rpms/qt/F-10 qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch, NONE, 1.1 qt.spec, 1.234, 1.235

Than Ngo than at fedoraproject.org
Tue Aug 18 10:42:51 UTC 2009 

Author: than

Update of /cvs/extras/rpms/qt/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32353

Modified Files:
	qt.spec 
Added Files:
	qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch 
Log Message:
security fix for CVE-2009-1725


qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch:
 HTMLTokenizer.cpp |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- NEW FILE qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch ---
diff -up qt-x11-opensource-src-4.5.2/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp.orig qt-x11-opensource-src-4.5.2/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp
--- qt-x11-opensource-src-4.5.2/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp.orig	2009-08-18 12:28:26.000000000 +0200
+++ qt-x11-opensource-src-4.5.2/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp	2009-08-18 12:33:43.000000000 +0200
@@ -867,7 +867,9 @@ HTMLTokenizer::State HTMLTokenizer::pars
                     }
                 } else {
                     // FIXME: We should eventually colorize entities by sending them as a special token.
-                    checkBuffer(11);
+                    // 12 bytes required: up to 10 bytes in m_cBuffer plus the
+                    // leading '&' and trailing ';'
+                    checkBuffer(12);
                     *dest++ = '&';
                     for (unsigned i = 0; i < cBufferPos; i++)
                         dest[i] = m_cBuffer[i];
@@ -878,7 +880,9 @@ HTMLTokenizer::State HTMLTokenizer::pars
                     }
                 }
             } else {
-                checkBuffer(10);
+                // 11 bytes required: up to 10 bytes in m_cBuffer plus the
+                // leading '&'
+                checkBuffer(11);
                 // ignore the sequence, add it to the buffer as plaintext
                 *dest++ = '&';
                 for (unsigned i = 0; i < cBufferPos; i++)


Index: qt.spec
===================================================================
RCS file: /cvs/extras/rpms/qt/F-10/qt.spec,v
retrieving revision 1.234
retrieving revision 1.235
diff -u -p -r1.234 -r1.235
--- qt.spec	16 Aug 2009 00:10:43 -0000	1.234
+++ qt.spec	18 Aug 2009 10:42:51 -0000	1.235
@@ -12,7 +12,7 @@ Epoch:   1
 Name:    qt4
 %endif
 Version: 4.5.2
-Release: 1%{?dist}.2
+Release: 2%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: LGPLv2 with exceptions or GPLv3 with exceptions
@@ -62,6 +62,10 @@ Patch55: qt-x11-opensource-src-4.5.2-tim
 Patch287: 287-qmenu-respect-minwidth.patch
 # http://qt.gitorious.org/+kde-developers/qt/kde-qt/commit/1a94cd7b132497f70a2b97ec2b58f6e2b1c5076a.patch
 Patch0288: 0288-more-x-keycodes.patch
+
+# security fixes
+Patch100: qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch
+
 %define qt_copy 20090626
 Source1: qt-copy-patches-svn_checkout.sh
 %{?qt_copy:Source2: qt-copy-patches-%{qt_copy}svn.tar.bz2}
@@ -378,6 +382,9 @@ test -x apply_patches && ./apply_patches
 %patch54 -p1 -b .mysql_config
 %patch55 -p1 -b .timestamp
 
+# security fixes
+%patch100 -p1 -b .CVE-2009-1725
+
 %patch287 -p1 -b .287-qmenu-respect
 %patch0288 -p1 -b .0288-more-x-keycodes
 
@@ -879,6 +886,9 @@ fi
 
 
 %changelog
+* Tue Aug 18 2009 Than Ngo <than at redhat.com> - 4.5.2-2
+- security fix for CVE-2009-1725
+
 * Sat Aug 18 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.2-1.2
 - kde-qt: 287-qmenu-respect-minwidth
 - kde-qt: 0288-more-x-keycodes (#475247)

More information about the scm-commits mailing list