From 20b7bbefae142fedd3b4644bf7f0ebc0eeb505b3 Mon Sep 17 00:00:00 2001 From: Kevin Kofler Date: Sun, 26 Jul 2009 05:37:15 +0000 Subject: [PATCH] Sync from devel: Sun Jul 26 2009 Kevin Kofler - 3.5.10-13 - fix CVE-2009-2537 - select length DoS - fix CVE-2009-1725 - crash, possible ACE in numeric character references - fix CVE-2009-1690 - crash, possible ACE in KHTML ( use-after-free) - fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?) - fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling Fri Jul 24 2009 Fedora Release Engineering - 3.5.10-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild Sat Jul 18 2009 Rex Dieter - 3.5.10-12 - FTBFS kdelibs3-3.5.10-11.fc11 (#511571) - -devel: Requires: %%{name}%%_isa ... Sun Apr 19 2009 Rex Dieter - 3.5.10-11 - update openssl patch (for 0.9.8k) Thu Apr 16 2009 Rex Dieter - 3.5.10-10 - move designer plugins to runtime (#487622) - make -apidocs noarch Mon Mar 02 2009 Than Ngo - 3.5.10-9 - enable -apidocs Fri Feb 27 2009 Rex Dieter - 3.5.10-8 - disable -apidocs (f11+, #487719) - cleanup unused kdeui_symlink hack baggage Wed Feb 25 2009 Than Ngo - 3.5.10-7 - fix files conflicts with 4.2.x - fix build issue with gcc-4.4 Wed Feb 25 2009 Fedora Release Engineering - 3.5.10-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 3.5.10-5 - unowned dirs (#483318) 3.5.10-4 - Slight speedup to profile.d/kde.sh (#465370). --- kde.sh | 7 +- kdelibs-3.5.10-cve-2009-1698.patch | 42 ++ kdelibs-3.5.10-cve-2009-1725.patch | 13 + ...s-3.5.10-cve-2009-2537-select-length.patch | 30 + kdelibs-3.5.10-gcc44.patch | 21 + ...nssl.patch => kdelibs-3.5.10-openssl.patch | 14 +- kdelibs-3.5.4-CVE-2009-1687.patch | 20 + kdelibs-3.5.4-CVE-2009-1690.patch | 545 ++++++++++++++++++ kdelibs3.spec | 117 ++-- 9 files changed, 766 insertions(+), 43 deletions(-) create mode 100644 kdelibs-3.5.10-cve-2009-1698.patch create mode 100644 kdelibs-3.5.10-cve-2009-1725.patch create mode 100644 kdelibs-3.5.10-cve-2009-2537-select-length.patch create mode 100644 kdelibs-3.5.10-gcc44.patch rename kdelibs-3.5.7-openssl.patch => kdelibs-3.5.10-openssl.patch (71%) create mode 100644 kdelibs-3.5.4-CVE-2009-1687.patch create mode 100644 kdelibs-3.5.4-CVE-2009-1690.patch diff --git a/kde.sh b/kde.sh index 905ace6..e011555 100755 --- a/kde.sh +++ b/kde.sh @@ -5,8 +5,7 @@ [ -z "$KDEDIRS" ] && KDEDIRS="/usr" && export KDEDIRS ## When/if using prelinking, avoids (some) use of kdeinit -if [ -f /etc/sysconfig/prelink ]; then - if [ `grep '^PRELINKING=yes' /etc/sysconfig/prelink` ] ; then - [ -z "$KDE_IS_PRELINKED" ] && KDE_IS_PRELINKED=1 && export KDE_IS_PRELINKED - fi +if [ -z "$KDE_IS_PRELINKED" ] ; then + grep -qs '^PRELINKING=yes' /etc/sysconfig/prelink && \ + KDE_IS_PRELINKED=1 && export KDE_IS_PRELINKED fi diff --git a/kdelibs-3.5.10-cve-2009-1698.patch b/kdelibs-3.5.10-cve-2009-1698.patch new file mode 100644 index 0000000..ab9fea5 --- /dev/null +++ b/kdelibs-3.5.10-cve-2009-1698.patch @@ -0,0 +1,42 @@ +diff -ur kdelibs-3.5.10/khtml/css/cssparser.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp +--- kdelibs-3.5.10/khtml/css/cssparser.cpp 2007-01-15 12:34:04.000000000 +0100 ++++ kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp 2009-07-26 05:46:39.000000000 +0200 +@@ -1344,6 +1344,14 @@ + if ( args->size() != 1) + return false; + Value *a = args->current(); ++ if (a->unit != CSSPrimitiveValue::CSS_IDENT) { ++ isValid=false; ++ break; ++ } ++ if (qString(a->string)[0] == '-') { ++ isValid=false; ++ break; ++ } + parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR); + } + else +@@ -1396,7 +1404,8 @@ + + CounterImpl *counter = new CounterImpl; + Value *i = args->current(); +-// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid; ++ if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid; ++ if (qString(i->string)[0] == '-') goto invalid; + counter->m_identifier = domString(i->string); + if (counters) { + i = args->next(); +diff -ur kdelibs-3.5.10/khtml/css/css_valueimpl.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp +--- kdelibs-3.5.10/khtml/css/css_valueimpl.cpp 2006-07-22 10:16:49.000000000 +0200 ++++ kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp 2009-07-26 05:45:36.000000000 +0200 +@@ -736,7 +736,9 @@ + text = getValueName(m_value.ident); + break; + case CSSPrimitiveValue::CSS_ATTR: +- // ### ++ text = "attr("; ++ text += DOMString( m_value.string ); ++ text += ")"; + break; + case CSSPrimitiveValue::CSS_COUNTER: + text = "counter("; diff --git a/kdelibs-3.5.10-cve-2009-1725.patch b/kdelibs-3.5.10-cve-2009-1725.patch new file mode 100644 index 0000000..ee8fdbc --- /dev/null +++ b/kdelibs-3.5.10-cve-2009-1725.patch @@ -0,0 +1,13 @@ +Index: khtml/html/htmltokenizer.cpp +=================================================================== +--- khtml/html/htmltokenizer.cpp (revision 1002163) ++++ khtml/html/htmltokenizer.cpp (revision 1002164) +@@ -736,7 +736,7 @@ + #ifdef TOKEN_DEBUG + kdDebug( 6036 ) << "unknown entity!" << endl; + #endif +- checkBuffer(10); ++ checkBuffer(11); + // ignore the sequence, add it to the buffer as plaintext + *dest++ = '&'; + for(unsigned int i = 0; i < cBufferPos; i++) diff --git a/kdelibs-3.5.10-cve-2009-2537-select-length.patch b/kdelibs-3.5.10-cve-2009-2537-select-length.patch new file mode 100644 index 0000000..5972b0a --- /dev/null +++ b/kdelibs-3.5.10-cve-2009-2537-select-length.patch @@ -0,0 +1,30 @@ +diff -ur kdelibs-3.5.10/khtml/ecma/kjs_html.cpp kdelibs-3.5.10-cve-2009-2537-select-length/khtml/ecma/kjs_html.cpp +--- kdelibs-3.5.10/khtml/ecma/kjs_html.cpp 2008-02-13 10:41:09.000000000 +0100 ++++ kdelibs-3.5.10-cve-2009-2537-select-length/khtml/ecma/kjs_html.cpp 2009-07-26 04:54:52.000000000 +0200 +@@ -62,6 +62,9 @@ + + #include + ++// CVE-2009-2537 (vendors agreed on max 10000 elements) ++#define MAX_SELECT_LENGTH 10000 ++ + namespace KJS { + + KJS_DEFINE_PROTOTYPE_WITH_PROTOTYPE(HTMLDocumentProto, DOMDocumentProto) +@@ -2550,8 +2553,14 @@ + case SelectValue: { select.setValue(str); return; } + case SelectLength: { // read-only according to the NS spec, but webpages need it writeable + Object coll = Object::dynamicCast( getSelectHTMLCollection(exec, select.options(), select) ); +- if ( coll.isValid() ) +- coll.put(exec,"length",value); ++ ++ if ( coll.isValid() ) { ++ if (value.toInteger(exec) >= MAX_SELECT_LENGTH) { ++ Object err = Error::create(exec, RangeError); ++ exec->setException(err); ++ } else ++ coll.put(exec, "length", value); ++ } + return; + } + // read-only: form diff --git a/kdelibs-3.5.10-gcc44.patch b/kdelibs-3.5.10-gcc44.patch new file mode 100644 index 0000000..9196c0a --- /dev/null +++ b/kdelibs-3.5.10-gcc44.patch @@ -0,0 +1,21 @@ +diff -up kdelibs-3.5.10/kioslave/ftp/ftp.cc.orig kdelibs-3.5.10/kioslave/ftp/ftp.cc +--- kdelibs-3.5.10/kioslave/ftp/ftp.cc.orig 2009-02-25 13:18:13.000000000 +0100 ++++ kdelibs-3.5.10/kioslave/ftp/ftp.cc 2009-02-25 13:34:13.000000000 +0100 +@@ -876,7 +876,7 @@ int Ftp::ftpOpenPASVDataConnection() + // The usual answer is '227 Entering Passive Mode. (160,39,200,55,6,245)' + // but anonftpd gives '227 =160,39,200,55,6,245' + int i[6]; +- char *start = strchr(ftpResponse(3), '('); ++ const char *start = strchr(ftpResponse(3), '('); + if ( !start ) + start = strchr(ftpResponse(3), '='); + if ( !start || +@@ -931,7 +931,7 @@ int Ftp::ftpOpenEPSVDataConnection() + return ERR_INTERNAL; + } + +- char *start = strchr(ftpResponse(3), '|'); ++ const char *start = strchr(ftpResponse(3), '|'); + if ( !start || sscanf(start, "|||%d|", &portnum) != 1) + return ERR_INTERNAL; + diff --git a/kdelibs-3.5.7-openssl.patch b/kdelibs-3.5.10-openssl.patch similarity index 71% rename from kdelibs-3.5.7-openssl.patch rename to kdelibs-3.5.10-openssl.patch index f44f096..399e8b7 100644 --- a/kdelibs-3.5.7-openssl.patch +++ b/kdelibs-3.5.10-openssl.patch @@ -1,10 +1,12 @@ -diff -up kdelibs-3.5.8/kio/kssl/kopenssl.cc.openssl kdelibs-3.5.8/kio/kssl/kopenssl.cc ---- kdelibs-3.5.8/kio/kssl/kopenssl.cc.openssl 2006-07-22 03:16:39.000000000 -0500 -+++ kdelibs-3.5.8/kio/kssl/kopenssl.cc 2007-12-04 08:13:44.000000000 -0600 -@@ -329,6 +329,17 @@ KConfig *cfg; +diff -up kdelibs-3.5.10/kio/kssl/kopenssl.cc.openssl kdelibs-3.5.10/kio/kssl/kopenssl.cc +--- kdelibs-3.5.10/kio/kssl/kopenssl.cc.openssl 2006-07-22 03:16:39.000000000 -0500 ++++ kdelibs-3.5.10/kio/kssl/kopenssl.cc 2009-04-19 16:34:14.000000000 -0500 +@@ -329,6 +329,19 @@ KConfig *cfg; #ifdef SHLIB_VERSION_NUMBER << "libssl.so." SHLIB_VERSION_NUMBER #endif ++ << "libssl.so.0.9.8k" ++ << "libssl.so.8" + << "libssl.so.0.9.8g" + << "libssl.so.7" + << "libssl.so.0.9.8b" @@ -19,10 +21,12 @@ diff -up kdelibs-3.5.8/kio/kssl/kopenssl.cc.openssl kdelibs-3.5.8/kio/kssl/kopen << "libssl.so" << "libssl.so.0" #endif -@@ -346,6 +357,17 @@ KConfig *cfg; +@@ -346,6 +359,19 @@ KConfig *cfg; #ifdef SHLIB_VERSION_NUMBER << "libcrypto.so." SHLIB_VERSION_NUMBER #endif ++ << "libcrypto.so.0.9.8k" ++ << "libcrypto.so.8" + << "libcrypto.so.0.9.8g" + << "libcrypto.so.7" + << "libcrypto.so.0.9.8b" diff --git a/kdelibs-3.5.4-CVE-2009-1687.patch b/kdelibs-3.5.4-CVE-2009-1687.patch new file mode 100644 index 0000000..6ffc463 --- /dev/null +++ b/kdelibs-3.5.4-CVE-2009-1687.patch @@ -0,0 +1,20 @@ +--- kdelibs-3.5.4/kjs/collector.cpp.CVE-2009-1687 2009-06-17 15:07:33.000000000 +0200 ++++ kdelibs-3.5.4/kjs/collector.cpp 2009-06-20 00:42:48.000000000 +0200 +@@ -23,6 +23,7 @@ + + #include "value.h" + #include "internal.h" ++#include + + #ifndef MAX + #define MAX(a,b) ((a) > (b) ? (a) : (b)) +@@ -119,6 +120,9 @@ + // didn't find one, need to allocate a new block + + if (heap.usedBlocks == heap.numBlocks) { ++ static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR; ++ if (heap.numBlocks > maxNumBlocks) ++ return 0L; + heap.numBlocks = MAX(MIN_ARRAY_SIZE, heap.numBlocks * GROWTH_FACTOR); + heap.blocks = (CollectorBlock **)realloc(heap.blocks, heap.numBlocks * sizeof(CollectorBlock *)); + } diff --git a/kdelibs-3.5.4-CVE-2009-1690.patch b/kdelibs-3.5.4-CVE-2009-1690.patch new file mode 100644 index 0000000..2972d0e --- /dev/null +++ b/kdelibs-3.5.4-CVE-2009-1690.patch @@ -0,0 +1,545 @@ +--- kdelibs-3.5.4/khtml/html/RefPtr.h.CVE-2009-1690 2009-06-17 14:19:00.000000000 +0200 ++++ kdelibs-3.5.4/khtml/html/RefPtr.h 2009-06-17 14:19:00.000000000 +0200 +@@ -0,0 +1,202 @@ ++// -*- mode: c++; c-basic-offset: 4 -*- ++/* ++ * Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved. ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Library General Public ++ * License as published by the Free Software Foundation; either ++ * version 2 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Library General Public License for more details. ++ * ++ * You should have received a copy of the GNU Library General Public License ++ * along with this library; see the file COPYING.LIB. If not, write to ++ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, ++ * Boston, MA 02110-1301, USA. ++ * ++ */ ++ ++#ifndef WTF_RefPtr_h ++#define WTF_RefPtr_h ++ ++#include ++#include "AlwaysInline.h" ++ ++namespace WTF { ++ ++ enum PlacementNewAdoptType { PlacementNewAdopt }; ++ ++ template class PassRefPtr; ++ ++ enum HashTableDeletedValueType { HashTableDeletedValue }; ++ ++ template class RefPtr { ++ public: ++ RefPtr() : m_ptr(0) { } ++ RefPtr(T* ptr) : m_ptr(ptr) { if (ptr) ptr->ref(); } ++ RefPtr(const RefPtr& o) : m_ptr(o.m_ptr) { if (T* ptr = m_ptr) ptr->ref(); } ++ // see comment in PassRefPtr.h for why this takes const reference ++ template RefPtr(const PassRefPtr&); ++ ++ // Special constructor for cases where we overwrite an object in place. ++ RefPtr(PlacementNewAdoptType) { } ++ ++ // Hash table deleted values, which are only constructed and never copied or destroyed. ++ RefPtr(HashTableDeletedValueType) : m_ptr(hashTableDeletedValue()) { } ++ bool isHashTableDeletedValue() const { return m_ptr == hashTableDeletedValue(); } ++ ++ ~RefPtr() { if (T* ptr = m_ptr) ptr->deref(); } ++ ++ template RefPtr(const RefPtr& o) : m_ptr(o.get()) { if (T* ptr = m_ptr) ptr->ref(); } ++ ++ T* get() const { return m_ptr; } ++ ++ void clear() { if (T* ptr = m_ptr) ptr->deref(); m_ptr = 0; } ++ PassRefPtr release() { PassRefPtr tmp = adoptRef(m_ptr); m_ptr = 0; return tmp; } ++ ++ T& operator*() const { return *m_ptr; } ++ ALWAYS_INLINE T* operator->() const { return m_ptr; } ++ ++ bool operator!() const { return !m_ptr; } ++ ++ // This conversion operator allows implicit conversion to bool but not to other integer types. ++ typedef T* RefPtr::*UnspecifiedBoolType; ++ operator UnspecifiedBoolType() const { return m_ptr ? &RefPtr::m_ptr : 0; } ++ ++ RefPtr& operator=(const RefPtr&); ++ RefPtr& operator=(T*); ++ RefPtr& operator=(const PassRefPtr&); ++ template RefPtr& operator=(const RefPtr&); ++ template RefPtr& operator=(const PassRefPtr&); ++ ++ void swap(RefPtr&); ++ ++ private: ++ static T* hashTableDeletedValue() { return reinterpret_cast(-1); } ++ ++ T* m_ptr; ++ }; ++ ++ template template inline RefPtr::RefPtr(const PassRefPtr& o) ++ : m_ptr(o.releaseRef()) ++ { ++ } ++ ++ template inline RefPtr& RefPtr::operator=(const RefPtr& o) ++ { ++ T* optr = o.get(); ++ if (optr) ++ optr->ref(); ++ T* ptr = m_ptr; ++ m_ptr = optr; ++ if (ptr) ++ ptr->deref(); ++ return *this; ++ } ++ ++ template template inline RefPtr& RefPtr::operator=(const RefPtr& o) ++ { ++ T* optr = o.get(); ++ if (optr) ++ optr->ref(); ++ T* ptr = m_ptr; ++ m_ptr = optr; ++ if (ptr) ++ ptr->deref(); ++ return *this; ++ } ++ ++ template inline RefPtr& RefPtr::operator=(T* optr) ++ { ++ if (optr) ++ optr->ref(); ++ T* ptr = m_ptr; ++ m_ptr = optr; ++ if (ptr) ++ ptr->deref(); ++ return *this; ++ } ++ ++ template inline RefPtr& RefPtr::operator=(const PassRefPtr& o) ++ { ++ T* ptr = m_ptr; ++ m_ptr = o.releaseRef(); ++ if (ptr) ++ ptr->deref(); ++ return *this; ++ } ++ ++ template template inline RefPtr& RefPtr::operator=(const PassRefPtr& o) ++ { ++ T* ptr = m_ptr; ++ m_ptr = o.releaseRef(); ++ if (ptr) ++ ptr->deref(); ++ return *this; ++ } ++ ++ template inline void RefPtr::swap(RefPtr& o) ++ { ++ std::swap(m_ptr, o.m_ptr); ++ } ++ ++ template inline void swap(RefPtr& a, RefPtr& b) ++ { ++ a.swap(b); ++ } ++ ++ template inline bool operator==(const RefPtr& a, const RefPtr& b) ++ { ++ return a.get() == b.get(); ++ } ++ ++ template inline bool operator==(const RefPtr& a, U* b) ++ { ++ return a.get() == b; ++ } ++ ++ template inline bool operator==(T* a, const RefPtr& b) ++ { ++ return a == b.get(); ++ } ++ ++ template inline bool operator!=(const RefPtr& a, const RefPtr& b) ++ { ++ return a.get() != b.get(); ++ } ++ ++ template inline bool operator!=(const RefPtr& a, U* b) ++ { ++ return a.get() != b; ++ } ++ ++ template inline bool operator!=(T* a, const RefPtr& b) ++ { ++ return a != b.get(); ++ } ++ ++ template inline RefPtr static_pointer_cast(const RefPtr& p) ++ { ++ return RefPtr(static_cast(p.get())); ++ } ++ ++ template inline RefPtr const_pointer_cast(const RefPtr& p) ++ { ++ return RefPtr(const_cast(p.get())); ++ } ++ ++ template inline T* getPtr(const RefPtr& p) ++ { ++ return p.get(); ++ } ++ ++} // namespace WTF ++ ++using WTF::RefPtr; ++using WTF::static_pointer_cast; ++using WTF::const_pointer_cast; ++ ++#endif // WTF_RefPtr_h +--- kdelibs-3.5.4/khtml/html/htmlparser.cpp.CVE-2009-1690 2006-07-22 10:16:43.000000000 +0200 ++++ kdelibs-3.5.4/khtml/html/htmlparser.cpp 2009-06-17 11:51:15.000000000 +0200 +@@ -199,7 +199,6 @@ + + form = 0; + map = 0; +- head = 0; + end = false; + isindex = 0; + +@@ -616,8 +615,7 @@ + case ID_BASE: + if(!head) { + head = new HTMLHeadElementImpl(document); +- e = head; +- insertNode(e); ++ insertNode(head.get()); + handled = true; + } + break; +@@ -839,7 +837,7 @@ + case ID_HEAD: + if(!head && current->id() == ID_HTML) { + head = new HTMLHeadElementImpl(document); +- n = head; ++ n = head.get(); + } + break; + case ID_BODY: +@@ -1679,12 +1677,12 @@ + head = new HTMLHeadElementImpl(document); + HTMLElementImpl *body = doc()->body(); + int exceptioncode = 0; +- doc()->firstChild()->insertBefore(head, body, exceptioncode); ++ doc()->firstChild()->insertBefore(head.get(), body, exceptioncode); + if ( exceptioncode ) { + #ifdef PARSER_DEBUG + kdDebug( 6035 ) << "creation of head failed!!!!" << endl; + #endif +- delete head; ++ delete head.get(); + head = 0; + } + } +--- kdelibs-3.5.4/khtml/html/Platform.h.CVE-2009-1690 2009-06-17 14:19:07.000000000 +0200 ++++ kdelibs-3.5.4/khtml/html/Platform.h 2009-06-17 14:19:07.000000000 +0200 +@@ -0,0 +1,218 @@ ++/* -*- mode: c++; c-basic-offset: 4 -*- */ ++/* ++ * Copyright (C) 2006 Apple Computer, Inc. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY ++ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR ++ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, ++ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, ++ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR ++ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY ++ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#ifndef WTF_Platform_h ++#define WTF_Platform_h ++ ++/* Force KDE build here in our tree... */ ++#ifndef BUILDING_KDE__ ++#define BUILDING_KDE__ 1 ++#endif ++ ++/* PLATFORM handles OS, operating environment, graphics API, and CPU */ ++#define PLATFORM(WTF_FEATURE) (defined( WTF_PLATFORM_##WTF_FEATURE ) && WTF_PLATFORM_##WTF_FEATURE) ++#define COMPILER(WTF_FEATURE) (defined( WTF_COMPILER_##WTF_FEATURE ) && WTF_COMPILER_##WTF_FEATURE) ++#define HAVE(WTF_FEATURE) (defined( HAVE_##WTF_FEATURE ) && HAVE_##WTF_FEATURE) ++#define USE(WTF_FEATURE) (defined( WTF_USE_##WTF_FEATURE ) && WTF_USE_##WTF_FEATURE) ++#define ENABLE(WTF_FEATURE) (defined( ENABLE_##WTF_FEATURE ) && ENABLE_##WTF_FEATURE) ++ ++/* Operating systems - low-level dependencies */ ++ ++/* PLATFORM(DARWIN) */ ++/* Operating system level dependencies for Mac OS X / Darwin that should */ ++/* be used regardless of operating environment */ ++#ifdef __APPLE__ ++#define WTF_PLATFORM_DARWIN 1 ++#endif ++ ++/* PLATFORM(WIN_OS) */ ++/* Operating system level dependencies for Windows that should be used */ ++/* regardless of operating environment */ ++#if defined(WIN32) || defined(_WIN32) ++#define WTF_PLATFORM_WIN_OS 1 ++#endif ++ ++/* PLATFORM(UNIX) */ ++/* Operating system level dependencies for Unix-like systems that */ ++/* should be used regardless of operating environment */ ++/* (includes PLATFORM(DARWIN)) */ ++#if defined(__APPLE__) \ ++ || defined(unix) \ ++ || defined(__unix) \ ++ || defined(__unix__) \ ++ || defined (__NetBSD__) \ ++ || defined(_AIX) ++#define WTF_PLATFORM_UNIX 1 ++#endif ++ ++/* PLATFORM(SOLARIS_OS) */ ++/* Operating system level dependencies for Sun (Open)Solaris 10. */ ++/* Studio 12 on Solaris defines __SunOS; gcc defines __sun__; */ ++/* Both compilers define __sun and sun. */ ++#if defined(__sun) || defined(sun) ++#define WTF_PLATFORM_SOLARIS_OS 1 ++#endif ++ ++/* Operating environments */ ++ ++/* I made the BUILDING_KDE__ macro up for the KDE build system to define */ ++ ++/* PLATFORM(KDE) */ ++/* PLATFORM(MAC) */ ++/* PLATFORM(WIN) */ ++#if BUILDING_KDE__ ++#define WTF_PLATFORM_KDE 1 ++#elif PLATFORM(DARWIN) ++#define WTF_PLATFORM_MAC 1 ++#elif PLATFORM(WIN_OS) ++#define WTF_PLATFORM_WIN 1 ++#endif ++#if defined(BUILDING_GDK__) ++#define WTF_PLATFORM_GDK 1 ++#endif ++ ++ ++/* CPU */ ++ ++/* PLATFORM(PPC) */ ++#if defined(__ppc__) \ ++ || defined(__PPC__) \ ++ || defined(__powerpc__) \ ++ || defined(__powerpc) \ ++ || defined(__POWERPC__) \ ++ || defined(_M_PPC) \ ++ || defined(__PPC) ++#define WTF_PLATFORM_PPC 1 ++#define WTF_PLATFORM_BIG_ENDIAN 1 ++#endif ++ ++/* PLATFORM(PPC64) */ ++#if defined(__ppc64__) \ ++ || defined(__PPC64__) ++#define WTF_PLATFORM_PPC64 1 ++#define WTF_PLATFORM_BIG_ENDIAN 1 ++#endif ++ ++#if defined(arm) ++#define WTF_PLATFORM_ARM 1 ++#if defined(__ARMEB__) ++#define WTF_PLATFORM_BIG_ENDIAN 1 ++#elif !defined(__ARM_EABI__) && !defined(__ARMEB__) ++#define WTF_PLATFORM_MIDDLE_ENDIAN 1 ++#endif ++#if !defined(__ARM_EABI__) ++#define WTF_PLATFORM_FORCE_PACK 1 ++#endif ++#endif ++ ++/* PLATFORM(X86) */ ++#if defined(__i386__) \ ++ || defined(i386) \ ++ || defined(_M_IX86) \ ++ || defined(_X86_) \ ++ || defined(__THW_INTEL) ++#define WTF_PLATFORM_X86 1 ++#endif ++ ++/* PLATFORM(X86_64) */ ++#if defined(__x86_64__) \ ++ || defined(__ia64__) ++#define WTF_PLATFORM_X86_64 1 ++#endif ++ ++/* PLATFORM(SPARC) */ ++#if defined(sparc) ++#define WTF_PLATFORM_SPARC 1 ++#endif ++ ++/* Compiler */ ++ ++/* COMPILER(CWP) */ ++#if defined(__MWERKS__) ++#define WTF_COMPILER_CWP 1 ++#endif ++ ++/* COMPILER(MSVC) */ ++#if defined(_MSC_VER) ++#define WTF_COMPILER_MSVC 1 ++#endif ++ ++/* COMPILER(GCC) */ ++#if defined(__GNUC__) ++#define WTF_COMPILER_GCC 1 ++#endif ++ ++/* COMPILER(SUNPRO) */ ++#if defined(__SUNPRO_CC) ++#define WTF_COMPILER_SUNPRO 1 ++#endif ++ ++/* COMPILER(BORLAND) */ ++/* not really fully supported - is this relevant any more? */ ++#if defined(__BORLANDC__) ++#define WTF_COMPILER_BORLAND 1 ++#endif ++ ++/* COMPILER(CYGWIN) */ ++/* not really fully supported - is this relevant any more? */ ++#if defined(__CYGWIN__) ++#define WTF_COMPILER_CYGWIN 1 ++#endif ++ ++/* multiple threads only supported on Mac for now */ ++#if PLATFORM(MAC) ++#ifndef WTF_USE_MULTIPLE_THREADS ++#define WTF_USE_MULTIPLE_THREADS 1 ++#endif ++#ifndef WTF_USE_BINDINGS ++#define WTF_USE_BINDINGS 1 ++#endif ++#endif ++ ++/* for Unicode, KDE uses Qt, everything else uses ICU */ ++#if PLATFORM(KDE) || PLATFORM(QT) ++#define WTF_USE_QT4_UNICODE 1 ++#elif PLATFORM(SYMBIAN) ++#define WTF_USE_SYMBIAN_UNICODE 1 ++#else ++#define WTF_USE_ICU_UNICODE 1 ++#endif ++ ++#if PLATFORM(MAC) ++#define WTF_PLATFORM_CF 1 ++#endif ++ ++#if PLATFORM(WIN) ++#define WTF_USE_WININET 1 ++#endif ++ ++#if PLATFORM(GDK) ++#define WTF_USE_CURL 1 ++#endif ++ ++/* ENABLE macro defaults */ ++ ++#endif /* WTF_Platform_h */ +--- kdelibs-3.5.4/khtml/html/AlwaysInline.h.CVE-2009-1690 2009-06-17 14:18:52.000000000 +0200 ++++ kdelibs-3.5.4/khtml/html/AlwaysInline.h 2009-06-17 13:56:36.000000000 +0200 +@@ -0,0 +1,49 @@ ++/* ++ * Copyright (C) 2005, 2007 Apple Inc. All rights reserved. ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Library General Public ++ * License as published by the Free Software Foundation; either ++ * version 2 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Library General Public License for more details. ++ * ++ * You should have received a copy of the GNU Library General Public License ++ * along with this library; see the file COPYING.LIB. If not, write to ++ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, ++ * Boston, MA 02110-1301, USA. ++ * ++ */ ++ ++#include "html/Platform.h" ++ ++ ++#ifndef ALWAYS_INLINE ++#if COMPILER(GCC) && defined(NDEBUG) && __GNUC__ > 3 ++#define ALWAYS_INLINE inline __attribute__ ((__always_inline__)) ++#elif COMPILER(MSVC) && defined(NDEBUG) ++#define ALWAYS_INLINE __forceinline ++#else ++#define ALWAYS_INLINE inline ++#endif ++#endif ++ ++#ifndef ALWAYS_INLINE_INTO ++#if COMPILER(GCC) && defined(NDEBUG) && ((__GNUC__ == 4 && __GNUC_MINOR__ >= 1) || __GNUC__ > 4) ++#define ALWAYS_INLINE_INTO __attribute__ ((__flatten__)) ++#else ++#define ALWAYS_INLINE_INTO ++#endif ++#endif ++ ++ ++#ifndef NEVER_INLINE ++#if COMPILER(GCC) && __GNUC__ > 3 ++#define NEVER_INLINE __attribute__ ((__noinline__)) ++#else ++#define NEVER_INLINE ++#endif ++#endif +--- kdelibs-3.5.4/khtml/html/htmlparser.h.CVE-2009-1690 2005-10-10 17:06:04.000000000 +0200 ++++ kdelibs-3.5.4/khtml/html/htmlparser.h 2009-06-17 14:42:27.000000000 +0200 +@@ -38,10 +38,10 @@ + #include + #endif + +- + #include "dom/dom_string.h" + #include "xml/dom_nodeimpl.h" + #include "html/html_documentimpl.h" ++#include "html/RefPtr.h" + + class KHTMLView; + class HTMLStackElem; +@@ -148,7 +148,7 @@ + /* + * the head element. Needed for crappy html which defines after + */ +- DOM::HTMLHeadElementImpl *head; ++ RefPtr head; + + /* + * a possible element in the head. Compatibility hack for diff --git a/kdelibs3.spec b/kdelibs3.spec index 9adc4df..4dd736e 100644 --- a/kdelibs3.spec +++ b/kdelibs3.spec @@ -36,14 +36,12 @@ Summary: K Desktop Environment 3 - Libraries Version: 3.5.10 -Release: 3%{?dist} +Release: 13%{?dist} %if 0%{?fedora} > 8 Name: kdelibs3 Obsoletes: kdelibs < 6:%{version}-%{release} Provides: kdelibs = 6:%{version}-%{release} -# define to enable kdeui symlink hack -- Rex -#define kdeui_symlink 1 %else Name: kdelibs Epoch: 6 @@ -64,7 +62,7 @@ Source3: devices.protocol Patch1: kdelibs-3.5.1-xdg-menu.patch Patch2: kdelibs-3.0.0-ndebug.patch Patch4: kdelibs-3.0.4-ksyscoca.patch -Patch5: kdelibs-3.5.7-openssl.patch +Patch5: kdelibs-3.5.10-openssl.patch Patch15: kdelibs-3.4.91-buildroot.patch Patch32: kdelibs-3.2.3-cups.patch Patch33: kdelibs-3.3.2-ppc.patch @@ -97,8 +95,19 @@ Patch100: kdelibs-3.5.5-kstandarddirs.patch Patch101: kde-3.5-libtool-shlibext.patch # kget ignores simultaneous download limit (kde #101956) Patch103: kdelibs-3.5.0-101956.patch +Patch104: kdelibs-3.5.10-gcc44.patch -## upstream patches +## security fixes +# fix CVE-2009-2537 - select length DoS +Patch200: kdelibs-3.5.10-cve-2009-2537-select-length.patch +# fix CVE-2009-1725 - crash, possible ACE in numeric character references +Patch201: kdelibs-3.5.10-cve-2009-1725.patch +# fix CVE-2009-1690 - crash, possible ACE in KHTML ( use-after-free) +Patch202: kdelibs-3.5.4-CVE-2009-1687.patch +# fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?) +Patch203: kdelibs-3.5.4-CVE-2009-1690.patch +# fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling +Patch204: kdelibs-3.5.10-cve-2009-1698.patch #{?arts:Requires: arts >= %{arts_ev}} #Requires: %{qt3} >= %{qt3_ev} @@ -128,11 +137,6 @@ Requires(pre): coreutils Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig -%if 0%{?kdeui_symlink} -# for %_kde4_* macros -BuildRequires: kde4-macros(api) -%{?_kde4_macros_api:Requires: kde4-macros(api) = %{_kde4_macros_api} } -%endif BuildRequires: gettext BuildRequires: pcre-devel BuildRequires: cups-devel cups @@ -214,7 +218,7 @@ Provides: kdelibs3-devel = %{version}-%{release} Obsoletes: kdelibs-devel < 6:%{version}-%{release} Provides: kdelibs-devel = 6:%{version}-%{release} %endif -Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release} +Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} Requires: %{qt3}-devel Requires: openssl-devel %{?arts:Requires: arts-devel} @@ -233,6 +237,9 @@ Provides: kdelibs3-apidocs = %{version}-%{release} Obsoletes: kdelibs-apidocs < 6:%{version}-%{release} Provides: kdelibs-apidocs = 6:%{version}-%{release} %endif +%if 0%{?fedora} > 9 +BuildArch: noarch +%endif %description apidocs This package includes the KDE 3 API documentation in HTML @@ -274,13 +281,21 @@ format for easy browsing %patch100 -p1 -b .kstandarddirs %patch101 -p1 -b .libtool-shlibext +%patch104 -p1 -b .gcc44 -# upstream patches +# security fixes +%patch200 -p1 -b .cve-2009-2537 +%patch201 -p0 -b .cve-2009-1725 +%patch202 -p1 -b .cve-2009-1687 +%patch203 -p1 -b .cve-2009-1690 +%patch204 -p1 -b .cve-2009-1698 sed -i -e "s,^#define KDE_VERSION_STRING .*,#define KDE_VERSION_STRING \"%{version}-%{release} %{distname}\"," kdecore/kdeversion.h %if %{make_cvs} - make -f admin/Makefile.common cvs +# hack/fix for newer automake + sed -iautomake -e 's|automake\*1.10\*|automake\*1.1[0-5]\*|' admin/cvs.sh + make -f admin/Makefile.common cvs %endif @@ -332,18 +347,21 @@ export DO_NOT_COMPILE="libkscreensaver" --with-openexr \ --with-xinerama -make %{?_smp_mflags} - %if 0%{?apidocs} + doxygen -s -u admin/Doxyfile.global make %{?_smp_mflags} apidox %endif +make %{?_smp_mflags} %install rm -rf %{buildroot} make DESTDIR=%{buildroot} install +# create/own, see http://bugzilla.redhat.com/483318 +mkdir -p %{buildroot}%{_libdir}/kconf_update_bin + chmod a+x %{buildroot}%{_libdir}/* install -p -m 644 %{SOURCE3} %{buildroot}%{_datadir}/services/devices.protocol @@ -456,15 +474,16 @@ rm -f %{buildroot}%{_docdir}/HTML/en/common/xml.dcl rm -rf %{buildroot}%{_datadir}/locale/all_languages rm -rf %{buildroot}%{_sysconfdir}/xdg/menus/ rm -rf %{buildroot}%{_datadir}/autostart/ +rm -r %{buildroot}%{_datadir}/config/colors/40.colors +rm -f %{buildroot}%{_datadir}/config/colors/Rainbow.colors +rm -f %{buildroot}%{_datadir}/config/colors/Royal.colors +rm -f %{buildroot}%{_datadir}/config/colors/Web.colors +rm -f %{buildroot}%{_datadir}/config/ksslcalist +rm -f %{buildroot}%{_bindir}/preparetips + # don't show kresources sed -i -e "s,^OnlyShowIn=KDE;,OnlyShowIn=KDE3;," %{buildroot}%{_datadir}/applications/kde/kresources.desktop -%if 0%{?kdeui_symlink} -# kdeui for kde3, kinda workaround http://bugs.kde.org/157850 -# and save space by sharing -rm -rf %{buildroot}%{_datadir}/apps/kdeui/ -ln -s %{_kde4_appsdir}/kdeui %{buildroot}%{_datadir}/apps/kdeui -%endif %endif %if 0%{?include_crystalsvg} == 0 @@ -495,13 +514,6 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || : %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/crystalsvg 2> /dev/null || : %endif %{_bindir}/update-desktop-database > /dev/null 2>&1 || : -%if 0%{?kdeui_symlink} -rm -rf %{_datadir}/apps/kdeui.rpm_remove ||: - -%pre -test -d %{_datadir}/apps/kdeui -a ! -L %{_datadir}/apps/kdeui && \ - mv %{_datadir}/apps/kdeui %{_datadir}/apps/kdeui.rpm_remove ||: -%endif %postun /sbin/ldconfig @@ -568,19 +580,17 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || : %{_bindir}/make_driver_db_cups %{_bindir}/make_driver_db_lpr %{_bindir}/meinproc -%{_bindir}/preparetips %{_bindir}/start_kdeinit %{_bindir}/start_kdeinit_wrapper %attr(4755,root,root) %{_bindir}/kgrantpty %{_libdir}/lib*.so.* %{_libdir}/libkdeinit_*.so %{_libdir}/lib*.la +%{_libdir}/kconf_update_bin/ %{_libdir}/kde3/ %{_datadir}/applications/kde/*.desktop %{_datadir}/apps/* %exclude %{_datadir}/apps/ksgmltools2/ -%exclude %{_datadir}/apps/kdewidgets/ -%exclude %{_libdir}/kde3/plugins/designer/kdewidgets.* %config(noreplace) %{_datadir}/config/* %{_datadir}/emoticons/* %{_datadir}/icons/default.kde @@ -610,13 +620,11 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || : %{_bindir}/checkXML %{_bindir}/ksvgtopng %{_bindir}/kunittestmodrunner +%{_bindir}/preparetips %endif %{_bindir}/dcopidl* %{_bindir}/kconfig_compiler %{_bindir}/makekdewidgets -%{_datadir}/apps/kdewidgets/ -%dir %{_libdir}/kde3/plugins/designer -%{_libdir}/kde3/plugins/designer/kdewidgets.* %{_datadir}/apps/ksgmltools2/ %{_includedir}/kde/ %{_libdir}/lib*.so @@ -632,6 +640,47 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || : %changelog +* Sun Jul 26 2009 Kevin Kofler - 3.5.10-13 +- fix CVE-2009-2537 - select length DoS +- fix CVE-2009-1725 - crash, possible ACE in numeric character references +- fix CVE-2009-1690 - crash, possible ACE in KHTML ( use-after-free) +- fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?) +- fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling + +* Fri Jul 24 2009 Fedora Release Engineering - 3.5.10-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Sat Jul 18 2009 Rex Dieter - 3.5.10-12 +- FTBFS kdelibs3-3.5.10-11.fc11 (#511571) +- -devel: Requires: %%{name}%%_isa ... + +* Sun Apr 19 2009 Rex Dieter - 3.5.10-11 +- update openssl patch (for 0.9.8k) + +* Thu Apr 16 2009 Rex Dieter - 3.5.10-10 +- move designer plugins to runtime (#487622) +- make -apidocs noarch + +* Mon Mar 02 2009 Than Ngo - 3.5.10-9 +- enable -apidocs + +* Fri Feb 27 2009 Rex Dieter - 3.5.10-8 +- disable -apidocs (f11+, #487719) +- cleanup unused kdeui_symlink hack baggage + +* Wed Feb 25 2009 Than Ngo - 3.5.10-7 +- fix files conflicts with 4.2.x +- fix build issue with gcc-4.4 + +* Wed Feb 25 2009 Fedora Release Engineering - 3.5.10-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sat Jan 31 2009 Rex Dieter - 6:3.5.10-5 +- unowned dirs (#483318) + +* Sat Jan 10 2009 Ville Skyttä - 6:3.5.10-4 +- Slight speedup to profile.d/kde.sh (#465370). + * Mon Dec 15 2008 Kevin Kofler 3.5.10-3 - update the KatePart latex.xml syntax definition to the version from Kile 2.0.3