rev 7140 - in trunk/packages/kdebase/debian: . patches
Ana Beatriz Guerrero López
ana at alioth.debian.org
Thu Aug 30 07:38:51 UTC 2007
Author: ana
Date: 2007-08-30 07:38:50 +0000 (Thu, 30 Aug 2007)
New Revision: 7140
Added:
trunk/packages/kdebase/debian/patches/50_several-CVE-konqueror.diff
Modified:
trunk/packages/kdebase/debian/changelog
trunk/packages/kdebase/debian/kdeprint.menu
Log:
* Update kdeprint menu.
* Add patch 50_several-CVE-konqueror.diff to make Konqueror address
bar more robust against addressbar spoofing. (Closes: #433072)
Related CVEs: CVE-2007-4224, CVE-2007-4225, CVE-2007-3820.
Modified: trunk/packages/kdebase/debian/changelog
===================================================================
--- trunk/packages/kdebase/debian/changelog 2007-08-30 05:28:58 UTC (rev 7139)
+++ trunk/packages/kdebase/debian/changelog 2007-08-30 07:38:50 UTC (rev 7140)
@@ -2,7 +2,10 @@
+++ Changes by Ana Beatriz Guerrero Lopez:
- * Update section in Debian menu files. (TODO: look at kdeprint files)
+ * Update section in Debian menu files.
+ * Add patch 50_several-CVE-konqueror.diff to make Konqueror address
+ bar more robust against addressbar spoofing. (Closes: #433072)
+ Related CVEs: CVE-2007-4224, CVE-2007-4225, CVE-2007-3820.
+++ Changes by Fathi Boudra:
Modified: trunk/packages/kdebase/debian/kdeprint.menu
===================================================================
--- trunk/packages/kdebase/debian/kdeprint.menu 2007-08-30 05:28:58 UTC (rev 7139)
+++ trunk/packages/kdebase/debian/kdeprint.menu 2007-08-30 07:38:50 UTC (rev 7140)
@@ -9,7 +9,7 @@
?package(kdeprint):\
needs="X11"\
- section="Apps/System"\
+ section="Applications/System/Administration"\
hints="KDE"\
title="KPrinter"\
icon32x32="/usr/share/pixmaps/kdeprint.xpm"\
@@ -18,7 +18,7 @@
?package(kdeprint):\
needs="X11"\
- section="Apps/System"\
+ section="Applications/System/Administration"\
hints="KDE"\
title="KDEPrintFax"\
icon32x32="/usr/share/pixmaps/kdeprintfax.xpm"\
Added: trunk/packages/kdebase/debian/patches/50_several-CVE-konqueror.diff
===================================================================
--- trunk/packages/kdebase/debian/patches/50_several-CVE-konqueror.diff (rev 0)
+++ trunk/packages/kdebase/debian/patches/50_several-CVE-konqueror.diff 2007-08-30 07:38:50 UTC (rev 7140)
@@ -0,0 +1,49 @@
+--- kdebase/konqueror/konq_combo.cc
++++ kdebase/konqueror/konq_combo.cc
+@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u
+ kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
+ "addToCombo(QString,QCString)", data);
+ }
++ // important security consideration: always display the beginning
++ // of the url rather than its end to prevent spoofing attempts.
++ lineEdit()->setCursorPosition( 0 );
+ }
+
+ void KonqCombo::setTemporary( const QString& text )
+--- kdebase/konqueror/konq_mainwindow.cc
++++ kdebase/konqueror/konq_mainwindow.cc
+@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView *
+ }
+ else // no known serviceType, use KonqRun
+ {
+- if ( ( view && view == m_currentView ) ||
+- ( !view && !req.newTab ) ) // startup with argument
++ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument
+ {
+ // Show it for now in the location bar, but we'll need to store it in the view
+ // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called).
+- kdDebug(1202) << "setLocationBarURL : url = " << url << endl;
++ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl;
+ setLocationBarURL( url );
+ }
+
+@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s
+ if ( childView )
+ {
+ enableAllActions( true );
+-
+- m_pViewManager->setActivePart( childView->part() );
+ m_currentView = childView;
+ }
+ }
+--- kdebase/konqueror/konq_viewmgr.cc
++++ kdebase/konqueror/konq_viewmgr.cc
+@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan
+
+ void KonqViewManager::emitActivePartChanged()
+ {
++ // prevent unnecessary multiple calls to slotPartActivated:
++ m_activePartChangedTimer->stop();
+ m_pMainWindow->slotPartActivated( activePart() );
+ }
+
More information about the pkg-kde-commits
mailing list