Bug 3422

Summary: Update candidate for kdelibs
Product: Mageia Reporter: John Balcaen <balcaen.john>
Component: RPM PackagesAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: balcaen.john, davidwhodgins, sysadmin-bugs, tmb
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 1324, 3174, 3436    
Attachments: html page that crashes with older kdelibs installed.

Description John Balcaen 2011-11-23 03:56:03 CET 
For QA :
This update provides fix for several bugs

-patch210 is supposed to fix mga #3174 ( a crash of kcharselect)
-patch400 is an upstream fix for kde #280446 ( sometimes dolphin could become unresponsive for a lot of time due to a corrupted mime files  see https://bugs.kde.org/280446 for more details )
-patch401 fix a crash of konqueror/rekonq cf https://bugs.kde.org/270209 & https://bugs.kde.org/show_bug.cgi?id=278926
- patch402 fix mga #1324 (an authorization issue on first boot to create ~/.local/share/user-places.xbel)
- patch403 is fixing kde #181847 (Luks partition should be now visible under dolphin) https://bugs.kde.org/show_bug.cgi?id=181847
For this one i need to create locally a luks partition to see if it's really effective

- Additionaly patch7 was synced with the fedora's one so NFS drives should be now visible in dolphin (the code related to fstab was wrongly removed in the halectomy patch)

Advisory :

This update provides additional bugfixes for some upstream bugs & some mageia specifics issues :
- a fix for kcharselect is included see https://bugs.kde.org/show_bug.cgi?id=235020
- NFS drives & LUKS partition are now visible in dolphin
- The autorisation error on first boot related to mga #1324 is gone
- A crash of konqueror/rekonq is fixed ( see  https://bugs.kde.org/270209 & https://bugs.kde.org/show_bug.cgi?id=278926 )


Src rpm :kdelibs4-4.6.5-1.4.mga1.src.rpm

List of packages :

x86_64 :
kdelibs4-core-4.6.5-1.4.mga1.x86_64.rpm
kdelibs4-debug-4.6.5-1.4.mga1.x86_64.rpm
kdelibs4-devel-4.6.5-1.4.mga1.x86_64.rpm
lib64katepartinterfaces4-4.6.5-1.4.mga1.x86_64.rpm
lib64kcmutils4-4.6.5-1.4.mga1.x86_64.rpm
lib64kde3support4-4.6.5-1.4.mga1.x86_64.rpm
lib64kdecore5-4.6.5-1.4.mga1.x86_64.rpm
lib64kdefakes5-4.6.5-1.4.mga1.x86_64.rpm
lib64kdesu5-4.6.5-1.4.mga1.x86_64.rpm
lib64kdeui5-4.6.5-1.4.mga1.x86_64.rpm
lib64kdewebkit5-4.6.5-1.4.mga1.x86_64.rpm
lib64kdnssd4-4.6.5-1.4.mga1.x86_64.rpm
lib64kemoticons4-4.6.5-1.4.mga1.x86_64.rpm
lib64kfile4-4.6.5-1.4.mga1.x86_64.rpm
lib64khtml5-4.6.5-1.4.mga1.x86_64.rpm
lib64kidletime4-4.6.5-1.4.mga1.x86_64.rpm
lib64kimproxy4-4.6.5-1.4.mga1.x86_64.rpm
lib64kio5-4.6.5-1.4.mga1.x86_64.rpm
lib64kjs4-4.6.5-1.4.mga1.x86_64.rpm
lib64kjsapi4-4.6.5-1.4.mga1.x86_64.rpm
lib64kjsembed4-4.6.5-1.4.mga1.x86_64.rpm
lib64kmediaplayer4-4.6.5-1.4.mga1.x86_64.rpm
lib64knewstuff2_4-4.6.5-1.4.mga1.x86_64.rpm
lib64knewstuff3_4-4.6.5-1.4.mga1.x86_64.rpm
lib64knotifyconfig4-4.6.5-1.4.mga1.x86_64.rpm
lib64kntlm4-4.6.5-1.4.mga1.x86_64.rpm
lib64kparts4-4.6.5-1.4.mga1.x86_64.rpm
lib64kprintutils4-4.6.5-1.4.mga1.x86_64.rpm
lib64kpty4-4.6.5-1.4.mga1.x86_64.rpm
lib64krosscore4-4.6.5-1.4.mga1.x86_64.rpm
lib64krossui4-4.6.5-1.4.mga1.x86_64.rpm
lib64ktexteditor4-4.6.5-1.4.mga1.x86_64.rpm
lib64kunitconversion4-4.6.5-1.4.mga1.x86_64.rpm
lib64kunittest4-4.6.5-1.4.mga1.x86_64.rpm
lib64kutils4-4.6.5-1.4.mga1.x86_64.rpm
lib64nepomuk4-4.6.5-1.4.mga1.x86_64.rpm
lib64nepomukquery4-4.6.5-1.4.mga1.x86_64.rpm
lib64nepomukutils4-4.6.5-1.4.mga1.x86_64.rpm
lib64plasma3-4.6.5-1.4.mga1.x86_64.rpm
lib64solid4-4.6.5-1.4.mga1.x86_64.rpm
lib64threadweaver4-4.6.5-1.4.mga1.x86_64.rpm

i586:
kdelibs4-core-4.6.5-1.4.mga1.i586.rpm
kdelibs4-debug-4.6.5-1.4.mga1.i586.rpm
kdelibs4-devel-4.6.5-1.4.mga1.i586.rpm
lib64katepartinterfaces4-4.6.5-1.4.mga1.i586.rpm
lib64kcmutils4-4.6.5-1.4.mga1.i586.rpm
lib64kde3support4-4.6.5-1.4.mga1.i586.rpm
lib64kdecore5-4.6.5-1.4.mga1.i586.rpm
lib64kdefakes5-4.6.5-1.4.mga1.i586.rpm
lib64kdesu5-4.6.5-1.4.mga1.i586.rpm
lib64kdeui5-4.6.5-1.4.mga1.i586.rpm
lib64kdewebkit5-4.6.5-1.4.mga1.i586.rpm
lib64kdnssd4-4.6.5-1.4.mga1.i586.rpm
lib64kemoticons4-4.6.5-1.4.mga1.i586.rpm
lib64kfile4-4.6.5-1.4.mga1.i586.rpm
lib64khtml5-4.6.5-1.4.mga1.i586.rpm
lib64kidletime4-4.6.5-1.4.mga1.i586.rpm
lib64kimproxy4-4.6.5-1.4.mga1.i586.rpm
lib64kio5-4.6.5-1.4.mga1.i586.rpm
lib64kjs4-4.6.5-1.4.mga1.i586.rpm
lib64kjsapi4-4.6.5-1.4.mga1.i586.rpm
lib64kjsembed4-4.6.5-1.4.mga1.i586.rpm
lib64kmediaplayer4-4.6.5-1.4.mga1.i586.rpm
lib64knewstuff2_4-4.6.5-1.4.mga1.i586.rpm
lib64knewstuff3_4-4.6.5-1.4.mga1.i586.rpm
lib64knotifyconfig4-4.6.5-1.4.mga1.i586.rpm
lib64kntlm4-4.6.5-1.4.mga1.i586.rpm
lib64kparts4-4.6.5-1.4.mga1.i586.rpm
lib64kprintutils4-4.6.5-1.4.mga1.i586.rpm
lib64kpty4-4.6.5-1.4.mga1.i586.rpm
lib64krosscore4-4.6.5-1.4.mga1.i586.rpm
lib64krossui4-4.6.5-1.4.mga1.i586.rpm
lib64ktexteditor4-4.6.5-1.4.mga1.i586.rpm
lib64kunitconversion4-4.6.5-1.4.mga1.i586.rpm
lib64kunittest4-4.6.5-1.4.mga1.i586.rpm
lib64kutils4-4.6.5-1.4.mga1.i586.rpm
lib64nepomuk4-4.6.5-1.4.mga1.i586.rpm
lib64nepomukquery4-4.6.5-1.4.mga1.i586.rpm
lib64nepomukutils4-4.6.5-1.4.mga1.i586.rpm
lib64plasma3-4.6.5-1.4.mga1.i586.rpm
lib64solid4-4.6.5-1.4.mga1.i586.rpm
lib64threadweaver4-4.6.5-1.4.mga1.i586.rpm
John Balcaen 2011-11-23 03:56:55 CET

CC: (none) => balcaen.john
Blocks: (none) => 3174, 1324

Comment 1 Dave Hodgins 2011-11-24 01:20:53 CET 
I have three LUKS encrypted filesystems on LVM logical volumes, only one
of which is normally mounted.

None of them are showing up in dolphin.  Are LUKS filesystems on internal
hard drives supposed to show up?

I can confirm the kcharselect crash is fixed on i586 systems.

CC: (none) => davidwhodgins

Comment 2 John Balcaen 2011-11-24 11:18:07 CET 
Well the patch is based on this https://bugs.kde.org/show_bug.cgi?id=181847 minor a fix added to ensure it's not showing every thing (see https://bugs.kde.org/show_bug.cgi?id=286179 ).
If it's not working as expected then we'll simply remove the « LUKS announcement » :p, i did not find the time to create a LUKS permission & so to test it .
Comment 3 John Balcaen 2011-11-24 12:00:26 CET 
I'm going to add an additional CVE fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 since it was added on fedora.
Comment 4 John Balcaen 2011-11-24 12:54:28 CET 
Ok i did push on the BS a new kdelibs with the fix for this CVE, the src.rpm is kdelibs4-4.6.5-1.5.mga1.src.rpm



To the Advisory should be now :

This update provides a security fix for CVE-2010-0046:

CSS format() arguments were always treated as strings, which could result
in a crash or arbitrary code execution if an integer or other unexpected
type was used instead
You can read https://bugs.webkit.org/show_bug.cgi?id=31815 http://trac.webkit.org/changeset/51727 for additional information

This update provides also additional bugfixes forupstream bugs & mageia
specifics issues :
- a fix for kcharselect is included see
https://bugs.kde.org/show_bug.cgi?id=235020
- NFS drives are now visible in dolphin
- The autorisation error on first boot related to mga #1324 is gone
- A crash of konqueror/rekonq is fixed ( see  https://bugs.kde.org/270209 &
https://bugs.kde.org/show_bug.cgi?id=278926 )
John Balcaen 2011-11-24 13:11:57 CET

Blocks: (none) => 3436

Comment 5 Dave Hodgins 2011-11-26 04:55:48 CET 
Created attachment 1116 [details]
html page that crashes with older kdelibs installed.

Testing complete on i586 for the srpm
kdelibs4-4.6.5-1.5.mga1.src.rpm

The attached page causes konqueror to crash with the older kdelibs
installed.  With the update installed, it displays PASS.

Also confirmed kcharselect no longer crashes when going from the
european script to the african scrip.
Comment 6 claire robinson 2011-12-05 11:57:54 CET 
I created a new user to try and reproduce the errors for bug 1324 but 
~/.local/share/ was already created and being used by akonadi.

# ls /home/test1/.local/share/
akonadi/  local-mail/

I didn't receive any errors when logging in for the first time.

Reproduced konquerer crash (Thanks Dave) and kcharselect crash.

I've not tested the updated libs yet.

John, is this the correct way to reproduce bug 1324?
Comment 7 John Balcaen 2011-12-05 13:04:22 CET 
The easy way to reproduce it is to use the xguest user in fact.
Comment 8 claire robinson 2011-12-08 14:28:54 CET 
x86_64

I wasn't able to reproduce bug 1324.

Confirmed fix for konqueror and kcharselect.

No regressions noticed.

Validating the update.

Advisory
====================
This update provides a security fix for CVE-2010-0046:

CSS format() arguments were always treated as strings, which could result
in a crash or arbitrary code execution if an integer or other unexpected
type was used instead.

You can read https://bugs.webkit.org/show_bug.cgi?id=31815
http://trac.webkit.org/changeset/51727 for additional information.

This update also provides additional bugfixes for upstream bugs & mageia
specifics issues :

- a fix for kcharselect is included see
https://bugs.kde.org/show_bug.cgi?id=235020
- NFS drives are now visible in dolphin
- The autorisation error on first boot related to mga #1324 is gone
- A crash of konqueror/rekonq is fixed ( see  https://bugs.kde.org/270209 &
https://bugs.kde.org/show_bug.cgi?id=278926 )
======================

SRPM: kdelibs4-4.6.5-1.5.mga1.src.rpm

Could sysadmin please push from core/updates_testing to core updates

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 9 Thomas Backlund 2011-12-08 16:10:09 CET 
Update pushed.

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED