better late than never, hm...

author: Robert Xu <robxu9@gmail.com> 2012-03-31 14:28:06 -0400
committer: Robert Xu <robxu9@gmail.com> 2012-03-31 14:28:06 -0400
commit: 59dd46ef985a719579132efa6a9aa49bfeeae112 (patch)
tree: 93d8c721ff263e67aaf59e364496862872ded8fb /opensuse/core/tdelibs.old/kdelibs-3.5.10-cve-2009-1698.patch
parent: c141f0bc29b6e2eeda5ca08a043d26546a1427f9 (diff)
download: tde-packaging-59dd46ef985a719579132efa6a9aa49bfeeae112.tar.gz
tde-packaging-59dd46ef985a719579132efa6a9aa49bfeeae112.zip
1 files changed, 42 insertions, 0 deletions
diff --git a/opensuse/core/tdelibs.old/kdelibs-3.5.10-cve-2009-1698.patch b/opensuse/core/tdelibs.old/kdelibs-3.5.10-cve-2009-1698.patch
new file mode 100644
index 000000000..ab9fea5c2
--- /dev/null
+++ b/opensuse/core/tdelibs.old/kdelibs-3.5.10-cve-2009-1698.patch
@@ -0,0 +1,42 @@
+diff -ur kdelibs-3.5.10/khtml/css/cssparser.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp
+--- kdelibs-3.5.10/khtml/css/cssparser.cpp	2007-01-15 12:34:04.000000000 +0100
++++ kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp	2009-07-26 05:46:39.000000000 +0200
+@@ -1344,6 +1344,14 @@
+                 if ( args->size() != 1)
+                     return false;
+                 Value *a = args->current();
++                if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
++                    isValid=false;
++                    break;
++                }
++                if (qString(a->string)[0] == '-') {
++                    isValid=false;
++                    break;
++                }
+                 parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
+             }
+             else
+@@ -1396,7 +1404,8 @@
+ 
+     CounterImpl *counter = new CounterImpl;
+     Value *i = args->current();
+-//    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
++    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
++    if (qString(i->string)[0] == '-') goto invalid;
+     counter->m_identifier = domString(i->string);
+     if (counters) {
+         i = args->next();
+diff -ur kdelibs-3.5.10/khtml/css/css_valueimpl.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp
+--- kdelibs-3.5.10/khtml/css/css_valueimpl.cpp	2006-07-22 10:16:49.000000000 +0200
++++ kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp	2009-07-26 05:45:36.000000000 +0200
+@@ -736,7 +736,9 @@
+ 	    text = getValueName(m_value.ident);
+ 	    break;
+ 	case CSSPrimitiveValue::CSS_ATTR:
+-	    // ###
++            text = "attr(";
++            text += DOMString( m_value.string );
++            text += ")";
+ 	    break;
+ 	case CSSPrimitiveValue::CSS_COUNTER:
+             text = "counter(";
author	Robert Xu <robxu9@gmail.com>	2012-03-31 14:28:06 -0400
committer	Robert Xu <robxu9@gmail.com>	2012-03-31 14:28:06 -0400
commit	59dd46ef985a719579132efa6a9aa49bfeeae112 (patch)
tree	93d8c721ff263e67aaf59e364496862872ded8fb /opensuse/core/tdelibs.old/kdelibs-3.5.10-cve-2009-1698.patch
parent	c141f0bc29b6e2eeda5ca08a043d26546a1427f9 (diff)
download	tde-packaging-59dd46ef985a719579132efa6a9aa49bfeeae112.tar.gz tde-packaging-59dd46ef985a719579132efa6a9aa49bfeeae112.zip