[SCM] Qt 4 packaging branch, master, updated. debian/4.6.3-1-9-ge6c09aa

Fathi Boudra fabo at alioth.debian.org
Mon Sep 6 11:26:35 UTC 2010 

The following commit has been merged in the master branch:
commit e6c09aaf2cc173fd8938727b6a79620f78afce4f
Author: Fathi Boudra <fabo at debian.org>
Date:   Mon Sep 6 14:26:14 2010 +0300

    Add 0006_qsslsocket_improve_error_handling_CVE-2010-2621.patch
    Improve error handling in QSslSocket. (Closes: #587711)
---
 debian/changelog                                   |   11 +++--
 ...cket_improve_error_handling_CVE-2010-2621.patch |   41 ++++++++++++++++++++
 debian/patches/series                              |    1 +
 3 files changed, 49 insertions(+), 4 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index b255144..80f5b9b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-qt4-x11 (4:4.6.3-2) UNRELEASED; urgency=low
+qt4-x11 (4:4.6.3-2) unstable; urgency=low
 
   [ Fathi Boudra ]
   * Add upstream patch:
@@ -8,16 +8,19 @@ qt4-x11 (4:4.6.3-2) UNRELEASED; urgency=low
       directory names are now ignored, and that files without an extension are
       always considered headers (e.g., STL headers and Qt forwarding headers).
       (Closes: #586166)
+    - 0007_qsslsocket_improve_error_handling_CVE-2010-2621.patch
+      Improve error handling in QSslSocket. (Closes: #587711)
   * Fix qdbus manpage install. It is misplaced. (Closes: #588985)
 
   [ Modestas Vainius ]
   * Fix debian/control Vcs fields to point to the new location.
 
   [ Sune Vuorela ]
-  * Steal patch from upstream to make webkit not crash when loading adobe
-    flash plugin. This is related to a change in flashplugin.
+  * Steal 0006_webkit_propriotary_flash_init_gtk_first patch from upstream
+    to make webkit not crash when loading adobe flash plugin.
+    This is related to a change in flashplugin.
 
- -- Fathi Boudra <fabo at debian.org>  Thu, 17 Jun 2010 09:03:32 +0300
+ -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Mon, 06 Sep 2010 09:03:32 +0300
 
 qt4-x11 (4:4.6.3-1) unstable; urgency=low
 
diff --git a/debian/patches/0007_qsslsocket_improve_error_handling_CVE-2010-2621.patch b/debian/patches/0007_qsslsocket_improve_error_handling_CVE-2010-2621.patch
new file mode 100644
index 0000000..d79311b
--- /dev/null
+++ b/debian/patches/0007_qsslsocket_improve_error_handling_CVE-2010-2621.patch
@@ -0,0 +1,41 @@
+From 151983bd827c8a05b8798560ade4d911a04156c3 Mon Sep 17 00:00:00 2001
+From: Peter Hartmann <peter.hartmann at nokia.com>
+Date: Mon, 12 Jul 2010 18:32:06 +0200
+Subject: [PATCH] QSslSocket: Improve error handling
+
+Reviewed-by: Markus Goetz
+Task-number: QT-3567
+(cherry picked from commit c25c7c9bdfade6b906f37ac8bad44f6f0de57597)
+---
+ src/network/ssl/qsslsocket_openssl.cpp |   14 +++++++++++++-
+ 1 files changed, 13 insertions(+), 1 deletions(-)
+
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index c6e340f..46213ff 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -965,8 +965,20 @@ void QSslSocketBackendPrivate::transmit()
+ #endif
+                 plainSocket->disconnectFromHost();
+                 break;
++            case SSL_ERROR_SYSCALL: // some IO error
++            case SSL_ERROR_SSL: // error in the SSL library
++                // we do not know exactly what the error is, nor whether we can recover from it,
++                // so just return to prevent an endless loop in the outer "while" statement
++                q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(SSL_ERRORSTR()));
++                q->setSocketError(QAbstractSocket::UnknownSocketError);
++                emit q->error(QAbstractSocket::UnknownSocketError);
++                return;
+             default:
+-                // ### Handle errors better.
++                // SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT: can only happen with a
++                // BIO_s_connect() or BIO_s_accept(), which we do not call.
++                // SSL_ERROR_WANT_X509_LOOKUP: can only happen with a
++                // SSL_CTX_set_client_cert_cb(), which we do not call.
++                // So this default case should never be triggered.
+                 q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(SSL_ERRORSTR()));
+                 q->setSocketError(QAbstractSocket::UnknownSocketError);
+                 emit q->error(QAbstractSocket::UnknownSocketError);
+-- 
+1.6.1
+
diff --git a/debian/patches/series b/debian/patches/series
index c803317..4fbe491 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,6 +2,7 @@
 0004_problem_displaying_half_width_character.diff
 0005_fix_detection_of_headers_files.diff
 0006_webkit_propriotary_flash_init_gtk_first.diff
+0007_qsslsocket_improve_error_handling_CVE-2010-2621.patch
 
 # qt-copy patches
 0180-window-role.diff

-- 
Qt 4 packaging

More information about the pkg-kde-commits mailing list