[SECURITY] Fedora 10 Update: qt-4.5.2-2.fc10

updates at fedoraproject.org updates at fedoraproject.org
Thu Aug 20 21:01:34 UTC 2009


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-8802
2009-08-20 20:33:45
--------------------------------------------------------------------------------

Name        : qt
Product     : Fedora 10
Version     : 4.5.2
Release     : 2.fc10
URL         : http://www.qtsoftware.com/
Summary     : Qt toolkit
Description :
Qt is a software toolkit for developing applications.

This package contains base tools, like string, xml, and network
handling.

--------------------------------------------------------------------------------
Update Information:

Qt's WebKit code did not properly handle numeric character references, which
could allow remote attackers to cause a denial of service (memory corruption and
application crash) via a crafted HTML document.    Also included is:   * a fix
for lib symlinks changing erroneously on upgrades  * a fix for Copy and paste
issues  * added support for more x keycodes
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 18 2009 Than Ngo <than at redhat.com> - 4.5.2-2
- security fix for CVE-2009-1725
* Tue Aug 18 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.2-1.2
- kde-qt: 287-qmenu-respect-minwidth
- kde-qt: 0288-more-x-keycodes (#475247)
* Wed Aug  5 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.2-1.1
- use linker scripts for _debug targets (#510246)
- apply upstream patch to fix issue in Copy and paste
- optimize (icon-mostly) scriptlets
- -x11: Requires(post,postun): /sbin/ldconfig
* Thu Jul  2 2009 Than Ngo <than at redhat.com> - 4.5.2-1
- 4.5.2
* Sat May 30 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-13
- -doc: Obsoletes: qt-doc < 1:4.5.1-4 (workaround bug #502401)
* Sat May 23 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-12
- +phonon_internal macro to toggle packaging of qt's phonon (default off)
* Fri May 22 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-11
- qt-copy-patches-20090522
* Wed May 20 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-10.2
- full (non-bootstrap) build
* Wed May 20 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-10.1
- allow for minimal bootstrap build (*cough* arm *cough*)
* Wed May  6 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-10
- improved kde4_plugins patch, skip expensive/unneeded canonicalPath
* Wed May  6 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-9
- include kde4 plugin path by default (#498809)
* Mon May  4 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-8
- fix invalid assumptions about mysql_config --libs (bug #440673)
- fix %files breakage from 4.5.1-5
* Wed Apr 29 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-7
- -devel: Provides: qt4-devel%{?_isa} ...
* Mon Apr 27 2009 Than Ngo <than at redhat.com> - 4.5.1-6
- drop useless hunk of qt-x11-opensource-src-4.5.1-enable_ft_lcdfilter.patch
* Mon Apr 27 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-5
- -devel: Provides: *-static for libQtUiTools.a
* Fri Apr 24 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-4
- qt-doc noarch
- qt-demos, qt-examples (split from -doc)
- (cosmetic) re-order subpkgs in alphabetical order
- drop unused profile.d bits
* Fri Apr 24 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-3
- enable FT_LCD_FILTER (uses freetype subpixel filters if available at runtime)
* Fri Apr 24 2009 Than Ngo <than at redhat.com> - 4.5.1-2
- apply upstream patch to fix the svg rendering regression
* Thu Apr 23 2009 Than Ngo <than at redhat.com> - 4.5.1-1
- 4.5.1
* Tue Apr 14 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-14
- fix vrgb/vgbr corruption, disable QT_USE_FREETYPE_LCDFILTER (#490377)
* Fri Apr 10 2009 Than Ngo <than at redhat.com> - 4.5.0-13
- unneeded executable permissions for profile.d scripts
* Wed Apr  1 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.5.0-12
- fix inline asm in qatomic (de)ref (i386/x86_64), should fix Kolourpaint crash
* Mon Mar 30 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-11
- qt fails to build on ia64 (#492174)
* Wed Mar 25 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-10
- qt-copy-patches-20090325
* Tue Mar 24 2009 Than Ngo <than at redhat.com> - 4.5.0-9
- lrelease only shows warning when duplicate messages found in *.ts( #491514)
* Fri Mar 20 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-8
- qt-copy-patches-20090319
* Thu Mar 19 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-7
- include more phonon bits, attempt to fix/provide phonon bindings
  for qtscriptgenerator, PyQt, ...
* Tue Mar 17 2009 Than Ngo <than at redhat.com> - 4.5.0-6
- fix lupdate segfault (#486866)
* Sat Mar 14 2009 Dennis Gilmore <dennis at ausil.us> - 4.5.0-5
- add patch for sparc64. 
- _Atomic_word is not always an int
* Tue Mar 10 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-4
- macros.qt4: %_qt45
- cleanup more phonon-related left-overs
* Wed Mar  4 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-3
- -no-phonon-backend
- include qdoc3
- move designer plugins to runtime (#487622)
* Tue Mar  3 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-2
- License: LGPLv2 with exceptions or GPLv3 with exceptions
- BR: gstreamer-devel
- drop qgtkstyle patch (no longer needed)
- -x11: move libQtScriptTools here (linked with libQtGui)
* Tue Mar  3 2009 Than Ngo <than at redhat.com> - 4.5.0-1
- 4.5.0
* Fri Feb 27 2009 Rex Dieter <rdieter at fedoraproject.org> - 1:4.5.0-0.8.20090224
- 20090224 snapshot
- adjust pkgconfig hackery
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:4.5.0-0.7.rc1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Sun Feb 22 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.0-0.5.rc1
- revert license, change won't land until official 4.5.0 release
- workaround broken qhostaddress.h (#485677)
- Provides: qgtkstyle = 0.1
* Fri Feb 20 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.0-0.4.rc1
- saner versioned Obsoletes
- -gtkstyle, Obsoletes: qgtkstyle < 0.1
- enable phonon support and associated hackery
* Mon Feb 16 2009 Than Ngo <than at redhat.com> 4.5.0-0.3.rc1
- fix callgrindChildExitCode is uninitialzed
* Sun Feb 15 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-0.2.rc1
- qt-copy-patches-20090215
- License: +LGPLv2
* Wed Feb 11 2009 Than Ngo <than at redhat.com> - 4.5.0-0.rc1.0
- 4.5.0 rc1
* Thu Feb  5 2009 Rex Dieter <rdieter at fedoraproject.org> 4.4.3-16
- track branches/qt-copy/4.4, and backout previous trunk(qt45) ones
* Mon Feb  2 2009 Than Ngo <than at redhat.com> 4.4.3-15
- disable 0269,0270,0271 patches, it causes issue in systray
* Thu Jan 29 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.4.3-14
- qt-copy-patches-20090129
* Mon Jan 26 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.4.3-13
- Provides: qt4%{?_isa} = %version-%release
- add %_qt4 to macros.qt4
* Thu Jan 22 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.4.3-12 
- respin (mysql)
* Fri Jan 16 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.4.3-11
- rebuild for new OpenSSL
* Mon Jan 12 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.4.3-10
- drop qt-x11-opensource-src-4.3.4-no-hardcoded-font-aliases.patch (#447298),
  in favor of qt-copy's 0263-fix-fontconfig-handling.diff
* Mon Jan 12 2009 Than Ngo <than at redhat.com> - 4.4.3-9
- qt-copy-patches-20090112
* Tue Dec 30 2008 Rex Dieter <rdieter at fedoraproject.org> 4.4.3-8
- qt-copy-patches-20081225
* Fri Dec 12 2008 Rex Dieter <rdieter at fedoraproject.org> 4.4.3-7
- rebuild for pkgconfig deps
* Wed Nov 12 2008 Rex Dieter <rdieter at fedoraproject.org> 4.4.3-6
- qt-copy-patches-20081112
* Tue Nov 11 2008 Than Ngo <than at redhat.com> 4.4.3-5
- drop 0256-fix-recursive-backingstore-sync-crash.diff, it's
  included in qt-copy-pathes-20081110
* Mon Nov 10 2008 Rex Dieter <rdieter at fedoraproject.org> 4.4.3-4
- qt-copy-patches-20081110
* Mon Nov 10 2008 Than Ngo <than at redhat.com> 4.4.3-3
- apply 0256-fix-recursive-backingstore-sync-crash.diff
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #513813 - CVE-2009-1725: KHTML: improper handling of numeric character references (ACE, DoS)
        https://bugzilla.redhat.com/show_bug.cgi?id=513813
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update qt' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the package-announce mailing list