jreznik pushed to kdelibs3 (epel7). "Rebase CVE-2009-1698 patch."
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu Apr 2 15:35:08 UTC 2015
>From 5e929decd1b40178bdb35f2c82bcc38411ffcc10 Mon Sep 17 00:00:00 2001
From: Kevin Kofler <kkofler at fedoraproject.org>
Date: Sun, 26 Jul 2009 03:49:33 +0000
Subject: Rebase CVE-2009-1698 patch.
diff --git a/kdelibs-3.5.10-cve-2009-1698.patch b/kdelibs-3.5.10-cve-2009-1698.patch
new file mode 100644
index 0000000..ab9fea5
--- /dev/null
+++ b/kdelibs-3.5.10-cve-2009-1698.patch
@@ -0,0 +1,42 @@
+diff -ur kdelibs-3.5.10/khtml/css/cssparser.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp
+--- kdelibs-3.5.10/khtml/css/cssparser.cpp 2007-01-15 12:34:04.000000000 +0100
++++ kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp 2009-07-26 05:46:39.000000000 +0200
+@@ -1344,6 +1344,14 @@
+ if ( args->size() != 1)
+ return false;
+ Value *a = args->current();
++ if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
++ isValid=false;
++ break;
++ }
++ if (qString(a->string)[0] == '-') {
++ isValid=false;
++ break;
++ }
+ parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
+ }
+ else
+@@ -1396,7 +1404,8 @@
+
+ CounterImpl *counter = new CounterImpl;
+ Value *i = args->current();
+-// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
++ if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
++ if (qString(i->string)[0] == '-') goto invalid;
+ counter->m_identifier = domString(i->string);
+ if (counters) {
+ i = args->next();
+diff -ur kdelibs-3.5.10/khtml/css/css_valueimpl.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp
+--- kdelibs-3.5.10/khtml/css/css_valueimpl.cpp 2006-07-22 10:16:49.000000000 +0200
++++ kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp 2009-07-26 05:45:36.000000000 +0200
+@@ -736,7 +736,9 @@
+ text = getValueName(m_value.ident);
+ break;
+ case CSSPrimitiveValue::CSS_ATTR:
+- // ###
++ text = "attr(";
++ text += DOMString( m_value.string );
++ text += ")";
+ break;
+ case CSSPrimitiveValue::CSS_COUNTER:
+ text = "counter(";
diff --git a/kdelibs-3.5.4-CVE-2009-1698.patch b/kdelibs-3.5.4-CVE-2009-1698.patch
deleted file mode 100644
index 171f2e3..0000000
--- a/kdelibs-3.5.4-CVE-2009-1698.patch
+++ /dev/null
@@ -1,57 +0,0 @@
---- kdelibs-3.5.4/khtml/css/css_valueimpl.cpp.CVE-2009-1698 2009-06-18 10:59:23.000000000 +0200
-+++ kdelibs-3.5.4/khtml/css/css_valueimpl.cpp 2009-06-18 12:53:44.000000000 +0200
-@@ -736,7 +736,9 @@
- text = getValueName(m_value.ident);
- break;
- case CSSPrimitiveValue::CSS_ATTR:
-- // ###
-+ text = "attr(";
-+ text += DOMString( m_value.string );
-+ text += ")";
- break;
- case CSSPrimitiveValue::CSS_COUNTER:
- text = "counter(";
---- kdelibs-3.5.4/khtml/css/cssparser.cpp.CVE-2009-1698 2009-06-18 10:37:13.000000000 +0200
-+++ kdelibs-3.5.4/khtml/css/cssparser.cpp 2009-06-23 13:05:20.000000000 +0200
-@@ -1318,6 +1318,7 @@
-
- Value *val;
- CSSValueImpl *parsedValue = 0;
-+ bool valid = true;
- while ( (val = valueList->current()) ) {
- if ( val->unit == CSSPrimitiveValue::CSS_URI ) {
- // url
-@@ -1336,6 +1337,14 @@
- if ( args->size() != 1)
- return false;
- Value *a = args->current();
-+ if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
-+ valid=false;
-+ break;
-+ }
-+ if (qString(a->string)[0] == '-') {
-+ valid=false;
-+ break;
-+ }
- parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
- }
- else
-@@ -1367,7 +1376,7 @@
- break;
- valueList->next();
- }
-- if ( values->length() ) {
-+ if ( valid && values->length() ) {
- addProperty( propId, values, important );
- valueList->next();
- return true;
-@@ -1384,7 +1393,8 @@
-
- CounterImpl *counter = new CounterImpl;
- Value *i = args->current();
--// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
-+ if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
-+ if (qString(i->string)[0] == '-') goto invalid;
- counter->m_identifier = domString(i->string);
- if (counters) {
- i = args->next();
diff --git a/kdelibs3.spec b/kdelibs3.spec
index 6a46930..4dd736e 100644
--- a/kdelibs3.spec
+++ b/kdelibs3.spec
@@ -107,7 +107,7 @@ Patch202: kdelibs-3.5.4-CVE-2009-1687.patch
# fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?)
Patch203: kdelibs-3.5.4-CVE-2009-1690.patch
# fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
-Patch204: kdelibs-3.5.4-CVE-2009-1698.patch
+Patch204: kdelibs-3.5.10-cve-2009-1698.patch
#{?arts:Requires: arts >= %{arts_ev}}
#Requires: %{qt3} >= %{qt3_ev}
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/kdelibs3.git/commit/?h=epel7&id=5e929decd1b40178bdb35f2c82bcc38411ffcc10
More information about the scm-commits
mailing list