Resolves: CVE-2012-4515, CVE-2012-4514
This commit is contained in:
parent
2a663895f5
commit
980668d168
|
@ -0,0 +1,27 @@
|
||||||
|
commit 65464349951e0df9b5d80c2eb3cc7458d54923ae
|
||||||
|
Author: David Faure <faure@kde.org>
|
||||||
|
Date: Fri Oct 19 11:33:41 2012 +0200
|
||||||
|
|
||||||
|
Fix crash when trying to reuse a frame with a null part.
|
||||||
|
|
||||||
|
BUG: 271528
|
||||||
|
FIXED-IN: 4.9.3
|
||||||
|
|
||||||
|
diff --git a/khtml/khtml_part.cpp b/khtml/khtml_part.cpp
|
||||||
|
index ad00ea5..6165710 100644
|
||||||
|
--- a/khtml/khtml_part.cpp
|
||||||
|
+++ b/khtml/khtml_part.cpp
|
||||||
|
@@ -5242,8 +5242,12 @@ KHTMLPart* KHTMLPartPrivate::top()
|
||||||
|
|
||||||
|
bool KHTMLPartPrivate::canNavigate(KParts::ReadOnlyPart* bCand)
|
||||||
|
{
|
||||||
|
+ if (!bCand) // No part here (e.g. invalid url), reuse that frame
|
||||||
|
+ return true;
|
||||||
|
+
|
||||||
|
KHTMLPart* b = qobject_cast<KHTMLPart*>(bCand);
|
||||||
|
- assert(b);
|
||||||
|
+ if (!b) // Another kind of part? Not sure what to do...
|
||||||
|
+ return false;
|
||||||
|
|
||||||
|
// HTML5 gives conditions for this (a) being able to navigate b
|
||||||
|
|
|
@ -0,0 +1,50 @@
|
||||||
|
commit 4f2eb356f1c23444fff2cfe0a7ae10efe303d6d8
|
||||||
|
Author: David Faure <faure@kde.org>
|
||||||
|
Date: Wed Oct 24 20:04:31 2012 +0200
|
||||||
|
|
||||||
|
Fix crash when a redirect happens in an iframe while the context menu is shown
|
||||||
|
|
||||||
|
diff --git a/khtml/rendering/render_replaced.cpp b/khtml/rendering/render_replaced.cpp
|
||||||
|
index 195dcba..6bc5caa 100644
|
||||||
|
--- a/khtml/rendering/render_replaced.cpp
|
||||||
|
+++ b/khtml/rendering/render_replaced.cpp
|
||||||
|
@@ -1030,7 +1030,7 @@ bool RenderWidget::handleEvent(const DOM::EventImpl& ev)
|
||||||
|
p.setY(qMin(qMax(0,p.y()),m_widget->height()));
|
||||||
|
}
|
||||||
|
|
||||||
|
- QWidget* target = 0;
|
||||||
|
+ QPointer<QWidget> target;
|
||||||
|
target = m_widget->childAt(p);
|
||||||
|
|
||||||
|
if (target) {
|
||||||
|
@@ -1103,16 +1103,18 @@ bool RenderWidget::handleEvent(const DOM::EventImpl& ev)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- QEvent *e = isMouseWheel ?
|
||||||
|
+ QScopedPointer<QEvent> e(isMouseWheel ?
|
||||||
|
static_cast<QEvent*>(new QWheelEvent(p, -me.detail()*40, buttons, state, orient)) :
|
||||||
|
- static_cast<QEvent*>(new QMouseEvent(type, p, button, buttons, state));
|
||||||
|
+ static_cast<QEvent*>(new QMouseEvent(type, p, button, buttons, state)));
|
||||||
|
|
||||||
|
|
||||||
|
- ret = bubblingSend(target, e, m_widget);
|
||||||
|
+ ret = bubblingSend(target, e.data(), m_widget);
|
||||||
|
|
||||||
|
+ if (!target)
|
||||||
|
+ break;
|
||||||
|
if (needContextMenuEvent) {
|
||||||
|
QContextMenuEvent cme(QContextMenuEvent::Mouse, p);
|
||||||
|
- static_cast<EventPropagator *>(target)->sendEvent(&cme);
|
||||||
|
+ static_cast<EventPropagator *>(target.data())->sendEvent(&cme);
|
||||||
|
} else if (type == QEvent::MouseMove && target->testAttribute(Qt::WA_Hover)) {
|
||||||
|
QHoverEvent he( QEvent::HoverMove, p, p );
|
||||||
|
QApplication::sendEvent(target, &he);
|
||||||
|
@@ -1120,7 +1122,6 @@ bool RenderWidget::handleEvent(const DOM::EventImpl& ev)
|
||||||
|
if (ev.id() == EventImpl::MOUSEUP_EVENT) {
|
||||||
|
view()->setMouseEventsTarget( 0 );
|
||||||
|
}
|
||||||
|
- delete e;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
case EventImpl::KEYDOWN_EVENT:
|
|
@ -25,7 +25,7 @@
|
||||||
|
|
||||||
Summary: KDE Libraries
|
Summary: KDE Libraries
|
||||||
Version: 4.8.5
|
Version: 4.8.5
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
|
|
||||||
Name: kdelibs
|
Name: kdelibs
|
||||||
Epoch: 6
|
Epoch: 6
|
||||||
|
@ -152,6 +152,8 @@ Patch100: kdelibs-4.8.3-kdeclarative-install-location.patch
|
||||||
## security fix
|
## security fix
|
||||||
# Not Upstreamed? why not ? -- Rex
|
# Not Upstreamed? why not ? -- Rex
|
||||||
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
|
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
|
||||||
|
Patch201: kdelibs-4.9.x-CVE-2012-4515.patch
|
||||||
|
Patch202: kdelibs-4.9.x-CVE-2012-4514.patch
|
||||||
|
|
||||||
# rhel patches
|
# rhel patches
|
||||||
Patch300: kdelibs-4.8.3-webkit.patch
|
Patch300: kdelibs-4.8.3-webkit.patch
|
||||||
|
@ -362,6 +364,8 @@ popd
|
||||||
|
|
||||||
# security fixes
|
# security fixes
|
||||||
%patch200 -p1 -b .CVE-2009-2702
|
%patch200 -p1 -b .CVE-2009-2702
|
||||||
|
%patch201 -p1 -b .CVE-2012-4515
|
||||||
|
%patch202 -p1 -b .CVE-2012-4514
|
||||||
|
|
||||||
# rhel patches
|
# rhel patches
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel}
|
||||||
|
@ -614,6 +618,9 @@ rm -rf %{buildroot}
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Oct 31 2012 Than Ngo <than@redhat.com> - 6:4.8.5-2
|
||||||
|
- Resolves: CVE-2012-4515, CVE-2012-4514
|
||||||
|
|
||||||
* Thu Aug 02 2012 Rex Dieter <rdieter@fedoraproject.org> - 6:4.8.5-1
|
* Thu Aug 02 2012 Rex Dieter <rdieter@fedoraproject.org> - 6:4.8.5-1
|
||||||
- 4.8.5
|
- 4.8.5
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue