Hello community,
here is the log from the commit of package kdebase3
checked in at Tue Nov 14 19:50:18 CET 2006.
--------
--- KDE/kdebase3/kdebase3.changes 2006-11-13 23:51:04.000000000 +0100
+++ /mounts/work_src_done/STABLE/kdebase3/kdebase3.changes 2006-11-14 11:39:20.000000000 +0100
@@ -1,0 +2,10 @@
+Tue Nov 14 11:39:06 CET 2006 - dmueller@suse.de
+
+- update to current optional-kwin.diff (#219020)
+
+-------------------------------------------------------------------
+Tue Nov 14 10:43:27 CET 2006 - ltinkl@suse.cz
+
+- fixed #218764 - shell insertion vulnerability in khelpcenter
+
+-------------------------------------------------------------------
New:
----
khelpcenter_shellquote.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kdebase3.spec ++++++
--- /var/tmp/diff_new_pack.d2T8Pr/_old 2006-11-14 19:48:45.000000000 +0100
+++ /var/tmp/diff_new_pack.d2T8Pr/_new 2006-11-14 19:48:45.000000000 +0100
@@ -46,13 +46,13 @@
%endif
Conflicts: kdebase3-SuSE <= 9.0
PreReq: /bin/sh fileutils permissions
-License: GNU General Public License (GPL) - all versions
+License: GNU General Public License (GPL)
Group: System/GUI/KDE
Summary: The KDE Core Components
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: http://www.kde.org/
Version: 3.5.5
-Release: 50
+Release: 51
%define kde_version 3.5.5
Source0: kdebase-%{kde_version}.tar.bz2
Source3: startkde.suse.sh
@@ -189,6 +189,7 @@
Patch183: 3_5_BRANCH_kompmgr_fix_loop.diff
Patch184: 3_5_BRANCH_kwin_open_in_bg.diff
Patch185: 3_5_BRANCH_197990.diff
+Patch186: khelpcenter_shellquote.diff
%description
This package contains kdebase, one of the basic packages of the K
@@ -374,7 +375,7 @@
Summary: Set and list fileshares
Group: System/Management
Version: 2.0
-Release: 179
+Release: 180
%description -n fileshareset
This package contains the the fileshareset utility to allow users to
@@ -537,6 +538,7 @@
%patch183
%patch184
%patch185
+%patch186
cp %SOURCE17 l10n/tw/flag.png
. /etc/opt/kde3/common_options
cd ../fileshareset2
@@ -1494,6 +1496,10 @@
%endif
%changelog -n kdebase3
+* Tue Nov 14 2006 - dmueller@suse.de
+- update to current optional-kwin.diff (#219020)
+* Tue Nov 14 2006 - ltinkl@suse.cz
+- fixed #218764 - shell insertion vulnerability in khelpcenter
* Mon Nov 13 2006 - dmueller@suse.de
- update optional kwin diff to add custom start script support
(#219020)
++++++ khelpcenter_shellquote.diff ++++++
Index: khelpcenter/searchengine.cpp
===================================================================
--- khelpcenter/searchengine.cpp (revision 601540)
+++ khelpcenter/searchengine.cpp (working copy)
@@ -7,6 +7,7 @@
#include
#include
#include
+#include
#include "docmetainfo.h"
#include "formatter.h"
@@ -73,14 +74,14 @@
QString txt;
if ( entry->documentType().isEmpty() ) {
txt = i18n("Error: No document type specified.");
- } else {
+ } else {
txt = i18n("Error: No search handler for document type '%1'.")
.arg( entry->documentType() );
}
showSearchError( handler, entry, txt );
return;
}
-
+
connectHandler( handler );
handler->search( entry, mEngine->words(), mEngine->maxResults(),
@@ -225,7 +226,7 @@
QString txt = i18n("Unable to initialize SearchHandler from file '%1'.")
.arg( filename );
kdWarning() << txt << endl;
-// KMessageBox::sorry( mView->widget(), txt );
+// KMessageBox::sorry( mView->widget(), txt );
} else {
QStringList documentTypes = handler->documentTypes();
QStringList::ConstIterator it;
@@ -234,7 +235,7 @@
}
}
}
-
+
if ( mHandlers.isEmpty() ) {
QString txt = i18n("No valid search handler found.");
kdWarning() << txt << endl;
@@ -296,7 +297,7 @@
cfg->setGroup( "Search" );
QString commonSearchProgram = cfg->readPathEntry( "CommonProgram" );
bool useCommon = cfg->readBoolEntry( "UseCommonProgram", false );
-
+
if ( commonSearchProgram.isEmpty() || !useCommon ) {
if ( !mView ) {
return false;
@@ -329,12 +330,12 @@
mWords.replace("&", " ");
method = "and";
}
-
+
// replace whitespace with a '+'
mWords = mWords.stripWhiteSpace();
mWords = mWords.simplifyWhiteSpace();
mWords.replace(QRegExp("\\s"), "+");
-
+
commonSearchProgram = substituteSearchQuery( commonSearchProgram );
kdDebug() << "Common Search: " << commonSearchProgram << endl;
@@ -371,7 +372,7 @@
kdError() << "Unable to run search program '" << commonSearchProgram
<< "'" << endl;
delete mProc;
-
+
return false;
}
@@ -409,7 +410,9 @@
{
QString result = query;
result.replace( "%i", identifier );
- result.replace( "%w", words.join( "+" ) );
+ QString tmp = words.join( "+" );
+ KRun::shellQuote( tmp );
+ result.replace( "%w", tmp );
result.replace( "%m", QString::number( maxResults ) );
QString o;
if ( operation == Or ) o = "or";
@@ -436,7 +439,7 @@
delete mRootTraverser;
mRootTraverser = 0;
- emit searchFinished();
+ emit searchFinished();
}
QString SearchEngine::errorLog() const
@@ -490,7 +493,7 @@
SearchHandler *h = handler( entry->documentType() );
if ( h->indexCommand( entry->identifier() ).isEmpty() ) return false;
-
+
return true;
}
++++++ optional-kwin.diff ++++++
--- /var/tmp/diff_new_pack.d2T8Pr/_old 2006-11-14 19:48:48.000000000 +0100
+++ /var/tmp/diff_new_pack.d2T8Pr/_new 2006-11-14 19:48:48.000000000 +0100
@@ -44,7 +44,7 @@
publishProgress( appsToStart, true );
connectDCOPSignal( launcher, launcher, "autoStart0Done()",
-@@ -125,16 +136,57 @@
+@@ -125,16 +136,64 @@
"autoStart2Done()", true);
upAndRunning( "ksmserver" );
@@ -67,16 +67,23 @@
+
+void KSMServer::launchCompiz()
+{
++ QString customStarter = KStandardDirs::findExe("kde-start-compiz");
++
+ QStringList ce;
-+ ce << "gtk-window-decorator" << "gtk-window-decorator";
-+ startApplication(ce);
-+ ce.clear();
-+ ce << "compiz" << "--replace"
-+ << "dbus" << "decoration"
-+ // << "fade"
-+ << "minimize"
-+ << "cube" << "rotate" << "zoom" << "scale" << "move"
-+ << "resize" << "place" << "switcher" << "water";
++ if (customStarter.isEmpty()) {
++ ce << "gtk-window-decorator" << "gtk-window-decorator";
++ startApplication(ce);
++ ce.clear();
++ ce << "compiz" << "--replace"
++ << "dbus" << "decoration"
++ // << "fade"
++ << "minimize"
++ << "cube" << "rotate" << "zoom" << "scale" << "move"
++ << "resize" << "place" << "switcher" << "water";
++ }
++ else
++ ce << customStarter;
++
+ startApplication(ce);
+}
+
@@ -106,7 +113,7 @@
}
/*!
-@@ -157,14 +209,22 @@
+@@ -157,14 +216,22 @@
"autoStart1Done()", true);
connectDCOPSignal( launcher, launcher, "autoStart2Done()",
"autoStart2Done()", true);
@@ -131,7 +138,7 @@
autoStart0();
}
-@@ -178,6 +238,37 @@
+@@ -178,6 +245,37 @@
DCOPRef( launcher ).send( "autoStart", (int) 0 );
}
@@ -169,7 +176,7 @@
void KSMServer::autoStart0Done()
{
if( state != AutoStart0 )
-@@ -264,7 +355,7 @@
+@@ -264,7 +362,7 @@
(config->readNumEntry( QString("restartStyleHint")+n ) == SmRestartNever)) {
continue;
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org