archlinuxarm/PKGBUILDs
1
0
Fork 0
mirror of https://github.com/archlinuxarm/PKGBUILDs.git synced 2025-01-27 23:44:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

extra/qt5 to 5.4.1-8

Browse source
This commit is contained in:
Kevin Mihelich 2015-05-14 13:36:40 +00:00
parent ea73867922
commit 39d9037125
5 changed files with 247 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
extra/qt5/CVE-2015-0295.patch Normal file
View file

@ -0,0 +1,44 @@
From 661f6bfd032dacc62841037732816a583640e187 Mon Sep 17 00:00:00 2001
From: "Richard J. Moore" <rich@kde.org>
Date: Sat, 21 Feb 2015 17:43:21 +0000
Subject: Fix a division by zero when processing malformed BMP files.
This fixes a division by 0 when processing a maliciously crafted BMP
file. No impact beyond DoS.
Task-number: QTBUG-44547
Change-Id: Ifcded2c0aa712e90d23e6b3969af0ec3add53973
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
---
src/gui/image/qbmphandler.cpp | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp
index 21c1a2f..df66499 100644
--- a/src/gui/image/qbmphandler.cpp
+++ b/src/gui/image/qbmphandler.cpp
@@ -314,12 +314,20 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
}
} else if (comp == BMP_BITFIELDS && (nbits == 16 || nbits == 32)) {
red_shift = calc_shift(red_mask);
+ if (((red_mask >> red_shift) + 1) == 0)
+ return false;
red_scale = 256 / ((red_mask >> red_shift) + 1);
green_shift = calc_shift(green_mask);
+ if (((green_mask >> green_shift) + 1) == 0)
+ return false;
green_scale = 256 / ((green_mask >> green_shift) + 1);
blue_shift = calc_shift(blue_mask);
+ if (((blue_mask >> blue_shift) + 1) == 0)
+ return false;
blue_scale = 256 / ((blue_mask >> blue_shift) + 1);
alpha_shift = calc_shift(alpha_mask);
+ if (((alpha_mask >> alpha_shift) + 1) == 0)
+ return false;
alpha_scale = 256 / ((alpha_mask >> alpha_shift) + 1);
} else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) {
blue_mask = 0x000000ff;
--
cgit v0.11.0

62
extra/qt5/CVE-2015-1858_1859.patch Normal file
View file

@ -0,0 +1,62 @@
From 51ec7ebfe5f45d1c0a03d992e97053cac66e25fe Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
Date: Wed, 11 Mar 2015 13:34:01 +0100
Subject: Fixes crash in bmp and ico image decoding
Fuzzing test revealed that for certain malformed bmp and ico files,
the handler would segfault.
Change-Id: I19d45145f31e7f808f7f6a1a1610270ea4159cbe
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
---
src/gui/image/qbmphandler.cpp | 13 +++++++------
src/plugins/imageformats/ico/qicohandler.cpp | 2 +-
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp
index df66499..8acc593 100644
--- a/src/gui/image/qbmphandler.cpp
+++ b/src/gui/image/qbmphandler.cpp
@@ -484,12 +484,6 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
p = data + (h-y-1)*bpl;
break;
case 2: // delta (jump)
- // Protection
- if ((uint)x >= (uint)w)
- x = w-1;
- if ((uint)y >= (uint)h)
- y = h-1;
-
{
quint8 tmp;
d->getChar((char *)&tmp);
@@ -497,6 +491,13 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
d->getChar((char *)&tmp);
y += tmp;
}
+
+ // Protection
+ if ((uint)x >= (uint)w)
+ x = w-1;
+ if ((uint)y >= (uint)h)
+ y = h-1;
+
p = data + (h-y-1)*bpl + x;
break;
default: // absolute mode
diff --git a/src/plugins/imageformats/ico/qicohandler.cpp b/src/plugins/imageformats/ico/qicohandler.cpp
index 00de0c8..ec1654e 100644
--- a/src/plugins/imageformats/ico/qicohandler.cpp
+++ b/src/plugins/imageformats/ico/qicohandler.cpp
@@ -567,7 +567,7 @@ QImage ICOReader::iconAt(int index)
QImage::Format format = QImage::Format_ARGB32;
if (icoAttrib.nbits == 24)
format = QImage::Format_RGB32;
- else if (icoAttrib.ncolors == 2)
+ else if (icoAttrib.ncolors == 2 && icoAttrib.depth == 1)
format = QImage::Format_Mono;
else if (icoAttrib.ncolors > 0)
format = QImage::Format_Indexed8;
--
cgit v0.11.0

30
extra/qt5/CVE-2015-1860.patch Normal file
View file

@ -0,0 +1,30 @@
From d3048a29797ee2d80d84bbda26bb3c954584f332 Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
Date: Wed, 11 Mar 2015 09:00:41 +0100
Subject: Fixes crash in gif image decoder
Fuzzing test revealed that for certain malformed gif files,
qgifhandler would segfault.
Change-Id: I5bb6f60e1c61849e0d8c735edc3869945e5331c1
Reviewed-by: Richard J. Moore <rich@kde.org>
---
src/gui/image/qgifhandler.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
index 03e46ab..8d8c4ae 100644
--- a/src/gui/image/qgifhandler.cpp
+++ b/src/gui/image/qgifhandler.cpp
@@ -936,6 +936,8 @@ void QGIFFormat::fillRect(QImage *image, int col, int row, int w, int h, QRgb co
void QGIFFormat::nextY(unsigned char *bits, int bpl)
{
+ if (out_of_bounds)
+ return;
int my;
switch (interlace) {
case 0: // Non-interlaced
--
cgit v0.11.0

19
extra/qt5/PKGBUILD
View file

@ -39,7 +39,7 @@ pkgname=('qt5-base'
'qt5-x11extras'
'qt5-xmlpatterns')
pkgver=5.4.1
pkgrel=7
pkgrel=8
arch=('i686' 'x86_64')
url='http://qt-project.org/'
license=('GPL3' 'LGPL' 'FDL' 'custom')
@ -55,7 +55,9 @@ _pkgfqn="qt-everywhere-opensource-src-${pkgver}"
source=("http://download.qt-project.org/official_releases/qt/${pkgver%.*}/${pkgver}/single/${_pkgfqn}.tar.xz"
'0001-Revert-Rotate-images-according-to-Exif-orientation.patch'
'0001-Require-fPIC-instead-of-just-fPIE-for-reduce-relocat.patch'
'assistant.desktop' 'designer.desktop' 'linguist.desktop' 'qdbusviewer.desktop' 'glib-2.43.patch' 'qlockfile-deadlock.patch' 'qnam-corruption.patch'
'assistant.desktop' 'designer.desktop' 'linguist.desktop' 'qdbusviewer.desktop' 'glib-2.43.patch'
'qlockfile-deadlock.patch' 'qnam-corruption.patch' 'keypad-shortcuts.patch'
'CVE-2015-0295.patch' 'CVE-2015-1858_1859.patch' 'CVE-2015-1860.patch'
'rpi.patch'
'qt5webkit-0002-Fix-QtWebKit-build-on-ARM-softfp.patch')
md5sums=('7afb5f9235d8d42b5b6e832442a32a5d'
@ -68,6 +70,10 @@ md5sums=('7afb5f9235d8d42b5b6e832442a32a5d'
'bf756a3061e1b30b28df85dcf0c90df3'
'30d219401f77e536d215addc420b634c'
'd0b070d6f211948ef4842b46542b9e4f'
'665439088fc7de52a97455c5eaf87889'
'871ab111d03a640b4d0250388a4307cc'
'b799130014294cb3c73fc46e7e8889db'
'64bc4f7d5097438eb6c6f8042378b3a3'
'9fe115d2c1d4778b8cb8e7f1b2e2bca6'
'd55ad1f1c90725834b44eada5db4e401')
@ -89,6 +95,15 @@ prepare() {
# https://codereview.qt-project.org/#/c/110150/
(cd qtbase; patch -p1 -i "$srcdir/qnam-corruption.patch")
# https://bugs.archlinux.org/task/44676
(cd qtbase; patch -p1 -i "$srcdir/keypad-shortcuts.patch")
# http://lists.qt-project.org/pipermail/announce/2015-February/000059.html
(cd qtbase; patch -p1 -i "$srcdir/CVE-2015-0295.patch")
# http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
(cd qtbase; patch -p1 -i "$srcdir/CVE-2015-1858_1859.patch"; patch -p1 -i "$srcdir/CVE-2015-1860.patch")
MAKEFLAGS="-j3"
# Fix building on armv5

94
extra/qt5/keypad-shortcuts.patch Normal file
View file

@ -0,0 +1,94 @@
From c137502c7fd7550c780c9531ec414098d8101757 Mon Sep 17 00:00:00 2001
From: Alexander Volkov <a.volkov@rusbitech.ru>
Date: Thu, 18 Sep 2014 16:16:26 +0400
Subject: Fix shortcuts with keypad keys
The way of searching a shortcut match for a key without the keypad
modifier introduced in 547a1bea492954d828aa0798be93384669812489 is
not correct. QKeyEvent::setModifiers() doesn't change native scan code
so we get the incorrect QKeyEvent object which is eventually passed to
the implementation of QPlatformIntegration::possibleKeys().
And then QPlatformIntegration::possibleKeys() returns the same result
as for the original QKeyEvent object.
So to fix it we have to remove Qt::KeypadModifier from keys after
calling the implementation of QPlatformIntegration::possibleKeys(),
as it was before 547a1bea492954d828aa0798be93384669812489.
Task-number: QTBUG-33093
Task-number: QTBUG-20191
Change-Id: I5b33c9b6cf2c06b133166a31eba9aff9181c9483
---
src/gui/kernel/qshortcutmap.cpp | 12 +++++-------
src/gui/kernel/qshortcutmap_p.h | 4 ++--
2 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/src/gui/kernel/qshortcutmap.cpp b/src/gui/kernel/qshortcutmap.cpp
index c915ed39..c13c82c 100644
--- a/src/gui/kernel/qshortcutmap.cpp
+++ b/src/gui/kernel/qshortcutmap.cpp
@@ -388,9 +388,7 @@ QKeySequence::SequenceMatch QShortcutMap::nextState(QKeyEvent *e)
result = find(e);
if (result == QKeySequence::NoMatch && (e->modifiers() & Qt::KeypadModifier)) {
// Try to find a match without keypad modifier
- QKeyEvent event = *e;
- event.setModifiers(e->modifiers() & ~Qt::KeypadModifier);
- result = find(&event);
+ result = find(e, Qt::KeypadModifier);
}
if (result == QKeySequence::NoMatch && e->modifiers() & Qt::ShiftModifier) {
// If Shift + Key_Backtab, also try Shift + Qt::Key_Tab
@@ -443,13 +441,13 @@ bool QShortcutMap::hasShortcutForKeySequence(const QKeySequence &seq) const
which can be access through matches().
\sa matches
*/
-QKeySequence::SequenceMatch QShortcutMap::find(QKeyEvent *e)
+QKeySequence::SequenceMatch QShortcutMap::find(QKeyEvent *e, int ignoredModifiers)
{
Q_D(QShortcutMap);
if (!d->sequences.count())
return QKeySequence::NoMatch;
- createNewSequences(e, d->newEntries);
+ createNewSequences(e, d->newEntries, ignoredModifiers);
#if defined(DEBUG_QSHORTCUTMAP)
qDebug() << "Possible shortcut key sequences:" << d->newEntries;
#endif
@@ -551,7 +549,7 @@ void QShortcutMap::clearSequence(QVector<QKeySequence> &ksl)
Alters \a seq to the new sequence state, based on the
current sequence state, and the new key event \a e.
*/
-void QShortcutMap::createNewSequences(QKeyEvent *e, QVector<QKeySequence> &ksl)
+void QShortcutMap::createNewSequences(QKeyEvent *e, QVector<QKeySequence> &ksl, int ignoredModifiers)
{
Q_D(QShortcutMap);
QList<int> possibleKeys = QKeyMapper::possibleKeys(e);
@@ -581,7 +579,7 @@ void QShortcutMap::createNewSequences(QKeyEvent *e, QVector<QKeySequence> &ksl)
curKsl.setKey(0, 2);
curKsl.setKey(0, 3);
}
- curKsl.setKey(possibleKeys.at(pkNum), index);
+ curKsl.setKey(possibleKeys.at(pkNum) & ~ignoredModifiers, index);
}
}
}
diff --git a/src/gui/kernel/qshortcutmap_p.h b/src/gui/kernel/qshortcutmap_p.h
index 3959c2c..39a8eac 100644
--- a/src/gui/kernel/qshortcutmap_p.h
+++ b/src/gui/kernel/qshortcutmap_p.h
@@ -96,10 +96,10 @@ private:
QKeySequence::SequenceMatch state();
void dispatchEvent(QKeyEvent *e);
- QKeySequence::SequenceMatch find(QKeyEvent *e);
+ QKeySequence::SequenceMatch find(QKeyEvent *e, int ignoredModifiers = 0);
QKeySequence::SequenceMatch matches(const QKeySequence &seq1, const QKeySequence &seq2) const;
QVector<const QShortcutEntry *> matches() const;
- void createNewSequences(QKeyEvent *e, QVector<QKeySequence> &ksl);
+ void createNewSequences(QKeyEvent *e, QVector<QKeySequence> &ksl, int ignoredModifiers);
void clearSequence(QVector<QKeySequence> &ksl);
int translateModifiers(Qt::KeyboardModifiers modifiers);
--
cgit v0.11.0