18.08.3

drop -htmlthumbnail: CVE-2018-19120 kio-extras: HTML Thumbnailer automatic remote file access (#1649421)
6 years ago · 1b66c4c48b
parent 8608e864a3
commit 1b66c4c48b
5 changed files with 11 additions and 106 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1 @@
-/kio-extras-17.12.3.tar.xz
-/kio-extras-18.04.0.tar.xz
-/kio-extras-18.04.1.tar.xz
-/kio-extras-18.04.2.tar.xz
-/kio-extras-18.04.3.tar.xz
-/kio-extras-18.08.1.tar.xz
-/kio-extras-18.08.2.tar.xz
+/kio-extras-18.08.3.tar.xz
--- a/0001-Avoid-crash-by-not-checking-free-space-for-smb.patch
+++ b/0001-Avoid-crash-by-not-checking-free-space-for-smb.patch
@ -1,37 +0,0 @@
-From 767415da97a7fae3c5578b9a4fb17a7be041d8ae Mon Sep 17 00:00:00 2001
-From: Kai Uwe Broulik <kde@privat.broulik.de>
-Date: Fri, 31 Aug 2018 09:17:17 +0200
-Subject: [PATCH] Avoid crash by not checking free space for smb://
-
-This isn't a real location but the overview of all found hosts.
-smbc_opendir would succeed but then crash in smbc_fstatvfs
-
-Differential Revision: https://phabricator.kde.org/D15142
-
-(cherry picked from commit 000b1d910b71b491621c7cdbd934c277171c20bf)
---
- smb/kio_smb_browse.cpp | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/smb/kio_smb_browse.cpp b/smb/kio_smb_browse.cpp
-index 47b2b328..1fa0e6fb 100644
--- a/smb/kio_smb_browse.cpp
-+++ b/smb/kio_smb_browse.cpp
-@@ -492,6 +492,14 @@ void SMBSlave::fileSystemFreeSpace(const QUrl& url)
- {
-     qCDebug(KIO_SMB) << url;
- 
-+    // Avoid crashing in smbc_fstatvfs below when
-+    // requesting free space for smb:// which doesn't
-+    // make sense to do to begin with
-+    if (url.host().isEmpty()) {
-+        error(KIO::ERR_COULD_NOT_STAT, url.url());
-+        return;
-+    }
-+
-     SMBUrl smbcUrl = url;
-     int handle = smbc_opendir(smbcUrl.toSmbcUrl());
-     if (handle < 0) {
-- 
-2.17.2
-
--- a/kio-extras-17.12.0-nfs-libtirpc.patch
+++ b/kio-extras-17.12.0-nfs-libtirpc.patch
@ -1,38 +0,0 @@
-diff -ur kio-extras-17.12.0/CMakeLists.txt kio-extras-17.12.0-nfs-libtirpc/CMakeLists.txt
--- kio-extras-17.12.0/CMakeLists.txt	2017-12-08 02:00:30.000000000 +0100
-+++ kio-extras-17.12.0-nfs-libtirpc/CMakeLists.txt	2018-01-10 19:56:58.179385571 +0100
-@@ -177,9 +177,11 @@
-    if(Gperf_FOUND AND KF5KHtml_FOUND)
-      add_subdirectory( man )
-    endif()
-   check_include_files(rpc/rpc.h HAVE_RPC_RPC_H)
-   add_feature_info("NFS kioslave" HAVE_RPC_RPC_H "The RPC library is needed to build the NFS kioslave")
-   if(HAVE_RPC_RPC_H)
-+   pkg_check_modules(TIRPC libtirpc)
-+   include_directories(${TIRPC_INCLUDE_DIRS})
-+   set(CMAKE_REQUIRED_LIBRARIES ${TIRPC_LIBRARIES})
-+   add_feature_info("NFS kioslave" TIRPC_FOUND "The RPC library is needed to build the NFS kioslave")
-+   if(TIRPC_FOUND)
-      add_subdirectory( nfs )
-    endif()
- endif()
-diff -ur kio-extras-17.12.0/nfs/CMakeLists.txt kio-extras-17.12.0-nfs-libtirpc/nfs/CMakeLists.txt
--- kio-extras-17.12.0/nfs/CMakeLists.txt	2017-12-05 00:08:51.000000000 +0100
-+++ kio-extras-17.12.0-nfs-libtirpc/nfs/CMakeLists.txt	2018-01-10 19:56:58.179385571 +0100
-@@ -10,6 +10,7 @@
-     message(FATAL_ERROR "Could not find 64-bit XDR datatype functions!")
- endif (NOT HAVE_XDR_U_INT64_T AND NOT HAVE_XDR_UINT64_T AND NOT HAVE_XDR_U_HYPER AND NOT HAVE_XDR_U_LONGLONG_T)
- 
-+add_definitions(-D_DEFAULT_SOURCE)
- if (HAVE_XDR_U_INT64_T)
-     add_definitions(-DHAVE_XDR_U_INT64_T)
- endif (HAVE_XDR_U_INT64_T)
-@@ -26,7 +27,7 @@
- add_definitions(-DTRANSLATION_DOMAIN=\"kio5_nfs\")
- 
- add_library(kio_nfs MODULE kio_nfs.cpp nfsv2.cpp nfsv3.cpp rpc_nfs3_prot_xdr.c rpc_nfs2_prot_xdr.c)
-target_link_libraries(kio_nfs KF5::KIOCore KF5::I18n Qt5::Network)
-+target_link_libraries(kio_nfs KF5::KIOCore KF5::I18n Qt5::Network ${TIRPC_LIBRARIES})
- set_target_properties(kio_nfs PROPERTIES OUTPUT_NAME "nfs")
- 
- install(TARGETS kio_nfs DESTINATION ${PLUGIN_INSTALL_DIR}/kf5/kio)
--- a/kio-extras.spec
+++ b/kio-extras.spec
@ -7,8 +7,8 @@
 %endif

 Name:    kio-extras
-Version: 18.08.2
-Release: 2%{?dist}
+Version: 18.08.3
+Release: 1%{?dist}
 Summary: Additional components to increase the functionality of KIO Framework

 License: GPLv2+
@ -70,13 +70,6 @@ BuildRequires:  pkgconfig(shared-mime-info)
 BuildRequires:  qt5-qtbase-devel
 BuildRequires:  qt5-qtsvg-devel
 BuildRequires:  taglib-devel > 1.11
-%if 0%{?fedora} > 24
-# work around possibly missing macro
-%{!?qt5_qtwebengine_arches:%global qt5_qtwebengine_arches %{ix86} x86_64 %{arm} aarch64 mips mipsel mips64el}
-%ifarch %{qt5_qtwebengine_arches}
-%global htmlthumbnail 1
-%endif
-%endif

 %if 0%{?tests}
 BuildRequires: dbus-x11
@ -97,21 +90,15 @@ Obsoletes: kio-extras-doc < 5.8.0-2
 Obsoletes: kio-extras-docs < 17.03
 Provides:  kio-extras-docs = %{version}-%{release}

+# -htmlthumbnail removed
+Obsoletes: kio-extras-htmlthumbnail < 18.08.3
+
 # helpful for  imagethumbnail plugin
 Recommends:     qt5-qtimageformats %{?_isa}

 %description
 %{summary}.

-%if 0%{?htmlthumbnail}
-%package        htmlthumbnail
-Summary:        KIO HTML thumbnailer
-BuildRequires:  qt5-qtwebengine-devel >= 5.7
-Requires:       %{name}%{?_isa} = %{version}-%{release}
-%description    htmlthumbnail
-%{summary}.
-%endif
-
 %package        devel
 Summary:        Development files for %{name}
 Requires:       %{name}%{?_isa} = %{version}-%{release}
@ -210,11 +197,6 @@ time make test -C %{_target_platform} ARGS="--output-on-failure --timeout 10" ||
 %{_datadir}/mime/packages/kf5_network.xml
 %{_datadir}/config.kcfg/jpegcreatorsettings5.kcfg

-%if 0%{?htmlthumbnail}
-%files htmlthumbnail
-%{_kf5_qtplugindir}/htmlthumbnail.so
-%endif
-
 %files devel
 %{_kf5_includedir}/*.h
 # no soname symlink? --rex
@ -226,6 +208,10 @@ time make test -C %{_target_platform} ARGS="--output-on-failure --timeout 10" ||


 %changelog
+* Tue Nov 13 2018 Rex Dieter <rdieter@fedoraproject.org> - 18.08.3-1
+- 18.08.3
+- drop -htmlthumbnail: CVE-2018-19120 kio-extras: HTML Thumbnailer automatic remote file access (#1649421)
+
 * Wed Oct 17 2018 Rex Dieter <rdieter@fedoraproject.org> - 18.08.2-2
 - pull in upstream crash fix, use %%make_build

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (kio-extras-18.08.2.tar.xz) = da2f9f573f993a49fc54efba25c653614b3505cf727205eca360298f88b783505171168931193080bc5e50f5a9e8609b90f5a9a734894e087cd8ed5805f3d905
+SHA512 (kio-extras-18.08.3.tar.xz) = f79ab19abedd47baeffea4b1e99acc21611c9d435f0de14751594c97c373eaa493da07fd5d754b1f62f696e4f445b493861566845794d6d32e63e0354189d726