3.5.6

2007-02-05 14:32:13 +00:00 · 2007-02-05 14:32:13 +00:00 · 106c6fd588
commit 106c6fd588
parent cb346f191c
2 changed files with 35 additions and 3 deletions
--- a/kdelibs-3.5.6-bz#225420-CVE-2007-0537.patch
+++ b/kdelibs-3.5.6-bz#225420-CVE-2007-0537.patch
@ -0,0 +1,22 @@
+Index: khtml/html/htmltokenizer.cpp
+===================================================================
+--- khtml/html/htmltokenizer.cpp	(Revision 626790)
+++ khtml/html/htmltokenizer.cpp	(Revision 626791)
+@@ -316,7 +316,7 @@
+     while ( !src.isEmpty() ) {
+         checkScriptBuffer();
+         unsigned char ch = src->latin1();
+-        if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && !title && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
+        if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
+             comment = true;
+             scriptCode[ scriptCodeSize++ ] = ch;
+             ++src;
+@@ -495,7 +495,7 @@
+ 
+             if (canClose || handleBrokenComments || scriptEnd ){
+                 ++src;
+-                if ( !( script || xmp || textarea || style) ) {
+                if ( !( title || script || xmp || textarea || style) ) {
+ #ifdef COMMENTS_IN_DOM
+                     checkScriptBuffer();
+                     scriptCode[ scriptCodeSize ] = 0;
--- a/kdelibs.spec
+++ b/kdelibs.spec
@ -8,12 +8,12 @@
 %define cups_epoch 1

 %define qt_version 3.3.7
-%define arts_version 1.5.5
+%define arts_version 1.5.6
 %define kde_major_version 3

 %define qtdocdir %{_docdir}/qt-devel-%{qt_version}

-%define make_cvs 1
+%define make_cvs 0
 %define arts 1

 Version: 3.5.6
@ -47,6 +47,10 @@ Patch39: kdelibs-3.5.4-kabc-make.patch
 Patch40: kdelibs-3.5.4-kdeprint-utf8.patch
 Patch41: kdelibs-3.5.6-utempter.patch

+# security issue
+# CVE-2007-0537
+Patch1000: kdelibs-3.5.6-bz#225420-CVE-2007-0537.patch
+
 Requires: arts >= %{arts_epoch}:%{arts_version}
 Requires: qt >= %{qt_epoch}:%{qt_version}
 Requires: cups-libs >= %{cups_epoch}:1.1.12
@ -131,6 +135,7 @@ Requires: libidn-devel
 Requires: libacl-devel
 Requires: pcre-devel
 Requires: libkdnssd-devel
+Requires: libutempter-devel

 Obsoletes: kdesupport-devel

@ -170,6 +175,9 @@ format for easy browsing
 %patch40 -p1 -b .kdeprint-utf8
 %patch41 -p1 -b .utempter

+# security
+%patch1000 -p0 -b .bz#225420-CVE-2007-0537
+
 perl -pi -e "s,^#define KDE_VERSION_STRING .*,#define KDE_VERSION_STRING \"%{version}-%{release} %{distname}\"," kdecore/kdeversion.h

 %build
@ -385,8 +393,10 @@ fi
 %doc %{_docdir}/HTML/en/kdelibs*

 %changelog
-* Thu Jan 25 2007 Than Ngo <than@redhat.com> - 6:3.5.5-1.fc7
+* Mon Feb 05 2007 Than Ngo <than@redhat.com> - 6:3.5.5-1.fc7
 - 3.5.6
+- apply patch to fix #225420, CVE-2007-0537 Konqueror improper
+  HTML comment rendering, thanks to Dirk Müller, KDE security team

 * Tue Nov 14 2006 Than Ngo <than@redhat.com> - 6:3.5.5-1.fc7
 - rebuild