[SCM] Qt 4 packaging branch, master, updated. debian/4.7.3-8-16-g37e3439
Fathi Boudra
fabo at alioth.debian.org
Thu Sep 15 22:05:35 UTC 2011
The following commit has been merged in the master branch:
commit 3bb88ab986d7ed8e1857fdf80d59e77d2663ab59
Author: Fathi Boudra <fabo at debian.org>
Date: Fri Sep 16 01:00:47 2011 +0300
Add Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
---
debian/changelog | 2 +
...rflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch | 26 ++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index af3b165..047447c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -15,6 +15,8 @@ qt4-x11 (4:4.7.4-1) UNRELEASED; urgency=low
* Add patches:
- qt-multiarch-plugin-path-compat.diff - include legacy pre-multiarch
plugin path.
+ - Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
+ (Closes: #641738)
* Break qdbus out into a separate 'qdbus' package and make it a dependency of
libqt4-dbus, because some things will use this at runtime. It makes
libqt4-dbus genuinely multiarch-installable.
diff --git a/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch b/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
new file mode 100644
index 0000000..433cb1e
--- /dev/null
+++ b/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
@@ -0,0 +1,26 @@
+From 9ae6f2f9a57f0c3096d5785913e437953fa6775c Mon Sep 17 00:00:00 2001
+From: Jiang Jiang <jiang.jiang at nokia.com>
+Date: Mon, 18 Jul 2011 08:49:32 +0200
+Subject: [PATCH] Check for buffer overflow in Lookup_MarkMarkPos
+
+That may cause crash in this function with certain fonts.
+
+Task-number: QTBUG-17238
+Done-by: Alberto Garcia <agarcia at igalia.com>
+Reviewed-by: Jiang Jiang
+---
+ src/3rdparty/harfbuzz/src/harfbuzz-gpos.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
++++ b/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
+@@ -3015,6 +3015,9 @@ static HB_Error Lookup_MarkMarkPos( GPO
+ if ( i > buffer->in_pos )
+ return HB_Err_Not_Covered;
+
++ if ( i > buffer->in_pos )
++ return HB_Err_Not_Covered;
++
+ error = _HB_OPEN_Coverage_Index( &mmp->Mark2Coverage, IN_GLYPH( j ),
+ &mark2_index );
+ if ( error )
diff --git a/debian/patches/series b/debian/patches/series
index 861f066..5594f33 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,6 +10,7 @@ Add_support_for_QT_USE_DRAG_DISTANCE_env_var.patch
Fixed_bug_in_X11_backend_when_creating_translucent_windows.patch
Take_Xft.hintstyle_by_default_to_match_the_behavior_of_GTK+.patch
Fix_fontconfig_usage_in_X11_font_database.patch
+Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
# qt-copy patches
0195-compositing-properties.diff
--
Qt 4 packaging
More information about the pkg-kde-commits
mailing list