head 1.3; access; symbols pkgsrc-2017Q3:1.2.0.88 pkgsrc-2017Q3-base:1.2 pkgsrc-2017Q2:1.2.0.84 pkgsrc-2017Q2-base:1.2 pkgsrc-2017Q1:1.2.0.82 pkgsrc-2017Q1-base:1.2 pkgsrc-2016Q4:1.2.0.80 pkgsrc-2016Q4-base:1.2 pkgsrc-2016Q3:1.2.0.78 pkgsrc-2016Q3-base:1.2 pkgsrc-2016Q2:1.2.0.76 pkgsrc-2016Q2-base:1.2 pkgsrc-2016Q1:1.2.0.74 pkgsrc-2016Q1-base:1.2 pkgsrc-2015Q4:1.2.0.72 pkgsrc-2015Q4-base:1.2 pkgsrc-2015Q3:1.2.0.70 pkgsrc-2015Q3-base:1.2 pkgsrc-2015Q2:1.2.0.68 pkgsrc-2015Q2-base:1.2 pkgsrc-2015Q1:1.2.0.66 pkgsrc-2015Q1-base:1.2 pkgsrc-2014Q4:1.2.0.64 pkgsrc-2014Q4-base:1.2 pkgsrc-2014Q3:1.2.0.62 pkgsrc-2014Q3-base:1.2 pkgsrc-2014Q2:1.2.0.60 pkgsrc-2014Q2-base:1.2 pkgsrc-2014Q1:1.2.0.58 pkgsrc-2014Q1-base:1.2 pkgsrc-2013Q4:1.2.0.56 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.54 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.2.0.52 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.2.0.50 pkgsrc-2013Q1-base:1.2 pkgsrc-2012Q4:1.2.0.48 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.2.0.46 pkgsrc-2012Q3-base:1.2 pkgsrc-2012Q2:1.2.0.44 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.42 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.40 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.2.0.38 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.2.0.36 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.2.0.34 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.2.0.32 pkgsrc-2010Q4-base:1.2 pkgsrc-2010Q3:1.2.0.30 pkgsrc-2010Q3-base:1.2 pkgsrc-2010Q2:1.2.0.28 pkgsrc-2010Q2-base:1.2 pkgsrc-2010Q1:1.2.0.26 pkgsrc-2010Q1-base:1.2 pkgsrc-2009Q4:1.2.0.24 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q3:1.2.0.22 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.20 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.18 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.16 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.14 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.12 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.10 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.8 pkgsrc-2008Q1:1.2.0.6 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.4 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.2 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.1.0.4 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.2 pkgsrc-2007Q1-base:1.1; locks; strict; comment @# @; 1.3 date 2017.09.26.10.27.22; author wiz; state dead; branches; next 1.2; commitid 9ARpkXTuh9Wg2H8A; 1.2 date 2007.09.15.12.04.01; author tron; state Exp; branches; next 1.1; 1.1 date 2007.04.06.12.44.38; author markd; state Exp; branches 1.1.4.1; next ; 1.1.4.1 date 2007.09.15.17.27.07; author ghen; state Exp; branches; next ; desc @@ 1.3 log @*: remove qt3 and the packages using it, including KDE3 Announced in https://mail-index.netbsd.org/pkgsrc-users/2017/09/10/msg025556.html @ text @$NetBSD: patch-aq,v 1.2 2007/09/15 12:04:01 tron Exp $ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4137 --- src/codecs/qutfcodec.cpp.orig 2007-02-02 14:01:08.000000000 +0000 +++ src/codecs/qutfcodec.cpp 2007-09-15 12:12:18.000000000 +0100 @@@@ -154,6 +154,7 @@@@ class QUtf8Decoder : public QTextDecoder { uint uc; + uint min_uc; int need; bool headerDone; public: @@@@ -164,11 +165,12 @@@@ QString toUnicode(const char* chars, int len) { QString result; - result.setLength( len ); // worst case + result.setLength( len + 1 ); // worst case QChar *qch = (QChar *)result.unicode(); uchar ch; + int error = -1; for (int i=0; i= 0xd800 && uc <= 0xdfff) || (uc >= 0xfffe)) { + *qch++ = QChar::replacement; } else { if (headerDone || QChar(uc) != QChar::byteOrderMark) *qch++ = uc; @@@@ -190,6 +194,7 @@@@ } } else { // error + i = error; *qch++ = QChar::replacement; need = 0; } @@@@ -200,12 +205,21 @@@@ } else if ((ch & 0xe0) == 0xc0) { uc = ch & 0x1f; need = 1; + error = i; + min_uc = 0x80; } else if ((ch & 0xf0) == 0xe0) { uc = ch & 0x0f; need = 2; + error = i; + min_uc = 0x800; } else if ((ch&0xf8) == 0xf0) { uc = ch & 0x07; need = 3; + error = i; + min_uc = 0x10000; + } else { + // error + *qch++ = QChar::replacement; } } } @ 1.2 log @Fix security vulnerability reported in CVE-2007-4137. Bump package revision. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Fix for CVE-2007-0242. Bump PKGREVISION. @ text @d3 5 a7 2 --- src/codecs/qutfcodec.cpp +++ src/codecs/qutfcodec.cpp d16 6 a21 2 @@@@ -167,8 +168,9 @@@@ result.setLength( len ); // worst case @ 1.1.4.1 log @Pullup ticket 2189 - requested by tron security fix for qt3-libs - pkgsrc/x11/qt3-libs/Makefile 1.67 via patch - pkgsrc/x11/qt3-libs/distinfo 1.46 - pkgsrc/x11/qt3-libs/patches/patch-aq 1.2 Module Name: pkgsrc Committed By: tron Date: Sat Sep 15 12:04:02 UTC 2007 Modified Files: pkgsrc/x11/qt3-libs: Makefile distinfo pkgsrc/x11/qt3-libs/patches: patch-aq Log Message: Fix security vulnerability reported in CVE-2007-4137. Bump package revision. @ text @d1 1 a1 1 $NetBSD: patch-aq,v 1.1 2007/04/06 12:44:38 markd Exp $ d3 2 a4 5 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4137 --- src/codecs/qutfcodec.cpp.orig 2007-02-02 14:01:08.000000000 +0000 +++ src/codecs/qutfcodec.cpp 2007-09-15 12:12:18.000000000 +0100 d13 2 a14 6 @@@@ -164,11 +165,12 @@@@ QString toUnicode(const char* chars, int len) { QString result; - result.setLength( len ); // worst case + result.setLength( len + 1 ); // worst case @