fix for CVE-2009-2700

This commit is contained in:
Than Ngo 2009-08-31 14:52:11 +00:00
parent c0a63dd716
commit 14cfdb8b63
2 changed files with 18 additions and 1 deletions

View File

@ -0,0 +1,12 @@
diff -up qt-x11-opensource-src-4.5.2/src/network/ssl/qsslcertificate.cpp.orig qt-x11-opensource-src-4.5.2/src/network/ssl/qsslcertificate.cpp
--- qt-x11-opensource-src-4.5.2/src/network/ssl/qsslcertificate.cpp.orig 2009-08-31 16:46:48.000000000 +0200
+++ qt-x11-opensource-src-4.5.2/src/network/ssl/qsslcertificate.cpp 2009-08-31 16:49:47.000000000 +0200
@@ -377,7 +377,7 @@ QMultiMap<QSsl::AlternateNameEntryType,
}
const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(genName->d.ia5));
- const QString altName = QLatin1String(QByteArray(altNameStr, len));
+ const QString altName = QString::fromLatin1(altNameStr, len);
if (genName->type == GEN_DNS)
result.insert(QSsl::DnsEntry, altName);
else if (genName->type == GEN_EMAIL)

View File

@ -14,7 +14,7 @@ Epoch: 1
Name: qt4 Name: qt4
%endif %endif
Version: 4.5.2 Version: 4.5.2
Release: 12%{?dist} Release: 13%{?dist}
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
License: LGPLv2 with exceptions or GPLv3 with exceptions License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -64,6 +64,7 @@ Patch56: qt-x11-opensource-src-4.5.2-ossl10.patch
# security patches # security patches
Patch100: qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch Patch100: qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch
Patch101: qt-x11-opensource-src-4.5.2-CVE-2009-2700.patch
# switch to kde-qt branches, qt-copy doesn't exist anymore # switch to kde-qt branches, qt-copy doesn't exist anymore
Patch200: kde-qt-patches-20090820git.patch Patch200: kde-qt-patches-20090820git.patch
@ -391,6 +392,7 @@ Qt libraries used for drawing widgets and OpenGL items.
# security fixes # security fixes
%patch100 -p1 -b .CVE-2009-1725 %patch100 -p1 -b .CVE-2009-1725
%patch101 -p1 -b .CVE-2009-2700
# kde-qt branch # kde-qt branch
%patch200 -p1 -b .kde-qt-patches-20090820git %patch200 -p1 -b .kde-qt-patches-20090820git
@ -918,6 +920,9 @@ fi
%{_datadir}/icons/hicolor/*/apps/qt4-logo.* %{_datadir}/icons/hicolor/*/apps/qt4-logo.*
%changelog %changelog
* Mon Aug 31 2009 Than Ngo <than@redhat.com> - 4.5.2-13
- fix for CVE-2009-2700
* Thu Aug 27 2009 Rex Dieter <rdieter@fedoraproject.org> 4.5.2-12 * Thu Aug 27 2009 Rex Dieter <rdieter@fedoraproject.org> 4.5.2-12
- use platform linux-g++ everywhere (ie, drop linux-g++-64 on 64 bit), - use platform linux-g++ everywhere (ie, drop linux-g++-64 on 64 bit),
avoids plugin/linker weirdness described in bug #475110 avoids plugin/linker weirdness described in bug #475110