[SCM] Qt 4 packaging branch, master, updated. debian/4.7.3-8-19-g28f6271

Fathi Boudra fabo at alioth.debian.org
Tue Sep 20 09:17:41 UTC 2011 

The following commit has been merged in the master branch:
commit 28f6271886c861d5006ea9c8cd3eca87192808b7
Author: Fathi Boudra <fabo at debian.org>
Date:   Tue Sep 20 12:16:48 2011 +0300

    Drop Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch,
    already included in Qt 4.7.4
---
 debian/changelog                                   |    3 +-
 ...rflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch |   26 --------------------
 debian/patches/series                              |    1 -
 3 files changed, 1 insertions(+), 29 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 33ecd28..1f1e1e3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ qt4-x11 (4:4.7.4-1) UNRELEASED; urgency=low
 
   * New upstream release.
     - QTreeView crash in indexRowSizeHint/itemHeight. (Closes: #632855)
+    - include fixes for CVE-2011-3193 and CVE-2011-3194. (Closes: #641738)
   * Add Pino Toscano to Uploaders.
   * Remove patches:
     - Fix_GL_problems_on_stock_1.4_SGX_drivers.patch - stolen upstream.
@@ -16,8 +17,6 @@ qt4-x11 (4:4.7.4-1) UNRELEASED; urgency=low
   * Add patches:
     - qt-multiarch-plugin-path-compat.diff - include legacy pre-multiarch
       plugin path.
-    - Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
-      (Closes: #641738)
     - openssl_no_ssl2.patch - OpenSSL in Debian dropped the insecure SSLv2
       protocol. (Closes: #640210)
     - Remove_QtHelp_dependency_on_QtXml.patch - (Closes: #641753)
diff --git a/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch b/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
deleted file mode 100644
index 433cb1e..0000000
--- a/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 9ae6f2f9a57f0c3096d5785913e437953fa6775c Mon Sep 17 00:00:00 2001
-From: Jiang Jiang <jiang.jiang at nokia.com>
-Date: Mon, 18 Jul 2011 08:49:32 +0200
-Subject: [PATCH] Check for buffer overflow in Lookup_MarkMarkPos
-
-That may cause crash in this function with certain fonts.
-
-Task-number: QTBUG-17238
-Done-by: Alberto Garcia <agarcia at igalia.com>
-Reviewed-by: Jiang Jiang
----
- src/3rdparty/harfbuzz/src/harfbuzz-gpos.c |    3 +++
- 1 file changed, 3 insertions(+)
-
---- a/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
-+++ b/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
-@@ -3015,6 +3015,9 @@ static HB_Error  Lookup_MarkMarkPos( GPO
-   if ( i > buffer->in_pos )
-     return HB_Err_Not_Covered;
- 
-+  if ( i > buffer->in_pos )
-+    return HB_Err_Not_Covered;
-+
-   error = _HB_OPEN_Coverage_Index( &mmp->Mark2Coverage, IN_GLYPH( j ),
- 			  &mark2_index );
-   if ( error )
diff --git a/debian/patches/series b/debian/patches/series
index 0440c99..cbce1e3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,7 +10,6 @@ Add_support_for_QT_USE_DRAG_DISTANCE_env_var.patch
 Fixed_bug_in_X11_backend_when_creating_translucent_windows.patch
 Take_Xft.hintstyle_by_default_to_match_the_behavior_of_GTK+.patch
 Fix_fontconfig_usage_in_X11_font_database.patch
-Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
 
 # qt-copy patches
 0195-compositing-properties.diff

-- 
Qt 4 packaging

More information about the pkg-kde-commits mailing list