rev 10127 - branches/etch/packages/qt-x11-free/debian/patches
Sune Vuorela
pusling-guest at alioth.debian.org
Sat Apr 12 15:12:22 UTC 2008
Author: pusling-guest
Date: 2008-04-12 15:12:21 +0000 (Sat, 12 Apr 2008)
New Revision: 10127
Added:
branches/etch/packages/qt-x11-free/debian/patches/65_CVE-2007-3387.dpatch
branches/etch/packages/qt-x11-free/debian/patches/66_CVE-2007-4137.dpatch
Log:
better add these security fixes also ... - already applied by security team
Added: branches/etch/packages/qt-x11-free/debian/patches/65_CVE-2007-3387.dpatch
===================================================================
--- branches/etch/packages/qt-x11-free/debian/patches/65_CVE-2007-3387.dpatch (rev 0)
+++ branches/etch/packages/qt-x11-free/debian/patches/65_CVE-2007-3387.dpatch 2008-04-12 15:12:21 UTC (rev 10127)
@@ -0,0 +1,190 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: CVE-2007-3387
+
+ at DPATCH@
+diff -urNad qt-x11-free-3.3.8really3.3.7~/src/sql/qdatatable.cpp qt-x11-free-3.3.8really3.3.7/src/sql/qdatatable.cpp
+--- qt-x11-free-3.3.7.orig/src/sql/qdatatable.cpp 2005-08-31 10:13:32.000000000 +0000
++++ qt-x11-free-3.3.7/src/sql/qdatatable.cpp 2007-08-02 11:28:59.000000000 +0000
+@@ -1043,8 +1043,8 @@
+ return FALSE;
+ if ( !sqlCursor()->canInsert() ) {
+ #ifdef QT_CHECK_RANGE
+- qWarning("QDataTable::insertCurrent: insert not allowed for " +
+- sqlCursor()->name() );
++ qWarning("QDataTable::insertCurrent: insert not allowed for %s",
++ sqlCursor()->name().latin1() );
+ #endif
+ endInsert();
+ return FALSE;
+@@ -1117,16 +1117,16 @@
+ return FALSE;
+ if ( sqlCursor()->primaryIndex().count() == 0 ) {
+ #ifdef QT_CHECK_RANGE
+- qWarning("QDataTable::updateCurrent: no primary index for " +
+- sqlCursor()->name() );
++ qWarning("QDataTable::updateCurrent: no primary index for %s",
++ sqlCursor()->name().latin1() );
+ #endif
+ endUpdate();
+ return FALSE;
+ }
+ if ( !sqlCursor()->canUpdate() ) {
+ #ifdef QT_CHECK_RANGE
+- qWarning("QDataTable::updateCurrent: updates not allowed for " +
+- sqlCursor()->name() );
++ qWarning("QDataTable::updateCurrent: updates not allowed for %s",
++ sqlCursor()->name().latin1() );
+ #endif
+ endUpdate();
+ return FALSE;
+@@ -1191,8 +1191,8 @@
+ return FALSE;
+ if ( sqlCursor()->primaryIndex().count() == 0 ) {
+ #ifdef QT_CHECK_RANGE
+- qWarning("QDataTable::deleteCurrent: no primary index " +
+- sqlCursor()->name() );
++ qWarning("QDataTable::deleteCurrent: no primary index %s",
++ sqlCursor()->name().latin1() );
+ #endif
+ return FALSE;
+ }
+diff -urNad qt-x11-free-3.3.8really3.3.7~/src/sql/qsqldatabase.cpp qt-x11-free-3.3.8really3.3.7/src/sql/qsqldatabase.cpp
+--- qt-x11-free-3.3.7.orig/src/sql/qsqldatabase.cpp 2005-08-31 10:13:32.000000000 +0000
++++ qt-x11-free-3.3.7/src/sql/qsqldatabase.cpp 2007-08-02 11:28:59.000000000 +0000
+@@ -234,7 +234,8 @@
+ db->open();
+ #ifdef QT_CHECK_RANGE
+ if ( !db->isOpen() )
+- qWarning("QSqlDatabaseManager::database: unable to open database: " + db->lastError().databaseText() + ": " + db->lastError().driverText() );
++ qWarning("QSqlDatabaseManager::database: unable to open database: %s: %s",
++ db->lastError().databaseText().latin1(), db->lastError().driverText().latin1() );
+ #endif
+ }
+ return db;
+@@ -681,7 +682,7 @@
+ if ( !d->driver ) {
+ #ifdef QT_CHECK_RANGE
+ qWarning( "QSqlDatabase: %s driver not loaded", type.latin1() );
+- qWarning( "QSqlDatabase: available drivers: " + drivers().join(" ") );
++ qWarning( "QSqlDatabase: available drivers: %s", drivers().join(" ").latin1() );
+ #endif
+ d->driver = new QNullDriver();
+ d->driver->setLastError( QSqlError( "Driver not loaded", "Driver not loaded" ) );
+diff -urNad qt-x11-free-3.3.8really3.3.7~/src/sql/qsqlindex.cpp qt-x11-free-3.3.8really3.3.7/src/sql/qsqlindex.cpp
+--- qt-x11-free-3.3.7.orig/src/sql/qsqlindex.cpp 2005-08-31 10:13:32.000000000 +0000
++++ qt-x11-free-3.3.7/src/sql/qsqlindex.cpp 2007-08-02 11:28:59.000000000 +0000
+@@ -273,7 +273,7 @@
+ if ( field )
+ newSort.append( *field, desc );
+ else
+- qWarning( "QSqlIndex::fromStringList: unknown field: '" + f + "'" );
++ qWarning( "QSqlIndex::fromStringList: unknown field: '%s'", f.latin1());
+ }
+ return newSort;
+ }
+diff -urNad qt-x11-free-3.3.8really3.3.7~/src/sql/qsqlrecord.cpp qt-x11-free-3.3.8really3.3.7/src/sql/qsqlrecord.cpp
+--- qt-x11-free-3.3.7.orig/src/sql/qsqlrecord.cpp 2005-08-31 10:13:32.000000000 +0000
++++ qt-x11-free-3.3.7/src/sql/qsqlrecord.cpp 2007-08-02 11:28:59.000000000 +0000
+@@ -298,7 +298,7 @@
+ return i;
+ }
+ #ifdef QT_CHECK_RANGE
+- qWarning( "QSqlRecord::position: unable to find field " + name );
++ qWarning( "QSqlRecord::position: unable to find field %s", name.latin1() );
+ #endif
+ return -1;
+ }
+@@ -313,7 +313,7 @@
+ checkDetach();
+ if ( !sh->d->contains( i ) ) {
+ #ifdef QT_CHECK_RANGE
+- qWarning( "QSqlRecord::field: index out of range: " + QString::number( i ) );
++ qWarning( "QSqlRecord::field: index out of range: %d", i );
+ #endif
+ return 0;
+ }
+@@ -344,7 +344,7 @@
+ {
+ if ( !sh->d->contains( i ) ) {
+ #ifdef QT_CHECK_RANGE
+- qWarning( "QSqlRecord::field: index out of range: " + QString::number( i ) );
++ qWarning( "QSqlRecord::field: index out of range: %d", i );
+ #endif // QT_CHECK_RANGE
+ return 0;
+ }
+diff -urNad qt-x11-free-3.3.8really3.3.7~/src/tools/qglobal.cpp qt-x11-free-3.3.8really3.3.7/src/tools/qglobal.cpp
+--- qt-x11-free-3.3.7/src/tools/qglobal.cpp 2006-10-19 14:25:04.000000000 +0000
++++ qt-x11-free-3.3.7.orig/src/tools/qglobal.cpp 2007-08-02 11:28:59.000000000 +0000
+@@ -689,7 +689,7 @@
+ if ( code != -1 )
+ qWarning( "%s\n\tError code %d - %s", msg, code, strerror( code ) );
+ else
+- qWarning( msg );
++ qWarning( "%s", msg );
+ #endif
+ #else
+ Q_UNUSED( msg );
+diff -urNad qt-x11-free-3.3.8really3.3.7~/src/widgets/qtextedit.cpp qt-x11-free-3.3.8really3.3.7/src/widgets/qtextedit.cpp
+--- qt-x11-free-3.3.7.orig/src/widgets/qtextedit.cpp 2006-10-19 14:25:34.000000000 +0000
++++ qt-x11-free-3.3.7/src/widgets/qtextedit.cpp 2007-08-02 11:28:59.000000000 +0000
+@@ -6345,7 +6345,7 @@
+ cur = tag->prev;
+ if ( !cur ) {
+ #ifdef QT_CHECK_RANGE
+- qWarning( "QTextEdit::optimParseTags: no left-tag for '<" + tag->tag + ">' in line %d.", tag->line + 1 );
++ qWarning( "QTextEdit::optimParseTags: no left-tag for '<%s>' in line %d.", tag->tag.ascii(), tag->line + 1 );
+ #endif
+ return; // something is wrong - give up
+ }
+@@ -6368,7 +6368,7 @@
+ break;
+ } else if ( !cur->leftTag ) {
+ #ifdef QT_CHECK_RANGE
+- qWarning( "QTextEdit::optimParseTags: mismatching %s-tag for '<" + cur->tag + ">' in line %d.", cur->tag[0] == '/' ? "left" : "right", cur->line + 1 );
++ qWarning( "QTextEdit::optimParseTags: mismatching %s-tag for '<%s>' in line %d.", cur->tag[0] == '/' ? "left" : "right", cur->tag.ascii(), cur->line + 1 );
+ #endif
+ return; // something is amiss - give up
+ }
+diff -urNad qt-x11-free-3.3.8really3.3.7~/src/xml/qsvgdevice.cpp qt-x11-free-3.3.8really3.3.7/src/xml/qsvgdevice.cpp
+--- qt-x11-free-3.3.7.orig/src/xml/qsvgdevice.cpp 2006-10-19 14:24:58.000000000 +0000
++++ qt-x11-free-3.3.7/src/xml/qsvgdevice.cpp 2007-08-02 11:28:59.000000000 +0000
+@@ -978,7 +978,7 @@
+ // ### catch references to embedded .svg files
+ QPixmap pix;
+ if ( !pix.load( href ) ) {
+- qWarning( "QSvgDevice::play: Couldn't load image "+href );
++ qWarning( "QSvgDevice::play: Couldn't load image %s", href.latin1() );
+ break;
+ }
+ pt->drawPixmap( QRect( x1, y1, w, h ), pix );
+@@ -1024,8 +1024,8 @@
+ break;
+ }
+ case InvalidElement:
+- qWarning( "QSvgDevice::play: unknown element type " +
+- node.nodeName() );
++ qWarning( "QSvgDevice::play: unknown element type %s",
++ node.nodeName().latin1() );
+ break;
+ };
+
+@@ -1111,7 +1111,7 @@
+ {
+ QRegExp reg( QString::fromLatin1("([+-]?\\d*\\.*\\d*[Ee]?[+-]?\\d*)(em|ex|px|%|pt|pc|cm|mm|in|)$") );
+ if ( reg.search( str ) == -1 ) {
+- qWarning( "QSvgDevice::parseLen: couldn't parse " + str );
++ qWarning( "QSvgDevice::parseLen: couldn't parse %s ", str.latin1() );
+ if ( ok )
+ *ok = FALSE;
+ return 0.0;
+@@ -1140,7 +1140,7 @@
+ else if ( u == "pc" )
+ dbl *= m.logicalDpiX() / 6.0;
+ else
+- qWarning( "QSvgDevice::parseLen: Unknown unit " + u );
++ qWarning( "QSvgDevice::parseLen: Unknown unit %s", u.latin1() );
+ }
+ if ( ok )
+ *ok = TRUE;
Property changes on: branches/etch/packages/qt-x11-free/debian/patches/65_CVE-2007-3387.dpatch
___________________________________________________________________
Name: svn:executable
+ *
Added: branches/etch/packages/qt-x11-free/debian/patches/66_CVE-2007-4137.dpatch
===================================================================
--- branches/etch/packages/qt-x11-free/debian/patches/66_CVE-2007-4137.dpatch (rev 0)
+++ branches/etch/packages/qt-x11-free/debian/patches/66_CVE-2007-4137.dpatch 2008-04-12 15:12:21 UTC (rev 10127)
@@ -0,0 +1,17 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: CVE-2007-4137
+
+ at DPATCH@
+--- qt-x11-free-3.3.7.orig/src/codecs/qutfcodec.cpp
++++ qt-x11-free-3.3.7/src/codecs/qutfcodec.cpp
+@@ -165,7 +165,7 @@ public:
+ QString toUnicode(const char* chars, int len)
+ {
+ QString result;
+- result.setLength( len ); // worst case
++ result.setLength( len + 1 ); // worst case
+ QChar *qch = (QChar *)result.unicode();
+ uchar ch;
+ int error = -1;
Property changes on: branches/etch/packages/qt-x11-free/debian/patches/66_CVE-2007-4137.dpatch
___________________________________________________________________
Name: svn:executable
+ *
More information about the pkg-kde-commits
mailing list