Fix various format string vulnerabilities in Qt3 and Qt4.

Security:	http://trolltech.com/company/newsroom/announcements/press.2007-07-27.750375
Security:	CVE-2007-3388

2 files changed, 71 insertions, 1 deletions

diff --git a/devel/qt4-qt3support/Makefile b/devel/qt4-qt3support/Makefile
index 473b56cbe5fd..0c8dc2617a3b 100644
--- a/devel/qt4-qt3support/Makefile
+++ b/devel/qt4-qt3support/Makefile
@@ -8,7 +8,7 @@
 
 PORTNAME=	qt3support
 PORTVERSION=	${QT4_VERSION}
-PORTREVISION=0
+PORTREVISION=	1
 CATEGORIES?=	devel x11-toolkits
 MASTER_SITES=	${MASTER_SITE_QT}
 PKGNAMEPREFIX=	qt4-
@@ -43,6 +43,7 @@ EXTRACT_AFTER_ARGS=| ${TAR} -xf - \
 	--exclude '${DISTNAME}/tools/qtconfig' --exclude '${DISTNAME}/tools/qvfb'
 WRKSRC=		${WRKDIR}/${DISTNAME}/src/${PORTNAME}
 CONFIGURE_WRKSRC=${WRKSRC}/../../
+PATCH_WRKSRC=${CONFIGURE_WRKSRC}
 
 .include <bsd.port.pre.mk>
 
diff --git a/devel/qt4-qt3support/files/patch-0185-fix-format-strings.diff b/devel/qt4-qt3support/files/patch-0185-fix-format-strings.diff
new file mode 100644
index 000000000000..d6570f036550
--- /dev/null
+++ b/devel/qt4-qt3support/files/patch-0185-fix-format-strings.diff
@@ -0,0 +1,69 @@
+--- src/qt3support/tools/q3gcache.cpp
++++ src/qt3support/tools/q3gcache.cpp
+@@ -622,7 +622,7 @@ void Q3GCache::statistics() const
+ #if defined(QT_DEBUG)
+     QString line;
+     line.fill(QLatin1Char('*'), 80);
+-    qDebug(line.ascii());
++    qDebug("%s", line.ascii());
+     qDebug("CACHE STATISTICS:");
+     qDebug("cache contains %d item%s, with a total cost of %d",
+ 	   count(), count() != 1 ? "s" : "", tCost);
+@@ -643,7 +643,7 @@ void Q3GCache::statistics() const
+ 	   lruList->dumps != 1 ? "have" : "has", lruList->dumpCosts);
+     qDebug("Statistics from internal dictionary class:");
+     dict->statistics();
+-    qDebug(line.ascii());
++    qDebug("%s", line.ascii());
+ #endif
+ }
+ 
+--- src/qt3support/tools/q3gdict.cpp
++++ src/qt3support/tools/q3gdict.cpp
+@@ -828,11 +828,11 @@ void Q3GDict::statistics() const
+     QString line;
+     line.fill(QLatin1Char('-'), 60);
+     double real, ideal;
+-    qDebug(line.ascii());
++    qDebug("%s", line.ascii());
+     qDebug("DICTIONARY STATISTICS:");
+     if (count() == 0) {
+         qDebug("Empty!");
+-        qDebug(line.ascii());
++        qDebug("%s", line.ascii());
+         return;
+     }
+     real = 0.0;
+@@ -853,7 +853,7 @@ void Q3GDict::statistics() const
+         while (b--)
+             *pbuf++ = '*';
+         *pbuf = '\0';
+-        qDebug(buf);
++        qDebug("%s", buf);
+         i++;
+     }
+     qDebug("Array size = %d", size());
+@@ -861,7 +861,7 @@ void Q3GDict::statistics() const
+     qDebug("Real dist  = %g", real);
+     qDebug("Rand dist  = %g", ideal);
+     qDebug("Real/Rand  = %g", real/ideal);
+-    qDebug(line.ascii());
++    qDebug("%s", line.ascii());
+ #endif // QT_DEBUG
+ }
+ 
+--- src/qt3support/tools/q3cstring.h
++++ src/qt3support/tools/q3cstring.h
+@@ -57,7 +57,11 @@ public:
+     }
+ 
+     Q3CString        copy()        const { return *this; }
+-    Q3CString    &sprintf(const char *format, ...);
++    Q3CString    &sprintf(const char *format, ...)
++#if defined(Q_CC_GNU) && !defined(__INSURE__)
++        __attribute__ ((format (printf, 2, 3)))
++#endif
++        ;
+ 
+     Q3CString        left(uint len)  const { return QByteArray::left(len); }
+     Q3CString        right(uint len) const { return QByteArray::right(len); }
\ No newline at end of file