Hello community, here is the log from the commit of package kdelibs3 for openSUSE:Factory checked in at 2012-01-11 15:37:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kdelibs3 (Old) and /work/SRC/openSUSE:Factory/.kdelibs3.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "kdelibs3", Maintainer is "kde-maintainers@suse.de" Changes: -------- --- /work/SRC/openSUSE:Factory/kdelibs3/kdelibs3.changes 2011-11-28 12:54:02.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.kdelibs3.new/kdelibs3.changes 2012-01-11 15:38:04.000000000 +0100 @@ -1,0 +2,12 @@ +Mon Jan 9 17:56:22 UTC 2012 - anixx@opensuse.org + +- security patch for CVE-2011-3365 from Fedora +- small patch to make icon selection symmetric +- remove obsolete patch66 + +------------------------------------------------------------------- +Fri Dec 2 07:21:49 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- Old: ---- integrate-global-pixmaps-10.1.diff New: ---- kdelibs-fedora-3.5.x-CVE-2011-3365.patch kiconview-text-fix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kdelibs3-devel-doc.spec ++++++ --- /var/tmp/diff_new_pack.EBCxNk/_old 2012-01-11 15:38:07.000000000 +0100 +++ /var/tmp/diff_new_pack.EBCxNk/_new 2012-01-11 15:38:07.000000000 +0100 @@ -15,23 +15,33 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - - Name: kdelibs3-devel-doc -BuildRequires: OpenEXR-devel aspell-devel cups-devel db-devel doxygen graphviz kdelibs3-devel krb5-devel libjasper libsndfile openldap2-devel qt3-devel-doc utempter xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xorg-x11-fonts-scalable -%if %suse_version > 1020 -BuildRequires: avahi-compat-mDNSResponder-devel fdupes -%else -BuildRequires: mDNSResponder-devel -%endif +BuildRequires: OpenEXR-devel +BuildRequires: aspell-devel +BuildRequires: automake +BuildRequires: avahi-compat-mDNSResponder-devel +BuildRequires: cups-devel +BuildRequires: db-devel +BuildRequires: doxygen +BuildRequires: fdupes +BuildRequires: graphviz +BuildRequires: kdelibs3-devel +BuildRequires: krb5-devel +BuildRequires: libjasper +BuildRequires: libsndfile-devel +BuildRequires: openldap2-devel +BuildRequires: qt3-devel-doc +BuildRequires: utempter +BuildRequires: xorg-x11-fonts-100dpi +BuildRequires: xorg-x11-fonts-75dpi +BuildRequires: xorg-x11-fonts-scalable Url: http://www.kde.org -License: GPLv2+ +License: GPL-2.0+ Group: Documentation/HTML BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: Additional Package Documentation Version: 3.5.10 -Release: 45 +Release: 0 %define kdelibs_patch_level b BuildArch: noarch Requires: kdelibs3 qt3-devel-doc ++++++ kdelibs3.spec ++++++ --- /var/tmp/diff_new_pack.EBCxNk/_old 2012-01-11 15:38:07.000000000 +0100 +++ /var/tmp/diff_new_pack.EBCxNk/_new 2012-01-11 15:38:07.000000000 +0100 @@ -15,24 +15,43 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - - Name: kdelibs3 -BuildRequires: OpenEXR-devel arts-devel aspell-devel cups-devel fam-devel flac-devel krb5-devel -BuildRequires: libart_lgpl-devel libidn-devel libsndfile-devel libtiff-devel -BuildRequires: libxslt-devel openldap2-devel pcre-devel qt3-devel sgml-skel -BuildRequires: db-devel libacl-devel libattr-devel unsermake update-desktop-files utempter -BuildRequires: unzip -BuildRequires: avahi-compat-mDNSResponder-devel fdupes libbz2-devel libjasper-devel +BuildRequires: OpenEXR-devel +BuildRequires: arts-devel +BuildRequires: aspell-devel +BuildRequires: automake +BuildRequires: avahi-compat-mDNSResponder-devel +BuildRequires: cups-devel +BuildRequires: db-devel +BuildRequires: fam-devel +BuildRequires: fdupes +BuildRequires: flac-devel +BuildRequires: krb5-devel +BuildRequires: libacl-devel +BuildRequires: libart_lgpl-devel +BuildRequires: libattr-devel +BuildRequires: libbz2-devel BuildRequires: libdrm-devel +BuildRequires: libidn-devel +BuildRequires: libjasper-devel +BuildRequires: libsndfile-devel +BuildRequires: libtiff-devel +BuildRequires: libxslt-devel +BuildRequires: openldap2-devel +BuildRequires: pcre-devel +BuildRequires: qt3-devel +BuildRequires: sgml-skel +BuildRequires: unsermake +BuildRequires: unzip +BuildRequires: update-desktop-files +BuildRequires: utempter Url: http://www.kde.org -License: BSD3c(or similar) ; GPLv2+ ; LGPLv2.1+ +License: BSD-3-Clause ; GPL-2.0+ ; LGPL-2.1+ Group: System/GUI/KDE BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: KDE Base Libraries Version: 3.5.10 -Release: 49 +Release: 0 Obsoletes: kde3-i18n kups keramik kdelibs3-cups kdelibs3-33addons kdepim3-networkstatus Provides: kups keramik kdelibs3-cups kdelibs3-33addons kdepim3-networkstatus Provides: kdelibs3_base = 3.3 @@ -93,7 +112,6 @@ Patch57: kdemm-filepreview.diff Patch60: fix-qxembed.diff Patch65: integrate-global-pixmaps-new.diff -Patch66: integrate-global-pixmaps-10.1.diff Patch70: ktip-icon-hack.diff Patch80: CATALOG.kdelibs3.diff Patch81: xml-catalog.diff @@ -164,6 +182,8 @@ Patch217: kdelibs-trinity-konq-working-dir.diff Patch218: kdelibs-trinity-flat-xml-types-r1258237.diff +Patch219: kiconview-text-fix.patch +Patch220: kdelibs-fedora-3.5.x-CVE-2011-3365.patch %description This package contains kdelibs, one of the basic packages of the K @@ -173,9 +193,7 @@ This package is absolutely necessary for using KDE. %package arts -License: BSD3c(or similar) ; GPLv2+ ; LGPLv2.1+ Summary: KDE aRts support -Group: System/GUI/KDE Provides: kdelibs3:/opt/kde3/bin/artsmessage # bug437293 %ifarch ppc64 @@ -185,15 +203,12 @@ Requires: arts >= %( echo `rpm -q --queryformat '%{VERSION}' arts`) Recommends: kdemultimedia3-arts - %description arts This package contains bindings and gui elements for using aRts sound daemon. %package default-style -License: BSD3c(or similar) ; GPLv2+ ; LGPLv2.1+ Summary: The default KDE style -Group: System/GUI/KDE Provides: kdelibs3:/opt/kde3/%_lib/libkdefx.so.4 %description default-style @@ -201,9 +216,7 @@ depends on Qt, not the KDE libraries. %package doc -License: BSD3c(or similar) ; GPLv2+ ; LGPLv2.1+ Summary: Documentation for KDE Base Libraries -Group: System/GUI/KDE Provides: kdelibs3:/opt/kde3/share/apps/ksgmltools2 Provides: kdelibs3_doc Requires: sgml-skel libxml2 @@ -216,7 +229,6 @@ help system. %package devel -License: BSD3c(or similar) ; GPLv2+ ; LGPLv2.1+ # usefiles /opt/kde3/bin/dcopidl /opt/kde3/bin/dcopidl2cpp /opt/kde3/bin/kdb2html /opt/kde3/bin/preparetips Requires: qt3-devel libvorbis-devel kdelibs3 = %version autoconf automake libxslt-devel libxml2-devel libart_lgpl-devel libjpeg-devel # next line from kde3-devel-packages macro @@ -226,7 +238,6 @@ Requires: avahi-compat-mDNSResponder-devel libbz2-devel Requires: kdelibs3-arts Summary: KDE Base Package: Build Environment -Group: System/GUI/KDE Requires: fam-devel pcre-devel libidn-devel arts-devel %description devel @@ -272,16 +283,7 @@ %patch56 %patch57 %patch60 -# 10.2 goes back to the version without suseadds -%if %suse_version > 1010 %patch65 -%else -%if %suse_version > 1000 -%patch66 -%else -%patch65 -%endif -%endif %patch70 rm -rf admin bunzip2 -cd %{SOURCE8} | tar xfv - --exclude=.cvsignore --exclude=CVS @@ -352,6 +354,8 @@ %patch216 -p1 %patch217 -p1 %patch218 -p1 +%patch219 -p1 +%patch220 -p1 tar xfvj %SOURCE12 # ++++++ kdelibs-fedora-3.5.x-CVE-2011-3365.patch ++++++ --- kdelibs-3.5.10/kio/kssl/ksslinfodlg.cc 2007-05-14 09:52:36.000000000 +0200 +++ kdelibs-3.5.10/kio/kssl/ksslinfodlg.cc 2011-10-07 20:38:30.000000000 +0200 @@ -253,6 +253,14 @@ layout->addWidget(new QLabel(i18n("%1 bits used of a %2 bit cipher").arg(usedbits).arg(bits), this), 10, 1); d->m_layout->addMultiCell(layout, 2, 2, 0, 2); + ipl->setTextFormat(Qt::PlainText); + urlLabel->setTextFormat(Qt::PlainText); + d->_serialNum->setTextFormat(Qt::PlainText); + d->_csl->setTextFormat(Qt::PlainText); + d->_validFrom->setTextFormat(Qt::PlainText); + d->_validUntil->setTextFormat(Qt::PlainText); + d->_digest->setTextFormat(Qt::PlainText); + displayCert(cert); } @@ -400,32 +408,32 @@ if (!(tmp = cert.getValue("O")).isEmpty()) { label = new QLabel(i18n("Organization:"), _frame); label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - new QLabel(tmp, _frame); + (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); } if (!(tmp = cert.getValue("OU")).isEmpty()) { label = new QLabel(i18n("Organizational unit:"), _frame); label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - new QLabel(tmp, _frame); + (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); } if (!(tmp = cert.getValue("L")).isEmpty()) { label = new QLabel(i18n("Locality:"), _frame); label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - new QLabel(tmp, _frame); + (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); } if (!(tmp = cert.getValue("ST")).isEmpty()) { label = new QLabel(i18n("Federal State","State:"), _frame); label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - new QLabel(tmp, _frame); + (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); } if (!(tmp = cert.getValue("C")).isEmpty()) { label = new QLabel(i18n("Country:"), _frame); label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - new QLabel(tmp, _frame); + (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); } if (!(tmp = cert.getValue("CN")).isEmpty()) { label = new QLabel(i18n("Common name:"), _frame); label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - new QLabel(tmp, _frame); + (new QLabel(tmp, _frame))->setTextFormat(Qt::PlainText); } if (!(tmp = cert.getValue("Email")).isEmpty()) { label = new QLabel(i18n("Email:"), _frame); @@ -435,6 +443,7 @@ connect(mail, SIGNAL(leftClickedURL(const QString &)), mailCatcher, SLOT(mailClicked(const QString &))); } else { label = new QLabel(tmp, _frame); + label->setTextFormat(Qt::PlainText); } } if (label && viewport()) { --- kdelibs-3.5.10/kioslave/http/http.cc 2008-02-13 10:41:06.000000000 +0100 +++ kdelibs-3.5.10-kio_http-qlabel/kioslave/http/http.cc 2011-10-07 21:09:39.000000000 +0200 @@ -183,6 +183,26 @@ return sanitizedHeaders.stripWhiteSpace(); } +static QString htmlEscape(const QString &plain) +{ + QString rich; + rich.reserve(uint(plain.length() * 1.1)); + for (uint i = 0; i < plain.length(); ++i) { + if (plain.at(i) == '<') + rich += "<"; + else if (plain.at(i) == '>') + rich += ">"; + else if (plain.at(i) == '&') + rich += "&"; + else if (plain.at(i) == '"') + rich += """; + else + rich += plain.at(i); + } + rich.squeeze(); + return rich; +} + #define NO_SIZE ((KIO::filesize_t) -1) @@ -5173,7 +5193,7 @@ info.verifyPath = false; info.digestInfo = m_strAuthorization; info.commentLabel = i18n( "Site:" ); - info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( m_strRealm ).arg( m_request.hostname ); + info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( htmlEscape(m_strRealm) ).arg( m_request.hostname ); } } else if ( m_responseCode == 407 ) @@ -5190,7 +5210,7 @@ info.verifyPath = false; info.digestInfo = m_strProxyAuthorization; info.commentLabel = i18n( "Proxy:" ); - info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( m_strProxyRealm ).arg( m_proxyURL.host() ); + info.comment = i18n("<b>%1</b> at <b>%2</b>").arg( htmlEscape(m_strProxyRealm) ).arg( m_proxyURL.host() ); } } } ++++++ kiconview-text-fix.patch ++++++ diff -wruN kdelibs-3.5.10.orig/kdeui/kiconview.cpp kdelibs-3.5.10/kdeui/kiconview.cpp --- kdelibs-3.5.10.orig/kdeui/kiconview.cpp 2005-10-10 19:06:38.000000000 +0400 +++ kdelibs-3.5.10/kdeui/kiconview.cpp 2011-12-05 08:59:49.287066627 +0400 @@ -612,6 +612,9 @@ } } + itemTextRect.setRight( itemTextRect.right() - 1 ); + itemRect.setRight( itemRect.right() - 1 ); + if ( itemIconRect != pixmapRect() ) setPixmapRect( itemIconRect ); if ( itemTextRect != textRect() ) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org