rpms/kdelibs3/devel kdelibs-3.5.10-cve-2009-1698.patch, NONE, 1.1 kdelibs3.spec, 1.64, 1.65 kdelibs-3.5.4-CVE-2009-1698.patch, 1.1, NONE
Kevin Kofler
kkofler at fedoraproject.org
Sun Jul 26 03:49:33 UTC 2009
Author: kkofler
Update of /cvs/pkgs/rpms/kdelibs3/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29709/devel
Modified Files:
kdelibs3.spec
Added Files:
kdelibs-3.5.10-cve-2009-1698.patch
Removed Files:
kdelibs-3.5.4-CVE-2009-1698.patch
Log Message:
Rebase CVE-2009-1698 patch.
kdelibs-3.5.10-cve-2009-1698.patch:
css_valueimpl.cpp | 4 +++-
cssparser.cpp | 11 ++++++++++-
2 files changed, 13 insertions(+), 2 deletions(-)
--- NEW FILE kdelibs-3.5.10-cve-2009-1698.patch ---
diff -ur kdelibs-3.5.10/khtml/css/cssparser.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp
--- kdelibs-3.5.10/khtml/css/cssparser.cpp 2007-01-15 12:34:04.000000000 +0100
+++ kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp 2009-07-26 05:46:39.000000000 +0200
@@ -1344,6 +1344,14 @@
if ( args->size() != 1)
return false;
Value *a = args->current();
+ if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
+ isValid=false;
+ break;
+ }
+ if (qString(a->string)[0] == '-') {
+ isValid=false;
+ break;
+ }
parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
}
else
@@ -1396,7 +1404,8 @@
CounterImpl *counter = new CounterImpl;
Value *i = args->current();
-// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
+ if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
+ if (qString(i->string)[0] == '-') goto invalid;
counter->m_identifier = domString(i->string);
if (counters) {
i = args->next();
diff -ur kdelibs-3.5.10/khtml/css/css_valueimpl.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp
--- kdelibs-3.5.10/khtml/css/css_valueimpl.cpp 2006-07-22 10:16:49.000000000 +0200
+++ kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp 2009-07-26 05:45:36.000000000 +0200
@@ -736,7 +736,9 @@
text = getValueName(m_value.ident);
break;
case CSSPrimitiveValue::CSS_ATTR:
- // ###
+ text = "attr(";
+ text += DOMString( m_value.string );
+ text += ")";
break;
case CSSPrimitiveValue::CSS_COUNTER:
text = "counter(";
Index: kdelibs3.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kdelibs3/devel/kdelibs3.spec,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -p -r1.64 -r1.65
--- kdelibs3.spec 26 Jul 2009 03:09:15 -0000 1.64
+++ kdelibs3.spec 26 Jul 2009 03:49:33 -0000 1.65
@@ -107,7 +107,7 @@ Patch202: kdelibs-3.5.4-CVE-2009-1687.pa
# fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?)
Patch203: kdelibs-3.5.4-CVE-2009-1690.patch
# fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
-Patch204: kdelibs-3.5.4-CVE-2009-1698.patch
+Patch204: kdelibs-3.5.10-cve-2009-1698.patch
#{?arts:Requires: arts >= %{arts_ev}}
#Requires: %{qt3} >= %{qt3_ev}
--- kdelibs-3.5.4-CVE-2009-1698.patch DELETED ---
More information about the fedora-extras-commits
mailing list