rpms/qt/devel qt-x11-opensource-src-4.5.2-CVE-2009-2700.patch, NONE, 1.1 qt.spec, 1.318, 1.319
Than Ngo
than at fedoraproject.org
Mon Aug 31 14:52:11 UTC 2009
Author: than
Update of /cvs/extras/rpms/qt/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27454
Modified Files:
qt.spec
Added Files:
qt-x11-opensource-src-4.5.2-CVE-2009-2700.patch
Log Message:
fix for CVE-2009-2700
qt-x11-opensource-src-4.5.2-CVE-2009-2700.patch:
qsslcertificate.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE qt-x11-opensource-src-4.5.2-CVE-2009-2700.patch ---
diff -up qt-x11-opensource-src-4.5.2/src/network/ssl/qsslcertificate.cpp.orig qt-x11-opensource-src-4.5.2/src/network/ssl/qsslcertificate.cpp
--- qt-x11-opensource-src-4.5.2/src/network/ssl/qsslcertificate.cpp.orig 2009-08-31 16:46:48.000000000 +0200
+++ qt-x11-opensource-src-4.5.2/src/network/ssl/qsslcertificate.cpp 2009-08-31 16:49:47.000000000 +0200
@@ -377,7 +377,7 @@ QMultiMap<QSsl::AlternateNameEntryType,
}
const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(genName->d.ia5));
- const QString altName = QLatin1String(QByteArray(altNameStr, len));
+ const QString altName = QString::fromLatin1(altNameStr, len);
if (genName->type == GEN_DNS)
result.insert(QSsl::DnsEntry, altName);
else if (genName->type == GEN_EMAIL)
Index: qt.spec
===================================================================
RCS file: /cvs/extras/rpms/qt/devel/qt.spec,v
retrieving revision 1.318
retrieving revision 1.319
diff -u -p -r1.318 -r1.319
--- qt.spec 30 Aug 2009 20:07:59 -0000 1.318
+++ qt.spec 31 Aug 2009 14:52:11 -0000 1.319
@@ -14,7 +14,7 @@ Epoch: 1
Name: qt4
%endif
Version: 4.5.2
-Release: 12%{?dist}
+Release: 13%{?dist}
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
License: LGPLv2 with exceptions or GPLv3 with exceptions
@@ -64,6 +64,7 @@ Patch56: qt-x11-opensource-src-4.5.2-oss
# security patches
Patch100: qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch
+Patch101: qt-x11-opensource-src-4.5.2-CVE-2009-2700.patch
# switch to kde-qt branches, qt-copy doesn't exist anymore
Patch200: kde-qt-patches-20090820git.patch
@@ -391,6 +392,7 @@ Qt libraries used for drawing widgets an
# security fixes
%patch100 -p1 -b .CVE-2009-1725
+%patch101 -p1 -b .CVE-2009-2700
# kde-qt branch
%patch200 -p1 -b .kde-qt-patches-20090820git
@@ -918,6 +920,9 @@ fi
%{_datadir}/icons/hicolor/*/apps/qt4-logo.*
%changelog
+* Mon Aug 31 2009 Than Ngo <than at redhat.com> - 4.5.2-13
+- fix for CVE-2009-2700
+
* Thu Aug 27 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.2-12
- use platform linux-g++ everywhere (ie, drop linux-g++-64 on 64 bit),
avoids plugin/linker weirdness described in bug #475110
More information about the fedora-extras-commits
mailing list