[arch-commits] Commit in kdelibs/trunk (PKGBUILD security-fix.patch)

Andrea Scarpino andrea at nymeria.archlinux.org
Thu May 9 03:57:09 EDT 2013


    Date: Thursday, May 9, 2013 @ 09:57:09
  Author: andrea
Revision: 184819

upgpkg: kdelibs 4.10.3-1

Don't show passwords contained in HTTP URLs in error messages

Added:
  kdelibs/trunk/security-fix.patch
Modified:
  kdelibs/trunk/PKGBUILD

--------------------+
 PKGBUILD           |   10 ++++++++--
 security-fix.patch |   32 ++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 2 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2013-05-09 07:44:41 UTC (rev 184818)
+++ PKGBUILD	2013-05-09 07:57:09 UTC (rev 184819)
@@ -17,11 +17,13 @@
 makedepends=('cmake' 'automoc4' 'avahi' 'libgl' 'hspell' 'mesa')
 install=${pkgname}.install
 source=("http://download.kde.org/stable/${pkgver}/src/${pkgname}-${pkgver}.tar.xz"
-        'kde-applications-menu.patch' 'archlinux-menu.patch' 'qt4.patch')
+        'kde-applications-menu.patch' 'archlinux-menu.patch' 'qt4.patch'
+        'security-fix.patch')
 sha1sums=('aa154998e227121be82f5b04442e908e7dece01b'
           '86ee8c8660f19de8141ac99cd6943964d97a1ed7'
           '63a850ab4196b9d06934f2b4a13acd9f7739bc67'
-          'ed1f57ee661e5c7440efcaba7e51d2554709701c')
+          'ed1f57ee661e5c7440efcaba7e51d2554709701c'
+          '506562009a667f18481be0d2c5035b181fce38bb')
 
 build() {
        cd ${pkgname}-${pkgver}
@@ -31,6 +33,10 @@
        patch -p1 -i "${srcdir}"/archlinux-menu.patch
        # qmake refers to Qt5
        patch -p1 -i "${srcdir}"/qt4.patch
+
+       # KDEBUG#319428
+       patch -p1 -i "${srcdir}"/security-fix.patch
+      
        cd ../
 
        mkdir build

Added: security-fix.patch
===================================================================
--- security-fix.patch	                        (rev 0)
+++ security-fix.patch	2013-05-09 07:57:09 UTC (rev 184819)
@@ -0,0 +1,32 @@
+commit 65d736dab592bced4410ccfa4699de89f78c96ca
+Author: Grégory Oestreicher <greg at kamago.net>
+Date:   Wed May 8 23:16:00 2013 +0200
+
+    Don't show passwords contained in HTTP URLs in error messages
+    BUG: 319428
+
+diff --git a/kioslave/http/http.cpp b/kioslave/http/http.cpp
+index 2d139a9..129fc7b 100644
+--- a/kioslave/http/http.cpp
++++ b/kioslave/http/http.cpp
+@@ -3056,7 +3056,7 @@ try_again:
+             ; // Ignore error
+         } else {
+             if (!sendErrorPageNotification()) {
+-                error(ERR_INTERNAL_SERVER, m_request.url.url());
++                error(ERR_INTERNAL_SERVER, m_request.url.prettyUrl());
+                 return false;
+             }
+         }
+@@ -3072,9 +3072,9 @@ try_again:
+         // Tell that we will only get an error page here.
+         if (!sendErrorPageNotification()) {
+             if (m_request.responseCode == 403)
+-                error(ERR_ACCESS_DENIED, m_request.url.url());
++                error(ERR_ACCESS_DENIED, m_request.url.prettyUrl());
+             else
+-                error(ERR_DOES_NOT_EXIST, m_request.url.url());
++                error(ERR_DOES_NOT_EXIST, m_request.url.prettyUrl());
+             return false;
+         }
+     } else if (m_request.responseCode >= 301 && m_request.responseCode<= 303) {



More information about the arch-commits mailing list