Revision bump. Apply security fixes per bugs #279027 and #279187. Force due to unsynced tree.

(Portage version: 2.2_rc33/cvs/Linux i686, RepoMan options: --force)
author: Tomas Chvatal <scarabeus@gentoo.org> 2009-07-30 13:34:27 +0000
committer: Tomas Chvatal <scarabeus@gentoo.org> 2009-07-30 13:34:27 +0000
commit: bd171deae05ac3beafda7badad21542d9b2035ee (patch)
tree: 8d1e6fee5884aa9b2fbb7095f0c88613ff5f62ab /kde-base/kdelibs/files
parent: Let's try to sign this… (diff)
download: gentoo-2-bd171deae05ac3beafda7badad21542d9b2035ee.tar.gz
gentoo-2-bd171deae05ac3beafda7badad21542d9b2035ee.tar.bz2
gentoo-2-bd171deae05ac3beafda7badad21542d9b2035ee.zip
3 files changed, 72 insertions, 0 deletions
diff --git a/kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch b/kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch
new file mode 100644
index 000000000000..603be3807425
--- /dev/null
+++ b/kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch
@@ -0,0 +1,20 @@
+--- branches/KDE/4.3/kdelibs/kjs/collector.cpp	2009/07/26 03:35:55	1002472
++++ branches/KDE/4.3/kdelibs/kjs/collector.cpp	2009/07/26 03:35:57	1002473
+@@ -31,6 +31,7 @@
+ #include "value.h"
+ 
+ #include <setjmp.h>
++#include <limits.h>
+ #include <algorithm>
+ 
+ #if PLATFORM(DARWIN)
+@@ -109,6 +110,9 @@
+ 
+     void append(CollectorBlock* block) {
+         if (m_used == m_capacity) {
++            static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR;
++            if (m_capacity > maxNumBlocks)
++                CRASH();
+             m_capacity = max(MIN_ARRAY_SIZE, m_capacity * GROWTH_FACTOR);
+             m_data = static_cast<CollectorBlock **>(fastRealloc(m_data, m_capacity * sizeof(CollectorBlock *)));
+         }
diff --git a/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch b/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch
new file mode 100644
index 000000000000..0754c5f02ea0
--- /dev/null
+++ b/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch
@@ -0,0 +1,41 @@
+--- branches/KDE/4.3/kdelibs/khtml/css/css_valueimpl.cpp	2009/07/26 03:39:55	1002474
++++ branches/KDE/4.3/kdelibs/khtml/css/css_valueimpl.cpp	2009/07/26 03:40:47	1002475
+@@ -1212,7 +1212,9 @@
+ 	    text = getValueName(m_value.ident);
+ 	    break;
+ 	case CSSPrimitiveValue::CSS_ATTR:
+-	    // ###
++            text = "attr(";
++            text += DOMString( m_value.string );
++            text += ")";
+ 	    break;
+ 	case CSSPrimitiveValue::CSS_COUNTER:
+             text = "counter(";
+
+--- branches/KDE/4.3/kdelibs/khtml/css/cssparser.cpp	2009/07/26 03:39:55	1002474
++++ branches/KDE/4.3/kdelibs/khtml/css/cssparser.cpp	2009/07/26 03:40:47	1002475
+@@ -1513,6 +1513,14 @@
+                 if ( args->size() != 1)
+                     return false;
+                 Value *a = args->current();
++                if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
++                    isValid=false;
++                    break;
++                }
++                if (qString(a->string)[0] == '-') {
++                    isValid=false;
++                    break;
++                }
+                 parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
+             }
+             else
+@@ -1565,7 +1573,8 @@
+ 
+     CounterImpl *counter = new CounterImpl;
+     Value *i = args->current();
+-//    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
++    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
++    if (qString(i->string)[0] == '-') goto invalid;
+     counter->m_identifier = domString(i->string);
+     if (counters) {
+         i = args->next();
diff --git a/kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch b/kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch
new file mode 100644
index 000000000000..18feec792d75
--- /dev/null
+++ b/kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch
@@ -0,0 +1,11 @@
+--- branches/KDE/4.3/kdelibs/khtml/html/htmltokenizer.cpp	2009/07/25 09:02:54	1002162
++++ branches/KDE/4.3/kdelibs/khtml/html/htmltokenizer.cpp	2009/07/25 09:05:44	1002163
+@@ -1038,7 +1038,7 @@
+ #ifdef TOKEN_DEBUG
+                 kDebug( 6036 ) << "unknown entity!";
+ #endif
+-                checkBuffer(10);
++                checkBuffer(11);
+                 // ignore the sequence, add it to the buffer as plaintext
+                 *dest++ = '&';
+                 for(unsigned int i = 0; i < cBufferPos; i++)
author	Tomas Chvatal <scarabeus@gentoo.org>	2009-07-30 13:34:27 +0000
committer	Tomas Chvatal <scarabeus@gentoo.org>	2009-07-30 13:34:27 +0000
commit	bd171deae05ac3beafda7badad21542d9b2035ee (patch)
tree	8d1e6fee5884aa9b2fbb7095f0c88613ff5f62ab /kde-base/kdelibs/files
parent	Let's try to sign this… (diff)
download	gentoo-2-bd171deae05ac3beafda7badad21542d9b2035ee.tar.gz gentoo-2-bd171deae05ac3beafda7badad21542d9b2035ee.tar.bz2 gentoo-2-bd171deae05ac3beafda7badad21542d9b2035ee.zip