[arch-commits] Commit in qt/repos (3 files)
Pierre Schmitz
pierre at archlinux.org
Tue Jul 28 14:28:12 UTC 2009
Date: Tuesday, July 28, 2009 @ 10:28:12
Author: pierre
Revision: 47874
Merged revisions 47850 via svnmerge from
svn+ssh://svn.archlinux.org/srv/svn-packages/qt/trunk
........
r47850 | pierre | 2009-07-28 11:47:42 +0200 (Di, 28 Jul 2009) | 1 line
FS#15706
........
Added:
qt/repos/kde-unstable-i686/CVE-2009-1725.patch
(from rev 47850, qt/trunk/CVE-2009-1725.patch)
Modified:
qt/repos/kde-unstable-i686/ (properties)
qt/repos/kde-unstable-i686/PKGBUILD
---------------------+
CVE-2009-1725.patch | 26 ++++++++++++++++++++++++++
PKGBUILD | 15 ++++++++++-----
2 files changed, 36 insertions(+), 5 deletions(-)
Property changes on: qt/repos/kde-unstable-i686
___________________________________________________________________
Modified: svnmerge-integrated
- /qt/trunk:1-47354
+ /qt/trunk:1-47873
Copied: qt/repos/kde-unstable-i686/CVE-2009-1725.patch (from rev 47850, qt/trunk/CVE-2009-1725.patch)
===================================================================
--- kde-unstable-i686/CVE-2009-1725.patch (rev 0)
+++ kde-unstable-i686/CVE-2009-1725.patch 2009-07-28 14:28:12 UTC (rev 47874)
@@ -0,0 +1,26 @@
+Fixed upstream and included in Qt 4.5.3
+
+--- a/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp
++++ b/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp
+@@ -867,7 +867,9 @@ HTMLTokenizer::State HTMLTokenizer::pars
+ }
+ } else {
+ // FIXME: We should eventually colorize entities by sending them as a special token.
+- checkBuffer(11);
++ // 12 bytes required: up to 10 bytes in m_cBuffer plus the
++ // leading '&' and trailing ';'
++ checkBuffer(12);
+ *dest++ = '&';
+ for (unsigned i = 0; i < cBufferPos; i++)
+ dest[i] = m_cBuffer[i];
+@@ -878,7 +880,9 @@ HTMLTokenizer::State HTMLTokenizer::pars
+ }
+ }
+ } else {
+- checkBuffer(10);
++ // 11 bytes required: up to 10 bytes in m_cBuffer plus the
++ // leading '&'
++ checkBuffer(11);
+ // ignore the sequence, add it to the buffer as plaintext
+ *dest++ = '&';
+ for (unsigned i = 0; i < cBufferPos; i++)
Modified: kde-unstable-i686/PKGBUILD
===================================================================
--- kde-unstable-i686/PKGBUILD 2009-07-28 14:27:15 UTC (rev 47873)
+++ kde-unstable-i686/PKGBUILD 2009-07-28 14:28:12 UTC (rev 47874)
@@ -3,8 +3,8 @@
pkgname=qt
pkgver=4.5.2
-pkgrel=4
-_kdeqtver=f9802f2bbbd23137acb5f80d1f131fa6b1a85752
+pkgrel=5
+_kdeqtver=59aa03b350c4e91f5a3515f4de96c77b989c1690
pkgdesc='A cross-platform application and UI framework'
arch=('i686' 'x86_64')
url='http://www.qtsoftware.com/'
@@ -23,16 +23,17 @@
"ftp://ftp.archlinux.org/other/kde-qt/kde-qt-patches-${_kdeqtver}.tar.bz2"
'gstreamer-logo.png'
'assistant.desktop' 'designer.desktop' 'linguist.desktop' 'qtconfig.desktop'
- 'qdoc3.patch' 'phonon.patch')
+ 'qdoc3.patch' 'phonon.patch' 'CVE-2009-1725.patch')
md5sums=('28a7e8ac9805a6f614d2a27ee1a6ac9d'
- '6949a838ff72a13ab0f0e763a175411f'
+ '9b5f708cd7ae92460ea9b888cadf29c7'
'f0c26f76acf8b6a3297cfb31f872b0b7'
'a445c6917086d80f1cfc1e40cb6b0132'
'd457f0a0ad68a3861c3cadefe3b42ded'
'668331d9798a0e2b94381efb7be4c513'
'c29f2993d6a0f73d756d2fa36e130e1c'
'a7e450751f42bdff17e57fdc4af72a18'
- 'ca0debc49d3505423e3b5742fdbfd852')
+ 'ca0debc49d3505423e3b5742fdbfd852'
+ '428fa87aab0032df1ac97f4561c6b08c')
_create-kdeqt-patches() {
local codir=$(mktemp -d)
@@ -68,6 +69,10 @@
# install service files needed by KDE
patch -p1 -i $srcdir/phonon.patch || return 1
+ # fix security issue FS#15706
+ # patch from svn://svn.debian.org/pkg-kde/trunk/packages/qt4-x11/debian/patches/
+ patch -p1 -i $srcdir/CVE-2009-1725.patch || return 1
+
sed -i "s|-O2|$CXXFLAGS|" mkspecs/common/g++.conf
sed -i "/^QMAKE_RPATH/s| -Wl,-rpath,||g" mkspecs/common/g++.conf
More information about the arch-commits
mailing list