[arch-commits] Commit in qt5/trunk (5 files)
Date: Thursday, May 14, 2015 @ 09:32:11
Author: fyan
Revision: 239330
upgpkg: qt5 5.4.1-8
- add patches for CVE-2015-0295, CVE-2015-1858, CVE-2015-1859, CVE-2015-1860
- add patch to fix keypad shortcuts (FS#44676)
Added:
qt5/trunk/CVE-2015-0295.patch
qt5/trunk/CVE-2015-1858_1859.patch
qt5/trunk/CVE-2015-1860.patch
qt5/trunk/keypad-shortcuts.patch
Modified:
qt5/trunk/PKGBUILD
--+
CVE-2015-0295.patch | 44 +
CVE-2015-1858_1859.patch | 62 +
CVE-2015-1860.patch | 30 ++
PKGBUILD | 21 --
keypad-shortcuts.patch | 94 +
5 files changed, 248 insertions(+), 3 deletions(-)
Added: CVE-2015-0295.patch
===
--- CVE-2015-0295.patch (rev 0)
+++ CVE-2015-0295.patch 2015-05-14 07:32:11 UTC (rev 239330)
@@ -0,0 +1,44 @@
+From 661f6bfd032dacc62841037732816a583640e187 Mon Sep 17 00:00:00 2001
+From: Richard J. Moore r...@kde.org
+Date: Sat, 21 Feb 2015 17:43:21 +
+Subject: Fix a division by zero when processing malformed BMP files.
+
+This fixes a division by 0 when processing a maliciously crafted BMP
+file. No impact beyond DoS.
+
+Task-number: QTBUG-44547
+Change-Id: Ifcded2c0aa712e90d23e6b3969af0ec3add53973
+Reviewed-by: Thiago Macieira thiago.macie...@intel.com
+Reviewed-by: Oswald Buddenhagen oswald.buddenha...@theqtcompany.com
+---
+ src/gui/image/qbmphandler.cpp | 8
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp
+index 21c1a2f..df66499 100644
+--- a/src/gui/image/qbmphandler.cpp
b/src/gui/image/qbmphandler.cpp
+@@ -314,12 +314,20 @@ static bool read_dib_body(QDataStream s, const
BMP_INFOHDR bi, int offset, int
+ }
+ } else if (comp == BMP_BITFIELDS (nbits == 16 || nbits == 32)) {
+ red_shift = calc_shift(red_mask);
++if (((red_mask red_shift) + 1) == 0)
++return false;
+ red_scale = 256 / ((red_mask red_shift) + 1);
+ green_shift = calc_shift(green_mask);
++if (((green_mask green_shift) + 1) == 0)
++return false;
+ green_scale = 256 / ((green_mask green_shift) + 1);
+ blue_shift = calc_shift(blue_mask);
++if (((blue_mask blue_shift) + 1) == 0)
++return false;
+ blue_scale = 256 / ((blue_mask blue_shift) + 1);
+ alpha_shift = calc_shift(alpha_mask);
++if (((alpha_mask alpha_shift) + 1) == 0)
++return false;
+ alpha_scale = 256 / ((alpha_mask alpha_shift) + 1);
+ } else if (comp == BMP_RGB (nbits == 24 || nbits == 32)) {
+ blue_mask = 0x00ff;
+--
+cgit v0.11.0
+
Added: CVE-2015-1858_1859.patch
===
--- CVE-2015-1858_1859.patch(rev 0)
+++ CVE-2015-1858_1859.patch2015-05-14 07:32:11 UTC (rev 239330)
@@ -0,0 +1,62 @@
+From 51ec7ebfe5f45d1c0a03d992e97053cac66e25fe Mon Sep 17 00:00:00 2001
+From: Eirik Aavitsland eirik.aavitsl...@theqtcompany.com
+Date: Wed, 11 Mar 2015 13:34:01 +0100
+Subject: Fixes crash in bmp and ico image decoding
+
+Fuzzing test revealed that for certain malformed bmp and ico files,
+the handler would segfault.
+
+Change-Id: I19d45145f31e7f808f7f6a1a1610270ea4159cbe
+Reviewed-by: Lars Knoll lars.kn...@digia.com
+---
+ src/gui/image/qbmphandler.cpp| 13 +++--
+ src/plugins/imageformats/ico/qicohandler.cpp | 2 +-
+ 2 files changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp
+index df66499..8acc593 100644
+--- a/src/gui/image/qbmphandler.cpp
b/src/gui/image/qbmphandler.cpp
+@@ -484,12 +484,6 @@ static bool read_dib_body(QDataStream s, const
BMP_INFOHDR bi, int offset, int
+ p = data + (h-y-1)*bpl;
+ break;
+ case 2:// delta (jump)
+-// Protection
+-if ((uint)x = (uint)w)
+-x = w-1;
+-if ((uint)y = (uint)h)
+-y = h-1;
+-
+ {
+ quint8 tmp;
+ d-getChar((char *)tmp);
+@@ -497,6 +491,13 @@ static bool read_dib_body(QDataStream s, const
BMP_INFOHDR bi, int offset, int
+ d-getChar((char *)tmp);
+ y += tmp;
+ }
++
++// Protection
++if ((uint)x = (uint)w)
++x = w-1;
++if ((uint)y = (uint)h)
++y = h-1;
++
+
[arch-commits] Commit in qt5/trunk (5 files)
Date: Thursday, December 12, 2013 @ 14:44:52
Author: andrea
Revision: 201457
Qt 5.2.0
Modified:
qt5/trunk/PKGBUILD
qt5/trunk/use-python2.patch
Deleted:
qt5/trunk/CVE-2013-4549.patch
qt5/trunk/bison3.patch
qt5/trunk/libmng2.patch
-+
CVE-2013-4549.patch | 235 --
PKGBUILD| 88 +-
bison3.patch| 38
libmng2.patch | 34 ---
use-python2.patch | 140 +++--
5 files changed, 100 insertions(+), 435 deletions(-)
Deleted: CVE-2013-4549.patch
===
--- CVE-2013-4549.patch 2013-12-12 13:13:42 UTC (rev 201456)
+++ CVE-2013-4549.patch 2013-12-12 13:44:52 UTC (rev 201457)
@@ -1,235 +0,0 @@
-From 46a8885ae486e238a39efa5119c2714f328b08e4 Mon Sep 17 00:00:00 2001
-From: Mitch Curtis mitch.cur...@digia.com
-Date: Fri, 27 Sep 2013 12:32:28 +0200
-Subject: [PATCH] Disallow deep or widely nested entity references.
-
-Nested references with a depth of 2 or greater will fail. References
-that partially expand to greater than 1024 characters will also fail.
-
-Change-Id: Id4e49d6f7cf51e3a247efdb4c6c7c9bd9b223f6e
-Reviewed-by: Richard J. Moore r...@kde.org
-Reviewed-by: Lars Knoll lars.kn...@digia.com
-
-From f1053d94f59f053ce4acad9320df14f1fbe4faac Mon Sep 17 00:00:00 2001
-From: Mitch Curtis mitch.cur...@digia.com
-Date: Mon, 11 Nov 2013 14:27:40 +0100
-Subject: [PATCH] Fully expand entities to ensure deep or widely nested ones
fail parsing
-
-With 46a8885ae486e238a39efa5119c2714f328b08e4, we failed when parsing
-entities whose partially expanded size was greater than 1024
-characters. That was not enough, so now we fully expand all entities.
-
-Amends 46a8885ae486e238a39efa5119c2714f328b08e4.
-
-Change-Id: Ie80720d7e04d825eb4eebf528140eb94806c02b1
-Reviewed-by: Richard J. Moore r...@kde.org
-Reviewed-by: Lars Knoll lars.kn...@digia.com
-
-diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp
-index 45c0f3e..e6d78d3 100644
a/src/xml/sax/qxml.cpp
-+++ b/src/xml/sax/qxml.cpp
-@@ -424,6 +424,10 @@ private:
- int stringValueLen;
- QString emptyStr;
-
-+// The limit to the amount of times the DTD parsing functions can be
called
-+// for the DTD currently being parsed.
-+int dtdRecursionLimit;
-+
- const QString string();
- void stringClear();
- void stringAddC(QChar);
-@@ -493,6 +497,8 @@ private:
- void parseFailed(ParseFunction where, int state);
- void pushParseState(ParseFunction function, int state);
-
-+bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage);
-+
- Q_DECLARE_PUBLIC(QXmlSimpleReader)
- QXmlSimpleReader *q_ptr;
-
-@@ -2757,6 +2763,8 @@
QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader)
- useNamespacePrefixes = false;
- reportWhitespaceCharData = true;
- reportEntities = false;
-+
-+dtdRecursionLimit = 2;
- }
-
- QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate()
-@@ -5035,6 +5043,11 @@ bool QXmlSimpleReaderPrivate::parseDoctype()
- }
- break;
- case Mup:
-+if (dtdRecursionLimit 0 parameterEntities.size()
dtdRecursionLimit) {
-+reportParseError(QString::fromLatin1(
-+DTD parsing exceeded recursion limit of
%1.).arg(dtdRecursionLimit));
-+return false;
-+}
- if (!parseMarkupdecl()) {
- parseFailed(QXmlSimpleReaderPrivate::parseDoctype,
state);
- return false;
-@@ -6644,6 +6657,37 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq()
- return false;
- }
-
-+bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString
*errorMessage)
-+{
-+const QString value = string();
-+QMapQString, int referencedEntityCounts;
-+foreach (QString entityName, entities.keys()) {
-+for (int i = 0; i value.size() i != -1; ) {
-+i = value.indexOf(entityName, i);
-+if (i != -1) {
-+// The entityName we're currently trying to find
-+// was matched in this string; increase our count.
-+++referencedEntityCounts[entityName];
-+i += entityName.size();
-+}
-+}
-+}
-+
-+foreach (QString entityName, referencedEntityCounts.keys()) {
-+const int timesReferenced = referencedEntityCounts[entityName];
-+const QString entityValue = entities[entityName];
-+if (entityValue.size() * timesReferenced 1024) {
-+if (errorMessage) {
-+*errorMessage = QString::fromLatin1(The XML entity \%1\
-+expands too a string that is too large to process when
-+referencing \%2\ %3
times.).arg(entityName).arg(entityName).arg(timesReferenced);
-+}
-+
[arch-commits] Commit in qt5/trunk (5 files)
Date: Wednesday, May 8, 2013 @ 09:31:32
Author: andrea
Revision: 184765
Add qdbusviewer desktop file
Added:
qt5/trunk/qdbusviewer.desktop
Modified:
qt5/trunk/PKGBUILD
qt5/trunk/assistant.desktop
qt5/trunk/designer.desktop
qt5/trunk/linguist.desktop
-+
PKGBUILD| 21 +
assistant.desktop |2 +-
designer.desktop|2 +-
linguist.desktop|2 +-
qdbusviewer.desktop |9 +
5 files changed, 25 insertions(+), 11 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2013-05-08 07:26:06 UTC (rev 184764)
+++ PKGBUILD2013-05-08 07:31:32 UTC (rev 184765)
@@ -31,12 +31,13 @@
options=('!libtool')
_pkgfqn=qt-everywhere-opensource-src-${pkgver}
source=(http://releases.qt-project.org/${pkgbase}/${pkgver}/single/${_pkgfqn}.tar.xz;
-'assistant.desktop' 'designer.desktop' 'linguist.desktop'
+'assistant.desktop' 'designer.desktop' 'linguist.desktop'
'qdbusviewer.desktop'
'use-python2.patch' 'gcc48.patch')
md5sums=('2cab3518d86fe8f0638c7faea8b46397'
- 'f1837a03fd0ebbd2da58975845f278e3'
- '480fea1ed076992b688373c8db274be0'
- '5595c24d5bb942c21e3a4d299e6d0bf1'
+ 'b2897dd6a2967bccf8f10e397aafee55'
+ '9638a78e502719ef8fe5f8d10d0361a9'
+ '188da8f4c87316e730ebf1c6217bf5a0'
+ '322b419b16c75d4de0ee7ad0a246caa1'
'd6ab43fb371be494e3bfd9b210c40bf1'
'7927028e2374321c78a76df858e723d6')
@@ -295,14 +296,18 @@
${pkgdir}/usr/share/icons/hicolor/${size}x${size}/apps/linguist.png
done
- install -p -D -m644 src/assistant/assistant/images/assistant.png \
+ install -D -m644 src/assistant/assistant/images/assistant.png \
${pkgdir}/usr/share/icons/hicolor/32x32/apps/assistant.png
- install -p -D -m644 src/assistant/assistant/images/assistant-128.png \
+ install -D -m644 src/assistant/assistant/images/assistant-128.png \
${pkgdir}/usr/share/icons/hicolor/128x128/apps/assistant.png
- install -p -D -m644 src/designer/src/designer/images/designer.png \
+ install -D -m644 src/designer/src/designer/images/designer.png \
${pkgdir}/usr/share/icons/hicolor/128x128/apps/designer.png
+ install -D -m644 src/qdbus/qdbusviewer/images/qdbusviwer.png \
+${pkgdir}/usr/share/icons/hicolor/32x32/apps/qdbusviewer.png
+ install -D -m644 src/qdbus/qdbusviewer/images/qdbusviwer-128.png \
+${pkgdir}/usr/share/icons/hicolor/128x128/apps/qdbusviewer.png
install -d ${pkgdir}/usr/share/applications
- install -m644 ${srcdir}/{linguist,designer,assistant}.desktop \
+ install -m644 ${srcdir}/{linguist,designer,assistant,qdbusviewer}.desktop \
${pkgdir}/usr/share/applications/
# Fix wrong path in prl files
Modified: assistant.desktop
===
--- assistant.desktop 2013-05-08 07:26:06 UTC (rev 184764)
+++ assistant.desktop 2013-05-08 07:31:32 UTC (rev 184765)
@@ -1,7 +1,7 @@
[Desktop Entry]
Name=Qt Assistant
Comment=Shows Qt documentation and examples
-Exec=/usr/bin/assistant
+Exec=/usr/lib/qt/bin/assistant
Icon=assistant
Terminal=false
Type=Application
Modified: designer.desktop
===
--- designer.desktop2013-05-08 07:26:06 UTC (rev 184764)
+++ designer.desktop2013-05-08 07:31:32 UTC (rev 184765)
@@ -2,7 +2,7 @@
Name=Qt Designer
GenericName=Interface Designer
Comment=Design GUIs for Qt applications
-Exec=/usr/bin/designer
+Exec=/usr/lib/qt/bin/designer
Icon=designer
MimeType=application/x-designer;
Terminal=false
Modified: linguist.desktop
===
--- linguist.desktop2013-05-08 07:26:06 UTC (rev 184764)
+++ linguist.desktop2013-05-08 07:31:32 UTC (rev 184765)
@@ -1,7 +1,7 @@
[Desktop Entry]
Name=Qt Linguist
Comment=Add translations to Qt applications
-Exec=/usr/bin/linguist
+Exec=/usr/lib/qt/bin/linguist
Icon=linguist
MimeType=text/vnd.trolltech.linguist;application/x-linguist;
Terminal=false
Added: qdbusviewer.desktop
===
--- qdbusviewer.desktop (rev 0)
+++ qdbusviewer.desktop 2013-05-08 07:31:32 UTC (rev 184765)
@@ -0,0 +1,9 @@
+[Desktop Entry]
+Name=Qt QDbusViewer
+GenericName=D-Bus Debugger
+Comment=Debug D-Bus applications
+Exec=/usr/lib/qt/bin/qdbusviewer
+Icon=qdbusviewer
+Terminal=false
+Type=Application
+Categories=Qt;Development;Debugger;
