -f $RPM_BUILD_ROOT%{_datadir}/apps/konversation/scripts/media
-
## File lists
# locale's
%find_lang %{name} || touch %{name}.lang
@@ -99,6 +98,10 @@
%changelog
+* Wed Apr 09 2008 Dennis Gilmore <dennis at ausil.us> - 1.0.1-6
+- apply patch from upstream handling CVE-2007-4400 correctly
+- reenable media script
+
* Mon Mar 10 2008 Rex Dieter <rdieter at fedoraproject.org> - 1.0.1-5
- drop Requires: kdebase3 (#435873)
- f9+: dfi vendor fedora -> kde
More information about the fedora-extras-commits
mailing list