pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/kdelibs3 Patches for CVE-2009-0689 and KDE advisor...
details: https://anonhg.NetBSD.org/pkgsrc/rev/52c845aab89a
branches: trunk
changeset: 568455:52c845aab89a
user: markd <markd%pkgsrc.org@localhost>
date: Sun Dec 13 19:43:51 2009 +0000
description:
Patches for CVE-2009-0689 and KDE advisory 20091027.
diffstat:
x11/kdelibs3/Makefile | 4 +-
x11/kdelibs3/distinfo | 7 ++---
x11/kdelibs3/patches/patch-ar | 15 ++++++++++++++
x11/kdelibs3/patches/patch-as | 46 +++++++++++++++++++++++++++++++++++++++++++
4 files changed, 66 insertions(+), 6 deletions(-)
diffs (107 lines):
diff -r 92d45b78a13a -r 52c845aab89a x11/kdelibs3/Makefile
--- a/x11/kdelibs3/Makefile Sun Dec 13 19:39:32 2009 +0000
+++ b/x11/kdelibs3/Makefile Sun Dec 13 19:43:51 2009 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.145 2009/08/31 20:54:26 wiz Exp $
+# $NetBSD: Makefile,v 1.146 2009/12/13 19:43:51 markd Exp $
DISTNAME= kdelibs-${_KDE_VERSION}
-PKGREVISION= 4
+PKGREVISION= 5
CATEGORIES= x11
COMMENT= Support libraries for the KDE integrated X11 desktop
diff -r 92d45b78a13a -r 52c845aab89a x11/kdelibs3/distinfo
--- a/x11/kdelibs3/distinfo Sun Dec 13 19:39:32 2009 +0000
+++ b/x11/kdelibs3/distinfo Sun Dec 13 19:43:51 2009 +0000
@@ -1,11 +1,8 @@
-$NetBSD: distinfo,v 1.97 2009/10/23 07:46:08 tnn Exp $
+$NetBSD: distinfo,v 1.98 2009/12/13 19:43:51 markd Exp $
SHA1 (kdelibs-3.5.10.tar.bz2) = c930a25f4419134def55b8466c3a6f737227fb82
RMD160 (kdelibs-3.5.10.tar.bz2) = 4c960664283c83ebc8e68932ca9044336fcff223
Size (kdelibs-3.5.10.tar.bz2) = 15614607 bytes
-SHA1 (post-kde-3.5.5-kinit.diff) = 35147db4d6791e4c98d7cec5e72509547813dd98
-RMD160 (post-kde-3.5.5-kinit.diff) = e5e7dc462c88ad45ac7051261aaec5b83c64d59e
-Size (post-kde-3.5.5-kinit.diff) = 3964 bytes
SHA1 (patch-aa) = be278f29b743c573b71c7804eff26324e78ed779
SHA1 (patch-ab) = 3a79b3e7fadef1a93a5490b716dace60f3de30a1
SHA1 (patch-ac) = 205f99e8749c32bf445e23f6076dd642c10c8186
@@ -17,6 +14,8 @@
SHA1 (patch-ao) = 7ae360b2ee2332ec3017dfd468457f2c1b139308
SHA1 (patch-ap) = 94037230bb3d12549195d52b98ffdd821f94f90d
SHA1 (patch-aq) = 18f3885a73cd9169cf4f9c9d97420e639f7fec3c
+SHA1 (patch-ar) = 26ccb0c26f9352e6b862037d0a7ffb338057ff98
+SHA1 (patch-as) = 8a6fac19d323f475033ff8e9b8163d9a151483eb
SHA1 (patch-bc) = 434a48d290aa9716b8c6e372419460ebd33cf8ea
SHA1 (patch-bd) = 852a12b66968595bf1be4538f8ebf88f031592a4
SHA1 (patch-be) = b7c2ed2856565ef3c831046a909e289409199e48
diff -r 92d45b78a13a -r 52c845aab89a x11/kdelibs3/patches/patch-ar
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-ar Sun Dec 13 19:43:51 2009 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ar,v 1.8 2009/12/13 19:43:51 markd Exp $
+
+fix array overrun (CVE-2009-0689)
+
+--- kjs/dtoa.cpp.orig 2005-09-10 20:27:24.000000000 +1200
++++ kjs/dtoa.cpp
+@@ -487,7 +487,7 @@ extern double rnd_prod(double, double),
+ #define FREE_DTOA_LOCK(n) /*nothing*/
+ #endif
+
+-#define Kmax 15
++#define Kmax (sizeof(size_t) << 3)
+
+ struct
+ Bigint {
diff -r 92d45b78a13a -r 52c845aab89a x11/kdelibs3/patches/patch-as
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-as Sun Dec 13 19:43:51 2009 +0000
@@ -0,0 +1,46 @@
+$NetBSD: patch-as,v 1.8 2009/12/13 19:43:51 markd Exp $
+
+http://www.kde.org/info/security/advisory-20091027-1.txt
+
+--- khtml/ecma/xmlhttprequest.cpp.orig 2007-10-08 22:52:07.000000000 +1300
++++ khtml/ecma/xmlhttprequest.cpp
+@@ -342,16 +342,16 @@ void XMLHttpRequest::send(const QString&
+ {
+ aborted = false;
+
+- if (method == "post") {
+- QString protocol = url.protocol().lower();
++ const QString protocol = url.protocol().lower();
++ // Abandon the request when the protocol is other than "http",
++ // instead of blindly doing a KIO::get on other protocols like file:/.
++ if (!protocol.startsWith("http") && !protocol.startsWith("webdav"))
++ {
++ abort();
++ return;
++ }
+
+- // Abondon the request when the protocol is other than "http",
+- // instead of blindly changing it to a "get" request.
+- if (!protocol.startsWith("http") && !protocol.startsWith("webdav"))
+- {
+- abort();
+- return;
+- }
++ if (method == "post") {
+
+ // FIXME: determine post encoding correctly by looking in headers
+ // for charset.
+@@ -763,11 +763,11 @@ Value XMLHttpRequestProtoFunc::tryCall(E
+ if (obj.isValid() && obj.inherits(&DOMDocument::info)) {
+ DOM::Node docNode = static_cast<KJS::DOMDocument *>(obj.imp())->toNode();
+ DOM::DocumentImpl *doc = static_cast<DOM::DocumentImpl *>(docNode.handle());
+-
++
+ try {
+ body = doc->toString().string();
+ // FIXME: also need to set content type, including encoding!
+-
++
+ } catch(DOM::DOMException& e) {
+ Object err = Error::create(exec, GeneralError, "Exception serializing document");
+ exec->setException(err);
Home |
Main Index |
Thread Index |
Old Index