rpms/qt/devel qt-x11-free-3.3.8-bz#243722-mysql.patch, NONE, 1.1 qt3-CVE-2007-3388.patch, NONE, 1.1 qt.spec, 1.136, 1.137
Than Ngo (than)
fedora-extras-commits at redhat.com
Tue Aug 28 17:21:04 UTC 2007
Author: than
Update of /cvs/extras/rpms/qt/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24341
Modified Files:
qt.spec
Added Files:
qt-x11-free-3.3.8-bz#243722-mysql.patch
qt3-CVE-2007-3388.patch
Log Message:
- CVE-2007-3388 qt3 format string flaw
- backport to fix #bz243722, bz#244148, Applications using qt-mysql crash if database is
removed before QApplication is destroyed
qt-x11-free-3.3.8-bz#243722-mysql.patch:
--- NEW FILE qt-x11-free-3.3.8-bz#243722-mysql.patch ---
diff -Nur qt-x11-free-3.3.8/src/sql/drivers/mysql/qsql_mysql.cpp qt-x11-free-3.3.8-me/src/sql/drivers/mysql/qsql_mysql.cpp
--- qt-x11-free-3.3.8/src/sql/drivers/mysql/qsql_mysql.cpp 2007-01-11 14:38:34.000000000 +0100
+++ qt-x11-free-3.3.8-snapshot-me/src/sql/drivers/mysql/qsql_mysql.cpp 2007-05-22 17:15:26.000000000 +0200
@@ -37,7 +37,6 @@
#include "qsql_mysql.h"
#include <private/qsqlextension_p.h>
-#include <qapplication.h>
#include <qdatetime.h>
#include <qvaluevector.h>
#include <qsqlrecord.h>
@@ -52,6 +51,9 @@
QPtrDict<QSqlOpenExtension> *qSqlOpenExtDict();
+static int qMySqlConnectionCount = 0;
+static bool qMySqlInitHandledByUser = FALSE;
+
class QMYSQLOpenExtension : public QSqlOpenExtension
{
public:
@@ -354,9 +356,8 @@
{
#ifndef Q_NO_MYSQL_EMBEDDED
# if MYSQL_VERSION_ID >= 40000
- static bool init = FALSE;
- if ( init )
- return;
+ if ( qMySqlInitHandledByUser || qMySqlConnectionCount > 1 )
+ return;
// this should only be called once
// has no effect on client/server library
@@ -366,8 +367,6 @@
qWarning( "QMYSQLDriver::qServerInit: unable to start server." );
# endif
}
- qAddPostRoutine(qServerEnd);
- init = TRUE;
# endif // MYSQL_VERSION_ID
#endif // Q_NO_MYSQL_EMBEDDED
@@ -392,8 +391,10 @@
d->mysql = (MYSQL *) con;
setOpen( TRUE );
setOpenError( FALSE );
+ if (qMySqlConnectionCount == 1)
+ qMySqlInitHandledByUser = TRUE;
} else {
- qServerInit();
+ qServerInit();
}
}
@@ -402,10 +403,15 @@
qSqlOpenExtDict()->insert( this, new QMYSQLOpenExtension(this) );
d = new QMYSQLDriverPrivate();
d->mysql = 0;
+ qMySqlConnectionCount++;
}
QMYSQLDriver::~QMYSQLDriver()
{
+ qMySqlConnectionCount--;
+ if (qMySqlConnectionCount == 0 && !qMySqlInitHandledByUser)
+ qServerEnd();
+
delete d;
if ( !qSqlOpenExtDict()->isEmpty() ) {
QSqlOpenExtension *ext = qSqlOpenExtDict()->take( this );
qt3-CVE-2007-3388.patch:
--- NEW FILE qt3-CVE-2007-3388.patch ---
--- qt3/src/widgets/qtextedit.cpp Mon Jul 16 10:44:40 CEST 2007
+++ qt3/src/widgets/qtextedit.cpp Mon Jul 16 10:44:40 CEST 2007
@@ -6349,7 +6349,7 @@
cur = tag->prev;
if ( !cur ) {
#ifdef QT_CHECK_RANGE
- qWarning( "QTextEdit::optimParseTags: no left-tag for '<" + tag->tag + ">' in line %d.", tag->line + 1 );
+ qWarning( "QTextEdit::optimParseTags: no left-tag for '<%s>' in line %d.", tag->tag.ascii(), tag->line + 1 );
#endif
return; // something is wrong - give up
}
@@ -6372,7 +6372,7 @@
break;
} else if ( !cur->leftTag ) {
#ifdef QT_CHECK_RANGE
- qWarning( "QTextEdit::optimParseTags: mismatching %s-tag for '<" + cur->tag + ">' in line %d.", cur->tag[0] == '/' ? "left" : "right", cur->line + 1 );
+ qWarning( "QTextEdit::optimParseTags: mismatching %s-tag for '<%s>' in line %d.", cur->tag[0] == '/' ? "left" : "right", cur->tag.ascii(), cur->line + 1 );
#endif
return; // something is amiss - give up
}
--- qt3/src/sql/qdatatable.cpp Mon Jul 16 10:45:03 CEST 2007
+++ qt3/src/sql/qdatatable.cpp Mon Jul 16 10:45:03 CEST 2007
@@ -1043,8 +1043,8 @@
return FALSE;
if ( !sqlCursor()->canInsert() ) {
#ifdef QT_CHECK_RANGE
- qWarning("QDataTable::insertCurrent: insert not allowed for " +
- sqlCursor()->name() );
+ qWarning("QDataTable::insertCurrent: insert not allowed for %s",
+ sqlCursor()->name().latin1() );
#endif
endInsert();
return FALSE;
@@ -1117,16 +1117,16 @@
return FALSE;
if ( sqlCursor()->primaryIndex().count() == 0 ) {
#ifdef QT_CHECK_RANGE
- qWarning("QDataTable::updateCurrent: no primary index for " +
- sqlCursor()->name() );
+ qWarning("QDataTable::updateCurrent: no primary index for %s",
+ sqlCursor()->name().latin1() );
#endif
endUpdate();
return FALSE;
}
if ( !sqlCursor()->canUpdate() ) {
#ifdef QT_CHECK_RANGE
- qWarning("QDataTable::updateCurrent: updates not allowed for " +
- sqlCursor()->name() );
+ qWarning("QDataTable::updateCurrent: updates not allowed for %s",
+ sqlCursor()->name().latin1() );
#endif
endUpdate();
return FALSE;
@@ -1191,8 +1191,8 @@
return FALSE;
if ( sqlCursor()->primaryIndex().count() == 0 ) {
#ifdef QT_CHECK_RANGE
- qWarning("QDataTable::deleteCurrent: no primary index " +
- sqlCursor()->name() );
+ qWarning("QDataTable::deleteCurrent: no primary index %s",
+ sqlCursor()->name().latin1() );
#endif
return FALSE;
}
--- qt3/src/sql/qsqldatabase.cpp Mon Jul 16 10:45:03 CEST 2007
+++ qt3/src/sql/qsqldatabase.cpp Mon Jul 16 10:45:03 CEST 2007
@@ -234,7 +234,8 @@
db->open();
#ifdef QT_CHECK_RANGE
if ( !db->isOpen() )
- qWarning("QSqlDatabaseManager::database: unable to open database: " + db->lastError().databaseText() + ": " + db->lastError().driverText() );
+ qWarning("QSqlDatabaseManager::database: unable to open database: %s: %s",
+ db->lastError().databaseText().latin1(), db->lastError().driverText().latin1() );
#endif
}
return db;
@@ -686,7 +687,7 @@
if ( !d->driver ) {
#ifdef QT_CHECK_RANGE
qWarning( "QSqlDatabase: %s driver not loaded", type.latin1() );
- qWarning( "QSqlDatabase: available drivers: " + drivers().join(" ") );
+ qWarning( "QSqlDatabase: available drivers: %s", drivers().join(" ").latin1() );
#endif
d->driver = new QNullDriver();
d->driver->setLastError( QSqlError( "Driver not loaded", "Driver not loaded" ) );
--- qt3/src/sql/qsqlindex.cpp Mon Jul 16 10:45:03 CEST 2007
+++ qt3/src/sql/qsqlindex.cpp Mon Jul 16 10:45:03 CEST 2007
@@ -273,7 +273,7 @@
if ( field )
newSort.append( *field, desc );
else
- qWarning( "QSqlIndex::fromStringList: unknown field: '" + f + "'" );
+ qWarning( "QSqlIndex::fromStringList: unknown field: '%s'", f.latin1());
}
return newSort;
}
--- qt3/src/sql/qsqlrecord.cpp Mon Jul 16 10:45:03 CEST 2007
+++ qt3/src/sql/qsqlrecord.cpp Mon Jul 16 10:45:03 CEST 2007
@@ -298,7 +298,7 @@
return i;
}
#ifdef QT_CHECK_RANGE
- qWarning( "QSqlRecord::position: unable to find field " + name );
+ qWarning( "QSqlRecord::position: unable to find field %s", name.latin1() );
#endif
return -1;
}
@@ -313,7 +313,7 @@
checkDetach();
if ( !sh->d->contains( i ) ) {
#ifdef QT_CHECK_RANGE
- qWarning( "QSqlRecord::field: index out of range: " + QString::number( i ) );
+ qWarning( "QSqlRecord::field: index out of range: %d", i );
#endif
return 0;
}
@@ -344,7 +344,7 @@
{
if ( !sh->d->contains( i ) ) {
#ifdef QT_CHECK_RANGE
- qWarning( "QSqlRecord::field: index out of range: " + QString::number( i ) );
+ qWarning( "QSqlRecord::field: index out of range: %d", i );
#endif // QT_CHECK_RANGE
return 0;
}
--- qt3/src/tools/qglobal.cpp Mon Jul 16 10:45:03 CEST 2007
+++ qt3/src/tools/qglobal.cpp Mon Jul 16 10:45:03 CEST 2007
@@ -680,7 +680,7 @@
if ( code != -1 )
qWarning( "%s\n\tError code %d - %s", msg, code, strerror( code ) );
else
- qWarning( msg );
+ qWarning( "%s", msg );
#endif
#else
Q_UNUSED( msg );
--- qt3/src/xml/qsvgdevice.cpp Mon Jul 16 10:45:03 CEST 2007
+++ qt3/src/xml/qsvgdevice.cpp Mon Jul 16 10:45:03 CEST 2007
@@ -978,7 +978,7 @@
// ### catch references to embedded .svg files
QPixmap pix;
if ( !pix.load( href ) ) {
- qWarning( "QSvgDevice::play: Couldn't load image "+href );
+ qWarning( "QSvgDevice::play: Couldn't load image %s", href.latin1() );
break;
}
pt->drawPixmap( QRect( x1, y1, w, h ), pix );
@@ -1024,8 +1024,8 @@
break;
}
case InvalidElement:
- qWarning( "QSvgDevice::play: unknown element type " +
- node.nodeName() );
+ qWarning( "QSvgDevice::play: unknown element type %s",
+ node.nodeName().latin1() );
break;
};
@@ -1111,7 +1111,7 @@
{
QRegExp reg( QString::fromLatin1("([+-]?\\d*\\.*\\d*[Ee]?[+-]?\\d*)(em|ex|px|%|pt|pc|cm|mm|in|)$") );
if ( reg.search( str ) == -1 ) {
- qWarning( "QSvgDevice::parseLen: couldn't parse " + str );
+ qWarning( "QSvgDevice::parseLen: couldn't parse %s ", str.latin1() );
if ( ok )
*ok = FALSE;
return 0.0;
@@ -1140,7 +1140,7 @@
else if ( u == "pc" )
dbl *= m.logicalDpiX() / 6.0;
else
- qWarning( "QSvgDevice::parseLen: Unknown unit " + u );
+ qWarning( "QSvgDevice::parseLen: Unknown unit %s", u.latin1() );
}
if ( ok )
*ok = TRUE;
Index: qt.spec
===================================================================
RCS file: /cvs/extras/rpms/qt/devel/qt.spec,v
retrieving revision 1.136
retrieving revision 1.137
diff -u -r1.136 -r1.137
--- qt.spec 23 Apr 2007 15:36:50 -0000 1.136
+++ qt.spec 28 Aug 2007 17:20:32 -0000 1.137
@@ -1,7 +1,7 @@
Summary: The shared library for the Qt GUI toolkit.
Name: qt
Version: 3.3.8
-Release: 5%{?dist}
+Release: 7%{?dist}
Epoch: 1
License: GPL/QPL
Group: System Environment/Libraries
@@ -61,6 +61,10 @@
# upstream patches
Patch200: qt-x11-free-3.3.4-fullscreen.patch
+Patch201: qt-x11-free-3.3.8-bz#243722-mysql.patch
+
+# security patces
+Patch300: qt3-CVE-2007-3388.patch
%define qt_dirname qt-3.3
%define qtdir %{_libdir}/%{qt_dirname}
@@ -297,6 +301,10 @@
%patch107 -p0 -b .0077-utf8-decoder-fixes
%patch200 -p1 -b .fullscreen
+%patch201 -p1 -b .bz#243722-mysql
+
+# security patches
+%patch300 -p1 -b .CVE-2007-3388
# convert to UTF-8
iconv -f iso-8859-1 -t utf-8 < doc/man/man3/qdial.3qt > doc/man/man3/qdial.3qt_
@@ -568,6 +576,11 @@
%changelog
+* Tue Aug 28 2007 Than Ngo <than at redhat.com> - 1:3.3.8-7
+- CVE-2007-3388 qt3 format string flaw
+- backport to fix #bz243722, bz#244148, Applications using qt-mysql crash if database is
+ removed before QApplication is destroyed
+
* Mon Apr 23 2007 Than Ngo <than at redhat.com> - 1:3.3.8-5.fc7
- apply patch to fix fontrendering problem in gu_IN #228451,#228452
More information about the fedora-extras-commits
mailing list