[SECURITY] KDE-3.x.x

Michal Kochanowicz michal w michal.waw.pl
Nie, 12 Gru 2004, 21:42:08 CET 

W konquerorze wykryty został błąd umożliwiający podmianę zawartości
innych okien przeglądarki (podobny do łatanego wcześniej błędu z
ramkami).

W załączniku patche dla 3.3.2 oraz .spec'y. Dostępne są również łatki na
3.2.3.

Oficjalny anons planowany jest na jutro.
-- 
--= Michal Kochanowicz =--==--==BOFH==--==--= michal w michal.waw.pl =--
--= finger me for PGP public key or visit http://michal.waw.pl/PGP =--
--==--==--==--==--==-- Vodka. Connecting people.--==--==--==--==--==--
A chodzenie po górach SSIE!!!
-------------- następna część ---------
Index: kdelibs.spec
===================================================================
RCS file: /cvsroot/SPECS/kdelibs.spec,v
retrieving revision 1.376
diff -u -r1.376 kdelibs.spec
--- kdelibs.spec	10 Dec 2004 22:57:23 -0000	1.376
+++ kdelibs.spec	12 Dec 2004 19:29:06 -0000
@@ -6,7 +6,7 @@
 %bcond_with	verbose	# verbose build
 
 %define		_state		stable
-%define		_ver		3.3.1
+%define		_ver		3.3.2
 %define         artsver         13:1.3.1
 
 Summary:	K Desktop Environment - libraries
@@ -18,19 +18,18 @@
 Summary(uk):	K Desktop Environment - âŚÂĚŚĎÔĹËÉ
 Name:		kdelibs
 Version:	%{_ver}
-Release:	8
+Release:	1
 Epoch:		9
 License:	LGPL
 Group:		X11/Libraries
 Source0:	ftp://ftp.kde.org/pub/kde/%{_state}/%{_ver}/src/%{name}-%{_ver}.tar.bz2
-# Source0-md5:	8636c93405b20eceadb12af5c5483508
+# Source0-md5:	0473fb4c6c2cd2bc0f267cfa201f3fd8
 # Source0-size:	15573765
 Source1:	%{name}-wmfplugin.tar.bz2
 # Source1-md5:	df0d7c2a13bb68fe25e1d6c009df5b8d
 # Source1-size:	3376
 Source2:	pnm.protocol
 Source3:	x-icq.mimelnk
-Patch100:	%{name}-branch.diff
 Patch0:		kde-common-PLD.patch
 Patch1:		%{name}-kstandarddirs.patch
 Patch2:		%{name}-defaultfonts.patch
@@ -38,6 +37,7 @@
 Patch4:		%{name}-fileshareset.patch
 Patch5:         %{name}-appicon_themable.patch
 Patch6:         %{name}-kio_fix.patch
+Patch7:		post-3.3.2-%{name}-htmlframes2.patch
 Icon:		kdelibs.xpm
 URL:		http://www.kde.org/
 BuildRequires:	OpenEXR-devel
@@ -293,7 +293,6 @@
 
 %prep
 %setup -q -a1
-%patch100 -p1
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
@@ -301,6 +300,7 @@
 %patch4 -p1 
 %patch5 -p1 
 %patch6 -p1 
+%patch7 -p0
 
 echo "KDE_OPTIONS = nofinal" >> kdeui/Makefile.am
 echo "KDE_OPTIONS = nofinal" >> kjs/Makefile.am
-------------- następna część ---------
Index: kdebase.spec
===================================================================
RCS file: /cvsroot/SPECS/kdebase.spec,v
retrieving revision 1.407
diff -u -r1.407 kdebase.spec
--- kdebase.spec	2 Dec 2004 20:02:26 -0000	1.407
+++ kdebase.spec	12 Dec 2004 19:29:16 -0000
@@ -6,9 +6,9 @@
 %bcond_with	kwin_shadow	# experimental support for kwin shadows
 
 %define		_state		stable
-%define		_ver		3.3.1
+%define		_ver		3.3.2
 
-%define		_minlibsevr	9:3.3.1
+%define		_minlibsevr	9:3.3.2
 
 Summary:	K Desktop Environment - core files
 Summary(es):	K Desktop Environment - archivos básicos
@@ -21,12 +21,12 @@
 Summary(zh_CN):	KDEşËĐÄ
 Name:		kdebase
 Version:	%{_ver}
-Release:	8
+Release:	1
 Epoch:		9
 License:	GPL
 Group:		X11/Applications
-Source0:	http://download.kde.org/%{_state}/%{version}/src/%{name}-%{_ver}.tar.bz2
-# Source0-md5:	dd0d9707296f2be143c28a8be21b6e24
+Source0:	ftp://ftp.kde.org/pub/kde/%{_state}/%{version}/src/%{name}-%{_ver}.tar.bz2
+# Source0-md5:	edbd721a2a4970977dfe5f45d9e38923
 # Source0-size:	19906317
 #Source0:	http://ftp.pld-linux.org/software/kde/%{name}-%{version}.tar.bz2
 Source1:	%{name}-kdesktop.pam
@@ -45,7 +45,6 @@
 # Source12-md5:	24f9c6a4b711be36437639c410b400b2
 Source13:	ftp://ftp.pld-linux.org/software/kde/%{name}-konqsidebartng-PLD-entries-0.1.tar.bz2
 # Source13-md5:	c8b947bc3e8a2ac050d9e9548cf585fc
-Patch100:	%{name}-branch.diff
 Patch0:		kde-common-PLD.patch
 Patch1:		%{name}-fontdir.patch
 Patch2:		%{name}-kcm_background.patch
@@ -66,6 +65,7 @@
 Patch18:	%{name}-kio_settings.patch
 Patch19:	%{name}-konsole-default-keytab.patch
 Patch20:	%{name}-kwin_shadow.patch
+Patch21:	post-3.3.2-%{name}-htmlframes2.patch
 BuildRequires:	OpenGL-devel
 BuildRequires:	audiofile-devel
 BuildRequires:	autoconf
@@ -988,7 +988,6 @@
 
 %prep
 %setup -q
-%patch100 -p1
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
@@ -1012,6 +1011,7 @@
 %patch20 -p0 -b .shadows
 cd -
 %endif 
+%patch21 -p0
 
 %{__sed} -i -e 's/Categories=.*/Categories=Audio;Mixer;/' \
 	kappfinder/apps/Multimedia/alsamixergui.desktop
-------------- następna część ---------
Index: konq_mainwindow.cc
===================================================================
RCS file: /home/kde/kdebase/konqueror/konq_mainwindow.cc,v
retrieving revision 1.1342.2.14
diff -u -p -r1.1342.2.14 konq_mainwindow.cc
--- konqueror/konq_mainwindow.cc	24 Nov 2004 18:29:51 -0000	1.1342.2.14
+++ konqueror/konq_mainwindow.cc	12 Dec 2004 15:54:46 -0000
@@ -2252,6 +2252,17 @@ KonqView * KonqMainWindow::childView( KP
     QString viewName = view->viewName();
     kdDebug() << "       - viewName=" << viewName << "   "
               << "frame names:" << view->frameNames().join( "," ) << endl;
+
+    // First look for a hostextension containing this frame name
+    KParts::BrowserHostExtension *ext = KParts::BrowserHostExtension::childObject( view->part() );
+    if ( ext )
+    {
+      ext = ext->findFrameParent(callingPart, name);
+      kdDebug() << "BrowserHostExtension found part " << ext << endl;
+      if (!ext)
+         continue; // Don't use this window
+    }
+
     if ( !viewName.isEmpty() && viewName == name )
     {
       kdDebug() << "found existing view by name: " << view << endl;
@@ -2262,13 +2273,6 @@ KonqView * KonqMainWindow::childView( KP
       return view;
     }
 
-    // First look for a hostextension containing this frame name
-    KParts::BrowserHostExtension *ext = KParts::BrowserHostExtension::childObject( view->part() );
-    if ( ext )
-    {
-      ext = ext->findFrameParent(callingPart, name);
-    }
-
 //    KParts::BrowserHostExtension* ext = KonqView::hostExtension( view->part(), name );
 
     if ( ext )
-------------- następna część ---------
Index: khtml_part.cpp
===================================================================
RCS file: /home/kde/kdelibs/khtml/khtml_part.cpp,v
retrieving revision 1.1015.2.12
diff -u -p -r1.1015.2.12 khtml_part.cpp
--- khtml/khtml_part.cpp	17 Nov 2004 13:46:56 -0000	1.1015.2.12
+++ khtml/khtml_part.cpp	12 Dec 2004 15:55:30 -0000
@@ -4758,7 +4758,7 @@ KHTMLPart *
 KHTMLPart::findFrameParent( KParts::ReadOnlyPart *callingPart, const QString &f, khtml::ChildFrame **childFrame )
 {
 #ifdef DEBUG_FINDFRAME
-  kdDebug(6050) << "KHTMLPart::findFrameParent: this = " << this << " URL = " << m_url << " findFrameParent( " << f << " )" << endl;
+  kdDebug(6050) << "KHTMLPart::findFrameParent: this = " << this << " URL = " << m_url << " name = " << name() << " findFrameParent( " << f << " )" << endl;
 #endif
   // Check access
   KHTMLPart* const callingHtmlPart = dynamic_cast<KHTMLPart *>(callingPart);
@@ -4766,6 +4766,9 @@ KHTMLPart::findFrameParent( KParts::Read
   if (!checkFrameAccess(callingHtmlPart))
      return 0;
 
+  if (!childFrame && !parentPart() && (name() == f))
+     return this;
+
   FrameIt it = d->m_frames.find( f );
   const FrameIt end = d->m_frames.end();
   if ( it != end )

Więcej informacji o liście dyskusyjnej pld-devel-pl