rpms/qt4/FC-5 utf8-bug-qt4-2.diff, NONE, 1.1 .cvsignore, 1.11, 1.12 qt4.macros, 1.1, 1.2 qt4.spec, 1.24, 1.25

Rex Dieter (rdieter) fedora-extras-commits at redhat.com
Fri Mar 30 15:35:27 UTC 2007


Author: rdieter

Update of /cvs/extras/rpms/qt4/FC-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18865

Modified Files:
	.cvsignore qt4.macros qt4.spec 
Added Files:
	utf8-bug-qt4-2.diff 
Log Message:
* Thu Mar 29 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 4.2.3-7
- CVE-2007-0242, utf8-bug-qt4-2.diff

* Thu Mar 22 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 4.2.3-6
- -system-sqlite, BR: sqlite-devel
- drop mysql_config hackery

* Wed Mar 21 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 4.2.3-5
- strip (all) glib2 libs from .pc files
- prepend _ to rpm macros
- drop Obsoletes: qt4-debug



utf8-bug-qt4-2.diff:

--- NEW FILE utf8-bug-qt4-2.diff ---
--- src/corelib/tools/qstring.cpp
+++ src/corelib/tools/qstring.cpp
@@ -3342,6 +3342,7 @@ QString QString::fromUtf8(const char *st
     result.resize(size); // worst case
     ushort *qch = result.d->data;
     uint uc = 0;
+    uint min_uc = 0;
     int need = 0;
     int error = -1;
     uchar ch;
@@ -3359,6 +3360,12 @@ QString QString::fromUtf8(const char *st
                         ushort low = uc%0x400 + 0xdc00;
                         *qch++ = high;
                         *qch++ = low;
+                    } else if ((uc < min_uc) || (uc >= 0xd800 && uc <= 0xdfff) || (uc >= 0xfffe)) {
+			// overlong seqence, UTF16 surrogate or BOM
+                        i = error;
+                        qch = addOne(qch, result);
+                        *qch++ = 0xdbff;
+                        *qch++ = 0xde00 + ((uchar)str[i]);
                     } else {
                         *qch++ = uc;
                     }
@@ -3381,14 +3388,17 @@ QString QString::fromUtf8(const char *st
                 uc = ch & 0x1f;
                 need = 1;
                 error = i;
+                min_uc = 0x80;
             } else if ((ch & 0xf0) == 0xe0) {
                 uc = ch & 0x0f;
                 need = 2;
                 error = i;
+                min_uc = 0x800;
             } else if ((ch&0xf8) == 0xf0) {
                 uc = ch & 0x07;
                 need = 3;
                 error = i;
+                min_uc = 0x10000;
             } else {
                 // Error
                 qch = addOne(qch, result);
--- src/corelib/codecs/qutfcodec.cpp
+++ src/corelib/codecs/qutfcodec.cpp
@@ -117,15 +117,19 @@ QString QUtf8Codec::convertToUnicode(con
     bool headerdone = false;
     QChar replacement = QChar::ReplacementCharacter;
     int need = 0;
+    int error = -1;
     uint uc = 0;
+    uint min_uc = 0;
     if (state) {
         if (state->flags & IgnoreHeader)
             headerdone = true;
         if (state->flags & ConvertInvalidToNull)
             replacement = QChar::Null;
         need = state->remainingChars;
-        if (need)
+        if (need) {
             uc = state->state_data[0];
+            min_uc = state->state_data[1];
+        }
     }
     if (!headerdone && len > 3
         && (uchar)chars[0] == 0xef && (uchar)chars[1] == 0xbb && (uchar)chars[2] == 0xbf) {
@@ -142,7 +146,7 @@ QString QUtf8Codec::convertToUnicode(con
     int invalid = 0;
 
     for (int i=0; i<len; i++) {
-        ch = *chars++;
+        ch = chars[i];
         if (need) {
             if ((ch&0xc0) == 0x80) {
                 uc = (uc << 6) | (ch & 0x3f);
@@ -153,14 +157,27 @@ QString QUtf8Codec::convertToUnicode(con
                         uc -= 0x10000;
                         unsigned short high = uc/0x400 + 0xd800;
                         unsigned short low = uc%0x400 + 0xdc00;
+
+                        // resize if necessary
+                        long where = qch - result.unicode();
+                        if (where + 2 >= result.size()) {
+                            result.resize(where + 2);
+                            qch = result.data() + where;
+                        }
+
                         *qch++ = QChar(high);
                         *qch++ = QChar(low);
+                    } else if ((uc < min_uc) || (uc >= 0xd800 && uc <= 0xdfff) || (uc >= 0xfffe)) {
+                        // error
+                        *qch++ = QChar::ReplacementCharacter;
+                        ++invalid;
                     } else {
                         *qch++ = uc;
                     }
                 }
             } else {
                 // error
+                i = error;
                 *qch++ = QChar::ReplacementCharacter;
                 ++invalid;
                 need = 0;
@@ -171,12 +188,22 @@ QString QUtf8Codec::convertToUnicode(con
             } else if ((ch & 0xe0) == 0xc0) {
                 uc = ch & 0x1f;
                 need = 1;
+                error = i;
+                min_uc = 0x80;
             } else if ((ch & 0xf0) == 0xe0) {
                 uc = ch & 0x0f;
                 need = 2;
+                error = i;
+                min_uc = 0x800;
             } else if ((ch&0xf8) == 0xf0) {
                 uc = ch & 0x07;
                 need = 3;
+                error = i;
+                min_uc = 0x10000;
+            } else {
+                // error
+                *qch++ = QChar::ReplacementCharacter;
+                ++invalid;
             }
         }
     }
@@ -187,6 +214,7 @@ QString QUtf8Codec::convertToUnicode(con
         if (headerdone)
             state->flags |= IgnoreHeader;
         state->state_data[0] = need ? uc : 0;
+        state->state_data[1] = need ? min_uc : 0;
     }
     return result;
 }


Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/qt4/FC-5/.cvsignore,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- .cvsignore	15 Mar 2007 18:42:59 -0000	1.11
+++ .cvsignore	30 Mar 2007 15:34:54 -0000	1.12
@@ -1,5 +1,3 @@
 clog
 OLD/
-qt-x11-opensource-src-4.2.1.tar.gz
-qt-x11-opensource-src-4.2.2.tar.gz
 qt-x11-opensource-src-4.2.3.tar.gz


Index: qt4.macros
===================================================================
RCS file: /cvs/extras/rpms/qt4/FC-5/qt4.macros,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- qt4.macros	15 Mar 2007 18:42:59 -0000	1.1
+++ qt4.macros	30 Mar 2007 15:34:54 -0000	1.2
@@ -1,11 +1,11 @@
 
-%qt4_prefix	%{_libdir}/qt4	
-%qt4_bindir	%{qt4_prefix}/bin
-%qt4_datadir	%{_datadir}/qt4	
-%qt4_docdir	%{_docdir}/qt4	
-%qt4_headerdir  %{_includedir}
-%qt4_libdir     %{_libdir}
-%qt4_plugindir	%{qt4_prefix}/plugins
-%qt4_sysconfdir	%{_sysconfdir}
-%qt4_translationdir	%{qt4_datadir}/translations	
+%_qt4_prefix	%{_libdir}/qt4	
+%_qt4_bindir	%{qt4_prefix}/bin
+%_qt4_datadir	%{_datadir}/qt4	
+%_qt4_docdir	%{_docdir}/qt4	
+%_qt4_headerdir  %{_includedir}
+%_qt4_libdir     %{_libdir}
+%_qt4_plugindir	%{qt4_prefix}/plugins
+%_qt4_sysconfdir	%{_sysconfdir}
+%_qt4_translationdir	%{qt4_datadir}/translations	
 


Index: qt4.spec
===================================================================
RCS file: /cvs/extras/rpms/qt4/FC-5/qt4.spec,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- qt4.spec	15 Mar 2007 18:42:59 -0000	1.24
+++ qt4.spec	30 Mar 2007 15:34:54 -0000	1.25
@@ -13,7 +13,7 @@
 Summary: Qt toolkit
 Name:	 qt4
 Version: 4.2.3
-Release: 3%{?dist}
+Release: 7%{?dist}.1
 
 License: GPL/QPL
 Group: 	 System Environment/Libraries
@@ -35,6 +35,8 @@
 Patch1: qt-x11-opensource-src-4.1.2-assistant4.patch
 # multilib hacks 
 Patch2: qt-x11-opensource-src-4.2.2-multilib.patch
+# CVE-2007-0242
+Patch3: utf8-bug-qt4-2.diff
 ## qt-copy patches
 Patch0154: 0154-qdbuscpp2xml-moc_path.diff
 
@@ -105,19 +107,14 @@
 %if 0%{?fedora} > 4 || 0%{?rhel} > 4
 %define x_deps libICE-devel libSM-devel libXcursor-devel libXext-devel libXfixes-devel libXft-devel libXi-devel libXinerama-devel libXrandr-devel libXrender-devel libXt-devel libX11-devel xorg-x11-proto-devel libGL-devel libGLU-devel
 %endif
-BuildRequires: %{x_deps} %{?x_deps_GL_hack}
+BuildRequires: %{x_deps}
 
 %if "%{?nas}" == "-system-nas-sound"
 BuildRequires: nas-devel
 %endif
 
 %if "%{?mysql}" != "-no-sql-mysql"
-# mysql-devel < 4 build fails on 4.1.3+, not sure why... yet.  -- Rex
 BuildRequires: mysql-devel >= 4.0
-# If we get mysql3 to work, use mysql_config --cflags instead -- Rex
-%global mysql_include $(mysql_config --include 2> /dev/null || echo "-I%{_includedir}/mysql")
-%global mysql_libs    $(mysql_config --libs 2> /dev/null || echo "-L%{_libdir}/mysql")
-%global mysql_ldflags $(echo %{mysql_libs} | perl -pi -e "s, -l/?\\\S+,,g")
 %endif
 
 %if "%{?psql}" != "-no-sql-psql"
@@ -129,8 +126,10 @@
 %endif
 
 %if "%{?sqlite:1}" != "-no-sql-sqlite"
-# FIXME: currently BR not used, uses 3rd-party internal sources
-#BuildRequires: sqlite-devel
+%if 0%{?fedora} > 2 
+%define _system_sqlite -system-sqlite
+BuildRequires: sqlite-devel
+%endif
 %endif
 
 Obsoletes: %{name}-config < %{version}-%{release}
@@ -151,10 +150,9 @@
 Requires: libpng-devel
 Requires: libjpeg-devel
 Requires: pkgconfig
-# %{_sysconfdir}/rpm/macros.qt4
+#Requires: glib2-devel
+## %{_sysconfdir}/rpm/macros.qt4
 Requires: rpm
-# Short-lived pkg, temporary 
-Obsoletes: %{name}-debug < %{version}-%{release}
 Obsoletes: %{name}-designer < %{version}-%{release}
 Provides:  %{name}-designer = %{version}-%{release}
 %description devel
@@ -219,11 +217,12 @@
 
 
 %prep
-%setup -q -n qt-x11%{?preview}-opensource-src-%{version}%{?beta:-%{beta}}
+%setup -q -n qt-x11%{?preview}-opensource-src-%{version}%{?beta}
 
 %patch1 -p1 -b .assistant4
 # don't use -b on mkspec files, else they get installed too.
 %patch2 -p1
+%patch3 -p0 -b .utf8-bug
 %patch0154 -p0 -b .qt-copy#0154
 
 # drop -fexceptions from $RPM_OPT_FLAGS
@@ -307,10 +306,10 @@
   -glib \
   %{?qdbus} %{!?qdbus:-no-qdbus} \
   %{?nas} %{!?nas:-no-nas-sound} \
-  %{?mysql} %{?mysql_include} %{?mysql_ldflags} \
+  %{?mysql} \
   %{?psql} \
   %{?odbc} \
-  %{?sqlite} 
+  %{?sqlite} %{?_system_sqlite}
 
 make %{?_smp_mflags}
 
@@ -329,14 +328,15 @@
 ## pkg-config
 # strip extraneous dirs/libraries -- Rex
 # safe ones
-for dep in -laudio -ldbus-1 -lglib-2.0 -lmng -ljpeg -lpng -lz -lfreetype -lm %{?mysql_ldflags} \
+glib2_libs=$(pkg-config --libs glib-2.0 gthread-2.0)
+for dep in -laudio -ldbus-1 -lfreetype -lfontconfig ${glib2_libs} -lmng -ljpeg -lpng -lm -lz \
   -L%{_builddir}/qt-x11%{?preview}-opensource-src-%{version}%{?beta:-%{beta}}/lib ; do
   sed -i -e "s|$dep ||g" %{buildroot}%{qt4_libdir}/lib*.la ||:
   sed -i -e "s|$dep ||g" %{buildroot}%{qt4_libdir}/*.pc
   sed -i -e "s|$dep ||g" %{buildroot}%{qt4_libdir}/*.prl
 done
 # riskier
-for dep in -lXrender -lXrandr -lXcursor -lXfixes -lXinerama -lXi -lXft -lXt -lfontconfig -lXext -lX11 -lSM -lICE -ldl -lpthread ; do
+for dep in -lXrender -lXrandr -lXcursor -lXfixes -lXinerama -lXi -lXft -lXt -lXext -lX11 -lSM -lICE -ldl -lpthread ; do
   sed -i -e "s|$dep ||g" %{buildroot}%{qt4_libdir}/lib*.la ||:
   sed -i -e "s|$dep ||g" %{buildroot}%{qt4_libdir}/*.pc
   sed -i -e "s|$dep ||g" %{buildroot}%{qt4_libdir}/*.prl
@@ -560,6 +560,18 @@
 
 
 %changelog
+* Thu Mar 29 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 4.2.3-7
+- CVE-2007-0242, utf8-bug-qt4-2.diff
+
+* Thu Mar 22 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 4.2.3-6
+- -system-sqlite, BR: sqlite-devel
+- drop mysql_config hackery
+
+* Wed Mar 21 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 4.2.3-5
+- strip (all) glib2 libs from .pc files
+- prepend _ to rpm macros
+- drop Obsoletes: qt4-debug
+
 * Thu Mar 15 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 4.2.3-3
 - make /etc/rpm/macros.qt4 owned only by qt4-devel
 




More information about the fedora-extras-commits mailing list