diff options
| -rw-r--r-- | x11/kdelibs3/Makefile | 4 | ||||
| -rw-r--r-- | x11/kdelibs3/distinfo | 7 | ||||
| -rw-r--r-- | x11/kdelibs3/patches/patch-ar | 15 | ||||
| -rw-r--r-- | x11/kdelibs3/patches/patch-as | 46 |
4 files changed, 66 insertions, 6 deletions
diff --git a/x11/kdelibs3/Makefile b/x11/kdelibs3/Makefile index 6b1509cdb1d..9563b2d094c 100644 --- a/x11/kdelibs3/Makefile +++ b/x11/kdelibs3/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.145 2009/08/31 20:54:26 wiz Exp $ +# $NetBSD: Makefile,v 1.146 2009/12/13 19:43:51 markd Exp $ DISTNAME= kdelibs-${_KDE_VERSION} -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= x11 COMMENT= Support libraries for the KDE integrated X11 desktop diff --git a/x11/kdelibs3/distinfo b/x11/kdelibs3/distinfo index d29509d263e..5f4dcf36106 100644 --- a/x11/kdelibs3/distinfo +++ b/x11/kdelibs3/distinfo @@ -1,11 +1,8 @@ -$NetBSD: distinfo,v 1.97 2009/10/23 07:46:08 tnn Exp $ +$NetBSD: distinfo,v 1.98 2009/12/13 19:43:51 markd Exp $ SHA1 (kdelibs-3.5.10.tar.bz2) = c930a25f4419134def55b8466c3a6f737227fb82 RMD160 (kdelibs-3.5.10.tar.bz2) = 4c960664283c83ebc8e68932ca9044336fcff223 Size (kdelibs-3.5.10.tar.bz2) = 15614607 bytes -SHA1 (post-kde-3.5.5-kinit.diff) = 35147db4d6791e4c98d7cec5e72509547813dd98 -RMD160 (post-kde-3.5.5-kinit.diff) = e5e7dc462c88ad45ac7051261aaec5b83c64d59e -Size (post-kde-3.5.5-kinit.diff) = 3964 bytes SHA1 (patch-aa) = be278f29b743c573b71c7804eff26324e78ed779 SHA1 (patch-ab) = 3a79b3e7fadef1a93a5490b716dace60f3de30a1 SHA1 (patch-ac) = 205f99e8749c32bf445e23f6076dd642c10c8186 @@ -17,6 +14,8 @@ SHA1 (patch-an) = d34a3cc0ac0b92921bcaeb9b05c5b7a99ee3566c SHA1 (patch-ao) = 7ae360b2ee2332ec3017dfd468457f2c1b139308 SHA1 (patch-ap) = 94037230bb3d12549195d52b98ffdd821f94f90d SHA1 (patch-aq) = 18f3885a73cd9169cf4f9c9d97420e639f7fec3c +SHA1 (patch-ar) = 26ccb0c26f9352e6b862037d0a7ffb338057ff98 +SHA1 (patch-as) = 8a6fac19d323f475033ff8e9b8163d9a151483eb SHA1 (patch-bc) = 434a48d290aa9716b8c6e372419460ebd33cf8ea SHA1 (patch-bd) = 852a12b66968595bf1be4538f8ebf88f031592a4 SHA1 (patch-be) = b7c2ed2856565ef3c831046a909e289409199e48 diff --git a/x11/kdelibs3/patches/patch-ar b/x11/kdelibs3/patches/patch-ar new file mode 100644 index 00000000000..5c272a51026 --- /dev/null +++ b/x11/kdelibs3/patches/patch-ar @@ -0,0 +1,15 @@ +$NetBSD: patch-ar,v 1.8 2009/12/13 19:43:51 markd Exp $ + +fix array overrun (CVE-2009-0689) + +--- kjs/dtoa.cpp.orig 2005-09-10 20:27:24.000000000 +1200 ++++ kjs/dtoa.cpp +@@ -487,7 +487,7 @@ extern double rnd_prod(double, double), + #define FREE_DTOA_LOCK(n) /*nothing*/ + #endif + +-#define Kmax 15 ++#define Kmax (sizeof(size_t) << 3) + + struct + Bigint { diff --git a/x11/kdelibs3/patches/patch-as b/x11/kdelibs3/patches/patch-as new file mode 100644 index 00000000000..4c1e5b8dbb0 --- /dev/null +++ b/x11/kdelibs3/patches/patch-as @@ -0,0 +1,46 @@ +$NetBSD: patch-as,v 1.8 2009/12/13 19:43:51 markd Exp $ + +http://www.kde.org/info/security/advisory-20091027-1.txt + +--- khtml/ecma/xmlhttprequest.cpp.orig 2007-10-08 22:52:07.000000000 +1300 ++++ khtml/ecma/xmlhttprequest.cpp +@@ -342,16 +342,16 @@ void XMLHttpRequest::send(const QString& + { + aborted = false; + +- if (method == "post") { +- QString protocol = url.protocol().lower(); ++ const QString protocol = url.protocol().lower(); ++ // Abandon the request when the protocol is other than "http", ++ // instead of blindly doing a KIO::get on other protocols like file:/. ++ if (!protocol.startsWith("http") && !protocol.startsWith("webdav")) ++ { ++ abort(); ++ return; ++ } + +- // Abondon the request when the protocol is other than "http", +- // instead of blindly changing it to a "get" request. +- if (!protocol.startsWith("http") && !protocol.startsWith("webdav")) +- { +- abort(); +- return; +- } ++ if (method == "post") { + + // FIXME: determine post encoding correctly by looking in headers + // for charset. +@@ -763,11 +763,11 @@ Value XMLHttpRequestProtoFunc::tryCall(E + if (obj.isValid() && obj.inherits(&DOMDocument::info)) { + DOM::Node docNode = static_cast<KJS::DOMDocument *>(obj.imp())->toNode(); + DOM::DocumentImpl *doc = static_cast<DOM::DocumentImpl *>(docNode.handle()); +- ++ + try { + body = doc->toString().string(); + // FIXME: also need to set content type, including encoding! +- ++ + } catch(DOM::DOMException& e) { + Object err = Error::create(exec, GeneralError, "Exception serializing document"); + exec->setException(err); |