summaryrefslogtreecommitdiffstats
path: root/opensuse/core/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch
diff options
context:
space:
mode:
authorRobert Xu <rxu@linux-zdwj.site>2012-02-01 00:31:59 -0500
committerRobert Xu <rxu@linux-zdwj.site>2012-02-01 00:31:59 -0500
commitf599f39717d771b8b7a2aff006cda6c31e8b12da (patch)
treef601e3c0303a193cda6f8c6f956619dda9673c70 /opensuse/core/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch
parentead369ac94473139a2320a1c90cda64dd887b94a (diff)
parent27c9e783c6283f8916ebee3a23c6d1ba909a5126 (diff)
downloadtde-packaging-f599f39717d771b8b7a2aff006cda6c31e8b12da.tar.gz
tde-packaging-f599f39717d771b8b7a2aff006cda6c31e8b12da.zip
Merge branch 'suse'
Diffstat (limited to 'opensuse/core/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch')
-rw-r--r--opensuse/core/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch42
1 files changed, 42 insertions, 0 deletions
diff --git a/opensuse/core/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch b/opensuse/core/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch
new file mode 100644
index 000000000..ab9fea5c2
--- /dev/null
+++ b/opensuse/core/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch
@@ -0,0 +1,42 @@
+diff -ur kdelibs-3.5.10/khtml/css/cssparser.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp
+--- kdelibs-3.5.10/khtml/css/cssparser.cpp 2007-01-15 12:34:04.000000000 +0100
++++ kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp 2009-07-26 05:46:39.000000000 +0200
+@@ -1344,6 +1344,14 @@
+ if ( args->size() != 1)
+ return false;
+ Value *a = args->current();
++ if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
++ isValid=false;
++ break;
++ }
++ if (qString(a->string)[0] == '-') {
++ isValid=false;
++ break;
++ }
+ parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
+ }
+ else
+@@ -1396,7 +1404,8 @@
+
+ CounterImpl *counter = new CounterImpl;
+ Value *i = args->current();
+-// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
++ if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
++ if (qString(i->string)[0] == '-') goto invalid;
+ counter->m_identifier = domString(i->string);
+ if (counters) {
+ i = args->next();
+diff -ur kdelibs-3.5.10/khtml/css/css_valueimpl.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp
+--- kdelibs-3.5.10/khtml/css/css_valueimpl.cpp 2006-07-22 10:16:49.000000000 +0200
++++ kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp 2009-07-26 05:45:36.000000000 +0200
+@@ -736,7 +736,9 @@
+ text = getValueName(m_value.ident);
+ break;
+ case CSSPrimitiveValue::CSS_ATTR:
+- // ###
++ text = "attr(";
++ text += DOMString( m_value.string );
++ text += ")";
+ break;
+ case CSSPrimitiveValue::CSS_COUNTER:
+ text = "counter(";