rpms/kdelibs/devel kdelibs-3.5.6-bz#225420-CVE-2007-0537.patch, NONE, 1.1 kdelibs.spec, 1.200, 1.201
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Feb 5 14:32:16 UTC 2007
- Previous message (by thread): rpms/lcms/devel lcms-1.16-python-lib64.patch, NONE, 1.1 lcms.spec, 1.9, 1.10
- Next message (by thread): rpms/wireshark/devel .cvsignore, 1.10, 1.11 sources, 1.10, 1.11 wireshark.spec, 1.17, 1.18
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: than
Update of /cvs/dist/rpms/kdelibs/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv10985
Modified Files:
kdelibs.spec
Added Files:
kdelibs-3.5.6-bz#225420-CVE-2007-0537.patch
Log Message:
3.5.6
kdelibs-3.5.6-bz#225420-CVE-2007-0537.patch:
htmltokenizer.cpp | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE kdelibs-3.5.6-bz#225420-CVE-2007-0537.patch ---
Index: khtml/html/htmltokenizer.cpp
===================================================================
--- khtml/html/htmltokenizer.cpp (Revision 626790)
+++ khtml/html/htmltokenizer.cpp (Revision 626791)
@@ -316,7 +316,7 @@
while ( !src.isEmpty() ) {
checkScriptBuffer();
unsigned char ch = src->latin1();
- if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && !title && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
+ if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
comment = true;
scriptCode[ scriptCodeSize++ ] = ch;
++src;
@@ -495,7 +495,7 @@
if (canClose || handleBrokenComments || scriptEnd ){
++src;
- if ( !( script || xmp || textarea || style) ) {
+ if ( !( title || script || xmp || textarea || style) ) {
#ifdef COMMENTS_IN_DOM
checkScriptBuffer();
scriptCode[ scriptCodeSize ] = 0;
Index: kdelibs.spec
===================================================================
RCS file: /cvs/dist/rpms/kdelibs/devel/kdelibs.spec,v
retrieving revision 1.200
retrieving revision 1.201
diff -u -r1.200 -r1.201
--- kdelibs.spec 29 Jan 2007 15:57:52 -0000 1.200
+++ kdelibs.spec 5 Feb 2007 14:32:13 -0000 1.201
@@ -8,12 +8,12 @@
%define cups_epoch 1
%define qt_version 3.3.7
-%define arts_version 1.5.5
+%define arts_version 1.5.6
%define kde_major_version 3
%define qtdocdir %{_docdir}/qt-devel-%{qt_version}
-%define make_cvs 1
+%define make_cvs 0
%define arts 1
Version: 3.5.6
@@ -47,6 +47,10 @@
Patch40: kdelibs-3.5.4-kdeprint-utf8.patch
Patch41: kdelibs-3.5.6-utempter.patch
+# security issue
+# CVE-2007-0537
+Patch1000: kdelibs-3.5.6-bz#225420-CVE-2007-0537.patch
+
Requires: arts >= %{arts_epoch}:%{arts_version}
Requires: qt >= %{qt_epoch}:%{qt_version}
Requires: cups-libs >= %{cups_epoch}:1.1.12
@@ -131,6 +135,7 @@
Requires: libacl-devel
Requires: pcre-devel
Requires: libkdnssd-devel
+Requires: libutempter-devel
Obsoletes: kdesupport-devel
@@ -170,6 +175,9 @@
%patch40 -p1 -b .kdeprint-utf8
%patch41 -p1 -b .utempter
+# security
+%patch1000 -p0 -b .bz#225420-CVE-2007-0537
+
perl -pi -e "s,^#define KDE_VERSION_STRING .*,#define KDE_VERSION_STRING \"%{version}-%{release} %{distname}\"," kdecore/kdeversion.h
%build
@@ -385,8 +393,10 @@
%doc %{_docdir}/HTML/en/kdelibs*
%changelog
-* Thu Jan 25 2007 Than Ngo <than at redhat.com> - 6:3.5.5-1.fc7
+* Mon Feb 05 2007 Than Ngo <than at redhat.com> - 6:3.5.5-1.fc7
- 3.5.6
+- apply patch to fix #225420, CVE-2007-0537 Konqueror improper
+ HTML comment rendering, thanks to Dirk Müller, KDE security team
* Tue Nov 14 2006 Than Ngo <than at redhat.com> - 6:3.5.5-1.fc7
- rebuild
- Previous message (by thread): rpms/lcms/devel lcms-1.16-python-lib64.patch, NONE, 1.1 lcms.spec, 1.9, 1.10
- Next message (by thread): rpms/wireshark/devel .cvsignore, 1.10, 1.11 sources, 1.10, 1.11 wireshark.spec, 1.17, 1.18
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list