From owner-freebsd-ports@FreeBSD.ORG Mon Apr 26 01:52:35 2010 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 282D2106564A for ; Mon, 26 Apr 2010 01:52:35 +0000 (UTC) (envelope-from oliver.pntr@gmail.com) Received: from mail-bw0-f216.google.com (mail-bw0-f216.google.com [209.85.218.216]) by mx1.freebsd.org (Postfix) with ESMTP id A84E78FC16 for ; Mon, 26 Apr 2010 01:52:34 +0000 (UTC) Received: by bwz8 with SMTP id 8so10710964bwz.3 for ; Sun, 25 Apr 2010 18:52:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=I/vyf7fjbFjnl0YJ3/SKBYbNwFF7vNZUrBGMcRGeNYE=; b=dSAAZmdo4qL0gv446RPvxvTl7p5eKEFtqeaQ4UDNsY+BWb/Okem+O/RyXz9kkel4fk HQC/K7Bei45R1Sm4S1/iRCCmXZOMsJCTSrkl2ihUSbNVSveyEWzuxqNBswpKBfoGGvwm 8STXJQQpJyukJKBSxMIha733TwITWh6nbJ7tE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=xRUSHllK3slV4BLZ1T8IFuyeE4ftFI+8sHQLsmh2qm74lGdQ0zweOH4rWvdqYfYxHT 7Xf7k+FPRPzi9+BhiwbjdOpQMiWh5PIoItp+3i8i2NCBC181bjNMNMuDZkvnzD7cJGdY zMuR041eOtpFYb77d/Z2Q244XAXuzX0fryB6k= MIME-Version: 1.0 Received: by 10.204.42.6 with SMTP id q6mr2077005bke.156.1272245210411; Sun, 25 Apr 2010 18:26:50 -0700 (PDT) Received: by 10.204.73.6 with HTTP; Sun, 25 Apr 2010 18:26:50 -0700 (PDT) In-Reply-To: References: Date: Mon, 26 Apr 2010 03:26:50 +0200 Message-ID: From: Oliver Pinter To: freebsd-ports@freebsd.org Content-Type: multipart/mixed; boundary=000325556c92d57558048519ab6a Cc: stable@freebsd.org Subject: Fwd: kdebase3 - CVE-2010-0436 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Apr 2010 01:52:35 -0000 --000325556c92d57558048519ab6a Content-Type: text/plain; charset=ISO-8859-1 this errata is fixed in kde4 and not yet in kde3 @ports... ---------- Forwarded message ---------- From: Oliver Pinter Date: Sun, 25 Apr 2010 00:31:03 +0200 Subject: kdebase3 - CVE-2010-0436 To: kde@freebsd.org hi all! some RH patches for cve-2010-0436: final: https://bugzilla.redhat.com/attachment.cgi?id=400244&action=diff (I think this for kde4, it depend on cmake) v1/1: https://bugzilla.redhat.com/attachment.cgi?id=401213&action=diff v1/2: https://bugzilla.redhat.com/attachment.cgi?id=401214&action=diff and attached patch for kdm-kde3 from Red Hat kdebase3 source --000325556c92d57558048519ab6a Content-Type: text/x-diff; charset=US-ASCII; name="kdebase-3.5.4-kdm-CVE-2010-0436.patch" Content-Disposition: attachment; filename="kdebase-3.5.4-kdm-CVE-2010-0436.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: file0 ZGlmZiAtdXAga2RlYmFzZS0zLjUuNC9rZG0vYmFja2VuZC9jdHJsLmMudGhhbiBrZGViYXNlLTMu NS40L2tkbS9iYWNrZW5kL2N0cmwuYwotLS0ga2RlYmFzZS0zLjUuNC9rZG0vYmFja2VuZC9jdHJs LmMudGhhbgkyMDEwLTAzLTE5IDEyOjQyOjUyLjAwMDAwMDAwMCArMDEwMAorKysga2RlYmFzZS0z LjUuNC9rZG0vYmFja2VuZC9jdHJsLmMJMjAxMC0wMy0xOSAxMjo1MDozMC4wMDAwMDAwMDAgKzAx MDAKQEAgLTE0MCwyMiArMTQwLDI0IEBAIG9wZW5DdHJsKCBzdHJ1Y3QgZGlzcGxheSAqZCApCiAJ CQkJaWYgKHN0cmxlbiggY3ItPnBhdGggKSA+PSBzaXplb2Yoc2Euc3VuX3BhdGgpKQogCQkJCQlM b2dFcnJvciggInBhdGggJVwicyB0b28gbG9uZzsgbm8gY29udHJvbCBzb2NrZXRzIHdpbGwgYmUg YXZhaWxhYmxlXG4iLAogCQkJCQkgICAgICAgICAgY3ItPnBhdGggKTsKLQkJCQllbHNlIGlmICht a2Rpciggc29ja2RpciwgMDc1NSApICYmIGVycm5vICE9IEVFWElTVCkKKwkJCQllbHNlIGlmICht a2Rpciggc29ja2RpciwgMDcwMCApICYmIGVycm5vICE9IEVFWElTVCkKIAkJCQkJTG9nRXJyb3Io ICJta2RpciAlXCJzIGZhaWxlZDsgbm8gY29udHJvbCBzb2NrZXRzIHdpbGwgYmUgYXZhaWxhYmxl XG4iLAogCQkJCQkgICAgICAgICAgc29ja2RpciApOworCQkJCWVsc2UgaWYgKHVubGluayggY3It PnBhdGggKSAmJiBlcnJubyAhPSBFTk9FTlQpCisJCQkJCUxvZ0Vycm9yKCAidW5saW5rICVcInMg ZmFpbGVkOiAlbTsgY29udHJvbCBzb2NrZXQgd2lsbCBub3QgYmUgYXZhaWxhYmxlXG4iLAorCQkJ CQkgICAgICAgICAgY3ItPnBhdGggKTsKIAkJCQllbHNlIHsKLQkJCQkJaWYgKCFkKQotCQkJCQkJ Y2hvd24oIHNvY2tkaXIsIC0xLCBmaWZvR3JvdXAgKTsKLQkJCQkJY2htb2QoIHNvY2tkaXIsIDA3 NTAgKTsKIAkJCQkJaWYgKChjci0+ZmQgPSBzb2NrZXQoIFBGX1VOSVgsIFNPQ0tfU1RSRUFNLCAw ICkpIDwgMCkKIAkJCQkJCUxvZ0Vycm9yKCAiQ2Fubm90IGNyZWF0ZSBjb250cm9sIHNvY2tldFxu IiApOwogCQkJCQllbHNlIHsKLQkJCQkJCXVubGluayggY3ItPnBhdGggKTsKIAkJCQkJCXNhLnN1 bl9mYW1pbHkgPSBBRl9VTklYOwogCQkJCQkJc3RyY3B5KCBzYS5zdW5fcGF0aCwgY3ItPnBhdGgg KTsKIAkJCQkJCWlmICghYmluZCggY3ItPmZkLCAoc3RydWN0IHNvY2thZGRyICopJnNhLCBzaXpl b2Yoc2EpICkpIHsKIAkJCQkJCQlpZiAoIWxpc3RlbiggY3ItPmZkLCA1ICkpIHsKLQkJCQkJCQkJ Y2htb2QoIGNyLT5wYXRoLCAwNjY2ICk7CisJCQkJCQkJCWNobW9kKCBjci0+cGF0aCwgMDY2MCAp OworCQkJCQkJCQlpZiAoIWQpCisJCQkJCQkJCSAgIGNob3duKCBjci0+cGF0aCwgLTEsIGZpZm9H cm91cCApOworCQkJCQkJCQljaG1vZCggc29ja2RpciwgMDc1NSApOwogCQkJCQkJCQlSZWdpc3Rl ckNsb3NlT25Gb3JrKCBjci0+ZmQgKTsKIAkJCQkJCQkJUmVnaXN0ZXJJbnB1dCggY3ItPmZkICk7 CiAJCQkJCQkJCWZyZWUoIHNvY2tkaXIgKTsKQEAgLTIxOCwxMiArMjIwLDggQEAgY2hvd25DdHJs KCBDdHJsUmVjICpjciwgaW50IHVpZCApCiB7CiAJaWYgKGNyLT5mcGF0aCkKIAkJY2hvd24oIGNy LT5mcGF0aCwgdWlkLCAtMSApOwotCWlmIChjci0+cGF0aCkgewotCQljaGFyICpwdHIgPSBzdHJy Y2hyKCBjci0+cGF0aCwgJy8nICk7Ci0JCSpwdHIgPSAwOworCWlmIChjci0+cGF0aCkKIAkJY2hv d24oIGNyLT5wYXRoLCB1aWQsIC0xICk7Ci0JCSpwdHIgPSAnLyc7Ci0JfQogfQogCiB2b2lkCg== --000325556c92d57558048519ab6a--