diff --git a/.gitignore b/.gitignore index 89744e6..d76b06e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1 @@ -/kio-extras-17.12.3.tar.xz -/kio-extras-18.04.0.tar.xz -/kio-extras-18.04.1.tar.xz -/kio-extras-18.04.2.tar.xz -/kio-extras-18.04.3.tar.xz -/kio-extras-18.08.1.tar.xz -/kio-extras-18.08.2.tar.xz +/kio-extras-18.08.3.tar.xz diff --git a/0001-Avoid-crash-by-not-checking-free-space-for-smb.patch b/0001-Avoid-crash-by-not-checking-free-space-for-smb.patch deleted file mode 100644 index 3b674f2..0000000 --- a/0001-Avoid-crash-by-not-checking-free-space-for-smb.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 767415da97a7fae3c5578b9a4fb17a7be041d8ae Mon Sep 17 00:00:00 2001 -From: Kai Uwe Broulik -Date: Fri, 31 Aug 2018 09:17:17 +0200 -Subject: [PATCH] Avoid crash by not checking free space for smb:// - -This isn't a real location but the overview of all found hosts. -smbc_opendir would succeed but then crash in smbc_fstatvfs - -Differential Revision: https://phabricator.kde.org/D15142 - -(cherry picked from commit 000b1d910b71b491621c7cdbd934c277171c20bf) ---- - smb/kio_smb_browse.cpp | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/smb/kio_smb_browse.cpp b/smb/kio_smb_browse.cpp -index 47b2b328..1fa0e6fb 100644 ---- a/smb/kio_smb_browse.cpp -+++ b/smb/kio_smb_browse.cpp -@@ -492,6 +492,14 @@ void SMBSlave::fileSystemFreeSpace(const QUrl& url) - { - qCDebug(KIO_SMB) << url; - -+ // Avoid crashing in smbc_fstatvfs below when -+ // requesting free space for smb:// which doesn't -+ // make sense to do to begin with -+ if (url.host().isEmpty()) { -+ error(KIO::ERR_COULD_NOT_STAT, url.url()); -+ return; -+ } -+ - SMBUrl smbcUrl = url; - int handle = smbc_opendir(smbcUrl.toSmbcUrl()); - if (handle < 0) { --- -2.17.2 - diff --git a/kio-extras-17.12.0-nfs-libtirpc.patch b/kio-extras-17.12.0-nfs-libtirpc.patch deleted file mode 100644 index 55b6d05..0000000 --- a/kio-extras-17.12.0-nfs-libtirpc.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -ur kio-extras-17.12.0/CMakeLists.txt kio-extras-17.12.0-nfs-libtirpc/CMakeLists.txt ---- kio-extras-17.12.0/CMakeLists.txt 2017-12-08 02:00:30.000000000 +0100 -+++ kio-extras-17.12.0-nfs-libtirpc/CMakeLists.txt 2018-01-10 19:56:58.179385571 +0100 -@@ -177,9 +177,11 @@ - if(Gperf_FOUND AND KF5KHtml_FOUND) - add_subdirectory( man ) - endif() -- check_include_files(rpc/rpc.h HAVE_RPC_RPC_H) -- add_feature_info("NFS kioslave" HAVE_RPC_RPC_H "The RPC library is needed to build the NFS kioslave") -- if(HAVE_RPC_RPC_H) -+ pkg_check_modules(TIRPC libtirpc) -+ include_directories(${TIRPC_INCLUDE_DIRS}) -+ set(CMAKE_REQUIRED_LIBRARIES ${TIRPC_LIBRARIES}) -+ add_feature_info("NFS kioslave" TIRPC_FOUND "The RPC library is needed to build the NFS kioslave") -+ if(TIRPC_FOUND) - add_subdirectory( nfs ) - endif() - endif() -diff -ur kio-extras-17.12.0/nfs/CMakeLists.txt kio-extras-17.12.0-nfs-libtirpc/nfs/CMakeLists.txt ---- kio-extras-17.12.0/nfs/CMakeLists.txt 2017-12-05 00:08:51.000000000 +0100 -+++ kio-extras-17.12.0-nfs-libtirpc/nfs/CMakeLists.txt 2018-01-10 19:56:58.179385571 +0100 -@@ -10,6 +10,7 @@ - message(FATAL_ERROR "Could not find 64-bit XDR datatype functions!") - endif (NOT HAVE_XDR_U_INT64_T AND NOT HAVE_XDR_UINT64_T AND NOT HAVE_XDR_U_HYPER AND NOT HAVE_XDR_U_LONGLONG_T) - -+add_definitions(-D_DEFAULT_SOURCE) - if (HAVE_XDR_U_INT64_T) - add_definitions(-DHAVE_XDR_U_INT64_T) - endif (HAVE_XDR_U_INT64_T) -@@ -26,7 +27,7 @@ - add_definitions(-DTRANSLATION_DOMAIN=\"kio5_nfs\") - - add_library(kio_nfs MODULE kio_nfs.cpp nfsv2.cpp nfsv3.cpp rpc_nfs3_prot_xdr.c rpc_nfs2_prot_xdr.c) --target_link_libraries(kio_nfs KF5::KIOCore KF5::I18n Qt5::Network) -+target_link_libraries(kio_nfs KF5::KIOCore KF5::I18n Qt5::Network ${TIRPC_LIBRARIES}) - set_target_properties(kio_nfs PROPERTIES OUTPUT_NAME "nfs") - - install(TARGETS kio_nfs DESTINATION ${PLUGIN_INSTALL_DIR}/kf5/kio) diff --git a/kio-extras.spec b/kio-extras.spec index 3728e2b..8806057 100644 --- a/kio-extras.spec +++ b/kio-extras.spec @@ -7,8 +7,8 @@ %endif Name: kio-extras -Version: 18.08.2 -Release: 2%{?dist} +Version: 18.08.3 +Release: 1%{?dist} Summary: Additional components to increase the functionality of KIO Framework License: GPLv2+ @@ -70,13 +70,6 @@ BuildRequires: pkgconfig(shared-mime-info) BuildRequires: qt5-qtbase-devel BuildRequires: qt5-qtsvg-devel BuildRequires: taglib-devel > 1.11 -%if 0%{?fedora} > 24 -# work around possibly missing macro -%{!?qt5_qtwebengine_arches:%global qt5_qtwebengine_arches %{ix86} x86_64 %{arm} aarch64 mips mipsel mips64el} -%ifarch %{qt5_qtwebengine_arches} -%global htmlthumbnail 1 -%endif -%endif %if 0%{?tests} BuildRequires: dbus-x11 @@ -97,21 +90,15 @@ Obsoletes: kio-extras-doc < 5.8.0-2 Obsoletes: kio-extras-docs < 17.03 Provides: kio-extras-docs = %{version}-%{release} +# -htmlthumbnail removed +Obsoletes: kio-extras-htmlthumbnail < 18.08.3 + # helpful for imagethumbnail plugin Recommends: qt5-qtimageformats %{?_isa} %description %{summary}. -%if 0%{?htmlthumbnail} -%package htmlthumbnail -Summary: KIO HTML thumbnailer -BuildRequires: qt5-qtwebengine-devel >= 5.7 -Requires: %{name}%{?_isa} = %{version}-%{release} -%description htmlthumbnail -%{summary}. -%endif - %package devel Summary: Development files for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} @@ -210,11 +197,6 @@ time make test -C %{_target_platform} ARGS="--output-on-failure --timeout 10" || %{_datadir}/mime/packages/kf5_network.xml %{_datadir}/config.kcfg/jpegcreatorsettings5.kcfg -%if 0%{?htmlthumbnail} -%files htmlthumbnail -%{_kf5_qtplugindir}/htmlthumbnail.so -%endif - %files devel %{_kf5_includedir}/*.h # no soname symlink? --rex @@ -226,6 +208,10 @@ time make test -C %{_target_platform} ARGS="--output-on-failure --timeout 10" || %changelog +* Tue Nov 13 2018 Rex Dieter - 18.08.3-1 +- 18.08.3 +- drop -htmlthumbnail: CVE-2018-19120 kio-extras: HTML Thumbnailer automatic remote file access (#1649421) + * Wed Oct 17 2018 Rex Dieter - 18.08.2-2 - pull in upstream crash fix, use %%make_build diff --git a/sources b/sources index fe54fe8..2b829f6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (kio-extras-18.08.2.tar.xz) = da2f9f573f993a49fc54efba25c653614b3505cf727205eca360298f88b783505171168931193080bc5e50f5a9e8609b90f5a9a734894e087cd8ed5805f3d905 +SHA512 (kio-extras-18.08.3.tar.xz) = f79ab19abedd47baeffea4b1e99acc21611c9d435f0de14751594c97c373eaa493da07fd5d754b1f62f696e4f445b493861566845794d6d32e63e0354189d726