Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 151838
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matthias Geerdsen <vorlon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
attachment.cgi Qt patch patch Diego E. 'Flameeyes' Pettenò 2006-10-18 09:30 0000 955 bytes Details | Diff
qt3_pixmap_patch.txt patch patch Dirk Mueller 2006-10-19 13:24 0000 4.83 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 151838 depends on: Show dependency tree
Bug 151838 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-10-18 08:32 0000 
from RH advisory:

An integer overflow flaw was found in the way Qt handled pixmap images.
The KDE khtml library uses Qt in such a way that untrusted parameters could
be passed to Qt, triggering the overflow. An attacker could for example
create a malicious web page that when viewed by a victim in the Konqueror
browser would cause Konqueror to crash or possibly execute arbitrary code
with the privileges of the victim. (CVE-2006-4811)

------- Comment #1 From Diego E. 'Flameeyes' Pettenò 2006-10-18 09:30:45 0000 ------- 
Created an attachment (id=99949) [details]
Qt patch

This seems to be the patch from redhat, but it's for qt not for kdelibs, why
did they release kdelibs packages, it's something I don't understand.

------- Comment #2 From Diego E. 'Flameeyes' Pettenò 2006-10-18 09:47:30 0000 ------- 
I've added the patch in Qt 3.3.6-r3, but I cannot test it myself currently
(emerge -e world in progress). The bug was confirmed on Qt-copy, on Arch and
KUbuntu too.
http://bugzilla.redhat.com/bugzilla/attachment.cgi?id=138488 is a good testcase
to see if the patch works, for arch teams testing.

Can someone confirm if the patch works?

------- Comment #3 From Ioannis Aslanidis 2006-10-18 10:26:25 0000 ------- 
Confirming that the patch added to Qt 3.3.6-r3 fixes the exploit.

------- Comment #4 From Matthias Geerdsen 2006-10-18 10:42:46 0000 ------- 
arches, pls test x11-libs/qt-3.3.6-r3 and mark stable if possible

amd64, what about app-emulation/emul-linux-x86-qtlibs, I guess it should be
fixed too?

------- Comment #5 From Matthias Geerdsen 2006-10-18 10:51:05 0000 ------- 
adding qt herd

what about qt-4* btw?

------- Comment #6 From Ioannis Aslanidis 2006-10-18 11:05:34 0000 ------- 
All the qt herd members are inside the kde herd.

------- Comment #7 From Diego E. 'Flameeyes' Pettenò 2006-10-18 11:31:45 0000 ------- 
Leave qt there for queries at least.

------- Comment #8 From Markus Rothe 2006-10-18 12:38:38 0000 ------- 
ppc64 stable

------- Comment #9 From Christian Faulhammer 2006-10-18 12:45:10 0000 ------- 
-r3 needs media-libs/libmng 1.0.9 at least...which version shall we take? -r0
or -r1? The latter is not in Portage for 30 days, but fixes some issues. 
KDE/Qt, please advise.

------- Comment #10 From Markus Meier 2006-10-18 13:57:00 0000 ------- 
1. used media-libs/libmng-1.0.9-r1 as dependency, which emerges fine, but:
1.1 QA Notice: USE Flag 'jpeg' not in IUSE for media-libs/libmng-1.0.9-r1
2. emerges fine on x86
3. passes collision test
4. revdep-rebuild shows nothing broken, kile recompiled fine and kde still
works

x11-libs/qt-3.3.6-r3  USE="cups gif ipv6 opengl -debug -doc -examples -firebird
-immqt -immqt-bc -mysql -nas -nis -odbc -postgres -sqlite -xinerama"

Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.18.1 i686)
=================================================================
System uname: 2.6.18.1 i686 Genuine Intel(R) CPU           T2300  @ 1.66GHz
Gentoo Base System version 1.12.5
Last Sync: Wed, 18 Oct 2006 19:50:01 +0000
ccache version 2.3 [disabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="autoconfig collision-protect distlocks metadata-transfer
parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LINGUAS="en de en_GB de_CH"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="x86 X a52 aac acpi alsa apache2 asf berkdb bitmap-fonts cairo cdr cdrom
cli cracklib crypt cups dbus divx dlloader dri dts dvd dvdr dvdread eds
elibc_glibc emboss encode fam ffmpeg firefox flac fortran gdbm gif gnome gpm
gstreamer gtk hal input_devices_keyboard input_devices_mouse ipv6 isdnlog java
jpeg kde kernel_linux ldap libg++ linguas_de linguas_de_CH linguas_en
linguas_en_GB mad mikmod mmx mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl
oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection
rtsp samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd test tetex
theora threads truetype truetype-fonts type1-fonts udev unicode userland_GNU
vcd video_cards_fbdev video_cards_i810 video_cards_vesa vorbis win32codecs
wxwindows x264 xine xml xorg xprint xv xvid zlib"
Unset:  CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS,
PORTDIR_OVERLAY

------- Comment #11 From Joshua Jackson 2006-10-18 22:48:48 0000 ------- 
jeez I have a AT get to it before I do...You guys just pounce on these things.
x86 stable ^.^

------- Comment #12 From Stefan Cornelius (RETIRED) 2006-10-18 23:45:07 0000 ------- 
Done in a hurry, so beware, only checked source, no actual testing done. But
seems like Qt4 is affected.

qt-x11-opensource-src-4.1.4/src/gui/image/qpixmap_x11.cpp, around line 1874:

  if (depth1)
        dbpl = (w+7)/8;
    else
        dbpl = ((w*bpp+31)/32)*4;
    dbytes = dbpl*h;  <= EVIL

#if defined(QT_MITSHM)
    if (use_mitshm) {
        dptr = (uchar *)xshmimg->data;
        uchar fillbyte = bpp == 8 ? white.pixel() : 0xff;
        for (int y=0; y<h; y++)
            memset(dptr + y*xshmimg->bytes_per_line, fillbyte, dbpl);
    } else {
#endif
        dptr = (uchar *)malloc(dbytes);  <= EVIL      // create buffer for bits

------- Comment #13 From Diego E. 'Flameeyes' Pettenò 2006-10-19 09:04:33 0000 ------- 
Working on QT 4.1 and 4.2 fixes now, but you might want to track them on their
own bugs now.

------- Comment #14 From Diego E. 'Flameeyes' Pettenò 2006-10-19 09:10:04 0000 ------- 
Qt 4.1.4-r1 and 4.2.0-r1 are ready. Only the first is a stable target though.

------- Comment #15 From Jakub Moc (RETIRED) 2006-10-19 10:35:02 0000 ------- 
*** Bug 151972 has been marked as a duplicate of this bug. ***

------- Comment #16 From Dirk Mueller 2006-10-19 13:23:50 0000 ------- 
I would recomment to use the official patch for Qt instead. I'll attach it for
reference.

------- Comment #17 From Dirk Mueller 2006-10-19 13:24:20 0000 ------- 
Created an attachment (id=100045) [details]
patch

------- Comment #18 From Diego E. 'Flameeyes' Pettenò 2006-10-19 13:38:03 0000 ------- 
I would prefer a quick fix for users, hoping for a maintenance release from
trolltech, if it's going to be, to avoid three rebuilds.

------- Comment #19 From Bryan Østergaard (RETIRED) 2006-10-20 04:50:01 0000 ------- 
Alpha done.

------- Comment #20 From Diego E. 'Flameeyes' Pettenò 2006-10-20 08:44:59 0000 ------- 
Yuppie, we're going to have new versions of everything at this point -_- Give
me some time today and I'll update all the qt versions.

------- Comment #21 From Diego E. 'Flameeyes' Pettenò 2006-10-20 11:14:13 0000 ------- 
qt-3.3.6-r4, qt-4.1.4-r2, qt-4.2.0-r2

Hopefully I won't need _more_ bumps.

------- Comment #22 From Matthias Geerdsen 2006-10-20 11:21:40 0000 ------- 
next round....

pls test qt-3.3.6-r4/qt-4.1.4-r2

herbs/kugelfang/amd64: pls fix emul-linux-x86-qtlibs

------- Comment #23 From Caleb Tennis 2006-10-20 11:39:53 0000 ------- 
Are these the trolltech maintenance versions released today?

------- Comment #24 From Diego E. 'Flameeyes' Pettenò 2006-10-20 11:53:50 0000 ------- 
They are the last ones sent to kde-packager yes

------- Comment #25 From Caleb Tennis 2006-10-20 12:22:20 0000 ------- 
Ok, but Trolltech release 3.3.7, 4.1.5, and 4.2.1 today.  I assume they are the
same thing as our patchlevel versions, but the numbers now don't match :(

------- Comment #26 From Christian Faulhammer 2006-10-21 06:21:22 0000 ------- 
[ebuild     U ] x11-libs/qt-3.3.6-r4 [3.3.6-r3] USE="cups gif ipv6 mysql opengl
-debug -doc -examples -firebird -immqt -immqt-bc -nas -nis -odbc -postgres
-sqlite -xinerama" 0 kB 

1) emerges fine
2) passes collision test
3) revdep-rebuild, kdelibs remerged, no problems, apart from a not passed test
of kdelibs (Should I report about it?)

[ebuild     U ] x11-libs/qt-4.1.4-r2 [4.1.4] USE="cups gif jpeg mng mysql
opengl png zlib -accessibility -debug -doc -examples -firebird -nas -nis -odbc
-postgres -sqlite -xinerama" 0 kB 

1) emerges fine so far
QA Notice: pre-stripped files found:
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/moc
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/rcc
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/uic
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/uic3
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qm2ts
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qmake
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/lrelease
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/assistant
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/lupdate
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qtconfig
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qt3to4
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/designer
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/linguist
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQt3Support.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtTest.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtNetwork.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtOpenGL.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtGui.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtSvg.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtCore.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtDesignerComponents.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtDesigner.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtXml.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/plugins/imageformats/libqgif.so
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/plugins/imageformats/libqmng.so
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/plugins/imageformats/libqjpeg.so
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/plugins/sqldrivers/libqsqlmysql.so
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/plugins/designer/libqt3supportwidgets.so
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/plugins/inputmethods/libqimsw-multi.so
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib/qt4/libQtSql.so.4.1.4

2) passes collision test
3) revdep-rebuild, emerged a Qt4 app I have a local ebuild for, no problems

Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17-gentoo-r8 i686)
=================================================================
System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.12.5
Last Sync: Sat, 21 Oct 2006 06:50:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer
parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LINGUAS="de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage"
USE="x86 3dnow 3dnowext X Xaw3d a52 aiglx alsa artworkextra asf audiofile
bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo
cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus
dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds elibc_glibc
emacs emboss encode esd evo exif expat fam fat fbcon ffmpeg firefox fortran ftp
gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick
imap input_devices_keyboard input_devices_mouse ipv6 isdnlog java javascript
jikes jpeg jpeg2k kde kernel_linux ldap leim libg++ linguas_de lm_sensors mad
maildir matroska mbox mhash mikmod mime mmx mmxext mng mono mp3 mpeg mpeg2 mule
mysql nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia objc
ogg opengl pam pcre pdf perl plotutils pmu png ppds pppd preview-latex print
python qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang
spell spl sse ssl svg svga t1lib tcltk tcpd tetex theora thunderbird tiff
truetype truetype-fonts type1-fonts udev usb userland_GNU vcd video_cards_fbdev
video_cards_radeon video_cards_vesa videos vorbis win32codecs wmf wxwindows
xine xml xorg xosd xv xvid zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS,
PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #27 From Markus Rothe 2006-10-22 02:28:50 0000 ------- 
qt-3.3.6-r4/qt-4.1.4-r2 stable on ppc64

------- Comment #28 From Jason Wever (RETIRED) 2006-10-22 08:32:42 0000 ------- 
So which packages are we supposed to be marking, the revision bumps or the
version bumps (whenever they hit the tree)?

------- Comment #29 From Markus Meier 2006-10-22 11:44:51 0000 ------- 
x11-libs/qt-3.3.6-r4  USE="cups gif ipv6 opengl -debug -doc -examples -firebird
-immqt -immqt-bc -mysql -nas -nis -odbc -postgres -sqlite -xinerama"
1. emerges on x86, with following Notice:
>>> Install qt-3.3.6-r4 into /var/tmp/portage/qt-3.3.6-r4/image/ category x11-libs
cp: omitting directory `include/private'

2. passes collision test
3. regular kde stuff still works

x11-libs/qt-4.1.4-r2  USE="cups gif jpeg opengl png zlib -accessibility -debug
-doc -examples -firebird -mng -mysql -nas -nis -odbc -postgres -sqlite
-xinerama"
1. emerges on x86, with the same pre-stripped files as Christian
2. passes collision test
3. poppler-bindings still compiles (with qt3 and qt4)


Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.18.1 i686)
=================================================================
System uname: 2.6.18.1 i686 Genuine Intel(R) CPU           T2300  @ 1.66GHz
Gentoo Base System version 1.12.5
Last Sync: Sun, 22 Oct 2006 09:50:01 +0000
ccache version 2.3 [disabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="autoconfig collision-protect distlocks metadata-transfer
parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LINGUAS="en de en_GB de_CH"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="x86 X a52 aac acpi alsa apache2 asf berkdb bitmap-fonts cairo cdr cdrom
cli cracklib crypt cups dbus divx dlloader dri dts dvd dvdr dvdread eds
elibc_glibc emboss encode fam ffmpeg firefox flac fortran gdbm gif gnome gpm
gstreamer gtk hal input_devices_keyboard input_devices_mouse ipv6 isdnlog java
jpeg kde kernel_linux ldap libg++ linguas_de linguas_de_CH linguas_en
linguas_en_GB mad mikmod mmx mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl
oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection
rtsp samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd test tetex
theora threads truetype truetype-fonts type1-fonts udev unicode userland_GNU
vcd video_cards_fbdev video_cards_i810 video_cards_vesa vorbis win32codecs
wxwindows x264 xine xml xorg xprint xv xvid zlib"
Unset:  CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS,
PORTDIR_OVERLAY

------- Comment #30 From Gustavo Zacarias (RETIRED) 2006-10-23 13:16:18 0000 ------- 
going with the revbumps since the verbumps are still missing.
qt-3.3.6-r4 & qt-4.1.4-r2 sparc stable.

------- Comment #31 From Joshua Jackson 2006-10-23 19:57:55 0000 ------- 
/me does the revbump shuffle && electric slide. oh oh oh yeah x86 is
stable..Now i need a white polyester suit..

------- Comment #32 From Tobias Heinlein 2006-10-24 09:53:16 0000 ------- 
[ebuild   R   ] x11-libs/qt-3.3.6-r4  USE="cups gif opengl -debug -doc
-examples (-firebird) -immqt -immqt-bc -ipv6 -mysql -nas -nis -odbc -postgres
-sqlite -xinerama" 0 kB

1) emerges fine
2) passes collision test
3) kdelibs remerged without problems



[ebuild     UD] x11-libs/qt-4.1.4-r2 [4.2.0-r2] USE="cups gif jpeg mng opengl
png zlib -accessibility -debug -doc -examples (-firebird) -mysql -nas -nis
-odbc -postgres -sqlite -xinerama (-dbus%*) (-glib%) (-pch%)" 0 kB

1) emerges fine

QA Notice: pre-stripped files found:
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/moc
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/rcc
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/uic
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/uic3
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/assistant
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/linguist
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/lrelease
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/lupdate
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qm2ts
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qt3to4
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/designer
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qtconfig
/var/tmp/portage/qt-4.1.4-r2/image/usr/bin/qmake
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtCore.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtXml.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtGui.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtSql.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtNetwork.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtSvg.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtOpenGL.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQt3Support.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/plugins/imageformats/libqjpeg.so
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/plugins/imageformats/libqgif.so/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/plugins/imageformats/libqmng.so/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/plugins/inputmethods/libqimsw-multi.so
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/plugins/designer/libqt3supportwidgets.so
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtTest.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtDesigner.so.4.1.4
/var/tmp/portage/qt-4.1.4-r2/image/usr/lib64/qt4/libQtDesignerComponents.so.4.1.4
strip: x86_64-pc-linux-gnu-strip --strip-unneeded
   usr/lib64/qt4/libQtAssistantClient.a
      usr/lib64/qt4/libQtUiTools.a

2) passes collision-test
3) poppler-bindings compiles fine with qt4

# emerge --info
Portage 2.1.1-r1 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17-gentoo-r8 x86_64)
=================================================================
System uname: 2.6.17-gentoo-r8 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor
4200+
Gentoo Base System version 1.12.5
Last Sync: Tue, 24 Oct 2006 09:20:01 +0000
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-march=k8 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer
multilib-strict sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/
ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo
ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo "
LANG="en_US.ISO8859-1"
LC_ALL="en_US.ISO8859-1"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /usr/portage/local/stuff"
SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"
USE="amd64 7zip X a52 aac aalib addbookmarks alias alsa amarok arts asf avahi
bash-completion berkdb bitmap-fonts browserplugin bzip2 c++ cairo calendar caps
cdr cdrom cdsound chroot cli cracklib crypt cups cvs dbus de_tvtoday dhcp
dlloader dri dvb dvd dvdr dvdread eds elibc_glibc emboss encode esd fam ffmpeg
flac fortran gdbm gif gimp gimpprint gnome gpm gsm gstreamer gtk gtk2 gzip hal
hald highlight history howl icq imagemagick input_devices_evdev
input_devices_keyboard input_devices_mouse irssi isdnlog java javascript jpeg
kde kdm kernel_linux kipi lame ldap libg++ live logitech-mouse mad madwifi
md5sum mikmod mng mp3 mpeg ncurses nls nptl nptlonly nsplugin nvidia ogg
oggvorbis opengl openssh oss pam pcre perl png ppds pppd python qt3 qt4
quicktime readline reflection rss samba scanner scp sdl session smp speex spell
spl sql ssl subversion svg symlink tcl tcltk tcpd tiff tk transcode truetype
truetype-fonts type1-fonts udev unicode unzip usb userland_GNU vcd
video_cards_nv video_cards_nvidia video_cards_vesa vim visualization vorbis wmf
wxwindows x264 xcomposite xine xml xorg xv xvid xvmc zip zlib zvbi"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS,
PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #33 From Simon Stelling (RETIRED) 2006-10-24 10:16:29 0000 ------- 
amd64 stable

------- Comment #34 From Tobias Scherbaum 2006-10-24 10:53:56 0000 ------- 
ppc stable

------- Comment #35 From René Nussbaumer 2006-10-27 09:34:54 0000 ------- 
stable on hppa. Sorry for the delay.

------- Comment #36 From Jakub Moc (RETIRED) 2006-10-28 16:18:51 0000 ------- 
*** Bug 153164 has been marked as a duplicate of this bug. ***

------- Comment #37 From Bryan Østergaard (RETIRED) 2006-10-29 12:00:29 0000 ------- 
ia64 done.

------- Comment #38 From Matthias Geerdsen 2006-11-01 08:20:00 0000 ------- 
alpha, pls test qt-3.3.6-r4 and mark stable if possible

------- Comment #39 From Matthias Geerdsen 2006-11-01 08:25:08 0000 ------- 
CVE-2006-4811
<quote>
Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before
4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other
packages, allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a crafted pixmap image.
</quote>
since emul-linux-x86-qtlibs has only versions 2.2 and 3.4.4 I suppose those are
not affected

comments?

------- Comment #40 From Diego E. 'Flameeyes' Pettenò 2006-11-01 08:30:45 0000 ------- 
qt-3.4.4 does not exist.

------- Comment #41 From Matthias Geerdsen 2006-11-01 08:50:44 0000 ------- 
opened bug 153704 about emul-linux-x86-qtlibs

------- Comment #42 From Matthias Geerdsen 2006-11-06 00:39:22 0000 ------- 
alpha, we are late on this one

pls test qt-3.3.6-r4 and mark stable if possible

------- Comment #43 From Alexander Færøy 2006-11-06 02:59:27 0000 ------- 
Stable on Alpha.

------- Comment #44 From Matthias Geerdsen 2006-11-06 03:04:53 0000 ------- 
ready for GLSA publication

------- Comment #45 From Matthias Geerdsen 2006-11-06 06:19:02 0000 ------- 
GLSA 200611-02

thanks everyone

------- Comment #46 From Matthias Geerdsen 2006-11-06 06:19:45 0000 ------- 
even closing it now...
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug