[SECURITY] Fedora 10 Update: qt-4.5.3-9.fc10

updates at fedoraproject.org updates at fedoraproject.org
Sat Nov 14 03:31:02 UTC 2009


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-11488
2009-11-14 02:52:09
--------------------------------------------------------------------------------

Name        : qt
Product     : Fedora 10
Version     : 4.5.3
Release     : 9.fc10
URL         : http://www.qtsoftware.com/
Summary     : Qt toolkit
Description :
Qt is a software toolkit for developing applications.

This package contains base tools, like string, xml, and network
handling.

--------------------------------------------------------------------------------
Update Information:

A security flaw was found in the WebKit's Cross-Origin Resource Sharing (CORS)
implementation.    Multiple security flaws (integer underflow, invalid pointer
dereference, buffer underflow and a denial of service) were found in the way
WebKit's FTP parser used to process remote FTP directory listings.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 12 2009 Jaroslav Reznik <jreznik at redhat.com> - 4.5.3-9
- CVE-2009-3384 - WebKit, ftp listing handling (#525788)
- CVE-2009-2816 - WebKit, MITM Cross-Origin Resource Sharing (#525789)
* Sun Nov  8 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.3-8
- -x11: Requires: %{name}-sqlite(ppc-32)
* Thu Oct 29 2009 Than Ngo <than at redhat.com> - 4.5.3-7
- fix glib-even-loop issue, regression which causes
  Password dialogs get stuck
* Fri Oct 16 2009 Than Ngo <than at redhat.com> - 4.5.3-6
- subpackage sqlite plugin, add Require on qt-sqlite in qt-x11
  for assistant
* Wed Oct 14 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.3-5
- drop needless Prereq: /etc/ld.so.conf.d
* Sat Oct 10 2009 Than Ngo <than at redhat.com> - 4.5.3-4
- fix translation build issue
- rhel cleanup
* Tue Oct  6 2009 Jaroslav Reznik <jreznik at redhat.com> - 4.5.3-3
- disable JavaScriptCore JIT, SE Linux crashes (#527079)
* Fri Oct  2 2009 Than Ngo <than at redhat.com> - 4.5.3-2
- cleanup patches
- if ! phonon_internal, exclude more/all phonon headers
- qt-devel must Requires: phonon-devel (#520323)
* Thu Oct  1 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.3-1
- qt-4.5.3
* Tue Sep 29 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.2-21
- switch to external/kde phonon
* Mon Sep 28 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.2-20
- use internal Qt Assistant/Designer icons
- -devel: move designer.qch,linguist.qch here
- move ownership of %_qt4_docdir, %_qt4_docdir/qch to main pkg
* Sun Sep 20 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.2-19
- Missing Qt Designer icon (#476605)
* Fri Sep 11 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.2-18
- drop gcc -fno-var-tracking-assignments hack (#522576)
* Fri Sep 11 2009 Than Ngo <than at redhat.com> - 4.5.2-17
- drop useless check for ossl patch, the patch works fine with old ossl
* Wed Sep  9 2009 Than Ngo <than at redhat.com> - 4.5.2-16
- add a correct system_ca_certificates patch
* Tue Sep  8 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.2-15
- use system ca-certificates (#521911)
* Tue Sep  1 2009 Than Ngo <than at redhat.com> - 4.5.2-14
- drop fedora < 9 support
- only apply ossl patch for fedora > 11
* Mon Aug 31 2009 Than Ngo <than at redhat.com> - 4.5.2-13
- fix for CVE-2009-2700
* Thu Aug 27 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.2-12
- use platform linux-g++ everywhere (ie, drop linux-g++-64 on 64 bit),
  avoids plugin/linker weirdness (bug #478481)
* Wed Aug 26 2009 Tomas Mraz <tmraz at redhat.com> - 1:4.5.2-11
- rebuilt with new openssl
* Thu Aug 20 2009 Than Ngo <than at redhat.com> - 4.5.2-10
- switch to kde-qt branch
* Tue Aug 18 2009 Than Ngo <than at redhat.com> - 4.5.2-9
- security fix for CVE-2009-1725 (bz#513813)
* Sun Aug 16 2009 Than Ngo <than at redhat.com> - 4.5.2-8
- fix phonon-backend-gstreamer for using pulsaudio (#513421)
* Fri Aug 14 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.2-7
- kde-qt: 287-qmenu-respect-minwidth
- kde-qt: 0288-more-x-keycodes (#475247)
* Wed Aug  5 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.2-6
- use linker scripts for _debug targets (#510246)
- tighten deps using %{?_isa}
- -x11: Requires(post,postun): /sbin/ldconfig
* Thu Jul 30 2009 Than Ngo <than at redhat.com> - 4.5.2-5
- apply upstream patch to fix issue in Copy and paste
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:4.5.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Jul  2 2009 Than Ngo <than at redhat.com> - 4.5.2-3
- pregenerate PNG, drop BR on GraphicsMagick (bz#509244)
* Fri Jun 26 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.5.2-2
- take current qt-copy-patches snapshot (20090626)
- disable patches which are already in 4.5.2
- fix the qt-copy patch 0274-shm-native-image-fix.diff to apply against 4.5.2
* Thu Jun 25 2009 Lukáš Tinkl <ltinkl at redhat.com> - 4.5.2-1
- Qt 4.5.2
* Sun Jun  7 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-18
- phonon-backend-gstreamer pkg, with icons
- optimize (icon-mostly) scriptlets
* Sun Jun  7 2009 Than Ngo <than at redhat.com> - 4.5.1-17
- drop the hack, apply patch to install Global header, gstreamer.desktop
  and dbus services file
* Sat Jun  6 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-16
- install awol Phonon/Global header
* Fri Jun  5 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.5.1-15
- apply Phonon PulseAudio patch (needed for the xine-lib backend)
* Fri Jun  5 2009 Than Ngo <than at redhat.com> - 4.5.1-14
- enable phonon and gstreamer-backend
* Sat May 30 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-13
- -doc: Obsoletes: qt-doc < 1:4.5.1-4 (workaround bug #502401)
* Sat May 23 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-12
- +phonon_internal macro to toggle packaging of qt's phonon (default off)
* Fri May 22 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-11
- qt-copy-patches-20090522
* Wed May 20 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-10.2
- full (non-bootstrap) build
* Wed May 20 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-10.1
- allow for minimal bootstrap build (*cough* arm *cough*)
* Wed May  6 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-10
- improved kde4_plugins patch, skip expensive/unneeded canonicalPath
* Wed May  6 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-9
- include kde4 plugin path by default (#498809)
* Mon May  4 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-8
- fix invalid assumptions about mysql_config --libs (bug #440673)
- fix %files breakage from 4.5.1-5
* Wed Apr 29 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-7
- -devel: Provides: qt4-devel%{?_isa} ...
* Mon Apr 27 2009 Than Ngo <than at redhat.com> - 4.5.1-6
- drop useless hunk of qt-x11-opensource-src-4.5.1-enable_ft_lcdfilter.patch
* Mon Apr 27 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-5
- -devel: Provides: *-static for libQtUiTools.a
* Fri Apr 24 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-4
- qt-doc noarch
- qt-demos, qt-examples (split from -doc)
- (cosmetic) re-order subpkgs in alphabetical order
- drop unused profile.d bits
* Fri Apr 24 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.1-3
- enable FT_LCD_FILTER (uses freetype subpixel filters if available at runtime)
* Fri Apr 24 2009 Than Ngo <than at redhat.com> - 4.5.1-2
- apply upstream patch to fix the svg rendering regression
* Thu Apr 23 2009 Than Ngo <than at redhat.com> - 4.5.1-1
- 4.5.1
* Tue Apr 14 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-14
- fix vrgb/vgbr corruption, disable QT_USE_FREETYPE_LCDFILTER (#490377)
* Fri Apr 10 2009 Than Ngo <than at redhat.com> - 4.5.0-13
- unneeded executable permissions for profile.d scripts
* Wed Apr  1 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.5.0-12
- fix inline asm in qatomic (de)ref (i386/x86_64), should fix Kolourpaint crash
* Mon Mar 30 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-11
- qt fails to build on ia64 (#492174)
* Wed Mar 25 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-10
- qt-copy-patches-20090325
* Tue Mar 24 2009 Than Ngo <than at redhat.com> - 4.5.0-9
- lrelease only shows warning when duplicate messages found in *.ts( #491514)
* Fri Mar 20 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-8
- qt-copy-patches-20090319
* Thu Mar 19 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-7
- include more phonon bits, attempt to fix/provide phonon bindings
  for qtscriptgenerator, PyQt, ...
* Tue Mar 17 2009 Than Ngo <than at redhat.com> - 4.5.0-6
- fix lupdate segfault (#486866)
* Sat Mar 14 2009 Dennis Gilmore <dennis at ausil.us> - 4.5.0-5
- add patch for sparc64. 
- _Atomic_word is not always an int
* Tue Mar 10 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-4
- macros.qt4: %_qt45
- cleanup more phonon-related left-overs
* Wed Mar  4 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-3
- -no-phonon-backend
- include qdoc3
- move designer plugins to runtime (#487622)
* Tue Mar  3 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-2
- License: LGPLv2 with exceptions or GPLv3 with exceptions
- BR: gstreamer-devel
- drop qgtkstyle patch (no longer needed)
- -x11: move libQtScriptTools here (linked with libQtGui)
* Tue Mar  3 2009 Than Ngo <than at redhat.com> - 4.5.0-1
- 4.5.0
* Fri Feb 27 2009 Rex Dieter <rdieter at fedoraproject.org> - 1:4.5.0-0.8.20090224
- 20090224 snapshot
- adjust pkgconfig hackery
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:4.5.0-0.7.rc1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Sun Feb 22 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.0-0.5.rc1
- revert license, change won't land until official 4.5.0 release
- workaround broken qhostaddress.h (#485677)
- Provides: qgtkstyle = 0.1
* Fri Feb 20 2009 Rex Dieter <rdieter at fedoraproject.org> 4.5.0-0.4.rc1
- saner versioned Obsoletes
- -gtkstyle, Obsoletes: qgtkstyle < 0.1
- enable phonon support and associated hackery
* Mon Feb 16 2009 Than Ngo <than at redhat.com> 4.5.0-0.3.rc1
- fix callgrindChildExitCode is uninitialzed
* Sun Feb 15 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.0-0.2.rc1
- qt-copy-patches-20090215
- License: +LGPLv2
* Wed Feb 11 2009 Than Ngo <than at redhat.com> - 4.5.0-0.rc1.0
- 4.5.0 rc1
* Thu Feb  5 2009 Rex Dieter <rdieter at fedoraproject.org> 4.4.3-16
- track branches/qt-copy/4.4, and backout previous trunk(qt45) ones
* Mon Feb  2 2009 Than Ngo <than at redhat.com> 4.4.3-15
- disable 0269,0270,0271 patches, it causes issue in systray
* Thu Jan 29 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.4.3-14
- qt-copy-patches-20090129
* Mon Jan 26 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.4.3-13
- Provides: qt4%{?_isa} = %version-%release
- add %_qt4 to macros.qt4
* Thu Jan 22 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.4.3-12 
- respin (mysql)
* Fri Jan 16 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.4.3-11
- rebuild for new OpenSSL
* Mon Jan 12 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.4.3-10
- drop qt-x11-opensource-src-4.3.4-no-hardcoded-font-aliases.patch (#447298),
  in favor of qt-copy's 0263-fix-fontconfig-handling.diff
* Mon Jan 12 2009 Than Ngo <than at redhat.com> - 4.4.3-9
- qt-copy-patches-20090112
* Tue Dec 30 2008 Rex Dieter <rdieter at fedoraproject.org> 4.4.3-8
- qt-copy-patches-20081225
* Fri Dec 12 2008 Rex Dieter <rdieter at fedoraproject.org> 4.4.3-7
- rebuild for pkgconfig deps
* Wed Nov 12 2008 Rex Dieter <rdieter at fedoraproject.org> 4.4.3-6
- qt-copy-patches-20081112
* Tue Nov 11 2008 Than Ngo <than at redhat.com> 4.4.3-5
- drop 0256-fix-recursive-backingstore-sync-crash.diff, it's
  included in qt-copy-pathes-20081110
* Mon Nov 10 2008 Rex Dieter <rdieter at fedoraproject.org> 4.4.3-4
- qt-copy-patches-20081110
* Mon Nov 10 2008 Than Ngo <than at redhat.com> 4.4.3-3
- apply 0256-fix-recursive-backingstore-sync-crash.diff
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #525788 - CVE-2009-3384 WebKit, qt: Multiple security issues while handling FTP directory listings
        https://bugzilla.redhat.com/show_bug.cgi?id=525788
  [ 2 ] Bug #525789 - CVE-2009-2816 WebKit, qt: MITM in the WebKit's Cross-Origin Resource Sharing (CORS) implementation
        https://bugzilla.redhat.com/show_bug.cgi?id=525789
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update qt' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the package-announce mailing list