It breaks MeeGo SDK. See my message below. ________________________________________ From: [email protected] [[email protected]] on behalf of ext [email protected] [[email protected]] Sent: Tuesday, March 08, 2011 10:44 AM To: [email protected] Subject: Re: [meego-packaging] [meego-commits] 14588: Changes to MeeGo:1.1:Core:Update:Testing/qt
Hi, There's more changes than actual changelog description. The update doesn't contain only the CVE fixes but upgrade to Qt 4.7.1 and backport changes from MeeGo 1.2, including the switch to GL ES2 on IA32. It's doesn't sound like a good idea in a MeeGo Core 1.1 update. Cheers, Fathi ________________________________________ From: [email protected] [[email protected]] on behalf of ext Han Dai [[email protected]] Sent: Tuesday, March 08, 2011 10:33 AM To: [email protected] Subject: [meego-commits] 14588: Changes to MeeGo:1.1:Core:Update:Testing/qt Hi, I have made the following changes to qt in project MeeGo:1.1:Core:Update:Testing. Please review and accept ASAP. Thank You, Han Dai [This message was auto-generated] --- Request #14588: submit: home:daihan:branches:MeeGo:1.1:Core:Update:Testing/qt(r3)(cleanup) -> MeeGo:1.1:Core:Update:Testing/qt Message: add a patch to fix bmc#6263 State: new 2011-03-08T00:31:28 daihan Comment: None changes files: -------------- --- qt.changes +++ qt.changes @@ -0,0 +1,6 @@ +* Tues Mar 8 2011 Gu Chaojie <[email protected]> - 4.7.1 +- Add Qt-CVE-2010-1763-fixed.patch to fix CVE bug BMC #6263 + +* Tues Mar 8 2011 Gu Chaojie <[email protected]> - 4.7.1 +- Update qt to fix CVE bug BMC #6144 + old: ---- connman_backend_for_bearer_management.patch.bz2 qt-everywhere-opensource-src-4.7.0.tar.gz new: ---- Qt-CVE-2010-1763-fixed.patch qt-everywhere-opensource-src-4.7.1.tar.gz spec files: ----------- --- qt.spec +++ qt.spec @@ -1,19 +1,15 @@ -# spec file for package qt (Version 4.7.0) +# spec file for package qt (Version 4.7.1) -%define upstream_short_version 4.7.0 +%define upstream_short_version 4.7.1 #%define upstream_extra_version rc1 %define upstream_version %{upstream_short_version} -%ifarch %{arm} -%define opengl_arg es2 -%else -%define opengl_arg desktop -%endif + %ifarch armv5tel %define arch_arg arm %endif -%ifarch armv7l +%ifarch armv7l armv7hl armv7nhl armv7thl armv7tnhl %define arch_arg armv6 %endif %ifarch i586 @@ -47,11 +43,10 @@ Patch6: 07_invpremul.patch Patch7: 08_qtdebug_syslog.patch Patch8: 09_texture_enable_fix.patch -Patch9: 10_webkit_self_injection_into_qt_configuration.patch -Patch10: 11_honor_all_FreeDesktop_icon_paths.patch -Patch11: connman_backend_for_bearer_management.patch.bz2 -Patch12: 16_force_cxxflags_on_arm.patch -Patch13: add_lib_to_openssl_search_path.patch +Patch9: 11_honor_all_FreeDesktop_icon_paths.patch +Patch10: 16_force_cxxflags_on_arm.patch +Patch11: add_lib_to_openssl_search_path.patch +Patch12: Qt-CVE-2010-1763-fixed.patch BuildRequires: cups-devel BuildRequires: fdupes BuildRequires: flex @@ -62,7 +57,9 @@ BuildRequires: pam-devel BuildRequires: pkgconfig(alsa) BuildRequires: pkgconfig(dbus-1) +BuildRequires: pkgconfig(egl) BuildRequires: pkgconfig(freetype2) +BuildRequires: pkgconfig(glesv2) BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(gstreamer-0.10) BuildRequires: pkgconfig(gstreamer-plugins-base-0.10) @@ -89,13 +86,6 @@ BuildRequires: readline-devel BuildRequires: sharutils BuildRequires: zlib-devel -%ifarch %{arm} -BuildRequires: pkgconfig(egl) -BuildRequires: pkgconfig(glesv2) -%else -BuildRequires: pkgconfig(gl) -BuildRequires: pkgconfig(glu) -%endif %description Qt is a cross-platform application and UI framework. Using Qt, you can write @@ -120,6 +110,7 @@ Group: System/Libraries Provides: %{name}-x11 = %{version}-%{release} Obsoletes: %{name}-x11 < %{version}-%{release} +Requires: xdg-utils Requires(post): chkconfig Requires(postun): chkconfig @@ -157,6 +148,9 @@ OpenGL is a standard API for rendering 3D graphics. OpenGL only deals with 3D rendering and provides little or no support for GUI programming issues. +The Qt MeeGo graphic system helper provides methods for accessing +MeeGo-specific graphic system features adn functionalities. + %package -n libqtscript4 Summary: Qt script module Group: System/Libraries @@ -396,13 +390,8 @@ Provides: %{name}opengl-devel = %{version}-%{release} Requires: libqt-devel = %{version}-%{release} Requires: libqtopengl4 = %{version}-%{release} -%ifarch %{arm} -Requires: libEGL-devel -Requires: libGLESv2-devel -%else -Requires: mesa-libGL-devel -Requires: mesa-libGLU-devel -%endif +Requires: mesa-libEGL-devel +Requires: mesa-libGLESv2-devel %description -n libqtopengl-devel Qt is a cross-platform application and UI framework. Using Qt, you can write @@ -527,44 +516,26 @@ %description netbook-settings Qt is a cross-platform application and UI framework. Using Qt, you can write -web-enabled applications once and deploy them across desktop, mobile and -embedded operating systems without rewriting the source code. - This package contains the Netbook specific configuration options and style settings. %prep -%setup -n %{name}-everywhere-opensource-src-%{upstream_version} -q -# 01_configure_quilt_compat.patch -%patch0 -p1 -# 02_qmake_lflags_as-needed.patch -%patch1 -p1 -# 03_config_tests_sqlite.patch -%patch2 -p1 -# 04_build_translations.patch -%patch3 -p1 -# 05_add_nostrip_for_debug_packages.patch -%patch4 -p1 -# 06_install_qvfb.patch -%patch5 -p1 -# 07_invpremul.patch -%patch6 -p1 -# 08_qtdebug_syslog.patch -%patch7 -p1 -# 09_texture_enable_fix.patch -%patch8 -p1 -# 10_webkit_self_injection_into_qt_configuration.patch -%patch9 -p1 -# 11_honor_all_FreeDesktop_icon_paths.patch -%patch10 -p1 -# connman_backend_for_bearer_management.patch.bz2 -%patch11 -p1 +%setup -q -n %{name}-everywhere-opensource-src-%{upstream_version} +%patch0 -p1 -b .01_configure_quilt_compat +%patch1 -p1 -b .02_qmake_lflags_as-needed +%patch2 -p1 -b .03_config_tests_sqlite +%patch3 -p1 -b .04_build_translations +%patch4 -p1 -b .05_add_nostrip_for_debug_packages +%patch5 -p1 -b .06_install_qvfb +%patch6 -p1 -b .07_invpremul +%patch7 -p1 -b .08_qtdebug_syslog +%patch8 -p1 -b .09_texture_enable_fix +%patch9 -p1 -b .11_honor_all_FreeDesktop_icon_paths %ifarch armv7l -# 16_force_cxxflags_on_arm.patch -%patch12 -p1 +%patch10 -p1 -b .16_force_cxxflags_on_arm %endif -# add_lib_to_openssl_search_path.patch -%patch13 -p1 +%patch11 -p1 -b .add_lib_to_openssl_search_path +%patch12 -p1 -b .Qt-CVE-2010-1763.fixed %build export QTDIR=`pwd` @@ -575,8 +546,7 @@ export QT_PLUGIN_PATH=$QTDIR/plugins # Generate include -rm -rf include && QTDIR="." perl bin/syncqt - +#rm -rf include && QTDIR="." perl bin/syncqt ./configure -confirm-license \ -prefix "%{_prefix}" \ -bindir "%{_bindir}" \ @@ -618,27 +588,29 @@ -system-libjpeg \ -no-rpath \ -optimized-qmake \ - -dbus \ + -dbus-linked \ -no-separate-debug-info \ -verbose \ -gtkstyle \ -no-nas-sound \ - -opengl %{opengl_arg} \ + -opengl es2 \ -arch %{arch_arg} \ -no-openvg \ -lfontconfig \ -I/usr/include/freetype2 \ -qvfb \ - -DQT_RX71_MULTITOUCH=1 +#%ifarch %{ix86} +# -xinput2 +#%endif # Build make %{?_smp_mflags} # Build documentations -make docs +#make %{?_smp_mflags} docs # Build translations -make ts +#make %{?_smp_mflags} ts # Workaround: It's a known qmake limitation. # It can't generate install rules for files that don't exist yet like docs. -./config.status +#./config.status %install make install INSTALL_ROOT=%{buildroot} @@ -648,7 +620,7 @@ # Fix wrong path in prl files find %{buildroot}%{_libdir} -type f -name '*.prl' \ -exec sed -i -e "/^QMAKE_PRL_BUILD_DIR/d;s/\(QMAKE_PRL_LIBS =\).*/\1/" {} \; -# Install desktop anf icon files +# Install desktop and icon files for filename in assistant designer linguist qtdemo; do install -D -p -m 0644 %{_sourcedir}/${filename}.desktop \ %{buildroot}%{_datadir}/applications/${filename}.desktop; @@ -659,7 +631,7 @@ install -D -p -m 0644 %{_sourcedir}/macros.qmake \ %{buildroot}%{_sysconfdir}/rpm/macros.qmake # QTBUG-12159 workaround -rm -f %{buildroot}%{_datadir}/qt4/mkspecs/modules/qt_webkit_version.pri +#rm -f %{buildroot}%{_datadir}/qt4/mkspecs/modules/qt_webkit_version.pri # Remove unpackaged files rm -f %{buildroot}%{_libdir}/libphonon.* rm -f %{buildroot}%{_libdir}/libQt*.la @@ -675,6 +647,12 @@ -o -name .pch \ -o -name .rcc \ \) -print0 | xargs -0 rm -rf +# Fix executable permissions +find %{buildroot} -type f -perm /u+x,g+x,o+x \( -false \ + -o -name \*.cpp \ + -o -name \*.h \ + -o -name \*.png \ +\) | xargs chmod -x # Fix duplicate files %fdupes %{buildroot}%{_libdir} %fdupes %{buildroot}%{_includedir} @@ -828,6 +806,8 @@ %defattr(-,root,root,-) %{_libdir}/libQtOpenGL.so.* %{_libdir}/qt4/plugins/graphicssystems/libqglgraphicssystem.so +%{_libdir}/libQtMeeGoGraphicsSystemHelper.so.* +%{_libdir}/qt4/plugins/graphicssystems/libqmeegographicssystem.so %files -n libqtscript4 %defattr(-,root,root,-) @@ -1622,6 +1602,18 @@ %{_libdir}/libQtOpenGL.prl %{_libdir}/libQtOpenGL.so %{_libdir}/pkgconfig/QtOpenGL.pc +%{_includedir}/qt4/Qt/QtMeeGoGraphicsSystemHelper +%{_includedir}/qt4/Qt/qmeegographicssystemhelper.h +%{_includedir}/qt4/Qt/qmeegoliveimage.h +%{_includedir}/qt4/Qt/qmeegolivepixmap.h +%{_includedir}/qt4/Qt/qmeegooverlaywidget.h +%{_includedir}/qt4/Qt/qmeegoruntime.h +%{_includedir}/qt4/QtMeeGoGraphicsSystemHelper/ +%{_libdir}/libQtMeeGoGraphicsSystemHelper.prl +%{_libdir}/libQtMeeGoGraphicsSystemHelper.so +%{_libdir}/pkgconfig/QtMeeGoGraphicsSystemHelper.pc + + %files designer %defattr(-,root,root,-) other changes: -------------- ++++++ 01_configure_quilt_compat.patch --- 01_configure_quilt_compat.patch +++ 01_configure_quilt_compat.patch @@ -3,7 +3,7 @@ --- a/configure +++ b/configure -@@ -8154,7 +8154,7 @@ fi +@@ -8402,7 +8402,7 @@ fi # .projects.3 -> the rest rm -f .projects .projects.1 .projects.2 .projects.3 ++++++ 06_install_qvfb.patch --- 06_install_qvfb.patch +++ 06_install_qvfb.patch @@ -3,7 +3,7 @@ --- a/tools/tools.pro +++ b/tools/tools.pro -@@ -41,5 +41,7 @@ embedded: SUBDIRS += makeqpf +@@ -41,6 +41,8 @@ embedded: SUBDIRS += makeqpf !wince*:!cross_compile:SUBDIRS += qdoc3 ++++++ 07_invpremul.patch --- 07_invpremul.patch +++ 07_invpremul.patch @@ -26,7 +26,7 @@ static void convert_ARGB_PM_to_ARGB(QImageData *dest, const QImageData *src, Qt::ImageConversionFlags) { Q_ASSERT(src->format == QImage::Format_ARGB32_Premultiplied); -@@ -2496,7 +2512,7 @@ static void convert_ARGB_PM_to_ARGB(QIma +@@ -2519,7 +2535,7 @@ static void convert_ARGB_PM_to_ARGB(QIma for (int i = 0; i < src->height; ++i) { const QRgb *end = src_data + src->width; while (src_data < end) { ++++++ 08_qtdebug_syslog.patch --- 08_qtdebug_syslog.patch +++ 08_qtdebug_syslog.patch @@ -11,16 +11,17 @@ #endif #include <stdio.h> -@@ -87,6 +88,8 @@ +@@ -88,6 +89,8 @@ _LIT(qt_S60Filter, "Series60v?.*.sis"); - _LIT(qt_S60SystemInstallDir, "z:\\system\\install\\"); + _LIT(qt_symbianFilter, "Symbianv*.sis"); + _LIT(qt_symbianSystemInstallDir, "z:\\system\\install\\"); +#elif defined(Q_OS_UNIX) +#include <syslog.h> #endif QT_BEGIN_NAMESPACE -@@ -2224,6 +2227,27 @@ void qt_message_output(QtMsgType msgType +@@ -2247,6 +2250,27 @@ void qt_message_output(QtMsgType msgType #else fprintf(stderr, "%s\n", buf); fflush(stderr); ++++++ 09_texture_enable_fix.patch --- 09_texture_enable_fix.patch +++ 09_texture_enable_fix.patch @@ -5,7 +5,7 @@ --- a/src/opengl/qgl_p.h +++ b/src/opengl/qgl_p.h -@@ -603,14 +603,7 @@ inline GLenum qt_gl_preferredTextureForm +@@ -614,14 +614,7 @@ inline GLenum qt_gl_preferredTextureForm inline GLenum qt_gl_preferredTextureTarget() { ++++++ Qt-CVE-2010-1763-fixed.patch (new) --- Qt-CVE-2010-1763-fixed.patch +++ Qt-CVE-2010-1763-fixed.patch +diff --git a/qt-everywhere-opensource-src-4.7.1/src/3rdparty/webkit/WebCore/dom/Document.cpp b/qt-everywhere-opensource-src-4.7.1-bk/src/3rdparty/webkit/WebCore/dom/Document.cpp +index 9803cf5..afeb3e9 100644 +--- a/src/3rdparty/webkit/WebCore/dom/Document.cpp ++++ b/src/3rdparty/webkit/WebCore/dom/Document.cpp +@@ -1936,8 +1936,18 @@ void Document::write(const SegmentedString& text, Document* ownerDocument) + if (!m_tokenizer) + open(ownerDocument); + +- ASSERT(m_tokenizer); +- m_tokenizer->write(text, false); ++ ASSERT(m_tokenizer); ++ bool wasForcedSynchronous = false; ++ HTMLTokenizer* tokenizer = m_tokenizer->asHTMLTokenizer(); ++ if (tokenizer) { ++ wasForcedSynchronous = tokenizer->forceSynchronous(); ++ tokenizer->setForceSynchronous(true); ++ } ++ ++ m_tokenizer->write(text, false); ++ ++ if (m_tokenizer && tokenizer && m_tokenizer->asHTMLTokenizer() == tokenizer) ++ tokenizer->setForceSynchronous(wasForcedSynchronous); + + #ifdef INSTRUMENT_LAYOUT_SCHEDULING + if (!ownerElement()) ++++++ macros.qmake --- macros.qmake +++ macros.qmake @@ -2,6 +2,19 @@ # QMake macros # +%_qt_prefix %{_prefix} +%_qt_bindir %{_prefix}/bin +%_qt_libdir %{_prefix}/%{_lib} +%_qt_docdir %{_prefix}/share/doc/qt4 +%_qt_headerdir %{_prefix}/include/qt4 +%_qt_datadir %{_prefix}/share/qt4 +%_qt_plugindir %{_prefix}/%{_lib}/qt4/plugins +%_qt_importdir %{_prefix}/%{_lib}/qt4/imports +%_qt_translationdir %{_prefix}/share/qt4/translations +%_qt_sysconfdir %{_sysconfdir}/xdg +%_qt_demosdir %{_prefix}/%{_lib}/qt4/demos +%_qt_exampledir %{_prefix}/%{_lib}/qt4/examples + %qmake \ qmake -makefile -nocache \\\ "QMAKE_CFLAGS_RELEASE=${CFLAGS:-%optflags}" \\\ ++++++ qt-everywhere-opensource-src-4.7.0.tar.gz -> qt-everywhere-opensource-src-4.7.1.tar.gz 1753373 lines of diff (skipped) ++++++ deleted files: --- connman_backend_for_bearer_management.patch.bz2 _______________________________________________ MeeGo-commits mailing list [email protected] http://lists.meego.com/listinfo/meego-commits _______________________________________________ MeeGo-packaging mailing list [email protected] http://lists.meego.com/listinfo/meego-packaging _______________________________________________ MeeGo-packaging mailing list [email protected] http://lists.meego.com/listinfo/meego-packaging
