Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#11746 closed enhancement (fixed)

kf5-5.58 extra-cmake-modules oxygen-icons5

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by Bruce Dubbs)

New minor version. Will do this mid cycle.

Change History (9)

comment:1 by Bruce Dubbs, 5 years ago

Description: modified (diff)

comment:2 by Douglas R. Reno, 5 years ago

KCodecs

  Fix for CVE-2013-0779

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65a4f73687d0eb5d589d1af93cf57f35d435d0ff

This is a fix for a critical arbitrary code execution vulnerability that was introduced in Firefox, Thunderbird, and Seamonkey 6 YEARS ago and was just now patched in KDE.

comment:3 by Bruce Dubbs, 5 years ago

Looks to me like two files: src/probers/nsEscSM.cpp and /kde-frameworks/kcodecs/kcodecs-5.54.0-r1.ebuild

The first is a one line sed and I don't think we use a .ebuild file.

For nsEscSM.cpp

-static const unsigned int ISO2022JPCharLenTable[] = {0, 0, 0, 0, 0, 0, 0, 0};
+static const unsigned int ISO2022JPCharLenTable[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

comment:4 by Douglas R. Reno, 5 years ago

I think a sed would do. The .ebuild file is from Gentoo. A quick google search made it very difficult to find the proper commit, and the only place that I could find it where a patch was attempted was gentoo.

/me looks upstream:

https://cgit.kde.org/kcodecs.git/commit/?id=9d3fdbed7bf161d19a9440f2d33ada1e93082332

Sorry about that!

comment:5 by Bruce Dubbs, 5 years ago

I updated the -dev version of the book and pointed to the change in the errata.

comment:6 by Bruce Dubbs, 5 years ago

Milestone: hold8.5
Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:7 by Bruce Dubbs, 5 years ago

Summary: kf5-5.56 extra-cmake-modules oxygen-icons5 (hold unto May)kf5-5.58 extra-cmake-modules oxygen-icons5

Just a note. I was going to update to this package this weekend, but the code for version 5.58 has not yet been released. It was tentatively scheduled for yesterday. I plan on updating as soon as upstream makes the release.

comment:8 by Bruce Dubbs, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 21591.

comment:9 by Bruce Dubbs, 5 years ago

Milestone: 8.59.0

Milestone renamed

Note: See TracTickets for help on using tickets.