mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-03 01:23:49 +00:00
Code Issues Releases Activity

Fix khtml/konqueror title XSS vulnerability.

Browse Source 
Security: CVE-2007-0537
This commit is contained in:
Michael Nottebrock 2007-02-06 17:49:02 +00:00
parent fd3e369707
commit 11a2e482b5
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=184393
4 changed files with 48 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
x11/kdelibs3/Makefile
View File

@ -8,8 +8,8 @@
PORTNAME= kdelibs
PORTVERSION= ${KDE_VERSION}
PORTREVISION= 1
CATEGORIES= x11 kde
PORTREVISION= 2
CATEGORIES= x11 kde ipv6
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src
PKGNAMESUFFIX?= # empty
@ -18,6 +18,7 @@ DIST_SUBDIR= KDE
MAINTAINER= kde@FreeBSD.org
COMMENT= Base set of libraries needed by KDE programs
DEPENDS= ${PORTSDIR}/misc/kdehier
BUILD_DEPENDS= mkfontdir:${X_CLIENTS_PORT}
LIB_DEPENDS= IlmImf:${PORTSDIR}/graphics/OpenEXR \
art_lgpl_2.5:${PORTSDIR}/graphics/libart_lgpl \
@ -56,7 +57,7 @@ USE_OPENSSL= yes
USE_QT_VER= 3
PREFIX= ${KDE_PREFIX}
INSTALLS_SHLIB= yes
USE_LDCONFIG= yes
LDCONFIG_DIRS+= %%PREFIX%%/lib %%PREFIX%%/lib/kde3
USE_AUTOTOOLS= libtool:15

20
x11/kdelibs3/files/patch-post-3.5.6-kdelibs.diff Normal file
View File

@ -0,0 +1,20 @@
--- khtml/html/htmltokenizer.cpp
+++ khtml/html/htmltokenizer.cpp
@@ -316,7 +316,7 @@ void HTMLTokenizer::parseSpecial(Tokeniz
while ( !src.isEmpty() ) {
checkScriptBuffer();
unsigned char ch = src->latin1();
- if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && !title && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
+ if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
comment = true;
scriptCode[ scriptCodeSize++ ] = ch;
++src;
@@ -495,7 +495,7 @@ void HTMLTokenizer::parseComment(Tokeniz
if (canClose || handleBrokenComments || scriptEnd ){
++src;
- if ( !( script || xmp || textarea || style) ) {
+ if ( !( title || script || xmp || textarea || style) ) {
#ifdef COMMENTS_IN_DOM
checkScriptBuffer();
scriptCode[ scriptCodeSize ] = 0;

7
x11/kdelibs4/Makefile
View File

@ -8,8 +8,8 @@
PORTNAME= kdelibs
PORTVERSION= ${KDE_VERSION}
PORTREVISION= 1
CATEGORIES= x11 kde
PORTREVISION= 2
CATEGORIES= x11 kde ipv6
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src
PKGNAMESUFFIX?= # empty
@ -18,6 +18,7 @@ DIST_SUBDIR= KDE
MAINTAINER= kde@FreeBSD.org
COMMENT= Base set of libraries needed by KDE programs
DEPENDS= ${PORTSDIR}/misc/kdehier
BUILD_DEPENDS= mkfontdir:${X_CLIENTS_PORT}
LIB_DEPENDS= IlmImf:${PORTSDIR}/graphics/OpenEXR \
art_lgpl_2.5:${PORTSDIR}/graphics/libart_lgpl \
@ -56,7 +57,7 @@ USE_OPENSSL= yes
USE_QT_VER= 3
PREFIX= ${KDE_PREFIX}
INSTALLS_SHLIB= yes
USE_LDCONFIG= yes
LDCONFIG_DIRS+= %%PREFIX%%/lib %%PREFIX%%/lib/kde3
USE_AUTOTOOLS= libtool:15

20
x11/kdelibs4/files/patch-post-3.5.6-kdelibs.diff Normal file
View File

@ -0,0 +1,20 @@
--- khtml/html/htmltokenizer.cpp
+++ khtml/html/htmltokenizer.cpp
@@ -316,7 +316,7 @@ void HTMLTokenizer::parseSpecial(Tokeniz
while ( !src.isEmpty() ) {
checkScriptBuffer();
unsigned char ch = src->latin1();
- if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && !title && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
+ if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
comment = true;
scriptCode[ scriptCodeSize++ ] = ch;
++src;
@@ -495,7 +495,7 @@ void HTMLTokenizer::parseComment(Tokeniz
if (canClose || handleBrokenComments || scriptEnd ){
++src;
- if ( !( script || xmp || textarea || style) ) {
+ if ( !( title || script || xmp || textarea || style) ) {
#ifdef COMMENTS_IN_DOM
checkScriptBuffer();
scriptCode[ scriptCodeSize ] = 0;