diff options
author | drochner <drochner@pkgsrc.org> | 2005-04-12 11:00:03 +0000 |
---|---|---|
committer | drochner <drochner@pkgsrc.org> | 2005-04-12 11:00:03 +0000 |
commit | 5ca2a5812defd0173cc257f03898571a82d59b5d (patch) | |
tree | 1a21bac34dad059b32d5fb99b5800148854b493a | |
parent | d73a537ea5a7cf28dcb013732b3842603e3b4463 (diff) | |
download | pkgsrc-5ca2a5812defd0173cc257f03898571a82d59b5d.tar.gz |
fix buffer overflow by corrupt PCX files, leading to crashes or code
injection, see http://bugs.kde.org/show_bug.cgi?id=102328
bump PKGREVISION
-rw-r--r-- | x11/kdelibs3/Makefile | 3 | ||||
-rw-r--r-- | x11/kdelibs3/distinfo | 9 | ||||
-rw-r--r-- | x11/kdelibs3/patches/patch-da | 13 | ||||
-rw-r--r-- | x11/kdelibs3/patches/patch-db | 16 | ||||
-rw-r--r-- | x11/kdelibs3/patches/patch-dc | 44 | ||||
-rw-r--r-- | x11/kdelibs3/patches/patch-dd | 14 | ||||
-rw-r--r-- | x11/kdelibs3/patches/patch-de | 197 | ||||
-rw-r--r-- | x11/kdelibs3/patches/patch-df | 22 | ||||
-rw-r--r-- | x11/kdelibs3/patches/patch-dg | 13 |
9 files changed, 329 insertions, 2 deletions
diff --git a/x11/kdelibs3/Makefile b/x11/kdelibs3/Makefile index 1b30e5c29cf..d7b67a8ef39 100644 --- a/x11/kdelibs3/Makefile +++ b/x11/kdelibs3/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.80 2005/04/11 21:48:11 tv Exp $ +# $NetBSD: Makefile,v 1.81 2005/04/12 11:00:03 drochner Exp $ DISTNAME= kdelibs-${_KDE_VERSION} +PKGREVISION= 1 CATEGORIES= x11 COMMENT= Support libraries for the KDE integrated X11 desktop diff --git a/x11/kdelibs3/distinfo b/x11/kdelibs3/distinfo index d6731a15482..93a70dc1d49 100644 --- a/x11/kdelibs3/distinfo +++ b/x11/kdelibs3/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.52 2005/03/23 21:37:48 markd Exp $ +$NetBSD: distinfo,v 1.53 2005/04/12 11:00:03 drochner Exp $ SHA1 (kdelibs-3.4.0.tar.bz2) = ca3ded4105a500dae5170ccf85cd62af98b33961 RMD160 (kdelibs-3.4.0.tar.bz2) = 75917f60d115d770b5a8aa3922591e118c6bfdf0 @@ -18,3 +18,10 @@ SHA1 (patch-cc) = 3b9024081a1727a925b5e3237378d8b2fc37bb4c SHA1 (patch-ce) = e9f7a348b0e4be1475ba8f56a8b474f139eb7781 SHA1 (patch-cf) = 0409b64ee00f355bfc2056e596b519a241fcf522 SHA1 (patch-cg) = e68fc3f4147b1c4760669318319e59bcf67cea51 +SHA1 (patch-da) = f84186eb73af08023f7d9960c2086a60d5042e14 +SHA1 (patch-db) = 3235276a2aad256e59d2c83d49785cb672433abc +SHA1 (patch-dc) = c4976f2883d35d7dd366c356eeac07d17d672068 +SHA1 (patch-dd) = 161bf22a8e4178fd01e08f98be3a6534a6c74895 +SHA1 (patch-de) = 6765fbda3d248e164d5694fe54fb85c7a28d6a34 +SHA1 (patch-df) = 4c7c73e8942e6842f58420bbe5b9491e7116002d +SHA1 (patch-dg) = de05b75ab2f7d41fb0feaccd74cb460ef8a3412c diff --git a/x11/kdelibs3/patches/patch-da b/x11/kdelibs3/patches/patch-da new file mode 100644 index 00000000000..71fbac3c602 --- /dev/null +++ b/x11/kdelibs3/patches/patch-da @@ -0,0 +1,13 @@ +$NetBSD: patch-da,v 1.1 2005/04/12 11:00:03 drochner Exp $ + +--- kimgio/exr.cpp.orig 2004-11-22 04:48:27.000000000 +0100 ++++ kimgio/exr.cpp +@@ -136,6 +136,8 @@ KDE_EXPORT void kimgio_exr_read( QImageI + file.readPixels (dw.min.y, dw.max.y); + + QImage image(width, height, 32, 0, QImage::BigEndian); ++ if( image.isNull()) ++ return; + + // somehow copy pixels into image + for ( int y=0; y < height; y++ ) { diff --git a/x11/kdelibs3/patches/patch-db b/x11/kdelibs3/patches/patch-db new file mode 100644 index 00000000000..6eb9cc1c06b --- /dev/null +++ b/x11/kdelibs3/patches/patch-db @@ -0,0 +1,16 @@ +$NetBSD: patch-db,v 1.1 2005/04/12 11:00:03 drochner Exp $ + +--- kimgio/jp2.cpp.orig 2004-11-22 04:48:27.000000000 +0100 ++++ kimgio/jp2.cpp +@@ -157,8 +157,9 @@ namespace { + void + draw_view_gray( gs_t& gs, QImage& qti ) + { +- qti.create( jas_image_width( gs.image ), jas_image_height( gs.image ), +- 8, 256 ); ++ if( !qti.create( jas_image_width( gs.image ), jas_image_height( gs.image ), ++ 8, 256 )) ++ return; + for( int i = 0; i < 256; ++i ) + qti.setColor( i, qRgb( i, i, i ) ); + diff --git a/x11/kdelibs3/patches/patch-dc b/x11/kdelibs3/patches/patch-dc new file mode 100644 index 00000000000..eb84c4b0013 --- /dev/null +++ b/x11/kdelibs3/patches/patch-dc @@ -0,0 +1,44 @@ +$NetBSD: patch-dc,v 1.1 2005/04/12 11:00:03 drochner Exp $ + +--- kimgio/pcx.cpp.orig 2004-11-22 04:48:27.000000000 +0100 ++++ kimgio/pcx.cpp +@@ -134,7 +134,8 @@ static void readImage1( QDataStream &s ) + { + QByteArray buf( header.BytesPerLine ); + +- img.create( w, h, 1, 2, QImage::BigEndian ); ++ if( !img.create( w, h, 1, 2, QImage::BigEndian )) ++ return; + + for ( int y=0; y<h; ++y ) + { +@@ -160,7 +161,8 @@ static void readImage4( QDataStream &s ) + QByteArray buf( header.BytesPerLine*4 ); + QByteArray pixbuf( w ); + +- img.create( w, h, 8, 16, QImage::IgnoreEndian ); ++ if( !img.create( w, h, 8, 16, QImage::IgnoreEndian )) ++ return; + + for ( int y=0; y<h; ++y ) + { +@@ -196,7 +198,8 @@ static void readImage8( QDataStream &s ) + { + QByteArray buf( header.BytesPerLine ); + +- img.create( w, h, 8, 256, QImage::IgnoreEndian ); ++ if( !img.create( w, h, 8, 256, QImage::IgnoreEndian )) ++ return; + + for ( int y=0; y<h; ++y ) + { +@@ -236,7 +239,8 @@ static void readImage24( QDataStream &s + QByteArray g_buf( header.BytesPerLine ); + QByteArray b_buf( header.BytesPerLine ); + +- img.create( w, h, 32 ); ++ if( !img.create( w, h, 32 )) ++ return; + + for ( int y=0; y<h; ++y ) + { diff --git a/x11/kdelibs3/patches/patch-dd b/x11/kdelibs3/patches/patch-dd new file mode 100644 index 00000000000..e56dc386f43 --- /dev/null +++ b/x11/kdelibs3/patches/patch-dd @@ -0,0 +1,14 @@ +$NetBSD: patch-dd,v 1.1 2005/04/12 11:00:03 drochner Exp $ + +--- kimgio/tiffr.cpp.orig 2004-11-22 04:52:18.000000000 +0100 ++++ kimgio/tiffr.cpp +@@ -84,6 +84,9 @@ KDE_EXPORT void kimgio_tiff_read( QImage + return; + + QImage image( width, height, 32 ); ++ if( image.isNull()) { ++ return; ++ } + data = (uint32 *)image.bits(); + + //Sven: changed to %ld for 64bit machines diff --git a/x11/kdelibs3/patches/patch-de b/x11/kdelibs3/patches/patch-de new file mode 100644 index 00000000000..39595bfd53e --- /dev/null +++ b/x11/kdelibs3/patches/patch-de @@ -0,0 +1,197 @@ +$NetBSD: patch-de,v 1.1 2005/04/12 11:00:03 drochner Exp $ + +--- kimgio/xcf.cpp.orig 2004-11-22 04:48:27.000000000 +0100 ++++ kimgio/xcf.cpp +@@ -401,7 +401,8 @@ bool XCFImageFormat::loadLayer(QDataStre + // Allocate the individual tile QImages based on the size and type + // of this layer. + +- composeTiles(xcf_image); ++ if( !composeTiles(xcf_image)) ++ return false; + xcf_io.device()->at(layer.hierarchy_offset); + + // As tiles are loaded, they are copied into the layers tiles by +@@ -425,7 +426,8 @@ bool XCFImageFormat::loadLayer(QDataStre + // of the QImage. + + if (!xcf_image.initialized) { +- initializeImage(xcf_image); ++ if( !initializeImage(xcf_image)) ++ return false; + copyLayerToImage(xcf_image); + xcf_image.initialized = true; + } else +@@ -516,7 +518,7 @@ bool XCFImageFormat::loadLayerProperties + * QImage structures for each of them. + * \param xcf_image contains the current layer. + */ +-void XCFImageFormat::composeTiles(XCFImage& xcf_image) ++bool XCFImageFormat::composeTiles(XCFImage& xcf_image) + { + Layer& layer(xcf_image.layer); + +@@ -556,48 +558,67 @@ void XCFImageFormat::composeTiles(XCFIma + switch (layer.type) { + case RGB_GIMAGE: + layer.image_tiles[j][i] = QImage(tile_width, tile_height, 32, 0); ++ if( layer.image_tiles[j][i].isNull()) ++ return false; + layer.image_tiles[j][i].setAlphaBuffer(false); + break; + + case RGBA_GIMAGE: + layer.image_tiles[j][i] = QImage(tile_width, tile_height, 32, 0); ++ if( layer.image_tiles[j][i].isNull()) ++ return false; + layer.image_tiles[j][i].setAlphaBuffer(true); + break; + + case GRAY_GIMAGE: + layer.image_tiles[j][i] = QImage(tile_width, tile_height, 8, 256); ++ if( layer.image_tiles[j][i].isNull()) ++ return false; + setGrayPalette(layer.image_tiles[j][i]); + break; + + case GRAYA_GIMAGE: + layer.image_tiles[j][i] = QImage(tile_width, tile_height, 8, 256); ++ if( layer.image_tiles[j][i].isNull()) ++ return false; + setGrayPalette(layer.image_tiles[j][i]); + + layer.alpha_tiles[j][i] = QImage( tile_width, tile_height, 8, 256); ++ if( layer.alpha_tiles[j][i].isNull()) ++ return false; + setGrayPalette(layer.alpha_tiles[j][i]); + break; + + case INDEXED_GIMAGE: + layer.image_tiles[j][i] = QImage(tile_width, tile_height, 8, + xcf_image.num_colors); ++ if( layer.image_tiles[j][i].isNull()) ++ return false; + setPalette(xcf_image, layer.image_tiles[j][i]); + break; + + case INDEXEDA_GIMAGE: + layer.image_tiles[j][i] = QImage(tile_width, tile_height,8, + xcf_image.num_colors); ++ if( layer.image_tiles[j][i].isNull()) ++ return false; + setPalette(xcf_image, layer.image_tiles[j][i]); + + layer.alpha_tiles[j][i] = QImage(tile_width, tile_height, 8, 256); ++ if( layer.alpha_tiles[j][i].isNull()) ++ return false; + setGrayPalette(layer.alpha_tiles[j][i]); + } + + if (layer.mask_offset != 0) { + layer.mask_tiles[j][i] = QImage(tile_width, tile_height, 8, 256); ++ if( layer.mask_tiles[j][i].isNull()) ++ return false; + setGrayPalette(layer.mask_tiles[j][i]); + } + } + } ++ return true; + } + + +@@ -1072,7 +1093,7 @@ void XCFImageFormat::assignMaskBytes(Lay + * For indexed images, translucency is an all or nothing effect. + * \param xcf_image contains image info and bottom-most layer. + */ +-void XCFImageFormat::initializeImage(XCFImage& xcf_image) ++bool XCFImageFormat::initializeImage(XCFImage& xcf_image) + { + // (Aliases to make the code look a little better.) + Layer& layer(xcf_image.layer); +@@ -1082,12 +1103,16 @@ void XCFImageFormat::initializeImage(XCF + case RGB_GIMAGE: + if (layer.opacity == OPAQUE_OPACITY) { + image.create( xcf_image.width, xcf_image.height, 32); ++ if( image.isNull()) ++ return false; + image.fill(qRgb(255, 255, 255)); + break; + } // else, fall through to 32-bit representation + + case RGBA_GIMAGE: + image.create(xcf_image.width, xcf_image.height, 32); ++ if( image.isNull()) ++ return false; + image.fill(qRgba(255, 255, 255, 0)); + // Turning this on prevents fill() from affecting the alpha channel, + // by the way. +@@ -1097,6 +1122,8 @@ void XCFImageFormat::initializeImage(XCF + case GRAY_GIMAGE: + if (layer.opacity == OPAQUE_OPACITY) { + image.create(xcf_image.width, xcf_image.height, 8, 256); ++ if( image.isNull()) ++ return false; + setGrayPalette(image); + image.fill(255); + break; +@@ -1104,6 +1131,8 @@ void XCFImageFormat::initializeImage(XCF + + case GRAYA_GIMAGE: + image.create(xcf_image.width, xcf_image.height, 32); ++ if( image.isNull()) ++ return false; + image.fill(qRgba(255, 255, 255, 0)); + image.setAlphaBuffer(true); + break; +@@ -1125,12 +1154,16 @@ void XCFImageFormat::initializeImage(XCF + image.create(xcf_image.width, xcf_image.height, + 1, xcf_image.num_colors, + QImage::LittleEndian); ++ if( image.isNull()) ++ return false; + image.fill(0); + setPalette(xcf_image, image); + } else if (xcf_image.num_colors <= 256) { + image.create(xcf_image.width, xcf_image.height, + 8, xcf_image.num_colors, + QImage::LittleEndian); ++ if( image.isNull()) ++ return false; + image.fill(0); + setPalette(xcf_image, image); + } +@@ -1147,6 +1180,8 @@ void XCFImageFormat::initializeImage(XCF + image.create(xcf_image.width, xcf_image.height, + 1, xcf_image.num_colors, + QImage::LittleEndian); ++ if( image.isNull()) ++ return false; + image.fill(0); + setPalette(xcf_image, image); + image.setAlphaBuffer(true); +@@ -1160,6 +1195,8 @@ void XCFImageFormat::initializeImage(XCF + xcf_image.palette[0] = qRgba(255, 255, 255, 0); + image.create( xcf_image.width, xcf_image.height, + 8, xcf_image.num_colors); ++ if( image.isNull()) ++ return false; + image.fill(0); + setPalette(xcf_image, image); + image.setAlphaBuffer(true); +@@ -1168,6 +1205,8 @@ void XCFImageFormat::initializeImage(XCF + // true color. (There is no equivalent PNG representation output + // from The GIMP as of v1.2.) + image.create(xcf_image.width, xcf_image.height, 32); ++ if( image.isNull()) ++ return false; + image.fill(qRgba(255, 255, 255, 0)); + image.setAlphaBuffer(true); + } +@@ -1176,6 +1215,7 @@ void XCFImageFormat::initializeImage(XCF + + image.setDotsPerMeterX((int)(xcf_image.x_resolution * INCHESPERMETER)); + image.setDotsPerMeterY((int)(xcf_image.y_resolution * INCHESPERMETER)); ++ return true; + } + + diff --git a/x11/kdelibs3/patches/patch-df b/x11/kdelibs3/patches/patch-df new file mode 100644 index 00000000000..6b8fef849fe --- /dev/null +++ b/x11/kdelibs3/patches/patch-df @@ -0,0 +1,22 @@ +$NetBSD: patch-df,v 1.1 2005/04/12 11:00:03 drochner Exp $ + +--- kimgio/xcf.h.orig 2004-08-13 20:31:44.000000000 +0200 ++++ kimgio/xcf.h +@@ -176,7 +176,7 @@ private: + bool loadProperty(QDataStream& xcf_io, PropType& type, QByteArray& bytes); + bool loadLayer(QDataStream& xcf_io, XCFImage& xcf_image); + bool loadLayerProperties(QDataStream& xcf_io, Layer& layer); +- void composeTiles(XCFImage& xcf_image); ++ bool composeTiles(XCFImage& xcf_image); + void setGrayPalette(QImage& image); + void setPalette(XCFImage& xcf_image, QImage& image); + static void assignImageBytes(Layer& layer, uint i, uint j); +@@ -185,7 +185,7 @@ private: + static void assignMaskBytes(Layer& layer, uint i, uint j); + bool loadMask(QDataStream& xcf_io, Layer& layer); + bool loadChannelProperties(QDataStream& xcf_io, Layer& layer); +- void initializeImage(XCFImage& xcf_image); ++ bool initializeImage(XCFImage& xcf_image); + bool loadTileRLE(QDataStream& xcf_io, uchar* tile, int size, + int data_length, Q_INT32 bpp); + static void copyLayerToImage(XCFImage& xcf_image); diff --git a/x11/kdelibs3/patches/patch-dg b/x11/kdelibs3/patches/patch-dg new file mode 100644 index 00000000000..3eaefcac86f --- /dev/null +++ b/x11/kdelibs3/patches/patch-dg @@ -0,0 +1,13 @@ +$NetBSD: patch-dg,v 1.1 2005/04/12 11:00:03 drochner Exp $ + +--- kimgio/xview.cpp.orig 2004-11-22 04:52:18.000000000 +0100 ++++ kimgio/xview.cpp +@@ -62,6 +62,8 @@ KDE_EXPORT void kimgio_xv_read( QImageIO + + // Create the image + QImage image( x, y, 8, maxval + 1, QImage::BigEndian ); ++ if( image.isNull()) ++ return; + + // how do the color handling? they are absolute 24bpp + // or at least can be calculated as such. |