diff options
author | Treeve Jelbert | 2007-03-11 10:46:42 +0100 |
---|---|---|
committer | Jaka Kranjc | 2007-03-11 16:26:46 +0100 |
commit | deef7fcfbf531dcc585c05b22497dd871e79b687 (patch) | |
tree | a983162f820fcb1b79425b21ed98cdd63f42ff8e | |
parent | 178784edcfde7f8484a94b1c932c9e52c1cda2fb (diff) |
kdelibs - security fix CVE-2007-0537
(cherry picked from commit 10f41fb0f354cff21c774b21e32ea79925a3170a)
-rwxr-xr-x | kde-core/kdelibs/DEPENDS | 22 | ||||
-rwxr-xr-x | kde-core/kdelibs/DETAILS | 2 | ||||
-rw-r--r-- | kde-core/kdelibs/HISTORY | 8 | ||||
-rwxr-xr-x | kde-core/kdelibs/PRE_BUILD | 3 | ||||
-rw-r--r-- | kde-core/kdelibs/post-3.5.6-kdelibs.diff | 20 |
5 files changed, 48 insertions, 7 deletions
diff --git a/kde-core/kdelibs/DEPENDS b/kde-core/kdelibs/DEPENDS index c6fed76af8..1ff2284ff1 100755 --- a/kde-core/kdelibs/DEPENDS +++ b/kde-core/kdelibs/DEPENDS @@ -14,9 +14,19 @@ fi && source $SECTION_DIRECTORY/KDE_DEPENDS && +optional_depends jasper \ + '--with-jasper' \ + '--without-jasper' \ + 'jasper (jpeg2k) support' && + +optional_depends lua \ + '--with-lua' \ + '--without-lua' \ + 'use Lua libraries' && + optional_depends libart_lgpl \ - '' \ - '' \ + '--with-libart' \ + '--without-libart' \ 'to enable SVG rendering' && optional_depends tiff \ @@ -70,8 +80,8 @@ optional_depends krb5 \ 'for GSSAPI authentication' && optional_depends openexr \ - '' \ - '' \ + '--with-openexr' \ + '--without-openexr' \ 'for High Dynamic-Range (HDR) image support' && optional_depends aspell \ @@ -85,8 +95,8 @@ optional_depends doxygen \ 'for API documentation' && optional_depends libidn \ - '' \ - '' \ + '--with-libidn' \ + '--without-libidn' \ 'for International Domain Name support' && optional_depends libntlm \ diff --git a/kde-core/kdelibs/DETAILS b/kde-core/kdelibs/DETAILS index 51b838c5cd..2fc3b834df 100755 --- a/kde-core/kdelibs/DETAILS +++ b/kde-core/kdelibs/DETAILS @@ -8,7 +8,7 @@ SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL-$VERSION SOURCE_URL[0]=$KDE_URL/stable/${VERSION//.0/}/src/$SOURCE WEB_SITE=http://www.kde.org ENTERED=20020912 - SECURITY_PATCH=1 + SECURITY_PATCH=2 LICENSE[0]=GPL KEYWORDS="kde" SHORT="Base applications that form the core of KDE." diff --git a/kde-core/kdelibs/HISTORY b/kde-core/kdelibs/HISTORY index 16049214d1..f5b558d6d4 100644 --- a/kde-core/kdelibs/HISTORY +++ b/kde-core/kdelibs/HISTORY @@ -1,3 +1,11 @@ +2007-03-08 Treeve Jelbert <treeve01@pi.be> + * DETAILS: SECURITY_PATCH + * PRE_BUILD, post-3.5.6-kdelibs.diff:add + security fix CVE-2007-0537 + URL: http://www.kde.org/info/security/advisory-20070206-1.txt + * DEPENDS: add some explicit with/without options + add optional jasper + 2007-01-26 Jaka Kranjc <lynxlynxlynx@sourcemage.org> * DETAILS: updated spell to 3.5.6 diff --git a/kde-core/kdelibs/PRE_BUILD b/kde-core/kdelibs/PRE_BUILD new file mode 100755 index 0000000000..13e482626d --- /dev/null +++ b/kde-core/kdelibs/PRE_BUILD @@ -0,0 +1,3 @@ +default_pre_build && +cd $SOURCE_DIRECTORY && +patch -p0 < $SPELL_DIRECTORY/post-3.5.6-kdelibs.diff diff --git a/kde-core/kdelibs/post-3.5.6-kdelibs.diff b/kde-core/kdelibs/post-3.5.6-kdelibs.diff new file mode 100644 index 0000000000..5b44a47ef7 --- /dev/null +++ b/kde-core/kdelibs/post-3.5.6-kdelibs.diff @@ -0,0 +1,20 @@ +--- khtml/html/htmltokenizer.cpp ++++ khtml/html/htmltokenizer.cpp +@@ -316,7 +316,7 @@ void HTMLTokenizer::parseSpecial(Tokeniz + while ( !src.isEmpty() ) { + checkScriptBuffer(); + unsigned char ch = src->latin1(); +- if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && !title && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) { ++ if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) { + comment = true; + scriptCode[ scriptCodeSize++ ] = ch; + ++src; +@@ -495,7 +495,7 @@ void HTMLTokenizer::parseComment(Tokeniz + + if (canClose || handleBrokenComments || scriptEnd ){ + ++src; +- if ( !( script || xmp || textarea || style) ) { ++ if ( !( title || script || xmp || textarea || style) ) { + #ifdef COMMENTS_IN_DOM + checkScriptBuffer(); + scriptCode[ scriptCodeSize ] = 0; |