diff options
author | Tomas Chvatal <scarabeus@gentoo.org> | 2009-07-30 13:34:27 +0000 |
---|---|---|
committer | Tomas Chvatal <scarabeus@gentoo.org> | 2009-07-30 13:34:27 +0000 |
commit | 005249982b8edb13634396fb786f7d979f9be39e (patch) | |
tree | 1af02c8527d4e6455131e9ad73345ffb44936309 /kde-base | |
parent | Let's try to sign this… (diff) | |
download | historical-005249982b8edb13634396fb786f7d979f9be39e.tar.gz historical-005249982b8edb13634396fb786f7d979f9be39e.tar.bz2 historical-005249982b8edb13634396fb786f7d979f9be39e.zip |
Revision bump. Apply security fixes per bugs #279027 and #279187. Force due to unsynced tree.
Package-Manager: portage-2.2_rc33/cvs/Linux i686
RepoMan-Options: --force
Diffstat (limited to 'kde-base')
-rw-r--r-- | kde-base/kdelibs/ChangeLog | 10 | ||||
-rw-r--r-- | kde-base/kdelibs/Manifest | 17 | ||||
-rw-r--r-- | kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch | 20 | ||||
-rw-r--r-- | kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch | 41 | ||||
-rw-r--r-- | kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch | 11 | ||||
-rw-r--r-- | kde-base/kdelibs/kdelibs-4.2.4-r4.ebuild (renamed from kde-base/kdelibs/kdelibs-4.2.4-r3.ebuild) | 5 |
6 files changed, 100 insertions, 4 deletions
diff --git a/kde-base/kdelibs/ChangeLog b/kde-base/kdelibs/ChangeLog index 8efa9c26a68a..ebadd608c81c 100644 --- a/kde-base/kdelibs/ChangeLog +++ b/kde-base/kdelibs/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for kde-base/kdelibs # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/ChangeLog,v 1.614 2009/07/12 09:18:44 armin76 Exp $ +# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/ChangeLog,v 1.615 2009/07/30 13:34:26 scarabeus Exp $ + +*kdelibs-4.2.4-r4 (30 Jul 2009) + + 30 Jul 2009; Tomáš Chvátal <scarabeus@gentoo.org> + -kdelibs-4.2.4-r3.ebuild, +kdelibs-4.2.4-r4.ebuild, + +files/4.2.4-CVE-2009-1687.patch, +files/4.2.4-CVE-2009-1698.patch, + +files/4.2.4-CVE-2009-1725.patch: + Revision bump. Apply security fixes per bugs #279027 and #279187. 12 Jul 2009; Raúl Porcel <armin76@gentoo.org> kdelibs-3.5.10-r6.ebuild: alpha/ia64/sparc stable wrt #271889 diff --git a/kde-base/kdelibs/Manifest b/kde-base/kdelibs/Manifest index f30002df649b..93429e7ea530 100644 --- a/kde-base/kdelibs/Manifest +++ b/kde-base/kdelibs/Manifest @@ -1,4 +1,10 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +AUX 4.2.4-CVE-2009-1687.patch 750 RMD160 cca97b9669755ea7c0475ce35275a2e2e19dcd25 SHA1 aa1a6c255362b050ebb8e0bbbcbc254f76bb3b21 SHA256 0297462875b43fe4e0efd3f1af9aeaa3c867e17fabb043c975d6e6afa84ba5fb AUX 4.2.4-CVE-2009-1690.patch 2437 RMD160 9ef96f67e0ee878d112d270339b979c3263fd93e SHA1 bc253af5e4b6329935e88a6999c7925e6c6ddf08 SHA256 8e8b32827e2e5375ce61b08e8264085b285e58a4838028165b2cfeefa1d38010 +AUX 4.2.4-CVE-2009-1698.patch 1601 RMD160 92420a3d855ab98a2ce1eeace6f9e63b0a4c5264 SHA1 cb5b09ab4883401db32fd7372914aa0d7cdbeacd SHA256 7d0aab8ba1a60d94643e6b60d1363be0486de8c3a54dcbbe50f01b33c6adfc82 +AUX 4.2.4-CVE-2009-1725.patch 513 RMD160 d550faf7faba495ea043c1298f4bda5e0512b20b SHA1 777b0e7e74dc5fd561c17214fcfa99ba99fa20a7 SHA256 842bff809b0413eccbae4f6c73c67d83180c1e0598b99c9e3e4396b960c06577 AUX 4.2.4-fixPopupForPlasmaboard.patch 2180 RMD160 bc24d337f03f05be742f7963e8eb14161f643183 SHA1 bd40ad5289c2ec5b17d3a46d53e4fc5b205dc3f3 SHA256 627fef9fbd0df29c1c11ffd0e7fbb979189c31b11ec16d7db1ae981053384669 AUX dist/09_disable_debug_messages_if_not_explicitly_enabled.patch 1840 RMD160 097372c9264497b1aabb8b21e8b9959c24cca2f1 SHA1 f19dd9bbf3ed0868442a970a4c588640922c6cbc SHA256 92b8a8c8f46f06a0bfd93babb52f6d87c7b3f5dc6478b4f5d8e8c56c9e4e5bce AUX dist/20_use_dejavu_as_default_font.patch 1543 RMD160 805f4c6e685b8b6598acb1c69b5f6d41fa6ce010 SHA1 09eeafca53dd1c4b9347fd9d295949d37022e2f5 SHA256 9a6b141d5eb5fd73700086fef591074674563a2e5b374d3af4c6cea52726fc03 @@ -31,6 +37,13 @@ EBUILD kdelibs-3.5.9-r2.ebuild 6185 RMD160 243ff66b2e98d84d99ffa8d6fd5dde6c3abc8 EBUILD kdelibs-3.5.9-r3.ebuild 6269 RMD160 602398051cb2f76fb4b6ad0033e5be96789c889d SHA1 fe3fc37c34973a7dc9d089c7a71142c5300da9f6 SHA256 b8db06b4e4d0ab40dd33384a05316a7e157a29ddf88a08030b48818cdcff4fef EBUILD kdelibs-3.5.9-r4.ebuild 6354 RMD160 aa9e38063aa1c51140bbf62d2b29b0dd6ab6f42e SHA1 d02244fa79ed1762ab57599d88ed5622997b0a2a SHA256 155356e94d21f88d17c1058f01d6d8d6b165e58ec1347ffb9ae21c6e0dc484f2 EBUILD kdelibs-3.5.9.ebuild 6023 RMD160 b88aa72dd0d019e386300fa1d3558fe4d80a5cb7 SHA1 81edb64474a81df1d5421c90ebabad35ed0ea702 SHA256 1c49b81f26a1f1cb9d01c41e68840dcf712f8e2577389ea665d0362140104c8e -EBUILD kdelibs-4.2.4-r3.ebuild 6024 RMD160 76fb4ed6fb25e66159d32205da021110905c595a SHA1 085e6e84f0fd4389c7d546fceef07b2cbaf34857 SHA256 ccea7beec475f009d48dd63f0472ad81e59da95d52723a187a1e5b95b395c37e -MISC ChangeLog 102683 RMD160 76b39a095eb5c5c20b5af5cb7f1b5d69d1bc02af SHA1 2b8dd7edbaba8b45afd8a6f85f07b4e0b701b3f8 SHA256 46a1397255e7a790d6092f9fed1ab045163959811952ff2be9bf618e106539d3 +EBUILD kdelibs-4.2.4-r4.ebuild 6148 RMD160 5669aaf8e80a00f4744279c334f917c01c553844 SHA1 dff2a864ad4114b6b6e0bd71f482674098cbd0be SHA256 c81f10450e101627061cebec1ff713119a3d564e1cd1aa9c69c210d3429a1339 +MISC ChangeLog 103002 RMD160 bebaf066da7a834195851d382efbc87ace697ca0 SHA1 e9a915ecf33ac51bbfced0850254544d992a16ee SHA256 ef2d73f8a44cb89ced9423b3cdeecbfcb2f7ebc1ff80d87340903f1651fe212b MISC metadata.xml 375 RMD160 0a16bbd99eb0c4f3d89dbede17c5d6feea41c6ba SHA1 531b56c08557857a57c7833d2bab42cdf879b9a8 SHA256 3b5a8f2ca27aa45532679f3ab64756b02a953c5c11e86d9539cec95bab292b9b +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.11 (GNU/Linux) + +iEYEARECAAYFAkpxoXIACgkQHB6c3gNBRYcHmQCeJdj4elkPoQANmV/zAiVuQ47v +8rgAoLB8YAyxNRWxdZE4x0xqNqLQVc+z +=ybVn +-----END PGP SIGNATURE----- diff --git a/kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch b/kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch new file mode 100644 index 000000000000..603be3807425 --- /dev/null +++ b/kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch @@ -0,0 +1,20 @@ +--- branches/KDE/4.3/kdelibs/kjs/collector.cpp 2009/07/26 03:35:55 1002472 ++++ branches/KDE/4.3/kdelibs/kjs/collector.cpp 2009/07/26 03:35:57 1002473 +@@ -31,6 +31,7 @@ + #include "value.h" + + #include <setjmp.h> ++#include <limits.h> + #include <algorithm> + + #if PLATFORM(DARWIN) +@@ -109,6 +110,9 @@ + + void append(CollectorBlock* block) { + if (m_used == m_capacity) { ++ static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR; ++ if (m_capacity > maxNumBlocks) ++ CRASH(); + m_capacity = max(MIN_ARRAY_SIZE, m_capacity * GROWTH_FACTOR); + m_data = static_cast<CollectorBlock **>(fastRealloc(m_data, m_capacity * sizeof(CollectorBlock *))); + } diff --git a/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch b/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch new file mode 100644 index 000000000000..0754c5f02ea0 --- /dev/null +++ b/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch @@ -0,0 +1,41 @@ +--- branches/KDE/4.3/kdelibs/khtml/css/css_valueimpl.cpp 2009/07/26 03:39:55 1002474 ++++ branches/KDE/4.3/kdelibs/khtml/css/css_valueimpl.cpp 2009/07/26 03:40:47 1002475 +@@ -1212,7 +1212,9 @@ + text = getValueName(m_value.ident); + break; + case CSSPrimitiveValue::CSS_ATTR: +- // ### ++ text = "attr("; ++ text += DOMString( m_value.string ); ++ text += ")"; + break; + case CSSPrimitiveValue::CSS_COUNTER: + text = "counter("; + +--- branches/KDE/4.3/kdelibs/khtml/css/cssparser.cpp 2009/07/26 03:39:55 1002474 ++++ branches/KDE/4.3/kdelibs/khtml/css/cssparser.cpp 2009/07/26 03:40:47 1002475 +@@ -1513,6 +1513,14 @@ + if ( args->size() != 1) + return false; + Value *a = args->current(); ++ if (a->unit != CSSPrimitiveValue::CSS_IDENT) { ++ isValid=false; ++ break; ++ } ++ if (qString(a->string)[0] == '-') { ++ isValid=false; ++ break; ++ } + parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR); + } + else +@@ -1565,7 +1573,8 @@ + + CounterImpl *counter = new CounterImpl; + Value *i = args->current(); +-// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid; ++ if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid; ++ if (qString(i->string)[0] == '-') goto invalid; + counter->m_identifier = domString(i->string); + if (counters) { + i = args->next(); diff --git a/kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch b/kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch new file mode 100644 index 000000000000..18feec792d75 --- /dev/null +++ b/kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch @@ -0,0 +1,11 @@ +--- branches/KDE/4.3/kdelibs/khtml/html/htmltokenizer.cpp 2009/07/25 09:02:54 1002162 ++++ branches/KDE/4.3/kdelibs/khtml/html/htmltokenizer.cpp 2009/07/25 09:05:44 1002163 +@@ -1038,7 +1038,7 @@ + #ifdef TOKEN_DEBUG + kDebug( 6036 ) << "unknown entity!"; + #endif +- checkBuffer(10); ++ checkBuffer(11); + // ignore the sequence, add it to the buffer as plaintext + *dest++ = '&'; + for(unsigned int i = 0; i < cBufferPos; i++) diff --git a/kde-base/kdelibs/kdelibs-4.2.4-r3.ebuild b/kde-base/kdelibs/kdelibs-4.2.4-r4.ebuild index dde74f959350..5885c20015b5 100644 --- a/kde-base/kdelibs/kdelibs-4.2.4-r3.ebuild +++ b/kde-base/kdelibs/kdelibs-4.2.4-r4.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/kdelibs-4.2.4-r3.ebuild,v 1.1 2009/06/20 13:43:28 arfrever Exp $ +# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/kdelibs-4.2.4-r4.ebuild,v 1.1 2009/07/30 13:34:26 scarabeus Exp $ EAPI="2" @@ -115,7 +115,10 @@ PATCHES=( "${FILESDIR}/dist/23_solid_no_double_build.patch" "${FILESDIR}/${PN}-${SLOT}-fixx11h.h.patch" "${FILESDIR}/${PV}-fixPopupForPlasmaboard.patch" + "${FILESDIR}/${PV}-CVE-2009-1687.patch" "${FILESDIR}/${PV}-CVE-2009-1690.patch" + "${FILESDIR}/${PV}-CVE-2009-1698.patch" + "${FILESDIR}/${PV}-CVE-2009-1725.patch" ) src_prepare() { |