Hello community, here is the log from the commit of package kadu for openSUSE:12.1:Update:Test checked in at 2012-02-28 13:48:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/kadu (Old) and /work/SRC/openSUSE:12.1:Update:Test/.kadu.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kadu", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/kadu/kadu.changes 2011-12-19 18:17:31.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.kadu.new/kadu.changes 2012-02-28 13:48:11.000000000 +0100 @@ -1,0 +2,5 @@ +Sun Feb 26 15:10:27 UTC 2012 - fi...@opensuse.org + +- Security fix: inject js code into history. Fix bnc#749036. + +------------------------------------------------------------------- New: ---- kadu-inject-js-into-history-fix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kadu.spec ++++++ --- /var/tmp/diff_new_pack.HKdFjT/_old 2012-02-28 13:48:11.000000000 +0100 +++ /var/tmp/diff_new_pack.HKdFjT/_new 2012-02-28 13:48:11.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kadu # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,12 +21,12 @@ Name: kadu Version: 0.10.1 -Release: 1 +Release: 0 # Choosing GPL-3.0+ because of presence and usage of numerous GPL-3.0 files -License: GPL-3.0+ Summary: Gadu-Gadu protocol client for online messaging -Url: http://www.kadu.im/ +License: GPL-3.0+ Group: Productivity/Networking/Instant Messenger +Url: http://www.kadu.im/ Source0: http://download.kadu.im/stable/%{name}-%{version}.tar.bz2 # PATCH-FEATURE-OPENSUSE enable_external_plugins.patch fi...@opensuse.org Patch0: enable_external_plugins.patch @@ -34,6 +34,8 @@ Patch1: kadu-0.10.1-fix-enchant.patch # PATCH-FEATURE-UPSTREAM kadu-0.10.1-sensible-error-messages.patch b.brachac...@gmail.com -- provide more sensible error messages Patch2: kadu-0.10.1-sensible-error-messages.patch +# PATCH-FIX-UPSTREAM -- kadu-inject-js-into-history-fix.patch -- rafal.przemyslaw.malinow...@gmail.com -- fix for js code injection into history +Patch3: kadu-inject-js-into-history-fix.patch ### 1x - External Plugins ### Source10: http://kadu.net/~weagle/anonymous_check-0.10.1.tar.bz2 Source11: http://ultr.pl/kadu/globalhotkeys-0.10-26.tar.gz @@ -68,11 +70,11 @@ %if %{?suse_version} > 1140 BuildRequires: pkgconfig(libntrack-qt4) %endif +BuildRequires: pkgconfig(QtGui) >= 4.7.0 +BuildRequires: pkgconfig(QtWebKit) >= 4.7.0 BuildRequires: pkgconfig(phonon) BuildRequires: pkgconfig(qca2) BuildRequires: pkgconfig(sndfile) -BuildRequires: pkgconfig(QtGui) >= 4.7.0 -BuildRequires: pkgconfig(QtWebKit) >= 4.7.0 # runtime requires Requires: libgadu3 >= 1.11.0 # sql_history needs qt4-sqlite to operate @@ -88,6 +90,7 @@ %package devel Summary: Gadu-Gadu and Jabber/XMPP protocol Instant Messenger +License: GPL-3.0+ Group: Development/Libraries/C and C++ Requires: %{name} = %{version} @@ -103,6 +106,7 @@ %package anonymous_check Summary: Automatic lookup of an interlocutor in public directory +License: GPL-3.0+ Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -113,6 +117,7 @@ %package globalhotkeys Summary: Global hotkeys support to Kadu +License: GPL-3.0+ Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -122,6 +127,7 @@ %package import_history Summary: History import plugin +License: GPL-3.0+ Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -131,6 +137,7 @@ %package lednotify Summary: Notification by Scroll Lock LED +License: GPL-3.0+ Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -140,6 +147,7 @@ %package messagessplitter Summary: Automatically splits too long messages +License: GPL-3.0+ Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -149,6 +157,7 @@ %package mimetex Summary: TeX formulas support +License: GPL-3.0+ Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -158,6 +167,7 @@ %package networkping Summary: Periodically checks the network state +License: GPL-3.0+ Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -167,6 +177,7 @@ %package nextinfo Summary: Extended contact information support +License: GPL-3.0+ Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -176,6 +187,7 @@ %package panelkadu Summary: Makes a panel from Kadu main window +License: GPL-3.0+ Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -185,6 +197,7 @@ %package senthistory Summary: History of sent messages in chat windows +License: GPL-3.0+ Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -197,6 +210,7 @@ %package emoticons_gg6_compatible Summary: Emoticons theme compatybility witch Gadu-Gadu 6.0 +License: GPL-3.0+ Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -206,6 +220,7 @@ %package emoticons_gg10_compatible Summary: Emoticons theme compatybility witch Gadu-Gadu 10.0 +License: GPL-3.0+ Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -218,8 +233,8 @@ %package sound-bns -License: Creative Commons Attribution-Share Alike 2.5 Summary: Bns sound theme for Kadu +License: Creative Commons Attribution-Share Alike 2.5 Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -228,8 +243,8 @@ %package sound-drums -License: Creative Commons Attribution-Share Alike 3.0 Summary: Drums sound theme for Kadu +License: Creative Commons Attribution-Share Alike 3.0 Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -238,8 +253,8 @@ %package sound-florkus -License: Creative Commons Attribution-Share Alike 3.0 Summary: Florkus sound theme for Kadu +License: Creative Commons Attribution-Share Alike 3.0 Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -248,8 +263,8 @@ %package sound-michalsrodek -License: Creative Commons Attribution-Share Alike 3.0 Summary: Michalsrodek sound theme for Kadu +License: Creative Commons Attribution-Share Alike 3.0 Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -258,8 +273,8 @@ %package sound-percussion -License: Creative Commons Attribution-Share Alike 3.0 Summary: Percussion sound theme for Kadu +License: Creative Commons Attribution-Share Alike 3.0 Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -268,8 +283,8 @@ %package sound-ultr -License: Creative Commons Sampling Plus 1.0 Summary: Ultr sound theme for Kadu +License: Creative Commons Sampling Plus 1.0 Group: Productivity/Networking/Instant Messenger Requires: %{name} = %{version} @@ -312,6 +327,7 @@ # %patch1 -p1 %patch2 -p1 +%patch3 # don't enable mpd since it's not in oss repository sed -e 's:\t\tmpd_mediaplayer:\t\t# mpd_mediaplayer:' -i Plugins.cmake @@ -322,10 +338,6 @@ # enable additionals sound themes sed -e "s:\tdefault:\tdefault\n\tbns\n\tdrums\n\tflorkus\n\tmichalsrodek\n\tpercussion\n\tultr:" \ -i varia/themes/sounds/CMakeLists.txt -# add 'openSUSE $ver' to about window -ver="%{?suse_version}" -ver=${ver:0:2}.${ver:2:1} -sed -e "s:</b><br />: openSUSE $ver</b><br />:" -i kadu-core/gui/windows/about.cpp %build cmake \ ++++++ kadu-inject-js-into-history-fix.patch ++++++ Index: kadu-core/gui/widgets/buddy-info-panel.cpp =================================================================== --- kadu-core/gui/widgets/buddy-info-panel.cpp.orig +++ kadu-core/gui/widgets/buddy-info-panel.cpp @@ -51,6 +51,11 @@ BuddyInfoPanel::BuddyInfoPanel(QWidget * setAttribute(Qt::WA_OpaquePaintEvent, false); connect(BuddyPreferredManager::instance(), SIGNAL(buddyUpdated(Buddy&)), this, SLOT(buddyUpdated(Buddy&))); + + page()->currentFrame()->evaluateJavaScript( + "XMLHttpRequest.prototype.open = function() { return false; };" + "XMLHttpRequest.prototype.send = function() { return false; };" + ); } BuddyInfoPanel::~BuddyInfoPanel() Index: kadu-core/gui/widgets/chat-messages-view.cpp =================================================================== --- kadu-core/gui/widgets/chat-messages-view.cpp.orig +++ kadu-core/gui/widgets/chat-messages-view.cpp @@ -67,6 +67,11 @@ ChatMessagesView::ChatMessagesView(const page()->setPalette(p); setAttribute(Qt::WA_OpaquePaintEvent, false); + page()->currentFrame()->evaluateJavaScript( + "XMLHttpRequest.prototype.open = function() { return false; };" + "XMLHttpRequest.prototype.send = function() { return false; };" + ); + configurationUpdated(); connectChat(); Index: kadu-core/gui/widgets/chat-view-network-access-manager.cpp =================================================================== --- kadu-core/gui/widgets/chat-view-network-access-manager.cpp.orig +++ kadu-core/gui/widgets/chat-view-network-access-manager.cpp @@ -36,6 +36,9 @@ ChatViewNetworkAccessManager::ChatViewNe QNetworkReply * ChatViewNetworkAccessManager::createRequest(QNetworkAccessManager::Operation operation, const QNetworkRequest &request, QIODevice *device) { + if (QNetworkAccessManager::GetOperation != operation && QNetworkAccessManager::HeadOperation != operation) + operation = QNetworkAccessManager::GetOperation; + if (request.url().scheme() != "kaduimg") return QNetworkAccessManager::createRequest(operation, request, device); Index: kadu-core/gui/widgets/chat-view-network-access-manager.h =================================================================== --- kadu-core/gui/widgets/chat-view-network-access-manager.h.orig +++ kadu-core/gui/widgets/chat-view-network-access-manager.h @@ -33,6 +33,7 @@ public: protected: virtual QNetworkReply * createRequest(Operation operation, const QNetworkRequest &request, QIODevice *device); + }; #endif // CHAT_VIEW_NETWORK_ACCESS_MANAGER Index: plugins/sql_history/storage/history-sql-storage.cpp =================================================================== --- plugins/sql_history/storage/history-sql-storage.cpp.orig +++ plugins/sql_history/storage/history-sql-storage.cpp @@ -865,6 +865,20 @@ void HistorySqlStorage::executeQuery(QSq kdebugm(KDEBUG_INFO, "db query: %s\n", qPrintable(query.executedQuery())); } +QString HistorySqlStorage::stripAllScriptTags(const QString &string) +{ + QString beforeReplace = string; + QString afterReplace = beforeReplace; + + afterReplace.replace("<script", "", Qt::CaseInsensitive); + while (beforeReplace != afterReplace) + { + beforeReplace = afterReplace; + afterReplace.replace("<script", "", Qt::CaseInsensitive); + } + + return afterReplace; +} QList<Message> HistorySqlStorage::messagesFromQuery(QSqlQuery &query) { @@ -888,7 +902,7 @@ QList<Message> HistorySqlStorage::messag message.setMessageChat(chat); message.setType(type); message.setMessageSender(sender); - message.setContent(query.value(2).toString()); + message.setContent(stripAllScriptTags(query.value(2).toString())); message.setSendDate(query.value(3).toDateTime()); message.setReceiveDate(query.value(4).toDateTime()); message.setStatus(outgoing ? MessageStatusDelivered : MessageStatusReceived); @@ -912,7 +926,7 @@ QList<TimedStatus> HistorySqlStorage::st Status status; status.setType(query.value(1).toString()); - status.setDescription(query.value(2).toString()); + status.setDescription(Qt::escape(query.value(2).toString())); TimedStatus timedStatus(status, query.value(3).toDateTime()); @@ -933,7 +947,7 @@ QList<Message> HistorySqlStorage::smsFro message.setType(MessageTypeSystem); message.setReceiveDate(query.value(1).toDateTime()); message.setSendDate(query.value(1).toDateTime()); - message.setContent(query.value(0).toString()); + message.setContent(Qt::escape(query.value(0).toString())); messages.append(message); } Index: plugins/sql_history/storage/history-sql-storage.h =================================================================== --- plugins/sql_history/storage/history-sql-storage.h.orig +++ plugins/sql_history/storage/history-sql-storage.h @@ -58,6 +58,8 @@ class HistorySqlStorage : public History QString chatWhere(const Chat &chat); QString buddyContactsWhere(const Buddy &buddy); + static QString stripAllScriptTags(const QString &string); + void executeQuery(QSqlQuery &query); QList<Message> messagesFromQuery(QSqlQuery &query); QList<TimedStatus> statusesFromQuery(QSqlQuery &query); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
