rpms / kdelibs3

Clone
Source Code
GIT

Blame kdelibs-3.5.10-CVE-2019-14744.patch

epel7 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f9 main rawhide
  1.   f31
  2.   kdelibs-3.5.10-CVE-2019-14744.patch
Blob History Raw
Kevin Kofler 23f5d78 
diff -ur kdelibs-3.5.10/kdecore/kconfigbase.cpp kdelibs-3.5.10-CVE-2019-14744/kdecore/kconfigbase.cpp
Kevin Kofler 23f5d78 
--- kdelibs-3.5.10/kdecore/kconfigbase.cpp	2008-02-13 10:41:09.000000000 +0100
Kevin Kofler 23f5d78 
+++ kdelibs-3.5.10-CVE-2019-14744/kdecore/kconfigbase.cpp	2019-08-09 00:08:17.933610551 +0200
Kevin Kofler 23f5d78 
@@ -258,26 +258,7 @@
Kevin Kofler 23f5d78
Kevin Kofler 23f5d78 
       while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(aValue.length())) {
Kevin Kofler 23f5d78 
         // there is at least one $
Kevin Kofler 23f5d78 
-        if( (aValue)[nDollarPos+1] == '(' ) {
Kevin Kofler 23f5d78 
-          uint nEndPos = nDollarPos+1;
Kevin Kofler 23f5d78 
-          // the next character is no $
Kevin Kofler 23f5d78 
-          while ( (nEndPos <= aValue.length()) && (aValue[nEndPos]!=')') )
Kevin Kofler 23f5d78 
-              nEndPos++;
Kevin Kofler 23f5d78 
-          nEndPos++;
Kevin Kofler 23f5d78 
-          QString cmd = aValue.mid( nDollarPos+2, nEndPos-nDollarPos-3 );
Kevin Kofler 23f5d78 
-
Kevin Kofler 23f5d78 
-          QString result;
Kevin Kofler 23f5d78 
-          FILE *fs = popen(QFile::encodeName(cmd).data(), "r");
Kevin Kofler 23f5d78 
-          if (fs)
Kevin Kofler 23f5d78 
-          {
Kevin Kofler 23f5d78 
-             {
Kevin Kofler 23f5d78 
-             QTextStream ts(fs, IO_ReadOnly);
Kevin Kofler 23f5d78 
-             result = ts.read().stripWhiteSpace();
Kevin Kofler 23f5d78 
-             }
Kevin Kofler 23f5d78 
-             pclose(fs);
Kevin Kofler 23f5d78 
-          }
Kevin Kofler 23f5d78 
-          aValue.replace( nDollarPos, nEndPos-nDollarPos, result );
Kevin Kofler 23f5d78 
-        } else if( (aValue)[nDollarPos+1] != '$' ) {
Kevin Kofler 23f5d78 
+        if( (aValue)[nDollarPos+1] != '$' ) {
Kevin Kofler 23f5d78 
           uint nEndPos = nDollarPos+1;
Kevin Kofler 23f5d78 
           // the next character is no $
Kevin Kofler 23f5d78 
           QString aVarName;
Kevin Kofler 23f5d78 
diff -ur kdelibs-3.5.10/kdecore/README.kiosk kdelibs-3.5.10-CVE-2019-14744/kdecore/README.kiosk
Kevin Kofler 23f5d78 
--- kdelibs-3.5.10/kdecore/README.kiosk	2005-09-10 10:27:12.000000000 +0200
Kevin Kofler 23f5d78 
+++ kdelibs-3.5.10-CVE-2019-14744/kdecore/README.kiosk	2019-08-09 00:09:28.552462522 +0200
Kevin Kofler 23f5d78 
@@ -642,18 +642,6 @@
Kevin Kofler 23f5d78 
 Name[$ei]=${USER}
Kevin Kofler 23f5d78
Kevin Kofler 23f5d78
Kevin Kofler 23f5d78 
-Shell Commands in KDE config files.
Kevin Kofler 23f5d78 
-===================================
Kevin Kofler 23f5d78 
-
Kevin Kofler 23f5d78 
-In KDE3.1 arbitrary entries in configuration files can contain shell
Kevin Kofler 23f5d78 
-commands. This way the value of a configuration entry can be determined
Kevin Kofler 23f5d78 
-dynamically at runtime. In order to use this the entry must be marked
Kevin Kofler 23f5d78 
-with [$e].
Kevin Kofler 23f5d78 
-
Kevin Kofler 23f5d78 
-Example:
Kevin Kofler 23f5d78 
-Host[$e]=$(hostname)
Kevin Kofler 23f5d78 
-
Kevin Kofler 23f5d78 
-
Kevin Kofler 23f5d78 
 KDE3 Kiosk Application API
Kevin Kofler 23f5d78 
 ==========================
Kevin Kofler 23f5d78
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.