diff options
| author | Michael Nottebrock <lofi@FreeBSD.org> | 2007-08-19 15:36:01 +0000 |
|---|---|---|
| committer | Michael Nottebrock <lofi@FreeBSD.org> | 2007-08-19 15:36:01 +0000 |
| commit | c6accc698631cb9331e64b9f3d19810d6834078a (patch) | |
| tree | 0c6e8ede112436d08fbaf2f0018ba90362de4c5d /x11/kdebase4/files | |
| parent | Update to the 20070815 snapshot of GCC 4.2.2. (diff) | |
Fix Konqueror address bar spoofing attack vulnerability.
Security: CVE-2007-4224, CVE-2007-4224, CVE-2007-3820
Security: http://www.kde.org/info/security/advisory-20070816-1.txt
Notes
Notes:
svn path=/head/; revision=197923
Diffstat (limited to 'x11/kdebase4/files')
| -rw-r--r-- | x11/kdebase4/files/patch-post-3.5.7-kdebase-konqueror.diff | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/x11/kdebase4/files/patch-post-3.5.7-kdebase-konqueror.diff b/x11/kdebase4/files/patch-post-3.5.7-kdebase-konqueror.diff new file mode 100644 index 000000000000..0d6e44ef4f82 --- /dev/null +++ b/x11/kdebase4/files/patch-post-3.5.7-kdebase-konqueror.diff @@ -0,0 +1,49 @@ +--- konqueror/konq_combo.cc ++++ konqueror/konq_combo.cc +@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u + kapp->dcopClient()->send( "konqueror*", "KonquerorIface", + "addToCombo(QString,QCString)", data); + } ++ // important security consideration: always display the beginning ++ // of the url rather than its end to prevent spoofing attempts. ++ lineEdit()->setCursorPosition( 0 ); + } + + void KonqCombo::setTemporary( const QString& text ) +--- konqueror/konq_mainwindow.cc ++++ konqueror/konq_mainwindow.cc +@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView * + } + else // no known serviceType, use KonqRun + { +- if ( ( view && view == m_currentView ) || +- ( !view && !req.newTab ) ) // startup with argument ++ if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument + { + // Show it for now in the location bar, but we'll need to store it in the view + // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called). +- kdDebug(1202) << "setLocationBarURL : url = " << url << endl; ++ kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl; + setLocationBarURL( url ); + } + +@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s + if ( childView ) + { + enableAllActions( true ); +- +- m_pViewManager->setActivePart( childView->part() ); + m_currentView = childView; + } + } +--- konqueror/konq_viewmgr.cc ++++ konqueror/konq_viewmgr.cc +@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan + + void KonqViewManager::emitActivePartChanged() + { ++ // prevent unnecessary multiple calls to slotPartActivated: ++ m_activePartChangedTimer->stop(); + m_pMainWindow->slotPartActivated( activePart() ); + } + |