rpms/kdelibs4/F-7 kdelibs-4.0.3-khtml-security.patch, NONE, 1.1 kdelibs4.spec, 1.14, 1.15
Rex Dieter (rdieter)
fedora-extras-commits at redhat.com
Tue Apr 22 18:30:27 UTC 2008
Author: rdieter
Update of /cvs/pkgs/rpms/kdelibs4/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9638/F-7
Modified Files:
kdelibs4.spec
Added Files:
kdelibs-4.0.3-khtml-security.patch
Log Message:
* Tue Apr 22 2008 Lukáš Tinkl <ltinkl at redhat.com>
- fix buffer overflow in KHTML's image loader (KDE advisory 20080426-1)
kdelibs-4.0.3-khtml-security.patch:
--- NEW FILE kdelibs-4.0.3-khtml-security.patch ---
--- khtml/imload/decoders/pngloader.cpp
+++ khtml/imload/decoders/pngloader.cpp
@@ -109,6 +109,8 @@ private:
if (colorType == PNG_COLOR_TYPE_RGB)
colorType = PNG_COLOR_TYPE_RGB_ALPHA; //Paranoia..
+ else if (colorType == PNG_COLOR_TYPE_GRAY)
+ colorType = PNG_COLOR_TYPE_GRAY_ALPHA;
}
ImageFormat imFrm;
@@ -192,6 +194,7 @@ private:
{
if (interlaced)
{
+ Q_ASSERT(pngReadStruct->row_info.pixel_depth <= depth * 8);
requestScanline(rowNum, scanlineBuf);
png_progressive_combine_row(pngReadStruct, scanlineBuf, data);
notifyScanline(pass + 1, scanlineBuf);
Index: kdelibs4.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kdelibs4/F-7/kdelibs4.spec,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- kdelibs4.spec 17 Apr 2008 15:06:30 -0000 1.14
+++ kdelibs4.spec 22 Apr 2008 18:29:46 -0000 1.15
@@ -1,7 +1,7 @@
Summary: K Desktop Environment 4 - Libraries
Version: 4.0.3
-Release: 6%{?dist}
+Release: 7%{?dist}
%if 0%{?fedora} > 8
Name: kdelibs
@@ -79,6 +79,8 @@
Patch13: kdelibs-4.0.3-fedora-buildtype.patch
# patch KStandardDirs to use %{_libexecdir}/kde4 instead of %{_libdir}/kde4/libexec
Patch14: kdelibs-4.0.3-libexecdir.patch
+#Â Buffer overflow in KHTML's image loader
+Patch15: kdelibs-4.0.3-khtml-security.patch
## upstream patches
# based on SVN commit 793504 by dfaure
@@ -202,6 +204,7 @@
%patch12 -p1 -b .Administration-menu
%patch13 -p1 -b .fedora-buildtype
%patch14 -p1 -b .libexecdir
+%patch15 -p0 -b .khtml-security
%patch100 -p1 -b .kconfig_sync_crash
%patch101 -p1 -b .klauncher-crash
@@ -364,6 +367,9 @@
%changelog
+* Tue Apr 22 2008 Lukáš Tinkl <ltinkl at redhat.com>
+- fix buffer overflow in KHTML's image loader (KDE advisory 20080426-1)
+
* Fri Apr 04 2008 Than Ngo <than at redhat.com> - 4.0.3-6
- apply upstream patch to fix klauncher crash
- fix kconfig_sync_crash patch
More information about the fedora-extras-commits
mailing list