[pkgsrc/trunk]: pkgsrc/x11/qt3-libs Fix security vulnerability reported in CV...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ab8a8e708b7e
branches:  trunk
changeset: 533333:ab8a8e708b7e
user:      tron <tron%pkgsrc.org@localhost>
date:      Sat Sep 15 12:04:01 2007 +0000

description:
Fix security vulnerability reported in CVE-2007-4137.
Bump package revision.

diffstat:

 x11/qt3-libs/Makefile         |   4 ++--
 x11/qt3-libs/distinfo         |   4 ++--
 x11/qt3-libs/patches/patch-aq |  17 ++++++++++++-----
 3 files changed, 16 insertions(+), 9 deletions(-)

diffs (63 lines):

diff -r 60757376cd28 -r ab8a8e708b7e x11/qt3-libs/Makefile
--- a/x11/qt3-libs/Makefile     Sat Sep 15 11:51:59 2007 +0000
+++ b/x11/qt3-libs/Makefile     Sat Sep 15 12:04:01 2007 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.66 2007/09/08 13:45:31 wiz Exp $
+# $NetBSD: Makefile,v 1.67 2007/09/15 12:04:01 tron Exp $
 
 PKGNAME=       qt3-libs-${QTVERSION}
-PKGREVISION=   4
+PKGREVISION=   5
 MAINTAINER=    adam%NetBSD.org@localhost
 COMMENT=       C++ X GUI toolkit
 
diff -r 60757376cd28 -r ab8a8e708b7e x11/qt3-libs/distinfo
--- a/x11/qt3-libs/distinfo     Sat Sep 15 11:51:59 2007 +0000
+++ b/x11/qt3-libs/distinfo     Sat Sep 15 12:04:01 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.45 2007/08/01 20:51:23 tron Exp $
+$NetBSD: distinfo,v 1.46 2007/09/15 12:04:01 tron Exp $
 
 SHA1 (qt-x11-free-3.3.8.tar.bz2) = 91b192cb8e80679607d24ae35d6e20ed68d149d7
 RMD160 (qt-x11-free-3.3.8.tar.bz2) = 7b8e4e35f49014eac4fcfe91b7ec0a45c5569cf4
@@ -19,7 +19,7 @@
 SHA1 (patch-an) = a710aee86198eea2def98cb776280819c4ec556f
 SHA1 (patch-ao) = 3aacba05b27314cadab7dceba3c21d65bab608d3
 SHA1 (patch-ap) = 5040628324d271abfc662c5a6eeb4f1ecf0d4758
-SHA1 (patch-aq) = 5ab611a8f39a9a344777680a592b0aabc69229fc
+SHA1 (patch-aq) = c17ff8b42901ae9a3cc51c33cffe4cffa64b4e4d
 SHA1 (patch-ar) = 736703bd8831a4fa5562690b9159d937b233fccf
 SHA1 (patch-bb) = b6a15a4b2b7b83b89bd3610cf2e48c242dbce2e5
 SHA1 (patch-bc) = d8a84e1b66bf1953b53df57ae81d2c98cce69c41
diff -r 60757376cd28 -r ab8a8e708b7e x11/qt3-libs/patches/patch-aq
--- a/x11/qt3-libs/patches/patch-aq     Sat Sep 15 11:51:59 2007 +0000
+++ b/x11/qt3-libs/patches/patch-aq     Sat Sep 15 12:04:01 2007 +0000
@@ -1,7 +1,10 @@
-$NetBSD: patch-aq,v 1.1 2007/04/06 12:44:38 markd Exp $
+$NetBSD: patch-aq,v 1.2 2007/09/15 12:04:01 tron Exp $
 
---- src/codecs/qutfcodec.cpp
-+++ src/codecs/qutfcodec.cpp
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4137
+
+--- src/codecs/qutfcodec.cpp.orig      2007-02-02 14:01:08.000000000 +0000
++++ src/codecs/qutfcodec.cpp   2007-09-15 12:12:18.000000000 +0100
 @@ -154,6 +154,7 @@
  
  class QUtf8Decoder : public QTextDecoder {
@@ -10,8 +13,12 @@
      int need;
      bool headerDone;
  public:
-@@ -167,8 +168,9 @@
-       result.setLength( len ); // worst case
+@@ -164,11 +165,12 @@
+     QString toUnicode(const char* chars, int len)
+     {
+       QString result;
+-      result.setLength( len ); // worst case
++      result.setLength( len + 1 ); // worst case
        QChar *qch = (QChar *)result.unicode();
        uchar ch;
 +        int error = -1;