pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q1]: pkgsrc/x11/kdelibs3 Pullup ticket 438 - requested by ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/d92ea1ce8e47
branches: pkgsrc-2005Q1
changeset: 490957:d92ea1ce8e47
user: salo <salo%pkgsrc.org@localhost>
date: Sat Apr 16 19:47:33 2005 +0000
description:
Pullup ticket 438 - requested by Matthias Drochner
security fix for kdelibs3
Revisions pulled up:
- pkgsrc/x11/kdelibs3/patches/patch-da 1.1
- pkgsrc/x11/kdelibs3/patches/patch-db 1.1
- pkgsrc/x11/kdelibs3/patches/patch-dc 1.1
- pkgsrc/x11/kdelibs3/patches/patch-dd 1.1
- pkgsrc/x11/kdelibs3/patches/patch-de 1.1
- pkgsrc/x11/kdelibs3/patches/patch-df 1.1
Due to different versions of KDE on the stable branch and HEAD,
rest of the files patched by hand.
Module Name: pkgsrc
Committed By: drochner
Date: Tue Apr 12 11:00:03 UTC 2005
Modified Files:
pkgsrc/x11/kdelibs3: Makefile distinfo
Added Files:
pkgsrc/x11/kdelibs3/patches: patch-da patch-db patch-dc patch-dd
patch-de patch-df patch-dg
Log Message:
fix buffer overflow by corrupt PCX files, leading to crashes or code
injection, see http://bugs.kde.org/show_bug.cgi?id=102328
bump PKGREVISION
diffstat:
x11/kdelibs3/Makefile | 4 +-
x11/kdelibs3/buildlink3.mk | 4 +-
x11/kdelibs3/distinfo | 8 ++++++-
x11/kdelibs3/patches/patch-da | 13 ++++++++++++
x11/kdelibs3/patches/patch-db | 16 +++++++++++++++
x11/kdelibs3/patches/patch-dc | 44 +++++++++++++++++++++++++++++++++++++++++++
x11/kdelibs3/patches/patch-dd | 14 +++++++++++++
x11/kdelibs3/patches/patch-de | 13 ++++++++++++
x11/kdelibs3/patches/patch-df | 13 ++++++++++++
9 files changed, 124 insertions(+), 5 deletions(-)
diffs (187 lines):
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/Makefile
--- a/x11/kdelibs3/Makefile Sat Apr 16 19:32:33 2005 +0000
+++ b/x11/kdelibs3/Makefile Sat Apr 16 19:47:33 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.78 2005/03/17 09:46:36 markd Exp $
+# $NetBSD: Makefile,v 1.78.2.1 2005/04/16 19:47:33 salo Exp $
DISTNAME= kdelibs-${_KDE_VERSION}
-PKGREVISION= 8
+PKGREVISION= 9
CATEGORIES= x11
COMMENT= Support libraries for the KDE integrated X11 desktop
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/buildlink3.mk
--- a/x11/kdelibs3/buildlink3.mk Sat Apr 16 19:32:33 2005 +0000
+++ b/x11/kdelibs3/buildlink3.mk Sat Apr 16 19:47:33 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.5 2004/12/28 23:18:22 reed Exp $
+# $NetBSD: buildlink3.mk,v 1.5.2.1 2005/04/16 19:47:33 salo Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
KDELIBS_BUILDLINK3_MK:= ${KDELIBS_BUILDLINK3_MK}+
@@ -14,7 +14,7 @@
.if !empty(KDELIBS_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.kdelibs+= kdelibs>=3.2.0
-BUILDLINK_RECOMMENDED.kdelibs?= kdelibs>=3.3.2nb4
+BUILDLINK_RECOMMENDED.kdelibs?= kdelibs>=3.3.2nb9
BUILDLINK_PKGSRCDIR.kdelibs?= ../../x11/kdelibs3
.include "../../x11/kdelibs3/dirs.mk"
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/distinfo
--- a/x11/kdelibs3/distinfo Sat Apr 16 19:32:33 2005 +0000
+++ b/x11/kdelibs3/distinfo Sat Apr 16 19:47:33 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.51 2005/03/17 09:46:36 markd Exp $
+$NetBSD: distinfo,v 1.51.2.1 2005/04/16 19:47:33 salo Exp $
SHA1 (kdelibs-3.3.2.tar.bz2) = 69325b603375d31d4d537955383f4893e4a7945f
RMD160 (kdelibs-3.3.2.tar.bz2) = 66d8bf05cff7aaf875a640a08b1a259085385036
@@ -27,3 +27,9 @@
SHA1 (patch-ck) = 74385ed9563c6d28874a230a4ff38ac8786ade5e
SHA1 (patch-cl) = 92a3dc086cc706a79f1f3dfe7568fcd1f1fb8dce
SHA1 (patch-cm) = 56663d0a1c0fa1174ba2f31ed0373add6f838deb
+SHA1 (patch-da) = d7acd5026687d8edf4d4daf15778a4af41b2670b
+SHA1 (patch-db) = 86d54e559feabb5ce95bc03bd8a0e954f525025f
+SHA1 (patch-dc) = c54db24f6afdff5a35069b54bf64c07fce4866d9
+SHA1 (patch-dd) = e0a26e8d9b0f9764b2eee246ce52439700d3fe3e
+SHA1 (patch-de) = 48b4ea0d331ff13eefd438a113bcac2398b68f51
+SHA1 (patch-df) = 1459e51ed359dffe74f62fe68f548dd154239a8a
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/patches/patch-da
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-da Sat Apr 16 19:47:33 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-da,v 1.1.2.2 2005/04/16 19:47:33 salo Exp $
+
+--- kimgio/exr.cpp.orig 2004-06-22 19:36:40.000000000 +0200
++++ kimgio/exr.cpp 2005-04-13 23:24:22.000000000 +0200
+@@ -136,6 +136,8 @@
+ file.readPixels (dw.min.y, dw.max.y);
+
+ QImage image(width, height, 32, 0, QImage::BigEndian);
++ if( image.isNull())
++ return;
+
+ // somehow copy pixels into image
+ for ( int y=0; y < height; y++ ) {
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/patches/patch-db
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-db Sat Apr 16 19:47:33 2005 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-db,v 1.1.2.2 2005/04/16 19:47:33 salo Exp $
+
+--- kimgio/jp2.cpp.orig 2003-10-26 11:54:06.000000000 +0100
++++ kimgio/jp2.cpp 2005-04-13 23:27:40.000000000 +0200
+@@ -157,8 +157,9 @@
+ void
+ draw_view_gray( gs_t& gs, QImage& qti )
+ {
+- qti.create( jas_image_width( gs.image ), jas_image_height( gs.image ),
+- 8, 256 );
++ if( !qti.create( jas_image_width( gs.image ), jas_image_height( gs.image ),
++ 8, 256 ))
++ return;
+ for( int i = 0; i < 256; ++i )
+ qti.setColor( i, qRgb( i, i, i ) );
+
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/patches/patch-dc
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-dc Sat Apr 16 19:47:33 2005 +0000
@@ -0,0 +1,44 @@
+$NetBSD: patch-dc,v 1.1.2.2 2005/04/16 19:47:33 salo Exp $
+
+--- kimgio/pcx.cpp.orig 2003-10-26 11:54:06.000000000 +0100
++++ kimgio/pcx.cpp 2005-04-13 23:29:10.000000000 +0200
+@@ -134,7 +134,8 @@
+ {
+ QByteArray buf( header.BytesPerLine );
+
+- img.create( w, h, 1, 2, QImage::BigEndian );
++ if( !img.create( w, h, 1, 2, QImage::BigEndian ))
++ return;
+
+ for ( int y=0; y<h; ++y )
+ {
+@@ -160,7 +161,8 @@
+ QByteArray buf( header.BytesPerLine*4 );
+ QByteArray pixbuf( w );
+
+- img.create( w, h, 8, 16, QImage::IgnoreEndian );
++ if( !img.create( w, h, 8, 16, QImage::IgnoreEndian ))
++ return;
+
+ for ( int y=0; y<h; ++y )
+ {
+@@ -196,7 +198,8 @@
+ {
+ QByteArray buf( header.BytesPerLine );
+
+- img.create( w, h, 8, 256, QImage::IgnoreEndian );
++ if( !img.create( w, h, 8, 256, QImage::IgnoreEndian ))
++ return;
+
+ for ( int y=0; y<h; ++y )
+ {
+@@ -236,7 +239,8 @@
+ QByteArray g_buf( header.BytesPerLine );
+ QByteArray b_buf( header.BytesPerLine );
+
+- img.create( w, h, 32 );
++ if( !img.create( w, h, 32 ))
++ return;
+
+ for ( int y=0; y<h; ++y )
+ {
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/patches/patch-dd
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-dd Sat Apr 16 19:47:33 2005 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-dd,v 1.1.2.2 2005/04/16 19:47:33 salo Exp $
+
+--- kimgio/tiffr.cpp.orig 2004-06-22 19:36:40.000000000 +0200
++++ kimgio/tiffr.cpp 2005-04-13 23:31:19.000000000 +0200
+@@ -83,6 +83,9 @@
+ return;
+
+ QImage image( width, height, 32 );
++ if( image.isNull()) {
++ return;
++ }
+ data = (uint32 *)image.bits();
+
+ //Sven: changed to %ld for 64bit machines
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/patches/patch-de
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-de Sat Apr 16 19:47:33 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-de,v 1.1.2.2 2005/04/16 19:47:33 salo Exp $
+
+--- kimgio/xview.cpp.orig 2003-09-07 14:17:55.000000000 +0200
++++ kimgio/xview.cpp 2005-04-13 23:34:18.000000000 +0200
+@@ -60,6 +60,8 @@
+
+ // Create the image
+ QImage image( x, y, 8, maxval + 1, QImage::BigEndian );
++ if( image.isNull())
++ return;
+
+ // how do the color handling? they are absolute 24bpp
+ // or at least can be calculated as such.
diff -r a8332f3406db -r d92ea1ce8e47 x11/kdelibs3/patches/patch-df
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-df Sat Apr 16 19:47:33 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-df,v 1.1.2.2 2005/04/16 19:47:33 salo Exp $
+
+--- kimgio/g3r.cpp.orig 2004-06-22 19:36:40.000000000 +0200
++++ kimgio/g3r.cpp 2005-04-16 21:39:11.000000000 +0200
+@@ -28,7 +28,7 @@
+
+ QImage image(width, height, 1, 0, QImage::BigEndian);
+
+- if (scanlength != image.bytesPerLine())
++ if (image.isNull() || (scanlength != image.bytesPerLine()))
+ {
+ TIFFClose(tiff);
+ return;
Home |
Main Index |
Thread Index |
Old Index