kdelibs - security fix CVE-2007-0537

(cherry picked from commit 10f41fb0f354cff21c774b21e32ea79925a3170a)

5 files changed, 48 insertions, 7 deletions

diff --git a/kde-core/kdelibs/DEPENDS b/kde-core/kdelibs/DEPENDS
index c6fed76af8..1ff2284ff1 100755
--- a/kde-core/kdelibs/DEPENDS
+++ b/kde-core/kdelibs/DEPENDS
@@ -14,9 +14,19 @@ fi  &&
 
 source  $SECTION_DIRECTORY/KDE_DEPENDS  &&
 
+optional_depends  jasper                     \
+                  '--with-jasper'            \
+                  '--without-jasper'         \
+                  'jasper (jpeg2k) support'  &&
+
+optional_depends  lua                        \
+                  '--with-lua'               \
+                  '--without-lua'            \
+                  'use Lua libraries'        &&
+
 optional_depends  libart_lgpl                \
-                  ''                         \
-                  ''                         \
+                  '--with-libart'            \
+                  '--without-libart'         \
                   'to enable SVG rendering'  &&
 
 optional_depends  tiff                     \
@@ -70,8 +80,8 @@ optional_depends  krb5                         \
                   'for GSSAPI authentication'  &&
 
 optional_depends  openexr                                       \
-                  ''                                            \
-                  ''                                            \
+                  '--with-openexr'                     \
+                  '--without-openexr'                                            \
                   'for High Dynamic-Range (HDR) image support'  &&
 
 optional_depends  aspell                               \
@@ -85,8 +95,8 @@ optional_depends  doxygen                  \
                   'for API documentation'  &&
 
 optional_depends  libidn                                   \
-                  ''                                       \
-                  ''                                       \
+                  '--with-libidn'                          \
+                  '--without-libidn'                       \
                   'for International Domain Name support'  &&
 
 optional_depends  libntlm                           \
diff --git a/kde-core/kdelibs/DETAILS b/kde-core/kdelibs/DETAILS
index 51b838c5cd..2fc3b834df 100755
--- a/kde-core/kdelibs/DETAILS
+++ b/kde-core/kdelibs/DETAILS
@@ -8,7 +8,7 @@ SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL-$VERSION
    SOURCE_URL[0]=$KDE_URL/stable/${VERSION//.0/}/src/$SOURCE
         WEB_SITE=http://www.kde.org
          ENTERED=20020912
-  SECURITY_PATCH=1
+  SECURITY_PATCH=2
       LICENSE[0]=GPL
         KEYWORDS="kde"
            SHORT="Base applications that form the core of KDE."
diff --git a/kde-core/kdelibs/HISTORY b/kde-core/kdelibs/HISTORY
index 16049214d1..f5b558d6d4 100644
--- a/kde-core/kdelibs/HISTORY
+++ b/kde-core/kdelibs/HISTORY
@@ -1,3 +1,11 @@
+2007-03-08 Treeve Jelbert <treeve01@pi.be>
+	* DETAILS: SECURITY_PATCH
+	* PRE_BUILD, post-3.5.6-kdelibs.diff:add
+	  security fix  CVE-2007-0537
+	  URL: http://www.kde.org/info/security/advisory-20070206-1.txt
+	* DEPENDS: add some explicit with/without options
+	  add optional jasper
+
 2007-01-26 Jaka Kranjc <lynxlynxlynx@sourcemage.org>
 	* DETAILS: updated spell to 3.5.6
 
diff --git a/kde-core/kdelibs/PRE_BUILD b/kde-core/kdelibs/PRE_BUILD
new file mode 100755
index 0000000000..13e482626d
--- /dev/null
+++ b/kde-core/kdelibs/PRE_BUILD
@@ -0,0 +1,3 @@
+default_pre_build      &&
+cd $SOURCE_DIRECTORY   &&
+patch  -p0 < $SPELL_DIRECTORY/post-3.5.6-kdelibs.diff
diff --git a/kde-core/kdelibs/post-3.5.6-kdelibs.diff b/kde-core/kdelibs/post-3.5.6-kdelibs.diff
new file mode 100644
index 0000000000..5b44a47ef7
--- /dev/null
+++ b/kde-core/kdelibs/post-3.5.6-kdelibs.diff
@@ -0,0 +1,20 @@
+--- khtml/html/htmltokenizer.cpp
++++ khtml/html/htmltokenizer.cpp
+@@ -316,7 +316,7 @@ void HTMLTokenizer::parseSpecial(Tokeniz
+     while ( !src.isEmpty() ) {
+         checkScriptBuffer();
+         unsigned char ch = src->latin1();
+-        if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && !title && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
++        if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
+             comment = true;
+             scriptCode[ scriptCodeSize++ ] = ch;
+             ++src;
+@@ -495,7 +495,7 @@ void HTMLTokenizer::parseComment(Tokeniz
+ 
+             if (canClose || handleBrokenComments || scriptEnd ){
+                 ++src;
+-                if ( !( script || xmp || textarea || style) ) {
++                if ( !( title || script || xmp || textarea || style) ) {
+ #ifdef COMMENTS_IN_DOM
+                     checkScriptBuffer();
+                     scriptCode[ scriptCodeSize ] = 0;