Date: Sat, 19 Jul 2014 20:26:10 +0000 (UTC) From: Raphael Kubo da Costa <rakuco@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r362281 - in head/x11-toolkits: qt4-gui qt4-gui/files qt5-gui qt5-gui/files Message-ID: <201407192026.s6JKQAV8058172@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rakuco Date: Sat Jul 19 20:26:10 2014 New Revision: 362281 URL: http://svnweb.freebsd.org/changeset/ports/362281 QAT: https://qat.redports.org/buildarchive/r362281/ Log: Add patch for CVE-2014-0190 (DoS in the GIF image handler). MFH: 2014Q3 Security: 904d78b8-0f7e-11e4-8b71-5453ed2e2b49 Added: head/x11-toolkits/qt4-gui/files/ head/x11-toolkits/qt4-gui/files/patch-CVE-2014-0190 (contents, props changed) head/x11-toolkits/qt5-gui/files/ head/x11-toolkits/qt5-gui/files/patch-CVE-2014-0190 (contents, props changed) Modified: head/x11-toolkits/qt4-gui/Makefile head/x11-toolkits/qt5-gui/Makefile Modified: head/x11-toolkits/qt4-gui/Makefile ============================================================================== --- head/x11-toolkits/qt4-gui/Makefile Sat Jul 19 20:24:30 2014 (r362280) +++ head/x11-toolkits/qt4-gui/Makefile Sat Jul 19 20:26:10 2014 (r362281) @@ -3,7 +3,7 @@ PORTNAME= gui DISTVERSION= ${QT4_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11-toolkits PKGNAMEPREFIX= qt4- Added: head/x11-toolkits/qt4-gui/files/patch-CVE-2014-0190 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/x11-toolkits/qt4-gui/files/patch-CVE-2014-0190 Sat Jul 19 20:26:10 2014 (r362281) @@ -0,0 +1,38 @@ +commit f1b76c126c476c155af8c404b97c42cd1a709333 +Author: Lars Knoll <lars.knoll@digia.com> +Date: Thu Apr 24 15:33:27 2014 +0200 + + Don't crash on broken GIF images + + Broken GIF images could set invalid width and height + values inside the image, leading to Qt creating a null + QImage for it. In that case we need to abort decoding + the image and return an error. + + Initial patch by Rich Moore. + + Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5 + + Task-number: QTBUG-38367 + Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a + Security-advisory: CVE-2014-0190 + Reviewed-by: Richard J. Moore <rich@kde.org> + +diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp +index 3324f04..5199dd3 100644 +--- src/gui/image/qgifhandler.cpp ++++ src/gui/image/qgifhandler.cpp +@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, const uchar *buffer, int length, + memset(bits, 0, image->byteCount()); + } + ++ // Check if the previous attempt to create the image failed. If it ++ // did then the image is broken and we should give up. ++ if (image->isNull()) { ++ state = Error; ++ return -1; ++ } ++ + disposePrevious(image); + disposed = false; + Modified: head/x11-toolkits/qt5-gui/Makefile ============================================================================== --- head/x11-toolkits/qt5-gui/Makefile Sat Jul 19 20:24:30 2014 (r362280) +++ head/x11-toolkits/qt5-gui/Makefile Sat Jul 19 20:26:10 2014 (r362281) @@ -2,7 +2,7 @@ PORTNAME= gui DISTVERSION= ${QT5_VERSION} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= x11-toolkits graphics PKGNAMEPREFIX= qt5- Added: head/x11-toolkits/qt5-gui/files/patch-CVE-2014-0190 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/x11-toolkits/qt5-gui/files/patch-CVE-2014-0190 Sat Jul 19 20:26:10 2014 (r362281) @@ -0,0 +1,36 @@ +commit eb1325047f2697d24e93ebaf924900affc876bc1 +Author: Lars Knoll <lars.knoll@digia.com> +Date: Thu Apr 24 15:33:27 2014 +0200 + + Don't crash on broken GIF images + + Broken GIF images could set invalid width and height + values inside the image, leading to Qt creating a null + QImage for it. In that case we need to abort decoding + the image and return an error. + + Initial patch by Rich Moore. + + Task-number: QTBUG-38367 + Change-Id: Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e + Security-advisory: CVE-2014-0190 + Reviewed-by: Richard J. Moore <rich@kde.org> + +diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp +index eeb62af..19b8382 100644 +--- src/gui/image/qgifhandler.cpp ++++ src/gui/image/qgifhandler.cpp +@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, const uchar *buffer, int length, + memset(bits, 0, image->byteCount()); + } + ++ // Check if the previous attempt to create the image failed. If it ++ // did then the image is broken and we should give up. ++ if (image->isNull()) { ++ state = Error; ++ return -1; ++ } ++ + disposePrevious(image); + disposed = false; +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201407192026.s6JKQAV8058172>