pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/qt3-libs Fix for CVE-2007-0242. Bump PKGREVISION.
details: https://anonhg.NetBSD.org/pkgsrc/rev/5de7b247b0ed
branches: trunk
changeset: 527328:5de7b247b0ed
user: markd <markd%pkgsrc.org@localhost>
date: Fri Apr 06 12:44:38 2007 +0000
description:
Fix for CVE-2007-0242. Bump PKGREVISION.
diffstat:
x11/qt3-libs/Makefile | 4 +-
x11/qt3-libs/distinfo | 4 ++-
x11/qt3-libs/patches/patch-aq | 62 +++++++++++++++++++++++++++++++++++++++++++
x11/qt3-libs/patches/patch-ar | 43 +++++++++++++++++++++++++++++
4 files changed, 110 insertions(+), 3 deletions(-)
diffs (144 lines):
diff -r 8d91cada59b7 -r 5de7b247b0ed x11/qt3-libs/Makefile
--- a/x11/qt3-libs/Makefile Fri Apr 06 12:22:04 2007 +0000
+++ b/x11/qt3-libs/Makefile Fri Apr 06 12:44:38 2007 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.62 2007/03/18 20:59:35 markd Exp $
+# $NetBSD: Makefile,v 1.63 2007/04/06 12:44:38 markd Exp $
PKGNAME= qt3-libs-${QTVERSION}
-PKGREVISION= 1
+PKGREVISION= 2
MAINTAINER= adam%NetBSD.org@localhost
COMMENT= C++ X GUI toolkit
diff -r 8d91cada59b7 -r 5de7b247b0ed x11/qt3-libs/distinfo
--- a/x11/qt3-libs/distinfo Fri Apr 06 12:22:04 2007 +0000
+++ b/x11/qt3-libs/distinfo Fri Apr 06 12:44:38 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.43 2007/03/18 20:59:35 markd Exp $
+$NetBSD: distinfo,v 1.44 2007/04/06 12:44:38 markd Exp $
SHA1 (qt-x11-free-3.3.8.tar.bz2) = 91b192cb8e80679607d24ae35d6e20ed68d149d7
RMD160 (qt-x11-free-3.3.8.tar.bz2) = 7b8e4e35f49014eac4fcfe91b7ec0a45c5569cf4
@@ -19,6 +19,8 @@
SHA1 (patch-an) = a710aee86198eea2def98cb776280819c4ec556f
SHA1 (patch-ao) = 3aacba05b27314cadab7dceba3c21d65bab608d3
SHA1 (patch-ap) = 5040628324d271abfc662c5a6eeb4f1ecf0d4758
+SHA1 (patch-aq) = 5ab611a8f39a9a344777680a592b0aabc69229fc
+SHA1 (patch-ar) = 736703bd8831a4fa5562690b9159d937b233fccf
SHA1 (patch-bb) = b6a15a4b2b7b83b89bd3610cf2e48c242dbce2e5
SHA1 (patch-bc) = d8a84e1b66bf1953b53df57ae81d2c98cce69c41
SHA1 (patch-bd) = a116ecf305ee5b5338bf84cb908d695f3baea830
diff -r 8d91cada59b7 -r 5de7b247b0ed x11/qt3-libs/patches/patch-aq
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/qt3-libs/patches/patch-aq Fri Apr 06 12:44:38 2007 +0000
@@ -0,0 +1,62 @@
+$NetBSD: patch-aq,v 1.1 2007/04/06 12:44:38 markd Exp $
+
+--- src/codecs/qutfcodec.cpp
++++ src/codecs/qutfcodec.cpp
+@@ -154,6 +154,7 @@
+
+ class QUtf8Decoder : public QTextDecoder {
+ uint uc;
++ uint min_uc;
+ int need;
+ bool headerDone;
+ public:
+@@ -167,8 +168,9 @@
+ result.setLength( len ); // worst case
+ QChar *qch = (QChar *)result.unicode();
+ uchar ch;
++ int error = -1;
+ for (int i=0; i<len; i++) {
+- ch = *chars++;
++ ch = chars[i];
+ if (need) {
+ if ( (ch&0xc0) == 0x80 ) {
+ uc = (uc << 6) | (ch & 0x3f);
+@@ -182,6 +184,8 @@
+ *qch++ = QChar(high);
+ *qch++ = QChar(low);
+ headerDone = TRUE;
++ } else if ((uc < min_uc) || (uc >= 0xd800 && uc <= 0xdfff) || (uc >= 0xfffe)) {
++ *qch++ = QChar::replacement;
+ } else {
+ if (headerDone || QChar(uc) != QChar::byteOrderMark)
+ *qch++ = uc;
+@@ -190,6 +194,7 @@
+ }
+ } else {
+ // error
++ i = error;
+ *qch++ = QChar::replacement;
+ need = 0;
+ }
+@@ -200,12 +205,21 @@
+ } else if ((ch & 0xe0) == 0xc0) {
+ uc = ch & 0x1f;
+ need = 1;
++ error = i;
++ min_uc = 0x80;
+ } else if ((ch & 0xf0) == 0xe0) {
+ uc = ch & 0x0f;
+ need = 2;
++ error = i;
++ min_uc = 0x800;
+ } else if ((ch&0xf8) == 0xf0) {
+ uc = ch & 0x07;
+ need = 3;
++ error = i;
++ min_uc = 0x10000;
++ } else {
++ // error
++ *qch++ = QChar::replacement;
+ }
+ }
+ }
diff -r 8d91cada59b7 -r 5de7b247b0ed x11/qt3-libs/patches/patch-ar
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/qt3-libs/patches/patch-ar Fri Apr 06 12:44:38 2007 +0000
@@ -0,0 +1,43 @@
+$NetBSD: patch-ar,v 1.1 2007/04/06 12:44:38 markd Exp $
+
+--- src/tools/qstring.cpp
++++ src/tools/qstring.cpp
+@@ -5805,6 +5805,7 @@
+ result.setLength( len ); // worst case
+ QChar *qch = (QChar *)result.unicode();
+ uint uc = 0;
++ uint min_uc = 0;
+ int need = 0;
+ int error = -1;
+ uchar ch;
+@@ -5822,6 +5823,12 @@
+ unsigned short low = uc%0x400 + 0xdc00;
+ *qch++ = QChar(high);
+ *qch++ = QChar(low);
++ } else if (uc < min_uc || (uc >= 0xd800 && uc <= 0xdfff) || (uc >= 0xfffe)) {
++ // overlong seqence, UTF16 surrogate or BOM
++ i = error;
++ qch = addOne(qch, result);
++ *qch++ = QChar(0xdbff);
++ *qch++ = QChar(0xde00+((uchar)utf8[i]));
+ } else {
+ *qch++ = uc;
+ }
+@@ -5844,14 +5851,17 @@
+ uc = ch & 0x1f;
+ need = 1;
+ error = i;
++ min_uc = 0x80;
+ } else if ((ch & 0xf0) == 0xe0) {
+ uc = ch & 0x0f;
+ need = 2;
+ error = i;
++ min_uc = 0x800;
+ } else if ((ch&0xf8) == 0xf0) {
+ uc = ch & 0x07;
+ need = 3;
+ error = i;
++ min_uc = 0x10000;
+ } else {
+ // Error
+ qch = addOne(qch, result);
Home |
Main Index |
Thread Index |
Old Index