[SECURITY] Fedora 11 Update: qt-4.6.2-17.fc11

updates at fedoraproject.org updates at fedoraproject.org
Sat May 15 20:33:47 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-8379
2010-05-11 19:06:17
--------------------------------------------------------------------------------

Name        : qt
Product     : Fedora 11
Version     : 4.6.2
Release     : 17.fc11
URL         : http://www.qtsoftware.com/
Summary     : Qt toolkit
Description :
Qt is a software toolkit for developing applications.

This package contains base tools, like string, xml, and network
handling.

--------------------------------------------------------------------------------
Update Information:

- fix multiple flaws in webkit: CVE-2010-0047, CVE-2010-0648, CVE-2010-0656
--------------------------------------------------------------------------------
ChangeLog:

* Thu May  6 2010 Than Ngo <than at redhat.com> - 4.6.2-17
- bz#589169, fix multiple flaws in webkit
  CVE-2010-0047, CVE-2010-0648, CVE-2010-0656
* Thu Apr 29 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.6.2-16
- restore qt-everywhere-opensource-src-4.6.2-cups.patch (#586725)
* Wed Apr 28 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.6.2-15
- own %{_qt4_plugindir}/crypto
* Thu Apr 15 2010 Than Ngo <than at redhat.com> - 4.6.2-14
- backport from 4.7 branch to get the printDialog to check
  for default paperSize via CUPS, it replaces the patch 
  qt-everywhere-opensource-src-4.6.2-cups.patch
* Tue Apr  6 2010 Than Ngo <than at redhat.com> - 4.6.2-13
- backport from 4.7 branch to fix s390(x) atomic ops crashes
* Fri Apr  2 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.6.2-12 
- Associate text/vnd.trolltech.linguist with linguist (#579082)
* Tue Mar 23 2010 Tom "spot" Callaway <tcallawa at redhat.com> - 4.6.2-11
- fix type cast issue on sparc64
- drop "recreate .qm file", it's not needed anymore
* Tue Mar 23 2010 Than Ngo <than at redhat.com> - 4.6.2-10
- fix type cast issue on s390x
* Mon Mar 22 2010 Than Ngo <than at redhat.com> - 4.6.2-9
- backport patch to fix a crash when reparenting an item
  in QGraphicsView, QTBUG-6932
- drop dangling reference(s) to %buildroot in *.pc
* Wed Mar 17 2010 Jaroslav Reznik <jreznik at redhat.com> - 4.6.2-8
- WebKit security update:
  CVE-2010-0046, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051,
  CVE-2010-0052, CVE-2010-0054
* Sat Mar 13 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.6.2-7
- BR alsa-lib-devel (for QtMultimedia)
* Sat Mar 13 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.6.2-6
- Provides: qt-assistant-adp(-devel)
* Fri Mar  5 2010 Than Ngo <than at redhat.com> - 4.6.2-5
- Make tablet detection work with new wacom drivers (#569132)
* Mon Mar  1 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.6.2-4
- fix 64bit platform logic, use linux-g++-64 everywhere except x86_64 (#569542)
* Sun Feb 28 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.6.2-3
- fix CUPS patch not to crash if currentPPD is NULL (#566304)
* Tue Feb 16 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.6.2-2
- macros.qt4: s/qt45/qt46/
* Mon Feb 15 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.6.2-1
- 4.6.2
* Fri Feb  5 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.6.1-3
- improve cups support (#523846, kde#180051#c22)
* Tue Jan 19 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.6.1-2
- drop bitmap_font_speed patch, rejected upstream
* Tue Jan 19 2010 Than Ngo <than at redhat.com> - 4.6.1-1
- 4.6.1
* Mon Jan 11 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.6.0-5
- bitmap_font_speed patch (QTBUG-7255)
* Sat Jan  9 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.6.0-4
- Fix crash when QGraphicsItem destructor deletes other QGraphicsItem (kde-qt cec34b01)
- Fix a crash in KDE/Plasma with QGraphicsView. TopLevel list of items (kde-qt 63839f0c)
* Wed Dec 23 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.6.0-3
- disable QtWebKit JavaScript JIT again, incompatible with SELinux (#549994)
* Sat Dec  5 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.6.0-2
- own %{_qt4_plugindir}/gui_platform
* Tue Dec  1 2009 Than Ngo <than at redhat.com> - 4.6.0-1
- 4.6.0
* Tue Nov 17 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.6.0-0.6.rc1
- qt-4.6.0-rc1
* Sat Nov 14 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.6.0-0.5.beta1 
- -tds: Add package with TDS sqldriver (#537586)
- add arch'd provides for sql drivers
* Sun Nov  8 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.6.0-0.4.beta1
- -x11: Requires: %{name}-sqlite(ppc-32)
* Mon Oct 26 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.6.0-0.3.beta1
- kde-qt patches (as of 20091026)
* Fri Oct 16 2009 Than Ngo <than at redhat.com> - 4.6.0-0.2.beta1 
- subpackage sqlite plugin, add Require on qt-sqlite in qt-x11
  for assistant
- build/install qdoc3 again
* Wed Oct 14 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.6.0-0.1.beta1
- qt-4.6.0-beta1
- no kde-qt patches (yet)
* Sat Oct 10 2009 Than Ngo <than at redhat.com> - 4.5.3-4
- fix translation build issue
- rhel cleanup
* Tue Oct  6 2009 Jaroslav Reznik <jreznik at redhat.com> - 4.5.3-3
- disable JavaScriptCore JIT, SE Linux crashes (#527079)
* Fri Oct  2 2009 Than Ngo <than at redhat.com> - 4.5.3-2
- cleanup patches
- if ! phonon_internal, exclude more/all phonon headers
- qt-devel must Requires: phonon-devel (#520323)
* Thu Oct  1 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.3-1
- qt-4.5.3
* Tue Sep 29 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.2-21
- switch to external/kde phonon
* Mon Sep 28 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.2-20
- use internal Qt Assistant/Designer icons
- -devel: move designer.qch,linguist.qch here
- move ownership of %_qt4_docdir, %_qt4_docdir/qch to main pkg
* Sun Sep 20 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.2-19
- Missing Qt Designer icon (#476605)
* Fri Sep 11 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.2-18
- drop gcc -fno-var-tracking-assignments hack (#522576)
* Fri Sep 11 2009 Than Ngo <than at redhat.com> - 4.5.2-17
- drop useless check for ossl patch, the patch works fine with old ossl
* Wed Sep  9 2009 Than Ngo <than at redhat.com> - 4.5.2-16
- add a correct system_ca_certificates patch
* Tue Sep  8 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.2-15
- use system ca-certificates (#521911)
* Tue Sep  1 2009 Than Ngo <than at redhat.com> - 4.5.2-14
- drop fedora < 9 support
- only apply ossl patch for fedora > 11
* Mon Aug 31 2009 Than Ngo <than at redhat.com> - 4.5.2-13
- fix for CVE-2009-2700
* Thu Aug 27 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.2-12
- use platform linux-g++ everywhere (ie, drop linux-g++-64 on 64 bit),
  avoids plugin/linker weirdness (bug #478481)
* Wed Aug 26 2009 Tomas Mraz <tmraz at redhat.com> - 1:4.5.2-11
- rebuilt with new openssl
* Thu Aug 20 2009 Than Ngo <than at redhat.com> - 4.5.2-10
- switch to kde-qt branch
* Tue Aug 18 2009 Than Ngo <than at redhat.com> - 4.5.2-9
- security fix for CVE-2009-1725 (bz#513813)
* Sun Aug 16 2009 Than Ngo <than at redhat.com> - 4.5.2-8
- fix phonon-backend-gstreamer for using pulsaudio (#513421)
* Fri Aug 14 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.2-7
- kde-qt: 287-qmenu-respect-minwidth
- kde-qt: 0288-more-x-keycodes (#475247)
* Wed Aug  5 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.2-6
- use linker scripts for _debug targets (#510246)
- tighten deps using %{?_isa}
- -x11: Requires(post,postun): /sbin/ldconfig
* Thu Jul 30 2009 Than Ngo <than at redhat.com> - 4.5.2-5
- apply upstream patch to fix issue in Copy and paste
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:4.5.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Jul  2 2009 Than Ngo <than at redhat.com> - 4.5.2-3
- pregenerate PNG, drop BR on GraphicsMagick (bz#509244)
* Fri Jun 26 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.5.2-2
- take current qt-copy-patches snapshot (20090626)
- disable patches which are already in 4.5.2
- fix the qt-copy patch 0274-shm-native-image-fix.diff to apply against 4.5.2
* Thu Jun 25 2009 Lukáš Tinkl <ltinkl at redhat.com> - 4.5.2-1
- Qt 4.5.2
* Sun Jun  7 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-18
- phonon-backend-gstreamer pkg, with icons
- optimize (icon-mostly) scriptlets
* Sun Jun  7 2009 Than Ngo <than at redhat.com> - 4.5.1-17
- drop the hack, apply patch to install Global header, gstreamer.desktop
  and dbus services file
* Sat Jun  6 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-16
- install awol Phonon/Global header
* Fri Jun  5 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.5.1-15
- apply Phonon PulseAudio patch (needed for the xine-lib backend)
* Fri Jun  5 2009 Than Ngo <than at redhat.com> - 4.5.1-14
- enable phonon and gstreamer-backend
* Sat May 30 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-13
- -doc: Obsoletes: qt-doc < 1:4.5.1-4 (workaround bug #502401)
* Sat May 23 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-12
- +phonon_internal macro to toggle packaging of qt's phonon (default off)
* Fri May 22 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-11
- qt-copy-patches-20090522
* Wed May 20 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-10.2
- full (non-bootstrap) build
* Wed May 20 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-10.1
- allow for minimal bootstrap build (*cough* arm *cough*)
* Wed May  6 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-10
- improved kde4_plugins patch, skip expensive/unneeded canonicalPath
* Wed May  6 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-9
- include kde4 plugin path by default (#498809)
* Mon May  4 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-8
- fix invalid assumptions about mysql_config --libs (bug #440673)
- fix %files breakage from 4.5.1-5
* Wed Apr 29 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-7
- -devel: Provides: qt4-devel%{?_isa} ...
* Mon Apr 27 2009 Than Ngo <than at redhat.com> - 4.5.1-6
- drop useless hunk of qt-x11-opensource-src-4.5.1-enable_ft_lcdfilter.patch
* Mon Apr 27 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-5
- -devel: Provides: *-static for libQtUiTools.a
* Fri Apr 24 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-4
- qt-doc noarch
- qt-demos, qt-examples (split from -doc)
- (cosmetic) re-order subpkgs in alphabetical order
- drop unused profile.d bits
* Fri Apr 24 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-3
- enable FT_LCD_FILTER (uses freetype subpixel filters if available at runtime)
* Fri Apr 24 2009 Than Ngo <than at redhat.com> - 4.5.1-2
- apply upstream patch to fix the svg rendering regression
* Thu Apr 23 2009 Than Ngo <than at redhat.com> - 4.5.1-1
- 4.5.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #570349 - CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054 qt, webkitgtk: multiple security vulnerabilities in WebKit
        https://bugzilla.redhat.com/show_bug.cgi?id=570349
  [ 2 ] Bug #568170 - CVE-2010-0648 webkit: stylesheet URL property leaks redirection target
        https://bugzilla.redhat.com/show_bug.cgi?id=568170
  [ 3 ] Bug #568188 - CVE-2010-0656 webkit: possible information disclosure via xhr for file:/// URLs
        https://bugzilla.redhat.com/show_bug.cgi?id=568188
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update qt' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list