From ce63eafe1e493850dfc6e2e4cac9c8ab0ca90864 Mon Sep 17 00:00:00 2001 From: lofi Date: Mon, 30 Jul 2007 21:53:10 +0000 Subject: Fix various format string vulnerabilities in Qt3 and Qt4. Security: http://trolltech.com/company/newsroom/announcements/press.2007-07-27.750375 Security: CVE-2007-3388 --- x11-toolkits/qt4-gui/Makefile | 3 ++- .../files/patch-0185-fix-format-strings.diff | 29 ++++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 x11-toolkits/qt4-gui/files/patch-0185-fix-format-strings.diff (limited to 'x11-toolkits/qt4-gui') diff --git a/x11-toolkits/qt4-gui/Makefile b/x11-toolkits/qt4-gui/Makefile index b00393eff1af..9433e4b16a3e 100644 --- a/x11-toolkits/qt4-gui/Makefile +++ b/x11-toolkits/qt4-gui/Makefile @@ -8,7 +8,7 @@ PORTNAME= gui PORTVERSION= ${QT4_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES?= x11-toolkits MASTER_SITES= ${MASTER_SITE_QT} PKGNAMEPREFIX= qt4- @@ -46,6 +46,7 @@ EXTRACT_AFTER_ARGS=| ${TAR} -xf - \ --exclude '${DISTNAME}/tools/qtconfig' --exclude '${DISTNAME}/tools/qvfb' WRKSRC= ${WRKDIR}/${DISTNAME}/src/${PORTNAME} CONFIGURE_WRKSRC=${WRKSRC}/../../ +PATCH_WRKSRC=${CONFIGURE_WRKSRC} OPTIONS= CUPS "Enable printing support (requires CUPS)" off \ NAS "Enable sound support (requires NAS)" off diff --git a/x11-toolkits/qt4-gui/files/patch-0185-fix-format-strings.diff b/x11-toolkits/qt4-gui/files/patch-0185-fix-format-strings.diff new file mode 100644 index 000000000000..ce23edfdf7b9 --- /dev/null +++ b/x11-toolkits/qt4-gui/files/patch-0185-fix-format-strings.diff @@ -0,0 +1,29 @@ +--- src/gui/painting/qprintengine_pdf_p.h ++++ src/gui/painting/qprintengine_pdf_p.h +@@ -148,7 +148,11 @@ private: + void writePage(); + + int addXrefEntry(int object, bool printostr = true); +- void xprintf(const char* fmt, ...); ++ void xprintf(const char* fmt, ...) ++#if defined(Q_CC_GNU) && !defined(__INSURE__) ++ __attribute__ ((format (printf, 2, 3))) ++#endif ++ ; + inline void write(const QByteArray &data) { + stream->writeRawData(data.constData(), data.size()); + streampos += data.size(); +--- src/gui/painting/qprintengine_pdf.cpp ++++ src/gui/painting/qprintengine_pdf.cpp +@@ -386,9 +386,8 @@ int QPdfEnginePrivate::addConstantAlphaO + object = addXrefEntry(-1); + QByteArray alphaDef; + QPdf::ByteStream s(&alphaDef); +- s << "<< /ca " << (alpha/qreal(255.)) << ">>\n"; +- xprintf(alphaDef.constData()); +- xprintf("endobj\n"); ++ s << "<< /ca " << (alpha/qreal(255.)) << ">>"; ++ xprintf("%s\nendobj\n", alphaDef.constData()); + } + currentPage->graphicStates.append(object); + return object; \ No newline at end of file -- cgit