Hello community, here is the log from the commit of package libqt4 for openSUSE:11.4 checked in at Tue Jan 10 15:00:48 CET 2012. -------- --- old-versions/11.4/UPDATES/all/libqt4/libqt4-devel-doc-data.changes 2011-09-08 13:03:48.000000000 +0200 +++ 11.4/libqt4/libqt4-devel-doc-data.changes 2012-01-06 17:20:12.234254735 +0100 @@ -1,0 +2,6 @@ +Fri Jan 6 17:06:22 CET 2012 - dmueller@suse.de + +- add patch for rare stack based overflow in harbuzz parser + (bnc#739904, CVE-2011-3922). + +------------------------------------------------------------------- libqt4-devel-doc.changes: same change libqt4-sql-plugins.changes: same change libqt4.changes: same change calling whatdependson for 11.4-i586 New: ---- CVE-2011-3922.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libqt4-devel-doc-data.spec ++++++ --- /var/tmp/diff_new_pack.kjzx37/_old 2012-01-10 15:00:17.000000000 +0100 +++ /var/tmp/diff_new_pack.kjzx37/_new 2012-01-10 15:00:17.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libqt4-devel-doc-data # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,7 +28,7 @@ # COMMON-VERSION-BEGIN # COMMON-VERSION-BEGIN Version: 4.7.1 -Release: 8.<RELEASE14> +Release: 8.<RELEASE17> %define base_name libqt4 %define x11_free -everywhere-opensource-src- %define rversion %version @@ -83,6 +83,7 @@ Patch125: tiff-samples-reader-crash.diff Patch126: harfbuzz-crash.diff Patch127: blacklist-diginotar-and-comodo-certs.diff +Patch128: CVE-2011-3922.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %define common_options --opensource -fast -no-separate-debug-info -shared -xkb -xrender -xcursor -dbus-linked -xfixes -xrandr -xinerama -sm -no-nas-sound -no-rpath -system-libjpeg -system-libpng -accessibility -cups -stl -nis -system-zlib -qt-gif -prefix /usr -L %_libdir -libdir %_libdir -docdir %_docdir/%{base_name} -examplesdir %_libdir/qt4/examples -demosdir %_libdir/qt4/demos -plugindir %plugindir -translationdir /usr/share/qt4/translations -iconv -sysconfdir /etc/settings -datadir /usr/share/qt4/ -no-pch -reduce-relocations -exceptions -system-libtiff -glib -optimized-qmake -no-webkit -no-xmlpatterns -system-sqlite -qt3support -no-sql-mysql -importdir %plugindir/imports -xsync -xinput -gtkstyle %define check_config \ @@ -144,6 +145,7 @@ %patch125 %patch126 %patch127 -p1 +%patch128 # ### 47 rediff #%patch121 -p1 # be sure not to use them libqt4-devel-doc.spec: same change ++++++ libqt4-sql-plugins.spec ++++++ --- /var/tmp/diff_new_pack.kjzx37/_old 2012-01-10 15:00:17.000000000 +0100 +++ /var/tmp/diff_new_pack.kjzx37/_new 2012-01-10 15:00:17.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libqt4-sql-plugins # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ # COMMON-VERSION-BEGIN # COMMON-VERSION-BEGIN Version: 4.7.1 -Release: 8.<RELEASE14> +Release: 8.<RELEASE15> %define base_name libqt4 %define x11_free -everywhere-opensource-src- %define rversion %version @@ -82,6 +82,7 @@ Patch125: tiff-samples-reader-crash.diff Patch126: harfbuzz-crash.diff Patch127: blacklist-diginotar-and-comodo-certs.diff +Patch128: CVE-2011-3922.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %define common_options --opensource -fast -no-separate-debug-info -shared -xkb -xrender -xcursor -dbus-linked -xfixes -xrandr -xinerama -sm -no-nas-sound -no-rpath -system-libjpeg -system-libpng -accessibility -cups -stl -nis -system-zlib -qt-gif -prefix /usr -L %_libdir -libdir %_libdir -docdir %_docdir/%{base_name} -examplesdir %_libdir/qt4/examples -demosdir %_libdir/qt4/demos -plugindir %plugindir -translationdir /usr/share/qt4/translations -iconv -sysconfdir /etc/settings -datadir /usr/share/qt4/ -no-pch -reduce-relocations -exceptions -system-libtiff -glib -optimized-qmake -no-webkit -no-xmlpatterns -system-sqlite -qt3support -no-sql-mysql -importdir %plugindir/imports -xsync -xinput -gtkstyle %define check_config \ @@ -143,6 +144,7 @@ %patch125 %patch126 %patch127 -p1 +%patch128 # ### 47 rediff #%patch121 -p1 # be sure not to use them ++++++ libqt4.spec ++++++ --- /var/tmp/diff_new_pack.kjzx37/_old 2012-01-10 15:00:17.000000000 +0100 +++ /var/tmp/diff_new_pack.kjzx37/_new 2012-01-10 15:00:17.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libqt4 # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -54,7 +54,7 @@ Obsoletes: libqt4-dbus-1 < 4.4.0 # COMMON-VERSION-BEGIN Version: 4.7.1 -Release: 8.<RELEASE15> +Release: 8.<RELEASE17> %define base_name libqt4 %define x11_free -everywhere-opensource-src- %define rversion %version @@ -100,6 +100,7 @@ Patch125: tiff-samples-reader-crash.diff Patch126: harfbuzz-crash.diff Patch127: blacklist-diginotar-and-comodo-certs.diff +Patch128: CVE-2011-3922.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %define common_options --opensource -fast -no-separate-debug-info -shared -xkb -xrender -xcursor -dbus-linked -xfixes -xrandr -xinerama -sm -no-nas-sound -no-rpath -system-libjpeg -system-libpng -accessibility -cups -stl -nis -system-zlib -qt-gif -prefix /usr -L %_libdir -libdir %_libdir -docdir %_docdir/%{base_name} -examplesdir %_libdir/qt4/examples -demosdir %_libdir/qt4/demos -plugindir %plugindir -translationdir /usr/share/qt4/translations -iconv -sysconfdir /etc/settings -datadir /usr/share/qt4/ -no-pch -reduce-relocations -exceptions -system-libtiff -glib -optimized-qmake -no-webkit -no-xmlpatterns -system-sqlite -qt3support -no-sql-mysql -importdir %plugindir/imports -xsync -xinput -gtkstyle %define check_config \ @@ -161,6 +162,7 @@ %patch125 %patch126 %patch127 -p1 +%patch128 # ### 47 rediff #%patch121 -p1 # be sure not to use them ++++++ CVE-2011-3922.diff ++++++ --- src/3rdparty/harfbuzz/src/harfbuzz-myanmar.c +++ src/3rdparty/harfbuzz/src/harfbuzz-myanmar.c @@ -359,7 +359,8 @@ if (kinzi >= 0 && i > base && (cc & Mymr_CF_AFTER_KINZI)) { reordered[len] = Mymr_C_NGA; reordered[len+1] = Mymr_C_VIRAMA; - properties[len-1] = AboveForm; + if (len > 0) + properties[len-1] = AboveForm; properties[len] = AboveForm; len += 2; kinzi = -1; continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org