[gentoo-commits] gentoo-x86 commit in kde-base/kdelibs/files: 4.2.4-CVE-2009-1725.patch 4.2.4-CVE-2009-1687.patch 4.2.4-CVE-2009-1698.patch - gentoo-commits

From:	"Tomas Chvatal (scarabeus)" <scarabeus@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in kde-base/kdelibs/files: 4.2.4-CVE-2009-1725.patch 4.2.4-CVE-2009-1687.patch 4.2.4-CVE-2009-1698.patch
Date:	Thu, 30 Jul 2009 13:34:32
Message-Id:	`E1MWVm7-0002xN-88@stork.gentoo.org`

1

scarabeus    09/07/30 13:34:27

2

3

  Added:                4.2.4-CVE-2009-1725.patch 4.2.4-CVE-2009-1687.patch

4

                        4.2.4-CVE-2009-1698.patch

5

  Log:

6

  Revision bump. Apply security fixes per bugs #279027 and #279187. Force due to unsynced tree.

7

  (Portage version: 2.2_rc33/cvs/Linux i686, RepoMan options: --force)

8

9

Revision  Changes    Path

10

1.1                  kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch

11

12

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch?rev=1.1&view=markup

13

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch?rev=1.1&content-type=text/plain

14

15

Index: 4.2.4-CVE-2009-1725.patch

16

===================================================================

17

--- branches/KDE/4.3/kdelibs/khtml/html/htmltokenizer.cpp	2009/07/25 09:02:54	1002162

18

+++ branches/KDE/4.3/kdelibs/khtml/html/htmltokenizer.cpp	2009/07/25 09:05:44	1002163

19

@@ -1038,7 +1038,7 @@

20

 #ifdef TOKEN_DEBUG

21

                 kDebug( 6036 ) << "unknown entity!";

22

 #endif

23

-                checkBuffer(10);

24

+                checkBuffer(11);

25

                 // ignore the sequence, add it to the buffer as plaintext

26

                 *dest++ = '&';

27

                 for(unsigned int i = 0; i < cBufferPos; i++)

1.1                  kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch

32

33

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch?rev=1.1&view=markup

34

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch?rev=1.1&content-type=text/plain

35

36

Index: 4.2.4-CVE-2009-1687.patch

37

===================================================================

38

--- branches/KDE/4.3/kdelibs/kjs/collector.cpp	2009/07/26 03:35:55	1002472

39

+++ branches/KDE/4.3/kdelibs/kjs/collector.cpp	2009/07/26 03:35:57	1002473

40

@@ -31,6 +31,7 @@

41

 #include "value.h"

42

43

 #include <setjmp.h>

44

+#include <limits.h>

45

 #include <algorithm>

46

47

 #if PLATFORM(DARWIN)

48

@@ -109,6 +110,9 @@

49

50

     void append(CollectorBlock* block) {

51

         if (m_used == m_capacity) {

52

+            static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR;

53

+            if (m_capacity > maxNumBlocks)

54

+                CRASH();

55

             m_capacity = max(MIN_ARRAY_SIZE, m_capacity * GROWTH_FACTOR);

56

             m_data = static_cast<CollectorBlock **>(fastRealloc(m_data, m_capacity * sizeof(CollectorBlock *)));

57

}

1.1                  kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch

62

63

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch?rev=1.1&view=markup

64

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch?rev=1.1&content-type=text/plain

65

66

Index: 4.2.4-CVE-2009-1698.patch

67

===================================================================

68

--- branches/KDE/4.3/kdelibs/khtml/css/css_valueimpl.cpp	2009/07/26 03:39:55	1002474

69

+++ branches/KDE/4.3/kdelibs/khtml/css/css_valueimpl.cpp	2009/07/26 03:40:47	1002475

70

@@ -1212,7 +1212,9 @@

71

 	    text = getValueName(m_value.ident);

72

 	    break;

73

 	case CSSPrimitiveValue::CSS_ATTR:

74

-	    // ###

75

+            text = "attr(";

76

+            text += DOMString( m_value.string );

77

+            text += ")";

78

 	    break;

79

 	case CSSPrimitiveValue::CSS_COUNTER:

80

             text = "counter(";

81

82

--- branches/KDE/4.3/kdelibs/khtml/css/cssparser.cpp	2009/07/26 03:39:55	1002474

83

+++ branches/KDE/4.3/kdelibs/khtml/css/cssparser.cpp	2009/07/26 03:40:47	1002475

84

@@ -1513,6 +1513,14 @@

85

                 if ( args->size() != 1)

86

                     return false;

87

                 Value *a = args->current();

88

+                if (a->unit != CSSPrimitiveValue::CSS_IDENT) {

89

+                    isValid=false;

90

+                    break;

91

+                }

92

+                if (qString(a->string)[0] == '-') {

93

+                    isValid=false;

94

+                    break;

95

+                }

96

                 parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);

97

}

98

             else

99

@@ -1565,7 +1573,8 @@

100

101

     CounterImpl *counter = new CounterImpl;

102

     Value *i = args->current();

103

-//    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;

104

+    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;

105

+    if (qString(i->string)[0] == '-') goto invalid;

106

     counter->m_identifier = domString(i->string);

107

     if (counters) {

108

         i = args->next();

1	scarabeus 09/07/30 13:34:27
2
3	Added: 4.2.4-CVE-2009-1725.patch 4.2.4-CVE-2009-1687.patch
4	4.2.4-CVE-2009-1698.patch
5	Log:
6	Revision bump. Apply security fixes per bugs #279027 and #279187. Force due to unsynced tree.
7	(Portage version: 2.2_rc33/cvs/Linux i686, RepoMan options: --force)
8
9	Revision Changes Path
10	1.1 kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch
11
12	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch?rev=1.1&content-type=text/plain
14
15	Index: 4.2.4-CVE-2009-1725.patch
16	===================================================================
17	--- branches/KDE/4.3/kdelibs/khtml/html/htmltokenizer.cpp 2009/07/25 09:02:54 1002162
18	+++ branches/KDE/4.3/kdelibs/khtml/html/htmltokenizer.cpp 2009/07/25 09:05:44 1002163
19	@@ -1038,7 +1038,7 @@
20	#ifdef TOKEN_DEBUG
21	kDebug( 6036 ) << "unknown entity!";
22	#endif
23	- checkBuffer(10);
24	+ checkBuffer(11);
25	// ignore the sequence, add it to the buffer as plaintext
26	*dest++ = '&';
27	for(unsigned int i = 0; i < cBufferPos; i++)
28
29
30
31	1.1 kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch
32
33	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch?rev=1.1&view=markup
34	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch?rev=1.1&content-type=text/plain
35
36	Index: 4.2.4-CVE-2009-1687.patch
37	===================================================================
38	--- branches/KDE/4.3/kdelibs/kjs/collector.cpp 2009/07/26 03:35:55 1002472
39	+++ branches/KDE/4.3/kdelibs/kjs/collector.cpp 2009/07/26 03:35:57 1002473
40	@@ -31,6 +31,7 @@
41	#include "value.h"
42
43	#include <setjmp.h>
44	+#include <limits.h>
45	#include <algorithm>
46
47	#if PLATFORM(DARWIN)
48	@@ -109,6 +110,9 @@
49
50	void append(CollectorBlock* block) {
51	if (m_used == m_capacity) {
52	+ static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR;
53	+ if (m_capacity > maxNumBlocks)
54	+ CRASH();
55	m_capacity = max(MIN_ARRAY_SIZE, m_capacity * GROWTH_FACTOR);
56	m_data = static_cast<CollectorBlock *>(fastRealloc(m_data, m_capacity sizeof(CollectorBlock *)));
57	}
58
59
60
61	1.1 kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch
62
63	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch?rev=1.1&view=markup
64	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch?rev=1.1&content-type=text/plain
65
66	Index: 4.2.4-CVE-2009-1698.patch
67	===================================================================
68	--- branches/KDE/4.3/kdelibs/khtml/css/css_valueimpl.cpp 2009/07/26 03:39:55 1002474
69	+++ branches/KDE/4.3/kdelibs/khtml/css/css_valueimpl.cpp 2009/07/26 03:40:47 1002475
70	@@ -1212,7 +1212,9 @@
71	text = getValueName(m_value.ident);
72	break;
73	case CSSPrimitiveValue::CSS_ATTR:
74	- // ###
75	+ text = "attr(";
76	+ text += DOMString( m_value.string );
77	+ text += ")";
78	break;
79	case CSSPrimitiveValue::CSS_COUNTER:
80	text = "counter(";
81
82	--- branches/KDE/4.3/kdelibs/khtml/css/cssparser.cpp 2009/07/26 03:39:55 1002474
83	+++ branches/KDE/4.3/kdelibs/khtml/css/cssparser.cpp 2009/07/26 03:40:47 1002475
84	@@ -1513,6 +1513,14 @@
85	if ( args->size() != 1)
86	return false;
87	Value *a = args->current();
88	+ if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
89	+ isValid=false;
90	+ break;
91	+ }
92	+ if (qString(a->string)[0] == '-') {
93	+ isValid=false;
94	+ break;
95	+ }
96	parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
97	}
98	else
99	@@ -1565,7 +1573,8 @@
100
101	CounterImpl *counter = new CounterImpl;
102	Value *i = args->current();
103	-// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
104	+ if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
105	+ if (qString(i->string)[0] == '-') goto invalid;
106	counter->m_identifier = domString(i->string);
107	if (counters) {
108	i = args->next();

Gentoo Archives: gentoo-commits