Hello community,
here is the log from the commit of package qt3
checked in at Thu Apr 12 18:15:51 CEST 2007.
--------
--- KDE/qt3/qt3.changes 2007-03-29 18:02:51.000000000 +0200
+++ /mounts/work_src_done/STABLE/qt3/qt3.changes 2007-04-01 20:40:12.000000000 +0200
@@ -1,0 +2,5 @@
+Sun Apr 1 20:40:04 CEST 2007 - dmueller@suse.de
+
+- fix utf8 decoder (#259187, CVE-2007-0242)
+
+-------------------------------------------------------------------
qt3-devel-doc.changes: same change
qt3-extensions.changes: same change
qt3-static.changes: same change
New:
----
CVE-2007-0242.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ qt3-devel-doc.spec ++++++
--- /var/tmp/diff_new_pack.Z25866/_old 2007-04-12 18:15:31.000000000 +0200
+++ /var/tmp/diff_new_pack.Z25866/_new 2007-04-12 18:15:31.000000000 +0200
@@ -18,7 +18,7 @@
Summary: Documentation for the Qt 3 Development Kit
Group: Documentation/HTML
Version: 3.3.8
-Release: 10
+Release: 13
PreReq: /bin/grep
BuildArch: noarch
Provides: qt3-devel-tutorial
@@ -85,6 +85,7 @@
Patch121: qt3-warnings.diff
Patch122: 0076-fix-qprocess.diff
Patch123: use-xrandr-1.2.diff
+Patch124: CVE-2007-0242.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -148,6 +149,7 @@
%patch121
%patch122
%patch123
+%patch124
ln -sf $PWD/src/inputmethod/qinputcontextfactory.h include/
ln -sf $PWD/src/inputmethod/qinputcontextplugin.h include/
ln -sf $PWD/src/kernel/qinputcontext.h include/
@@ -230,6 +232,8 @@
/usr/share/pixmaps/assistant3.png
%changelog
+* Sun Apr 01 2007 - dmueller@suse.de
+- fix utf8 decoder (#259187, CVE-2007-0242)
* Thu Mar 29 2007 - dmueller@suse.de
- Fix XRandr 1.2 support
* Fri Mar 16 2007 - dmueller@suse.de
++++++ qt3-extensions.spec ++++++
--- /var/tmp/diff_new_pack.Z25866/_old 2007-04-12 18:15:31.000000000 +0200
+++ /var/tmp/diff_new_pack.Z25866/_new 2007-04-12 18:15:31.000000000 +0200
@@ -14,7 +14,7 @@
BuildRequires: cups-devel krb5-devel libjpeg-devel mysql-devel postgresql-devel qt3-devel sqlite2-devel unixODBC-devel update-desktop-files
License: GNU General Public License (GPL), THE Q PUBLIC LICENSE (QPL)
Version: 3.3.8
-Release: 11
+Release: 14
Autoreqprov: on
Requires: qt3 = %version
Group: Development/Tools/Other
@@ -80,6 +80,7 @@
Patch121: qt3-warnings.diff
Patch122: 0076-fix-qprocess.diff
Patch123: use-xrandr-1.2.diff
+Patch124: CVE-2007-0242.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -141,6 +142,7 @@
%patch121
%patch122
%patch123
+%patch124
ln -sf $PWD/src/inputmethod/qinputcontextfactory.h include/
ln -sf $PWD/src/inputmethod/qinputcontextplugin.h include/
ln -sf $PWD/src/kernel/qinputcontext.h include/
@@ -474,6 +476,8 @@
%{_mandir}/man*/*
%changelog
+* Sun Apr 01 2007 - dmueller@suse.de
+- fix utf8 decoder (#259187, CVE-2007-0242)
* Thu Mar 29 2007 - dmueller@suse.de
- Fix XRandr 1.2 support
* Fri Mar 16 2007 - dmueller@suse.de
++++++ qt3.spec ++++++
--- /var/tmp/diff_new_pack.Z25866/_old 2007-04-12 18:15:31.000000000 +0200
+++ /var/tmp/diff_new_pack.Z25866/_new 2007-04-12 18:15:31.000000000 +0200
@@ -19,7 +19,7 @@
Autoreqprov: on
Summary: A library for developing applications with graphical user interfaces
Version: 3.3.8
-Release: 10
+Release: 13
Provides: qt_library_%version
PreReq: /bin/grep
%define x11_free -x11-free-
@@ -82,6 +82,7 @@
Patch121: qt3-warnings.diff
Patch122: 0076-fix-qprocess.diff
Patch123: use-xrandr-1.2.diff
+Patch124: CVE-2007-0242.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -152,6 +153,7 @@
%patch121
%patch122
%patch123
+%patch124
ln -sf $PWD/src/inputmethod/qinputcontextfactory.h include/
ln -sf $PWD/src/inputmethod/qinputcontextplugin.h include/
ln -sf $PWD/src/kernel/qinputcontext.h include/
@@ -365,6 +367,8 @@
/etc/profile.d/qt3.*
%changelog
+* Sun Apr 01 2007 - dmueller@suse.de
+- fix utf8 decoder (#259187, CVE-2007-0242)
* Thu Mar 29 2007 - dmueller@suse.de
- Fix XRandr 1.2 support
* Fri Mar 16 2007 - dmueller@suse.de
++++++ qt3-static.spec ++++++
--- /var/tmp/diff_new_pack.Z25866/_old 2007-04-12 18:15:31.000000000 +0200
+++ /var/tmp/diff_new_pack.Z25866/_new 2007-04-12 18:15:31.000000000 +0200
@@ -17,7 +17,7 @@
Autoreqprov: on
Summary: static program library for developing applications with graphical user interfaces
Version: 3.3.8
-Release: 10
+Release: 13
%define x11_free -x11-free-
%define rversion %version
# COMMON-BEGIN
@@ -79,6 +79,7 @@
Patch121: qt3-warnings.diff
Patch122: 0076-fix-qprocess.diff
Patch123: use-xrandr-1.2.diff
+Patch124: CVE-2007-0242.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -151,6 +152,7 @@
%patch121
%patch122
%patch123
+%patch124
ln -sf $PWD/src/inputmethod/qinputcontextfactory.h include/
ln -sf $PWD/src/inputmethod/qinputcontextplugin.h include/
ln -sf $PWD/src/kernel/qinputcontext.h include/
@@ -220,6 +222,8 @@
/usr/lib/qt3/%{_lib}/libqt-mt.a
%changelog
+* Sun Apr 01 2007 - dmueller@suse.de
+- fix utf8 decoder (#259187, CVE-2007-0242)
* Thu Mar 29 2007 - dmueller@suse.de
- Fix XRandr 1.2 support
* Fri Mar 16 2007 - dmueller@suse.de
++++++ CVE-2007-0242.diff ++++++
--- src/codecs/qutfcodec.cpp
+++ src/codecs/qutfcodec.cpp
@@ -154,6 +154,7 @@
class QUtf8Decoder : public QTextDecoder {
uint uc;
+ uint min_uc;
int need;
bool headerDone;
public:
@@ -167,8 +168,9 @@
result.setLength( len ); // worst case
QChar *qch = (QChar *)result.unicode();
uchar ch;
+ int error = -1;
for (int i=0; i