Merge branch 'master' of http://scm.trinitydesktop.org/scm/git/tde-packaging

author: Timothy Pearson <kb9vqf@pearsoncomputing.net> 2011-08-13 12:21:22 -0500
committer: Timothy Pearson <kb9vqf@pearsoncomputing.net> 2011-08-13 12:21:22 -0500
commit: f65bcb8326e06816d7dc49e58bda120182dbbcd6 (patch)
tree: 4e7fef001fc523929450778d10c86b41e6e32eda /opensuse/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch
parent: 131df957b41b4683571b1e36e6fed9d614d32356 (diff)
parent: fa41f32b69994ecd75b7359fa2df08ea5a3480ab (diff)
download: tde-packaging-f65bcb8326e06816d7dc49e58bda120182dbbcd6.tar.gz
tde-packaging-f65bcb8326e06816d7dc49e58bda120182dbbcd6.zip
1 files changed, 42 insertions, 0 deletions
diff --git a/opensuse/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch b/opensuse/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch
new file mode 100644
index 000000000..ab9fea5c2
--- /dev/null
+++ b/opensuse/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch
@@ -0,0 +1,42 @@
+diff -ur kdelibs-3.5.10/khtml/css/cssparser.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp
+--- kdelibs-3.5.10/khtml/css/cssparser.cpp	2007-01-15 12:34:04.000000000 +0100
++++ kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp	2009-07-26 05:46:39.000000000 +0200
+@@ -1344,6 +1344,14 @@
+                 if ( args->size() != 1)
+                     return false;
+                 Value *a = args->current();
++                if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
++                    isValid=false;
++                    break;
++                }
++                if (qString(a->string)[0] == '-') {
++                    isValid=false;
++                    break;
++                }
+                 parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
+             }
+             else
+@@ -1396,7 +1404,8 @@
+ 
+     CounterImpl *counter = new CounterImpl;
+     Value *i = args->current();
+-//    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
++    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
++    if (qString(i->string)[0] == '-') goto invalid;
+     counter->m_identifier = domString(i->string);
+     if (counters) {
+         i = args->next();
+diff -ur kdelibs-3.5.10/khtml/css/css_valueimpl.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp
+--- kdelibs-3.5.10/khtml/css/css_valueimpl.cpp	2006-07-22 10:16:49.000000000 +0200
++++ kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp	2009-07-26 05:45:36.000000000 +0200
+@@ -736,7 +736,9 @@
+ 	    text = getValueName(m_value.ident);
+ 	    break;
+ 	case CSSPrimitiveValue::CSS_ATTR:
+-	    // ###
++            text = "attr(";
++            text += DOMString( m_value.string );
++            text += ")";
+ 	    break;
+ 	case CSSPrimitiveValue::CSS_COUNTER:
+             text = "counter(";
author	Timothy Pearson <kb9vqf@pearsoncomputing.net>	2011-08-13 12:21:22 -0500
committer	Timothy Pearson <kb9vqf@pearsoncomputing.net>	2011-08-13 12:21:22 -0500
commit	f65bcb8326e06816d7dc49e58bda120182dbbcd6 (patch)
tree	4e7fef001fc523929450778d10c86b41e6e32eda /opensuse/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch
parent	131df957b41b4683571b1e36e6fed9d614d32356 (diff)
parent	fa41f32b69994ecd75b7359fa2df08ea5a3480ab (diff)
download	tde-packaging-f65bcb8326e06816d7dc49e58bda120182dbbcd6.tar.gz tde-packaging-f65bcb8326e06816d7dc49e58bda120182dbbcd6.zip