Hello community, here is the log from the commit of package libqt4 for openSUSE:11.3 checked in at Tue Jan 10 14:59:48 CET 2012. -------- --- old-versions/11.3/UPDATES/all/libqt4/libqt4-devel-doc-data.changes 2011-09-05 23:32:21.000000000 +0200 +++ 11.3/libqt4/libqt4-devel-doc-data.changes 2012-01-06 17:23:22.629580030 +0100 @@ -1,0 +2,6 @@ +Fri Jan 6 17:06:22 CET 2012 - dmueller@suse.de + +- add patch for rare stack based overflow in harbuzz parser + (bnc#739904, CVE-2011-3922). + +------------------------------------------------------------------- libqt4-devel-doc.changes: same change libqt4-sql-plugins.changes: same change libqt4.changes: same change calling whatdependson for 11.3-i586 New: ---- CVE-2011-3922.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libqt4-devel-doc-data.spec ++++++ --- /var/tmp/diff_new_pack.LZILUS/_old 2012-01-10 14:59:23.000000000 +0100 +++ /var/tmp/diff_new_pack.LZILUS/_new 2012-01-10 14:59:23.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libqt4-devel-doc-data # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,7 +28,7 @@ # COMMON-VERSION-BEGIN # COMMON-VERSION-BEGIN Version: 4.6.3 -Release: 2.<RELEASE4> +Release: 2.<RELEASE7> %define base_name libqt4 %define x11_free -everywhere-opensource-src- %define rversion 4.6.3 @@ -85,6 +85,7 @@ Patch123: tiff-samples-reader-crash.diff Patch124: qtbug-15295-qfiledialog-system-filter-regression.diff Patch125: harfbuzz-crash.diff +Patch126: CVE-2011-3922.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %define common_options --opensource -fast -no-separate-debug-info -shared -xkb -xrender -xcursor -dbus-linked -xfixes -xrandr -xinerama -sm -no-nas-sound -no-rpath -system-libjpeg -system-libpng -accessibility -cups -stl -nis -system-zlib -qt-gif -prefix /usr -L %_libdir -libdir %_libdir -docdir %_docdir/%{base_name} -examplesdir %_libdir/qt4/examples -demosdir %_libdir/qt4/demos -plugindir %plugindir -translationdir /usr/share/qt4/translations -iconv -sysconfdir /etc/settings -datadir /usr/share/qt4/ -no-pch -reduce-relocations -exceptions -system-libtiff -glib -optimized-qmake -no-webkit -no-xmlpatterns -system-sqlite -qt3support -no-sql-mysql -xsync -xinput -gtkstyle %define check_config \ @@ -144,6 +145,7 @@ %patch123 %patch124 %patch125 +%patch126 # be sure not to use them rm -rf src/3rdparty/{libjpeg,freetype,libpng,zlib,libtiff} # COMMON-END libqt4-devel-doc.spec: same change ++++++ libqt4-sql-plugins.spec ++++++ --- /var/tmp/diff_new_pack.LZILUS/_old 2012-01-10 14:59:23.000000000 +0100 +++ /var/tmp/diff_new_pack.LZILUS/_new 2012-01-10 14:59:23.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libqt4-sql-plugins # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ # COMMON-VERSION-BEGIN # COMMON-VERSION-BEGIN Version: 4.6.3 -Release: 2.<RELEASE4> +Release: 2.<RELEASE5> %define base_name libqt4 %define x11_free -everywhere-opensource-src- %define rversion 4.6.3 @@ -84,6 +84,7 @@ Patch123: tiff-samples-reader-crash.diff Patch124: qtbug-15295-qfiledialog-system-filter-regression.diff Patch125: harfbuzz-crash.diff +Patch126: CVE-2011-3922.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %define common_options --opensource -fast -no-separate-debug-info -shared -xkb -xrender -xcursor -dbus-linked -xfixes -xrandr -xinerama -sm -no-nas-sound -no-rpath -system-libjpeg -system-libpng -accessibility -cups -stl -nis -system-zlib -qt-gif -prefix /usr -L %_libdir -libdir %_libdir -docdir %_docdir/%{base_name} -examplesdir %_libdir/qt4/examples -demosdir %_libdir/qt4/demos -plugindir %plugindir -translationdir /usr/share/qt4/translations -iconv -sysconfdir /etc/settings -datadir /usr/share/qt4/ -no-pch -reduce-relocations -exceptions -system-libtiff -glib -optimized-qmake -no-webkit -no-xmlpatterns -system-sqlite -qt3support -no-sql-mysql -xsync -xinput -gtkstyle %define check_config \ @@ -143,6 +144,7 @@ %patch123 %patch124 %patch125 +%patch126 # be sure not to use them rm -rf src/3rdparty/{libjpeg,freetype,libpng,zlib,libtiff} # COMMON-END ++++++ libqt4.spec ++++++ --- /var/tmp/diff_new_pack.LZILUS/_old 2012-01-10 14:59:23.000000000 +0100 +++ /var/tmp/diff_new_pack.LZILUS/_new 2012-01-10 14:59:23.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libqt4 # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,15 +15,27 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: libqt4 -BuildRequires: Mesa-devel cups-devel freetype2-devel gcc-c++ libjpeg-devel libmng-devel -BuildRequires: libpng-devel libtiff-devel pkgconfig sqlite-devel -BuildRequires: fdupes glib2-devel update-desktop-files -BuildRequires: dbus-1-devel openssl-devel xorg-x11-devel -BuildRequires: alsa-devel gtk2-devel +BuildRequires: Mesa-devel +BuildRequires: alsa-devel +BuildRequires: cups-devel +BuildRequires: dbus-1-devel +BuildRequires: fdupes +BuildRequires: freetype2-devel +BuildRequires: gcc-c++ +BuildRequires: glib2-devel +BuildRequires: gtk2-devel +BuildRequires: libjpeg-devel +BuildRequires: libmng-devel +BuildRequires: libpng-devel +BuildRequires: libtiff-devel +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: sqlite-devel +BuildRequires: update-desktop-files +BuildRequires: xorg-x11-devel %if %suse_version > 1020 BuildRequires: clucene-core-devel %endif @@ -32,14 +44,14 @@ %define with_phonon_backend 0 %if %with_phonon %if %with_phonon_backend -BuildRequires: gstreamer-0_10-plugins-base-devel libxine-devel +BuildRequires: gstreamer-0_10-plugins-base-devel +BuildRequires: libxine-devel %endif %endif Url: http://www.trolltech.com -License: GPL v2 only; GPL v3 only -Group: System/Libraries -AutoReqProv: on Summary: C++ Program Library, Core Components +License: GPL-2.0 ; GPL-3.0 +Group: System/Libraries # bug437293 %ifarch ppc64 Obsoletes: qt-64bit @@ -54,7 +66,7 @@ Obsoletes: libqt4-dbus-1 < 4.4.0 # COMMON-VERSION-BEGIN Version: 4.6.3 -Release: 2.<RELEASE5> +Release: 2.<RELEASE7> %define base_name libqt4 %define x11_free -everywhere-opensource-src- %define rversion 4.6.3 @@ -102,6 +114,7 @@ Patch123: tiff-samples-reader-crash.diff Patch124: qtbug-15295-qfiledialog-system-filter-regression.diff Patch125: harfbuzz-crash.diff +Patch126: CVE-2011-3922.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %define common_options --opensource -fast -no-separate-debug-info -shared -xkb -xrender -xcursor -dbus-linked -xfixes -xrandr -xinerama -sm -no-nas-sound -no-rpath -system-libjpeg -system-libpng -accessibility -cups -stl -nis -system-zlib -qt-gif -prefix /usr -L %_libdir -libdir %_libdir -docdir %_docdir/%{base_name} -examplesdir %_libdir/qt4/examples -demosdir %_libdir/qt4/demos -plugindir %plugindir -translationdir /usr/share/qt4/translations -iconv -sysconfdir /etc/settings -datadir /usr/share/qt4/ -no-pch -reduce-relocations -exceptions -system-libtiff -glib -optimized-qmake -no-webkit -no-xmlpatterns -system-sqlite -qt3support -no-sql-mysql -xsync -xinput -gtkstyle %define check_config \ @@ -161,14 +174,15 @@ %patch123 %patch124 %patch125 +%patch126 # be sure not to use them rm -rf src/3rdparty/{libjpeg,freetype,libpng,zlib,libtiff} # COMMON-END %package devel -License: GPL v2 only; GPL v3 only -Group: Development/Libraries/X11 Summary: Qt Development Kit +License: GPL-2.0 ; GPL-3.0 +Group: Development/Libraries/X11 Requires: zlib-devel c++_compiler pkgconfig Requires: freetype2-devel libmng-devel libpng-devel libtiff-devel Requires: xorg-x11-devel Mesa-devel dbus-1-devel openssl-devel @@ -202,9 +216,9 @@ Troll Tech AS, Norway %package -n libqt4-sql-sqlite -License: GPL v2 only; GPL v3 only -Group: Development/Libraries/C and C++ Summary: Qt 4 sqlite plugin +License: GPL-2.0 ; GPL-3.0 +Group: Development/Libraries/C and C++ Requires: libqt4-sql = %version Provides: libqt4_sql_backend = %version Obsoletes: qt-sql-sqlite < 4.4.0 @@ -221,9 +235,9 @@ Troll Tech AS, Norway %package x11 -License: GPL v2 only; GPL v3 only -Group: Development/Libraries/C and C++ Summary: Qt 4 GUI related libraries +License: GPL-2.0 ; GPL-3.0 +Group: Development/Libraries/C and C++ # bug437293 %ifarch ppc64 Obsoletes: qt-x11-64bit @@ -245,9 +259,9 @@ %if %with_qt3support %package qt3support -License: GPL v2 only; GPL v3 only -Group: System/Libraries Summary: C++ Program Library, Core Components +License: GPL-2.0 ; GPL-3.0 +Group: System/Libraries # bug437293 %ifarch ppc64 Obsoletes: qt-qt3support-64bit @@ -272,9 +286,9 @@ %endif %package sql -License: GPL v2 only; GPL v3 only -Group: Development/Libraries/C and C++ Summary: Qt 4 SQL related libraries +License: GPL-2.0 ; GPL-3.0 +Group: Development/Libraries/C and C++ # bug437293 %ifarch ppc64 Obsoletes: qt-sql-64bit @@ -297,9 +311,9 @@ Troll Tech AS, Norway %package -n libQtWebKit4 -License: GPL v2 only -Group: System/Libraries Summary: C++ Program Library, Core Components +License: GPL-2.0 +Group: System/Libraries Requires: libqt4-x11 = %version %description -n libQtWebKit4 @@ -315,9 +329,9 @@ Troll Tech AS, Norway %package -n libQtWebKit-devel -License: GPL v2 only; GPL v3 only -Group: System/Libraries Summary: C++ Program Library, Core Components +License: GPL-2.0 ; GPL-3.0 +Group: System/Libraries Requires: libQtWebKit4 = %version Requires: libqt4-devel = %version @@ -337,8 +351,8 @@ %package -n phonon -License: LGPL v2.0 or later Summary: Phonon Multimedia Platform Abstraction +License: LGPL-2.0+ Group: Development/Libraries/KDE Requires: phonon-backend = %version Requires: libphonon4 = %version @@ -357,8 +371,8 @@ %package -n phonon-devel -License: LGPL v2.0 or later Summary: Phonon Multimedia Platform Abstraction +License: LGPL-2.0+ Group: Development/Libraries/KDE Requires: %name = %version Requires: libphonon4 = %version @@ -378,8 +392,8 @@ %package -n libphonon4 -License: LGPL v2.0 or later Summary: Phonon Multimedia Platform Abstraction +License: LGPL-2.0+ Group: Development/Libraries/KDE %requires_ge libqt4-x11 @@ -399,8 +413,8 @@ %package -n phonon-backend-gstreamer-0_10 -License: LGPL v2.0 or later Summary: Phonon Multimedia Platform Abstraction +License: LGPL-2.0+ Group: Development/Libraries/KDE Provides: phonon-backend = %version Requires: libphonon4 = %version @@ -420,8 +434,8 @@ %package -n phonon-backend-xine -License: LGPL v2.0 or later Summary: Phonon Multimedia Platform Abstraction +License: LGPL-2.0+ Group: Development/Libraries/KDE Provides: phonon-backend = %version Requires: libphonon4 = %version ++++++ CVE-2011-3922.diff ++++++ --- src/3rdparty/harfbuzz/src/harfbuzz-myanmar.c +++ src/3rdparty/harfbuzz/src/harfbuzz-myanmar.c @@ -359,7 +359,8 @@ if (kinzi >= 0 && i > base && (cc & Mymr_CF_AFTER_KINZI)) { reordered[len] = Mymr_C_NGA; reordered[len+1] = Mymr_C_VIRAMA; - properties[len-1] = AboveForm; + if (len > 0) + properties[len-1] = AboveForm; properties[len] = AboveForm; len += 2; kinzi = -1; continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org