[SCM] Qt 4 packaging branch, master, updated. debian/4.7.3-8-16-g37e3439

Fathi Boudra fabo at alioth.debian.org
Thu Sep 15 22:05:35 UTC 2011 

The following commit has been merged in the master branch:
commit 3bb88ab986d7ed8e1857fdf80d59e77d2663ab59
Author: Fathi Boudra <fabo at debian.org>
Date:   Fri Sep 16 01:00:47 2011 +0300

    Add Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
---
 debian/changelog                                   |    2 +
 ...rflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch |   26 ++++++++++++++++++++
 debian/patches/series                              |    1 +
 3 files changed, 29 insertions(+), 0 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index af3b165..047447c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -15,6 +15,8 @@ qt4-x11 (4:4.7.4-1) UNRELEASED; urgency=low
   * Add patches:
     - qt-multiarch-plugin-path-compat.diff - include legacy pre-multiarch
       plugin path.
+    - Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
+      (Closes: #641738)
   * Break qdbus out into a separate 'qdbus' package and make it a dependency of
     libqt4-dbus, because some things will use this at runtime. It makes
     libqt4-dbus genuinely multiarch-installable.
diff --git a/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch b/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
new file mode 100644
index 0000000..433cb1e
--- /dev/null
+++ b/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
@@ -0,0 +1,26 @@
+From 9ae6f2f9a57f0c3096d5785913e437953fa6775c Mon Sep 17 00:00:00 2001
+From: Jiang Jiang <jiang.jiang at nokia.com>
+Date: Mon, 18 Jul 2011 08:49:32 +0200
+Subject: [PATCH] Check for buffer overflow in Lookup_MarkMarkPos
+
+That may cause crash in this function with certain fonts.
+
+Task-number: QTBUG-17238
+Done-by: Alberto Garcia <agarcia at igalia.com>
+Reviewed-by: Jiang Jiang
+---
+ src/3rdparty/harfbuzz/src/harfbuzz-gpos.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
++++ b/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
+@@ -3015,6 +3015,9 @@ static HB_Error  Lookup_MarkMarkPos( GPO
+   if ( i > buffer->in_pos )
+     return HB_Err_Not_Covered;
+ 
++  if ( i > buffer->in_pos )
++    return HB_Err_Not_Covered;
++
+   error = _HB_OPEN_Coverage_Index( &mmp->Mark2Coverage, IN_GLYPH( j ),
+ 			  &mark2_index );
+   if ( error )
diff --git a/debian/patches/series b/debian/patches/series
index 861f066..5594f33 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,6 +10,7 @@ Add_support_for_QT_USE_DRAG_DISTANCE_env_var.patch
 Fixed_bug_in_X11_backend_when_creating_translucent_windows.patch
 Take_Xft.hintstyle_by_default_to_match_the_behavior_of_GTK+.patch
 Fix_fontconfig_usage_in_X11_font_database.patch
+Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
 
 # qt-copy patches
 0195-compositing-properties.diff

-- 
Qt 4 packaging

More information about the pkg-kde-commits mailing list