rev 5796 - in branches/etch/packages/kdelibs/debian: . patches

Sune Vuorela pusling-guest at alioth.debian.org
Thu Mar 29 22:39:37 CET 2007 

Author: pusling-guest
Date: 2007-03-29 21:39:36 +0000 (Thu, 29 Mar 2007)
New Revision: 5796

Added:
   branches/etch/packages/kdelibs/debian/patches/47_kdelibs-kjs-utf8-parsing.diff
Modified:
   branches/etch/packages/kdelibs/debian/changelog
Log:
add patch to fix utf-8 parsing vulnerability in kdelibs/kjs


Modified: branches/etch/packages/kdelibs/debian/changelog
===================================================================
--- branches/etch/packages/kdelibs/debian/changelog	2007-03-29 21:36:24 UTC (rev 5795)
+++ branches/etch/packages/kdelibs/debian/changelog	2007-03-29 21:39:36 UTC (rev 5796)
@@ -1,3 +1,10 @@
+kdelibs (4:3.5.5a.dfsg.1-8) unstable; urgency=high
+
+  * Add patch to fix utf8-parsing vulnerability.
+  * Urgency high due to security fix
+
+ -- Sune Vuorela <debian at pusling.com>  Thu, 29 Mar 2007 21:19:35 +0200
+
 kdelibs (4:3.5.5a.dfsg.1-7) unstable; urgency=high
 
   * Add patch 46_CVE-2007-1564-kdelibs-3.5.6.diff: untrusted sites that allow 

Added: branches/etch/packages/kdelibs/debian/patches/47_kdelibs-kjs-utf8-parsing.diff
===================================================================
--- branches/etch/packages/kdelibs/debian/patches/47_kdelibs-kjs-utf8-parsing.diff	2007-03-29 21:36:24 UTC (rev 5795)
+++ branches/etch/packages/kdelibs/debian/patches/47_kdelibs-kjs-utf8-parsing.diff	2007-03-29 21:39:36 UTC (rev 5796)
@@ -0,0 +1,38 @@
+------------------------------------------------------------------------
+r645387 | porten | 2007-03-22 15:01:13 +0100 (Thu, 22 Mar 2007) | 4 lines
+
+substitute some of the invalid sequences with the standard replacement
+char. this matches Mozilla but not IE which leaves them unchanged (or
+throws an exception)
+
+------------------------------------------------------------------------
+--- kjs/function.cpp
++++ kjs/function.cpp
+@@ -244,11 +244,15 @@ UString decodeURI(ExecState *exec, UStri
+       }
+ 
+       // UTF-8 transform
++      const unsigned long replacementChar = 0xFFFD;
+       unsigned long V;
+       if (n == 2) {
+ 	unsigned long yyyyy = octets[0] & 0x1F;
+ 	unsigned long zzzzzz = octets[1] & 0x3F;
+ 	V = (yyyyy << 6) | zzzzzz;
++	// 2-byte sequence overlong for this value?
++	if (V < 0xFF)
++	  V = replacementChar;
+ 	C = UChar((unsigned short)V);
+       }
+       else if (n == 3) {
+@@ -256,6 +260,11 @@ UString decodeURI(ExecState *exec, UStri
+ 	unsigned long yyyyyy = octets[1] & 0x3F;
+ 	unsigned long zzzzzz = octets[2] & 0x3F;
+ 	V = (xxxx << 12) | (yyyyyy << 6) | zzzzzz;
++	// 3-byte sequence overlong for this value,
++	// an invalid value or UTF-16 surrogate?
++	if (V < 0x800 || V == 0xFFFE || V == 0xFFFF ||
++	    (V >= 0xD800 && V <= 0xDFFF))
++	  V = replacementChar;
+ 	C = UChar((unsigned short)V);
+       }
+       else {

More information about the pkg-kde-commits mailing list