Date: Monday, November 23, 2009 @ 10:11:15 Author: pierre Revision: 59397
fix CVE-2009-0689 Added: kdelibs/trunk/CVE-2009-0689.patch Modified: kdelibs/trunk/PKGBUILD ---------------------+ CVE-2009-0689.patch | 13 +++++++++++++ PKGBUILD | 11 ++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) Added: CVE-2009-0689.patch =================================================================== --- CVE-2009-0689.patch (rev 0) +++ CVE-2009-0689.patch 2009-11-23 15:11:15 UTC (rev 59397) @@ -0,0 +1,13 @@ +Index: kjs/dtoa.cpp +=================================================================== +--- kjs/dtoa.cpp (Revision 1052099) ++++ kjs/dtoa.cpp (Revision 1052100) +@@ -457,7 +457,7 @@ + #define FREE_DTOA_LOCK(n) /*nothing*/ + #endif + +-#define Kmax 15 ++#define Kmax (sizeof(size_t) << 3) + + struct + Bigint { Modified: PKGBUILD =================================================================== --- PKGBUILD 2009-11-23 14:23:10 UTC (rev 59396) +++ PKGBUILD 2009-11-23 15:11:15 UTC (rev 59397) @@ -3,7 +3,7 @@ pkgname=kdelibs pkgver=4.3.3 -pkgrel=1 +pkgrel=2 pkgdesc="KDE Core Libraries" arch=('i686' 'x86_64') url='http://www.kde.org' @@ -15,15 +15,20 @@ replaces=('arts') install='kdelibs.install' source=(http://download.kde.org/stable/${pkgver}/src/${pkgname}-${pkgver}.tar.bz2 - 'kde-applications-menu.patch' 'archlinux-menu.patch' 'abs-syntax-highlight.patch') + 'kde-applications-menu.patch' 'archlinux-menu.patch' 'abs-syntax-highlight.patch' + 'CVE-2009-0689.patch') md5sums=('20fd3793d9d23088ecb1d5aed0254216' '280f34ee159845f8902c31bd499254fc' '0f214b222bfb0327e7a2b6fb13756895' - '18ea42696a7f41332a092d6ead7efc6a') + '18ea42696a7f41332a092d6ead7efc6a' + 'ec70af24f769f17082a9ab69dc1e24e9') build() { cd $srcdir/${pkgname}-${pkgver} + # see http://securityreason.com/it_news/0/0x31 + # will be fixed in 4.3.4 + patch -p0 -i $srcdir/CVE-2009-0689.patch || return 1 # avoid file conflict with gnome-menu patch -p1 -i $srcdir/kde-applications-menu.patch # add Archlinux menu entry