rpms/qt/devel qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch, NONE, 1.1 qt.spec, 1.310, 1.311
Than Ngo
than at fedoraproject.org
Tue Aug 18 10:37:45 UTC 2009
Author: than
Update of /cvs/extras/rpms/qt/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31379
Modified Files:
qt.spec
Added Files:
qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch
Log Message:
- security fix for CVE-2009-1725 (bz#513813)
qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch:
HTMLTokenizer.cpp | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- NEW FILE qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch ---
diff -up qt-x11-opensource-src-4.5.2/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp.orig qt-x11-opensource-src-4.5.2/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp
--- qt-x11-opensource-src-4.5.2/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp.orig 2009-08-18 12:28:26.000000000 +0200
+++ qt-x11-opensource-src-4.5.2/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp 2009-08-18 12:33:43.000000000 +0200
@@ -867,7 +867,9 @@ HTMLTokenizer::State HTMLTokenizer::pars
}
} else {
// FIXME: We should eventually colorize entities by sending them as a special token.
- checkBuffer(11);
+ // 12 bytes required: up to 10 bytes in m_cBuffer plus the
+ // leading '&' and trailing ';'
+ checkBuffer(12);
*dest++ = '&';
for (unsigned i = 0; i < cBufferPos; i++)
dest[i] = m_cBuffer[i];
@@ -878,7 +880,9 @@ HTMLTokenizer::State HTMLTokenizer::pars
}
}
} else {
- checkBuffer(10);
+ // 11 bytes required: up to 10 bytes in m_cBuffer plus the
+ // leading '&'
+ checkBuffer(11);
// ignore the sequence, add it to the buffer as plaintext
*dest++ = '&';
for (unsigned i = 0; i < cBufferPos; i++)
Index: qt.spec
===================================================================
RCS file: /cvs/extras/rpms/qt/devel/qt.spec,v
retrieving revision 1.310
retrieving revision 1.311
diff -u -p -r1.310 -r1.311
--- qt.spec 16 Aug 2009 13:25:37 -0000 1.310
+++ qt.spec 18 Aug 2009 10:37:45 -0000 1.311
@@ -12,7 +12,7 @@ Epoch: 1
Name: qt4
%endif
Version: 4.5.2
-Release: 8%{?dist}
+Release: 9%{?dist}
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
License: LGPLv2 with exceptions or GPLv3 with exceptions
@@ -71,6 +71,10 @@ Patch0288: 0288-more-x-keycodes.patch
# http://qt.gitorious.org/+kde-developers/qt/kde-qt/commits/4.5.2-patched
# once they actually contain all the patches from qt-copy (0283 and 0285 are
# AWOL, 0274 got incorrectly ported to 4.5.2 (one hunk missing))
+
+# security patches
+Patch100: qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch
+
%define qt_copy 20090626
Source1: qt-copy-patches-svn_checkout.sh
%{?qt_copy:Source2: qt-copy-patches-%{qt_copy}svn.tar.bz2}
@@ -406,6 +410,9 @@ popd
%patch54 -p1 -b .mysql_config
%patch55 -p1 -b .timestamp
+# security fixes
+%patch100 -p1 -b .CVE-2009-1725
+
%patch287 -p1 -b .287-qmenu-respect-minwidth
%patch0288 -p1 -b .0288-more-x-keycodes
@@ -931,6 +938,9 @@ fi
%{_datadir}/icons/hicolor/*/apps/qt4-logo.*
%changelog
+* Tue Aug 18 2009 Than Ngo <than at redhat.com> - 4.5.2-9
+- security fix for CVE-2009-1725 (bz#513813)
+
* Sun Aug 16 2009 Than Ngo <than at redhat.com> - 4.5.2-8
- fix phonon-backend-gstreamer for using pulsaudio (#513421)
More information about the fedora-extras-commits
mailing list