diff options
| author | markd <markd@pkgsrc.org> | 2007-04-06 12:44:38 +0000 |
|---|---|---|
| committer | markd <markd@pkgsrc.org> | 2007-04-06 12:44:38 +0000 |
| commit | fe0cd9bf568cf187d8002b898bfe7c7f89fef114 (patch) | |
| tree | b8c9566986124c484b9c928d033339cf7de51408 | |
| parent | bf8d46375caecb1a33d057b81087b9df5d608811 (diff) | |
| download | pkgsrc-fe0cd9bf568cf187d8002b898bfe7c7f89fef114.tar.gz | |
Fix for CVE-2007-0242. Bump PKGREVISION.
| -rw-r--r-- | x11/qt3-libs/Makefile | 4 | ||||
| -rw-r--r-- | x11/qt3-libs/distinfo | 4 | ||||
| -rw-r--r-- | x11/qt3-libs/patches/patch-aq | 62 | ||||
| -rw-r--r-- | x11/qt3-libs/patches/patch-ar | 43 |
4 files changed, 110 insertions, 3 deletions
diff --git a/x11/qt3-libs/Makefile b/x11/qt3-libs/Makefile index 154e84f029c..eb97a8a6897 100644 --- a/x11/qt3-libs/Makefile +++ b/x11/qt3-libs/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.62 2007/03/18 20:59:35 markd Exp $ +# $NetBSD: Makefile,v 1.63 2007/04/06 12:44:38 markd Exp $ PKGNAME= qt3-libs-${QTVERSION} -PKGREVISION= 1 +PKGREVISION= 2 MAINTAINER= adam@NetBSD.org COMMENT= C++ X GUI toolkit diff --git a/x11/qt3-libs/distinfo b/x11/qt3-libs/distinfo index f346af9d49e..65bb755dea4 100644 --- a/x11/qt3-libs/distinfo +++ b/x11/qt3-libs/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.43 2007/03/18 20:59:35 markd Exp $ +$NetBSD: distinfo,v 1.44 2007/04/06 12:44:38 markd Exp $ SHA1 (qt-x11-free-3.3.8.tar.bz2) = 91b192cb8e80679607d24ae35d6e20ed68d149d7 RMD160 (qt-x11-free-3.3.8.tar.bz2) = 7b8e4e35f49014eac4fcfe91b7ec0a45c5569cf4 @@ -19,6 +19,8 @@ SHA1 (patch-am) = d03608cc641edab382f0b6afc6f29b5d97a285a5 SHA1 (patch-an) = a710aee86198eea2def98cb776280819c4ec556f SHA1 (patch-ao) = 3aacba05b27314cadab7dceba3c21d65bab608d3 SHA1 (patch-ap) = 5040628324d271abfc662c5a6eeb4f1ecf0d4758 +SHA1 (patch-aq) = 5ab611a8f39a9a344777680a592b0aabc69229fc +SHA1 (patch-ar) = 736703bd8831a4fa5562690b9159d937b233fccf SHA1 (patch-bb) = b6a15a4b2b7b83b89bd3610cf2e48c242dbce2e5 SHA1 (patch-bc) = d8a84e1b66bf1953b53df57ae81d2c98cce69c41 SHA1 (patch-bd) = a116ecf305ee5b5338bf84cb908d695f3baea830 diff --git a/x11/qt3-libs/patches/patch-aq b/x11/qt3-libs/patches/patch-aq new file mode 100644 index 00000000000..9435b77513c --- /dev/null +++ b/x11/qt3-libs/patches/patch-aq @@ -0,0 +1,62 @@ +$NetBSD: patch-aq,v 1.1 2007/04/06 12:44:38 markd Exp $ + +--- src/codecs/qutfcodec.cpp ++++ src/codecs/qutfcodec.cpp +@@ -154,6 +154,7 @@ + + class QUtf8Decoder : public QTextDecoder { + uint uc; ++ uint min_uc; + int need; + bool headerDone; + public: +@@ -167,8 +168,9 @@ + result.setLength( len ); // worst case + QChar *qch = (QChar *)result.unicode(); + uchar ch; ++ int error = -1; + for (int i=0; i<len; i++) { +- ch = *chars++; ++ ch = chars[i]; + if (need) { + if ( (ch&0xc0) == 0x80 ) { + uc = (uc << 6) | (ch & 0x3f); +@@ -182,6 +184,8 @@ + *qch++ = QChar(high); + *qch++ = QChar(low); + headerDone = TRUE; ++ } else if ((uc < min_uc) || (uc >= 0xd800 && uc <= 0xdfff) || (uc >= 0xfffe)) { ++ *qch++ = QChar::replacement; + } else { + if (headerDone || QChar(uc) != QChar::byteOrderMark) + *qch++ = uc; +@@ -190,6 +194,7 @@ + } + } else { + // error ++ i = error; + *qch++ = QChar::replacement; + need = 0; + } +@@ -200,12 +205,21 @@ + } else if ((ch & 0xe0) == 0xc0) { + uc = ch & 0x1f; + need = 1; ++ error = i; ++ min_uc = 0x80; + } else if ((ch & 0xf0) == 0xe0) { + uc = ch & 0x0f; + need = 2; ++ error = i; ++ min_uc = 0x800; + } else if ((ch&0xf8) == 0xf0) { + uc = ch & 0x07; + need = 3; ++ error = i; ++ min_uc = 0x10000; ++ } else { ++ // error ++ *qch++ = QChar::replacement; + } + } + } diff --git a/x11/qt3-libs/patches/patch-ar b/x11/qt3-libs/patches/patch-ar new file mode 100644 index 00000000000..24ba3c43901 --- /dev/null +++ b/x11/qt3-libs/patches/patch-ar @@ -0,0 +1,43 @@ +$NetBSD: patch-ar,v 1.1 2007/04/06 12:44:38 markd Exp $ + +--- src/tools/qstring.cpp ++++ src/tools/qstring.cpp +@@ -5805,6 +5805,7 @@ + result.setLength( len ); // worst case + QChar *qch = (QChar *)result.unicode(); + uint uc = 0; ++ uint min_uc = 0; + int need = 0; + int error = -1; + uchar ch; +@@ -5822,6 +5823,12 @@ + unsigned short low = uc%0x400 + 0xdc00; + *qch++ = QChar(high); + *qch++ = QChar(low); ++ } else if (uc < min_uc || (uc >= 0xd800 && uc <= 0xdfff) || (uc >= 0xfffe)) { ++ // overlong seqence, UTF16 surrogate or BOM ++ i = error; ++ qch = addOne(qch, result); ++ *qch++ = QChar(0xdbff); ++ *qch++ = QChar(0xde00+((uchar)utf8[i])); + } else { + *qch++ = uc; + } +@@ -5844,14 +5851,17 @@ + uc = ch & 0x1f; + need = 1; + error = i; ++ min_uc = 0x80; + } else if ((ch & 0xf0) == 0xe0) { + uc = ch & 0x0f; + need = 2; + error = i; ++ min_uc = 0x800; + } else if ((ch&0xf8) == 0xf0) { + uc = ch & 0x07; + need = 3; + error = i; ++ min_uc = 0x10000; + } else { + // Error + qch = addOne(qch, result); |