summaryrefslogtreecommitdiff
path: root/dev-qt/qtgui/files
diff options
context:
space:
mode:
Diffstat (limited to 'dev-qt/qtgui/files')
-rw-r--r--dev-qt/qtgui/files/qtgui-4.8.5-CVE-2015-0295.patch40
-rw-r--r--dev-qt/qtgui/files/qtgui-4.8.5-cleanlooks-floating-point-exception.patch38
-rw-r--r--dev-qt/qtgui/files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch43
-rw-r--r--dev-qt/qtgui/files/qtgui-4.8.6-CVE-2015-1858.patch63
-rw-r--r--dev-qt/qtgui/files/qtgui-4.8.6-CVE-2015-1860.patch31
5 files changed, 0 insertions, 215 deletions
diff --git a/dev-qt/qtgui/files/qtgui-4.8.5-CVE-2015-0295.patch b/dev-qt/qtgui/files/qtgui-4.8.5-CVE-2015-0295.patch
deleted file mode 100644
index 3ac87d8dc369..000000000000
--- a/dev-qt/qtgui/files/qtgui-4.8.5-CVE-2015-0295.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From e50aa2252cdd5cb53eef7d8c4503c7edff634f68 Mon Sep 17 00:00:00 2001
-From: "Richard J. Moore" <rich@kde.org>
-Date: Tue, 24 Feb 2015 19:02:35 +0000
-Subject: [PATCH] Fix a division by zero when processing malformed BMP files.
-
-This fixes a division by 0 when processing a maliciously crafted BMP
-file. No impact beyond DoS.
-
-Backport of 661f6bfd032dacc62841037732816a583640e187
-
-Task-number: QTBUG-44547
-Change-Id: I43f06e752b11cb50669101460902a82b885ae618
-Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
----
- src/gui/image/qbmphandler.cpp | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp
-index b22e842..30fa9e0 100644
---- a/src/gui/image/qbmphandler.cpp
-+++ b/src/gui/image/qbmphandler.cpp
-@@ -319,10 +319,16 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
- }
- } else if (comp == BMP_BITFIELDS && (nbits == 16 || nbits == 32)) {
- red_shift = calc_shift(red_mask);
-+ if (((red_mask >> red_shift) + 1) == 0)
-+ return false;
- red_scale = 256 / ((red_mask >> red_shift) + 1);
- green_shift = calc_shift(green_mask);
-+ if (((green_mask >> green_shift) + 1) == 0)
-+ return false;
- green_scale = 256 / ((green_mask >> green_shift) + 1);
- blue_shift = calc_shift(blue_mask);
-+ if (((blue_mask >> blue_shift) + 1) == 0)
-+ return false;
- blue_scale = 256 / ((blue_mask >> blue_shift) + 1);
- } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) {
- blue_mask = 0x000000ff;
---
-2.0.5 \ No newline at end of file
diff --git a/dev-qt/qtgui/files/qtgui-4.8.5-cleanlooks-floating-point-exception.patch b/dev-qt/qtgui/files/qtgui-4.8.5-cleanlooks-floating-point-exception.patch
deleted file mode 100644
index a54efef0d78b..000000000000
--- a/dev-qt/qtgui/files/qtgui-4.8.5-cleanlooks-floating-point-exception.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0db65e148dcb4d5e5b98475f207d41a287c401a1 Mon Sep 17 00:00:00 2001
-From: Alexandre Rostovtsev <tetromino@gentoo.org>
-Date: Wed, 28 May 2014 00:22:55 -0400
-Subject: [PATCH] Cleanlooks style: Fix floating point exception
-
-In QCleanlooksStyle::drawControl, if indeterminate == true and
-rect.width() == 4, we will end up with slideWidth of zero, and
-take a mod by zero when calculating the value of step.
-
-This causes a crash in Quassel 0.10; see
-https://bugs.gentoo.org/show_bug.cgi?id=507124
-
-Instead, calculate slideWidth based on max(width, minWidth) where
-minWidth was already set as 4, ensuring that slideWidth >= 2.
-
-Change-Id: I6678789105e359fa26c99409f449cad0ba3bd0ae
-(cherry picked from qtstyleplugins/8ff2ac6035fb1d01f5c0054ba14afb949410e3a7)
-Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
----
- src/gui/styles/qcleanlooksstyle.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/gui/styles/qcleanlooksstyle.cpp b/src/gui/styles/qcleanlooksstyle.cpp
-index 504734a..3f665ca 100644
---- a/src/gui/styles/qcleanlooksstyle.cpp
-+++ b/src/gui/styles/qcleanlooksstyle.cpp
-@@ -1773,7 +1773,7 @@ void QCleanlooksStyle::drawControl(ControlElement element, const QStyleOption *o
- }
- } else {
- Q_D(const QCleanlooksStyle);
-- int slideWidth = ((rect.width() - 4) * 2) / 3;
-+ int slideWidth = (qMax(rect.width() - 4, minWidth) * 2) / 3;
- int step = ((d->animateStep * slideWidth) / d->animationFps) % slideWidth;
- if ((((d->animateStep * slideWidth) / d->animationFps) % (2 * slideWidth)) >= slideWidth)
- step = slideWidth - step;
---
-2.0.0
-
diff --git a/dev-qt/qtgui/files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch b/dev-qt/qtgui/files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch
deleted file mode 100644
index d800caf97421..000000000000
--- a/dev-qt/qtgui/files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From f1b76c126c476c155af8c404b97c42cd1a709333 Mon Sep 17 00:00:00 2001
-From: Lars Knoll <lars.knoll@digia.com>
-Date: Thu, 24 Apr 2014 15:33:27 +0200
-Subject: Don't crash on broken GIF images
-
-Broken GIF images could set invalid width and height
-values inside the image, leading to Qt creating a null
-QImage for it. In that case we need to abort decoding
-the image and return an error.
-
-Initial patch by Rich Moore.
-
-Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5
-
-Task-number: QTBUG-38367
-Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a
-Security-advisory: CVE-2014-0190
-Reviewed-by: Richard J. Moore <rich@kde.org>
----
- src/gui/image/qgifhandler.cpp | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
-index 3324f04..5199dd3 100644
---- a/src/gui/image/qgifhandler.cpp
-+++ b/src/gui/image/qgifhandler.cpp
-@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, const uchar *buffer, int length,
- memset(bits, 0, image->byteCount());
- }
-
-+ // Check if the previous attempt to create the image failed. If it
-+ // did then the image is broken and we should give up.
-+ if (image->isNull()) {
-+ state = Error;
-+ return -1;
-+ }
-+
- disposePrevious(image);
- disposed = false;
-
---
-1.9.3
-
diff --git a/dev-qt/qtgui/files/qtgui-4.8.6-CVE-2015-1858.patch b/dev-qt/qtgui/files/qtgui-4.8.6-CVE-2015-1858.patch
deleted file mode 100644
index c1aac444a644..000000000000
--- a/dev-qt/qtgui/files/qtgui-4.8.6-CVE-2015-1858.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 3e55cd6dc467303a3c35312e9fcb255c2c048b32 Mon Sep 17 00:00:00 2001
-From: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
-Date: Wed, 11 Mar 2015 13:34:01 +0100
-Subject: Fixes crash in bmp and ico image decoding
-
-Fuzzing test revealed that for certain malformed bmp and ico files,
-the handler would segfault.
-
-Change-Id: I19d45145f31e7f808f7f6a1a1610270ea4159cbe
-(cherry picked from qtbase/2adbbae5432aa9d8cc41c6fcf55c2e310d2d4078)
-Reviewed-by: Richard J. Moore <rich@kde.org>
----
- src/gui/image/qbmphandler.cpp | 13 +++++++------
- src/plugins/imageformats/ico/qicohandler.cpp | 2 +-
- 2 files changed, 8 insertions(+), 7 deletions(-)
-
-diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp
-index 30fa9e0..17a880b 100644
---- a/src/gui/image/qbmphandler.cpp
-+++ b/src/gui/image/qbmphandler.cpp
-@@ -478,12 +478,6 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
- p = data + (h-y-1)*bpl;
- break;
- case 2: // delta (jump)
-- // Protection
-- if ((uint)x >= (uint)w)
-- x = w-1;
-- if ((uint)y >= (uint)h)
-- y = h-1;
--
- {
- quint8 tmp;
- d->getChar((char *)&tmp);
-@@ -491,6 +485,13 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
- d->getChar((char *)&tmp);
- y += tmp;
- }
-+
-+ // Protection
-+ if ((uint)x >= (uint)w)
-+ x = w-1;
-+ if ((uint)y >= (uint)h)
-+ y = h-1;
-+
- p = data + (h-y-1)*bpl + x;
- break;
- default: // absolute mode
-diff --git a/src/plugins/imageformats/ico/qicohandler.cpp b/src/plugins/imageformats/ico/qicohandler.cpp
-index 1a88605..3c34765 100644
---- a/src/plugins/imageformats/ico/qicohandler.cpp
-+++ b/src/plugins/imageformats/ico/qicohandler.cpp
-@@ -571,7 +571,7 @@ QImage ICOReader::iconAt(int index)
- QImage::Format format = QImage::Format_ARGB32;
- if (icoAttrib.nbits == 24)
- format = QImage::Format_RGB32;
-- else if (icoAttrib.ncolors == 2)
-+ else if (icoAttrib.ncolors == 2 && icoAttrib.depth == 1)
- format = QImage::Format_Mono;
- else if (icoAttrib.ncolors > 0)
- format = QImage::Format_Indexed8;
---
-cgit v0.11.0
-
diff --git a/dev-qt/qtgui/files/qtgui-4.8.6-CVE-2015-1860.patch b/dev-qt/qtgui/files/qtgui-4.8.6-CVE-2015-1860.patch
deleted file mode 100644
index d881db8d5b86..000000000000
--- a/dev-qt/qtgui/files/qtgui-4.8.6-CVE-2015-1860.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From a1cf194c54be57d6ab55dfd26b9562a60532208e Mon Sep 17 00:00:00 2001
-From: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
-Date: Wed, 11 Mar 2015 09:00:41 +0100
-Subject: Fixes crash in gif image decoder
-
-Fuzzing test revealed that for certain malformed gif files,
-qgifhandler would segfault.
-
-Change-Id: I5bb6f60e1c61849e0d8c735edc3869945e5331c1
-(cherry picked from qtbase/ea2c5417fcd374302f5019e67f72af5facbd29f6)
-Reviewed-by: Richard J. Moore <rich@kde.org>
----
- src/gui/image/qgifhandler.cpp | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
-index 5199dd3..49aa2a6 100644
---- a/src/gui/image/qgifhandler.cpp
-+++ b/src/gui/image/qgifhandler.cpp
-@@ -944,6 +944,8 @@ void QGIFFormat::fillRect(QImage *image, int col, int row, int w, int h, QRgb co
-
- void QGIFFormat::nextY(unsigned char *bits, int bpl)
- {
-+ if (out_of_bounds)
-+ return;
- int my;
- switch (interlace) {
- case 0: // Non-interlaced
---
-cgit v0.11.0
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 21:22:32 +0000