Hello community,
here is the log from the commit of package kdelibs3 for openSUSE:Factory
checked in at Sat Dec 26 12:15:56 CET 2009.
--------
--- KDE/kdelibs3/kdelibs3.changes 2009-11-24 11:54:58.000000000 +0100
+++ /mounts/work_src_done/STABLE/kdelibs3/kdelibs3.changes 2009-12-18 23:00:06.000000000 +0100
@@ -1,0 +2,10 @@
+Fri Dec 18 22:59:57 CET 2009 - jengelh@medozas.de
+
+- add baselibs.conf as a source
+
+-------------------------------------------------------------------
+Fri Dec 11 15:32:20 UTC 2009 - llunak@novell.com
+
+- fix XMLHttpRequest vulnerability (bnc#550618)
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
xmlhttprequest_3.x.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kdelibs3-devel-doc.spec ++++++
--- /var/tmp/diff_new_pack.pwf63L/_old 2009-12-26 12:15:35.000000000 +0100
+++ /var/tmp/diff_new_pack.pwf63L/_new 2009-12-26 12:15:35.000000000 +0100
@@ -31,7 +31,7 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Summary: Additional Package Documentation
Version: 3.5.10
-Release: 33
+Release: 34
%define kdelibs_patch_level b
BuildArch: noarch
Requires: kdelibs3 qt3-devel-doc
++++++ kdelibs3.spec ++++++
--- /var/tmp/diff_new_pack.pwf63L/_old 2009-12-26 12:15:35.000000000 +0100
+++ /var/tmp/diff_new_pack.pwf63L/_new 2009-12-26 12:15:35.000000000 +0100
@@ -38,7 +38,7 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Summary: KDE Base Libraries
Version: 3.5.10
-Release: 28
+Release: 29
Obsoletes: kde3-i18n kups keramik kdelibs3-cups kdelibs3-33addons kdepim3-networkstatus
Provides: kups keramik kdelibs3-cups kdelibs3-33addons kdepim3-networkstatus
Provides: kdelibs3_base = 3.3
@@ -60,6 +60,7 @@
%endif
Source0: kdelibs-%{version}.tar.bz2
Source2: do_make
+Source3: baselibs.conf
Source4: api_docu_description
Source6: kde3rc
Source7: common_options
@@ -148,6 +149,7 @@
Patch156: fix-macmenu.patch
Patch157: ignore-inline-menu.diff
Patch158: bnc557126.diff
+Patch159: xmlhttprequest_3.x.diff
%description
This package contains kdelibs, one of the basic packages of the K
@@ -362,6 +364,7 @@
%patch157
%endif
%patch158
+%patch159
tar xfvj %SOURCE12
#
# define KDE version exactly
++++++ xmlhttprequest_3.x.diff ++++++
http://www.kde.org/info/security/advisory-20091027-1.txt
Index: xmlhttprequest.cpp
===================================================================
--- khtml/ecma/xmlhttprequest.cpp (revision 954808)
+++ khtml/ecma/xmlhttprequest.cpp (working copy)
@@ -342,17 +342,17 @@
{
aborted = false;
+ const QString protocol = url.protocol().lower();
+ // Abandon the request when the protocol is other than "http",
+ // instead of blindly doing a KIO::get on other protocols like file:/.
+ if (!protocol.startsWith("http") && !protocol.startsWith("webdav"))
+ {
+ abort();
+ return;
+ }
+
if (method == "post") {
- QString protocol = url.protocol().lower();
- // Abondon the request when the protocol is other than "http",
- // instead of blindly changing it to a "get" request.
- if (!protocol.startsWith("http") && !protocol.startsWith("webdav"))
- {
- abort();
- return;
- }
-
// FIXME: determine post encoding correctly by looking in headers
// for charset.
QByteArray buf;
@@ -763,11 +763,11 @@
if (obj.isValid() && obj.inherits(&DOMDocument::info)) {
DOM::Node docNode = static_cast