[pkgsrc/trunk]: pkgsrc/x11/qt3-libs Add a patch for CVE-2006-4811 (integer ov...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/831c3508ff0b
branches:  trunk
changeset: 520330:831c3508ff0b
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Thu Oct 19 12:58:12 2006 +0000

description:
Add a patch for CVE-2006-4811 (integer overflow in image handling).
The patch was proposed in
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742, but this is
appearently not what Redhat does -- they have an update for kdelibs, but
don't tell details.
The patch helps for me, so put it in, at least until we know more.

diffstat:

 x11/qt3-libs/Makefile         |   4 ++--
 x11/qt3-libs/distinfo         |   3 ++-
 x11/qt3-libs/patches/patch-ja |  29 +++++++++++++++++++++++++++++
 3 files changed, 33 insertions(+), 3 deletions(-)

diffs (60 lines):

diff -r efa030001689 -r 831c3508ff0b x11/qt3-libs/Makefile
--- a/x11/qt3-libs/Makefile     Thu Oct 19 11:53:10 2006 +0000
+++ b/x11/qt3-libs/Makefile     Thu Oct 19 12:58:12 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.55 2006/07/26 13:30:24 joerg Exp $
+# $NetBSD: Makefile,v 1.56 2006/10/19 12:58:12 drochner Exp $
 
 PKGNAME=       qt3-libs-${QTVERSION}
-PKGREVISION=   2
+PKGREVISION=   3
 MAINTAINER=    adam%NetBSD.org@localhost
 COMMENT=       C++ X GUI toolkit
 
diff -r efa030001689 -r 831c3508ff0b x11/qt3-libs/distinfo
--- a/x11/qt3-libs/distinfo     Thu Oct 19 11:53:10 2006 +0000
+++ b/x11/qt3-libs/distinfo     Thu Oct 19 12:58:12 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.38 2006/07/27 11:54:09 joerg Exp $
+$NetBSD: distinfo,v 1.39 2006/10/19 12:58:12 drochner Exp $
 
 SHA1 (qt-x11-free-3.3.6.tar.bz2) = bbb075054b8a2923a8a7f5afff1c4c7a8bf5a946
 RMD160 (qt-x11-free-3.3.6.tar.bz2) = 84c0b6bc6dc727d40a5a8df29a81aafc743c0161
@@ -22,3 +22,4 @@
 SHA1 (patch-bd) = a116ecf305ee5b5338bf84cb908d695f3baea830
 SHA1 (patch-ia) = 62c50fe48b9ff1ce9fb757b432c8b1db7693e112
 SHA1 (patch-ib) = b15936b85b2b1946e8c9a92bf393c3d3a1fc6950
+SHA1 (patch-ja) = e56e1b092effb53937035f3004c563ad6fd87f89
diff -r efa030001689 -r 831c3508ff0b x11/qt3-libs/patches/patch-ja
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/qt3-libs/patches/patch-ja     Thu Oct 19 12:58:12 2006 +0000
@@ -0,0 +1,29 @@
+$NetBSD: patch-ja,v 1.1 2006/10/19 12:58:12 drochner Exp $
+
+--- src/kernel/qpixmap_x11.cpp.orig    2006-10-19 13:06:42.000000000 +0200
++++ src/kernel/qpixmap_x11.cpp
+@@ -1757,6 +1757,12 @@ QPixmap QPixmap::xForm( const QWMatrix &
+       dbpl = ((w*bpp+31)/32)*4;
+     dbytes = dbpl*h;
+ 
++    if (dbytes != (long long) dbpl*h) { // Integer overflow detection
++      QPixmap pm;
++      pm.data->bitmap = data->bitmap;
++      return pm;
++    }
++
+ #if defined(QT_MITSHM)
+     if ( use_mitshm ) {
+       dptr = (uchar *)xshmimg->data;
+@@ -1866,6 +1872,11 @@ QPixmap QPixmap::xForm( const QWMatrix &
+               sptr = (uchar *) axi->data;
+               bpp  = axi->bits_per_pixel;
+               dbytes = dbpl * h;
++              if (dbytes != (long long) dbpl*h) { // Integer overflow detection
++                  QPixmap pm;
++                  pm.data->bitmap = data->bitmap;
++                  return pm;
++              }
+               dptr = (uchar *) malloc(dbytes);
+               Q_CHECK_PTR( dptr );
+               memset(dptr, 0, dbytes);