diff options
| author | Hartmut Goebel <h.goebel@crazy-compilers.com> | 2017-03-28 17:49:41 +0200 |
|---|---|---|
| committer | Hartmut Goebel <h.goebel@crazy-compilers.com> | 2017-04-12 10:08:52 +0200 |
| commit | 4467c2d1dcbf88e26767616a49ed49de8ee48f57 (patch) | |
| tree | 1974036a11a2452a23014d1afcb44a1486dd374c /gnu/packages/patches/kio-CVE-2017-6410.patch | |
| parent | 446809fb359fb7089ebc8db7843c84377c046905 (diff) | |
| download | guix-4467c2d1dcbf88e26767616a49ed49de8ee48f57.tar guix-4467c2d1dcbf88e26767616a49ed49de8ee48f57.tar.gz | |
gnu: Update kde-frameworks to 5.32.0
* gnu/packages/kde-frameworks.scm
(breeze-icons): Update to 5.32.0. [arguments]: Re-enable tests.
(kio): Update to 5.32.0. [source]: Remove patch.
(ktexteditor): Update to 5.32.0. [inputs]: Add ksyntaxhighlighting.
(networkmanager-qt): Update to 5.32.0. [source]: Add patches.
(kunitconversion): Update to 5.32.0. [arguments]
<disable-a-failing-test-case>: New phase.
(ksyntaxhighlighting): Update to 5.32.0.[native-iputs]: Add qtools.
(knewstuff): Update to 5.32.0. [inputs]: Add qtdeclarative.
(attica, baloo, bluez-qt, extra-cmake-modules, kactivities,
kactivities-stats, kapidox, karchive, kauth, kbookmarks, kcmutils, kcodecs,
kcompletion, kconfig, kconfigwidgets, kcoreaddons, kcrash, kdbusaddons,
kdeclarative, kded, kdesignerplugin, kdesu, kdnssd, kdoctools, kemoticons,
kfilemetadata, kglobalaccel, kguiaddons, ki18n, kiconthemes, kidletime,
kimageformats, kinit, kitemmodels, kitemviews, kjobwidgets, knotifications,
knotifyconfig, kpackage, kparts, kpeople, kplotting, kpty, krunner,
kservice, ktextwidgets, kwallet, kwayland, kwidgetsaddons, kwindowsystem,
kxmlgui, kxmlrpcclient, modemmanager-qt, oxygen-icons, plasma-framework,
solid, sonnet, threadweaver): Update to 5.32.0.
* gnu/packages/patches/kio-CVE-2017-6410.patch: Delete file.
* gnu/packages/patches/networkmanager-qt-activeconnection-test-1.patch,
gnu/packages/patches/networkmanager-qt-activeconnection-test-2.patch:
New files.
* gnu/local.mk (dist_patch_DATA): Remove resp. add the patch files.
Diffstat (limited to 'gnu/packages/patches/kio-CVE-2017-6410.patch')
| -rw-r--r-- | gnu/packages/patches/kio-CVE-2017-6410.patch | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/gnu/packages/patches/kio-CVE-2017-6410.patch b/gnu/packages/patches/kio-CVE-2017-6410.patch deleted file mode 100644 index 748636f806..0000000000 --- a/gnu/packages/patches/kio-CVE-2017-6410.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix CVE-2017-6410, "Information Leak when accessing https when using a -malicious PAC file": - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6410 -https://www.kde.org/info/security/advisory-20170228-1.txt - -Patch copied from upstream source repository: - -https://cgit.kde.org/kio.git/commit/?id=f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 - -From f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid <aacid@kde.org> -Date: Tue, 28 Feb 2017 19:00:48 +0100 -Subject: Sanitize URLs before passing them to FindProxyForURL - -Remove user/password information -For https: remove path and query - -Thanks to safebreach.com for reporting the problem - -CCMAIL: yoni.fridburg@safebreach.com -CCMAIL: amit.klein@safebreach.com -CCMAIL: itzik.kotler@safebreach.com ---- - src/kpac/script.cpp | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/src/kpac/script.cpp b/src/kpac/script.cpp -index a0235f7..2485c54 100644 ---- a/src/kpac/script.cpp -+++ b/src/kpac/script.cpp -@@ -754,9 +754,16 @@ QString Script::evaluate(const QUrl &url) - } - } - -+ QUrl cleanUrl = url; -+ cleanUrl.setUserInfo(QString()); -+ if (cleanUrl.scheme() == QLatin1String("https")) { -+ cleanUrl.setPath(QString()); -+ cleanUrl.setQuery(QString()); -+ } -+ - QScriptValueList args; -- args << url.url(); -- args << url.host(); -+ args << cleanUrl.url(); -+ args << cleanUrl.host(); - - QScriptValue result = func.call(QScriptValue(), args); - if (result.isError()) { --- -cgit v0.11.2 - |