CVE-2010-1822 fix
This commit is contained in:
parent
a941a58f4f
commit
76078aea2e
|
@ -0,0 +1,26 @@
|
|||
diff -up qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.cpp.CVE-2010-1822-crash-svg-image qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.cpp
|
||||
--- qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.cpp.CVE-2010-1822-crash-svg-image 2010-09-10 11:05:20.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.cpp 2010-10-25 14:22:06.542771102 +0200
|
||||
@@ -86,6 +86,11 @@ RenderObject* SVGGElement::createRendere
|
||||
return new (arena) RenderSVGTransformableContainer(this);
|
||||
}
|
||||
|
||||
+bool SVGGElement::rendererIsNeeded(RenderStyle*)
|
||||
+{
|
||||
+ return parentNode() && parentNode()->isSVGElement();
|
||||
+}
|
||||
+
|
||||
}
|
||||
|
||||
#endif // ENABLE(SVG)
|
||||
diff -up qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.h.CVE-2010-1822-crash-svg-image qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.h
|
||||
--- qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.h.CVE-2010-1822-crash-svg-image 2010-09-10 11:05:21.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.h 2010-10-25 14:28:37.467854695 +0200
|
||||
@@ -43,6 +43,7 @@ namespace WebCore {
|
||||
virtual void parseMappedAttribute(MappedAttribute*);
|
||||
virtual void svgAttributeChanged(const QualifiedName&);
|
||||
virtual void synchronizeProperty(const QualifiedName&);
|
||||
+ virtual bool rendererIsNeeded(RenderStyle*);
|
||||
virtual void childrenChanged(bool changedByParser = false, Node* beforeChange = 0, Node* afterChange = 0, int childCountDelta = 0);
|
||||
|
||||
virtual RenderObject* createRenderer(RenderArena*, RenderStyle*);
|
15
qt.spec
15
qt.spec
|
@ -18,7 +18,7 @@ Summary: Qt toolkit
|
|||
Name: qt
|
||||
Epoch: 1
|
||||
Version: 4.7.0
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
|
||||
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
|
||||
License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
|
||||
|
@ -82,8 +82,6 @@ Patch62: qt-4.6.3-indic-rendering-bz636399.patch
|
|||
# fix 24bit color issue
|
||||
Patch63: qt-everywhere-opensource-src-4.7.0-bpp24.patch
|
||||
|
||||
# security patches
|
||||
|
||||
## upstream patches
|
||||
Patch100: qt-everywhere-opensource-src-4.7.0-QTBUG-13567-QTreeView.patch
|
||||
# http://bugreports.qt.nokia.com/browse/QTBUG-6185
|
||||
|
@ -96,6 +94,9 @@ Patch204: 0004-This-patch-adds-support-for-using-isystem-to-allow-p.patch
|
|||
Patch205: 0005-When-tabs-are-inserted-or-removed-in-a-QTabBar.patch
|
||||
Patch212: 0012-Add-context-to-tr-calls-in-QShortcut.patch
|
||||
|
||||
# security patches
|
||||
Patch300: qt-everywhere-opensource-src-4.7.0-CVE-2010-1822-crash-svg-image.patch
|
||||
|
||||
# gstreamer logos
|
||||
Source10: http://gstreamer.freedesktop.org/data/images/artwork/gstreamer-logo.svg
|
||||
Source11: hi16-phonon-gstreamer.png
|
||||
|
@ -440,8 +441,6 @@ Qt libraries used for drawing widgets and OpenGL items.
|
|||
%patch62 -p1 -b .indic-rendering-bz636399
|
||||
%patch63 -p1 -b .bpp24
|
||||
|
||||
# security fixes
|
||||
|
||||
# upstream patches
|
||||
%patch100 -p1 -b .QTBUG-13567-QTreeView
|
||||
%patch101 -p1 -b .QTBUG-6185
|
||||
|
@ -454,6 +453,9 @@ Qt libraries used for drawing widgets and OpenGL items.
|
|||
%patch212 -p1 -b .kde-qt-0012
|
||||
%endif
|
||||
|
||||
# security fixes
|
||||
%patch300 -p1 -b .CVE-2010-1822-crash-svg-image
|
||||
|
||||
# drop -fexceptions from $RPM_OPT_FLAGS
|
||||
RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fexceptions||g'`
|
||||
|
||||
|
@ -1106,6 +1108,9 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon Oct 25 2010 Jaroslav Reznik <jreznik@redhat.com> - 4.7.0-8
|
||||
- QtWebKit, CVE-2010-1822: crash by processing certain SVG images (#640290)
|
||||
|
||||
* Mon Oct 18 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.7.0-7
|
||||
- qt-devel contains residues from patch run (#639463)
|
||||
|
||||
|
|
Loading…
Reference in New Issue