diff options
| author | drochner <drochner> | 2011-08-30 22:18:30 +0000 |
|---|---|---|
| committer | drochner <drochner> | 2011-08-30 22:18:30 +0000 |
| commit | 08b8ba93084c32b269cd1e84e05b48b0c85e6e8d (patch) | |
| tree | a5ec846d2fcd8b4388fbdfb7380c0a79feb60818 | |
| parent | aeea742366a72d82aeec12ea8a82bdd590bb5b14 (diff) | |
| download | pkgsrc-08b8ba93084c32b269cd1e84e05b48b0c85e6e8d.tar.gz | |
add 2 patches from upstream to fix possible buffer overflows
(CVE-2011-3193, CVE-2011-3194)
bump PKGREV
| -rw-r--r-- | x11/qt4-libs/Makefile | 4 | ||||
| -rw-r--r-- | x11/qt4-libs/distinfo | 4 | ||||
| -rw-r--r-- | x11/qt4-libs/patches/patch-da | 29 | ||||
| -rw-r--r-- | x11/qt4-libs/patches/patch-db | 16 | ||||
| -rw-r--r-- | x11/qt4-tiff/Makefile | 3 |
5 files changed, 52 insertions, 4 deletions
diff --git a/x11/qt4-libs/Makefile b/x11/qt4-libs/Makefile index a498fd2c6cf..5852027ac42 100644 --- a/x11/qt4-libs/Makefile +++ b/x11/qt4-libs/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.62 2011/08/18 12:34:26 cheusov Exp $ +# $NetBSD: Makefile,v 1.63 2011/08/30 22:18:30 drochner Exp $ PKG_DESTDIR_SUPPORT= user-destdir PKGNAME= qt4-libs-${QTVERSION} -PKGREVISION= 1 +PKGREVISION= 2 COMMENT= C++ X GUI toolkit .include "../../x11/qt4-libs/Makefile.common" diff --git a/x11/qt4-libs/distinfo b/x11/qt4-libs/distinfo index dac6c3ae17c..156b53fa585 100644 --- a/x11/qt4-libs/distinfo +++ b/x11/qt4-libs/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.59 2011/08/19 14:55:15 obache Exp $ +$NetBSD: distinfo,v 1.60 2011/08/30 22:18:31 drochner Exp $ SHA1 (qt-everywhere-opensource-src-4.7.3.tar.gz) = 765eb70d9779f93fefddddda5e6ddb33f4c0b71e RMD160 (qt-everywhere-opensource-src-4.7.3.tar.gz) = ab9c11c85898430fa74e5e07894f8da5e5936645 @@ -46,5 +46,7 @@ SHA1 (patch-cg) = c5948cea47fb4134c626415b0b2c36660beea64a SHA1 (patch-ch) = 8efaa05e564022710ff978b59581c017bbece979 SHA1 (patch-ci) = a2ac5703503afcdb2a87f80a8ba373c8ff7a2697 SHA1 (patch-cj) = 49fd8ae10c5fc026101355596b91fcf3e1701b9d +SHA1 (patch-da) = 47f1d44bb593a81fb0520a4ee23f2f528533156f +SHA1 (patch-db) = cbecf57ba75ce82901d347197013208811366514 SHA1 (patch-src_network_ssl_qsslsocket__openssl__symbols.cpp) = 87c48f97ba2026f4bb553aa0b855bc1b1f653abf SHA1 (patch-src_network_ssl_qsslsocket__openssl__symbols__p.h) = e05f420bd532a8964d293e4bad848636dc716d0f diff --git a/x11/qt4-libs/patches/patch-da b/x11/qt4-libs/patches/patch-da new file mode 100644 index 00000000000..811b595dd1e --- /dev/null +++ b/x11/qt4-libs/patches/patch-da @@ -0,0 +1,29 @@ +$NetBSD: patch-da,v 1.1 2011/08/30 22:18:31 drochner Exp $ + +CVE-2011-3194 + +--- src/gui/image/qtiffhandler.cpp.orig 2011-03-30 05:19:04.000000000 +0000 ++++ src/gui/image/qtiffhandler.cpp +@@ -196,9 +196,12 @@ bool QTiffHandler::read(QImage *image) + uint16 bitPerSample; + if (!TIFFGetField(tiff, TIFFTAG_BITSPERSAMPLE, &bitPerSample)) + bitPerSample = 1; ++ uint16 samplesPerPixel; // they may be e.g. grayscale with 2 samples per pixel ++ if (!TIFFGetField(tiff, TIFFTAG_SAMPLESPERPIXEL, &samplesPerPixel)) ++ samplesPerPixel = 1; + + bool grayscale = photometric == PHOTOMETRIC_MINISBLACK || photometric == PHOTOMETRIC_MINISWHITE; +- if (grayscale && bitPerSample == 1) { ++ if (grayscale && bitPerSample == 1 && samplesPerPixel == 1) { + if (image->size() != QSize(width, height) || image->format() != QImage::Format_Mono) + *image = QImage(width, height, QImage::Format_Mono); + QVector<QRgb> colortable(2); +@@ -220,7 +223,7 @@ bool QTiffHandler::read(QImage *image) + } + } + } else { +- if ((grayscale || photometric == PHOTOMETRIC_PALETTE) && bitPerSample == 8) { ++ if ((grayscale || photometric == PHOTOMETRIC_PALETTE) && bitPerSample == 8 && samplesPerPixel == 1) { + if (image->size() != QSize(width, height) || image->format() != QImage::Format_Indexed8) + *image = QImage(width, height, QImage::Format_Indexed8); + if (!image->isNull()) { diff --git a/x11/qt4-libs/patches/patch-db b/x11/qt4-libs/patches/patch-db new file mode 100644 index 00000000000..3eab2cbfaf6 --- /dev/null +++ b/x11/qt4-libs/patches/patch-db @@ -0,0 +1,16 @@ +$NetBSD: patch-db,v 1.1 2011/08/30 22:18:31 drochner Exp $ + +CVE-2011-3193 + +--- src/3rdparty/harfbuzz/src/harfbuzz-gpos.c.orig 2011-03-30 05:19:01.000000000 +0000 ++++ src/3rdparty/harfbuzz/src/harfbuzz-gpos.c +@@ -3012,6 +3012,9 @@ static HB_Error Lookup_MarkMarkPos( GPO + j--; + } + ++ if ( i > buffer->in_pos ) ++ return HB_Err_Not_Covered; ++ + error = _HB_OPEN_Coverage_Index( &mmp->Mark2Coverage, IN_GLYPH( j ), + &mark2_index ); + if ( error ) diff --git a/x11/qt4-tiff/Makefile b/x11/qt4-tiff/Makefile index 047aef05148..91ea1fab841 100644 --- a/x11/qt4-tiff/Makefile +++ b/x11/qt4-tiff/Makefile @@ -1,10 +1,11 @@ -# $NetBSD: Makefile,v 1.17 2011/05/05 12:37:08 adam Exp $ +# $NetBSD: Makefile,v 1.18 2011/08/30 22:18:31 drochner Exp $ PKG_DESTDIR_SUPPORT= user-destdir .include "../../x11/qt4-libs/Makefile.common" PKGNAME= qt4-tiff-${QTVERSION} +PKGREVISION= 1 COMMENT= QT TIFF image format plugin CONFIGURE_ARGS+= -I${QTDIR}/include |