CVE-2010-1822 fix

qt-everywhere-opensource-src-4.7.0-CVE-2010-1822-crash-svg-image.patch

@@ -0,0 +1,26 @@
+diff -up qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.cpp.CVE-2010-1822-crash-svg-image qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.cpp
+--- qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.cpp.CVE-2010-1822-crash-svg-image	2010-09-10 11:05:20.000000000 +0200
++++ qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.cpp	2010-10-25 14:22:06.542771102 +0200
+@@ -86,6 +86,11 @@ RenderObject* SVGGElement::createRendere
+     return new (arena) RenderSVGTransformableContainer(this);
+ }
+ 
++bool SVGGElement::rendererIsNeeded(RenderStyle*)
++{
++    return parentNode() && parentNode()->isSVGElement(); 
++}
++
+ }
+ 
+ #endif // ENABLE(SVG)
+diff -up qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.h.CVE-2010-1822-crash-svg-image qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.h
+--- qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.h.CVE-2010-1822-crash-svg-image	2010-09-10 11:05:21.000000000 +0200
++++ qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.h	2010-10-25 14:28:37.467854695 +0200
+@@ -43,6 +43,7 @@ namespace WebCore {
+         virtual void parseMappedAttribute(MappedAttribute*);
+         virtual void svgAttributeChanged(const QualifiedName&);
+         virtual void synchronizeProperty(const QualifiedName&);
++        virtual bool rendererIsNeeded(RenderStyle*);
+         virtual void childrenChanged(bool changedByParser = false, Node* beforeChange = 0, Node* afterChange = 0, int childCountDelta = 0);
+ 
+         virtual RenderObject* createRenderer(RenderArena*, RenderStyle*);

qt.spec

@@ -18,7 +18,7 @@ Summary: Qt toolkit
 Name:    qt
 Epoch:   1
 Version: 4.7.0
-Release: 7%{?dist}
+Release: 8%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
@@ -82,8 +82,6 @@ Patch62: qt-4.6.3-indic-rendering-bz636399.patch
 # fix 24bit color issue
 Patch63: qt-everywhere-opensource-src-4.7.0-bpp24.patch
 
-# security patches
-
 ## upstream patches
 Patch100: qt-everywhere-opensource-src-4.7.0-QTBUG-13567-QTreeView.patch
 # http://bugreports.qt.nokia.com/browse/QTBUG-6185
@@ -96,6 +94,9 @@ Patch204: 0004-This-patch-adds-support-for-using-isystem-to-allow-p.patch
 Patch205: 0005-When-tabs-are-inserted-or-removed-in-a-QTabBar.patch
 Patch212: 0012-Add-context-to-tr-calls-in-QShortcut.patch
 
+# security patches
+Patch300: qt-everywhere-opensource-src-4.7.0-CVE-2010-1822-crash-svg-image.patch
+
 # gstreamer logos
 Source10: http://gstreamer.freedesktop.org/data/images/artwork/gstreamer-logo.svg
 Source11: hi16-phonon-gstreamer.png
@@ -440,8 +441,6 @@ Qt libraries used for drawing widgets and OpenGL items.
 %patch62 -p1 -b .indic-rendering-bz636399
 %patch63 -p1 -b .bpp24
 
-# security fixes
-
 # upstream patches
 %patch100 -p1 -b .QTBUG-13567-QTreeView
 %patch101 -p1 -b .QTBUG-6185
@@ -454,6 +453,9 @@ Qt libraries used for drawing widgets and OpenGL items.
 %patch212 -p1 -b .kde-qt-0012
 %endif
 
+# security fixes
+%patch300 -p1 -b .CVE-2010-1822-crash-svg-image
+
 # drop -fexceptions from $RPM_OPT_FLAGS
 RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fexceptions||g'`
 
@@ -1106,6 +1108,9 @@ fi
 
 
 %changelog
+* Mon Oct 25 2010 Jaroslav Reznik <jreznik@redhat.com> - 4.7.0-8
+- QtWebKit, CVE-2010-1822: crash by processing certain SVG images (#640290)
+
 * Mon Oct 18 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.7.0-7
 - qt-devel contains residues from patch run (#639463)