diff --git a/0003-Don-t-choke-on-empty-lines-in-etc-os-release.patch b/0003-Don-t-choke-on-empty-lines-in-etc-os-release.patch new file mode 100644 index 0000000..5177ccd --- /dev/null +++ b/0003-Don-t-choke-on-empty-lines-in-etc-os-release.patch @@ -0,0 +1,27 @@ +From 651bbc6cc8c1f72123d352aab83c14e719bcbe82 Mon Sep 17 00:00:00 2001 +From: Eike Hein +Date: Wed, 29 Jan 2014 22:34:50 +0100 +Subject: [PATCH 03/23] Don't choke on empty lines in /etc/os-release. + +--- + data/scripts/sysinfo | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/data/scripts/sysinfo b/data/scripts/sysinfo +index 582e093..3deb789 100755 +--- a/data/scripts/sysinfo ++++ b/data/scripts/sysinfo +@@ -125,7 +125,9 @@ class distro(Sensor): + def gather(self): + if os.path.exists('/etc/os-release'): + with open('/etc/os-release', 'rb') as osrelease: +- for line in osrelease: ++ lines = (line.strip() for line in osrelease) ++ lines = (line for line in lines if line) ++ for line in lines: + key, value = line.decode('utf-8', 'replace').split('=', 1) + if key == 'NAME': + self.data['name'] = value.strip(string.whitespace + '"') +-- +1.9.3 + diff --git a/0004-Force-C-locale-when-executing-df.patch b/0004-Force-C-locale-when-executing-df.patch new file mode 100644 index 0000000..a94401c --- /dev/null +++ b/0004-Force-C-locale-when-executing-df.patch @@ -0,0 +1,26 @@ +From b485f24a121737dce06e952331d1fd235459a361 Mon Sep 17 00:00:00 2001 +From: Eike Hein +Date: Wed, 29 Jan 2014 22:44:16 +0100 +Subject: [PATCH 04/23] Force C locale when executing df. + +--- + data/scripts/sysinfo | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/data/scripts/sysinfo b/data/scripts/sysinfo +index 3deb789..919a733 100755 +--- a/data/scripts/sysinfo ++++ b/data/scripts/sysinfo +@@ -224,7 +224,8 @@ class ram(Sensor): + class storage(Sensor): + def gather(self): + try: +- df = subprocess.check_output(['df', '-lP'], stderr=subprocess.STDOUT).decode() ++ env = dict(LC_ALL='C') ++ df = subprocess.check_output(['df', '-lP'], stderr=subprocess.STDOUT, env=env).decode() + except subprocess.CalledProcessError as e: + df = e.output.decode() + +-- +1.9.3 + diff --git a/0007-Give-a-Konvi-a-hint-that-Cantata-is-an-audio-type-pl.patch b/0007-Give-a-Konvi-a-hint-that-Cantata-is-an-audio-type-pl.patch new file mode 100644 index 0000000..a138160 --- /dev/null +++ b/0007-Give-a-Konvi-a-hint-that-Cantata-is-an-audio-type-pl.patch @@ -0,0 +1,30 @@ +From 90d02c9ee7b3f3a1bd6f8d18977bef1520e77b72 Mon Sep 17 00:00:00 2001 +From: Eike Hein +Date: Mon, 24 Feb 2014 22:03:17 +0100 +Subject: [PATCH 07/23] Give a Konvi a hint that Cantata is an audio-type + player. + +--- + data/scripts/media | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/data/scripts/media b/data/scripts/media +index 28bb485..856bcea 100755 +--- a/data/scripts/media ++++ b/data/scripts/media +@@ -49,9 +49,9 @@ format_strings = { + # Entries should be the unique MPRIS2 bus names of players, i.e. the "amarok" + # part of "org.mpris.MediaPlayer2.amarok". + player_rankings = { +- 'all' : ['amarok', 'juk', 'tomahawk', 'rhythmbox', 'banshee', 'clementine', 'audacious', +- 'spotify', 'dragonplayer', 'bangarang', 'vlc'], +- 'audio' : ['amarok', 'juk', 'tomahawk', 'rhythmbox', 'banshee', 'audacious', ++ 'all' : ['amarok', 'cantata', 'juk', 'tomahawk', 'rhythmbox', 'banshee', 'clementine', ++ 'audacious', 'spotify', 'dragonplayer', 'bangarang', 'vlc'], ++ 'audio' : ['amarok', 'cantata', 'juk', 'tomahawk', 'rhythmbox', 'banshee', 'audacious', + 'clementine', 'spotify', 'pragha', 'gogglesmm', 'qmmp', 'gmusicbrowser', + 'guayadeque', 'bangarang', 'dragonplayer', 'vlc'], + 'video' : ['dragonplayer', 'kaffeine', 'bangarang', 'vlc', 'smplayer', 'totem'] +-- +1.9.3 + diff --git a/0011-Fix-wildcard-expansion-in-command-alias-replacements.patch b/0011-Fix-wildcard-expansion-in-command-alias-replacements.patch new file mode 100644 index 0000000..6fe0436 --- /dev/null +++ b/0011-Fix-wildcard-expansion-in-command-alias-replacements.patch @@ -0,0 +1,54 @@ +From 79b3f3d013583109fcf4a09cb6e06a94da09d17a Mon Sep 17 00:00:00 2001 +From: Eike Hein +Date: Wed, 16 Apr 2014 23:05:30 +0200 +Subject: [PATCH 11/23] Fix wildcard expansion in command alias replacements. + +--- + ChangeLog | 6 +++++- + src/irc/channel.cpp | 2 +- + src/irc/query.cpp | 2 +- + src/viewer/statuspanel.cpp | 2 +- + 4 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/irc/channel.cpp b/src/irc/channel.cpp +index 6911473..594630e 100644 +--- a/src/irc/channel.cpp ++++ b/src/irc/channel.cpp +@@ -790,7 +790,7 @@ void Channel::sendText(const QString& sendLine) + QString outputAll(sendLine); + + // replace aliases and wildcards +- m_server->getOutputFilter()->replaceAliases(outputAll); ++ m_server->getOutputFilter()->replaceAliases(outputAll, this); + + // Send all strings, one after another + QStringList outList = outputAll.split(QRegExp("[\r\n]+"), QString::SkipEmptyParts); +diff --git a/src/irc/query.cpp b/src/irc/query.cpp +index e5d271f..feed704 100644 +--- a/src/irc/query.cpp ++++ b/src/irc/query.cpp +@@ -233,7 +233,7 @@ void Query::sendText(const QString& sendLine) + QString outputAll(sendLine); + + // replace aliases and wildcards +- m_server->getOutputFilter()->replaceAliases(outputAll); ++ m_server->getOutputFilter()->replaceAliases(outputAll, this); + + // Send all strings, one after another + QStringList outList = outputAll.split('\n', QString::SkipEmptyParts); +diff --git a/src/viewer/statuspanel.cpp b/src/viewer/statuspanel.cpp +index a021dce..ef1f1da 100644 +--- a/src/viewer/statuspanel.cpp ++++ b/src/viewer/statuspanel.cpp +@@ -98,7 +98,7 @@ void StatusPanel::sendText(const QString& sendLine) + QString outputAll(sendLine); + + // replace aliases and wildcards +- m_server->getOutputFilter()->replaceAliases(outputAll); ++ m_server->getOutputFilter()->replaceAliases(outputAll, this); + + // Send all strings, one after another + QStringList outList=outputAll.split('\n'); +-- +1.9.3 + diff --git a/0016-Update-cached-auto-join-command-when-setting-CHANTYP.patch b/0016-Update-cached-auto-join-command-when-setting-CHANTYP.patch new file mode 100644 index 0000000..cf87e7b --- /dev/null +++ b/0016-Update-cached-auto-join-command-when-setting-CHANTYP.patch @@ -0,0 +1,30 @@ +From a0dc40c61bcc8f358bb2d2c206c37c73f5482542 Mon Sep 17 00:00:00 2001 +From: Eike Hein +Date: Tue, 22 Jul 2014 15:15:00 +0200 +Subject: [PATCH 16/23] Update cached auto-join command when setting CHANTYPES. + +--- + ChangeLog | 3 +++ + src/irc/server.cpp | 6 ++++++ + 2 files changed, 9 insertions(+) + +diff --git a/src/irc/server.cpp b/src/irc/server.cpp +index 84508cc..6c07129 100644 +--- a/src/irc/server.cpp ++++ b/src/irc/server.cpp +@@ -534,6 +534,12 @@ void Server::showSSLDialog() + void Server::setChannelTypes(const QString &pre) + { + m_channelPrefixes = pre; ++ ++ if (getConnectionSettings().reconnectCount() == 0) { ++ updateAutoJoin(m_connectionSettings.oneShotChannelList()); ++ } else { ++ updateAutoJoin(); ++ } + } + + QString Server::getChannelTypes() const +-- +1.9.3 + diff --git a/0018-Fix-viewtype-check-during-setup.patch b/0018-Fix-viewtype-check-during-setup.patch new file mode 100644 index 0000000..cdd6a40 --- /dev/null +++ b/0018-Fix-viewtype-check-during-setup.patch @@ -0,0 +1,26 @@ +From 2d200537151ea2cb00d9d6e6cb858703abdf1fb7 Mon Sep 17 00:00:00 2001 +From: eli mackenzie +Date: Fri, 8 Aug 2014 15:17:37 -0400 +Subject: [PATCH 18/23] Fix viewtype check during setup + +CCBUG:338089 +--- + src/viewer/viewcontainer.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/viewer/viewcontainer.cpp b/src/viewer/viewcontainer.cpp +index 6b95066..2e8da6c 100644 +--- a/src/viewer/viewcontainer.cpp ++++ b/src/viewer/viewcontainer.cpp +@@ -264,7 +264,7 @@ void ViewContainer::setupViewTree() + { + ChatWindow* view = static_cast(m_tabWidget->widget(i)); + +- if (!view->getType() == ChatWindow::Status) ++ if (view->getType() != ChatWindow::Status) + { + if (view == m_frontView) + m_viewTree->addView(view->getName(), view, m_tabWidget->tabIcon(m_tabWidget->indexOf(view)), true); +-- +1.9.3 + diff --git a/0019-Fix-incorrect-getAutomaticRequest-usage.patch b/0019-Fix-incorrect-getAutomaticRequest-usage.patch new file mode 100644 index 0000000..78bc888 --- /dev/null +++ b/0019-Fix-incorrect-getAutomaticRequest-usage.patch @@ -0,0 +1,58 @@ +From 76c8de488785dbe8487d21ccc17581b5a372a14e Mon Sep 17 00:00:00 2001 +From: eli mackenzie +Date: Fri, 8 Aug 2014 14:58:45 -0400 +Subject: [PATCH 19/23] Fix incorrect getAutomaticRequest usage + +getAutomaticRequest returns the current pending count so all callers +have to handle the possibility of there being more than one pending +request. This means that any tests comparing with 1 will malfunction if +there is more than one pending request. + +BUG:338089 +--- + src/irc/inputfilter.cpp | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/irc/inputfilter.cpp b/src/irc/inputfilter.cpp +index f4bec0b..ff1c53a 100644 +--- a/src/irc/inputfilter.cpp ++++ b/src/irc/inputfilter.cpp +@@ -1101,7 +1101,7 @@ void InputFilter::parseServerCommand(const QString &prefix, const QString &comma + m_server->queueNicks(parameterList.value(2), nickList); // TEST this was a 2 + + // Display message only if this was not an automatic request. +- if (!getAutomaticRequest("NAMES", parameterList.value(2)) == 1) ++ if (getAutomaticRequest("NAMES", parameterList.value(2)) == 0) + { + m_server->appendMessageToFrontmost(i18n("Names"), trailing); + } +@@ -1112,7 +1112,7 @@ void InputFilter::parseServerCommand(const QString &prefix, const QString &comma + { + if (plHas(2)) + { +- if (getAutomaticRequest("NAMES",parameterList.value(1)) == 1) ++ if (getAutomaticRequest("NAMES",parameterList.value(1)) != 0) + { + // This code path was taken for the automatic NAMES input on JOIN, upcoming + // NAMES input for this channel will be manual invocations of /names +@@ -1469,7 +1469,7 @@ void InputFilter::parseServerCommand(const QString &prefix, const QString &comma + else + { + // This WHOIS was requested by Server for DNS resolve purposes; try to resolve the host +- if (getAutomaticRequest("DNS", parameterList.value(1)) == 1) ++ if (getAutomaticRequest("DNS", parameterList.value(1)) != 0) + { + QHostInfo resolved = QHostInfo::fromName(parameterList.value(3)); + if (resolved.error() == QHostInfo::NoError && !resolved.addresses().isEmpty()) +@@ -2057,7 +2057,7 @@ void InputFilter::parseServerCommand(const QString &prefix, const QString &comma + { + m_server->pongReceived(); + } +- else if (getAutomaticRequest("WHOIS", parameterList.value(1)) == 1) //Inhibit message if this was an automatic request ++ else if (getAutomaticRequest("WHOIS", parameterList.value(1)) != 0) //Inhibit message if this was an automatic request + { + setAutomaticRequest("WHOIS", parameterList.value(1), false); + } +-- +1.9.3 + diff --git a/0023-Do-a-bounds-check-on-ECB-blocks.patch b/0023-Do-a-bounds-check-on-ECB-blocks.patch new file mode 100644 index 0000000..0271725 --- /dev/null +++ b/0023-Do-a-bounds-check-on-ECB-blocks.patch @@ -0,0 +1,58 @@ +From 1f55cee8b3d0956adc98834f7b5832e48e077ed7 Mon Sep 17 00:00:00 2001 +From: Eike Hein +Date: Fri, 24 Oct 2014 13:57:54 +0200 +Subject: [PATCH 23/23] Do a bounds check on ECB blocks. + +Blindly assuming they're the expected 12 chars can lead to a crash +on malformed input. + +Original patch by Manuel Nickschas for Quassel, who incorporated +the original Konversation code into Quassel in 2009. + +Upstream: +https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138 +--- + src/cipher.cpp | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/src/cipher.cpp b/src/cipher.cpp +index 514e390..019b0ac 100644 +--- a/src/cipher.cpp ++++ b/src/cipher.cpp +@@ -353,8 +353,12 @@ namespace Konversation + } + else + { ++ // ECB Blowfish encodes in blocks of 12 chars, so anything else is malformed input ++ if ((temp.length() % 12) != 0) ++ return cipherText; ++ + temp = b64ToByte(temp); +- while((temp.length() % 8) != 0) temp.append('\0'); ++ while ((temp.length() % 8) != 0) temp.append('\0'); + } + + QCA::Direction dir = (direction) ? QCA::Encode : QCA::Decode; +@@ -362,11 +366,17 @@ namespace Konversation + QByteArray temp2 = cipher.update(QCA::MemoryRegion(temp)).toByteArray(); + temp2 += cipher.final().toByteArray(); + +- if(!cipher.ok()) ++ if (!cipher.ok()) + return cipherText; + +- if(direction) ++ if (direction) ++ { ++ // Sanity check ++ if ((temp2.length() % 8) != 0) ++ return cipherText; ++ + temp2 = byteToB64(temp2); ++ } + + return temp2; + } +-- +1.9.3 + diff --git a/konversation.spec b/konversation.spec index 4e37c76..b80af0a 100644 --- a/konversation.spec +++ b/konversation.spec @@ -1,7 +1,7 @@ Name: konversation Version: 1.5 -Release: 5%{?dist} +Release: 6%{?dist} Summary: A user friendly IRC client License: GPLv2+ @@ -14,6 +14,14 @@ Source0: http://download.kde.org/%{?pre:un}stable/konversation/%{version} %endif ## upstream patches +Patch03: 0003-Don-t-choke-on-empty-lines-in-etc-os-release.patch +Patch04: 0004-Force-C-locale-when-executing-df.patch +Patch07: 0007-Give-a-Konvi-a-hint-that-Cantata-is-an-audio-type-pl.patch +Patch11: 0011-Fix-wildcard-expansion-in-command-alias-replacements.patch +Patch16: 0016-Update-cached-auto-join-command-when-setting-CHANTYP.patch +Patch18: 0018-Fix-viewtype-check-during-setup.patch +Patch19: 0019-Fix-incorrect-getAutomaticRequest-usage.patch +Patch23: 0023-Do-a-bounds-check-on-ECB-blocks.patch BuildRequires: desktop-file-utils BuildRequires: gettext @@ -36,7 +44,16 @@ to chat windows; configurable background colors and much more %prep -%setup -q -n %{name}-%{version}%{?pre:-%{pre}} +%setup -n %{name}-%{version}%{?pre:-%{pre}} + +%patch03 -p1 -b .0003 +%patch04 -p1 -b .0004 +%patch07 -p1 -b .0007 +%patch11 -p1 -b .0011 +%patch16 -p1 -b .0016 +%patch18 -p1 -b .0018 +%patch19 -p1 -b .0019 +%patch23 -p1 -b .0023 %build @@ -82,6 +99,9 @@ fi %changelog +* Mon Oct 27 2014 Rex Dieter 1.5-6 +- pull in 1.5 branch fixes, including... out-of-bounds read flaw (#1157342,1156418) + * Sun Aug 17 2014 Fedora Release Engineering - 1.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild