home:Fisiu:branches:openSUSE:11.4:Contrib/kadu-qt4 -> openSUSE:11.4:Contrib/kadu-qt4 https://build.opensuse.org/request/show/107054 Description: - Security fix: inject js code into history. Fix bnc#749036. changes files: -------------- --- kadu.changes +++ kadu.changes @@ -1,0 +2,5 @@ +Sun Feb 26 11:36:07 UTC 2012 - fisiu@opensuse.org + +- Security fix: inject js code into history. Fix bnc#749036. + +------------------------------------------------------------------- new: ---- kadu-inject-js-into-history-fix.patch spec files: ----------- --- kadu.spec +++ kadu.spec @@ -26,6 +26,8 @@ Url: http://www.kadu.net/ Group: Productivity/Networking/Instant Messenger Source0: kadu-0.9.2.tar.bz2 +# PATCH-FIX-UPSTREAM -- kadu-inject-js-into-history-fix.patch -- Rafał Malinowski +Patch0: kadu-inject-js-into-history-fix.patch ### 1x - External Modules ### Source10: anonymous_check-0.6.6.1.tar.bz2 Source11: globalhotkeys-0.6.6-22.tar.gz @@ -239,7 +241,7 @@ ver=${ver:0:2}.${ver:2:1} sed -e "s:</b><br />: openSUSE $ver</b><br />:" -i kadu-core/gui/windows/about.cpp # apply patches -# none atm +%patch0 %build %ifarch x86_64 other changes: -------------- ++++++ kadu-inject-js-into-history-fix.patch (new) --- kadu-inject-js-into-history-fix.patch +++ kadu-inject-js-into-history-fix.patch @@ -0,0 +1,131 @@ +Index: kadu-core/gui/widgets/buddy-info-panel.cpp +=================================================================== +--- kadu-core/gui/widgets/buddy-info-panel.cpp.orig ++++ kadu-core/gui/widgets/buddy-info-panel.cpp +@@ -52,6 +52,11 @@ BuddyInfoPanel::BuddyInfoPanel(QWidget * + setAttribute(Qt::WA_OpaquePaintEvent, false); + + connect(BuddyPreferredManager::instance(), SIGNAL(buddyUpdated(Buddy&)), this, SLOT(buddyUpdated(Buddy&))); ++ ++ page()->currentFrame()->evaluateJavaScript( ++ "XMLHttpRequest.prototype.open = function() { return false; };" ++ "XMLHttpRequest.prototype.send = function() { return false; };" ++ ); + } + + BuddyInfoPanel::~BuddyInfoPanel() +Index: kadu-core/gui/widgets/chat-messages-view.cpp +=================================================================== +--- kadu-core/gui/widgets/chat-messages-view.cpp.orig ++++ kadu-core/gui/widgets/chat-messages-view.cpp +@@ -62,6 +62,11 @@ ChatMessagesView::ChatMessagesView(const + settings()->setAttribute(QWebSettings::JavascriptEnabled, true); + settings()->setAttribute(QWebSettings::PluginsEnabled, true); + ++ page()->currentFrame()->evaluateJavaScript( ++ "XMLHttpRequest.prototype.open = function() { return false; };" ++ "XMLHttpRequest.prototype.send = function() { return false; };" ++ ); ++ + connectChat(); + + connect(this->page()->mainFrame(), SIGNAL(contentsSizeChanged(const QSize &)), this, SLOT(scrollToBottom())); +Index: kadu-core/gui/widgets/chat-view-network-access-manager.cpp +=================================================================== +--- kadu-core/gui/widgets/chat-view-network-access-manager.cpp.orig ++++ kadu-core/gui/widgets/chat-view-network-access-manager.cpp +@@ -36,6 +36,9 @@ ChatViewNetworkAccessManager::ChatViewNe + + QNetworkReply * ChatViewNetworkAccessManager::createRequest(QNetworkAccessManager::Operation operation, const QNetworkRequest &request, QIODevice *device) + { ++ if (QNetworkAccessManager::GetOperation != operation && QNetworkAccessManager::HeadOperation != operation) ++ operation = QNetworkAccessManager::GetOperation; ++ + if (request.url().scheme() != "kaduimg") + return QNetworkAccessManager::createRequest(operation, request, device); + +Index: kadu-core/gui/widgets/chat-view-network-access-manager.h +=================================================================== +--- kadu-core/gui/widgets/chat-view-network-access-manager.h.orig ++++ kadu-core/gui/widgets/chat-view-network-access-manager.h +@@ -33,6 +33,7 @@ public: + + protected: + virtual QNetworkReply * createRequest(Operation operation, const QNetworkRequest &request, QIODevice *device); ++ + }; + + #endif // CHAT_VIEW_NETWORK_ACCESS_MANAGER +Index: modules/sql_history/storage/history-sql-storage.cpp +=================================================================== +--- modules/sql_history/storage/history-sql-storage.cpp.orig ++++ modules/sql_history/storage/history-sql-storage.cpp +@@ -23,6 +23,7 @@ + */ + + #include ++#include + #include + #include + +@@ -991,6 +992,20 @@ void HistorySqlStorage::executeQuery(QSq + kdebugm(KDEBUG_INFO, "db query: %s\n", qPrintable(query.executedQuery())); + } + ++QString HistorySqlStorage::stripAllScriptTags(const QString &string) ++{ ++ QString beforeReplace = string; ++ QString afterReplace = beforeReplace; ++ ++ afterReplace.replace("http://hermes.opensuse.org) openSUSE Build Service (https://build.opensuse.org/) Collaboration: http://en.opensuse.org/Build_Service/Collaboration -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-contrib+owner@opensuse.org