dist-git conversion

#2781)

Makefile

@@ -1,21 +0,0 @@
-# Makefile for source rpm: kdelibs3
-# $Id$
-NAME := kdelibs3
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attept a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)

kde.sh

@@ -5,8 +5,7 @@
 [ -z "$KDEDIRS" ] && KDEDIRS="/usr" && export KDEDIRS
 
 ## When/if using prelinking, avoids (some) use of kdeinit
-if [ -f /etc/sysconfig/prelink ]; then
-  if [ `grep '^PRELINKING=yes' /etc/sysconfig/prelink` ] ; then
-    [ -z "$KDE_IS_PRELINKED" ] && KDE_IS_PRELINKED=1 && export KDE_IS_PRELINKED
-  fi
+if [ -z "$KDE_IS_PRELINKED" ] ; then
+  grep -qs '^PRELINKING=yes' /etc/sysconfig/prelink && \
+  KDE_IS_PRELINKED=1 && export KDE_IS_PRELINKED
 fi

kdelibs-3.5.10-CVE-2009-2702.patch

@@ -0,0 +1,62 @@
+diff -pruN kdelibs-3.5.4.orig/kio/kssl/kopenssl.cc kdelibs-3.5.4/kio/kssl/kopenssl.cc
+--- kdelibs-3.5.4.orig/kio/kssl/kopenssl.cc	2009-08-31 20:50:12.000000000 +0200
++++ kdelibs-3.5.4/kio/kssl/kopenssl.cc	2009-08-31 21:46:47.000000000 +0200
+@@ -196,6 +196,7 @@ static int (*K_X509_NAME_add_entry_by_tx
+ static X509_NAME *(*K_X509_NAME_new)() = 0L;
+ static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L;
+ static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L;
++static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L;
+ static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L;
+ 
+ #endif
+@@ -498,6 +499,7 @@ KConfig *cfg;
+       K_X509_NAME_new = (X509_NAME *(*)()) _cryptoLib->symbol("X509_NAME_new");
+       K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) _cryptoLib->symbol("X509_REQ_set_subject_name");
+       K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) _cryptoLib->symbol("ASN1_STRING_data");
++      K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) _cryptoLib->symbol("ASN1_STRING_length");
+ #endif
+    }
+ 
+@@ -1549,6 +1551,13 @@ unsigned char *KOpenSSLProxy::ASN1_STRIN
+    return 0L;
+ }
+ 
++
++int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) {
++   if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x);
++   return 0L;
++}
++
++
+ STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) {
+   if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl);
+   return 0L;
+diff -pruN kdelibs-3.5.4.orig/kio/kssl/kopenssl.h kdelibs-3.5.4/kio/kssl/kopenssl.h
+--- kdelibs-3.5.4.orig/kio/kssl/kopenssl.h	2006-07-22 10:16:39.000000000 +0200
++++ kdelibs-3.5.4/kio/kssl/kopenssl.h	2009-08-31 21:46:47.000000000 +0200
+@@ -622,6 +622,11 @@ public:
+    unsigned char *ASN1_STRING_data(ASN1_STRING *x);
+ 
+    /*
++    *  ASN1_STRING_length
++    */
++   int ASN1_STRING_length(ASN1_STRING *x);
++
++   /*
+     *  
+     */
+    int OBJ_obj2nid(ASN1_OBJECT *o);
+diff -pruN kdelibs-3.5.4.orig/kio/kssl/ksslcertificate.cc kdelibs-3.5.4/kio/kssl/ksslcertificate.cc
+--- kdelibs-3.5.4.orig/kio/kssl/ksslcertificate.cc	2006-01-19 18:06:12.000000000 +0100
++++ kdelibs-3.5.4/kio/kssl/ksslcertificate.cc	2009-08-31 21:54:38.000000000 +0200
+@@ -1099,7 +1099,9 @@ QStringList KSSLCertificate::subjAltName
+ 		}
+ 
+ 		QString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5);
+-		if (!s.isEmpty()) {
++		if (!s.isEmpty()  &&
++				/* skip subjectAltNames with embedded NULs */
++				s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) {
+ 			rc += s;
+ 		}
+ 	}

kdelibs-3.5.10-cve-2009-1698.patch

@@ -0,0 +1,42 @@
+diff -ur kdelibs-3.5.10/khtml/css/cssparser.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp
+--- kdelibs-3.5.10/khtml/css/cssparser.cpp	2007-01-15 12:34:04.000000000 +0100
++++ kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp	2009-07-26 05:46:39.000000000 +0200
+@@ -1344,6 +1344,14 @@
+                 if ( args->size() != 1)
+                     return false;
+                 Value *a = args->current();
++                if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
++                    isValid=false;
++                    break;
++                }
++                if (qString(a->string)[0] == '-') {
++                    isValid=false;
++                    break;
++                }
+                 parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
+             }
+             else
+@@ -1396,7 +1404,8 @@
+ 
+     CounterImpl *counter = new CounterImpl;
+     Value *i = args->current();
+-//    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
++    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
++    if (qString(i->string)[0] == '-') goto invalid;
+     counter->m_identifier = domString(i->string);
+     if (counters) {
+         i = args->next();
+diff -ur kdelibs-3.5.10/khtml/css/css_valueimpl.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp
+--- kdelibs-3.5.10/khtml/css/css_valueimpl.cpp	2006-07-22 10:16:49.000000000 +0200
++++ kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp	2009-07-26 05:45:36.000000000 +0200
+@@ -736,7 +736,9 @@
+ 	    text = getValueName(m_value.ident);
+ 	    break;
+ 	case CSSPrimitiveValue::CSS_ATTR:
+-	    // ###
++            text = "attr(";
++            text += DOMString( m_value.string );
++            text += ")";
+ 	    break;
+ 	case CSSPrimitiveValue::CSS_COUNTER:
+             text = "counter(";

kdelibs-3.5.10-cve-2009-1725.patch

@@ -0,0 +1,13 @@
+Index: khtml/html/htmltokenizer.cpp
+===================================================================
+--- khtml/html/htmltokenizer.cpp	(revision 1002163)
++++ khtml/html/htmltokenizer.cpp	(revision 1002164)
+@@ -736,7 +736,7 @@
+ #ifdef TOKEN_DEBUG
+                 kdDebug( 6036 ) << "unknown entity!" << endl;
+ #endif
+-                checkBuffer(10);
++                checkBuffer(11);
+                 // ignore the sequence, add it to the buffer as plaintext
+                 *dest++ = '&';
+                 for(unsigned int i = 0; i < cBufferPos; i++)

kdelibs-3.5.10-cve-2009-2537-select-length.patch

@@ -0,0 +1,30 @@
+diff -ur kdelibs-3.5.10/khtml/ecma/kjs_html.cpp kdelibs-3.5.10-cve-2009-2537-select-length/khtml/ecma/kjs_html.cpp
+--- kdelibs-3.5.10/khtml/ecma/kjs_html.cpp	2008-02-13 10:41:09.000000000 +0100
++++ kdelibs-3.5.10-cve-2009-2537-select-length/khtml/ecma/kjs_html.cpp	2009-07-26 04:54:52.000000000 +0200
+@@ -62,6 +62,9 @@
+ 
+ #include <kdebug.h>
+ 
++// CVE-2009-2537 (vendors agreed on max 10000 elements)
++#define MAX_SELECT_LENGTH 10000
++
+ namespace KJS {
+ 
+ KJS_DEFINE_PROTOTYPE_WITH_PROTOTYPE(HTMLDocumentProto, DOMDocumentProto)
+@@ -2550,8 +2553,14 @@
+       case SelectValue:           { select.setValue(str); return; }
+       case SelectLength:          { // read-only according to the NS spec, but webpages need it writeable
+                                          Object coll = Object::dynamicCast( getSelectHTMLCollection(exec, select.options(), select) );
+-                                         if ( coll.isValid() )
+-                                           coll.put(exec,"length",value);
++
++                                         if ( coll.isValid() ) {
++                                           if (value.toInteger(exec) >= MAX_SELECT_LENGTH) {
++                                             Object err = Error::create(exec, RangeError);
++                                             exec->setException(err);
++                                           } else
++                                             coll.put(exec, "length", value);
++                                         }
+                                          return;
+                                        }
+       // read-only: form

kdelibs-3.5.10-gcc44.patch

@@ -0,0 +1,21 @@
+diff -up kdelibs-3.5.10/kioslave/ftp/ftp.cc.orig kdelibs-3.5.10/kioslave/ftp/ftp.cc
+--- kdelibs-3.5.10/kioslave/ftp/ftp.cc.orig	2009-02-25 13:18:13.000000000 +0100
++++ kdelibs-3.5.10/kioslave/ftp/ftp.cc	2009-02-25 13:34:13.000000000 +0100
+@@ -876,7 +876,7 @@ int Ftp::ftpOpenPASVDataConnection()
+   // The usual answer is '227 Entering Passive Mode. (160,39,200,55,6,245)'
+   // but anonftpd gives '227 =160,39,200,55,6,245'
+   int i[6];
+-  char *start = strchr(ftpResponse(3), '(');
++  const char *start = strchr(ftpResponse(3), '(');
+   if ( !start )
+     start = strchr(ftpResponse(3), '=');
+   if ( !start ||
+@@ -931,7 +931,7 @@ int Ftp::ftpOpenEPSVDataConnection()
+     return ERR_INTERNAL;
+   }
+ 
+-  char *start = strchr(ftpResponse(3), '|');
++  const char *start = strchr(ftpResponse(3), '|');
+   if ( !start || sscanf(start, "|||%d|", &portnum) != 1)
+     return ERR_INTERNAL;
+ 

kdelibs-3.5.10-latex-syntax-kile-2.0.3.patch

@@ -0,0 +1,143 @@
+diff -ur kdelibs-3.5.10/kate/data/latex.xml kdelibs-3.5.10-latex-syntax-kile-2.0.3/kate/data/latex.xml
+--- kdelibs-3.5.10/kate/data/latex.xml	2007-05-14 09:52:27.000000000 +0200
++++ kdelibs-3.5.10-latex-syntax-kile-2.0.3/kate/data/latex.xml	2008-12-05 14:08:28.000000000 +0100
+@@ -1,16 +1,18 @@
+ <?xml version="1.01" encoding="UTF-8"?>
+ <!DOCTYPE language SYSTEM "language.dtd">
+-<language name="LaTeX" version="1.25" section="Markup" kateversion="2.3" extensions="*.tex; *.ltx; *.dtx; *.sty; *.cls;" mimetype="text/x-tex" casesensitive="1" author="Jeroen Wijnhout (Jeroen.Wijnhout@kdemail.net)+Holger Danielsson (holger.danielsson@versanet.de)+Michel Ludwig (michel.ludwig@kdemail.net)" license="LGPL" >
++<language name="LaTeX" version="1.29" section="Markup" kateversion="2.3" extensions="*.tex; *.ltx; *.dtx; *.sty; *.cls;" mimetype="text/x-tex" casesensitive="1" author="Jeroen Wijnhout (Jeroen.Wijnhout@kdemail.net)+Holger Danielsson (holger.danielsson@versanet.de)+Michel Ludwig (michel.ludwig@kdemail.net)+Thomas Braun (braun@physik.fu-berlin.de)" license="LGPL" >
+   <highlighting>
+     <contexts>
+       <!-- Normal text -->
+       <context name="Normal Text" attribute="Normal Text" lineEndContext="#stay">
+         <RegExpr String="\\begin(?=[^a-zA-Z])" attribute="Structure" context="FindEnvironment" beginRegion="block" />
+         <RegExpr String="\\end(?=[^a-zA-Z])" attribute="Structure" context="FindEnvironment" endRegion="block" />
+-        <RegExpr String="\\(label|pageref|ref|vpageref|vref|cite)(?=[^a-zA-Z])" attribute="Structure" context="Label"/>
++        <RegExpr String="\\(label|pageref|autoref|ref|vpageref|vref|cite)(?=[^a-zA-Z])" attribute="Structure" context="Label"/>
+         <RegExpr String="\\(part|chapter|section|subsection|subsubsection|paragraph|subparagraph)\*?\s*(?=[\{\[])" attribute="Structure" context="Sectioning"/>
++        <RegExpr String="\\(footnote)\*?\s*(?=[\{\[])" attribute="Footnote" context="Footnoting"/>
+         <RegExpr String="\\(re)?newcommand(?=[^a-zA-Z])" attribute="Keyword" context="NewCommand"/>
+         <RegExpr String="\\(e|g|x)?def(?=[^a-zA-Z])" attribute="Keyword" context="DefCommand"/>
++	<RegExpr String="&lt;&lt;.*&gt;&gt;=" attribute="Normal Text" context="NoWeb" />
+         <StringDetect String="\(" attribute="Math" context="MathMode" beginRegion="mathMode" />
+         <StringDetect String="\[" attribute="Math" context="MathModeEquation" beginRegion="mathMode" />
+         <DetectChar char="\" attribute="Keyword" context="ContrSeq"/>
+@@ -22,6 +24,11 @@
+         <DetectChar char="&#xd7;" attribute="Bullet" context="#stay"/>
+       </context>
+ 
++	<!-- NoWeb -->
++      <context name="NoWeb" attribute="Normal Text" lineEndContext="#stay" >
++	<RegExpr String="^\s*@\s*" attribute="Normal Text" context="#pop" />
++      </context>
++
+       <!-- LaTeX sectioning commands -->
+       <context name="Sectioning" attribute="Normal Text" lineEndContext="#stay" fallthrough="true" fallthroughContext="#pop">
+         <RegExpr String="\[[^\]]*\]" attribute="Normal Text" context="#stay"/>
+@@ -59,9 +66,46 @@
+         <RegExpr String="[^a-zA-Z]" attribute="Structure Keyword Mathmode" context="#pop" /> 
+       </context>
+ 
++      <!-- LaTeX Footnote commands -->
++      <context name="Footnoting" attribute="Normal Text" lineEndContext="#stay" fallthrough="true" fallthroughContext="#pop">
++        <RegExpr String="\[[^\]]*\]" attribute="Normal Text" context="#stay"/>
++        <DetectChar char=" " attribute="Normal Text" context="#stay"/>
++        <DetectChar char="{" attribute="Normal Text" context="FootnotingInside"/>
++        <DetectChar char="}" attribute="Normal Text" context="#pop"/>
++        <DetectChar char="%" attribute="Comment" context="Comment"/>
++      </context>
++      <context name="FootnotingInside" attribute="Footnote Text" lineEndContext="#stay">
++        <DetectChar char="{" attribute="Normal Text" context="FootnotingInside"/>
++        <DetectChar char="}" attribute="Normal Text" context="#pop"/>
++        <StringDetect String="\(" attribute="Footnote Math" context="FootnotingMathMode" beginRegion="mathMode" />
++        <DetectChar char="\" attribute="Footnote Keyword" context="FootnotingContrSeq"/>
++        <DetectChar char="$" attribute="Footnote Math" context="FootnotingMathMode" beginRegion="mathMode" />
++        <DetectChar char="%" attribute="Comment" context="Comment"/>
++        <DetectChar char="&#xd7;" attribute="Bullet" context="#stay"/>
++      </context>
++      <context name="FootnotingContrSeq" attribute="Keyword" lineEndContext="#pop">
++         <DetectChar char="&#xd7;" attribute="Bullet" context="#stay"/>
++        <RegExpr String="[a-zA-Z]+(\+?|\*{0,3})" attribute="Footnote Keyword" context="#pop"/>
++        <RegExpr String="[^a-zA-Z]" attribute="Footnote Keyword" context="#pop" />
++      </context>
++      <context name="FootnotingMathMode" attribute="Footnote Math" lineEndContext="#stay">
++        <StringDetect String="$$" attribute="Error" context="#stay" />
++        <DetectChar char="$" attribute="Footnote Math" context="#pop" endRegion="mathMode" />
++        <Detect2Chars char="\" char1=")" attribute="Footnote Math" context="#pop" endRegion="mathMode" />
++        <Detect2Chars char="\" char1="]" attribute="Error" context="#stay" />
++        <DetectChar char="\" attribute="Footnote Keyword Mathmode" context="FootnotingMathContrSeq"/>
++        <DetectChar char="%" attribute="Comment" context="Comment"/>
++        <DetectChar char="&#xd7;" attribute="Bullet" context="#stay"/>
++      </context>
++      <context name="FootnotingMathContrSeq" attribute="Footnote Keyword Mathmode" lineEndContext="#pop">
++        <DetectChar char="&#xd7;" attribute="Bullet" context="#stay"/>
++        <RegExpr String="[a-zA-Z]+\*?" attribute="Footnote Keyword Mathmode" context="#pop"/>
++        <RegExpr String="[^a-zA-Z]" attribute="Footnote Keyword Mathmode" context="#pop" /> 
++      </context>
++
+       <!-- LaTeX commands \newcommand and \renewcommand -->
+       <context name="NewCommand" attribute="Normal Text" lineEndContext="#stay" fallthrough="true" fallthroughContext="#pop">
+-        <RegExpr String="\s*\{\s*\\[a-zA-Z]+\s*\}(\[\d\](\[[^\]]+\])?)?\{" attribute="Normal Text" context="CommandParameterStart"/>
++        <RegExpr String="\s*\{\s*\\[a-zA-Z]+\s*\}(\[\d\](\[[^\]]*\])?)?\{" attribute="Normal Text" context="CommandParameterStart"/>
+         <DetectChar char="}" attribute="Error" context="#pop"/>
+       </context>
+ 
+@@ -137,8 +181,9 @@
+       <context name="Environment" attribute="Environment" lineEndContext="#stay">
+         <RegExpr String="(lstlisting|(B|L)?Verbatim)" attribute="Environment" context="VerbatimEnvParam"/>
+         <RegExpr String="(verbatim|boxedverbatim)" attribute="Environment" context="VerbatimEnv"/>
+-        <RegExpr String="(equation|displaymath|eqnarray|subeqnarray|math|multline|gather|align|flalign)" attribute="Environment" context="MathEnv"/>
+         <RegExpr String="(alignat|xalignat|xxalignat)" attribute="Environment" context="MathEnvParam"/>
++        <RegExpr String="(equation|displaymath|eqnarray|subeqnarray|math|multline|gather|align|flalign)" attribute="Environment" context="MathEnv"/>
++        <RegExpr String="(tabular|supertabular|mpsupertabular|xtabular|mpxtabular|longtable)" attribute="Environment" context="TabEnv"/>
+         <DetectChar char="&#xd7;" attribute="Bullet" context="#stay"/>
+         <RegExpr String="[a-zA-Z]" attribute="Environment" context="LatexEnv"/>
+         <RegExpr String="\s+" attribute="Error" context="#pop"/>
+@@ -228,6 +273,28 @@
+         <DetectChar char="}" attribute="Normal Text" context="#pop#pop#pop#pop#pop"  endRegion="block"/>
+       </context>
+ 
++          <!-- environment type 9: tabular -->
++      <context name="TabEnv" attribute="Environment" lineEndContext="#stay" fallthrough="true" fallthroughContext="#pop#pop#pop">
++        <DetectChar char="}" attribute="Normal Text" context="Tab"/>
++        <RegExpr String="[a-zA-Z]" attribute="Environment" lookAhead="true" context="#pop"/>
++        <IncludeRules context="EnvCommon" />
++       </context>
++
++      <!-- parse tabular text -->
++      <context name="Tab" attribute="Tab" lineEndContext="#stay">
++	<DetectChar char="&amp;" attribute="Ampersand" context="#stay"/>
++	<RegExpr String="@\{.*\}" minimal="true" attribute="Column Separator" context="#stay"/>
++        <RegExpr String="\\end(?=\s*\{(tabular|supertabular|mpsupertabular|xtabular|mpxtabular|longtable)\*?\})" attribute="Structure"  context="TabFindEnd"/>
++	<IncludeRules context="Normal Text" />
++      </context>
++
++      <!-- end of tabular environment -->
++      <context name="TabFindEnd" attribute="Normal Text" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop">
++        <RegExpr String="\s*\{" attribute="Normal Text" context="#stay"/>
++        <RegExpr String="(tabular|supertabular|mpsupertabular|xtabular|mpxtabular|longtable)\*?" attribute="Environment" context="#stay"/>
++        <DetectChar char="}" attribute="Normal Text" context="#pop#pop#pop#pop#pop" endRegion="block"/>
++      </context>
++
+       <!-- math mode: starting with $ or \( -->
+       <context name="MathMode" attribute="Math" lineEndContext="#stay">
+         <StringDetect String="$$" attribute="Error" context="#stay" />
+@@ -315,11 +382,18 @@
+       <itemData name="Verbatim" defStyleNum="dsNormal" color="#a08000" selColor="#80D0FF" bold="0" italic="0"/>
+       <itemData name="Region Marker" defStyleNum="dsRegionMarker" />
+       <itemData name="Bullet" defStyleNum="dsNormal" color="#FF00C4" bold="1" underline="1"/>
++      <itemData name="Ampersand" defStyleNum="dsNormal" color="#002793" bold="1" />
++      <itemData name="Column Separator" defStyleNum="dsNormal" color="#002793" />
+       <itemData name="Alert" defStyleNum="dsAlert" />
+       <itemData name="Structure Text" defStyleNum="dsNormal" color="#000000" selColor="#FFFFFF" bold="1" italic="0"/>
+       <itemData name="Structure Keyword" defStyleNum="dsNormal" color="#800000" selColor="#60FFFF" bold="1" italic="0"/>
+       <itemData name="Structure Math" defStyleNum="dsNormal" color="#00A000" selColor="#FF40FF"  bold="1" italic="0"/>
+       <itemData name="Structure Keyword Mathmode" defStyleNum="dsNormal" color="#606000" selColor="#FFD0FF" bold="1" italic="0"/>
++      <itemData name="Footnote" defStyleNum="dsNormal" color="#800000" selColor="#60FFFF" bold="0" italic="0"/>
++      <itemData name="Footnote Text" defStyleNum="dsNormal" color="#000000" selColor="#FFFFFF" bold="0" italic="0"/>
++      <itemData name="Footnote Keyword" defStyleNum="dsNormal" color="#800000" selColor="#60FFFF" bold="0" italic="0"/>
++      <itemData name="Footnote Math" defStyleNum="dsNormal" color="#00A000" selColor="#FF40FF"  bold="0" italic="0"/>
++      <itemData name="Footnote Keyword Mathmode" defStyleNum="dsNormal" color="#606000" selColor="#FFD0FF" bold="0" italic="0"/>
+      </itemDatas>
+   </highlighting>
+ 

kdelibs-3.5.10-oCERT-2009-015-xmlhttprequest.patch

@@ -0,0 +1,45 @@
+Index: xmlhttprequest.cpp
+===================================================================
+--- khtml/ecma/xmlhttprequest.cpp	(revision 954808)
++++ khtml/ecma/xmlhttprequest.cpp	(working copy)
+@@ -342,17 +342,17 @@
+ {
+   aborted = false;
+ 
++  const QString protocol = url.protocol().lower();
++  // Abandon the request when the protocol is other than "http",
++  // instead of blindly doing a KIO::get on other protocols like file:/.
++  if (!protocol.startsWith("http") && !protocol.startsWith("webdav"))
++  {
++    abort();
++    return;
++  }
++
+   if (method == "post") {
+-    QString protocol = url.protocol().lower();
+ 
+-    // Abondon the request when the protocol is other than "http",
+-    // instead of blindly changing it to a "get" request.
+-    if (!protocol.startsWith("http") && !protocol.startsWith("webdav"))
+-    {
+-      abort();
+-      return;
+-    }
+-
+     // FIXME: determine post encoding correctly by looking in headers
+     // for charset.
+     QByteArray buf;
+@@ -763,11 +763,11 @@
+         if (obj.isValid() && obj.inherits(&DOMDocument::info)) {
+           DOM::Node docNode = static_cast<KJS::DOMDocument *>(obj.imp())->toNode();
+           DOM::DocumentImpl *doc = static_cast<DOM::DocumentImpl *>(docNode.handle());
+-          
++
+           try {
+             body = doc->toString().string();
+             // FIXME: also need to set content type, including encoding!
+-  
++
+           } catch(DOM::DOMException& e) {
+             Object err = Error::create(exec, GeneralError, "Exception serializing document");
+             exec->setException(err);

kdelibs-3.5.10-openssl.patch

@@ -1,10 +1,12 @@
-diff -up kdelibs-3.5.8/kio/kssl/kopenssl.cc.openssl kdelibs-3.5.8/kio/kssl/kopenssl.cc
---- kdelibs-3.5.8/kio/kssl/kopenssl.cc.openssl	2006-07-22 03:16:39.000000000 -0500
-+++ kdelibs-3.5.8/kio/kssl/kopenssl.cc	2007-12-04 08:13:44.000000000 -0600
-@@ -329,6 +329,17 @@ KConfig *cfg;
+diff -up kdelibs-3.5.10/kio/kssl/kopenssl.cc.openssl kdelibs-3.5.10/kio/kssl/kopenssl.cc
+--- kdelibs-3.5.10/kio/kssl/kopenssl.cc.openssl	2006-07-22 03:16:39.000000000 -0500
++++ kdelibs-3.5.10/kio/kssl/kopenssl.cc	2009-04-19 16:34:14.000000000 -0500
+@@ -329,6 +329,19 @@ KConfig *cfg;
               #ifdef SHLIB_VERSION_NUMBER
               << "libssl.so." SHLIB_VERSION_NUMBER
               #endif
++             << "libssl.so.0.9.8k"
++             << "libssl.so.8"
 +             << "libssl.so.0.9.8g"
 +             << "libssl.so.7"
 +             << "libssl.so.0.9.8b"
@@ -19,10 +21,12 @@ diff -up kdelibs-3.5.8/kio/kssl/kopenssl.cc.openssl kdelibs-3.5.8/kio/kssl/kopen
               << "libssl.so"
  	     << "libssl.so.0"
               #endif
-@@ -346,6 +357,17 @@ KConfig *cfg;
+@@ -346,6 +359,19 @@ KConfig *cfg;
               #ifdef SHLIB_VERSION_NUMBER
               << "libcrypto.so." SHLIB_VERSION_NUMBER
               #endif
++             << "libcrypto.so.0.9.8k"
++             << "libcrypto.so.8"
 +             << "libcrypto.so.0.9.8g"
 +             << "libcrypto.so.7"
 +             << "libcrypto.so.0.9.8b"

kdelibs-3.5.4-CVE-2009-1687.patch

@@ -0,0 +1,20 @@
+--- kdelibs-3.5.4/kjs/collector.cpp.CVE-2009-1687	2009-06-17 15:07:33.000000000 +0200
++++ kdelibs-3.5.4/kjs/collector.cpp	2009-06-20 00:42:48.000000000 +0200
+@@ -23,6 +23,7 @@
+ 
+ #include "value.h"
+ #include "internal.h"
++#include <limits.h>
+ 
+ #ifndef MAX
+ #define MAX(a,b) ((a) > (b) ? (a) : (b))
+@@ -119,6 +120,9 @@
+     // didn't find one, need to allocate a new block
+ 
+     if (heap.usedBlocks == heap.numBlocks) {
++      static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR;
++      if (heap.numBlocks > maxNumBlocks)
++          return 0L;
+       heap.numBlocks = MAX(MIN_ARRAY_SIZE, heap.numBlocks * GROWTH_FACTOR);
+       heap.blocks = (CollectorBlock **)realloc(heap.blocks, heap.numBlocks * sizeof(CollectorBlock *));
+     }

kdelibs-3.5.4-CVE-2009-1690.patch

@@ -0,0 +1,545 @@
+--- kdelibs-3.5.4/khtml/html/RefPtr.h.CVE-2009-1690	2009-06-17 14:19:00.000000000 +0200
++++ kdelibs-3.5.4/khtml/html/RefPtr.h	2009-06-17 14:19:00.000000000 +0200
+@@ -0,0 +1,202 @@
++// -*- mode: c++; c-basic-offset: 4 -*-
++/*
++ *  Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
++ *
++ *  This library is free software; you can redistribute it and/or
++ *  modify it under the terms of the GNU Library General Public
++ *  License as published by the Free Software Foundation; either
++ *  version 2 of the License, or (at your option) any later version.
++ *
++ *  This library is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ *  Library General Public License for more details.
++ *
++ *  You should have received a copy of the GNU Library General Public License
++ *  along with this library; see the file COPYING.LIB.  If not, write to
++ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
++ *  Boston, MA 02110-1301, USA.
++ *
++ */
++
++#ifndef WTF_RefPtr_h
++#define WTF_RefPtr_h
++
++#include <algorithm>
++#include "AlwaysInline.h"
++
++namespace WTF {
++
++    enum PlacementNewAdoptType { PlacementNewAdopt };
++
++    template <typename T> class PassRefPtr;
++
++    enum HashTableDeletedValueType { HashTableDeletedValue };
++
++    template <typename T> class RefPtr {
++    public:
++        RefPtr() : m_ptr(0) { }
++        RefPtr(T* ptr) : m_ptr(ptr) { if (ptr) ptr->ref(); }
++        RefPtr(const RefPtr& o) : m_ptr(o.m_ptr) { if (T* ptr = m_ptr) ptr->ref(); }
++        // see comment in PassRefPtr.h for why this takes const reference
++        template <typename U> RefPtr(const PassRefPtr<U>&);
++
++        // Special constructor for cases where we overwrite an object in place.
++        RefPtr(PlacementNewAdoptType) { }
++
++        // Hash table deleted values, which are only constructed and never copied or destroyed.
++        RefPtr(HashTableDeletedValueType) : m_ptr(hashTableDeletedValue()) { }
++        bool isHashTableDeletedValue() const { return m_ptr == hashTableDeletedValue(); }
++
++        ~RefPtr() { if (T* ptr = m_ptr) ptr->deref(); }
++        
++        template <typename U> RefPtr(const RefPtr<U>& o) : m_ptr(o.get()) { if (T* ptr = m_ptr) ptr->ref(); }
++        
++        T* get() const { return m_ptr; }
++        
++        void clear() { if (T* ptr = m_ptr) ptr->deref(); m_ptr = 0; }
++        PassRefPtr<T> release() { PassRefPtr<T> tmp = adoptRef(m_ptr); m_ptr = 0; return tmp; }
++
++        T& operator*() const { return *m_ptr; }
++        ALWAYS_INLINE T* operator->() const { return m_ptr; }
++        
++        bool operator!() const { return !m_ptr; }
++    
++        // This conversion operator allows implicit conversion to bool but not to other integer types.
++        typedef T* RefPtr::*UnspecifiedBoolType;
++        operator UnspecifiedBoolType() const { return m_ptr ? &RefPtr::m_ptr : 0; }
++        
++        RefPtr& operator=(const RefPtr&);
++        RefPtr& operator=(T*);
++        RefPtr& operator=(const PassRefPtr<T>&);
++        template <typename U> RefPtr& operator=(const RefPtr<U>&);
++        template <typename U> RefPtr& operator=(const PassRefPtr<U>&);
++
++        void swap(RefPtr&);
++
++    private:
++        static T* hashTableDeletedValue() { return reinterpret_cast<T*>(-1); }
++
++        T* m_ptr;
++    };
++    
++    template <typename T> template <typename U> inline RefPtr<T>::RefPtr(const PassRefPtr<U>& o)
++        : m_ptr(o.releaseRef())
++    {
++    }
++
++    template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(const RefPtr<T>& o)
++    {
++        T* optr = o.get();
++        if (optr)
++            optr->ref();
++        T* ptr = m_ptr;
++        m_ptr = optr;
++        if (ptr)
++            ptr->deref();
++        return *this;
++    }
++    
++    template <typename T> template <typename U> inline RefPtr<T>& RefPtr<T>::operator=(const RefPtr<U>& o)
++    {
++        T* optr = o.get();
++        if (optr)
++            optr->ref();
++        T* ptr = m_ptr;
++        m_ptr = optr;
++        if (ptr)
++            ptr->deref();
++        return *this;
++    }
++    
++    template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(T* optr)
++    {
++        if (optr)
++            optr->ref();
++        T* ptr = m_ptr;
++        m_ptr = optr;
++        if (ptr)
++            ptr->deref();
++        return *this;
++    }
++
++    template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(const PassRefPtr<T>& o)
++    {
++        T* ptr = m_ptr;
++        m_ptr = o.releaseRef();
++        if (ptr)
++            ptr->deref();
++        return *this;
++    }
++
++    template <typename T> template <typename U> inline RefPtr<T>& RefPtr<T>::operator=(const PassRefPtr<U>& o)
++    {
++        T* ptr = m_ptr;
++        m_ptr = o.releaseRef();
++        if (ptr)
++            ptr->deref();
++        return *this;
++    }
++
++    template <class T> inline void RefPtr<T>::swap(RefPtr<T>& o)
++    {
++        std::swap(m_ptr, o.m_ptr);
++    }
++
++    template <class T> inline void swap(RefPtr<T>& a, RefPtr<T>& b)
++    {
++        a.swap(b);
++    }
++
++    template <typename T, typename U> inline bool operator==(const RefPtr<T>& a, const RefPtr<U>& b)
++    { 
++        return a.get() == b.get(); 
++    }
++
++    template <typename T, typename U> inline bool operator==(const RefPtr<T>& a, U* b)
++    { 
++        return a.get() == b; 
++    }
++    
++    template <typename T, typename U> inline bool operator==(T* a, const RefPtr<U>& b) 
++    {
++        return a == b.get(); 
++    }
++    
++    template <typename T, typename U> inline bool operator!=(const RefPtr<T>& a, const RefPtr<U>& b)
++    { 
++        return a.get() != b.get(); 
++    }
++
++    template <typename T, typename U> inline bool operator!=(const RefPtr<T>& a, U* b)
++    {
++        return a.get() != b; 
++    }
++
++    template <typename T, typename U> inline bool operator!=(T* a, const RefPtr<U>& b)
++    { 
++        return a != b.get(); 
++    }
++    
++    template <typename T, typename U> inline RefPtr<T> static_pointer_cast(const RefPtr<U>& p)
++    { 
++        return RefPtr<T>(static_cast<T*>(p.get())); 
++    }
++
++    template <typename T, typename U> inline RefPtr<T> const_pointer_cast(const RefPtr<U>& p)
++    { 
++        return RefPtr<T>(const_cast<T*>(p.get())); 
++    }
++
++    template <typename T> inline T* getPtr(const RefPtr<T>& p)
++    {
++        return p.get();
++    }
++
++} // namespace WTF
++
++using WTF::RefPtr;
++using WTF::static_pointer_cast;
++using WTF::const_pointer_cast;
++
++#endif // WTF_RefPtr_h
+--- kdelibs-3.5.4/khtml/html/htmlparser.cpp.CVE-2009-1690	2006-07-22 10:16:43.000000000 +0200
++++ kdelibs-3.5.4/khtml/html/htmlparser.cpp	2009-06-17 11:51:15.000000000 +0200
+@@ -199,7 +199,6 @@
+ 
+     form = 0;
+     map = 0;
+-    head = 0;
+     end = false;
+     isindex = 0;
+ 
+@@ -616,8 +615,7 @@
+             case ID_BASE:
+                 if(!head) {
+                     head = new HTMLHeadElementImpl(document);
+-                    e = head;
+-                    insertNode(e);
++                    insertNode(head.get());
+                     handled = true;
+                 }
+                 break;
+@@ -839,7 +837,7 @@
+     case ID_HEAD:
+         if(!head && current->id() == ID_HTML) {
+             head = new HTMLHeadElementImpl(document);
+-            n = head;
++            n = head.get();
+         }
+         break;
+     case ID_BODY:
+@@ -1679,12 +1677,12 @@
+     head = new HTMLHeadElementImpl(document);
+     HTMLElementImpl *body = doc()->body();
+     int exceptioncode = 0;
+-    doc()->firstChild()->insertBefore(head, body, exceptioncode);
++    doc()->firstChild()->insertBefore(head.get(), body, exceptioncode);
+     if ( exceptioncode ) {
+ #ifdef PARSER_DEBUG
+         kdDebug( 6035 ) << "creation of head failed!!!!" << endl;
+ #endif
+-        delete head;
++        delete head.get();
+         head = 0;
+     }
+ }
+--- kdelibs-3.5.4/khtml/html/Platform.h.CVE-2009-1690	2009-06-17 14:19:07.000000000 +0200
++++ kdelibs-3.5.4/khtml/html/Platform.h	2009-06-17 14:19:07.000000000 +0200
+@@ -0,0 +1,218 @@
++/* -*- mode: c++; c-basic-offset: 4 -*- */
++/*
++ * Copyright (C) 2006 Apple Computer, Inc.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
++ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
++ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
++ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
++ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
++ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
++ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
++ */
++
++#ifndef WTF_Platform_h
++#define WTF_Platform_h
++
++/* Force KDE build here in our tree... */
++#ifndef BUILDING_KDE__
++#define BUILDING_KDE__ 1
++#endif
++
++/* PLATFORM handles OS, operating environment, graphics API, and CPU */
++#define PLATFORM(WTF_FEATURE) (defined( WTF_PLATFORM_##WTF_FEATURE ) && WTF_PLATFORM_##WTF_FEATURE)
++#define COMPILER(WTF_FEATURE) (defined( WTF_COMPILER_##WTF_FEATURE ) && WTF_COMPILER_##WTF_FEATURE)
++#define HAVE(WTF_FEATURE) (defined( HAVE_##WTF_FEATURE ) && HAVE_##WTF_FEATURE)
++#define USE(WTF_FEATURE) (defined( WTF_USE_##WTF_FEATURE ) && WTF_USE_##WTF_FEATURE)
++#define ENABLE(WTF_FEATURE) (defined( ENABLE_##WTF_FEATURE ) && ENABLE_##WTF_FEATURE)
++
++/* Operating systems - low-level dependencies */
++
++/* PLATFORM(DARWIN) */
++/* Operating system level dependencies for Mac OS X / Darwin that should */
++/* be used regardless of operating environment */
++#ifdef __APPLE__
++#define WTF_PLATFORM_DARWIN 1
++#endif
++
++/* PLATFORM(WIN_OS) */
++/* Operating system level dependencies for Windows that should be used */
++/* regardless of operating environment */
++#if defined(WIN32) || defined(_WIN32)
++#define WTF_PLATFORM_WIN_OS 1
++#endif
++
++/* PLATFORM(UNIX) */
++/* Operating system level dependencies for Unix-like systems that */
++/* should be used regardless of operating environment */
++/* (includes PLATFORM(DARWIN)) */
++#if   defined(__APPLE__)   \
++   || defined(unix)        \
++   || defined(__unix)      \
++   || defined(__unix__)    \
++   || defined (__NetBSD__) \
++   || defined(_AIX)
++#define WTF_PLATFORM_UNIX 1
++#endif
++
++/* PLATFORM(SOLARIS_OS) */
++/* Operating system level dependencies for Sun (Open)Solaris 10. */
++/* Studio 12 on Solaris defines __SunOS; gcc defines __sun__; */
++/* Both compilers define __sun and sun. */
++#if defined(__sun) || defined(sun)
++#define WTF_PLATFORM_SOLARIS_OS 1
++#endif
++
++/* Operating environments */
++
++/* I made the BUILDING_KDE__ macro up for the KDE build system to define */
++
++/* PLATFORM(KDE) */
++/* PLATFORM(MAC) */
++/* PLATFORM(WIN) */
++#if BUILDING_KDE__
++#define WTF_PLATFORM_KDE 1
++#elif PLATFORM(DARWIN)
++#define WTF_PLATFORM_MAC 1
++#elif PLATFORM(WIN_OS)
++#define WTF_PLATFORM_WIN 1
++#endif
++#if defined(BUILDING_GDK__)
++#define WTF_PLATFORM_GDK 1
++#endif
++
++
++/* CPU */
++
++/* PLATFORM(PPC) */
++#if   defined(__ppc__)     \
++   || defined(__PPC__)     \
++   || defined(__powerpc__) \
++   || defined(__powerpc)   \
++   || defined(__POWERPC__) \
++   || defined(_M_PPC)      \
++   || defined(__PPC)
++#define WTF_PLATFORM_PPC 1
++#define WTF_PLATFORM_BIG_ENDIAN 1
++#endif
++
++/* PLATFORM(PPC64) */
++#if   defined(__ppc64__) \
++   || defined(__PPC64__)
++#define WTF_PLATFORM_PPC64 1
++#define WTF_PLATFORM_BIG_ENDIAN 1
++#endif
++
++#if defined(arm)
++#define WTF_PLATFORM_ARM 1
++#if defined(__ARMEB__)
++#define WTF_PLATFORM_BIG_ENDIAN 1
++#elif !defined(__ARM_EABI__) && !defined(__ARMEB__)
++#define WTF_PLATFORM_MIDDLE_ENDIAN 1
++#endif
++#if !defined(__ARM_EABI__)
++#define WTF_PLATFORM_FORCE_PACK 1
++#endif
++#endif
++
++/* PLATFORM(X86) */
++#if   defined(__i386__) \
++   || defined(i386)     \
++   || defined(_M_IX86)  \
++   || defined(_X86_)    \
++   || defined(__THW_INTEL)
++#define WTF_PLATFORM_X86 1
++#endif
++
++/* PLATFORM(X86_64) */
++#if   defined(__x86_64__) \
++   || defined(__ia64__)
++#define WTF_PLATFORM_X86_64 1
++#endif
++
++/* PLATFORM(SPARC) */
++#if defined(sparc)
++#define WTF_PLATFORM_SPARC 1
++#endif
++
++/* Compiler */
++
++/* COMPILER(CWP) */
++#if defined(__MWERKS__)
++#define WTF_COMPILER_CWP 1
++#endif
++
++/* COMPILER(MSVC) */
++#if defined(_MSC_VER)
++#define WTF_COMPILER_MSVC 1
++#endif
++
++/* COMPILER(GCC) */
++#if defined(__GNUC__)
++#define WTF_COMPILER_GCC 1
++#endif
++
++/* COMPILER(SUNPRO) */
++#if defined(__SUNPRO_CC)
++#define WTF_COMPILER_SUNPRO 1
++#endif
++
++/* COMPILER(BORLAND) */
++/* not really fully supported - is this relevant any more? */
++#if defined(__BORLANDC__)
++#define WTF_COMPILER_BORLAND 1
++#endif
++
++/* COMPILER(CYGWIN) */
++/* not really fully supported - is this relevant any more? */
++#if defined(__CYGWIN__)
++#define WTF_COMPILER_CYGWIN 1
++#endif
++
++/* multiple threads only supported on Mac for now */
++#if PLATFORM(MAC)
++#ifndef WTF_USE_MULTIPLE_THREADS
++#define WTF_USE_MULTIPLE_THREADS 1
++#endif
++#ifndef WTF_USE_BINDINGS
++#define WTF_USE_BINDINGS 1
++#endif
++#endif
++
++/* for Unicode, KDE uses Qt, everything else uses ICU */
++#if PLATFORM(KDE) || PLATFORM(QT)
++#define WTF_USE_QT4_UNICODE 1
++#elif PLATFORM(SYMBIAN)
++#define WTF_USE_SYMBIAN_UNICODE 1
++#else
++#define WTF_USE_ICU_UNICODE 1
++#endif
++
++#if PLATFORM(MAC)
++#define WTF_PLATFORM_CF 1
++#endif
++
++#if PLATFORM(WIN)
++#define WTF_USE_WININET 1
++#endif
++
++#if PLATFORM(GDK)
++#define WTF_USE_CURL 1
++#endif
++
++/* ENABLE macro defaults */
++
++#endif /* WTF_Platform_h */
+--- kdelibs-3.5.4/khtml/html/AlwaysInline.h.CVE-2009-1690	2009-06-17 14:18:52.000000000 +0200
++++ kdelibs-3.5.4/khtml/html/AlwaysInline.h	2009-06-17 13:56:36.000000000 +0200
+@@ -0,0 +1,49 @@
++/*
++ *  Copyright (C) 2005, 2007 Apple Inc. All rights reserved.
++ *
++ *  This library is free software; you can redistribute it and/or
++ *  modify it under the terms of the GNU Library General Public
++ *  License as published by the Free Software Foundation; either
++ *  version 2 of the License, or (at your option) any later version.
++ *
++ *  This library is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ *  Library General Public License for more details.
++ *
++ *  You should have received a copy of the GNU Library General Public License
++ *  along with this library; see the file COPYING.LIB.  If not, write to
++ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
++ *  Boston, MA 02110-1301, USA.
++ *
++ */
++
++#include "html/Platform.h"
++
++
++#ifndef ALWAYS_INLINE
++#if COMPILER(GCC) && defined(NDEBUG) &&  __GNUC__ > 3
++#define ALWAYS_INLINE inline __attribute__ ((__always_inline__))
++#elif COMPILER(MSVC) && defined(NDEBUG)
++#define ALWAYS_INLINE __forceinline
++#else
++#define ALWAYS_INLINE inline
++#endif
++#endif
++
++#ifndef ALWAYS_INLINE_INTO
++#if COMPILER(GCC) && defined(NDEBUG) &&  ((__GNUC__ == 4 && __GNUC_MINOR__ >= 1) || __GNUC__ > 4)
++#define ALWAYS_INLINE_INTO __attribute__ ((__flatten__))
++#else
++#define ALWAYS_INLINE_INTO
++#endif
++#endif
++
++
++#ifndef NEVER_INLINE
++#if COMPILER(GCC) &&  __GNUC__ > 3
++#define NEVER_INLINE __attribute__ ((__noinline__))
++#else
++#define NEVER_INLINE
++#endif
++#endif
+--- kdelibs-3.5.4/khtml/html/htmlparser.h.CVE-2009-1690	2005-10-10 17:06:04.000000000 +0200
++++ kdelibs-3.5.4/khtml/html/htmlparser.h	2009-06-17 14:42:27.000000000 +0200
+@@ -38,10 +38,10 @@
+ #include <qdatetime.h>
+ #endif
+ 
+-
+ #include "dom/dom_string.h"
+ #include "xml/dom_nodeimpl.h"
+ #include "html/html_documentimpl.h"
++#include "html/RefPtr.h"
+ 
+ class KHTMLView;
+ class HTMLStackElem;
+@@ -148,7 +148,7 @@
+     /*
+      * the head element. Needed for crappy html which defines <base> after </head>
+      */
+-    DOM::HTMLHeadElementImpl *head;
++     RefPtr<DOM::HTMLHeadElementImpl> head;
+ 
+     /*
+      * a possible <isindex> element in the head. Compatibility hack for

kdelibs3.spec

@@ -7,7 +7,7 @@
 %define kde_settings 1 
 
 %define arts 1
-%define arts_ev 8:1.5.9
+%define arts_ev 8:1.5.10
 
 %if 0%{?fedora} > 8
 %define qt3 qt3
@@ -36,14 +36,12 @@
 
 Summary: K Desktop Environment 3 - Libraries
 Version: 3.5.10
-Release: 1%{?dist}
+Release: 14%{?dist}
 
 %if 0%{?fedora} > 8
 Name: kdelibs3
 Obsoletes: kdelibs < 6:%{version}-%{release}
 Provides: kdelibs = 6:%{version}-%{release}
-# define to enable kdeui symlink hack -- Rex
-#define kdeui_symlink 1
 %else
 Name: kdelibs
 Epoch: 6
@@ -64,7 +62,7 @@ Source3: devices.protocol
 Patch1: kdelibs-3.5.1-xdg-menu.patch
 Patch2: kdelibs-3.0.0-ndebug.patch
 Patch4: kdelibs-3.0.4-ksyscoca.patch
-Patch5: kdelibs-3.5.7-openssl.patch
+Patch5: kdelibs-3.5.10-openssl.patch
 Patch15: kdelibs-3.4.91-buildroot.patch
 Patch32: kdelibs-3.2.3-cups.patch
 Patch33: kdelibs-3.3.2-ppc.patch
@@ -88,6 +86,8 @@ Patch52: kdelibs-3.5.9-KDE3.patch
 Patch53: kdelibs-3.5.9-drkonqi-kde4.patch
 # fix build against Rawhide kernel headers (fix flock and flock64 redefinition)
 Patch54: kdelibs-3.5.9-fix-flock-redefinition.patch
+# update the KatePart latex.xml syntax definition to the version from Kile 2.0.3
+Patch55: kdelibs-3.5.10-latex-syntax-kile-2.0.3.patch
 
 # use /etc/kde in addition to /usr/share/config, borrowed from debian
 Patch100: kdelibs-3.5.5-kstandarddirs.patch
@@ -95,8 +95,23 @@ Patch100: kdelibs-3.5.5-kstandarddirs.patch
 Patch101: kde-3.5-libtool-shlibext.patch
 # kget ignores simultaneous download limit (kde #101956)
 Patch103: kdelibs-3.5.0-101956.patch
+Patch104: kdelibs-3.5.10-gcc44.patch
 
-## upstream patches
+## security fixes
+# fix CVE-2009-2537 - select length DoS
+Patch200: kdelibs-3.5.10-cve-2009-2537-select-length.patch
+# fix CVE-2009-1725 - crash, possible ACE in numeric character references
+Patch201: kdelibs-3.5.10-cve-2009-1725.patch
+# fix CVE-2009-1690 - crash, possible ACE in KHTML (<head> use-after-free)
+Patch202: kdelibs-3.5.4-CVE-2009-1687.patch
+# fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?)
+Patch203: kdelibs-3.5.4-CVE-2009-1690.patch
+# fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
+Patch204: kdelibs-3.5.10-cve-2009-1698.patch
+# fix CVE-2009-2702 - ssl incorrect verification of SSL certificate with NUL in subjectAltName
+Patch205: kdelibs-3.5.10-CVE-2009-2702.patch
+# fix oCERT-2009-015 - unrestricted XMLHttpRequest access to local URLs
+Patch206: kdelibs-3.5.10-oCERT-2009-015-xmlhttprequest.patch
 
 #{?arts:Requires: arts >= %{arts_ev}}
 #Requires: %{qt3} >= %{qt3_ev}
@@ -126,11 +141,6 @@ Requires(pre): coreutils
 Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig
 
-%if 0%{?kdeui_symlink}
-# for %_kde4_* macros
-BuildRequires: kde4-macros(api) 
-%{?_kde4_macros_api:Requires: kde4-macros(api) = %{_kde4_macros_api} }
-%endif
 BuildRequires: gettext
 BuildRequires: pcre-devel
 BuildRequires: cups-devel cups
@@ -212,7 +222,7 @@ Provides:  kdelibs3-devel = %{version}-%{release}
 Obsoletes: kdelibs-devel < 6:%{version}-%{release}
 Provides:  kdelibs-devel = 6:%{version}-%{release}
 %endif
-Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
+Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
 Requires: %{qt3}-devel
 Requires: openssl-devel
 %{?arts:Requires: arts-devel}
@@ -231,6 +241,9 @@ Provides: kdelibs3-apidocs = %{version}-%{release}
 Obsoletes: kdelibs-apidocs < 6:%{version}-%{release}
 Provides:  kdelibs-apidocs = 6:%{version}-%{release}
 %endif
+%if 0%{?fedora} > 9
+BuildArch: noarch
+%endif
 
 %description apidocs
 This package includes the KDE 3 API documentation in HTML
@@ -268,16 +281,27 @@ format for easy browsing
 %patch53 -p1 -b .drkonqi-kde4
 %endif
 %patch54 -p1 -b .flock-redefinition
+%patch55 -p1 -b .latex-syntax
 
 %patch100 -p1 -b .kstandarddirs
 %patch101 -p1 -b .libtool-shlibext
+%patch104 -p1 -b .gcc44
 
-# upstream patches
+# security fixes
+%patch200 -p1 -b .cve-2009-2537
+%patch201 -p0 -b .cve-2009-1725
+%patch202 -p1 -b .cve-2009-1687
+%patch203 -p1 -b .cve-2009-1690
+%patch204 -p1 -b .cve-2009-1698
+%patch205 -p1 -b .cve-2009-2702
+%patch206 -p0 -b .oCERT-2009-015-xmlhttprequest
 
 sed -i -e "s,^#define KDE_VERSION_STRING .*,#define KDE_VERSION_STRING \"%{version}-%{release} %{distname}\"," kdecore/kdeversion.h
 
 %if %{make_cvs}
-   make -f admin/Makefile.common cvs
+# hack/fix for newer automake
+  sed -iautomake -e 's|automake\*1.10\*|automake\*1.1[0-5]\*|' admin/cvs.sh
+  make -f admin/Makefile.common cvs
 %endif
 
 
@@ -292,6 +316,10 @@ elif ! echo ${PATH} | grep -q /usr/kerberos/bin ; then
   export PATH=/usr/kerberos/bin:${PATH}
 fi
 
+%if "%{name}" != "kdelibs"
+export DO_NOT_COMPILE="libkscreensaver"
+%endif
+
 %configure \
    --includedir=%{_includedir}/kde \
    --disable-rpath \
@@ -325,18 +353,21 @@ fi
    --with-openexr \
    --with-xinerama
 
-make %{?_smp_mflags}
-
 %if 0%{?apidocs}
+  doxygen -s -u admin/Doxyfile.global
   make %{?_smp_mflags} apidox
 %endif
 
+make %{?_smp_mflags}
 
 %install
 rm -rf %{buildroot}
 
 make DESTDIR=%{buildroot} install
 
+# create/own, see http://bugzilla.redhat.com/483318
+mkdir -p %{buildroot}%{_libdir}/kconf_update_bin
+
 chmod a+x %{buildroot}%{_libdir}/*
 install -p -m 644 %{SOURCE3} %{buildroot}%{_datadir}/services/devices.protocol
 
@@ -449,15 +480,16 @@ rm -f %{buildroot}%{_docdir}/HTML/en/common/xml.dcl
 rm -rf %{buildroot}%{_datadir}/locale/all_languages
 rm -rf %{buildroot}%{_sysconfdir}/xdg/menus/
 rm -rf %{buildroot}%{_datadir}/autostart/
+rm -r %{buildroot}%{_datadir}/config/colors/40.colors
+rm -f %{buildroot}%{_datadir}/config/colors/Rainbow.colors
+rm -f %{buildroot}%{_datadir}/config/colors/Royal.colors
+rm -f %{buildroot}%{_datadir}/config/colors/Web.colors
+rm -f %{buildroot}%{_datadir}/config/ksslcalist
+rm -f %{buildroot}%{_bindir}/preparetips
+
 # don't show kresources
 sed -i -e "s,^OnlyShowIn=KDE;,OnlyShowIn=KDE3;," %{buildroot}%{_datadir}/applications/kde/kresources.desktop 
 
-%if 0%{?kdeui_symlink}
-# kdeui for kde3, kinda workaround http://bugs.kde.org/157850
-# and save space by sharing
-rm -rf %{buildroot}%{_datadir}/apps/kdeui/
-ln -s  %{_kde4_appsdir}/kdeui %{buildroot}%{_datadir}/apps/kdeui
-%endif
 %endif
 
 %if 0%{?include_crystalsvg} == 0
@@ -488,13 +520,6 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
 %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/crystalsvg 2> /dev/null || :
 %endif
 %{_bindir}/update-desktop-database > /dev/null 2>&1 || :
-%if 0%{?kdeui_symlink}
-rm -rf %{_datadir}/apps/kdeui.rpm_remove ||:
-
-%pre
-test -d %{_datadir}/apps/kdeui -a ! -L %{_datadir}/apps/kdeui && \
-  mv %{_datadir}/apps/kdeui %{_datadir}/apps/kdeui.rpm_remove ||:
-%endif
 
 %postun
 /sbin/ldconfig
@@ -561,19 +586,17 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
 %{_bindir}/make_driver_db_cups
 %{_bindir}/make_driver_db_lpr
 %{_bindir}/meinproc
-%{_bindir}/preparetips
 %{_bindir}/start_kdeinit
 %{_bindir}/start_kdeinit_wrapper
 %attr(4755,root,root) %{_bindir}/kgrantpty
 %{_libdir}/lib*.so.*
 %{_libdir}/libkdeinit_*.so
 %{_libdir}/lib*.la
+%{_libdir}/kconf_update_bin/
 %{_libdir}/kde3/
 %{_datadir}/applications/kde/*.desktop
 %{_datadir}/apps/*
 %exclude %{_datadir}/apps/ksgmltools2/
-%exclude %{_datadir}/apps/kdewidgets/
-%exclude %{_libdir}/kde3/plugins/designer/kdewidgets.*
 %config(noreplace) %{_datadir}/config/*
 %{_datadir}/emoticons/*
 %{_datadir}/icons/default.kde
@@ -603,13 +626,11 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
 %{_bindir}/checkXML
 %{_bindir}/ksvgtopng
 %{_bindir}/kunittestmodrunner
+%{_bindir}/preparetips
 %endif
 %{_bindir}/dcopidl*
 %{_bindir}/kconfig_compiler
 %{_bindir}/makekdewidgets
-%{_datadir}/apps/kdewidgets/
-%dir %{_libdir}/kde3/plugins/designer
-%{_libdir}/kde3/plugins/designer/kdewidgets.*
 %{_datadir}/apps/ksgmltools2/
 %{_includedir}/kde/
 %{_libdir}/lib*.so
@@ -625,6 +646,59 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
 
 
 %changelog
+* Mon Nov  2 2009 Lukáš Tinkl <ltinkl@redhat.com> - 3.5.10-14
+- fix unrestricted XMLHttpRequest access to local URLs (oCERT-2009-015), #532428
+
+* Sun Sep 06 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-13.1
+- fix for CVE-2009-2702
+
+* Sun Jul 26 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-13
+- fix CVE-2009-2537 - select length DoS
+- fix CVE-2009-1725 - crash, possible ACE in numeric character references
+- fix CVE-2009-1690 - crash, possible ACE in KHTML (<head> use-after-free)
+- fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?)
+- fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Sat Jul 18 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-12 
+- FTBFS kdelibs3-3.5.10-11.fc11 (#511571)
+- -devel: Requires: %%{name}%%_isa ...
+
+* Sun Apr 19 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-11
+- update openssl patch (for 0.9.8k)
+
+* Thu Apr 16 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-10
+- move designer plugins to runtime (#487622)
+- make -apidocs noarch
+
+* Mon Mar 02 2009 Than Ngo <than@redhat.com> - 3.5.10-9
+- enable -apidocs
+
+* Fri Feb 27 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-8
+- disable -apidocs (f11+, #487719)
+- cleanup unused kdeui_symlink hack baggage
+
+* Wed Feb 25 2009 Than Ngo <than@redhat.com> - 3.5.10-7
+- fix files conflicts with 4.2.x
+- fix build issue with gcc-4.4
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Sat Jan 31 2009 Rex Dieter <rdieter@fedoraproject.org> - 6:3.5.10-5
+- unowned dirs (#483318)
+
+* Sat Jan 10 2009 Ville Skyttä <ville.skytta at iki.fi> - 6:3.5.10-4
+- Slight speedup to profile.d/kde.sh (#465370).
+
+* Mon Dec 15 2008 Kevin Kofler <Kevin@tigcc.ticalc.org> 3.5.10-3
+- update the KatePart latex.xml syntax definition to the version from Kile 2.0.3
+
+* Thu Dec 04 2008 Rex Dieter <rdieter@fedoraproject.org> 3.5.10-2
+- omit libkscreensaver (F9+)
+
 * Tue Aug 26 2008 Rex Dieter <rdieter@fedoraproject.org> 3.5.10-1
 - kde-3.5.10