[kdelibs] Resolves: bz#871541, CVE-2012-4515
Than Ngo
than at fedoraproject.org
Wed Oct 31 08:40:16 UTC 2012
commit 574879f332495f5092b388b9da123272a962cc8c
Author: Than Ngo <than at redhat.com>
Date: Wed Oct 31 09:40:04 2012 +0100
Resolves: bz#871541, CVE-2012-4515
kdelibs-4.9.x-CVE-2012-4515.patch | 50 +++++++++++++++++++++++++++++++++++++
kdelibs.spec | 7 ++++-
2 files changed, 56 insertions(+), 1 deletions(-)
---
diff --git a/kdelibs-4.9.x-CVE-2012-4515.patch b/kdelibs-4.9.x-CVE-2012-4515.patch
new file mode 100644
index 0000000..89aa170
--- /dev/null
+++ b/kdelibs-4.9.x-CVE-2012-4515.patch
@@ -0,0 +1,50 @@
+commit 4f2eb356f1c23444fff2cfe0a7ae10efe303d6d8
+Author: David Faure <faure at kde.org>
+Date: Wed Oct 24 20:04:31 2012 +0200
+
+ Fix crash when a redirect happens in an iframe while the context menu is shown
+
+diff --git a/khtml/rendering/render_replaced.cpp b/khtml/rendering/render_replaced.cpp
+index 195dcba..6bc5caa 100644
+--- a/khtml/rendering/render_replaced.cpp
++++ b/khtml/rendering/render_replaced.cpp
+@@ -1030,7 +1030,7 @@ bool RenderWidget::handleEvent(const DOM::EventImpl& ev)
+ p.setY(qMin(qMax(0,p.y()),m_widget->height()));
+ }
+
+- QWidget* target = 0;
++ QPointer<QWidget> target;
+ target = m_widget->childAt(p);
+
+ if (target) {
+@@ -1103,16 +1103,18 @@ bool RenderWidget::handleEvent(const DOM::EventImpl& ev)
+ }
+ }
+
+- QEvent *e = isMouseWheel ?
++ QScopedPointer<QEvent> e(isMouseWheel ?
+ static_cast<QEvent*>(new QWheelEvent(p, -me.detail()*40, buttons, state, orient)) :
+- static_cast<QEvent*>(new QMouseEvent(type, p, button, buttons, state));
++ static_cast<QEvent*>(new QMouseEvent(type, p, button, buttons, state)));
+
+
+- ret = bubblingSend(target, e, m_widget);
++ ret = bubblingSend(target, e.data(), m_widget);
+
++ if (!target)
++ break;
+ if (needContextMenuEvent) {
+ QContextMenuEvent cme(QContextMenuEvent::Mouse, p);
+- static_cast<EventPropagator *>(target)->sendEvent(&cme);
++ static_cast<EventPropagator *>(target.data())->sendEvent(&cme);
+ } else if (type == QEvent::MouseMove && target->testAttribute(Qt::WA_Hover)) {
+ QHoverEvent he( QEvent::HoverMove, p, p );
+ QApplication::sendEvent(target, &he);
+@@ -1120,7 +1122,6 @@ bool RenderWidget::handleEvent(const DOM::EventImpl& ev)
+ if (ev.id() == EventImpl::MOUSEUP_EVENT) {
+ view()->setMouseEventsTarget( 0 );
+ }
+- delete e;
+ break;
+ }
+ case EventImpl::KEYDOWN_EVENT:
diff --git a/kdelibs.spec b/kdelibs.spec
index f5fd35b..e9407ef 100644
--- a/kdelibs.spec
+++ b/kdelibs.spec
@@ -25,7 +25,7 @@
Summary: KDE Libraries
Version: 4.9.2
-Release: 9%{?dist}
+Release: 10%{?dist}
Name: kdelibs
Epoch: 6
@@ -165,6 +165,7 @@ Patch100: kdelibs-4.9.2-cache-solid-device-in-kfileplaces.patch
## security fix
# Not Upstreamed? why not ? -- Rex
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
+Patch201: kdelibs-4.9.x-CVE-2012-4515.patch
# rhel patches
Patch300: kdelibs-4.8.3-webkit.patch
@@ -338,6 +339,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
# security fixes
%patch200 -p1 -b .CVE-2009-2702
+%patch201 -p1 -b .CVE-2012-4515
# rhel patches
%if 0%{?rhel}
@@ -593,6 +595,9 @@ rm -rf %{buildroot}
%changelog
+* Wed Oct 31 2012 Than Ngo <than at redhat.com> - 6:4.9.2-10
+- Resolves: bz#871541, CVE-2012-4515
+
* Mon Oct 29 2012 Lukáš Tinkl <ltinkl at redhat.com> 6:4.9.2-9
- Resolves #868530 - cache information about solid device in 'Places'
panel in open/save dialog
More information about the scm-commits
mailing list