Date: Monday, November 23, 2009 @ 10:11:15
Author: pierre
Revision: 59397
fix CVE-2009-0689
Added:
kdelibs/trunk/CVE-2009-0689.patch
Modified:
kdelibs/trunk/PKGBUILD
---------------------+
CVE-2009-0689.patch | 13 +++++++++++++
PKGBUILD | 11 ++++++++---
2 files changed, 21 insertions(+), 3 deletions(-)
Added: CVE-2009-0689.patch
===================================================================
--- CVE-2009-0689.patch (rev 0)
+++ CVE-2009-0689.patch 2009-11-23 15:11:15 UTC (rev 59397)
@@ -0,0 +1,13 @@
+Index: kjs/dtoa.cpp
+===================================================================
+--- kjs/dtoa.cpp (Revision 1052099)
++++ kjs/dtoa.cpp (Revision 1052100)
+@@ -457,7 +457,7 @@
+ #define FREE_DTOA_LOCK(n) /*nothing*/
+ #endif
+
+-#define Kmax 15
++#define Kmax (sizeof(size_t) << 3)
+
+ struct
+ Bigint {
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2009-11-23 14:23:10 UTC (rev 59396)
+++ PKGBUILD 2009-11-23 15:11:15 UTC (rev 59397)
@@ -3,7 +3,7 @@
pkgname=kdelibs
pkgver=4.3.3
-pkgrel=1
+pkgrel=2
pkgdesc="KDE Core Libraries"
arch=('i686' 'x86_64')
url='http://www.kde.org'
@@ -15,15 +15,20 @@
replaces=('arts')
install='kdelibs.install'
source=(http://download.kde.org/stable/${pkgver}/src/${pkgname}-${pkgver}.tar.bz2
- 'kde-applications-menu.patch' 'archlinux-menu.patch'
'abs-syntax-highlight.patch')
+ 'kde-applications-menu.patch' 'archlinux-menu.patch'
'abs-syntax-highlight.patch'
+ 'CVE-2009-0689.patch')
md5sums=('20fd3793d9d23088ecb1d5aed0254216'
'280f34ee159845f8902c31bd499254fc'
'0f214b222bfb0327e7a2b6fb13756895'
- '18ea42696a7f41332a092d6ead7efc6a')
+ '18ea42696a7f41332a092d6ead7efc6a'
+ 'ec70af24f769f17082a9ab69dc1e24e9')
build() {
cd $srcdir/${pkgname}-${pkgver}
+ # see http://securityreason.com/it_news/0/0x31
+ # will be fixed in 4.3.4
+ patch -p0 -i $srcdir/CVE-2009-0689.patch || return 1
# avoid file conflict with gnome-menu
patch -p1 -i $srcdir/kde-applications-menu.patch
# add Archlinux menu entry
