rpms/kdelibs/F-9 kdelibs-4.0.3-khtml-security.patch, NONE, 1.1 kdelibs.spec, 1.308, 1.309
Lukas Tinkl (ltinkl)
fedora-extras-commits at redhat.com
Wed Apr 23 13:58:56 UTC 2008
Author: ltinkl
Update of /cvs/extras/rpms/kdelibs/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7318/F-9
Modified Files:
kdelibs.spec
Added Files:
kdelibs-4.0.3-khtml-security.patch
Log Message:
backport the patch to F9, sync and update changelogs
kdelibs-4.0.3-khtml-security.patch:
--- NEW FILE kdelibs-4.0.3-khtml-security.patch ---
--- khtml/imload/decoders/pngloader.cpp
+++ khtml/imload/decoders/pngloader.cpp
@@ -109,6 +109,8 @@ private:
if (colorType == PNG_COLOR_TYPE_RGB)
colorType = PNG_COLOR_TYPE_RGB_ALPHA; //Paranoia..
+ else if (colorType == PNG_COLOR_TYPE_GRAY)
+ colorType = PNG_COLOR_TYPE_GRAY_ALPHA;
}
ImageFormat imFrm;
@@ -192,6 +194,7 @@ private:
{
if (interlaced)
{
+ Q_ASSERT(pngReadStruct->row_info.pixel_depth <= depth * 8);
requestScanline(rowNum, scanlineBuf);
png_progressive_combine_row(pngReadStruct, scanlineBuf, data);
notifyScanline(pass + 1, scanlineBuf);
Index: kdelibs.spec
===================================================================
RCS file: /cvs/extras/rpms/kdelibs/F-9/kdelibs.spec,v
retrieving revision 1.308
retrieving revision 1.309
diff -u -r1.308 -r1.309
--- kdelibs.spec 16 Apr 2008 16:06:04 -0000 1.308
+++ kdelibs.spec 23 Apr 2008 13:58:21 -0000 1.309
@@ -1,7 +1,7 @@
Summary: K Desktop Environment 4 - Libraries
Version: 4.0.3
-Release: 6%{?dist}
+Release: 7%{?dist}
%if 0%{?fedora} > 8
Name: kdelibs
@@ -79,6 +79,8 @@
Patch13: kdelibs-4.0.3-fedora-buildtype.patch
# patch KStandardDirs to use %{_libexecdir}/kde4 instead of %{_libdir}/kde4/libexec
Patch14: kdelibs-4.0.3-libexecdir.patch
+#Â Buffer overflow in KHTML's image loader
+Patch15: kdelibs-4.0.3-khtml-security.patch
## upstream patches
# based on SVN commit 793504 by dfaure
@@ -202,6 +204,7 @@
%patch12 -p1 -b .Administration-menu
%patch13 -p1 -b .fedora-buildtype
%patch14 -p1 -b .libexecdir
+%patch15 -p0 -b .khtml-security
%patch100 -p1 -b .kconfig_sync_crash
%patch101 -p1 -b .klauncher-crash
@@ -364,6 +367,10 @@
%changelog
+* Tue Apr 22 2008 Lukáš Tinkl <ltinkl at redhat.com> - 4.0.3-7
+- fix buffer overflow in KHTML's image loader (KDE advisory 20080426-1,
+ #443766: EMBARGOED CVE-2008-1670)
+
* Fri Apr 04 2008 Than Ngo <than at redhat.com> - 4.0.3-6
- apply upstream patch to fix klauncher crash
- fix kconfig_sync_crash patch
More information about the fedora-extras-commits
mailing list