tomcharnock/void-packages
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

qt: switch to libressl; patch for CVE-2014-0190.

Browse Source
This commit is contained in:
Juan RP 2014-07-15 20:36:57 +02:00
parent cc5c5bcea6
commit 3e99ff3d8c
2 changed files with 37 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
srcpkgs/qt/patches/CVE-2014-0190.patch Normal file
View File

@ -0,0 +1,32 @@
Don't crash on broken GIF images
Broken GIF images could set invalid width and height
values inside the image, leading to Qt creating a null
QImage for it. In that case we need to abort decoding
the image and return an error.
Initial patch by Rich Moore.
Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5
Task-number: QTBUG-38367
Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a
Security-advisory: CVE-2014-0190
diff -up qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp.QTBUG-38367 qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp
--- qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp.QTBUG-38367 2014-04-10 13:37:12.000000000 -0500
+++ qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp 2014-04-24 15:58:54.515862458 -0500
@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, co
memset(bits, 0, image->byteCount());
}
+ // Check if the previous attempt to create the image failed. If it
+ // did then the image is broken and we should give up.
+ if (image->isNull()) {
+ state = Error;
+ return -1;
+ }
+
disposePrevious(image);
disposed = false;

9
srcpkgs/qt/template
View File

@ -1,7 +1,7 @@
# Template file for 'qt' # Template file for 'qt'
pkgname=qt pkgname=qt
version=4.8.6 version=4.8.6
revision=1 revision=2
_distname=qt-everywhere-opensource-src _distname=qt-everywhere-opensource-src
patch_args="-Np1" patch_args="-Np1"
wrksrc=${_distname}-${version} wrksrc=${_distname}-${version}
@ -18,10 +18,11 @@ if [ "$CROSS_BUILD" ]; then
fi fi
hostmakedepends="pkg-config" hostmakedepends="pkg-config"
makedepends="libpng-devel>=1.6 MesaLib-devel libXrender-devel unixodbc-devel makedepends="
libressl-devel libpng-devel>=1.6 MesaLib-devel libXrender-devel unixodbc-devel
fontconfig-devel libXi-devel libXv-devel libXinerama-devel libXrandr-devel fontconfig-devel libXi-devel libXv-devel libXinerama-devel libXrandr-devel
libXcursor-devel dbus-devel glib-devel icu-devel cups-devel libjpeg-turbo-devel libXcursor-devel dbus-devel glib-devel icu-devel cups-devel libjpeg-turbo-devel
sqlite-devel alsa-lib-devel openssl-devel tiff-devel libmng-devel libxshmfence-devel sqlite-devel alsa-lib-devel tiff-devel libmng-devel libxshmfence-devel
libSM-devel gtk+-devel libmysqlclient-devel>=5.5.27 postgresql-libs-devel libSM-devel gtk+-devel libmysqlclient-devel>=5.5.27 postgresql-libs-devel
pulseaudio-devel" pulseaudio-devel"
@ -115,7 +116,7 @@ qt-devel-tools_package() {
qt-devel_package() { qt-devel_package() {
lib32depends="libX11-devel>=0 icu-devel>=0" lib32depends="libX11-devel>=0 icu-devel>=0"
depends="qt-qmake libX11-devel icu-devel" depends="qt-qmake libX11-devel icu-devel qt>=${version}_${revision}"
short_desc+=" - development files" short_desc+=" - development files"
pkg_install() { pkg_install() {
for f in lrelease lupdate moc qdbuscpp2xml qdbusxml2cpp qt3to4 \ for f in lrelease lupdate moc qdbuscpp2xml qdbusxml2cpp qt3to4 \