rev 5796 - in branches/etch/packages/kdelibs/debian: . patches
Sune Vuorela
pusling-guest at alioth.debian.org
Thu Mar 29 22:39:37 CET 2007
Author: pusling-guest
Date: 2007-03-29 21:39:36 +0000 (Thu, 29 Mar 2007)
New Revision: 5796
Added:
branches/etch/packages/kdelibs/debian/patches/47_kdelibs-kjs-utf8-parsing.diff
Modified:
branches/etch/packages/kdelibs/debian/changelog
Log:
add patch to fix utf-8 parsing vulnerability in kdelibs/kjs
Modified: branches/etch/packages/kdelibs/debian/changelog
===================================================================
--- branches/etch/packages/kdelibs/debian/changelog 2007-03-29 21:36:24 UTC (rev 5795)
+++ branches/etch/packages/kdelibs/debian/changelog 2007-03-29 21:39:36 UTC (rev 5796)
@@ -1,3 +1,10 @@
+kdelibs (4:3.5.5a.dfsg.1-8) unstable; urgency=high
+
+ * Add patch to fix utf8-parsing vulnerability.
+ * Urgency high due to security fix
+
+ -- Sune Vuorela <debian at pusling.com> Thu, 29 Mar 2007 21:19:35 +0200
+
kdelibs (4:3.5.5a.dfsg.1-7) unstable; urgency=high
* Add patch 46_CVE-2007-1564-kdelibs-3.5.6.diff: untrusted sites that allow
Added: branches/etch/packages/kdelibs/debian/patches/47_kdelibs-kjs-utf8-parsing.diff
===================================================================
--- branches/etch/packages/kdelibs/debian/patches/47_kdelibs-kjs-utf8-parsing.diff 2007-03-29 21:36:24 UTC (rev 5795)
+++ branches/etch/packages/kdelibs/debian/patches/47_kdelibs-kjs-utf8-parsing.diff 2007-03-29 21:39:36 UTC (rev 5796)
@@ -0,0 +1,38 @@
+------------------------------------------------------------------------
+r645387 | porten | 2007-03-22 15:01:13 +0100 (Thu, 22 Mar 2007) | 4 lines
+
+substitute some of the invalid sequences with the standard replacement
+char. this matches Mozilla but not IE which leaves them unchanged (or
+throws an exception)
+
+------------------------------------------------------------------------
+--- kjs/function.cpp
++++ kjs/function.cpp
+@@ -244,11 +244,15 @@ UString decodeURI(ExecState *exec, UStri
+ }
+
+ // UTF-8 transform
++ const unsigned long replacementChar = 0xFFFD;
+ unsigned long V;
+ if (n == 2) {
+ unsigned long yyyyy = octets[0] & 0x1F;
+ unsigned long zzzzzz = octets[1] & 0x3F;
+ V = (yyyyy << 6) | zzzzzz;
++ // 2-byte sequence overlong for this value?
++ if (V < 0xFF)
++ V = replacementChar;
+ C = UChar((unsigned short)V);
+ }
+ else if (n == 3) {
+@@ -256,6 +260,11 @@ UString decodeURI(ExecState *exec, UStri
+ unsigned long yyyyyy = octets[1] & 0x3F;
+ unsigned long zzzzzz = octets[2] & 0x3F;
+ V = (xxxx << 12) | (yyyyyy << 6) | zzzzzz;
++ // 3-byte sequence overlong for this value,
++ // an invalid value or UTF-16 surrogate?
++ if (V < 0x800 || V == 0xFFFE || V == 0xFFFF ||
++ (V >= 0xD800 && V <= 0xDFFF))
++ V = replacementChar;
+ C = UChar((unsigned short)V);
+ }
+ else {
More information about the pkg-kde-commits
mailing list