Revision bump. Apply security fixes per bugs #279027 and #279187. Force due to unsynced tree.

Package-Manager: portage-2.2_rc33/cvs/Linux i686 RepoMan-Options: --force
author: Tomas Chvatal <scarabeus@gentoo.org> 2009-07-30 13:34:27 +0000
committer: Tomas Chvatal <scarabeus@gentoo.org> 2009-07-30 13:34:27 +0000
commit: 005249982b8edb13634396fb786f7d979f9be39e (patch)
tree: 1af02c8527d4e6455131e9ad73345ffb44936309 /kde-base
parent: Let's try to sign this… (diff)
download: historical-005249982b8edb13634396fb786f7d979f9be39e.tar.gz
historical-005249982b8edb13634396fb786f7d979f9be39e.tar.bz2
historical-005249982b8edb13634396fb786f7d979f9be39e.zip
6 files changed, 100 insertions, 4 deletions
diff --git a/kde-base/kdelibs/ChangeLog b/kde-base/kdelibs/ChangeLog
index 8efa9c26a68a..ebadd608c81c 100644
--- a/kde-base/kdelibs/ChangeLog
+++ b/kde-base/kdelibs/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for kde-base/kdelibs
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/ChangeLog,v 1.614 2009/07/12 09:18:44 armin76 Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/ChangeLog,v 1.615 2009/07/30 13:34:26 scarabeus Exp $
+
+*kdelibs-4.2.4-r4 (30 Jul 2009)
+
+  30 Jul 2009; Tomáš Chvátal <scarabeus@gentoo.org>
+  -kdelibs-4.2.4-r3.ebuild, +kdelibs-4.2.4-r4.ebuild,
+  +files/4.2.4-CVE-2009-1687.patch, +files/4.2.4-CVE-2009-1698.patch,
+  +files/4.2.4-CVE-2009-1725.patch:
+  Revision bump. Apply security fixes per bugs #279027 and #279187.
 
   12 Jul 2009; Raúl Porcel <armin76@gentoo.org> kdelibs-3.5.10-r6.ebuild:
   alpha/ia64/sparc stable wrt #271889
diff --git a/kde-base/kdelibs/Manifest b/kde-base/kdelibs/Manifest
index f30002df649b..93429e7ea530 100644
--- a/kde-base/kdelibs/Manifest
+++ b/kde-base/kdelibs/Manifest
@@ -1,4 +1,10 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+AUX 4.2.4-CVE-2009-1687.patch 750 RMD160 cca97b9669755ea7c0475ce35275a2e2e19dcd25 SHA1 aa1a6c255362b050ebb8e0bbbcbc254f76bb3b21 SHA256 0297462875b43fe4e0efd3f1af9aeaa3c867e17fabb043c975d6e6afa84ba5fb
 AUX 4.2.4-CVE-2009-1690.patch 2437 RMD160 9ef96f67e0ee878d112d270339b979c3263fd93e SHA1 bc253af5e4b6329935e88a6999c7925e6c6ddf08 SHA256 8e8b32827e2e5375ce61b08e8264085b285e58a4838028165b2cfeefa1d38010
+AUX 4.2.4-CVE-2009-1698.patch 1601 RMD160 92420a3d855ab98a2ce1eeace6f9e63b0a4c5264 SHA1 cb5b09ab4883401db32fd7372914aa0d7cdbeacd SHA256 7d0aab8ba1a60d94643e6b60d1363be0486de8c3a54dcbbe50f01b33c6adfc82
+AUX 4.2.4-CVE-2009-1725.patch 513 RMD160 d550faf7faba495ea043c1298f4bda5e0512b20b SHA1 777b0e7e74dc5fd561c17214fcfa99ba99fa20a7 SHA256 842bff809b0413eccbae4f6c73c67d83180c1e0598b99c9e3e4396b960c06577
 AUX 4.2.4-fixPopupForPlasmaboard.patch 2180 RMD160 bc24d337f03f05be742f7963e8eb14161f643183 SHA1 bd40ad5289c2ec5b17d3a46d53e4fc5b205dc3f3 SHA256 627fef9fbd0df29c1c11ffd0e7fbb979189c31b11ec16d7db1ae981053384669
 AUX dist/09_disable_debug_messages_if_not_explicitly_enabled.patch 1840 RMD160 097372c9264497b1aabb8b21e8b9959c24cca2f1 SHA1 f19dd9bbf3ed0868442a970a4c588640922c6cbc SHA256 92b8a8c8f46f06a0bfd93babb52f6d87c7b3f5dc6478b4f5d8e8c56c9e4e5bce
 AUX dist/20_use_dejavu_as_default_font.patch 1543 RMD160 805f4c6e685b8b6598acb1c69b5f6d41fa6ce010 SHA1 09eeafca53dd1c4b9347fd9d295949d37022e2f5 SHA256 9a6b141d5eb5fd73700086fef591074674563a2e5b374d3af4c6cea52726fc03
@@ -31,6 +37,13 @@ EBUILD kdelibs-3.5.9-r2.ebuild 6185 RMD160 243ff66b2e98d84d99ffa8d6fd5dde6c3abc8
 EBUILD kdelibs-3.5.9-r3.ebuild 6269 RMD160 602398051cb2f76fb4b6ad0033e5be96789c889d SHA1 fe3fc37c34973a7dc9d089c7a71142c5300da9f6 SHA256 b8db06b4e4d0ab40dd33384a05316a7e157a29ddf88a08030b48818cdcff4fef
 EBUILD kdelibs-3.5.9-r4.ebuild 6354 RMD160 aa9e38063aa1c51140bbf62d2b29b0dd6ab6f42e SHA1 d02244fa79ed1762ab57599d88ed5622997b0a2a SHA256 155356e94d21f88d17c1058f01d6d8d6b165e58ec1347ffb9ae21c6e0dc484f2
 EBUILD kdelibs-3.5.9.ebuild 6023 RMD160 b88aa72dd0d019e386300fa1d3558fe4d80a5cb7 SHA1 81edb64474a81df1d5421c90ebabad35ed0ea702 SHA256 1c49b81f26a1f1cb9d01c41e68840dcf712f8e2577389ea665d0362140104c8e
-EBUILD kdelibs-4.2.4-r3.ebuild 6024 RMD160 76fb4ed6fb25e66159d32205da021110905c595a SHA1 085e6e84f0fd4389c7d546fceef07b2cbaf34857 SHA256 ccea7beec475f009d48dd63f0472ad81e59da95d52723a187a1e5b95b395c37e
-MISC ChangeLog 102683 RMD160 76b39a095eb5c5c20b5af5cb7f1b5d69d1bc02af SHA1 2b8dd7edbaba8b45afd8a6f85f07b4e0b701b3f8 SHA256 46a1397255e7a790d6092f9fed1ab045163959811952ff2be9bf618e106539d3
+EBUILD kdelibs-4.2.4-r4.ebuild 6148 RMD160 5669aaf8e80a00f4744279c334f917c01c553844 SHA1 dff2a864ad4114b6b6e0bd71f482674098cbd0be SHA256 c81f10450e101627061cebec1ff713119a3d564e1cd1aa9c69c210d3429a1339
+MISC ChangeLog 103002 RMD160 bebaf066da7a834195851d382efbc87ace697ca0 SHA1 e9a915ecf33ac51bbfced0850254544d992a16ee SHA256 ef2d73f8a44cb89ced9423b3cdeecbfcb2f7ebc1ff80d87340903f1651fe212b
 MISC metadata.xml 375 RMD160 0a16bbd99eb0c4f3d89dbede17c5d6feea41c6ba SHA1 531b56c08557857a57c7833d2bab42cdf879b9a8 SHA256 3b5a8f2ca27aa45532679f3ab64756b02a953c5c11e86d9539cec95bab292b9b
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.11 (GNU/Linux)
+
+iEYEARECAAYFAkpxoXIACgkQHB6c3gNBRYcHmQCeJdj4elkPoQANmV/zAiVuQ47v
+8rgAoLB8YAyxNRWxdZE4x0xqNqLQVc+z
+=ybVn
+-----END PGP SIGNATURE-----
diff --git a/kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch b/kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch
new file mode 100644
index 000000000000..603be3807425
--- /dev/null
+++ b/kde-base/kdelibs/files/4.2.4-CVE-2009-1687.patch
@@ -0,0 +1,20 @@
+--- branches/KDE/4.3/kdelibs/kjs/collector.cpp	2009/07/26 03:35:55	1002472
++++ branches/KDE/4.3/kdelibs/kjs/collector.cpp	2009/07/26 03:35:57	1002473
+@@ -31,6 +31,7 @@
+ #include "value.h"
+ 
+ #include <setjmp.h>
++#include <limits.h>
+ #include <algorithm>
+ 
+ #if PLATFORM(DARWIN)
+@@ -109,6 +110,9 @@
+ 
+     void append(CollectorBlock* block) {
+         if (m_used == m_capacity) {
++            static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR;
++            if (m_capacity > maxNumBlocks)
++                CRASH();
+             m_capacity = max(MIN_ARRAY_SIZE, m_capacity * GROWTH_FACTOR);
+             m_data = static_cast<CollectorBlock **>(fastRealloc(m_data, m_capacity * sizeof(CollectorBlock *)));
+         }
diff --git a/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch b/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch
new file mode 100644
index 000000000000..0754c5f02ea0
--- /dev/null
+++ b/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch
@@ -0,0 +1,41 @@
+--- branches/KDE/4.3/kdelibs/khtml/css/css_valueimpl.cpp	2009/07/26 03:39:55	1002474
++++ branches/KDE/4.3/kdelibs/khtml/css/css_valueimpl.cpp	2009/07/26 03:40:47	1002475
+@@ -1212,7 +1212,9 @@
+ 	    text = getValueName(m_value.ident);
+ 	    break;
+ 	case CSSPrimitiveValue::CSS_ATTR:
+-	    // ###
++            text = "attr(";
++            text += DOMString( m_value.string );
++            text += ")";
+ 	    break;
+ 	case CSSPrimitiveValue::CSS_COUNTER:
+             text = "counter(";
+
+--- branches/KDE/4.3/kdelibs/khtml/css/cssparser.cpp	2009/07/26 03:39:55	1002474
++++ branches/KDE/4.3/kdelibs/khtml/css/cssparser.cpp	2009/07/26 03:40:47	1002475
+@@ -1513,6 +1513,14 @@
+                 if ( args->size() != 1)
+                     return false;
+                 Value *a = args->current();
++                if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
++                    isValid=false;
++                    break;
++                }
++                if (qString(a->string)[0] == '-') {
++                    isValid=false;
++                    break;
++                }
+                 parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
+             }
+             else
+@@ -1565,7 +1573,8 @@
+ 
+     CounterImpl *counter = new CounterImpl;
+     Value *i = args->current();
+-//    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
++    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
++    if (qString(i->string)[0] == '-') goto invalid;
+     counter->m_identifier = domString(i->string);
+     if (counters) {
+         i = args->next();
diff --git a/kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch b/kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch
new file mode 100644
index 000000000000..18feec792d75
--- /dev/null
+++ b/kde-base/kdelibs/files/4.2.4-CVE-2009-1725.patch
@@ -0,0 +1,11 @@
+--- branches/KDE/4.3/kdelibs/khtml/html/htmltokenizer.cpp	2009/07/25 09:02:54	1002162
++++ branches/KDE/4.3/kdelibs/khtml/html/htmltokenizer.cpp	2009/07/25 09:05:44	1002163
+@@ -1038,7 +1038,7 @@
+ #ifdef TOKEN_DEBUG
+                 kDebug( 6036 ) << "unknown entity!";
+ #endif
+-                checkBuffer(10);
++                checkBuffer(11);
+                 // ignore the sequence, add it to the buffer as plaintext
+                 *dest++ = '&';
+                 for(unsigned int i = 0; i < cBufferPos; i++)
diff --git a/kde-base/kdelibs/kdelibs-4.2.4-r3.ebuild b/kde-base/kdelibs/kdelibs-4.2.4-r4.ebuild
index dde74f959350..5885c20015b5 100644
--- a/kde-base/kdelibs/kdelibs-4.2.4-r3.ebuild
+++ b/kde-base/kdelibs/kdelibs-4.2.4-r4.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/kdelibs-4.2.4-r3.ebuild,v 1.1 2009/06/20 13:43:28 arfrever Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/kdelibs-4.2.4-r4.ebuild,v 1.1 2009/07/30 13:34:26 scarabeus Exp $
 
 EAPI="2"
 
@@ -115,7 +115,10 @@ PATCHES=(
 	"${FILESDIR}/dist/23_solid_no_double_build.patch"
 	"${FILESDIR}/${PN}-${SLOT}-fixx11h.h.patch"
 	"${FILESDIR}/${PV}-fixPopupForPlasmaboard.patch"
+	"${FILESDIR}/${PV}-CVE-2009-1687.patch"
 	"${FILESDIR}/${PV}-CVE-2009-1690.patch"
+	"${FILESDIR}/${PV}-CVE-2009-1698.patch"
+	"${FILESDIR}/${PV}-CVE-2009-1725.patch"
 )
 
 src_prepare() {
author	Tomas Chvatal <scarabeus@gentoo.org>	2009-07-30 13:34:27 +0000
committer	Tomas Chvatal <scarabeus@gentoo.org>	2009-07-30 13:34:27 +0000
commit	005249982b8edb13634396fb786f7d979f9be39e (patch)
tree	1af02c8527d4e6455131e9ad73345ffb44936309 /kde-base
parent	Let's try to sign this… (diff)
download	historical-005249982b8edb13634396fb786f7d979f9be39e.tar.gz historical-005249982b8edb13634396fb786f7d979f9be39e.tar.bz2 historical-005249982b8edb13634396fb786f7d979f9be39e.zip