Backport patches from upstream to solve CVE-2015-1858, CVE-2015-1859, and CVE-2015-1860 wrt bug #546174.

Package-Manager: portage-2.2.19/cvs/Linux x86_64 Manifest-Sign-Key: 0x06B1F38DCA45A1EC!
author: Michael Palimaka <kensington@gentoo.org> 2015-05-16 18:53:03 +0000
committer: Michael Palimaka <kensington@gentoo.org> 2015-05-16 18:53:03 +0000
commit: e419497804eaefa9aba6fbde37a0fabe0e78311c (patch)
tree: 78692251aea47965cb8344a4ef2ec818ecec8018 /dev-qt
parent: Bump, remove old versions. Drop ~sparc from the new 2.5 version until the enu... (diff)
download: historical-e419497804eaefa9aba6fbde37a0fabe0e78311c.tar.gz
historical-e419497804eaefa9aba6fbde37a0fabe0e78311c.tar.bz2
historical-e419497804eaefa9aba6fbde37a0fabe0e78311c.zip
5 files changed, 112 insertions, 15 deletions
diff --git a/dev-qt/qtgui/ChangeLog b/dev-qt/qtgui/ChangeLog
index eb8fefd4cbd7..fc1e51b001c6 100644
--- a/dev-qt/qtgui/ChangeLog
+++ b/dev-qt/qtgui/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for dev-qt/qtgui
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtgui/ChangeLog,v 1.86 2015/05/16 11:28:33 pacho Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtgui/ChangeLog,v 1.87 2015/05/16 18:51:53 kensington Exp $
+
+*qtgui-5.4.1-r2 (16 May 2015)
+
+  16 May 2015; Michael Palimaka <kensington@gentoo.org>
+  +files/qtgui-5.4.1-CVE-2015-1858-1859.patch,
+  +files/qtgui-5.4.1-CVE-2015-1860.patch, +qtgui-5.4.1-r2.ebuild,
+  -qtgui-5.4.1-r1.ebuild:
+  Backport patches from upstream to solve CVE-2015-1858, CVE-2015-1859, and
+  CVE-2015-1860 wrt bug #546174.
 
   16 May 2015; Pacho Ramos <pacho@gentoo.org> qtgui-4.8.6-r4.ebuild:
   ppc stable wrt bug #530238
diff --git a/dev-qt/qtgui/Manifest b/dev-qt/qtgui/Manifest
index bc8e8df7bc87..05dd7ecf1e7e 100644
--- a/dev-qt/qtgui/Manifest
+++ b/dev-qt/qtgui/Manifest
@@ -1,6 +1,3 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
 AUX qtgui-4.7.3-cups.patch 3297 SHA256 3ccfefb432015e4a4ea967b030c51b10dcdfb1f63445557908ddae5e75012d33 SHA512 4a8f828c79bde81ab1e39c9eaba4ef553582d85b62d6d182dda02820c4c8e046de6a25cc77d228955ed37fbc5b55f697a0a464af0bb3e171849851639e9ef4ee WHIRLPOOL 41d82843f91533a5cbb0c9945c9013d9c8f07be3f06fef1b52cf8d18483d9cdfd24fe1d53c18a2f1eebd7a504f1665f1859616ae460d6471dc1599cea63a7bda
 AUX qtgui-4.8.5-CVE-2015-0295.patch 1619 SHA256 07bbb715bcb6d0a75f9b77c95b536ac8c8b8a3c3fcbe59470a19e56f0a193424 SHA512 42fca5fade432dabe987dced28147aa46104bb89fd8e05b365ce2f7178e8788f7fbbcd05b12eebed2b63c7ce694a125150d5598f9d1dedf1531376a492864ebc WHIRLPOOL d2c56391b598bfc93e7f01f63a7e24246acc0adfb79f1bcbfeb7f82628be7ce1753376c0c43c8ecd73e37569eced4286834406c2bd65dc9db621c2b70158b197
 AUX qtgui-4.8.5-cleanlooks-floating-point-exception.patch 1699 SHA256 739e0eb48e1797c7b2b67705378d1a1abe993b0930b1c1ca4092bb49165a73f5 SHA512 e404e0f6203bfe53859fb3f3043f11103e5fa4c99b16c5c1cd5310e61c2cf15d3ae1ae5425013e686eaaf5991bfe6db32701155afbcd26691fe88d82813e7b21 WHIRLPOOL 2843c7b3cd7c3d586044455545211f289d71fe66b556ac3189cf67356ac43b761f173e91093c422f24397d31d6725e6aef3c43c7cb3a4076312f6844d4377081
@@ -12,19 +9,14 @@ AUX qtgui-4.8.5-qclipboard-delay.patch 1135 SHA256 7119cdc3450e1e36e01ce3273c513
 AUX qtgui-4.8.6-CVE-2015-1858.patch 2849 SHA256 bf7b77a1b311d2b0f647c4efb72cf42edb66f3085750784388fc7ffaf6a73fb0 SHA512 b7be8cf6bc9706df4f491fb5134a76ade03e1fd1d127d5d9bf228a787ee0f32496da04c937a1d44adcb698eadfe969f0026d626e9c5d9ec623e24541184b8246 WHIRLPOOL 01da12595a31eb323d5c96d85b8d3315a17929f916661eda209f5e2d13b9f7c187423d2620fedac33856ca132a5ac66d22ffb52bc437490ebe55c6d8a4366cb1
 AUX qtgui-4.8.6-CVE-2015-1860.patch 1009 SHA256 4afd0b1ef272774dfa845c2dc1340ce7d468f159646e92d6669e9d8f38f14171 SHA512 e2da2a04ab4d1180f855571aa39356ed74d173e95e7c0561021709256c7cfc85d2b99fd485d724357a2947379de52fad4c9ac7d52c61dd04373b00494de58e15 WHIRLPOOL 821a7552963412cba0294bbe3a7c3d7604c09f466d3cb9b22c7eb10a359359fa32748ad5ae45f86972de7edb1cb676197e082bb715e08c9c0391bbc6ec8f78f0
 AUX qtgui-5.4.1-CVE-2015-0295.patch 1828 SHA256 fba8ea41b0252174c42e4403f9be8b6e275a6a312228b5b37e336242be618e15 SHA512 6101c81d9931af24d48ef0b49ee38c2c912fc28401096b981438eab1d9e16f4bc04ed4153e5a5b9cc10187b3d230ba99c0452b08e90592487d8c7c13b2459119 WHIRLPOOL 3b0e66184e83dcda0711703af500ea8cd6437e5d668a559fc7524d006e1d50d02cb9955123f8ce1da6b2306ca448e614d364c50cbe5d8b771b2aaa4daccbb509
+AUX qtgui-5.4.1-CVE-2015-1858-1859.patch 2782 SHA256 0eebcb1bacb5de3bf249feb77ce95453066a3a958e1673fe3bb1e7c9fb6d862a SHA512 580d53eeaf489d51cc09d26a2bb5596562e1da4a1064909613adb4091d22fdd9814be6bbb860098be1ddac651e827283a59605c0d668d352ba0052cab7f48bd4 WHIRLPOOL dc3c76da488fdd7efc396126b5cbad0f4e63c2a3ba6144e3d11fd770ee8d6b887b2ba388dfe1b82b8fa2f1568ea5a3854b50c49da2f0439f141d7d622be4560c
+AUX qtgui-5.4.1-CVE-2015-1860.patch 940 SHA256 a0664c41b847cb00eb3f87feb89a105b70f65eb1719c58cb72c98e0459b89dcd SHA512 2731430202fad4ff6b117cc0188e5c448ce8cc6f8305b81209a8171fe1f2a3b1c96c935ebc50adaef4a815ead9498cfa4eaaf05083a2271619eb77c0e8aaa35a WHIRLPOOL 4d1cb5a92b33b82d4d03cf31492cdeaa80f5899d5e15cc36bc406ab96971c6e54ce1599807d974ab0d3f5848566073b03e059820bba2bf4ee703d5906f6435ca
 DIST qt-everywhere-opensource-src-4.8.5.tar.gz 241491467 SHA256 eb728f8268831dc4373be6403b7dd5d5dde03c169ad6882f9a8cb560df6aa138 SHA512 47118d1aa30c59a1eb74e805023cd060edcb35bb0944fe6651889254b75acbd4b83700ba92a9bc215663474d26330cb44f084098c380fac9270742659e5864eb WHIRLPOOL a18f47fd91b522d1543e415aff4f5056202e0cab03da9cfcae9fe2d4118cb1dd1d5fd6a5e2edb9c1e4a68563188d44440e234d268d9c0aef6e3ca3f0988dd357
 DIST qt-everywhere-opensource-src-4.8.6.tar.gz 241623667 SHA256 8b14dd91b52862e09b8e6a963507b74bc2580787d171feda197badfa7034032c SHA512 c2d07c3cf9d687cb9b93e337c89df3f0055bd02bc8aa5ecd55d3ffb238b31a4308aeabc3c51a4f94ac76a1b00796f047513d02e427ed93ae8dd99f836fff7692 WHIRLPOOL 473566814a77237dbdd37a47980c1085f6cf39599c4d6b0120959fe80dadf65c4eaafd5f528dd86cea8815562faa204bedfe3b766c2ca4f2d2c99efc21dbca84
 DIST qtbase-opensource-src-5.4.1.tar.xz 46132220 SHA256 8574a593830959c0f7e5430fe77a43832ea7f5299e14a397a74576b3df7fb1b7 SHA512 75d2c16bc47e6403e15c4094f50757157960cff4434de29f199b015795ba772b62125f01c09aceb2a06f8dfcfc4df8e35330259c76959239f276e2f5bd5221b5 WHIRLPOOL 48d9a583ba9d0bbfffdbfeaa2412e77a0bf4011e7bba525129ba4572faa6a55713a89cb00f4ed7f24e6782e3f7b8b48cb192e2c082b7dcb3c35a85109f2eb340
 DIST qtgui-systemtrayicon-plugin-system.patch 51377 SHA256 e8582ebb2a5db99bf85789585516459ace42fc2b57fc7d5ff6156a2819bda282 SHA512 0d74b61e23af2e8ef0619ee616c4b775761514f53ba79bcb25b32b7e55beab3575c0d279ba1b016498804023bb78f8cff61964ce56f80642f648406f7c303679 WHIRLPOOL 03cc247a2a0e3b77fc541fa0b47abb125c8f7b304037f2067488861f12fdab25d3b3b3a7cf90626c229aa85a2d43ae4319c0f838b6eeb5ecdfe838a365ed8a58
 EBUILD qtgui-4.8.5-r4.ebuild 6395 SHA256 b2a5932337fe01247baca27756d6690edb43323d3d2bff29dfc53e52907da122 SHA512 7c3877a1b89068ca36860b71d994da890405aa467bea5b2e4f6fb209e415ff4934496ad4afd0539b6432024fb8b9b2f5a1e70e4910af958a1944a91bd41048ae WHIRLPOOL 5d4a50ba58d147f97a979195e30f01238342bd617679448fe633b970cc15356eee33221ad776817290aab9a1871c77511c2abce76e96dd2937c88b6ace5e8256
 EBUILD qtgui-4.8.6-r4.ebuild 6260 SHA256 e16bd7b92a9e4b94d87d6f4646501d09c6082fbc84ff65a8e768d147f843ca27 SHA512 aa0453fafa8d1914c7f3d15492b4998346b6079a0d28feaf41a529ad4f6f6a4f9fc7324a1c4a964931e7ac873120a5729e6688778cdadb23f683afaba05b4cac WHIRLPOOL bff4ff78bce8a3e5005419fdfee0cea853ea5b758d82a1513bec573b5fe0c7dec920772ae9253ee30620d59d5b56e327052728eb260a1e2f5dbfe6448b4d175e
-EBUILD qtgui-5.4.1-r1.ebuild 3671 SHA256 4de66dbe697a2665655b91a7752f56b08b9ca9b7aa649985367ba4fe48701f09 SHA512 d695bf17aab19435accaa0e3c4891ab3fa9f645614e5a2d49717da6945453a5a99e0b56ee40395b8f9d2ab79aef7fc56ffcda79cdd95425543c8b187c59d2f08 WHIRLPOOL 6c554526c7ab804737a4b43912125f9cd64ea8f5ea5973719d9b7d23adc1641256a2093e57990bf1fa50135f92bd9165e48089b2f2fdc9407b6a57c8ec1e9a2b
-MISC ChangeLog 44477 SHA256 be47552d4851898b02486a71dbf95126638042076af150a8cbd958a17a3a8fd1 SHA512 504dc1805e3f6865fc5c5a11ef4902e569ea4afbee8b2c23484482815be244cb1d4829c491afea022725a64783d5ff5f694ac82a169a2108e3dcfb6b628be60b WHIRLPOOL 03c80fcc620eb31608356413d5e96db81e7018a950abf99591c590664f5bfb0a695305a00f6607c4c0c0cfe40911baaf93cf46b048e4f38a3f3164a167664d1c
+EBUILD qtgui-5.4.1-r2.ebuild 3778 SHA256 41a5e4258e21ab636ad606536139f147dd09b096100add130be726d1e0a0b9ab SHA512 3dee01ac29eb3e7ab3a29629ff1c0b6eb442aba126e070af8c3ec2f6cad98603dace5a12e3e5d0f307090be9075909a8588612db942d2a90765f41a463ae64b6 WHIRLPOOL 168c9f7d1bbb12be82d2a3a6131f9ac2a3f71fe3ee9449c130fc83d043331d54959271914f87eccb8ce85c6c123b4b59e51823c0757fe8488af590452880b371
+MISC ChangeLog 44818 SHA256 205bc35a2fdf2cdd65d5077e32b35d6d67662c3a966b3e6f46b64d2bd9041c5e SHA512 268ded99404fea264ceae10d2e205f7cccae37167b72e93fe8734abcbad9d9705cc4a0175e78951df12ab8990bdc6ba758e68a6762d45ad5c4ee13fe0331d409 WHIRLPOOL edcf8ff498cfb42284fe91ec470071df2adcde27e6c596fd700d0b901a99b33dbb52bdab9043026ad6c7642c44fece977d79903598e617273dfb239556f073bb
 MISC metadata.xml 1431 SHA256 40799d067d2838a90818644ba38a4af47880194285c0627658b6d6798219ca17 SHA512 51e5b41ecc5584a3bda4f595bc5dd43ab89070ce356d2c03406479ed36490d46fa235eefd07707e30e9cdd952cd77bcf626423c5453725d442e769eb14c0e130 WHIRLPOOL 56c82cccefe2dd43b577456fcc90ed99ceb020b78d24f93f0c7a7618274f2025837c4142d75569f5894a2cacb45ca42c34e5e74d73e03aa6a9f9e2fb84b9c149
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
-
-iEYEAREIAAYFAlVXKeMACgkQCaWpQKGI+9TVEACfRCJzBxnNVA4e7sG8FGaRHuRy
-CdQAnjs1ilMZ4fkQmBa8MEzQ+tcPnDI+
-=1TVN
------END PGP SIGNATURE-----
diff --git a/dev-qt/qtgui/files/qtgui-5.4.1-CVE-2015-1858-1859.patch b/dev-qt/qtgui/files/qtgui-5.4.1-CVE-2015-1858-1859.patch
new file mode 100644
index 000000000000..c0ea6c2ee76f
--- /dev/null
+++ b/dev-qt/qtgui/files/qtgui-5.4.1-CVE-2015-1858-1859.patch
@@ -0,0 +1,62 @@
+From 51ec7ebfe5f45d1c0a03d992e97053cac66e25fe Mon Sep 17 00:00:00 2001
+From: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
+Date: Wed, 11 Mar 2015 13:34:01 +0100
+Subject: Fixes crash in bmp and ico image decoding
+
+Fuzzing test revealed that for certain malformed bmp and ico files,
+the handler would segfault.
+
+Change-Id: I19d45145f31e7f808f7f6a1a1610270ea4159cbe
+Reviewed-by: Lars Knoll <lars.knoll@digia.com>
+---
+ src/gui/image/qbmphandler.cpp                | 13 +++++++------
+ src/plugins/imageformats/ico/qicohandler.cpp |  2 +-
+ 2 files changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp
+index df66499..8acc593 100644
+--- a/src/gui/image/qbmphandler.cpp
++++ b/src/gui/image/qbmphandler.cpp
+@@ -484,12 +484,6 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
+                             p = data + (h-y-1)*bpl;
+                             break;
+                         case 2:                        // delta (jump)
+-                            // Protection
+-                            if ((uint)x >= (uint)w)
+-                                x = w-1;
+-                            if ((uint)y >= (uint)h)
+-                                y = h-1;
+-
+                             {
+                                 quint8 tmp;
+                                 d->getChar((char *)&tmp);
+@@ -497,6 +491,13 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
+                                 d->getChar((char *)&tmp);
+                                 y += tmp;
+                             }
++
++                            // Protection
++                            if ((uint)x >= (uint)w)
++                                x = w-1;
++                            if ((uint)y >= (uint)h)
++                                y = h-1;
++
+                             p = data + (h-y-1)*bpl + x;
+                             break;
+                         default:                // absolute mode
+diff --git a/src/plugins/imageformats/ico/qicohandler.cpp b/src/plugins/imageformats/ico/qicohandler.cpp
+index 00de0c8..ec1654e 100644
+--- a/src/plugins/imageformats/ico/qicohandler.cpp
++++ b/src/plugins/imageformats/ico/qicohandler.cpp
+@@ -567,7 +567,7 @@ QImage ICOReader::iconAt(int index)
+                 QImage::Format format = QImage::Format_ARGB32;
+                 if (icoAttrib.nbits == 24)
+                     format = QImage::Format_RGB32;
+-                else if (icoAttrib.ncolors == 2)
++                else if (icoAttrib.ncolors == 2 && icoAttrib.depth == 1)
+                     format = QImage::Format_Mono;
+                 else if (icoAttrib.ncolors > 0)
+                     format = QImage::Format_Indexed8;
+-- 
+cgit v0.11.0
+
diff --git a/dev-qt/qtgui/files/qtgui-5.4.1-CVE-2015-1860.patch b/dev-qt/qtgui/files/qtgui-5.4.1-CVE-2015-1860.patch
new file mode 100644
index 000000000000..3b9daa56b66b
--- /dev/null
+++ b/dev-qt/qtgui/files/qtgui-5.4.1-CVE-2015-1860.patch
@@ -0,0 +1,30 @@
+From d3048a29797ee2d80d84bbda26bb3c954584f332 Mon Sep 17 00:00:00 2001
+From: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
+Date: Wed, 11 Mar 2015 09:00:41 +0100
+Subject: Fixes crash in gif image decoder
+
+Fuzzing test revealed that for certain malformed gif files,
+qgifhandler would segfault.
+
+Change-Id: I5bb6f60e1c61849e0d8c735edc3869945e5331c1
+Reviewed-by: Richard J. Moore <rich@kde.org>
+---
+ src/gui/image/qgifhandler.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
+index 03e46ab..8d8c4ae 100644
+--- a/src/gui/image/qgifhandler.cpp
++++ b/src/gui/image/qgifhandler.cpp
+@@ -936,6 +936,8 @@ void QGIFFormat::fillRect(QImage *image, int col, int row, int w, int h, QRgb co
+ 
+ void QGIFFormat::nextY(unsigned char *bits, int bpl)
+ {
++    if (out_of_bounds)
++        return;
+     int my;
+     switch (interlace) {
+     case 0: // Non-interlaced
+-- 
+cgit v0.11.0
+
diff --git a/dev-qt/qtgui/qtgui-5.4.1-r1.ebuild b/dev-qt/qtgui/qtgui-5.4.1-r2.ebuild
index 98944dfe4d22..e6ea648c50cc 100644
--- a/dev-qt/qtgui/qtgui-5.4.1-r1.ebuild
+++ b/dev-qt/qtgui/qtgui-5.4.1-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtgui/qtgui-5.4.1-r1.ebuild,v 1.3 2015/05/16 10:21:30 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtgui/qtgui-5.4.1-r2.ebuild,v 1.1 2015/05/16 18:51:53 kensington Exp $
 
 EAPI=5
 
@@ -74,7 +74,11 @@ PDEPEND="
 	ibus? ( app-i18n/ibus )
 "
 
-PATCHES=( "${FILESDIR}/${PN}-5.4.1-CVE-2015-0295.patch" )
+PATCHES=(
+	"${FILESDIR}/${PN}-5.4.1-CVE-2015-0295.patch"
+	"${FILESDIR}/${PN}-5.4.1-CVE-2015-1858-1859.patch"
+	"${FILESDIR}/${PN}-5.4.1-CVE-2015-1860.patch"
+)
 
 QT5_TARGET_SUBDIRS=(
 	src/gui
author	Michael Palimaka <kensington@gentoo.org>	2015-05-16 18:53:03 +0000
committer	Michael Palimaka <kensington@gentoo.org>	2015-05-16 18:53:03 +0000
commit	e419497804eaefa9aba6fbde37a0fabe0e78311c (patch)
tree	78692251aea47965cb8344a4ef2ec818ecec8018 /dev-qt
parent	Bump, remove old versions. Drop ~sparc from the new 2.5 version until the enu... (diff)
download	historical-e419497804eaefa9aba6fbde37a0fabe0e78311c.tar.gz historical-e419497804eaefa9aba6fbde37a0fabe0e78311c.tar.bz2 historical-e419497804eaefa9aba6fbde37a0fabe0e78311c.zip