head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.42 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.40 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.38 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.36 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.34 pkgsrc-2009Q4-base:1.3 pkgsrc-2008Q4:1.3.0.32 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.30 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.28 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.26 pkgsrc-2008Q2-base:1.3 pkgsrc-2008Q1:1.3.0.24 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.22 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.20 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.18 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.3.0.16 pkgsrc-2007Q1-base:1.3 pkgsrc-2006Q4:1.3.0.14 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.12 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.10 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.8 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.3.0.6 pkgsrc-2005Q4-base:1.3 pkgsrc-2005Q3:1.3.0.4 pkgsrc-2005Q3-base:1.3 pkgsrc-2005Q2:1.3.0.2 pkgsrc-2005Q2-base:1.3 pkgsrc-2005Q1:1.1.0.2; locks; strict; comment @# @; 1.3 date 2005.05.31.14.13.24; author markd; state dead; branches; next 1.2; 1.2 date 2005.05.01.04.35.40; author markd; state Exp; branches; next 1.1; 1.1 date 2005.04.12.11.00.03; author drochner; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.04.12.11.00.03; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.04.16.19.47.33; author salo; state Exp; branches; next 1.1.2.3; 1.1.2.3 date 2005.05.01.22.06.21; author salo; state Exp; branches; next ; desc @@ 1.3 log @Update to KDE 3.4.1 Changes: * kdecore: Fix in command-line argument handler for clicking on mailto urls while kontact was started with arguments * kdecore: Fix the support for Dante proxies * kdecore: Fix the "random resolver failure" problem * kdecore: Fix the support for the IPv6 Blacklist in ioslaves * kdeui: Fix "Change Icon" in the toolbar editor * khtml: Fix submitted position for scrolled imagemaps * khtml: Load external CSS style-sheet with correct charset * khtml: Apply CSS padding to tables * khtml: Improve PRE parsing * khtml: Fix links with WBR tags * khtml: Parse CSS3 pseudo-classes and pseudo-elements more strict * khtml: Fix document.all.item * khtml: Return meaningful HTMLTableCellElement::cellIndex() values * khtml: Unbreak setting of location.href on windows opened by windows.open() * khtml: Various crash fixes * khtml: Fixed infinite loop due to onChange from textareas * khtml: Fix crash in window.setTimeout when Javascript is disabled * khtml: Fix server-side-push handler to accept bugzilla sending "text/html; charset=utf-8" as Content-Type * khtml: Fix for MMB-pasting onto an empty konqueror window * kjs: Allow non-ascii letters in identifiers * kjs: More flexible date string parsing * kjs: Fixes in escape() and unescape() functions * kjs: Fixes in RegExp constructor * kssl: store SSL passwords in the KDE wallet and reuse as needed * kio: KZip: Fixed double-deletion bug when trying to write to a non-writable directory. * kio: Fix for print:/manager not embedding the right part in Konqueror * kio: Use correct window icon in Konqueror when showing trash:/ * kfile: Don't show edit dialog when drop-adding items to sidebar * kfile: If Shift is pressed when menu opens show 'Delete' instead of 'Trash' * kio-http: Prevent endless busy loop * kio-http: Massive speed improvement for deleting Webdav folders * kio-ftp: Try non-passive mode if passive mode fails * kio-ftp: Fix parsing of Netware FTP servers, so that files don't all appear with a lock (no permissions) * kutils: Fixed support for back ref \0 (entire matched text) @ text @$NetBSD: patch-de,v 1.2 2005/05/01 04:35:40 markd Exp $ --- kimgio/xcf.cpp.orig 2004-11-22 16:48:27.000000000 +1300 +++ kimgio/xcf.cpp @@@@ -234,10 +234,10 @@@@ bool XCFImageFormat::loadImageProperties property.readBytes(tag, size); Q_UINT32 flags; - char* data; + char* data=0; property >> flags >> data; - if (strcmp(tag, "gimp-comment") == 0) + if (tag && strncmp(tag, "gimp-comment", strlen("gimp-comment")) == 0) xcf_image.image.setText("Comment", 0, data); delete[] tag; @@@@ -257,6 +257,9 @@@@ bool XCFImageFormat::loadImageProperties case PROP_COLORMAP: property >> xcf_image.num_colors; + if(xcf_image.num_colors < 0 || xcf_image.num_colors > 65535) + return false; + xcf_image.palette.reserve(xcf_image.num_colors); for (int i = 0; i < xcf_image.num_colors; i++) { @@@@ -307,6 +310,9 @@@@ bool XCFImageFormat::loadProperty(QDataS return false; } + if(size > 65535 || size < 4) + return false; + size = 3 * (size - 4) + 4; data = new char[size]; @@@@ -336,19 +342,21 @@@@ bool XCFImageFormat::loadProperty(QDataS } size = 0; - } else - xcf_io.readBytes(data, size); + } else { + xcf_io >> size; + if(size >256000) + return false; + data = new char[size]; + xcf_io.readRawBytes(data, size); + } if (xcf_io.device()->status() != IO_Ok) { kdDebug(399) << "XCF: read failure on property " << type << " data, size " << size << endl; return false; } - if (size != 0) { - bytes.resize(size); - for (uint i = 0; i < size; i++) - bytes[i] = data[i]; - delete[] data; + if (size != 0 && data) { + bytes.assign(data,size); } return true; @@@@ -401,7 +409,8 @@@@ bool XCFImageFormat::loadLayer(QDataStre // Allocate the individual tile QImages based on the size and type // of this layer. - composeTiles(xcf_image); + if( !composeTiles(xcf_image)) + return false; xcf_io.device()->at(layer.hierarchy_offset); // As tiles are loaded, they are copied into the layers tiles by @@@@ -425,7 +434,8 @@@@ bool XCFImageFormat::loadLayer(QDataStre // of the QImage. if (!xcf_image.initialized) { - initializeImage(xcf_image); + if( !initializeImage(xcf_image)) + return false; copyLayerToImage(xcf_image); xcf_image.initialized = true; } else @@@@ -516,7 +526,7 @@@@ bool XCFImageFormat::loadLayerProperties * QImage structures for each of them. * \param xcf_image contains the current layer. */ -void XCFImageFormat::composeTiles(XCFImage& xcf_image) +bool XCFImageFormat::composeTiles(XCFImage& xcf_image) { Layer& layer(xcf_image.layer); @@@@ -556,48 +566,67 @@@@ void XCFImageFormat::composeTiles(XCFIma switch (layer.type) { case RGB_GIMAGE: layer.image_tiles[j][i] = QImage(tile_width, tile_height, 32, 0); + if( layer.image_tiles[j][i].isNull()) + return false; layer.image_tiles[j][i].setAlphaBuffer(false); break; case RGBA_GIMAGE: layer.image_tiles[j][i] = QImage(tile_width, tile_height, 32, 0); + if( layer.image_tiles[j][i].isNull()) + return false; layer.image_tiles[j][i].setAlphaBuffer(true); break; case GRAY_GIMAGE: layer.image_tiles[j][i] = QImage(tile_width, tile_height, 8, 256); + if( layer.image_tiles[j][i].isNull()) + return false; setGrayPalette(layer.image_tiles[j][i]); break; case GRAYA_GIMAGE: layer.image_tiles[j][i] = QImage(tile_width, tile_height, 8, 256); + if( layer.image_tiles[j][i].isNull()) + return false; setGrayPalette(layer.image_tiles[j][i]); layer.alpha_tiles[j][i] = QImage( tile_width, tile_height, 8, 256); + if( layer.alpha_tiles[j][i].isNull()) + return false; setGrayPalette(layer.alpha_tiles[j][i]); break; case INDEXED_GIMAGE: layer.image_tiles[j][i] = QImage(tile_width, tile_height, 8, xcf_image.num_colors); + if( layer.image_tiles[j][i].isNull()) + return false; setPalette(xcf_image, layer.image_tiles[j][i]); break; case INDEXEDA_GIMAGE: layer.image_tiles[j][i] = QImage(tile_width, tile_height,8, xcf_image.num_colors); + if( layer.image_tiles[j][i].isNull()) + return false; setPalette(xcf_image, layer.image_tiles[j][i]); layer.alpha_tiles[j][i] = QImage(tile_width, tile_height, 8, 256); + if( layer.alpha_tiles[j][i].isNull()) + return false; setGrayPalette(layer.alpha_tiles[j][i]); } if (layer.mask_offset != 0) { layer.mask_tiles[j][i] = QImage(tile_width, tile_height, 8, 256); + if( layer.mask_tiles[j][i].isNull()) + return false; setGrayPalette(layer.mask_tiles[j][i]); } } } + return true; } @@@@ -1072,7 +1101,7 @@@@ void XCFImageFormat::assignMaskBytes(Lay * For indexed images, translucency is an all or nothing effect. * \param xcf_image contains image info and bottom-most layer. */ -void XCFImageFormat::initializeImage(XCFImage& xcf_image) +bool XCFImageFormat::initializeImage(XCFImage& xcf_image) { // (Aliases to make the code look a little better.) Layer& layer(xcf_image.layer); @@@@ -1082,12 +1111,16 @@@@ void XCFImageFormat::initializeImage(XCF case RGB_GIMAGE: if (layer.opacity == OPAQUE_OPACITY) { image.create( xcf_image.width, xcf_image.height, 32); + if( image.isNull()) + return false; image.fill(qRgb(255, 255, 255)); break; } // else, fall through to 32-bit representation case RGBA_GIMAGE: image.create(xcf_image.width, xcf_image.height, 32); + if( image.isNull()) + return false; image.fill(qRgba(255, 255, 255, 0)); // Turning this on prevents fill() from affecting the alpha channel, // by the way. @@@@ -1097,6 +1130,8 @@@@ void XCFImageFormat::initializeImage(XCF case GRAY_GIMAGE: if (layer.opacity == OPAQUE_OPACITY) { image.create(xcf_image.width, xcf_image.height, 8, 256); + if( image.isNull()) + return false; setGrayPalette(image); image.fill(255); break; @@@@ -1104,6 +1139,8 @@@@ void XCFImageFormat::initializeImage(XCF case GRAYA_GIMAGE: image.create(xcf_image.width, xcf_image.height, 32); + if( image.isNull()) + return false; image.fill(qRgba(255, 255, 255, 0)); image.setAlphaBuffer(true); break; @@@@ -1125,12 +1162,16 @@@@ void XCFImageFormat::initializeImage(XCF image.create(xcf_image.width, xcf_image.height, 1, xcf_image.num_colors, QImage::LittleEndian); + if( image.isNull()) + return false; image.fill(0); setPalette(xcf_image, image); } else if (xcf_image.num_colors <= 256) { image.create(xcf_image.width, xcf_image.height, 8, xcf_image.num_colors, QImage::LittleEndian); + if( image.isNull()) + return false; image.fill(0); setPalette(xcf_image, image); } @@@@ -1147,6 +1188,8 @@@@ void XCFImageFormat::initializeImage(XCF image.create(xcf_image.width, xcf_image.height, 1, xcf_image.num_colors, QImage::LittleEndian); + if( image.isNull()) + return false; image.fill(0); setPalette(xcf_image, image); image.setAlphaBuffer(true); @@@@ -1160,6 +1203,8 @@@@ void XCFImageFormat::initializeImage(XCF xcf_image.palette[0] = qRgba(255, 255, 255, 0); image.create( xcf_image.width, xcf_image.height, 8, xcf_image.num_colors); + if( image.isNull()) + return false; image.fill(0); setPalette(xcf_image, image); image.setAlphaBuffer(true); @@@@ -1168,6 +1213,8 @@@@ void XCFImageFormat::initializeImage(XCF // true color. (There is no equivalent PNG representation output // from The GIMP as of v1.2.) image.create(xcf_image.width, xcf_image.height, 32); + if( image.isNull()) + return false; image.fill(qRgba(255, 255, 255, 0)); image.setAlphaBuffer(true); } @@@@ -1176,6 +1223,7 @@@@ void XCFImageFormat::initializeImage(XCF image.setDotsPerMeterX((int)(xcf_image.x_resolution * INCHESPERMETER)); image.setDotsPerMeterY((int)(xcf_image.y_resolution * INCHESPERMETER)); + return true; } @ 1.2 log @Apply the official KDE patches for CAN-2005-1046. http://www.kde.org/info/security/advisory-20050421-1.txt Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-de,v 1.1 2005/04/12 11:00:03 drochner Exp $ @ 1.1 log @fix buffer overflow by corrupt PCX files, leading to crashes or code injection, see http://bugs.kde.org/show_bug.cgi?id=102328 bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- kimgio/xcf.cpp.orig 2004-11-22 04:48:27.000000000 +0100 d5 63 a67 1 @@@@ -401,7 +401,8 @@@@ bool XCFImageFormat::loadLayer(QDataStre d77 1 a77 1 @@@@ -425,7 +426,8 @@@@ bool XCFImageFormat::loadLayer(QDataStre d87 1 a87 1 @@@@ -516,7 +518,7 @@@@ bool XCFImageFormat::loadLayerProperties d96 1 a96 1 @@@@ -556,48 +558,67 @@@@ void XCFImageFormat::composeTiles(XCFIma d164 1 a164 1 @@@@ -1072,7 +1093,7 @@@@ void XCFImageFormat::assignMaskBytes(Lay d173 1 a173 1 @@@@ -1082,12 +1103,16 @@@@ void XCFImageFormat::initializeImage(XCF d190 1 a190 1 @@@@ -1097,6 +1122,8 @@@@ void XCFImageFormat::initializeImage(XCF d199 1 a199 1 @@@@ -1104,6 +1131,8 @@@@ void XCFImageFormat::initializeImage(XCF d208 1 a208 1 @@@@ -1125,12 +1154,16 @@@@ void XCFImageFormat::initializeImage(XCF d225 1 a225 1 @@@@ -1147,6 +1180,8 @@@@ void XCFImageFormat::initializeImage(XCF d234 1 a234 1 @@@@ -1160,6 +1195,8 @@@@ void XCFImageFormat::initializeImage(XCF d243 1 a243 1 @@@@ -1168,6 +1205,8 @@@@ void XCFImageFormat::initializeImage(XCF d252 1 a252 1 @@@@ -1176,6 +1215,7 @@@@ void XCFImageFormat::initializeImage(XCF @ 1.1.2.1 log @file patch-de was added on branch pkgsrc-2005Q1 on 2005-04-12 11:00:03 +0000 @ text @d1 197 @ 1.1.2.2 log @Pullup ticket 438 - requested by Matthias Drochner security fix for kdelibs3 Revisions pulled up: - pkgsrc/x11/kdelibs3/patches/patch-da 1.1 - pkgsrc/x11/kdelibs3/patches/patch-db 1.1 - pkgsrc/x11/kdelibs3/patches/patch-dc 1.1 - pkgsrc/x11/kdelibs3/patches/patch-dd 1.1 - pkgsrc/x11/kdelibs3/patches/patch-de 1.1 - pkgsrc/x11/kdelibs3/patches/patch-df 1.1 Due to different versions of KDE on the stable branch and HEAD, rest of the files patched by hand. Module Name: pkgsrc Committed By: drochner Date: Tue Apr 12 11:00:03 UTC 2005 Modified Files: pkgsrc/x11/kdelibs3: Makefile distinfo Added Files: pkgsrc/x11/kdelibs3/patches: patch-da patch-db patch-dc patch-dd patch-de patch-df patch-dg Log Message: fix buffer overflow by corrupt PCX files, leading to crashes or code injection, see http://bugs.kde.org/show_bug.cgi?id=102328 bump PKGREVISION @ text @a0 13 $NetBSD: patch-de,v 1.1.2.1 2005/04/16 19:47:33 salo Exp $ --- kimgio/xview.cpp.orig 2003-09-07 14:17:55.000000000 +0200 +++ kimgio/xview.cpp 2005-04-13 23:34:18.000000000 +0200 @@@@ -60,6 +60,8 @@@@ // Create the image QImage image( x, y, 8, maxval + 1, QImage::BigEndian ); + if( image.isNull()) + return; // how do the color handling? they are absolute 24bpp // or at least can be calculated as such. @ 1.1.2.3 log @Pullup ticket 475 - requested by Mark Davies security fix for kdelibs3 Patch provided by the submitter. Module Name: pkgsrc Committed By: markd Date: Sun May 1 04:35:40 UTC 2005 Modified Files: pkgsrc/x11/kdelibs3: Makefile distinfo pkgsrc/x11/kdelibs3/patches: patch-dc patch-dd patch-de Added Files: pkgsrc/x11/kdelibs3/patches: patch-di patch-dk patch-dl patch-dm patch-dn Log Message: Apply the official KDE patches for CAN-2005-1046. http://www.kde.org/info/security/advisory-20050421-1.txt Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-de,v 1.1.2.2 2005/05/01 22:06:21 salo Exp $ d3 3 a5 37 --- kimgio/xview.cpp.orig 2003-09-08 00:17:55.000000000 +1200 +++ kimgio/xview.cpp @@@@ -7,12 +7,16 @@@@ #include #include +#include #include #include "xview.h" #define BUFSIZE 1024 +static const int b_255_3[]= {0,85,170,255}, // index*255/3 + rg_255_7[]={0,36,72,109,145,182,218,255}; // index *255/7 + void kimgio_xv_read( QImageIO *_imageio ) { int x=-1; @@@@ -48,10 +52,14 @@@@ void kimgio_xv_read( QImageIO *_imageio sscanf(str, "%d %d %d", &x, &y, &maxval); if (maxval != 255) return; + int blocksize = x*y; + if(x < 0 || y < 0 || blocksize < x || blocksize < y) + return; // now follows a binary block of x*y bytes. - int blocksize = x*y; - char *block = new char[ blocksize ]; + char *block = (char*) malloc(blocksize); + if(!block) + return; if (iodev->readBlock(block, blocksize) != blocksize ) { @@@@ -60,6 +68,10 @@@@ void kimgio_xv_read( QImageIO *_imageio d9 1 a9 2 + if( image.isNull()) { + free(block); a10 1 + } a13 39 @@@@ -67,29 +79,9 @@@@ void kimgio_xv_read( QImageIO *_imageio for ( int j = 0; j < 256; j++ ) { -// ----------- OLIVER EIDEN -// That is the old-code ! -/* r = ((int) ((j >> 5) & 0x07)) << 5; - g = ((int) ((j >> 2) & 0x07)) << 5; - b = ((int) ((j >> 0) & 0x03)) << 6;*/ - - -// That is the code-how xv, decode 3-3-2 pixmaps, it is slighly different, -// but yields much better visuals results -/* r = (((int) ((j >> 5) & 0x07)) *255) / 7; - g = (((int) ((j >> 2) & 0x07)) *255) / 7; - b = (((int) ((j >> 0) & 0x03)) *255) / 3;*/ - -// This is the same as xv, with multiplications/divisions replaced by indexing - -// Look-up table to avoid multiplications and divisons - static int b_255_3[]= {0,85,170,255}, // index*255/3 - rg_255_7[]={0,36,72,109,145,182,218,255}; // index *255/7 - r = rg_255_7[((j >> 5) & 0x07)]; g = rg_255_7[((j >> 2) & 0x07)]; b = b_255_3[((j >> 0) & 0x03)]; -// --------------- image.setColor( j, qRgb( r, g, b ) ); } @@@@ -102,7 +94,7 @@@@ void kimgio_xv_read( QImageIO *_imageio _imageio->setImage( image ); _imageio->setStatus( 0 ); - delete [] block; + free(block); return; } @