Hello community, here is the log from the commit of package kdelibs4 for openSUSE:11.3 checked in at Mon Apr 18 18:28:16 CEST 2011.
-------- --- old-versions/11.3/UPDATES/all/kdelibs4/kdelibs4.changes 2011-03-22 22:48:53.000000000 +0100 +++ 11.3/kdelibs4/kdelibs4.changes 2011-04-11 17:55:28.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Apr 11 15:54:47 UTC 2011 - [email protected] + +- Add patch vs XSS vulnerability in KHTML error handling + (CVE-2011-1168) + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 Old: ---- kde3-autostart.diff New: ---- 77dc792c-khtml-xss.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kdelibs4.spec ++++++ --- /var/tmp/diff_new_pack.URi0cy/_old 2011-04-18 18:27:45.000000000 +0200 +++ /var/tmp/diff_new_pack.URi0cy/_new 2011-04-18 18:27:45.000000000 +0200 @@ -49,7 +49,7 @@ Summary: KDE Base Libraries Url: http://www.kde.org Version: 4.4.4 -Release: 3.<RELEASE3> +Release: 3.<RELEASE6> Requires: soprano >= %( echo `rpm -q --queryformat '%{VERSION}' libsoprano-devel`) Recommends: strigi >= %( echo `rpm -q --queryformat '%{VERSION}' strigi-devel`) Requires: kdelibs4-core = %version @@ -68,7 +68,7 @@ Patch3: add-suse-translations.diff Patch5: clever-menu.diff Patch6: hotplug-kde3.diff -Patch7: kde3-autostart.diff +#Patch7: kde3-autostart.diff Patch8: windeco-color.diff Patch9: kdesu-settings.diff Patch10: kdebug-areas-update.diff @@ -92,6 +92,7 @@ Patch31: spellchecking_fixes.diff Patch32: nepomuk_branch.diff Patch33: 3735e2ee-ssl-wildcards.diff +Patch34: 77dc792c-khtml-xss.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %suse_version > 1010 %requires_ge libqt4-x11 @@ -184,6 +185,7 @@ %patch31 %patch32 %patch33 -p1 +%patch34 -p1 ##KDE44 is this still needed? #%patch21 -p1 # ++++++ 77dc792c-khtml-xss.diff ++++++ --- a/khtml/khtml_part.cpp +++ b/khtml/khtml_part.cpp @@ -1848,7 +1848,10 @@ void KHTMLPart::htmlError( int errorCode stream >> errorName >> techName >> description >> causes >> solutions; QString url, protocol, datetime; - url = Qt::escape( reqUrl.prettyUrl() ); + + // This is somewhat confusing, but we have to escape the externally- + // controlled URL twice: once for i18n, and once for HTML. + url = Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ); protocol = reqUrl.protocol(); datetime = KGlobal::locale()->formatDateTime( QDateTime::currentDateTime(), KLocale::LongDate ); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
