3.5.6
This commit is contained in:
parent
cb346f191c
commit
106c6fd588
22
kdelibs-3.5.6-bz#225420-CVE-2007-0537.patch
Normal file
22
kdelibs-3.5.6-bz#225420-CVE-2007-0537.patch
Normal file
@ -0,0 +1,22 @@
|
||||
Index: khtml/html/htmltokenizer.cpp
|
||||
===================================================================
|
||||
--- khtml/html/htmltokenizer.cpp (Revision 626790)
|
||||
+++ khtml/html/htmltokenizer.cpp (Revision 626791)
|
||||
@@ -316,7 +316,7 @@
|
||||
while ( !src.isEmpty() ) {
|
||||
checkScriptBuffer();
|
||||
unsigned char ch = src->latin1();
|
||||
- if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && !title && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
|
||||
+ if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
|
||||
comment = true;
|
||||
scriptCode[ scriptCodeSize++ ] = ch;
|
||||
++src;
|
||||
@@ -495,7 +495,7 @@
|
||||
|
||||
if (canClose || handleBrokenComments || scriptEnd ){
|
||||
++src;
|
||||
- if ( !( script || xmp || textarea || style) ) {
|
||||
+ if ( !( title || script || xmp || textarea || style) ) {
|
||||
#ifdef COMMENTS_IN_DOM
|
||||
checkScriptBuffer();
|
||||
scriptCode[ scriptCodeSize ] = 0;
|
16
kdelibs.spec
16
kdelibs.spec
@ -8,12 +8,12 @@
|
||||
%define cups_epoch 1
|
||||
|
||||
%define qt_version 3.3.7
|
||||
%define arts_version 1.5.5
|
||||
%define arts_version 1.5.6
|
||||
%define kde_major_version 3
|
||||
|
||||
%define qtdocdir %{_docdir}/qt-devel-%{qt_version}
|
||||
|
||||
%define make_cvs 1
|
||||
%define make_cvs 0
|
||||
%define arts 1
|
||||
|
||||
Version: 3.5.6
|
||||
@ -47,6 +47,10 @@ Patch39: kdelibs-3.5.4-kabc-make.patch
|
||||
Patch40: kdelibs-3.5.4-kdeprint-utf8.patch
|
||||
Patch41: kdelibs-3.5.6-utempter.patch
|
||||
|
||||
# security issue
|
||||
# CVE-2007-0537
|
||||
Patch1000: kdelibs-3.5.6-bz#225420-CVE-2007-0537.patch
|
||||
|
||||
Requires: arts >= %{arts_epoch}:%{arts_version}
|
||||
Requires: qt >= %{qt_epoch}:%{qt_version}
|
||||
Requires: cups-libs >= %{cups_epoch}:1.1.12
|
||||
@ -131,6 +135,7 @@ Requires: libidn-devel
|
||||
Requires: libacl-devel
|
||||
Requires: pcre-devel
|
||||
Requires: libkdnssd-devel
|
||||
Requires: libutempter-devel
|
||||
|
||||
Obsoletes: kdesupport-devel
|
||||
|
||||
@ -170,6 +175,9 @@ format for easy browsing
|
||||
%patch40 -p1 -b .kdeprint-utf8
|
||||
%patch41 -p1 -b .utempter
|
||||
|
||||
# security
|
||||
%patch1000 -p0 -b .bz#225420-CVE-2007-0537
|
||||
|
||||
perl -pi -e "s,^#define KDE_VERSION_STRING .*,#define KDE_VERSION_STRING \"%{version}-%{release} %{distname}\"," kdecore/kdeversion.h
|
||||
|
||||
%build
|
||||
@ -385,8 +393,10 @@ fi
|
||||
%doc %{_docdir}/HTML/en/kdelibs*
|
||||
|
||||
%changelog
|
||||
* Thu Jan 25 2007 Than Ngo <than@redhat.com> - 6:3.5.5-1.fc7
|
||||
* Mon Feb 05 2007 Than Ngo <than@redhat.com> - 6:3.5.5-1.fc7
|
||||
- 3.5.6
|
||||
- apply patch to fix #225420, CVE-2007-0537 Konqueror improper
|
||||
HTML comment rendering, thanks to Dirk Müller, KDE security team
|
||||
|
||||
* Tue Nov 14 2006 Than Ngo <than@redhat.com> - 6:3.5.5-1.fc7
|
||||
- rebuild
|
||||
|
Loading…
Reference in New Issue
Block a user