diff options
| author |   Nirbheek Chauhan <nirbheek@gentoo.org> | 2009-06-27 11:34:54 +0000 |
|---|---|---|
| committer | Nirbheek Chauhan <nirbheek@gentoo.org> | 2009-06-27 11:34:54 +0000 |
| commit | cd6d3076a30571482e106ebcdbd87266014e0afb (patch) | |
| tree | 5a8390e5d2852e92cfdf8d792683f9789e871def /net-libs/webkit-gtk | |
| parent | Keyworded on alpha, bug #269088 (diff) | |
| download | historical-cd6d3076a30571482e106ebcdbd87266014e0afb.tar.gz historical-cd6d3076a30571482e106ebcdbd87266014e0afb.tar.bz2 historical-cd6d3076a30571482e106ebcdbd87266014e0afb.zip | |
Fix bug 271861 (Array indexing vulnerability (CVE-2009-0945))
Package-Manager: portage-2.2_rc33/cvs/Linux i686
Diffstat (limited to 'net-libs/webkit-gtk')
| -rw-r--r-- | net-libs/webkit-gtk/ChangeLog | 8 | ||||
| -rw-r--r-- | net-libs/webkit-gtk/Manifest | 4 | ||||
| -rw-r--r-- | net-libs/webkit-gtk/files/webkit-gtk-CVE-2009-0945.patch | 18 | ||||
| -rw-r--r-- | net-libs/webkit-gtk/webkit-gtk-0_p40220-r1.ebuild | 72 |
4 files changed, 100 insertions, 2 deletions
diff --git a/net-libs/webkit-gtk/ChangeLog b/net-libs/webkit-gtk/ChangeLog index b989a6213179..e7016c704729 100644 --- a/net-libs/webkit-gtk/ChangeLog +++ b/net-libs/webkit-gtk/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-libs/webkit-gtk # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/webkit-gtk/ChangeLog,v 1.34 2009/06/19 17:26:25 mrpouet Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-libs/webkit-gtk/ChangeLog,v 1.35 2009/06/27 11:34:54 nirbheek Exp $ + +*webkit-gtk-0_p40220-r1 (27 Jun 2009) + + 27 Jun 2009; <nirbheek@gentoo.org> +webkit-gtk-0_p40220-r1.ebuild, + +files/webkit-gtk-CVE-2009-0945.patch: + Fix bug 271861 (Array indexing vulnerability (CVE-2009-0945)) *webkit-gtk-1.1.10 (19 Jun 2009) diff --git a/net-libs/webkit-gtk/Manifest b/net-libs/webkit-gtk/Manifest index 0435b17b4dc5..bfcd24f27b85 100644 --- a/net-libs/webkit-gtk/Manifest +++ b/net-libs/webkit-gtk/Manifest @@ -1,11 +1,13 @@ AUX webkit-gtk-0_p40220-gcc44-aliasing.patch 31876 RMD160 19f850df93fd81d1a736dbcc5441d0193929ef35 SHA1 293465980ececa6f2dbdd55787edf2676f628edf SHA256 6aee86b94b443a088502a35d25ffc7f17fa36f6e89dd082dcca11042a7af110f +AUX webkit-gtk-CVE-2009-0945.patch 671 RMD160 a51f2326f44e05146eaeea5b3f0fcc973efdaeca SHA1 2a281b7ee69158daf7d088add2f21f99903506dd SHA256 65ccad453b147067725dac0f9ba8f07cd0d04970ab0f8d85f086ef07a6d0b3c3 DIST WebKit-r40220.tar.bz2 10307835 RMD160 5700977d5a9a23680e58b1e3952ecb2fe1430e9a SHA1 2aa2bd3a9c60f53a1a1ef0bf810ea2c59b0a80e2 SHA256 223154d0e247336cd3cf808b030cfb00739103b7a258050e71703903df922020 DIST webkit-1.1.10.tar.gz 6343872 RMD160 c3d5a7b9793318d0fc9f4d170b7aeac7a6f30735 SHA1 8f0637c936b4f62fb21c8d0c35298e5c0317fd0a SHA256 4eb4fc4a3f47edbc18c9dc09d54fd2189954ebaa0e521b0ab97e21087d8c9855 DIST webkit-1.1.7.tar.gz 6205024 RMD160 63dea479e23b62ae6d0abb0e5559c35eed34466d SHA1 77d27ab8f0d74ddda349ea9e4416d27d9adb8b61 SHA256 1aaae2bc36ba7ffb27690647e1631f336c0aee56bad2fd91ee6ea906ff17945f DIST webkit-1.1.8.tar.gz 6232745 RMD160 6c0cda8cbcf88c7d7104e0bcc6b910eada9213c0 SHA1 3b858495e293c0998a2652993a93ccbedff71839 SHA256 984929e42c6904893f5cd73f6506f858a3859d2ee1a56d69b4f7e9f62a0d2ffa +EBUILD webkit-gtk-0_p40220-r1.ebuild 1868 RMD160 0bc750924f6c4e8909cd853d0f2fa7321532209b SHA1 b9db883ce6352302ee07d633d5882e92efaff870 SHA256 57568d1b07b036ae40a16def44c276040d5a88d2b87bb7e87a2daa95d5d899bc EBUILD webkit-gtk-0_p40220.ebuild 1813 RMD160 6dcf4fac3db324268097c60dd9bc6e5e23b0abd1 SHA1 3d2530d3bf1a9f12c1ad4f083a010c50a969fc2a SHA256 df18dcfbefd31c4f9eabece22bff4dc6c2b7b293072fb53a65b020dda341d6fd EBUILD webkit-gtk-1.1.10.ebuild 2290 RMD160 6b06fdca47877a0e0712e9837d99b2454b209519 SHA1 3400115cf5506713ba42b3969d15d7c5d66d7cfd SHA256 59cf1b543c610b7ca501007f1157ca58bab841e16f1f60e4f92a5837056eaa3c EBUILD webkit-gtk-1.1.7.ebuild 1966 RMD160 9ffaf403e0987743564692874d45c032951dcb00 SHA1 30b067da607985115868015f283ee03fc04c6711 SHA256 0865ae435fdff7c25befd23a9b8167f364a9e1d43000a7dcd59eaf999034f582 EBUILD webkit-gtk-1.1.8.ebuild 2288 RMD160 f7653f76d0d4b2d6214b3d205d031da481c73ab4 SHA1 3dc6fb65ccbe7d077bc92915716ab776501c2515 SHA256 ea8066a8d5be3cab3b51c29fd15bc9df5c5cd088469e45854270d5e812c0b762 -MISC ChangeLog 8498 RMD160 eddf135d97dbd954b424460ae5ece94150e8bf9d SHA1 a19bd59c1f2130cbdcee71f736b34a9cda4fbbeb SHA256 6b7d610d96300d3dd95e5258827ab7dabd91b1c77881826d55aa9ff4febd47c7 +MISC ChangeLog 8713 RMD160 6082bf156228df5b4d803f1745ab28397ba383af SHA1 7a160fd730651bb2210c10cc7c5643252d560e5a SHA256 c4d2018a13f5c37bb8fcfb4afb71ec1991732f46478670328f94b62a748698d5 MISC metadata.xml 531 RMD160 285606a7b4b22a9fd2f4374009b6bc920daa36f2 SHA1 abc9aa9a98cdd9eed2323509a8a9c92e9dc731e9 SHA256 c378730cdc83d29b2c94aee6dedece01b4f97a8fac3da2135510c32eea05a246 diff --git a/net-libs/webkit-gtk/files/webkit-gtk-CVE-2009-0945.patch b/net-libs/webkit-gtk/files/webkit-gtk-CVE-2009-0945.patch new file mode 100644 index 000000000000..d053e42866e8 --- /dev/null +++ b/net-libs/webkit-gtk/files/webkit-gtk-CVE-2009-0945.patch @@ -0,0 +1,18 @@ +Patch against Webkit-0 for CVE-2009-0945, bug 271861. + +diff -ru a/WebKit-r40220/WebCore/svg/SVGList.h b/WebKit-r40220/WebCore/svg/SVGList.h +--- a/WebKit-r40220/WebCore/svg/SVGList.h 2009-01-21 06:14:24.000000000 +0100 ++++ b/WebKit-r40220/WebCore/svg/SVGList.h 2009-06-27 01:47:15.000000000 +0200 +@@ -96,7 +96,11 @@ + + Item insertItemBefore(Item newItem, unsigned int index, ExceptionCode&) + { +- m_vector.insert(index, newItem); ++ if (index < m_vector.size()) { ++ m_vector.insert(index, newItem); ++ } else { ++ m_vector.append(newItem); ++ } + return newItem; + } + diff --git a/net-libs/webkit-gtk/webkit-gtk-0_p40220-r1.ebuild b/net-libs/webkit-gtk/webkit-gtk-0_p40220-r1.ebuild new file mode 100644 index 000000000000..9c3689d07ee0 --- /dev/null +++ b/net-libs/webkit-gtk/webkit-gtk-0_p40220-r1.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-libs/webkit-gtk/webkit-gtk-0_p40220-r1.ebuild,v 1.1 2009/06/27 11:34:54 nirbheek Exp $ + +inherit autotools flag-o-matic eutils + +MY_P="WebKit-r${PV/0\_p}" +DESCRIPTION="Open source web browser engine" +HOMEPAGE="http://www.webkit.org/" +SRC_URI="http://nightly.webkit.org/files/trunk/src/${MY_P}.tar.bz2" + +LICENSE="LGPL-2 LGPL-2.1 BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 -ia64 ~ppc -sparc ~x86 ~x86-fbsd" +IUSE="coverage debug gstreamer pango soup sqlite svg xslt" + +RDEPEND=">=x11-libs/gtk+-2.8 + >=dev-libs/icu-3.8.1-r1 + >=net-misc/curl-7.15 + media-libs/jpeg + media-libs/libpng + dev-libs/libxml2 + sqlite? ( >=dev-db/sqlite-3 ) + gstreamer? ( + >=media-libs/gst-plugins-base-0.10 + ) + soup? ( >=net-libs/libsoup-2.23.1 ) + xslt? ( dev-libs/libxslt ) + pango? ( x11-libs/pango )" + +DEPEND="${RDEPEND} + dev-util/gperf + dev-util/pkgconfig + virtual/perl-Text-Balanced" + +S="${WORKDIR}/${MY_P}" + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}/${P}-gcc44-aliasing.patch" + epatch "${FILESDIR}/${PN}-CVE-2009-0945.patch" + eautoreconf +} + +src_compile() { + # It doesn't compile on alpha without this LDFLAGS + use alpha && append-ldflags "-Wl,--no-relax" + + local myconf + use pango && myconf="${myconf} --with-font-backend=pango" + use soup && myconf="${myconf} --with-http-backend=soup" + + econf \ + $(use_enable sqlite database) \ + $(use_enable sqlite icon-database) \ + $(use_enable sqlite dom-storage) \ + $(use_enable sqlite offline-web-applications) \ + $(use_enable gstreamer video) \ + $(use_enable svg) \ + $(use_enable debug) \ + $(use_enable xslt) \ + $(use_enable coverage) \ + ${myconf} \ + || die "configure failed" + + emake || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "Install failed" +} |