diff --git a/kdelibs-4.9.x-CVE-2012-4514.patch b/kdelibs-4.9.x-CVE-2012-4514.patch new file mode 100644 index 0000000..34235c7 --- /dev/null +++ b/kdelibs-4.9.x-CVE-2012-4514.patch @@ -0,0 +1,27 @@ +commit 65464349951e0df9b5d80c2eb3cc7458d54923ae +Author: David Faure +Date: Fri Oct 19 11:33:41 2012 +0200 + + Fix crash when trying to reuse a frame with a null part. + + BUG: 271528 + FIXED-IN: 4.9.3 + +diff --git a/khtml/khtml_part.cpp b/khtml/khtml_part.cpp +index ad00ea5..6165710 100644 +--- a/khtml/khtml_part.cpp ++++ b/khtml/khtml_part.cpp +@@ -5242,8 +5242,12 @@ KHTMLPart* KHTMLPartPrivate::top() + + bool KHTMLPartPrivate::canNavigate(KParts::ReadOnlyPart* bCand) + { ++ if (!bCand) // No part here (e.g. invalid url), reuse that frame ++ return true; ++ + KHTMLPart* b = qobject_cast(bCand); +- assert(b); ++ if (!b) // Another kind of part? Not sure what to do... ++ return false; + + // HTML5 gives conditions for this (a) being able to navigate b + diff --git a/kdelibs-4.9.x-CVE-2012-4515.patch b/kdelibs-4.9.x-CVE-2012-4515.patch new file mode 100644 index 0000000..89aa170 --- /dev/null +++ b/kdelibs-4.9.x-CVE-2012-4515.patch @@ -0,0 +1,50 @@ +commit 4f2eb356f1c23444fff2cfe0a7ae10efe303d6d8 +Author: David Faure +Date: Wed Oct 24 20:04:31 2012 +0200 + + Fix crash when a redirect happens in an iframe while the context menu is shown + +diff --git a/khtml/rendering/render_replaced.cpp b/khtml/rendering/render_replaced.cpp +index 195dcba..6bc5caa 100644 +--- a/khtml/rendering/render_replaced.cpp ++++ b/khtml/rendering/render_replaced.cpp +@@ -1030,7 +1030,7 @@ bool RenderWidget::handleEvent(const DOM::EventImpl& ev) + p.setY(qMin(qMax(0,p.y()),m_widget->height())); + } + +- QWidget* target = 0; ++ QPointer target; + target = m_widget->childAt(p); + + if (target) { +@@ -1103,16 +1103,18 @@ bool RenderWidget::handleEvent(const DOM::EventImpl& ev) + } + } + +- QEvent *e = isMouseWheel ? ++ QScopedPointer e(isMouseWheel ? + static_cast(new QWheelEvent(p, -me.detail()*40, buttons, state, orient)) : +- static_cast(new QMouseEvent(type, p, button, buttons, state)); ++ static_cast(new QMouseEvent(type, p, button, buttons, state))); + + +- ret = bubblingSend(target, e, m_widget); ++ ret = bubblingSend(target, e.data(), m_widget); + ++ if (!target) ++ break; + if (needContextMenuEvent) { + QContextMenuEvent cme(QContextMenuEvent::Mouse, p); +- static_cast(target)->sendEvent(&cme); ++ static_cast(target.data())->sendEvent(&cme); + } else if (type == QEvent::MouseMove && target->testAttribute(Qt::WA_Hover)) { + QHoverEvent he( QEvent::HoverMove, p, p ); + QApplication::sendEvent(target, &he); +@@ -1120,7 +1122,6 @@ bool RenderWidget::handleEvent(const DOM::EventImpl& ev) + if (ev.id() == EventImpl::MOUSEUP_EVENT) { + view()->setMouseEventsTarget( 0 ); + } +- delete e; + break; + } + case EventImpl::KEYDOWN_EVENT: diff --git a/kdelibs.spec b/kdelibs.spec index 7ecbeb2..986fc7f 100644 --- a/kdelibs.spec +++ b/kdelibs.spec @@ -25,7 +25,7 @@ Summary: KDE Libraries Version: 4.8.5 -Release: 1%{?dist} +Release: 2%{?dist} Name: kdelibs Epoch: 6 @@ -152,6 +152,8 @@ Patch100: kdelibs-4.8.3-kdeclarative-install-location.patch ## security fix # Not Upstreamed? why not ? -- Rex Patch200: kdelibs-4.3.1-CVE-2009-2702.patch +Patch201: kdelibs-4.9.x-CVE-2012-4515.patch +Patch202: kdelibs-4.9.x-CVE-2012-4514.patch # rhel patches Patch300: kdelibs-4.8.3-webkit.patch @@ -362,6 +364,8 @@ popd # security fixes %patch200 -p1 -b .CVE-2009-2702 +%patch201 -p1 -b .CVE-2012-4515 +%patch202 -p1 -b .CVE-2012-4514 # rhel patches %if 0%{?rhel} @@ -614,6 +618,9 @@ rm -rf %{buildroot} %changelog +* Wed Oct 31 2012 Than Ngo - 6:4.8.5-2 +- Resolves: CVE-2012-4515, CVE-2012-4514 + * Thu Aug 02 2012 Rex Dieter - 6:4.8.5-1 - 4.8.5