[SECURITY] KDE-3.2.2
Michal Kochanowicz
michal w michal.waw.pl
Sob, 15 Maj 2004, 20:34:23 CEST
On Sat, May 15, 2004 at 08:24:44PM +0200, Andrzej Krzysztofowicz wrote:
> Czy ma to zastosowanie do KDE-3.2.x ?
Jeśli pytasz o łatki, to w załączniku są do 3.0.5b i 3.1.5.
--
--= Michal Kochanowicz =--==--==BOFH==--==--= michal w michal.waw.pl =--
--= finger me for PGP public key or visit http://michal.waw.pl/PGP =--
--==--==--==--==--==-- Vodka. Connecting people.--==--==--==--==--==--
A chodzenie po górach SSIE!!!
-------------- następna część ---------
Index: kapplication.cpp
===================================================================
RCS file: /home/kde/kdelibs/kdecore/kapplication.cpp,v
retrieving revision 1.519.2.2
diff -u -p -r1.519.2.2 kapplication.cpp
--- kdelibs/kdecore/kapplication.cpp 25 Jul 2002 19:42:15 -0000 1.519.2.2
+++ kdelibs/kdecore/kapplication.cpp 14 May 2004 12:28:21 -0000
@@ -1926,7 +1926,7 @@ void KApplication::invokeMailer(const QS
if (command.isEmpty() || command == QString::fromLatin1("kmail")
|| command.right(6) == "/kmail")
- command = QString::fromLatin1("kmail --composer -s %s -c %c -b %b --body %B --attach %A %t");
+ command = QString::fromLatin1("kmail --composer -s %s -c %c -b %b --body %B --attach %A -- %t");
// TODO: Take care of the preferred terminal app (instead of hardcoding
// Konsole), this will probably require a rewrite of the configurable
-------------- następna część ---------
Index: ktelnetservice.cpp
===================================================================
RCS file: /home/kde/kdelibs/kio/misc/ktelnetservice.cpp,v
retrieving revision 1.2.2.1
diff -u -p -r1.2.2.1 ktelnetservice.cpp
--- kio/misc/ktelnetservice.cpp 31 Oct 2002 21:57:15 -0000 1.2.2.1
+++ kio/misc/ktelnetservice.cpp 13 May 2004 15:11:39 -0000
@@ -63,7 +63,17 @@ int main(int argc, char **argv)
cmd << "-l";
cmd << url.user();
}
- cmd << url.host();
+
+ host = url.host();
+
+ if (host.isEmpty() || host.startsWith("-"))
+ {
+ kdError() << "Invalid hostname " << host << endl;
+ return 2;
+ }
+
+ cmd << host;
+
if (url.port())
cmd << QString::number(url.port());
-------------- następna część ---------
Index: kapplication.cpp
===================================================================
RCS file: /home/kde/kdelibs/kdecore/kapplication.cpp,v
retrieving revision 1.545.2.21
diff -u -p -r1.545.2.21 kapplication.cpp
--- kdelibs/kdecore/kapplication.cpp 11 Jan 2004 15:45:02 -0000 1.545.2.21
+++ kdelibs/kdecore/kapplication.cpp 14 May 2004 12:27:23 -0000
@@ -1907,7 +1907,7 @@ void KApplication::invokeMailer(const QS
if (command.isEmpty() || command == QString::fromLatin1("kmail")
|| command.right(6) == "/kmail")
- command = QString::fromLatin1("kmail --composer -s %s -c %c -b %b --body %B --attach %A %t");
+ command = QString::fromLatin1("kmail --composer -s %s -c %c -b %b --body %B --attach %A -- %t");
// TODO: Take care of the preferred terminal app (instead of hardcoding
// Konsole), this will probably require a rewrite of the configurable
-------------- następna część ---------
Index: ktelnetservice.cpp
===================================================================
RCS file: /home/kde/kdelibs/kio/misc/ktelnetservice.cpp,v
retrieving revision 1.3.2.2
diff -u -p -r1.3.2.2 ktelnetservice.cpp
--- kio/misc/ktelnetservice.cpp 31 Mar 2003 09:13:55 -0000 1.3.2.2
+++ kio/misc/ktelnetservice.cpp 13 May 2004 15:12:00 -0000
@@ -68,10 +68,19 @@ int main(int argc, char **argv)
cmd << url.user();
}
+ QString host;
if (!url.host().isEmpty())
- cmd << url.host(); // telnet://host
+ host = url.host(); // telnet://host
else if (!url.path().isEmpty())
- cmd << url.path(); // telnet:host
+ host = url.path(); // telnet:host
+
+ if (host.isEmpty() || host.startsWith("-"))
+ {
+ kdError() << "Invalid hostname " << host << endl;
+ return 2;
+ }
+
+ cmd << host;
if (url.port())
cmd << QString::number(url.port());
Więcej informacji o liście dyskusyjnej pld-devel-pl