[pkgsrc/pkgsrc-2005Q1]: pkgsrc/x11/kdelibs3 Pullup ticket 438 - requested by ...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2005Q1]: pkgsrc/x11/kdelibs3 Pullup ticket 438 - requested by ...
From: salo <salo%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 01:31:32 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/d92ea1ce8e47
branches:  pkgsrc-2005Q1
changeset: 490957:d92ea1ce8e47
user:      salo <salo%pkgsrc.org@localhost>
date:      Sat Apr 16 19:47:33 2005 +0000

description:
Pullup ticket 438 - requested by Matthias Drochner
security fix for kdelibs3

Revisions pulled up:
- pkgsrc/x11/kdelibs3/patches/patch-da  1.1
- pkgsrc/x11/kdelibs3/patches/patch-db  1.1
- pkgsrc/x11/kdelibs3/patches/patch-dc  1.1
- pkgsrc/x11/kdelibs3/patches/patch-dd  1.1
- pkgsrc/x11/kdelibs3/patches/patch-de  1.1
- pkgsrc/x11/kdelibs3/patches/patch-df  1.1

Due to different versions of KDE on the stable branch and HEAD,
rest of the files patched by hand.

   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Tue Apr 12 11:00:03 UTC 2005

   Modified Files:
           pkgsrc/x11/kdelibs3: Makefile distinfo
   Added Files:
           pkgsrc/x11/kdelibs3/patches: patch-da patch-db patch-dc patch-dd
               patch-de patch-df patch-dg

   Log Message:
   fix buffer overflow by corrupt PCX files, leading to crashes or code
   injection, see http://bugs.kde.org/show_bug.cgi?id=102328
   bump PKGREVISION

diffstat:

 x11/kdelibs3/Makefile         |   4 +-
 x11/kdelibs3/buildlink3.mk    |   4 +-
 x11/kdelibs3/distinfo         |   8 ++++++-
 x11/kdelibs3/patches/patch-da |  13 ++++++++++++
 x11/kdelibs3/patches/patch-db |  16 +++++++++++++++
 x11/kdelibs3/patches/patch-dc |  44 +++++++++++++++++++++++++++++++++++++++++++
 x11/kdelibs3/patches/patch-dd |  14 +++++++++++++
 x11/kdelibs3/patches/patch-de |  13 ++++++++++++
 x11/kdelibs3/patches/patch-df |  13 ++++++++++++
 9 files changed, 124 insertions(+), 5 deletions(-)

diffs (187 lines):

diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/Makefile
--- a/x11/kdelibs3/Makefile     Sat Apr 16 19:32:33 2005 +0000
+++ b/x11/kdelibs3/Makefile     Sat Apr 16 19:47:33 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.78 2005/03/17 09:46:36 markd Exp $
+# $NetBSD: Makefile,v 1.78.2.1 2005/04/16 19:47:33 salo Exp $
 
 DISTNAME=      kdelibs-${_KDE_VERSION}
-PKGREVISION=   8
+PKGREVISION=   9
 CATEGORIES=    x11
 COMMENT=       Support libraries for the KDE integrated X11 desktop
 
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/buildlink3.mk
--- a/x11/kdelibs3/buildlink3.mk        Sat Apr 16 19:32:33 2005 +0000
+++ b/x11/kdelibs3/buildlink3.mk        Sat Apr 16 19:47:33 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.5 2004/12/28 23:18:22 reed Exp $
+# $NetBSD: buildlink3.mk,v 1.5.2.1 2005/04/16 19:47:33 salo Exp $
 
 BUILDLINK_DEPTH:=      ${BUILDLINK_DEPTH}+
 KDELIBS_BUILDLINK3_MK:=        ${KDELIBS_BUILDLINK3_MK}+
@@ -14,7 +14,7 @@
 
 .if !empty(KDELIBS_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.kdelibs+=    kdelibs>=3.2.0
-BUILDLINK_RECOMMENDED.kdelibs?=        kdelibs>=3.3.2nb4
+BUILDLINK_RECOMMENDED.kdelibs?=        kdelibs>=3.3.2nb9
 BUILDLINK_PKGSRCDIR.kdelibs?=  ../../x11/kdelibs3
 
 .include "../../x11/kdelibs3/dirs.mk"
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/distinfo
--- a/x11/kdelibs3/distinfo     Sat Apr 16 19:32:33 2005 +0000
+++ b/x11/kdelibs3/distinfo     Sat Apr 16 19:47:33 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.51 2005/03/17 09:46:36 markd Exp $
+$NetBSD: distinfo,v 1.51.2.1 2005/04/16 19:47:33 salo Exp $
 
 SHA1 (kdelibs-3.3.2.tar.bz2) = 69325b603375d31d4d537955383f4893e4a7945f
 RMD160 (kdelibs-3.3.2.tar.bz2) = 66d8bf05cff7aaf875a640a08b1a259085385036
@@ -27,3 +27,9 @@
 SHA1 (patch-ck) = 74385ed9563c6d28874a230a4ff38ac8786ade5e
 SHA1 (patch-cl) = 92a3dc086cc706a79f1f3dfe7568fcd1f1fb8dce
 SHA1 (patch-cm) = 56663d0a1c0fa1174ba2f31ed0373add6f838deb
+SHA1 (patch-da) = d7acd5026687d8edf4d4daf15778a4af41b2670b
+SHA1 (patch-db) = 86d54e559feabb5ce95bc03bd8a0e954f525025f
+SHA1 (patch-dc) = c54db24f6afdff5a35069b54bf64c07fce4866d9
+SHA1 (patch-dd) = e0a26e8d9b0f9764b2eee246ce52439700d3fe3e
+SHA1 (patch-de) = 48b4ea0d331ff13eefd438a113bcac2398b68f51
+SHA1 (patch-df) = 1459e51ed359dffe74f62fe68f548dd154239a8a
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/patches/patch-da
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-da     Sat Apr 16 19:47:33 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-da,v 1.1.2.2 2005/04/16 19:47:33 salo Exp $
+
+--- kimgio/exr.cpp.orig        2004-06-22 19:36:40.000000000 +0200
++++ kimgio/exr.cpp     2005-04-13 23:24:22.000000000 +0200
+@@ -136,6 +136,8 @@
+         file.readPixels (dw.min.y, dw.max.y);
+ 
+               QImage image(width, height, 32, 0, QImage::BigEndian);
++              if( image.isNull())
++                      return;
+ 
+               // somehow copy pixels into image
+               for ( int y=0; y < height; y++ ) {
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/patches/patch-db
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-db     Sat Apr 16 19:47:33 2005 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-db,v 1.1.2.2 2005/04/16 19:47:33 salo Exp $
+
+--- kimgio/jp2.cpp.orig        2003-10-26 11:54:06.000000000 +0100
++++ kimgio/jp2.cpp     2005-04-13 23:27:40.000000000 +0200
+@@ -157,8 +157,9 @@
+       void
+       draw_view_gray( gs_t& gs, QImage& qti )
+       {
+-              qti.create( jas_image_width( gs.image ), jas_image_height( gs.image ),
+-                      8, 256 );
++              if( !qti.create( jas_image_width( gs.image ), jas_image_height( gs.image ),
++                      8, 256 ))
++                      return;
+               for( int i = 0; i < 256; ++i )
+                       qti.setColor( i, qRgb( i, i, i ) );
+ 
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/patches/patch-dc
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-dc     Sat Apr 16 19:47:33 2005 +0000
@@ -0,0 +1,44 @@
+$NetBSD: patch-dc,v 1.1.2.2 2005/04/16 19:47:33 salo Exp $
+
+--- kimgio/pcx.cpp.orig        2003-10-26 11:54:06.000000000 +0100
++++ kimgio/pcx.cpp     2005-04-13 23:29:10.000000000 +0200
+@@ -134,7 +134,8 @@
+ {
+   QByteArray buf( header.BytesPerLine );
+ 
+-  img.create( w, h, 1, 2, QImage::BigEndian );
++  if( !img.create( w, h, 1, 2, QImage::BigEndian ))
++    return;
+ 
+   for ( int y=0; y<h; ++y )
+   {
+@@ -160,7 +161,8 @@
+   QByteArray buf( header.BytesPerLine*4 );
+   QByteArray pixbuf( w );
+ 
+-  img.create( w, h, 8, 16, QImage::IgnoreEndian );
++  if( !img.create( w, h, 8, 16, QImage::IgnoreEndian ))
++    return;
+ 
+   for ( int y=0; y<h; ++y )
+   {
+@@ -196,7 +198,8 @@
+ {
+   QByteArray buf( header.BytesPerLine );
+ 
+-  img.create( w, h, 8, 256, QImage::IgnoreEndian );
++  if( !img.create( w, h, 8, 256, QImage::IgnoreEndian ))
++    return;
+ 
+   for ( int y=0; y<h; ++y )
+   {
+@@ -236,7 +239,8 @@
+   QByteArray g_buf( header.BytesPerLine );
+   QByteArray b_buf( header.BytesPerLine );
+ 
+-  img.create( w, h, 32 );
++  if( !img.create( w, h, 32 ))
++    return;
+ 
+   for ( int y=0; y<h; ++y )
+   {
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/patches/patch-dd
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-dd     Sat Apr 16 19:47:33 2005 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-dd,v 1.1.2.2 2005/04/16 19:47:33 salo Exp $
+
+--- kimgio/tiffr.cpp.orig      2004-06-22 19:36:40.000000000 +0200
++++ kimgio/tiffr.cpp   2005-04-13 23:31:19.000000000 +0200
+@@ -83,6 +83,9 @@
+             return;
+ 
+       QImage image( width, height, 32 );
++      if( image.isNull()) {
++              return;
++      }
+       data = (uint32 *)image.bits();
+ 
+       //Sven: changed to %ld for 64bit machines
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/patches/patch-de
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-de     Sat Apr 16 19:47:33 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-de,v 1.1.2.2 2005/04/16 19:47:33 salo Exp $
+
+--- kimgio/xview.cpp.orig      2003-09-07 14:17:55.000000000 +0200
++++ kimgio/xview.cpp   2005-04-13 23:34:18.000000000 +0200
+@@ -60,6 +60,8 @@
+ 
+       // Create the image
+       QImage image( x, y, 8, maxval + 1, QImage::BigEndian );
++      if( image.isNull())
++              return;
+ 
+       // how do the color handling? they are absolute 24bpp
+       // or at least can be calculated as such.
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/patches/patch-df
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-df     Sat Apr 16 19:47:33 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-df,v 1.1.2.2 2005/04/16 19:47:33 salo Exp $
+
+--- kimgio/g3r.cpp.orig        2004-06-22 19:36:40.000000000 +0200
++++ kimgio/g3r.cpp     2005-04-16 21:39:11.000000000 +0200
+@@ -28,7 +28,7 @@
+ 
+   QImage image(width, height, 1, 0, QImage::BigEndian);
+   
+-  if (scanlength != image.bytesPerLine())
++  if (image.isNull() || (scanlength != image.bytesPerLine()))
+     {
+       TIFFClose(tiff);
+       return;
Prev by Date: [pkgsrc/pkgsrc-2005Q1]: pkgsrc/doc #438
Next by Date: [pkgsrc/pkgsrc-2005Q1]: pkgsrc/doc 450
Previous by Thread: [pkgsrc/pkgsrc-2005Q1]: pkgsrc/doc #438
Next by Thread: [pkgsrc/pkgsrc-2005Q1]: pkgsrc/doc 450
Indexes:
Home | Main Index | Thread Index | Old Index