[arch-commits] Commit in kdelibs/repos/extra-x86_64 (CVE-2009-1725.patch PKGBUILD)

Pierre Schmitz pierre at archlinux.org
Wed Jul 29 10:51:16 UTC 2009 

    Date: Wednesday, July 29, 2009 @ 06:51:15
  Author: pierre
Revision: 47900

backport fix for FS#15706

Added:
  kdelibs/repos/extra-x86_64/CVE-2009-1725.patch
    (from rev 47899, kdelibs/repos/extra-i686/CVE-2009-1725.patch)
Modified:
  kdelibs/repos/extra-x86_64/PKGBUILD

---------------------+
 CVE-2009-1725.patch |   11 +++++++++++
 PKGBUILD            |   10 +++++++---
 2 files changed, 18 insertions(+), 3 deletions(-)

Copied: kdelibs/repos/extra-x86_64/CVE-2009-1725.patch (from rev 47899, kdelibs/repos/extra-i686/CVE-2009-1725.patch)
===================================================================
--- CVE-2009-1725.patch	                        (rev 0)
+++ CVE-2009-1725.patch	2009-07-29 10:51:15 UTC (rev 47900)
@@ -0,0 +1,11 @@
+--- khtml/html/htmltokenizer.cpp	2007/01/24 16:15:54	626791
++++ khtml/html/htmltokenizer.cpp	2009/07/25 09:11:27	1002164
+@@ -736,7 +736,7 @@
+ #ifdef TOKEN_DEBUG
+                 kdDebug( 6036 ) << "unknown entity!" << endl;
+ #endif
+-                checkBuffer(10);
++                checkBuffer(11);
+                 // ignore the sequence, add it to the buffer as plaintext
+                 *dest++ = '&';
+                 for(unsigned int i = 0; i < cBufferPos; i++)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2009-07-29 10:45:32 UTC (rev 47899)
+++ PKGBUILD	2009-07-29 10:51:15 UTC (rev 47900)
@@ -3,7 +3,7 @@
 
 pkgname=kdelibs
 pkgver=4.2.4
-pkgrel=4
+pkgrel=5
 pkgdesc="KDE Core Libraries"
 arch=('i686' 'x86_64')
 url='http://www.kde.org'
@@ -17,11 +17,13 @@
 options=('docs')
 install='kdelibs.install'
 source=("http://download.kde.org/stable/${pkgver}/src/${pkgname}-${pkgver}.tar.bz2"
-        'kde-applications-menu.patch' 'archlinux-menu.patch' 'libjpeg-7.patch')
+        'kde-applications-menu.patch' 'archlinux-menu.patch' 'libjpeg-7.patch'
+        'CVE-2009-1725.patch')
 md5sums=('9ed29086c33bc73256a7fa5268df560b'
          'e94450ba5430ea9c1e33bad9ae38ca2d'
          '0ad42200df2d2b8aab01d2ef4b21e02f'
-         'f1578c3987049ed0610732e6cd5263d9')
+         'f1578c3987049ed0610732e6cd5263d9'
+         '7a6609225d996bdec640fd833bc4169c')
 
 build() {
 	cd $srcdir/${pkgname}-${pkgver}
@@ -33,6 +35,8 @@
 	# fix compatibility with libjpeg-7; see https://bugs.kde.org/show_bug.cgi?id=198779
 	# will be in 4.3.0
 	patch -p0 -i $srcdir/libjpeg-7.patch
+	# see http://bugs.archlinux.org/task/15706
+	patch -p0 -i $srcdir/CVE-2009-1725.patch || return 1
 	cd ..
 	mkdir build
 	cd build

More information about the arch-commits mailing list