rpms/qt/devel qt-x11-opensource-src-4.5.2-CVE-2009-2700.patch, NONE, 1.1 qt.spec, 1.318, 1.319

[Than Ngo]

Author: than

Update of /cvs/extras/rpms/qt/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27454

Modified Files:
	qt.spec 
Added Files:
	qt-x11-opensource-src-4.5.2-CVE-2009-2700.patch 
Log Message:
fix for CVE-2009-2700



qt-x11-opensource-src-4.5.2-CVE-2009-2700.patch:
 qsslcertificate.cpp |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE qt-x11-opensource-src-4.5.2-CVE-2009-2700.patch ---
diff -up qt-x11-opensource-src-4.5.2/src/network/ssl/qsslcertificate.cpp.orig qt-x11-opensource-src-4.5.2/src/network/ssl/qsslcertificate.cpp
--- qt-x11-opensource-src-4.5.2/src/network/ssl/qsslcertificate.cpp.orig	2009-08-31 16:46:48.000000000 +0200
+++ qt-x11-opensource-src-4.5.2/src/network/ssl/qsslcertificate.cpp	2009-08-31 16:49:47.000000000 +0200
@@ -377,7 +377,7 @@ QMultiMap<QSsl::AlternateNameEntryType, 
             }
 
             const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(genName->d.ia5));
-            const QString altName = QLatin1String(QByteArray(altNameStr, len));
+            const QString altName = QString::fromLatin1(altNameStr, len);
             if (genName->type == GEN_DNS)
                 result.insert(QSsl::DnsEntry, altName);
             else if (genName->type == GEN_EMAIL)


Index: qt.spec
===================================================================
RCS file: /cvs/extras/rpms/qt/devel/qt.spec,v
retrieving revision 1.318
retrieving revision 1.319
diff -u -p -r1.318 -r1.319
--- qt.spec	30 Aug 2009 20:07:59 -0000	1.318
+++ qt.spec	31 Aug 2009 14:52:11 -0000	1.319
@@ -14,7 +14,7 @@ Epoch:   1
 Name:    qt4
 %endif
 Version: 4.5.2
-Release: 12%{?dist}
+Release: 13%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: LGPLv2 with exceptions or GPLv3 with exceptions
@@ -64,6 +64,7 @@ Patch56: qt-x11-opensource-src-4.5.2-oss
 
 # security patches
 Patch100: qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch
+Patch101: qt-x11-opensource-src-4.5.2-CVE-2009-2700.patch
 
 # switch to kde-qt branches, qt-copy doesn't exist anymore
 Patch200: kde-qt-patches-20090820git.patch
@@ -391,6 +392,7 @@ Qt libraries used for drawing widgets an
 
 # security fixes
 %patch100 -p1 -b .CVE-2009-1725
+%patch101 -p1 -b .CVE-2009-2700
 
 # kde-qt branch
 %patch200 -p1 -b .kde-qt-patches-20090820git
@@ -918,6 +920,9 @@ fi
 %{_datadir}/icons/hicolor/*/apps/qt4-logo.*
 
 %changelog
+* Mon Aug 31 2009 Than Ngo <than at redhat.com> - 4.5.2-13
+- fix for CVE-2009-2700
+
 * Thu Aug 27 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.2-12
 - use platform linux-g++ everywhere (ie, drop linux-g++-64 on 64 bit),
   avoids plugin/linker weirdness described in bug #475110