- Fix an integer overflow vulnerability in Qt and kdelibs

- Bump PORTREVISIONs

Approved by:	portmgr (erwin)
Security:	CVE-2006-4811
Security:	https://rhn.redhat.com/errata/RHSA-2006-0720.html

2 files changed, 15 insertions, 1 deletions

diff --git a/x11/kdelibs4/Makefile b/x11/kdelibs4/Makefile
index 00ae1a11b738..ecafb51987c7 100644
--- a/x11/kdelibs4/Makefile
+++ b/x11/kdelibs4/Makefile
@@ -8,7 +8,7 @@
 
 PORTNAME=	kdelibs
 PORTVERSION=	${KDE_VERSION}
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	x11 kde
 MASTER_SITES=	${MASTER_SITE_KDE}
 MASTER_SITE_SUBDIR=	stable/${PORTVERSION:S/.0//}/src
diff --git a/x11/kdelibs4/files/patch-CVE-2006-4811 b/x11/kdelibs4/files/patch-CVE-2006-4811
new file mode 100644
index 000000000000..8a9c8dfebb57
--- /dev/null
+++ b/x11/kdelibs4/files/patch-CVE-2006-4811
@@ -0,0 +1,14 @@
+Index: khtml/rendering/render_image.cpp
+===================================================================
+--- khtml/rendering/render_image.cpp	(revision 594232)
++++ khtml/rendering/render_image.cpp	(working copy)
+@@ -294,7 +294,8 @@ void RenderImage::paint(PaintInfo& paint
+         if ( (cWidth != intrinsicWidth() ||  cHeight != intrinsicHeight()) &&
+              pix.width() > 0 && pix.height() > 0 && i->valid_rect().isValid())
+         {
+-            if (resizeCache.isNull() && cWidth && cHeight && intrinsicWidth() && intrinsicHeight())
++            if (resizeCache.isNull() && cWidth > 0 && cHeight > 0 && intrinsicWidth() && intrinsicHeight()
++                    && cWidth < 4096 && cHeight < 4096)
+             {
+                 QRect scaledrect(i->valid_rect());
+ //                 kdDebug(6040) << "time elapsed: " << dt->elapsed() << endl;