diff options
| author | Michael Nottebrock <lofi@FreeBSD.org> | 2007-07-30 21:53:10 +0000 |
|---|---|---|
| committer | Michael Nottebrock <lofi@FreeBSD.org> | 2007-07-30 21:53:10 +0000 |
| commit | a8f26cf2528829331b50adcf0c3594d662123aae (patch) | |
| tree | e2380040f7ba8f19dbf86e79a2f79cc9ba50273c /devel | |
| parent | 2842f9fe5905cf87bfddba17e501163904d9198f (diff) | |
Fix various format string vulnerabilities in Qt3 and Qt4.
Security: http://trolltech.com/company/newsroom/announcements/press.2007-07-27.750375
Security: CVE-2007-3388
Notes
Notes:
svn path=/head/; revision=196763
Diffstat (limited to 'devel')
| -rw-r--r-- | devel/qt4-assistant/Makefile | 3 | ||||
| -rw-r--r-- | devel/qt4-assistant/files/patch-0185-fix-format-strings.diff | 55 | ||||
| -rw-r--r-- | devel/qt4-corelib/Makefile | 4 | ||||
| -rw-r--r-- | devel/qt4-corelib/files/patch-0185-fix-format-strings.diff | 42 | ||||
| -rw-r--r-- | devel/qt4-designer/Makefile | 3 | ||||
| -rw-r--r-- | devel/qt4-designer/files/patch-0185-fix-format-strings.diff | 26 | ||||
| -rw-r--r-- | devel/qt4-linguist/Makefile | 3 | ||||
| -rw-r--r-- | devel/qt4-linguist/files/patch-0185-fix-format-strings.diff | 14 | ||||
| -rw-r--r-- | devel/qt4-qt3support/Makefile | 3 | ||||
| -rw-r--r-- | devel/qt4-qt3support/files/patch-0185-fix-format-strings.diff | 69 | ||||
| -rw-r--r-- | devel/qt4-qtestlib/Makefile | 3 | ||||
| -rw-r--r-- | devel/qt4-qtestlib/files/patch-0185-fix-format-strings.diff | 15 |
12 files changed, 233 insertions, 7 deletions
diff --git a/devel/qt4-assistant/Makefile b/devel/qt4-assistant/Makefile index 2d7a925fdf79..023e78e550fe 100644 --- a/devel/qt4-assistant/Makefile +++ b/devel/qt4-assistant/Makefile @@ -8,7 +8,7 @@ PORTNAME= assistant PORTVERSION= ${QT4_VERSION} -PORTREVISION=0 +PORTREVISION= 1 CATEGORIES?= devel MASTER_SITES= ${MASTER_SITE_QT} PKGNAMEPREFIX= qt4- @@ -42,6 +42,7 @@ EXTRACT_AFTER_ARGS=| ${TAR} -xf - \ --exclude '${DISTNAME}/tools/qtconfig' --exclude '${DISTNAME}/tools/qvfb' WRKSRC= ${WRKDIR}/${DISTNAME}/tools/${PORTNAME} CONFIGURE_WRKSRC=${WRKSRC}/../../ +PATCH_WRKSRC=${CONFIGURE_WRKSRC} pre-configure: ${CP} ${.CURDIR}/../../devel/qt4/files/configure ${CONFIGURE_WRKSRC} diff --git a/devel/qt4-assistant/files/patch-0185-fix-format-strings.diff b/devel/qt4-assistant/files/patch-0185-fix-format-strings.diff new file mode 100644 index 000000000000..43f4e0a9aaec --- /dev/null +++ b/devel/qt4-assistant/files/patch-0185-fix-format-strings.diff @@ -0,0 +1,55 @@ +--- tools/assistant/config.cpp ++++ tools/assistant/config.cpp +@@ -73,12 +73,12 @@ Config *Config::loadConfig(const QString + + QFile file(profileFileName); + if (!file.exists()) { +- qWarning( (QLatin1String("File does not exist: ") + profileFileName).toAscii().constData() ); ++ qWarning( "File does not exist: %s", qPrintable(profileFileName) ); + return 0; + } + DocuParser *parser = DocuParser::createParser( profileFileName ); + if (!parser) { +- qWarning( (QLatin1String("Failed to create parser for file: ") + profileFileName).toAscii().constData() ); ++ qWarning( "Failed to create parser for file: %s", qPrintable(profileFileName) ); + return 0; + } + if (parser->parserVersion() < DocuParser::Qt320) { +@@ -89,7 +89,7 @@ Config *Config::loadConfig(const QString + parser->parse(&file); + config->profil = profileParser->profile(); + if (!config->profil) { +- qWarning( (QLatin1String("Config::loadConfig(), no profile in: ") + profileFileName).toAscii().constData() ); ++ qWarning( "Config::loadConfig(), no profile in: %s", qPrintable(profileFileName) ); + return 0; + } + config->profil->setProfileType(Profile::UserProfile); +--- tools/assistant/index.cpp ++++ tools/assistant/index.cpp +@@ -180,7 +180,7 @@ void Index::parseDocument( const QString + { + QFile file( filename ); + if ( !file.open(QFile::ReadOnly) ) { +- qWarning( (QLatin1String("can not open file ") + filename).toAscii().constData() ); ++ qWarning( "can not open file %s", qPrintable(filename) ); + return; + } + +@@ -352,7 +352,7 @@ QString Index::getDocumentTitle( const Q + + QFile file( fileName ); + if ( !file.open( QFile::ReadOnly ) ) { +- qWarning( (QLatin1String("cannot open file ") + fileName).toAscii().constData() ); ++ qWarning( "cannot open file %s", qPrintable(fileName) ); + return fileName; + } + QTextStream s( &file ); +@@ -474,7 +474,7 @@ bool Index::searchForPattern( const QStr + QString fName = url.toLocalFile(); + QFile file( fName ); + if ( !file.open( QFile::ReadOnly ) ) { +- qWarning( (QLatin1String("cannot open file ") + fName).toAscii().constData() ); ++ qWarning( "cannot open file %s", qPrintable(fName) ); + return false; + } +
\ No newline at end of file diff --git a/devel/qt4-corelib/Makefile b/devel/qt4-corelib/Makefile index 598a7b9581b7..657e94bd2541 100644 --- a/devel/qt4-corelib/Makefile +++ b/devel/qt4-corelib/Makefile @@ -8,7 +8,7 @@ PORTNAME= corelib PORTVERSION= ${QT4_VERSION} -PORTREVISION=0 +PORTREVISION= 1 CATEGORIES?= devel MASTER_SITES= ${MASTER_SITE_QT} PKGNAMEPREFIX= qt4- @@ -45,7 +45,7 @@ EXTRACT_AFTER_ARGS=| ${TAR} -xf - \ --exclude '${DISTNAME}/tools/qtconfig' --exclude '${DISTNAME}/tools/qvfb' WRKSRC= ${WRKDIR}/${DISTNAME}/src/${PORTNAME} CONFIGURE_WRKSRC=${WRKSRC}/../../ -PATCH_WRKSRC=${WRKSRC}/../../ +PATCH_WRKSRC=${CONFIGURE_WRKSRC} .include <bsd.port.pre.mk> diff --git a/devel/qt4-corelib/files/patch-0185-fix-format-strings.diff b/devel/qt4-corelib/files/patch-0185-fix-format-strings.diff new file mode 100644 index 000000000000..929cc090f089 --- /dev/null +++ b/devel/qt4-corelib/files/patch-0185-fix-format-strings.diff @@ -0,0 +1,42 @@ +--- src/corelib/global/qglobal.h ++++ src/corelib/global/qglobal.h +@@ -1266,8 +1266,16 @@ Q_CORE_EXPORT void qFatal(const char *, + #ifdef QT3_SUPPORT + Q_CORE_EXPORT QT3_SUPPORT void qSystemWarning(const char *msg, int code = -1); + #endif /* QT3_SUPPORT */ +-Q_CORE_EXPORT void qErrnoWarning(int code, const char *msg, ...); +-Q_CORE_EXPORT void qErrnoWarning(const char *msg, ...); ++Q_CORE_EXPORT void qErrnoWarning(int code, const char *msg, ...) ++#if defined(Q_CC_GNU) && !defined(__INSURE__) ++ __attribute__ ((format (printf, 2, 3))) ++#endif ++ ; ++Q_CORE_EXPORT void qErrnoWarning(const char *msg, ...) ++#if defined(Q_CC_GNU) && !defined(__INSURE__) ++ __attribute__ ((format (printf, 1, 2))) ++#endif ++ ; + + #if (defined(QT_NO_DEBUG_OUTPUT) || defined(QT_NO_TEXTSTREAM)) && !defined(QT_NO_DEBUG_STREAM) + #define QT_NO_DEBUG_STREAM +--- src/corelib/tools/qbytearray.h ++++ src/corelib/tools/qbytearray.h +@@ -71,8 +71,16 @@ Q_CORE_EXPORT int qstricmp(const char *, + Q_CORE_EXPORT int qstrnicmp(const char *, const char *, uint len); + + // implemented in qvsnprintf.cpp +-Q_CORE_EXPORT int qvsnprintf(char *str, size_t n, const char *fmt, va_list ap); +-Q_CORE_EXPORT int qsnprintf(char *str, size_t n, const char *fmt, ...); ++Q_CORE_EXPORT int qvsnprintf(char *str, size_t n, const char *fmt, va_list ap) ++#if defined(Q_CC_GNU) && !defined(__INSURE__) ++ __attribute__ ((format (printf, 3, 0))) ++#endif ++ ; ++Q_CORE_EXPORT int qsnprintf(char *str, size_t n, const char *fmt, ...) ++#if defined(Q_CC_GNU) && !defined(__INSURE__) ++ __attribute__ ((format (printf, 3, 4))) ++#endif ++ ; + + #ifdef QT3_SUPPORT + inline QT3_SUPPORT void *qmemmove(void *dst, const void *src, uint len)
\ No newline at end of file diff --git a/devel/qt4-designer/Makefile b/devel/qt4-designer/Makefile index 706cdc1267a6..f1db40c8dad3 100644 --- a/devel/qt4-designer/Makefile +++ b/devel/qt4-designer/Makefile @@ -8,7 +8,7 @@ PORTNAME= designer PORTVERSION= ${QT4_VERSION} -PORTREVISION=0 +PORTREVISION= 1 CATEGORIES?= devel MASTER_SITES= ${MASTER_SITE_QT} PKGNAMEPREFIX= qt4- @@ -41,6 +41,7 @@ EXTRACT_AFTER_ARGS=| ${TAR} -xf - \ --exclude '${DISTNAME}/tools/qtconfig' --exclude '${DISTNAME}/tools/qvfb' WRKSRC= ${WRKDIR}/${DISTNAME}/tools/${PORTNAME} CONFIGURE_WRKSRC=${WRKSRC}/../../ +PATCH_WRKSRC=${CONFIGURE_WRKSRC} pre-configure: ${CP} ${.CURDIR}/../../devel/qt4/files/configure ${CONFIGURE_WRKSRC} diff --git a/devel/qt4-designer/files/patch-0185-fix-format-strings.diff b/devel/qt4-designer/files/patch-0185-fix-format-strings.diff new file mode 100644 index 000000000000..289563024d18 --- /dev/null +++ b/devel/qt4-designer/files/patch-0185-fix-format-strings.diff @@ -0,0 +1,26 @@ +--- tools/designer/src/lib/uilib/formbuilderextra.cpp ++++ tools/designer/src/lib/uilib/formbuilderextra.cpp +@@ -33,9 +33,7 @@ namespace QFormInternal { + #endif + + void uiLibWarning(const QString &message) { +- QString prefixedMessage = QLatin1String("Designer: "); +- prefixedMessage += message; +- qWarning(prefixedMessage.toUtf8().constData()); ++ qWarning("Designer: %s", qPrintable(message)); + } + + QFormBuilderExtra::QFormBuilderExtra() : +--- tools/designer/src/lib/shared/qdesigner_utils.cpp ++++ tools/designer/src/lib/shared/qdesigner_utils.cpp +@@ -40,9 +40,7 @@ namespace qdesigner_internal + { + QDESIGNER_SHARED_EXPORT void designerWarning(const QString &message) + { +- QString prefixedMessage = QLatin1String("Designer: "); +- prefixedMessage += message; +- qWarning(prefixedMessage.toUtf8().constData()); ++ qWarning("Designer: %s", qPrintable(message)); + } + + QString EnumType::id() const
\ No newline at end of file diff --git a/devel/qt4-linguist/Makefile b/devel/qt4-linguist/Makefile index 4941696f0255..f26d6431053b 100644 --- a/devel/qt4-linguist/Makefile +++ b/devel/qt4-linguist/Makefile @@ -8,7 +8,7 @@ PORTNAME= linguist PORTVERSION= ${QT4_VERSION} -PORTREVISION=0 +PORTREVISION= 1 CATEGORIES?= devel MASTER_SITES= ${MASTER_SITE_QT} PKGNAMEPREFIX= qt4- @@ -40,6 +40,7 @@ EXTRACT_AFTER_ARGS=| ${TAR} -xf - \ --exclude '${DISTNAME}/tools/qtconfig' --exclude '${DISTNAME}/tools/qvfb' WRKSRC= ${WRKDIR}/${DISTNAME}/tools/${PORTNAME} CONFIGURE_WRKSRC=${WRKSRC}/../../ +PATCH_WRKSRC=${CONFIGURE_WRKSRC} pre-configure: ${CP} ${.CURDIR}/../../devel/qt4/files/configure ${CONFIGURE_WRKSRC} diff --git a/devel/qt4-linguist/files/patch-0185-fix-format-strings.diff b/devel/qt4-linguist/files/patch-0185-fix-format-strings.diff new file mode 100644 index 000000000000..3dfc822ed00d --- /dev/null +++ b/devel/qt4-linguist/files/patch-0185-fix-format-strings.diff @@ -0,0 +1,14 @@ +--- tools/linguist/shared/profileevaluator.h ++++ tools/linguist/shared/profileevaluator.h +@@ -88,7 +88,11 @@ protected: + + private: + void logMessage(const QString &msg, MessageType mt = MT_DebugLevel2); +- void logMessage(MessageType mt, const char *msg, ...); ++ void logMessage(MessageType mt, const char *msg, ...) ++#if defined(Q_CC_GNU) && !defined(__INSURE__) ++ __attribute__ ((format (printf, 3, 4))) ++#endif ++ ; + QString expandVariableReferences(const QString &value); + QString evaluateExpandFunction(const QByteArray &func, const QString &arguments); diff --git a/devel/qt4-qt3support/Makefile b/devel/qt4-qt3support/Makefile index 473b56cbe5fd..0c8dc2617a3b 100644 --- a/devel/qt4-qt3support/Makefile +++ b/devel/qt4-qt3support/Makefile @@ -8,7 +8,7 @@ PORTNAME= qt3support PORTVERSION= ${QT4_VERSION} -PORTREVISION=0 +PORTREVISION= 1 CATEGORIES?= devel x11-toolkits MASTER_SITES= ${MASTER_SITE_QT} PKGNAMEPREFIX= qt4- @@ -43,6 +43,7 @@ EXTRACT_AFTER_ARGS=| ${TAR} -xf - \ --exclude '${DISTNAME}/tools/qtconfig' --exclude '${DISTNAME}/tools/qvfb' WRKSRC= ${WRKDIR}/${DISTNAME}/src/${PORTNAME} CONFIGURE_WRKSRC=${WRKSRC}/../../ +PATCH_WRKSRC=${CONFIGURE_WRKSRC} .include <bsd.port.pre.mk> diff --git a/devel/qt4-qt3support/files/patch-0185-fix-format-strings.diff b/devel/qt4-qt3support/files/patch-0185-fix-format-strings.diff new file mode 100644 index 000000000000..d6570f036550 --- /dev/null +++ b/devel/qt4-qt3support/files/patch-0185-fix-format-strings.diff @@ -0,0 +1,69 @@ +--- src/qt3support/tools/q3gcache.cpp ++++ src/qt3support/tools/q3gcache.cpp +@@ -622,7 +622,7 @@ void Q3GCache::statistics() const + #if defined(QT_DEBUG) + QString line; + line.fill(QLatin1Char('*'), 80); +- qDebug(line.ascii()); ++ qDebug("%s", line.ascii()); + qDebug("CACHE STATISTICS:"); + qDebug("cache contains %d item%s, with a total cost of %d", + count(), count() != 1 ? "s" : "", tCost); +@@ -643,7 +643,7 @@ void Q3GCache::statistics() const + lruList->dumps != 1 ? "have" : "has", lruList->dumpCosts); + qDebug("Statistics from internal dictionary class:"); + dict->statistics(); +- qDebug(line.ascii()); ++ qDebug("%s", line.ascii()); + #endif + } + +--- src/qt3support/tools/q3gdict.cpp ++++ src/qt3support/tools/q3gdict.cpp +@@ -828,11 +828,11 @@ void Q3GDict::statistics() const + QString line; + line.fill(QLatin1Char('-'), 60); + double real, ideal; +- qDebug(line.ascii()); ++ qDebug("%s", line.ascii()); + qDebug("DICTIONARY STATISTICS:"); + if (count() == 0) { + qDebug("Empty!"); +- qDebug(line.ascii()); ++ qDebug("%s", line.ascii()); + return; + } + real = 0.0; +@@ -853,7 +853,7 @@ void Q3GDict::statistics() const + while (b--) + *pbuf++ = '*'; + *pbuf = '\0'; +- qDebug(buf); ++ qDebug("%s", buf); + i++; + } + qDebug("Array size = %d", size()); +@@ -861,7 +861,7 @@ void Q3GDict::statistics() const + qDebug("Real dist = %g", real); + qDebug("Rand dist = %g", ideal); + qDebug("Real/Rand = %g", real/ideal); +- qDebug(line.ascii()); ++ qDebug("%s", line.ascii()); + #endif // QT_DEBUG + } + +--- src/qt3support/tools/q3cstring.h ++++ src/qt3support/tools/q3cstring.h +@@ -57,7 +57,11 @@ public: + } + + Q3CString copy() const { return *this; } +- Q3CString &sprintf(const char *format, ...); ++ Q3CString &sprintf(const char *format, ...) ++#if defined(Q_CC_GNU) && !defined(__INSURE__) ++ __attribute__ ((format (printf, 2, 3))) ++#endif ++ ; + + Q3CString left(uint len) const { return QByteArray::left(len); } + Q3CString right(uint len) const { return QByteArray::right(len); }
\ No newline at end of file diff --git a/devel/qt4-qtestlib/Makefile b/devel/qt4-qtestlib/Makefile index cb7dd4b4b535..ee5d65d6c9fe 100644 --- a/devel/qt4-qtestlib/Makefile +++ b/devel/qt4-qtestlib/Makefile @@ -8,7 +8,7 @@ PORTNAME= qtestlib PORTVERSION= ${QT4_VERSION} -PORTREVISION=0 +PORTREVISION= 1 CATEGORIES?= devel MASTER_SITES= ${MASTER_SITE_QT} PKGNAMEPREFIX= qt4- @@ -43,6 +43,7 @@ EXTRACT_AFTER_ARGS=| ${TAR} -xf - \ --exclude '${DISTNAME}/tools/qtconfig' --exclude '${DISTNAME}/tools/qvfb' WRKSRC= ${WRKDIR}/${DISTNAME}/tools/${PORTNAME} CONFIGURE_WRKSRC=${WRKSRC}/../../ +PATCH_WRKSRC=${CONFIGURE_WRKSRC} .include <bsd.port.pre.mk> diff --git a/devel/qt4-qtestlib/files/patch-0185-fix-format-strings.diff b/devel/qt4-qtestlib/files/patch-0185-fix-format-strings.diff new file mode 100644 index 000000000000..efe6e3caad19 --- /dev/null +++ b/devel/qt4-qtestlib/files/patch-0185-fix-format-strings.diff @@ -0,0 +1,15 @@ +--- tools/qtestlib/src/qtest_global.h ++++ tools/qtestlib/src/qtest_global.h +@@ -59,7 +59,11 @@ namespace QTest + enum SkipMode { SkipSingle = 1, SkipAll = 2 }; + enum TestFailMode { Abort = 1, Continue = 2 }; + +- int Q_TESTLIB_EXPORT qt_snprintf(char *str, int size, const char *format, ...); ++ int Q_TESTLIB_EXPORT qt_snprintf(char *str, int size, const char *format, ...) ++#if defined(Q_CC_GNU) && !defined(__INSURE__) ++ __attribute__ ((format (printf, 3, 4))) ++#endif ++ ; + } + + QT_END_HEADER
\ No newline at end of file |