From ba6fc509e6594a4aa720ac1233ea5f941dc1cc0e Mon Sep 17 00:00:00 2001
From: espie <espie@openbsd.org>
Date: Sat, 25 Aug 2007 08:03:02 +0000
Subject: [PATCH] CVE-2007-4224 CVE-2007-3820

---
 x11/kde/base3/Makefile                        |  4 +--
 .../patches/patch-konqueror_konq_combo_cc     | 13 +++++++
 .../patch-konqueror_konq_mainwindow_cc        | 27 ++++++++++++++
 .../patches/patch-konqueror_konq_viewmgr_cc   | 12 +++++++
 x11/kde/libs3/Makefile                        |  4 +--
 x11/kde/libs3/patches/patch-kdecore_kurl_cpp  | 21 +++++++++++
 .../patches/patch-kdecore_tests_kurltest_cpp  | 36 +++++++++++++++++++
 7 files changed, 113 insertions(+), 4 deletions(-)
 create mode 100644 x11/kde/base3/patches/patch-konqueror_konq_combo_cc
 create mode 100644 x11/kde/base3/patches/patch-konqueror_konq_mainwindow_cc
 create mode 100644 x11/kde/base3/patches/patch-konqueror_konq_viewmgr_cc
 create mode 100644 x11/kde/libs3/patches/patch-kdecore_kurl_cpp
 create mode 100644 x11/kde/libs3/patches/patch-kdecore_tests_kurltest_cpp

diff --git a/x11/kde/base3/Makefile b/x11/kde/base3/Makefile
index 278b5e7ba41..e799c1b79f5 100644
--- a/x11/kde/base3/Makefile
+++ b/x11/kde/base3/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.75 2007/07/02 06:07:03 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.76 2007/08/25 08:03:02 espie Exp $
 
 COMMENT-main= 		"K Desktop Environment, basic applications"
 COMMENT-plugins=	"Konqueror nsplugins, essentially native JDK"
@@ -6,7 +6,7 @@ COMMENT-samba=		"K Desktop Environment, samba support"
 CATEGORIES=		x11 x11/kde
 VERSION=		3.5.7
 DISTNAME=		kdebase-${VERSION}
-PKGNAME-main=		${DISTNAME}p0
+PKGNAME-main=		${DISTNAME}p1
 PKGNAME-samba=		kdesamba-${VERSION}
 MODKDE_VERSION?=	3.5.7
 SHARED_LIBS +=	konq                 7.0      # .6.0
diff --git a/x11/kde/base3/patches/patch-konqueror_konq_combo_cc b/x11/kde/base3/patches/patch-konqueror_konq_combo_cc
new file mode 100644
index 00000000000..83959c25e61
--- /dev/null
+++ b/x11/kde/base3/patches/patch-konqueror_konq_combo_cc
@@ -0,0 +1,13 @@
+$OpenBSD: patch-konqueror_konq_combo_cc,v 1.1 2007/08/25 08:03:02 espie Exp $
+--- konqueror/konq_combo.cc.orig	Sun Oct  1 19:32:03 2006
++++ konqueror/konq_combo.cc	Wed Aug 15 13:55:38 2007
+@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& url )
+         kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
+                                   "addToCombo(QString,QCString)", data);
+     }
++    // important security consideration: always display the beginning
++    // of the url rather than its end to prevent spoofing attempts.
++    lineEdit()->setCursorPosition( 0 );
+ }
+ 
+ void KonqCombo::setTemporary( const QString& text )
diff --git a/x11/kde/base3/patches/patch-konqueror_konq_mainwindow_cc b/x11/kde/base3/patches/patch-konqueror_konq_mainwindow_cc
new file mode 100644
index 00000000000..bbd29a74dfb
--- /dev/null
+++ b/x11/kde/base3/patches/patch-konqueror_konq_mainwindow_cc
@@ -0,0 +1,27 @@
+$OpenBSD: patch-konqueror_konq_mainwindow_cc,v 1.5 2007/08/25 08:03:02 espie Exp $
+--- konqueror/konq_mainwindow.cc.orig	Mon May 14 09:55:47 2007
++++ konqueror/konq_mainwindow.cc	Wed Aug 15 13:55:38 2007
+@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView *_view, const K
+   }
+   else // no known serviceType, use KonqRun
+   {
+-      if ( ( view && view == m_currentView ) ||
+-              ( !view && !req.newTab ) ) // startup with argument
++      if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument
+       {
+           // Show it for now in the location bar, but we'll need to store it in the view
+           // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called).
+-          kdDebug(1202) << "setLocationBarURL : url = " << url << endl;
++          kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl;
+           setLocationBarURL( url );
+       }
+ 
+@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString serviceType, co
+         if ( childView )
+         {
+             enableAllActions( true );
+-
+-            m_pViewManager->setActivePart( childView->part() );
+             m_currentView = childView;
+         }
+       }
diff --git a/x11/kde/base3/patches/patch-konqueror_konq_viewmgr_cc b/x11/kde/base3/patches/patch-konqueror_konq_viewmgr_cc
new file mode 100644
index 00000000000..80466651f10
--- /dev/null
+++ b/x11/kde/base3/patches/patch-konqueror_konq_viewmgr_cc
@@ -0,0 +1,12 @@
+$OpenBSD: patch-konqueror_konq_viewmgr_cc,v 1.1 2007/08/25 08:03:02 espie Exp $
+--- konqueror/konq_viewmgr.cc.orig	Mon Jan 15 12:32:12 2007
++++ konqueror/konq_viewmgr.cc	Wed Aug 15 13:55:38 2007
+@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChanged ( KParts::
+ 
+ void KonqViewManager::emitActivePartChanged()
+ {
++    // prevent unnecessary multiple calls to slotPartActivated:
++    m_activePartChangedTimer->stop();
+     m_pMainWindow->slotPartActivated( activePart() );
+ }
+ 
diff --git a/x11/kde/libs3/Makefile b/x11/kde/libs3/Makefile
index 56fa021a1b7..dce117f6d4c 100644
--- a/x11/kde/libs3/Makefile
+++ b/x11/kde/libs3/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.81 2007/05/25 09:49:54 espie Exp $
+# $OpenBSD: Makefile,v 1.82 2007/08/25 08:03:02 espie Exp $
 
 COMMENT-main=		"K Desktop Environment, libraries"
 COMMENT-cups=		"K Desktop Environment, cups support"
@@ -8,7 +8,7 @@ DISTNAME=		kdelibs-${VERSION}
 MASTER_SITES0=  ftp://ftp.kde.org/pub/kde/security_patches/
 #PATCHFILES=	post-3.4.3-kdelibs-kjs.diff:0
 
-PKGNAME-main=		${DISTNAME}
+PKGNAME-main=		${DISTNAME}p0
 PKGNAME-cups=		kdecups-${VERSION}
 MODKDE_VERSION=		3.5.7
 SHARED_LIBS +=	DCOP                 7.0      # .6.0
diff --git a/x11/kde/libs3/patches/patch-kdecore_kurl_cpp b/x11/kde/libs3/patches/patch-kdecore_kurl_cpp
new file mode 100644
index 00000000000..8914e5289db
--- /dev/null
+++ b/x11/kde/libs3/patches/patch-kdecore_kurl_cpp
@@ -0,0 +1,21 @@
+$OpenBSD: patch-kdecore_kurl_cpp,v 1.2 2007/08/25 08:03:02 espie Exp $
+--- kdecore/kurl.cpp.orig	Sat Nov 19 10:09:18 2005
++++ kdecore/kurl.cpp	Wed Aug 15 13:51:42 2007
+@@ -183,7 +183,7 @@ static QString lazy_encode( const QString& segment, bo
+         (character == '?') || // Start of query delimiter
+         ((character == '@') && encodeAt) || // Username delimiter
+         (character == '#') || // Start of reference delimiter
+-        ((character == 32) && (i+1 == old_length))) // A trailing space
++        ((character == 32) && (i+1 == old_length || segment[i+1] == ' '))) // A trailing space
+     {
+       new_segment[ new_length++ ] = '%';
+ 
+@@ -1540,7 +1540,7 @@ QString KURL::prettyURL( int _trailing ) const
+     u += "//";
+     if ( hasUser() )
+     {
+-      u += lazy_encode(m_strUser);
++      u += encode(m_strUser, 0, 0);
+       // Don't show password!
+       u += "@";
+     }
diff --git a/x11/kde/libs3/patches/patch-kdecore_tests_kurltest_cpp b/x11/kde/libs3/patches/patch-kdecore_tests_kurltest_cpp
new file mode 100644
index 00000000000..785abcaf20a
--- /dev/null
+++ b/x11/kde/libs3/patches/patch-kdecore_tests_kurltest_cpp
@@ -0,0 +1,36 @@
+$OpenBSD: patch-kdecore_tests_kurltest_cpp,v 1.1 2007/08/25 08:03:02 espie Exp $
+--- kdecore/tests/kurltest.cpp.orig	Fri Mar 17 11:19:04 2006
++++ kdecore/tests/kurltest.cpp	Wed Aug 15 13:51:42 2007
+@@ -288,6 +288,16 @@ int main(int argc, char *argv[])
+   check("KURL::prettyURL()", url15582.prettyURL(), "http://alain.knaff.linux.lu/bug-reports/kde/percentage%in%url.html");
+   check("KURL::url()", url15582.url(), "http://alain.knaff.linux.lu/bug-reports/kde/percentage%25in%25url.html");
+ 
++  KURL whitespaceInUser("http://www.google.com%20%20%20%20%20@foobar.com/");
++  check("KURL::prettyURL()", whitespaceInUser.prettyURL(), "http://www.google.com%20%20%20%20%20@foobar.com/");
++
++  KURL whitespaceInPath("http://www.google.com/foo%20bar/");
++  check("KURL::prettyURL()", whitespaceInPath.prettyURL(), "http://www.google.com/foo bar/");
++
++   KURL whitespaceInPath2("http://www.google.com/foo%20%20%20%20%20%20%20bar/");
++  check("KURL::prettyURL()", whitespaceInPath2.prettyURL(),
++          "http://www.google.com/foo%20%20%20%20%20%20 bar/");
++
+   KURL carsten;
+   carsten.setPath("/home/gis/src/kde/kdelibs/kfile/.#kfiledetailview.cpp.1.18");
+   check("KURL::path()", carsten.path(), "/home/gis/src/kde/kdelibs/kfile/.#kfiledetailview.cpp.1.18");
+@@ -593,6 +603,15 @@ int main(int argc, char *argv[])
+         "http://meine.db24.de#link=home_c_login_login");
+   check("http: URL with empty path string path", waba1.path(),
+         "");
++
++  waba1 = "http://www.meinestadt.de&url_plain=http";
++  check("http: URL with empty path string", waba1.host(),
++         "www.meinestadt.de&url_plain=http");
++  check("http: URL with empty path string", waba1.htmlURL(),
++         "http://www.meinestadt.de&amp;url_plain=http");
++ 
++  check("http: URL with empty path string", waba1.path(),
++         "");
+ 
+   waba1 = "http://a:389#b=c";
+   check( "http: URL with port, ref, and empty path; url", waba1.url(), "http://a:389#b=c" );