diff options
author | Fathi Boudra <fabo@debian.org> | 2010-09-06 14:26:14 +0300 |
---|---|---|
committer | Fathi Boudra <fabo@debian.org> | 2010-09-06 14:26:14 +0300 |
commit | e6c09aaf2cc173fd8938727b6a79620f78afce4f (patch) | |
tree | e22ffe7e6a5acf1a9dc9fd86720c8869db537729 | |
parent | 7a35ead46af248ecb37573dcec90e8ea87dde80e (diff) | |
download | qt4-x11-e6c09aaf2cc173fd8938727b6a79620f78afce4f.tar.gz |
Add 0006_qsslsocket_improve_error_handling_CVE-2010-2621.patchdebian/4.6.3-2
Improve error handling in QSslSocket. (Closes: #587711)
-rw-r--r-- | debian/changelog | 11 | ||||
-rw-r--r-- | debian/patches/0007_qsslsocket_improve_error_handling_CVE-2010-2621.patch | 41 | ||||
-rw-r--r-- | debian/patches/series | 1 |
3 files changed, 49 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog index b255144..80f5b9b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -qt4-x11 (4:4.6.3-2) UNRELEASED; urgency=low +qt4-x11 (4:4.6.3-2) unstable; urgency=low [ Fathi Boudra ] * Add upstream patch: @@ -8,16 +8,19 @@ qt4-x11 (4:4.6.3-2) UNRELEASED; urgency=low directory names are now ignored, and that files without an extension are always considered headers (e.g., STL headers and Qt forwarding headers). (Closes: #586166) + - 0007_qsslsocket_improve_error_handling_CVE-2010-2621.patch + Improve error handling in QSslSocket. (Closes: #587711) * Fix qdbus manpage install. It is misplaced. (Closes: #588985) [ Modestas Vainius ] * Fix debian/control Vcs fields to point to the new location. [ Sune Vuorela ] - * Steal patch from upstream to make webkit not crash when loading adobe - flash plugin. This is related to a change in flashplugin. + * Steal 0006_webkit_propriotary_flash_init_gtk_first patch from upstream + to make webkit not crash when loading adobe flash plugin. + This is related to a change in flashplugin. - -- Fathi Boudra <fabo@debian.org> Thu, 17 Jun 2010 09:03:32 +0300 + -- Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Mon, 06 Sep 2010 09:03:32 +0300 qt4-x11 (4:4.6.3-1) unstable; urgency=low diff --git a/debian/patches/0007_qsslsocket_improve_error_handling_CVE-2010-2621.patch b/debian/patches/0007_qsslsocket_improve_error_handling_CVE-2010-2621.patch new file mode 100644 index 0000000..d79311b --- /dev/null +++ b/debian/patches/0007_qsslsocket_improve_error_handling_CVE-2010-2621.patch @@ -0,0 +1,41 @@ +From 151983bd827c8a05b8798560ade4d911a04156c3 Mon Sep 17 00:00:00 2001 +From: Peter Hartmann <peter.hartmann@nokia.com> +Date: Mon, 12 Jul 2010 18:32:06 +0200 +Subject: [PATCH] QSslSocket: Improve error handling + +Reviewed-by: Markus Goetz +Task-number: QT-3567 +(cherry picked from commit c25c7c9bdfade6b906f37ac8bad44f6f0de57597) +--- + src/network/ssl/qsslsocket_openssl.cpp | 14 +++++++++++++- + 1 files changed, 13 insertions(+), 1 deletions(-) + +diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +index c6e340f..46213ff 100644 +--- a/src/network/ssl/qsslsocket_openssl.cpp ++++ b/src/network/ssl/qsslsocket_openssl.cpp +@@ -965,8 +965,20 @@ void QSslSocketBackendPrivate::transmit() + #endif + plainSocket->disconnectFromHost(); + break; ++ case SSL_ERROR_SYSCALL: // some IO error ++ case SSL_ERROR_SSL: // error in the SSL library ++ // we do not know exactly what the error is, nor whether we can recover from it, ++ // so just return to prevent an endless loop in the outer "while" statement ++ q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(SSL_ERRORSTR())); ++ q->setSocketError(QAbstractSocket::UnknownSocketError); ++ emit q->error(QAbstractSocket::UnknownSocketError); ++ return; + default: +- // ### Handle errors better. ++ // SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT: can only happen with a ++ // BIO_s_connect() or BIO_s_accept(), which we do not call. ++ // SSL_ERROR_WANT_X509_LOOKUP: can only happen with a ++ // SSL_CTX_set_client_cert_cb(), which we do not call. ++ // So this default case should never be triggered. + q->setErrorString(QSslSocket::tr("Error while reading: %1").arg(SSL_ERRORSTR())); + q->setSocketError(QAbstractSocket::UnknownSocketError); + emit q->error(QAbstractSocket::UnknownSocketError); +-- +1.6.1 + diff --git a/debian/patches/series b/debian/patches/series index c803317..4fbe491 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,6 +2,7 @@ 0004_problem_displaying_half_width_character.diff 0005_fix_detection_of_headers_files.diff 0006_webkit_propriotary_flash_init_gtk_first.diff +0007_qsslsocket_improve_error_handling_CVE-2010-2621.patch # qt-copy patches 0180-window-role.diff |