[arch-commits] Commit in kdelibs/trunk (CVE-2009-0689.patch PKGBUILD)

Pierre Schmitz pierre at archlinux.org
Mon Nov 23 10:11:15 EST 2009


    Date: Monday, November 23, 2009 @ 10:11:15
  Author: pierre
Revision: 59397

fix CVE-2009-0689

Added:
  kdelibs/trunk/CVE-2009-0689.patch
Modified:
  kdelibs/trunk/PKGBUILD

---------------------+
 CVE-2009-0689.patch |   13 +++++++++++++
 PKGBUILD            |   11 ++++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)

Added: CVE-2009-0689.patch
===================================================================
--- CVE-2009-0689.patch	                        (rev 0)
+++ CVE-2009-0689.patch	2009-11-23 15:11:15 UTC (rev 59397)
@@ -0,0 +1,13 @@
+Index: kjs/dtoa.cpp
+===================================================================
+--- kjs/dtoa.cpp	(Revision 1052099)
++++ kjs/dtoa.cpp	(Revision 1052100)
+@@ -457,7 +457,7 @@
+ #define FREE_DTOA_LOCK(n)	/*nothing*/
+ #endif
+ 
+-#define Kmax 15
++#define Kmax (sizeof(size_t) << 3)
+ 
+  struct
+ Bigint {

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2009-11-23 14:23:10 UTC (rev 59396)
+++ PKGBUILD	2009-11-23 15:11:15 UTC (rev 59397)
@@ -3,7 +3,7 @@
 
 pkgname=kdelibs
 pkgver=4.3.3
-pkgrel=1
+pkgrel=2
 pkgdesc="KDE Core Libraries"
 arch=('i686' 'x86_64')
 url='http://www.kde.org'
@@ -15,15 +15,20 @@
 replaces=('arts')
 install='kdelibs.install'
 source=(http://download.kde.org/stable/${pkgver}/src/${pkgname}-${pkgver}.tar.bz2
-        'kde-applications-menu.patch' 'archlinux-menu.patch' 'abs-syntax-highlight.patch')
+        'kde-applications-menu.patch' 'archlinux-menu.patch' 'abs-syntax-highlight.patch'
+        'CVE-2009-0689.patch')
 md5sums=('20fd3793d9d23088ecb1d5aed0254216'
          '280f34ee159845f8902c31bd499254fc'
          '0f214b222bfb0327e7a2b6fb13756895'
-         '18ea42696a7f41332a092d6ead7efc6a')
+         '18ea42696a7f41332a092d6ead7efc6a'
+         'ec70af24f769f17082a9ab69dc1e24e9')
 
 build() {
 	cd $srcdir/${pkgname}-${pkgver}
 
+	# see http://securityreason.com/it_news/0/0x31
+	# will be fixed in 4.3.4
+	patch -p0 -i $srcdir/CVE-2009-0689.patch || return 1
 	# avoid file conflict with gnome-menu
 	patch -p1 -i $srcdir/kde-applications-menu.patch
 	# add Archlinux menu entry



More information about the arch-commits mailing list