summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordrochner <drochner@pkgsrc.org>2005-04-12 11:00:03 +0000
committerdrochner <drochner@pkgsrc.org>2005-04-12 11:00:03 +0000
commit5ca2a5812defd0173cc257f03898571a82d59b5d (patch)
tree1a21bac34dad059b32d5fb99b5800148854b493a
parentd73a537ea5a7cf28dcb013732b3842603e3b4463 (diff)
downloadpkgsrc-5ca2a5812defd0173cc257f03898571a82d59b5d.tar.gz
fix buffer overflow by corrupt PCX files, leading to crashes or code
injection, see http://bugs.kde.org/show_bug.cgi?id=102328 bump PKGREVISION
-rw-r--r--x11/kdelibs3/Makefile3
-rw-r--r--x11/kdelibs3/distinfo9
-rw-r--r--x11/kdelibs3/patches/patch-da13
-rw-r--r--x11/kdelibs3/patches/patch-db16
-rw-r--r--x11/kdelibs3/patches/patch-dc44
-rw-r--r--x11/kdelibs3/patches/patch-dd14
-rw-r--r--x11/kdelibs3/patches/patch-de197
-rw-r--r--x11/kdelibs3/patches/patch-df22
-rw-r--r--x11/kdelibs3/patches/patch-dg13
9 files changed, 329 insertions, 2 deletions
diff --git a/x11/kdelibs3/Makefile b/x11/kdelibs3/Makefile
index 1b30e5c29cf..d7b67a8ef39 100644
--- a/x11/kdelibs3/Makefile
+++ b/x11/kdelibs3/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.80 2005/04/11 21:48:11 tv Exp $
+# $NetBSD: Makefile,v 1.81 2005/04/12 11:00:03 drochner Exp $
DISTNAME= kdelibs-${_KDE_VERSION}
+PKGREVISION= 1
CATEGORIES= x11
COMMENT= Support libraries for the KDE integrated X11 desktop
diff --git a/x11/kdelibs3/distinfo b/x11/kdelibs3/distinfo
index d6731a15482..93a70dc1d49 100644
--- a/x11/kdelibs3/distinfo
+++ b/x11/kdelibs3/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.52 2005/03/23 21:37:48 markd Exp $
+$NetBSD: distinfo,v 1.53 2005/04/12 11:00:03 drochner Exp $
SHA1 (kdelibs-3.4.0.tar.bz2) = ca3ded4105a500dae5170ccf85cd62af98b33961
RMD160 (kdelibs-3.4.0.tar.bz2) = 75917f60d115d770b5a8aa3922591e118c6bfdf0
@@ -18,3 +18,10 @@ SHA1 (patch-cc) = 3b9024081a1727a925b5e3237378d8b2fc37bb4c
SHA1 (patch-ce) = e9f7a348b0e4be1475ba8f56a8b474f139eb7781
SHA1 (patch-cf) = 0409b64ee00f355bfc2056e596b519a241fcf522
SHA1 (patch-cg) = e68fc3f4147b1c4760669318319e59bcf67cea51
+SHA1 (patch-da) = f84186eb73af08023f7d9960c2086a60d5042e14
+SHA1 (patch-db) = 3235276a2aad256e59d2c83d49785cb672433abc
+SHA1 (patch-dc) = c4976f2883d35d7dd366c356eeac07d17d672068
+SHA1 (patch-dd) = 161bf22a8e4178fd01e08f98be3a6534a6c74895
+SHA1 (patch-de) = 6765fbda3d248e164d5694fe54fb85c7a28d6a34
+SHA1 (patch-df) = 4c7c73e8942e6842f58420bbe5b9491e7116002d
+SHA1 (patch-dg) = de05b75ab2f7d41fb0feaccd74cb460ef8a3412c
diff --git a/x11/kdelibs3/patches/patch-da b/x11/kdelibs3/patches/patch-da
new file mode 100644
index 00000000000..71fbac3c602
--- /dev/null
+++ b/x11/kdelibs3/patches/patch-da
@@ -0,0 +1,13 @@
+$NetBSD: patch-da,v 1.1 2005/04/12 11:00:03 drochner Exp $
+
+--- kimgio/exr.cpp.orig 2004-11-22 04:48:27.000000000 +0100
++++ kimgio/exr.cpp
+@@ -136,6 +136,8 @@ KDE_EXPORT void kimgio_exr_read( QImageI
+ file.readPixels (dw.min.y, dw.max.y);
+
+ QImage image(width, height, 32, 0, QImage::BigEndian);
++ if( image.isNull())
++ return;
+
+ // somehow copy pixels into image
+ for ( int y=0; y < height; y++ ) {
diff --git a/x11/kdelibs3/patches/patch-db b/x11/kdelibs3/patches/patch-db
new file mode 100644
index 00000000000..6eb9cc1c06b
--- /dev/null
+++ b/x11/kdelibs3/patches/patch-db
@@ -0,0 +1,16 @@
+$NetBSD: patch-db,v 1.1 2005/04/12 11:00:03 drochner Exp $
+
+--- kimgio/jp2.cpp.orig 2004-11-22 04:48:27.000000000 +0100
++++ kimgio/jp2.cpp
+@@ -157,8 +157,9 @@ namespace {
+ void
+ draw_view_gray( gs_t& gs, QImage& qti )
+ {
+- qti.create( jas_image_width( gs.image ), jas_image_height( gs.image ),
+- 8, 256 );
++ if( !qti.create( jas_image_width( gs.image ), jas_image_height( gs.image ),
++ 8, 256 ))
++ return;
+ for( int i = 0; i < 256; ++i )
+ qti.setColor( i, qRgb( i, i, i ) );
+
diff --git a/x11/kdelibs3/patches/patch-dc b/x11/kdelibs3/patches/patch-dc
new file mode 100644
index 00000000000..eb84c4b0013
--- /dev/null
+++ b/x11/kdelibs3/patches/patch-dc
@@ -0,0 +1,44 @@
+$NetBSD: patch-dc,v 1.1 2005/04/12 11:00:03 drochner Exp $
+
+--- kimgio/pcx.cpp.orig 2004-11-22 04:48:27.000000000 +0100
++++ kimgio/pcx.cpp
+@@ -134,7 +134,8 @@ static void readImage1( QDataStream &s )
+ {
+ QByteArray buf( header.BytesPerLine );
+
+- img.create( w, h, 1, 2, QImage::BigEndian );
++ if( !img.create( w, h, 1, 2, QImage::BigEndian ))
++ return;
+
+ for ( int y=0; y<h; ++y )
+ {
+@@ -160,7 +161,8 @@ static void readImage4( QDataStream &s )
+ QByteArray buf( header.BytesPerLine*4 );
+ QByteArray pixbuf( w );
+
+- img.create( w, h, 8, 16, QImage::IgnoreEndian );
++ if( !img.create( w, h, 8, 16, QImage::IgnoreEndian ))
++ return;
+
+ for ( int y=0; y<h; ++y )
+ {
+@@ -196,7 +198,8 @@ static void readImage8( QDataStream &s )
+ {
+ QByteArray buf( header.BytesPerLine );
+
+- img.create( w, h, 8, 256, QImage::IgnoreEndian );
++ if( !img.create( w, h, 8, 256, QImage::IgnoreEndian ))
++ return;
+
+ for ( int y=0; y<h; ++y )
+ {
+@@ -236,7 +239,8 @@ static void readImage24( QDataStream &s
+ QByteArray g_buf( header.BytesPerLine );
+ QByteArray b_buf( header.BytesPerLine );
+
+- img.create( w, h, 32 );
++ if( !img.create( w, h, 32 ))
++ return;
+
+ for ( int y=0; y<h; ++y )
+ {
diff --git a/x11/kdelibs3/patches/patch-dd b/x11/kdelibs3/patches/patch-dd
new file mode 100644
index 00000000000..e56dc386f43
--- /dev/null
+++ b/x11/kdelibs3/patches/patch-dd
@@ -0,0 +1,14 @@
+$NetBSD: patch-dd,v 1.1 2005/04/12 11:00:03 drochner Exp $
+
+--- kimgio/tiffr.cpp.orig 2004-11-22 04:52:18.000000000 +0100
++++ kimgio/tiffr.cpp
+@@ -84,6 +84,9 @@ KDE_EXPORT void kimgio_tiff_read( QImage
+ return;
+
+ QImage image( width, height, 32 );
++ if( image.isNull()) {
++ return;
++ }
+ data = (uint32 *)image.bits();
+
+ //Sven: changed to %ld for 64bit machines
diff --git a/x11/kdelibs3/patches/patch-de b/x11/kdelibs3/patches/patch-de
new file mode 100644
index 00000000000..39595bfd53e
--- /dev/null
+++ b/x11/kdelibs3/patches/patch-de
@@ -0,0 +1,197 @@
+$NetBSD: patch-de,v 1.1 2005/04/12 11:00:03 drochner Exp $
+
+--- kimgio/xcf.cpp.orig 2004-11-22 04:48:27.000000000 +0100
++++ kimgio/xcf.cpp
+@@ -401,7 +401,8 @@ bool XCFImageFormat::loadLayer(QDataStre
+ // Allocate the individual tile QImages based on the size and type
+ // of this layer.
+
+- composeTiles(xcf_image);
++ if( !composeTiles(xcf_image))
++ return false;
+ xcf_io.device()->at(layer.hierarchy_offset);
+
+ // As tiles are loaded, they are copied into the layers tiles by
+@@ -425,7 +426,8 @@ bool XCFImageFormat::loadLayer(QDataStre
+ // of the QImage.
+
+ if (!xcf_image.initialized) {
+- initializeImage(xcf_image);
++ if( !initializeImage(xcf_image))
++ return false;
+ copyLayerToImage(xcf_image);
+ xcf_image.initialized = true;
+ } else
+@@ -516,7 +518,7 @@ bool XCFImageFormat::loadLayerProperties
+ * QImage structures for each of them.
+ * \param xcf_image contains the current layer.
+ */
+-void XCFImageFormat::composeTiles(XCFImage& xcf_image)
++bool XCFImageFormat::composeTiles(XCFImage& xcf_image)
+ {
+ Layer& layer(xcf_image.layer);
+
+@@ -556,48 +558,67 @@ void XCFImageFormat::composeTiles(XCFIma
+ switch (layer.type) {
+ case RGB_GIMAGE:
+ layer.image_tiles[j][i] = QImage(tile_width, tile_height, 32, 0);
++ if( layer.image_tiles[j][i].isNull())
++ return false;
+ layer.image_tiles[j][i].setAlphaBuffer(false);
+ break;
+
+ case RGBA_GIMAGE:
+ layer.image_tiles[j][i] = QImage(tile_width, tile_height, 32, 0);
++ if( layer.image_tiles[j][i].isNull())
++ return false;
+ layer.image_tiles[j][i].setAlphaBuffer(true);
+ break;
+
+ case GRAY_GIMAGE:
+ layer.image_tiles[j][i] = QImage(tile_width, tile_height, 8, 256);
++ if( layer.image_tiles[j][i].isNull())
++ return false;
+ setGrayPalette(layer.image_tiles[j][i]);
+ break;
+
+ case GRAYA_GIMAGE:
+ layer.image_tiles[j][i] = QImage(tile_width, tile_height, 8, 256);
++ if( layer.image_tiles[j][i].isNull())
++ return false;
+ setGrayPalette(layer.image_tiles[j][i]);
+
+ layer.alpha_tiles[j][i] = QImage( tile_width, tile_height, 8, 256);
++ if( layer.alpha_tiles[j][i].isNull())
++ return false;
+ setGrayPalette(layer.alpha_tiles[j][i]);
+ break;
+
+ case INDEXED_GIMAGE:
+ layer.image_tiles[j][i] = QImage(tile_width, tile_height, 8,
+ xcf_image.num_colors);
++ if( layer.image_tiles[j][i].isNull())
++ return false;
+ setPalette(xcf_image, layer.image_tiles[j][i]);
+ break;
+
+ case INDEXEDA_GIMAGE:
+ layer.image_tiles[j][i] = QImage(tile_width, tile_height,8,
+ xcf_image.num_colors);
++ if( layer.image_tiles[j][i].isNull())
++ return false;
+ setPalette(xcf_image, layer.image_tiles[j][i]);
+
+ layer.alpha_tiles[j][i] = QImage(tile_width, tile_height, 8, 256);
++ if( layer.alpha_tiles[j][i].isNull())
++ return false;
+ setGrayPalette(layer.alpha_tiles[j][i]);
+ }
+
+ if (layer.mask_offset != 0) {
+ layer.mask_tiles[j][i] = QImage(tile_width, tile_height, 8, 256);
++ if( layer.mask_tiles[j][i].isNull())
++ return false;
+ setGrayPalette(layer.mask_tiles[j][i]);
+ }
+ }
+ }
++ return true;
+ }
+
+
+@@ -1072,7 +1093,7 @@ void XCFImageFormat::assignMaskBytes(Lay
+ * For indexed images, translucency is an all or nothing effect.
+ * \param xcf_image contains image info and bottom-most layer.
+ */
+-void XCFImageFormat::initializeImage(XCFImage& xcf_image)
++bool XCFImageFormat::initializeImage(XCFImage& xcf_image)
+ {
+ // (Aliases to make the code look a little better.)
+ Layer& layer(xcf_image.layer);
+@@ -1082,12 +1103,16 @@ void XCFImageFormat::initializeImage(XCF
+ case RGB_GIMAGE:
+ if (layer.opacity == OPAQUE_OPACITY) {
+ image.create( xcf_image.width, xcf_image.height, 32);
++ if( image.isNull())
++ return false;
+ image.fill(qRgb(255, 255, 255));
+ break;
+ } // else, fall through to 32-bit representation
+
+ case RGBA_GIMAGE:
+ image.create(xcf_image.width, xcf_image.height, 32);
++ if( image.isNull())
++ return false;
+ image.fill(qRgba(255, 255, 255, 0));
+ // Turning this on prevents fill() from affecting the alpha channel,
+ // by the way.
+@@ -1097,6 +1122,8 @@ void XCFImageFormat::initializeImage(XCF
+ case GRAY_GIMAGE:
+ if (layer.opacity == OPAQUE_OPACITY) {
+ image.create(xcf_image.width, xcf_image.height, 8, 256);
++ if( image.isNull())
++ return false;
+ setGrayPalette(image);
+ image.fill(255);
+ break;
+@@ -1104,6 +1131,8 @@ void XCFImageFormat::initializeImage(XCF
+
+ case GRAYA_GIMAGE:
+ image.create(xcf_image.width, xcf_image.height, 32);
++ if( image.isNull())
++ return false;
+ image.fill(qRgba(255, 255, 255, 0));
+ image.setAlphaBuffer(true);
+ break;
+@@ -1125,12 +1154,16 @@ void XCFImageFormat::initializeImage(XCF
+ image.create(xcf_image.width, xcf_image.height,
+ 1, xcf_image.num_colors,
+ QImage::LittleEndian);
++ if( image.isNull())
++ return false;
+ image.fill(0);
+ setPalette(xcf_image, image);
+ } else if (xcf_image.num_colors <= 256) {
+ image.create(xcf_image.width, xcf_image.height,
+ 8, xcf_image.num_colors,
+ QImage::LittleEndian);
++ if( image.isNull())
++ return false;
+ image.fill(0);
+ setPalette(xcf_image, image);
+ }
+@@ -1147,6 +1180,8 @@ void XCFImageFormat::initializeImage(XCF
+ image.create(xcf_image.width, xcf_image.height,
+ 1, xcf_image.num_colors,
+ QImage::LittleEndian);
++ if( image.isNull())
++ return false;
+ image.fill(0);
+ setPalette(xcf_image, image);
+ image.setAlphaBuffer(true);
+@@ -1160,6 +1195,8 @@ void XCFImageFormat::initializeImage(XCF
+ xcf_image.palette[0] = qRgba(255, 255, 255, 0);
+ image.create( xcf_image.width, xcf_image.height,
+ 8, xcf_image.num_colors);
++ if( image.isNull())
++ return false;
+ image.fill(0);
+ setPalette(xcf_image, image);
+ image.setAlphaBuffer(true);
+@@ -1168,6 +1205,8 @@ void XCFImageFormat::initializeImage(XCF
+ // true color. (There is no equivalent PNG representation output
+ // from The GIMP as of v1.2.)
+ image.create(xcf_image.width, xcf_image.height, 32);
++ if( image.isNull())
++ return false;
+ image.fill(qRgba(255, 255, 255, 0));
+ image.setAlphaBuffer(true);
+ }
+@@ -1176,6 +1215,7 @@ void XCFImageFormat::initializeImage(XCF
+
+ image.setDotsPerMeterX((int)(xcf_image.x_resolution * INCHESPERMETER));
+ image.setDotsPerMeterY((int)(xcf_image.y_resolution * INCHESPERMETER));
++ return true;
+ }
+
+
diff --git a/x11/kdelibs3/patches/patch-df b/x11/kdelibs3/patches/patch-df
new file mode 100644
index 00000000000..6b8fef849fe
--- /dev/null
+++ b/x11/kdelibs3/patches/patch-df
@@ -0,0 +1,22 @@
+$NetBSD: patch-df,v 1.1 2005/04/12 11:00:03 drochner Exp $
+
+--- kimgio/xcf.h.orig 2004-08-13 20:31:44.000000000 +0200
++++ kimgio/xcf.h
+@@ -176,7 +176,7 @@ private:
+ bool loadProperty(QDataStream& xcf_io, PropType& type, QByteArray& bytes);
+ bool loadLayer(QDataStream& xcf_io, XCFImage& xcf_image);
+ bool loadLayerProperties(QDataStream& xcf_io, Layer& layer);
+- void composeTiles(XCFImage& xcf_image);
++ bool composeTiles(XCFImage& xcf_image);
+ void setGrayPalette(QImage& image);
+ void setPalette(XCFImage& xcf_image, QImage& image);
+ static void assignImageBytes(Layer& layer, uint i, uint j);
+@@ -185,7 +185,7 @@ private:
+ static void assignMaskBytes(Layer& layer, uint i, uint j);
+ bool loadMask(QDataStream& xcf_io, Layer& layer);
+ bool loadChannelProperties(QDataStream& xcf_io, Layer& layer);
+- void initializeImage(XCFImage& xcf_image);
++ bool initializeImage(XCFImage& xcf_image);
+ bool loadTileRLE(QDataStream& xcf_io, uchar* tile, int size,
+ int data_length, Q_INT32 bpp);
+ static void copyLayerToImage(XCFImage& xcf_image);
diff --git a/x11/kdelibs3/patches/patch-dg b/x11/kdelibs3/patches/patch-dg
new file mode 100644
index 00000000000..3eaefcac86f
--- /dev/null
+++ b/x11/kdelibs3/patches/patch-dg
@@ -0,0 +1,13 @@
+$NetBSD: patch-dg,v 1.1 2005/04/12 11:00:03 drochner Exp $
+
+--- kimgio/xview.cpp.orig 2004-11-22 04:52:18.000000000 +0100
++++ kimgio/xview.cpp
+@@ -62,6 +62,8 @@ KDE_EXPORT void kimgio_xv_read( QImageIO
+
+ // Create the image
+ QImage image( x, y, 8, maxval + 1, QImage::BigEndian );
++ if( image.isNull())
++ return;
+
+ // how do the color handling? they are absolute 24bpp
+ // or at least can be calculated as such.