from RH advisory: An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in the Konqueror browser would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the victim. (CVE-2006-4811)
Created attachment 99949 [details, diff] Qt patch This seems to be the patch from redhat, but it's for qt not for kdelibs, why did they release kdelibs packages, it's something I don't understand.
I've added the patch in Qt 3.3.6-r3, but I cannot test it myself currently (emerge -e world in progress). The bug was confirmed on Qt-copy, on Arch and KUbuntu too. http://bugzilla.redhat.com/bugzilla/attachment.cgi?id=138488 is a good testcase to see if the patch works, for arch teams testing. Can someone confirm if the patch works?
Confirming that the patch added to Qt 3.3.6-r3 fixes the exploit.
arches, pls test x11-libs/qt-3.3.6-r3 and mark stable if possible amd64, what about app-emulation/emul-linux-x86-qtlibs, I guess it should be fixed too?
adding qt herd what about qt-4* btw?
All the qt herd members are inside the kde herd.
Leave qt there for queries at least.
ppc64 stable
-r3 needs media-libs/libmng 1.0.9 at least...which version shall we take? -r0 or -r1? The latter is not in Portage for 30 days, but fixes some issues. KDE/Qt, please advise.
1. used media-libs/libmng-1.0.9-r1 as dependency, which emerges fine, but: 1.1 QA Notice: USE Flag 'jpeg' not in IUSE for media-libs/libmng-1.0.9-r1 2. emerges fine on x86 3. passes collision test 4. revdep-rebuild shows nothing broken, kile recompiled fine and kde still works x11-libs/qt-3.3.6-r3 USE="cups gif ipv6 opengl -debug -doc -examples -firebird -immqt -immqt-bc -mysql -nas -nis -odbc -postgres -sqlite -xinerama" Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.18.1 i686) ================================================================= System uname: 2.6.18.1 i686 Genuine Intel(R) CPU T2300 @ 1.66GHz Gentoo Base System version 1.12.5 Last Sync: Wed, 18 Oct 2006 19:50:01 +0000 ccache version 2.3 [disabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.30 dev-lang/python: 2.3.5-r3, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r4 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner" FEATURES="autoconfig collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LINGUAS="en de en_GB de_CH" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="x86 X a52 aac acpi alsa apache2 asf berkdb bitmap-fonts cairo cdr cdrom cli cracklib crypt cups dbus divx dlloader dri dts dvd dvdr dvdread eds elibc_glibc emboss encode fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde kernel_linux ldap libg++ linguas_de linguas_de_CH linguas_en linguas_en_GB mad mikmod mmx mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection rtsp samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd test tetex theora threads truetype truetype-fonts type1-fonts udev unicode userland_GNU vcd video_cards_fbdev video_cards_i810 video_cards_vesa vorbis win32codecs wxwindows x264 xine xml xorg xprint xv xvid zlib" Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
jeez I have a AT get to it before I do...You guys just pounce on these things. x86 stable ^.^
Done in a hurry, so beware, only checked source, no actual testing done. But seems like Qt4 is affected. qt-x11-opensource-src-4.1.4/src/gui/image/qpixmap_x11.cpp, around line 1874: if (depth1) dbpl = (w+7)/8; else dbpl = ((w*bpp+31)/32)*4; dbytes = dbpl*h; <= EVIL #if defined(QT_MITSHM) if (use_mitshm) { dptr = (uchar *)xshmimg->data; uchar fillbyte = bpp == 8 ? white.pixel() : 0xff; for (int y=0; y<h; y++) memset(dptr + y*xshmimg->bytes_per_line, fillbyte, dbpl); } else { #endif dptr = (uchar *)malloc(dbytes); <= EVIL // create buffer for bits
Working on QT 4.1 and 4.2 fixes now, but you might want to track them on their own bugs now.
Qt 4.1.4-r1 and 4.2.0-r1 are ready. Only the first is a stable target though.
*** Bug 151972 has been marked as a duplicate of this bug. ***
I would recomment to use the official patch for Qt instead. I'll attach it for reference.
Created attachment 100045 [details, diff] patch
I would prefer a quick fix for users, hoping for a maintenance release from trolltech, if it's going to be, to avoid three rebuilds.
Alpha done.
Yuppie, we're going to have new versions of everything at this point -_- Give me some time today and I'll update all the qt versions.
qt-3.3.6-r4, qt-4.1.4-r2, qt-4.2.0-r2 Hopefully I won't need _more_ bumps.
next round.... pls test qt-3.3.6-r4/qt-4.1.4-r2 herbs/kugelfang/amd64: pls fix emul-linux-x86-qtlibs
Are these the trolltech maintenance versions released today?
They are the last ones sent to kde-packager yes
Ok, but Trolltech release 3.3.7, 4.1.5, and 4.2.1 today. I assume they are the same thing as our patchlevel versions, but the numbers now don't match :(
[ebuild U ] x11-libs/qt-3.3.6-r4 [3.3.6-r3] USE="cups gif ipv6 mysql opengl -debug -doc -examples -firebird -immqt -immqt-bc -nas -nis -odbc -postgres -sqlite -xinerama" 0 kB 1) emerges fine 2) passes collision test 3) revdep-rebuild, kdelibs remerged, no problems, apart from a not passed test of kdelibs (Should I report about it?) [ebuild U ] x11-libs/qt-4.1.4-r2 [4.1.4] USE="cups gif jpeg mng mysql opengl png zlib -accessibility -debug -doc -examples -firebird -nas -nis -odbc -postgres -sqlite -xinerama" 0 kB 1) emerges fine so far QA Notice: pre-stripped files found: /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/moc /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/rcc /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/uic /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/uic3 /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qm2ts /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qmake /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/lrelease /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/assistant /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/lupdate /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qtconfig /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qt3to4 /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/designer /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/linguist /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQt3Support.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtTest.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtNetwork.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtOpenGL.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtGui.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtSvg.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtCore.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtDesignerComponents.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtDesigner.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtXml.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/plugins/imageformats/libqgif.so /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/plugins/imageformats/libqmng.so /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/plugins/imageformats/libqjpeg.so /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/plugins/sqldrivers/libqsqlmysql.so /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/plugins/designer/libqt3supportwidgets.so /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/plugins/inputmethods/libqimsw-multi.so /var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtSql.so.4.1.4 2) passes collision test 3) revdep-rebuild, emerged a Qt4 app I have a local ebuild for, no problems Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-gentoo-r8 i686) ================================================================= System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 2500+ Gentoo Base System version 1.12.5 Last Sync: Sat, 21 Oct 2006 06:50:01 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.30 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r4 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test" GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/" LANG="de_DE@euro" LC_ALL="de_DE@euro" LINGUAS="de" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage" USE="x86 3dnow 3dnowext X Xaw3d a52 aiglx alsa artworkextra asf audiofile bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds elibc_glibc emacs emboss encode esd evo exif expat fam fat fbcon ffmpeg firefox fortran ftp gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick imap input_devices_keyboard input_devices_mouse ipv6 isdnlog java javascript jikes jpeg jpeg2k kde kernel_linux ldap leim libg++ linguas_de lm_sensors mad maildir matroska mbox mhash mikmod mime mmx mmxext mng mono mp3 mpeg mpeg2 mule mysql nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia objc ogg opengl pam pcre pdf perl plotutils pmu png ppds pppd preview-latex print python qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang spell spl sse ssl svg svga t1lib tcltk tcpd tetex theora thunderbird tiff truetype truetype-fonts type1-fonts udev usb userland_GNU vcd video_cards_fbdev video_cards_radeon video_cards_vesa videos vorbis win32codecs wmf wxwindows xine xml xorg xosd xv xvid zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
qt-3.3.6-r4/qt-4.1.4-r2 stable on ppc64
So which packages are we supposed to be marking, the revision bumps or the version bumps (whenever they hit the tree)?
x11-libs/qt-3.3.6-r4 USE="cups gif ipv6 opengl -debug -doc -examples -firebird -immqt -immqt-bc -mysql -nas -nis -odbc -postgres -sqlite -xinerama" 1. emerges on x86, with following Notice: >>> Install qt-3.3.6-r4 into /var/tmp/portage/qt-3.3.6-r4/image/ category x11-libs cp: omitting directory `include/private' 2. passes collision test 3. regular kde stuff still works x11-libs/qt-4.1.4-r2 USE="cups gif jpeg opengl png zlib -accessibility -debug -doc -examples -firebird -mng -mysql -nas -nis -odbc -postgres -sqlite -xinerama" 1. emerges on x86, with the same pre-stripped files as Christian 2. passes collision test 3. poppler-bindings still compiles (with qt3 and qt4) Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.18.1 i686) ================================================================= System uname: 2.6.18.1 i686 Genuine Intel(R) CPU T2300 @ 1.66GHz Gentoo Base System version 1.12.5 Last Sync: Sun, 22 Oct 2006 09:50:01 +0000 ccache version 2.3 [disabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.30 dev-lang/python: 2.3.5-r3, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r4 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner" FEATURES="autoconfig collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LINGUAS="en de en_GB de_CH" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="x86 X a52 aac acpi alsa apache2 asf berkdb bitmap-fonts cairo cdr cdrom cli cracklib crypt cups dbus divx dlloader dri dts dvd dvdr dvdread eds elibc_glibc emboss encode fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde kernel_linux ldap libg++ linguas_de linguas_de_CH linguas_en linguas_en_GB mad mikmod mmx mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection rtsp samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd test tetex theora threads truetype truetype-fonts type1-fonts udev unicode userland_GNU vcd video_cards_fbdev video_cards_i810 video_cards_vesa vorbis win32codecs wxwindows x264 xine xml xorg xprint xv xvid zlib" Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
going with the revbumps since the verbumps are still missing. qt-3.3.6-r4 & qt-4.1.4-r2 sparc stable.
/me does the revbump shuffle && electric slide. oh oh oh yeah x86 is stable..Now i need a white polyester suit..
[ebuild R ] x11-libs/qt-3.3.6-r4 USE="cups gif opengl -debug -doc -examples (-firebird) -immqt -immqt-bc -ipv6 -mysql -nas -nis -odbc -postgres -sqlite -xinerama" 0 kB 1) emerges fine 2) passes collision test 3) kdelibs remerged without problems [ebuild UD] x11-libs/qt-4.1.4-r2 [4.2.0-r2] USE="cups gif jpeg mng opengl png zlib -accessibility -debug -doc -examples (-firebird) -mysql -nas -nis -odbc -postgres -sqlite -xinerama (-dbus%*) (-glib%) (-pch%)" 0 kB 1) emerges fine QA Notice: pre-stripped files found: /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/moc /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/rcc /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/uic /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/uic3 /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/assistant /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/linguist /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/lrelease /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/lupdate /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qm2ts /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qt3to4 /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/designer /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qtconfig /var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qmake /var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtCore.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtXml.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtGui.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtSql.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtNetwork.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtSvg.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtOpenGL.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQt3Support.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/plugins/imageformats/libqjpeg.so /var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/plugins/imageformats/libqgif.so/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/plugins/imageformats/libqmng.so/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/plugins/inputmethods/libqimsw-multi.so /var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/plugins/designer/libqt3supportwidgets.so /var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtTest.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtDesigner.so.4.1.4 /var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtDesignerComponents.so.4.1.4 strip: x86_64-pc-linux-gnu-strip --strip-unneeded usr/lib64/qt4/libQtAssistantClient.a usr/lib64/qt4/libQtUiTools.a 2) passes collision-test 3) poppler-bindings compiles fine with qt4 # emerge --info Portage 2.1.1-r1 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-gentoo-r8 x86_64) ================================================================= System uname: 2.6.17-gentoo-r8 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ Gentoo Base System version 1.12.5 Last Sync: Tue, 24 Oct 2006 09:20:01 +0000 ccache version 2.3 [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.30 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r4 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-march=k8 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer multilib-strict sandbox sfperms strict test" GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo " LANG="en_US.ISO8859-1" LC_ALL="en_US.ISO8859-1" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage /usr/portage/local/stuff" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="amd64 7zip X a52 aac aalib addbookmarks alias alsa amarok arts asf avahi bash-completion berkdb bitmap-fonts browserplugin bzip2 c++ cairo calendar caps cdr cdrom cdsound chroot cli cracklib crypt cups cvs dbus de_tvtoday dhcp dlloader dri dvb dvd dvdr dvdread eds elibc_glibc emboss encode esd fam ffmpeg flac fortran gdbm gif gimp gimpprint gnome gpm gsm gstreamer gtk gtk2 gzip hal hald highlight history howl icq imagemagick input_devices_evdev input_devices_keyboard input_devices_mouse irssi isdnlog java javascript jpeg kde kdm kernel_linux kipi lame ldap libg++ live logitech-mouse mad madwifi md5sum mikmod mng mp3 mpeg ncurses nls nptl nptlonly nsplugin nvidia ogg oggvorbis opengl openssh oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection rss samba scanner scp sdl session smp speex spell spl sql ssl subversion svg symlink tcl tcltk tcpd tiff tk transcode truetype truetype-fonts type1-fonts udev unicode unzip usb userland_GNU vcd video_cards_nv video_cards_nvidia video_cards_vesa vim visualization vorbis wmf wxwindows x264 xcomposite xine xml xorg xv xvid xvmc zip zlib zvbi" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS
amd64 stable
ppc stable
stable on hppa. Sorry for the delay.
*** Bug 153164 has been marked as a duplicate of this bug. ***
ia64 done.
alpha, pls test qt-3.3.6-r4 and mark stable if possible
CVE-2006-4811 <quote> Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. </quote> since emul-linux-x86-qtlibs has only versions 2.2 and 3.4.4 I suppose those are not affected comments?
qt-3.4.4 does not exist.
opened bug 153704 about emul-linux-x86-qtlibs
alpha, we are late on this one pls test qt-3.3.6-r4 and mark stable if possible
Stable on Alpha.
ready for GLSA publication
GLSA 200611-02 thanks everyone
even closing it now...