Sync from devel:
Sun Jul 26 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-13 - fix CVE-2009-2537 - select length DoS - fix CVE-2009-1725 - crash, possible ACE in numeric character references - fix CVE-2009-1690 - crash, possible ACE in KHTML (<head> use-after-free) - fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?) - fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild Sat Jul 18 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-12 - FTBFS kdelibs3-3.5.10-11.fc11 (#511571) - -devel: Requires: %%{name}%%_isa ...
This commit is contained in:
parent
9202d57183
commit
1cee48288d
42
kdelibs-3.5.10-cve-2009-1698.patch
Normal file
42
kdelibs-3.5.10-cve-2009-1698.patch
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
diff -ur kdelibs-3.5.10/khtml/css/cssparser.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp
|
||||||
|
--- kdelibs-3.5.10/khtml/css/cssparser.cpp 2007-01-15 12:34:04.000000000 +0100
|
||||||
|
+++ kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp 2009-07-26 05:46:39.000000000 +0200
|
||||||
|
@@ -1344,6 +1344,14 @@
|
||||||
|
if ( args->size() != 1)
|
||||||
|
return false;
|
||||||
|
Value *a = args->current();
|
||||||
|
+ if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
|
||||||
|
+ isValid=false;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ if (qString(a->string)[0] == '-') {
|
||||||
|
+ isValid=false;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
@@ -1396,7 +1404,8 @@
|
||||||
|
|
||||||
|
CounterImpl *counter = new CounterImpl;
|
||||||
|
Value *i = args->current();
|
||||||
|
-// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
|
||||||
|
+ if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
|
||||||
|
+ if (qString(i->string)[0] == '-') goto invalid;
|
||||||
|
counter->m_identifier = domString(i->string);
|
||||||
|
if (counters) {
|
||||||
|
i = args->next();
|
||||||
|
diff -ur kdelibs-3.5.10/khtml/css/css_valueimpl.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp
|
||||||
|
--- kdelibs-3.5.10/khtml/css/css_valueimpl.cpp 2006-07-22 10:16:49.000000000 +0200
|
||||||
|
+++ kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp 2009-07-26 05:45:36.000000000 +0200
|
||||||
|
@@ -736,7 +736,9 @@
|
||||||
|
text = getValueName(m_value.ident);
|
||||||
|
break;
|
||||||
|
case CSSPrimitiveValue::CSS_ATTR:
|
||||||
|
- // ###
|
||||||
|
+ text = "attr(";
|
||||||
|
+ text += DOMString( m_value.string );
|
||||||
|
+ text += ")";
|
||||||
|
break;
|
||||||
|
case CSSPrimitiveValue::CSS_COUNTER:
|
||||||
|
text = "counter(";
|
13
kdelibs-3.5.10-cve-2009-1725.patch
Normal file
13
kdelibs-3.5.10-cve-2009-1725.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Index: khtml/html/htmltokenizer.cpp
|
||||||
|
===================================================================
|
||||||
|
--- khtml/html/htmltokenizer.cpp (revision 1002163)
|
||||||
|
+++ khtml/html/htmltokenizer.cpp (revision 1002164)
|
||||||
|
@@ -736,7 +736,7 @@
|
||||||
|
#ifdef TOKEN_DEBUG
|
||||||
|
kdDebug( 6036 ) << "unknown entity!" << endl;
|
||||||
|
#endif
|
||||||
|
- checkBuffer(10);
|
||||||
|
+ checkBuffer(11);
|
||||||
|
// ignore the sequence, add it to the buffer as plaintext
|
||||||
|
*dest++ = '&';
|
||||||
|
for(unsigned int i = 0; i < cBufferPos; i++)
|
30
kdelibs-3.5.10-cve-2009-2537-select-length.patch
Normal file
30
kdelibs-3.5.10-cve-2009-2537-select-length.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
diff -ur kdelibs-3.5.10/khtml/ecma/kjs_html.cpp kdelibs-3.5.10-cve-2009-2537-select-length/khtml/ecma/kjs_html.cpp
|
||||||
|
--- kdelibs-3.5.10/khtml/ecma/kjs_html.cpp 2008-02-13 10:41:09.000000000 +0100
|
||||||
|
+++ kdelibs-3.5.10-cve-2009-2537-select-length/khtml/ecma/kjs_html.cpp 2009-07-26 04:54:52.000000000 +0200
|
||||||
|
@@ -62,6 +62,9 @@
|
||||||
|
|
||||||
|
#include <kdebug.h>
|
||||||
|
|
||||||
|
+// CVE-2009-2537 (vendors agreed on max 10000 elements)
|
||||||
|
+#define MAX_SELECT_LENGTH 10000
|
||||||
|
+
|
||||||
|
namespace KJS {
|
||||||
|
|
||||||
|
KJS_DEFINE_PROTOTYPE_WITH_PROTOTYPE(HTMLDocumentProto, DOMDocumentProto)
|
||||||
|
@@ -2550,8 +2553,14 @@
|
||||||
|
case SelectValue: { select.setValue(str); return; }
|
||||||
|
case SelectLength: { // read-only according to the NS spec, but webpages need it writeable
|
||||||
|
Object coll = Object::dynamicCast( getSelectHTMLCollection(exec, select.options(), select) );
|
||||||
|
- if ( coll.isValid() )
|
||||||
|
- coll.put(exec,"length",value);
|
||||||
|
+
|
||||||
|
+ if ( coll.isValid() ) {
|
||||||
|
+ if (value.toInteger(exec) >= MAX_SELECT_LENGTH) {
|
||||||
|
+ Object err = Error::create(exec, RangeError);
|
||||||
|
+ exec->setException(err);
|
||||||
|
+ } else
|
||||||
|
+ coll.put(exec, "length", value);
|
||||||
|
+ }
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// read-only: form
|
20
kdelibs-3.5.4-CVE-2009-1687.patch
Normal file
20
kdelibs-3.5.4-CVE-2009-1687.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
--- kdelibs-3.5.4/kjs/collector.cpp.CVE-2009-1687 2009-06-17 15:07:33.000000000 +0200
|
||||||
|
+++ kdelibs-3.5.4/kjs/collector.cpp 2009-06-20 00:42:48.000000000 +0200
|
||||||
|
@@ -23,6 +23,7 @@
|
||||||
|
|
||||||
|
#include "value.h"
|
||||||
|
#include "internal.h"
|
||||||
|
+#include <limits.h>
|
||||||
|
|
||||||
|
#ifndef MAX
|
||||||
|
#define MAX(a,b) ((a) > (b) ? (a) : (b))
|
||||||
|
@@ -119,6 +120,9 @@
|
||||||
|
// didn't find one, need to allocate a new block
|
||||||
|
|
||||||
|
if (heap.usedBlocks == heap.numBlocks) {
|
||||||
|
+ static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR;
|
||||||
|
+ if (heap.numBlocks > maxNumBlocks)
|
||||||
|
+ return 0L;
|
||||||
|
heap.numBlocks = MAX(MIN_ARRAY_SIZE, heap.numBlocks * GROWTH_FACTOR);
|
||||||
|
heap.blocks = (CollectorBlock **)realloc(heap.blocks, heap.numBlocks * sizeof(CollectorBlock *));
|
||||||
|
}
|
545
kdelibs-3.5.4-CVE-2009-1690.patch
Normal file
545
kdelibs-3.5.4-CVE-2009-1690.patch
Normal file
@ -0,0 +1,545 @@
|
|||||||
|
--- kdelibs-3.5.4/khtml/html/RefPtr.h.CVE-2009-1690 2009-06-17 14:19:00.000000000 +0200
|
||||||
|
+++ kdelibs-3.5.4/khtml/html/RefPtr.h 2009-06-17 14:19:00.000000000 +0200
|
||||||
|
@@ -0,0 +1,202 @@
|
||||||
|
+// -*- mode: c++; c-basic-offset: 4 -*-
|
||||||
|
+/*
|
||||||
|
+ * Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
|
||||||
|
+ *
|
||||||
|
+ * This library is free software; you can redistribute it and/or
|
||||||
|
+ * modify it under the terms of the GNU Library General Public
|
||||||
|
+ * License as published by the Free Software Foundation; either
|
||||||
|
+ * version 2 of the License, or (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * This library is distributed in the hope that it will be useful,
|
||||||
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ * Library General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU Library General Public License
|
||||||
|
+ * along with this library; see the file COPYING.LIB. If not, write to
|
||||||
|
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
+ * Boston, MA 02110-1301, USA.
|
||||||
|
+ *
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#ifndef WTF_RefPtr_h
|
||||||
|
+#define WTF_RefPtr_h
|
||||||
|
+
|
||||||
|
+#include <algorithm>
|
||||||
|
+#include "AlwaysInline.h"
|
||||||
|
+
|
||||||
|
+namespace WTF {
|
||||||
|
+
|
||||||
|
+ enum PlacementNewAdoptType { PlacementNewAdopt };
|
||||||
|
+
|
||||||
|
+ template <typename T> class PassRefPtr;
|
||||||
|
+
|
||||||
|
+ enum HashTableDeletedValueType { HashTableDeletedValue };
|
||||||
|
+
|
||||||
|
+ template <typename T> class RefPtr {
|
||||||
|
+ public:
|
||||||
|
+ RefPtr() : m_ptr(0) { }
|
||||||
|
+ RefPtr(T* ptr) : m_ptr(ptr) { if (ptr) ptr->ref(); }
|
||||||
|
+ RefPtr(const RefPtr& o) : m_ptr(o.m_ptr) { if (T* ptr = m_ptr) ptr->ref(); }
|
||||||
|
+ // see comment in PassRefPtr.h for why this takes const reference
|
||||||
|
+ template <typename U> RefPtr(const PassRefPtr<U>&);
|
||||||
|
+
|
||||||
|
+ // Special constructor for cases where we overwrite an object in place.
|
||||||
|
+ RefPtr(PlacementNewAdoptType) { }
|
||||||
|
+
|
||||||
|
+ // Hash table deleted values, which are only constructed and never copied or destroyed.
|
||||||
|
+ RefPtr(HashTableDeletedValueType) : m_ptr(hashTableDeletedValue()) { }
|
||||||
|
+ bool isHashTableDeletedValue() const { return m_ptr == hashTableDeletedValue(); }
|
||||||
|
+
|
||||||
|
+ ~RefPtr() { if (T* ptr = m_ptr) ptr->deref(); }
|
||||||
|
+
|
||||||
|
+ template <typename U> RefPtr(const RefPtr<U>& o) : m_ptr(o.get()) { if (T* ptr = m_ptr) ptr->ref(); }
|
||||||
|
+
|
||||||
|
+ T* get() const { return m_ptr; }
|
||||||
|
+
|
||||||
|
+ void clear() { if (T* ptr = m_ptr) ptr->deref(); m_ptr = 0; }
|
||||||
|
+ PassRefPtr<T> release() { PassRefPtr<T> tmp = adoptRef(m_ptr); m_ptr = 0; return tmp; }
|
||||||
|
+
|
||||||
|
+ T& operator*() const { return *m_ptr; }
|
||||||
|
+ ALWAYS_INLINE T* operator->() const { return m_ptr; }
|
||||||
|
+
|
||||||
|
+ bool operator!() const { return !m_ptr; }
|
||||||
|
+
|
||||||
|
+ // This conversion operator allows implicit conversion to bool but not to other integer types.
|
||||||
|
+ typedef T* RefPtr::*UnspecifiedBoolType;
|
||||||
|
+ operator UnspecifiedBoolType() const { return m_ptr ? &RefPtr::m_ptr : 0; }
|
||||||
|
+
|
||||||
|
+ RefPtr& operator=(const RefPtr&);
|
||||||
|
+ RefPtr& operator=(T*);
|
||||||
|
+ RefPtr& operator=(const PassRefPtr<T>&);
|
||||||
|
+ template <typename U> RefPtr& operator=(const RefPtr<U>&);
|
||||||
|
+ template <typename U> RefPtr& operator=(const PassRefPtr<U>&);
|
||||||
|
+
|
||||||
|
+ void swap(RefPtr&);
|
||||||
|
+
|
||||||
|
+ private:
|
||||||
|
+ static T* hashTableDeletedValue() { return reinterpret_cast<T*>(-1); }
|
||||||
|
+
|
||||||
|
+ T* m_ptr;
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ template <typename T> template <typename U> inline RefPtr<T>::RefPtr(const PassRefPtr<U>& o)
|
||||||
|
+ : m_ptr(o.releaseRef())
|
||||||
|
+ {
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(const RefPtr<T>& o)
|
||||||
|
+ {
|
||||||
|
+ T* optr = o.get();
|
||||||
|
+ if (optr)
|
||||||
|
+ optr->ref();
|
||||||
|
+ T* ptr = m_ptr;
|
||||||
|
+ m_ptr = optr;
|
||||||
|
+ if (ptr)
|
||||||
|
+ ptr->deref();
|
||||||
|
+ return *this;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <typename T> template <typename U> inline RefPtr<T>& RefPtr<T>::operator=(const RefPtr<U>& o)
|
||||||
|
+ {
|
||||||
|
+ T* optr = o.get();
|
||||||
|
+ if (optr)
|
||||||
|
+ optr->ref();
|
||||||
|
+ T* ptr = m_ptr;
|
||||||
|
+ m_ptr = optr;
|
||||||
|
+ if (ptr)
|
||||||
|
+ ptr->deref();
|
||||||
|
+ return *this;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(T* optr)
|
||||||
|
+ {
|
||||||
|
+ if (optr)
|
||||||
|
+ optr->ref();
|
||||||
|
+ T* ptr = m_ptr;
|
||||||
|
+ m_ptr = optr;
|
||||||
|
+ if (ptr)
|
||||||
|
+ ptr->deref();
|
||||||
|
+ return *this;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(const PassRefPtr<T>& o)
|
||||||
|
+ {
|
||||||
|
+ T* ptr = m_ptr;
|
||||||
|
+ m_ptr = o.releaseRef();
|
||||||
|
+ if (ptr)
|
||||||
|
+ ptr->deref();
|
||||||
|
+ return *this;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <typename T> template <typename U> inline RefPtr<T>& RefPtr<T>::operator=(const PassRefPtr<U>& o)
|
||||||
|
+ {
|
||||||
|
+ T* ptr = m_ptr;
|
||||||
|
+ m_ptr = o.releaseRef();
|
||||||
|
+ if (ptr)
|
||||||
|
+ ptr->deref();
|
||||||
|
+ return *this;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <class T> inline void RefPtr<T>::swap(RefPtr<T>& o)
|
||||||
|
+ {
|
||||||
|
+ std::swap(m_ptr, o.m_ptr);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <class T> inline void swap(RefPtr<T>& a, RefPtr<T>& b)
|
||||||
|
+ {
|
||||||
|
+ a.swap(b);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <typename T, typename U> inline bool operator==(const RefPtr<T>& a, const RefPtr<U>& b)
|
||||||
|
+ {
|
||||||
|
+ return a.get() == b.get();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <typename T, typename U> inline bool operator==(const RefPtr<T>& a, U* b)
|
||||||
|
+ {
|
||||||
|
+ return a.get() == b;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <typename T, typename U> inline bool operator==(T* a, const RefPtr<U>& b)
|
||||||
|
+ {
|
||||||
|
+ return a == b.get();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <typename T, typename U> inline bool operator!=(const RefPtr<T>& a, const RefPtr<U>& b)
|
||||||
|
+ {
|
||||||
|
+ return a.get() != b.get();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <typename T, typename U> inline bool operator!=(const RefPtr<T>& a, U* b)
|
||||||
|
+ {
|
||||||
|
+ return a.get() != b;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <typename T, typename U> inline bool operator!=(T* a, const RefPtr<U>& b)
|
||||||
|
+ {
|
||||||
|
+ return a != b.get();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <typename T, typename U> inline RefPtr<T> static_pointer_cast(const RefPtr<U>& p)
|
||||||
|
+ {
|
||||||
|
+ return RefPtr<T>(static_cast<T*>(p.get()));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <typename T, typename U> inline RefPtr<T> const_pointer_cast(const RefPtr<U>& p)
|
||||||
|
+ {
|
||||||
|
+ return RefPtr<T>(const_cast<T*>(p.get()));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ template <typename T> inline T* getPtr(const RefPtr<T>& p)
|
||||||
|
+ {
|
||||||
|
+ return p.get();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+} // namespace WTF
|
||||||
|
+
|
||||||
|
+using WTF::RefPtr;
|
||||||
|
+using WTF::static_pointer_cast;
|
||||||
|
+using WTF::const_pointer_cast;
|
||||||
|
+
|
||||||
|
+#endif // WTF_RefPtr_h
|
||||||
|
--- kdelibs-3.5.4/khtml/html/htmlparser.cpp.CVE-2009-1690 2006-07-22 10:16:43.000000000 +0200
|
||||||
|
+++ kdelibs-3.5.4/khtml/html/htmlparser.cpp 2009-06-17 11:51:15.000000000 +0200
|
||||||
|
@@ -199,7 +199,6 @@
|
||||||
|
|
||||||
|
form = 0;
|
||||||
|
map = 0;
|
||||||
|
- head = 0;
|
||||||
|
end = false;
|
||||||
|
isindex = 0;
|
||||||
|
|
||||||
|
@@ -616,8 +615,7 @@
|
||||||
|
case ID_BASE:
|
||||||
|
if(!head) {
|
||||||
|
head = new HTMLHeadElementImpl(document);
|
||||||
|
- e = head;
|
||||||
|
- insertNode(e);
|
||||||
|
+ insertNode(head.get());
|
||||||
|
handled = true;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
@@ -839,7 +837,7 @@
|
||||||
|
case ID_HEAD:
|
||||||
|
if(!head && current->id() == ID_HTML) {
|
||||||
|
head = new HTMLHeadElementImpl(document);
|
||||||
|
- n = head;
|
||||||
|
+ n = head.get();
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case ID_BODY:
|
||||||
|
@@ -1679,12 +1677,12 @@
|
||||||
|
head = new HTMLHeadElementImpl(document);
|
||||||
|
HTMLElementImpl *body = doc()->body();
|
||||||
|
int exceptioncode = 0;
|
||||||
|
- doc()->firstChild()->insertBefore(head, body, exceptioncode);
|
||||||
|
+ doc()->firstChild()->insertBefore(head.get(), body, exceptioncode);
|
||||||
|
if ( exceptioncode ) {
|
||||||
|
#ifdef PARSER_DEBUG
|
||||||
|
kdDebug( 6035 ) << "creation of head failed!!!!" << endl;
|
||||||
|
#endif
|
||||||
|
- delete head;
|
||||||
|
+ delete head.get();
|
||||||
|
head = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--- kdelibs-3.5.4/khtml/html/Platform.h.CVE-2009-1690 2009-06-17 14:19:07.000000000 +0200
|
||||||
|
+++ kdelibs-3.5.4/khtml/html/Platform.h 2009-06-17 14:19:07.000000000 +0200
|
||||||
|
@@ -0,0 +1,218 @@
|
||||||
|
+/* -*- mode: c++; c-basic-offset: 4 -*- */
|
||||||
|
+/*
|
||||||
|
+ * Copyright (C) 2006 Apple Computer, Inc. All rights reserved.
|
||||||
|
+ *
|
||||||
|
+ * Redistribution and use in source and binary forms, with or without
|
||||||
|
+ * modification, are permitted provided that the following conditions
|
||||||
|
+ * are met:
|
||||||
|
+ * 1. Redistributions of source code must retain the above copyright
|
||||||
|
+ * notice, this list of conditions and the following disclaimer.
|
||||||
|
+ * 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
+ * notice, this list of conditions and the following disclaimer in the
|
||||||
|
+ * documentation and/or other materials provided with the distribution.
|
||||||
|
+ *
|
||||||
|
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
|
||||||
|
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||||
|
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
|
||||||
|
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||||
|
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||||
|
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||||
|
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
|
||||||
|
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||||
|
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#ifndef WTF_Platform_h
|
||||||
|
+#define WTF_Platform_h
|
||||||
|
+
|
||||||
|
+/* Force KDE build here in our tree... */
|
||||||
|
+#ifndef BUILDING_KDE__
|
||||||
|
+#define BUILDING_KDE__ 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* PLATFORM handles OS, operating environment, graphics API, and CPU */
|
||||||
|
+#define PLATFORM(WTF_FEATURE) (defined( WTF_PLATFORM_##WTF_FEATURE ) && WTF_PLATFORM_##WTF_FEATURE)
|
||||||
|
+#define COMPILER(WTF_FEATURE) (defined( WTF_COMPILER_##WTF_FEATURE ) && WTF_COMPILER_##WTF_FEATURE)
|
||||||
|
+#define HAVE(WTF_FEATURE) (defined( HAVE_##WTF_FEATURE ) && HAVE_##WTF_FEATURE)
|
||||||
|
+#define USE(WTF_FEATURE) (defined( WTF_USE_##WTF_FEATURE ) && WTF_USE_##WTF_FEATURE)
|
||||||
|
+#define ENABLE(WTF_FEATURE) (defined( ENABLE_##WTF_FEATURE ) && ENABLE_##WTF_FEATURE)
|
||||||
|
+
|
||||||
|
+/* Operating systems - low-level dependencies */
|
||||||
|
+
|
||||||
|
+/* PLATFORM(DARWIN) */
|
||||||
|
+/* Operating system level dependencies for Mac OS X / Darwin that should */
|
||||||
|
+/* be used regardless of operating environment */
|
||||||
|
+#ifdef __APPLE__
|
||||||
|
+#define WTF_PLATFORM_DARWIN 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* PLATFORM(WIN_OS) */
|
||||||
|
+/* Operating system level dependencies for Windows that should be used */
|
||||||
|
+/* regardless of operating environment */
|
||||||
|
+#if defined(WIN32) || defined(_WIN32)
|
||||||
|
+#define WTF_PLATFORM_WIN_OS 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* PLATFORM(UNIX) */
|
||||||
|
+/* Operating system level dependencies for Unix-like systems that */
|
||||||
|
+/* should be used regardless of operating environment */
|
||||||
|
+/* (includes PLATFORM(DARWIN)) */
|
||||||
|
+#if defined(__APPLE__) \
|
||||||
|
+ || defined(unix) \
|
||||||
|
+ || defined(__unix) \
|
||||||
|
+ || defined(__unix__) \
|
||||||
|
+ || defined (__NetBSD__) \
|
||||||
|
+ || defined(_AIX)
|
||||||
|
+#define WTF_PLATFORM_UNIX 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* PLATFORM(SOLARIS_OS) */
|
||||||
|
+/* Operating system level dependencies for Sun (Open)Solaris 10. */
|
||||||
|
+/* Studio 12 on Solaris defines __SunOS; gcc defines __sun__; */
|
||||||
|
+/* Both compilers define __sun and sun. */
|
||||||
|
+#if defined(__sun) || defined(sun)
|
||||||
|
+#define WTF_PLATFORM_SOLARIS_OS 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* Operating environments */
|
||||||
|
+
|
||||||
|
+/* I made the BUILDING_KDE__ macro up for the KDE build system to define */
|
||||||
|
+
|
||||||
|
+/* PLATFORM(KDE) */
|
||||||
|
+/* PLATFORM(MAC) */
|
||||||
|
+/* PLATFORM(WIN) */
|
||||||
|
+#if BUILDING_KDE__
|
||||||
|
+#define WTF_PLATFORM_KDE 1
|
||||||
|
+#elif PLATFORM(DARWIN)
|
||||||
|
+#define WTF_PLATFORM_MAC 1
|
||||||
|
+#elif PLATFORM(WIN_OS)
|
||||||
|
+#define WTF_PLATFORM_WIN 1
|
||||||
|
+#endif
|
||||||
|
+#if defined(BUILDING_GDK__)
|
||||||
|
+#define WTF_PLATFORM_GDK 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+/* CPU */
|
||||||
|
+
|
||||||
|
+/* PLATFORM(PPC) */
|
||||||
|
+#if defined(__ppc__) \
|
||||||
|
+ || defined(__PPC__) \
|
||||||
|
+ || defined(__powerpc__) \
|
||||||
|
+ || defined(__powerpc) \
|
||||||
|
+ || defined(__POWERPC__) \
|
||||||
|
+ || defined(_M_PPC) \
|
||||||
|
+ || defined(__PPC)
|
||||||
|
+#define WTF_PLATFORM_PPC 1
|
||||||
|
+#define WTF_PLATFORM_BIG_ENDIAN 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* PLATFORM(PPC64) */
|
||||||
|
+#if defined(__ppc64__) \
|
||||||
|
+ || defined(__PPC64__)
|
||||||
|
+#define WTF_PLATFORM_PPC64 1
|
||||||
|
+#define WTF_PLATFORM_BIG_ENDIAN 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#if defined(arm)
|
||||||
|
+#define WTF_PLATFORM_ARM 1
|
||||||
|
+#if defined(__ARMEB__)
|
||||||
|
+#define WTF_PLATFORM_BIG_ENDIAN 1
|
||||||
|
+#elif !defined(__ARM_EABI__) && !defined(__ARMEB__)
|
||||||
|
+#define WTF_PLATFORM_MIDDLE_ENDIAN 1
|
||||||
|
+#endif
|
||||||
|
+#if !defined(__ARM_EABI__)
|
||||||
|
+#define WTF_PLATFORM_FORCE_PACK 1
|
||||||
|
+#endif
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* PLATFORM(X86) */
|
||||||
|
+#if defined(__i386__) \
|
||||||
|
+ || defined(i386) \
|
||||||
|
+ || defined(_M_IX86) \
|
||||||
|
+ || defined(_X86_) \
|
||||||
|
+ || defined(__THW_INTEL)
|
||||||
|
+#define WTF_PLATFORM_X86 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* PLATFORM(X86_64) */
|
||||||
|
+#if defined(__x86_64__) \
|
||||||
|
+ || defined(__ia64__)
|
||||||
|
+#define WTF_PLATFORM_X86_64 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* PLATFORM(SPARC) */
|
||||||
|
+#if defined(sparc)
|
||||||
|
+#define WTF_PLATFORM_SPARC 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* Compiler */
|
||||||
|
+
|
||||||
|
+/* COMPILER(CWP) */
|
||||||
|
+#if defined(__MWERKS__)
|
||||||
|
+#define WTF_COMPILER_CWP 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* COMPILER(MSVC) */
|
||||||
|
+#if defined(_MSC_VER)
|
||||||
|
+#define WTF_COMPILER_MSVC 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* COMPILER(GCC) */
|
||||||
|
+#if defined(__GNUC__)
|
||||||
|
+#define WTF_COMPILER_GCC 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* COMPILER(SUNPRO) */
|
||||||
|
+#if defined(__SUNPRO_CC)
|
||||||
|
+#define WTF_COMPILER_SUNPRO 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* COMPILER(BORLAND) */
|
||||||
|
+/* not really fully supported - is this relevant any more? */
|
||||||
|
+#if defined(__BORLANDC__)
|
||||||
|
+#define WTF_COMPILER_BORLAND 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* COMPILER(CYGWIN) */
|
||||||
|
+/* not really fully supported - is this relevant any more? */
|
||||||
|
+#if defined(__CYGWIN__)
|
||||||
|
+#define WTF_COMPILER_CYGWIN 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* multiple threads only supported on Mac for now */
|
||||||
|
+#if PLATFORM(MAC)
|
||||||
|
+#ifndef WTF_USE_MULTIPLE_THREADS
|
||||||
|
+#define WTF_USE_MULTIPLE_THREADS 1
|
||||||
|
+#endif
|
||||||
|
+#ifndef WTF_USE_BINDINGS
|
||||||
|
+#define WTF_USE_BINDINGS 1
|
||||||
|
+#endif
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* for Unicode, KDE uses Qt, everything else uses ICU */
|
||||||
|
+#if PLATFORM(KDE) || PLATFORM(QT)
|
||||||
|
+#define WTF_USE_QT4_UNICODE 1
|
||||||
|
+#elif PLATFORM(SYMBIAN)
|
||||||
|
+#define WTF_USE_SYMBIAN_UNICODE 1
|
||||||
|
+#else
|
||||||
|
+#define WTF_USE_ICU_UNICODE 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#if PLATFORM(MAC)
|
||||||
|
+#define WTF_PLATFORM_CF 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#if PLATFORM(WIN)
|
||||||
|
+#define WTF_USE_WININET 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#if PLATFORM(GDK)
|
||||||
|
+#define WTF_USE_CURL 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* ENABLE macro defaults */
|
||||||
|
+
|
||||||
|
+#endif /* WTF_Platform_h */
|
||||||
|
--- kdelibs-3.5.4/khtml/html/AlwaysInline.h.CVE-2009-1690 2009-06-17 14:18:52.000000000 +0200
|
||||||
|
+++ kdelibs-3.5.4/khtml/html/AlwaysInline.h 2009-06-17 13:56:36.000000000 +0200
|
||||||
|
@@ -0,0 +1,49 @@
|
||||||
|
+/*
|
||||||
|
+ * Copyright (C) 2005, 2007 Apple Inc. All rights reserved.
|
||||||
|
+ *
|
||||||
|
+ * This library is free software; you can redistribute it and/or
|
||||||
|
+ * modify it under the terms of the GNU Library General Public
|
||||||
|
+ * License as published by the Free Software Foundation; either
|
||||||
|
+ * version 2 of the License, or (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * This library is distributed in the hope that it will be useful,
|
||||||
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ * Library General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU Library General Public License
|
||||||
|
+ * along with this library; see the file COPYING.LIB. If not, write to
|
||||||
|
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
+ * Boston, MA 02110-1301, USA.
|
||||||
|
+ *
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include "html/Platform.h"
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+#ifndef ALWAYS_INLINE
|
||||||
|
+#if COMPILER(GCC) && defined(NDEBUG) && __GNUC__ > 3
|
||||||
|
+#define ALWAYS_INLINE inline __attribute__ ((__always_inline__))
|
||||||
|
+#elif COMPILER(MSVC) && defined(NDEBUG)
|
||||||
|
+#define ALWAYS_INLINE __forceinline
|
||||||
|
+#else
|
||||||
|
+#define ALWAYS_INLINE inline
|
||||||
|
+#endif
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#ifndef ALWAYS_INLINE_INTO
|
||||||
|
+#if COMPILER(GCC) && defined(NDEBUG) && ((__GNUC__ == 4 && __GNUC_MINOR__ >= 1) || __GNUC__ > 4)
|
||||||
|
+#define ALWAYS_INLINE_INTO __attribute__ ((__flatten__))
|
||||||
|
+#else
|
||||||
|
+#define ALWAYS_INLINE_INTO
|
||||||
|
+#endif
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+#ifndef NEVER_INLINE
|
||||||
|
+#if COMPILER(GCC) && __GNUC__ > 3
|
||||||
|
+#define NEVER_INLINE __attribute__ ((__noinline__))
|
||||||
|
+#else
|
||||||
|
+#define NEVER_INLINE
|
||||||
|
+#endif
|
||||||
|
+#endif
|
||||||
|
--- kdelibs-3.5.4/khtml/html/htmlparser.h.CVE-2009-1690 2005-10-10 17:06:04.000000000 +0200
|
||||||
|
+++ kdelibs-3.5.4/khtml/html/htmlparser.h 2009-06-17 14:42:27.000000000 +0200
|
||||||
|
@@ -38,10 +38,10 @@
|
||||||
|
#include <qdatetime.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-
|
||||||
|
#include "dom/dom_string.h"
|
||||||
|
#include "xml/dom_nodeimpl.h"
|
||||||
|
#include "html/html_documentimpl.h"
|
||||||
|
+#include "html/RefPtr.h"
|
||||||
|
|
||||||
|
class KHTMLView;
|
||||||
|
class HTMLStackElem;
|
||||||
|
@@ -148,7 +148,7 @@
|
||||||
|
/*
|
||||||
|
* the head element. Needed for crappy html which defines <base> after </head>
|
||||||
|
*/
|
||||||
|
- DOM::HTMLHeadElementImpl *head;
|
||||||
|
+ RefPtr<DOM::HTMLHeadElementImpl> head;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* a possible <isindex> element in the head. Compatibility hack for
|
@ -36,7 +36,7 @@
|
|||||||
|
|
||||||
Summary: K Desktop Environment 3 - Libraries
|
Summary: K Desktop Environment 3 - Libraries
|
||||||
Version: 3.5.10
|
Version: 3.5.10
|
||||||
Release: 11%{?dist}
|
Release: 13%{?dist}
|
||||||
|
|
||||||
%if 0%{?fedora} > 8
|
%if 0%{?fedora} > 8
|
||||||
Name: kdelibs3
|
Name: kdelibs3
|
||||||
@ -97,7 +97,17 @@ Patch101: kde-3.5-libtool-shlibext.patch
|
|||||||
Patch103: kdelibs-3.5.0-101956.patch
|
Patch103: kdelibs-3.5.0-101956.patch
|
||||||
Patch104: kdelibs-3.5.10-gcc44.patch
|
Patch104: kdelibs-3.5.10-gcc44.patch
|
||||||
|
|
||||||
## upstream patches
|
## security fixes
|
||||||
|
# fix CVE-2009-2537 - select length DoS
|
||||||
|
Patch200: kdelibs-3.5.10-cve-2009-2537-select-length.patch
|
||||||
|
# fix CVE-2009-1725 - crash, possible ACE in numeric character references
|
||||||
|
Patch201: kdelibs-3.5.10-cve-2009-1725.patch
|
||||||
|
# fix CVE-2009-1690 - crash, possible ACE in KHTML (<head> use-after-free)
|
||||||
|
Patch202: kdelibs-3.5.4-CVE-2009-1687.patch
|
||||||
|
# fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?)
|
||||||
|
Patch203: kdelibs-3.5.4-CVE-2009-1690.patch
|
||||||
|
# fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
|
||||||
|
Patch204: kdelibs-3.5.10-cve-2009-1698.patch
|
||||||
|
|
||||||
#{?arts:Requires: arts >= %{arts_ev}}
|
#{?arts:Requires: arts >= %{arts_ev}}
|
||||||
#Requires: %{qt3} >= %{qt3_ev}
|
#Requires: %{qt3} >= %{qt3_ev}
|
||||||
@ -208,7 +218,7 @@ Provides: kdelibs3-devel = %{version}-%{release}
|
|||||||
Obsoletes: kdelibs-devel < 6:%{version}-%{release}
|
Obsoletes: kdelibs-devel < 6:%{version}-%{release}
|
||||||
Provides: kdelibs-devel = 6:%{version}-%{release}
|
Provides: kdelibs-devel = 6:%{version}-%{release}
|
||||||
%endif
|
%endif
|
||||||
Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
|
Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
|
||||||
Requires: %{qt3}-devel
|
Requires: %{qt3}-devel
|
||||||
Requires: openssl-devel
|
Requires: openssl-devel
|
||||||
%{?arts:Requires: arts-devel}
|
%{?arts:Requires: arts-devel}
|
||||||
@ -273,12 +283,19 @@ format for easy browsing
|
|||||||
%patch101 -p1 -b .libtool-shlibext
|
%patch101 -p1 -b .libtool-shlibext
|
||||||
%patch104 -p1 -b .gcc44
|
%patch104 -p1 -b .gcc44
|
||||||
|
|
||||||
# upstream patches
|
# security fixes
|
||||||
|
%patch200 -p1 -b .cve-2009-2537
|
||||||
|
%patch201 -p0 -b .cve-2009-1725
|
||||||
|
%patch202 -p1 -b .cve-2009-1687
|
||||||
|
%patch203 -p1 -b .cve-2009-1690
|
||||||
|
%patch204 -p1 -b .cve-2009-1698
|
||||||
|
|
||||||
sed -i -e "s,^#define KDE_VERSION_STRING .*,#define KDE_VERSION_STRING \"%{version}-%{release} %{distname}\"," kdecore/kdeversion.h
|
sed -i -e "s,^#define KDE_VERSION_STRING .*,#define KDE_VERSION_STRING \"%{version}-%{release} %{distname}\"," kdecore/kdeversion.h
|
||||||
|
|
||||||
%if %{make_cvs}
|
%if %{make_cvs}
|
||||||
make -f admin/Makefile.common cvs
|
# hack/fix for newer automake
|
||||||
|
sed -iautomake -e 's|automake\*1.10\*|automake\*1.1[0-5]\*|' admin/cvs.sh
|
||||||
|
make -f admin/Makefile.common cvs
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
|
||||||
@ -623,6 +640,20 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Jul 26 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-13
|
||||||
|
- fix CVE-2009-2537 - select length DoS
|
||||||
|
- fix CVE-2009-1725 - crash, possible ACE in numeric character references
|
||||||
|
- fix CVE-2009-1690 - crash, possible ACE in KHTML (<head> use-after-free)
|
||||||
|
- fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?)
|
||||||
|
- fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
|
||||||
|
|
||||||
|
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-12
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jul 18 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-12
|
||||||
|
- FTBFS kdelibs3-3.5.10-11.fc11 (#511571)
|
||||||
|
- -devel: Requires: %%{name}%%_isa ...
|
||||||
|
|
||||||
* Sun Apr 19 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-11
|
* Sun Apr 19 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-11
|
||||||
- update openssl patch (for 0.9.8k)
|
- update openssl patch (for 0.9.8k)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user