From 9b4d1e83da1e1bf5ce36313334a8e6d660c2beae Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Sat, 28 Feb 2015 16:44:56 +0100 Subject: qt qtbase: include BMP DoS fix --- src/qt-1-cherrypicks.patch | 113 ++++++++++++++++++++++++++++++--------------- src/qtbase-1.patch | 52 +++++++++++++++++++-- 2 files changed, 125 insertions(+), 40 deletions(-) diff --git a/src/qt-1-cherrypicks.patch b/src/qt-1-cherrypicks.patch index 3e73833..1f57ccf 100644 --- a/src/qt-1-cherrypicks.patch +++ b/src/qt-1-cherrypicks.patch @@ -7,7 +7,7 @@ Also contains MXE specific fixes. From f7acb6676a5950078500360aa0586becf4beb553 Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Fri, 13 Jan 2012 00:17:48 +0100 -Subject: [PATCH 01/18] remove trailing whitespace +Subject: [PATCH 01/19] remove trailing whitespace backported from qt5/qtbase Change-Id: If53a0bd1794e69b4856f993c6e2959369bd007d6 @@ -28,13 +28,13 @@ index 9090773..859ec8d 100644 ../plugins/codecs/tw/qbig5codec.h \ ../plugins/codecs/jp/qfontjpcodec.h -- -1.8.4.5 +2.1.0 From 9ecb9ef79302deaab80adc8d97c923260d3dcaeb Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Thu, 30 Jun 2011 10:22:33 +0200 -Subject: [PATCH 02/18] do not detect or configure iconv for Windows +Subject: [PATCH 02/19] do not detect or configure iconv for Windows Qt doesn't use iconv on Windows, but configuring it will appear to work and the build will complete. The result is that character @@ -62,13 +62,13 @@ index a9ba7c8..2e495a4 100755 elif compileTest "unix/iconv" "POSIX iconv"; then CFG_ICONV=yes -- -1.8.4.5 +2.1.0 From 02f19c027ec896c6a42d9c02af4ca772151dc46b Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Wed, 18 Jan 2012 11:43:10 +0100 -Subject: [PATCH 03/18] fix whitespace +Subject: [PATCH 03/19] fix whitespace backported from qt5/qtbase Change-Id: I0cfccae085c000d4368386a34f288c1e6f01a88f @@ -136,13 +136,13 @@ index 859ec8d..70cd890 100644 ../plugins/codecs/tw/qbig5codec.cpp \ ../plugins/codecs/jp/qfontjpcodec.cpp -- -1.8.4.5 +2.1.0 From 7294d08265fff3470580267f5585948926aef418 Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Mon, 4 Jul 2011 00:42:24 +0200 -Subject: [PATCH 04/18] build and load text codecs regardless of iconv and +Subject: [PATCH 04/19] build and load text codecs regardless of iconv and platform Otherwise applications linking to static Qt may have to import @@ -278,13 +278,13 @@ index 58ffb00..1ee586e 100644 #endif // QT_NO_CODECS -- -1.8.4.5 +2.1.0 From b262b83a888f975b3229e0d5d0ad40d6dd255347 Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Fri, 13 Jan 2012 00:24:13 +0100 -Subject: [PATCH 05/18] move plugin text codecs to QtCore +Subject: [PATCH 05/19] move plugin text codecs to QtCore Having plugin text codecs adds considerable complexity to configuring Qt. The plugin interface is designed for optional @@ -79229,13 +79229,13 @@ index 94ce675..c4af49b 100644 !embedded:!qpa:!contains(QT_CONFIG, no-gui):SUBDIRS *= graphicssystems embedded:SUBDIRS *= gfxdrivers decorations mousedrivers kbddrivers -- -1.8.4.5 +2.1.0 From f83e70e53314cfed3329f5b0640ef3d8f91f8d02 Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Wed, 18 Jan 2012 21:01:26 +0100 -Subject: [PATCH 06/18] update private header references +Subject: [PATCH 06/19] update private header references backported from qt5/qtbase Change-Id: I092d879653b6900532a0c4534c1eb2be84e9d0f6 @@ -79392,13 +79392,13 @@ index a4c0981..5025968 100644 #include -- -1.8.4.5 +2.1.0 From d83cb542ed81668261fd0267f1dfaef581228ff6 Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Sun, 3 Jul 2011 21:53:27 +0200 -Subject: [PATCH 07/18] cosmetic adjustments for files moved to core/codecs +Subject: [PATCH 07/19] cosmetic adjustments for files moved to core/codecs -update old reference to 'plugin' -rename multiple inclusion guards @@ -79884,13 +79884,13 @@ index 5025968..6dd8902 100644 -#endif // QSJISCODEC_H +#endif // QSJISCODEC_P_H -- -1.8.4.5 +2.1.0 From 04dc59bf0b9f0ab787d90d42d9dd8d8907346af4 Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Thu, 12 Jan 2012 10:43:29 +0100 -Subject: [PATCH 08/18] remove obsolete codec plugin loading code +Subject: [PATCH 08/19] remove obsolete codec plugin loading code backported from qt5/qtbase Change-Id: I1f3dbb5c10009413f701947b1b89ed3dbc94bf3d @@ -80421,13 +80421,13 @@ index 316e718..6acd0fb 100644 #if !defined(QT_NO_COLORDIALOG) && (defined(QT_NO_SPINBOX)) #define QT_NO_COLORDIALOG -- -1.8.4.5 +2.1.0 From 9a38d6f343045133d3093aabee715aa4eeb84e7a Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Mon, 23 Jan 2012 23:12:46 +0100 -Subject: [PATCH 09/18] remove vestiges of text codec plugins +Subject: [PATCH 09/19] remove vestiges of text codec plugins follow-up to 3a3356a85079d734dfa57205a00e1996afc033df @@ -80455,13 +80455,13 @@ index dea05e0..12cd8ea 100644 Description: Supports translations using QObject::tr(). Section: Internationalization -- -1.8.4.5 +2.1.0 From 376cc3027f9cc2d90af96e7cb964f6e8e9d8a464 Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Thu, 3 Nov 2011 15:10:26 +0100 -Subject: [PATCH 10/18] use pkg-config for libmng (MXE specific) +Subject: [PATCH 10/19] use pkg-config for libmng (MXE specific) Change-Id: Ifce956d5cad06d5273088656b8500b87980063f4 @@ -80481,13 +80481,13 @@ index ffb98de..6aab68f 100644 } else { include($$PWD/../../3rdparty/libmng.pri) -- -1.8.4.5 +2.1.0 From 7d62ca1f73ed19db7e3cb87d60117ed056e9af87 Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Thu, 3 Nov 2011 14:11:02 +0100 -Subject: [PATCH 11/18] use pkg-config for libtiff-4 (MXE specific) +Subject: [PATCH 11/19] use pkg-config for libtiff-4 (MXE specific) Change-Id: I5e89e66fc1606d425553e781c9e62db703136957 @@ -80507,13 +80507,13 @@ index e1cc3ee..71cbab1 100644 } else { include($$PWD/../../3rdparty/libtiff.pri) -- -1.8.4.5 +2.1.0 From 713dd9fee42c94151cd060bccef58429d2af04d4 Mon Sep 17 00:00:00 2001 From: Tony Theodore Date: Thu, 1 Sep 2011 13:47:10 +0200 -Subject: [PATCH 12/18] fix building on GNU/kFreeBSD (MXE specific) +Subject: [PATCH 12/19] fix building on GNU/kFreeBSD (MXE specific) This patch has been taken from: @@ -80538,13 +80538,13 @@ index 96fbeee..5bd8c80 100644 # define Q_OS_NETBSD # define Q_OS_BSD4 -- -1.8.4.5 +2.1.0 From 1957ef52ed0246f661a6bbfc994d0a15617f41f0 Mon Sep 17 00:00:00 2001 From: Tony Theodore Date: Thu, 1 Sep 2011 13:49:47 +0200 -Subject: [PATCH 13/18] fix missing platform when building on GNU/kFreeBSD (MXE +Subject: [PATCH 13/19] fix missing platform when building on GNU/kFreeBSD (MXE specific) This patch is inspired by: @@ -80569,13 +80569,13 @@ index 2e495a4..4965d90 100755 PLATFORM=dgux-g++ ;; -- -1.8.4.5 +2.1.0 From 4df31e3967977d0726877e32d66394bef820cb5d Mon Sep 17 00:00:00 2001 From: Tony Theodore Date: Thu, 1 Sep 2011 13:51:50 +0200 -Subject: [PATCH 14/18] fix building on dragonfly (MXE specific) +Subject: [PATCH 14/19] fix building on dragonfly (MXE specific) This patch is inspired by: http://cvsweb.NetBSD.org/bsdweb.cgi/pkgsrc/x11/qt4-libs/Makefile.common?rev=1.27&content-type=text/x-cvsweb-markup @@ -80596,13 +80596,13 @@ index 4965d90..e1e7384 100755 PLATFORM_NOTES=" - Also available for FreeBSD: freebsd-icc -- -1.8.4.5 +2.1.0 From d2b06e4775fb0b0faf83cb99b3443a9fe036f237 Mon Sep 17 00:00:00 2001 From: Tony Theodore Date: Wed, 30 Apr 2014 22:12:35 +0200 -Subject: [PATCH 15/18] fix for designer in shared build (MXE specific) +Subject: [PATCH 15/19] fix for designer in shared build (MXE specific) Change-Id: I23afe70c17e88d63b649d851f89e187da9b79d96 @@ -80620,13 +80620,13 @@ index f58df8a..0c25ed4 100644 # Input -- -1.8.4.5 +2.1.0 From 31d8a5c526bdde7a1026380c269ba99baf2d38b1 Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Wed, 30 Apr 2014 23:17:58 +0200 -Subject: [PATCH 16/18] fix include of private header +Subject: [PATCH 16/19] fix include of private header Change-Id: I0554933de2536231d7d416d8df5b96eaa459fc51 Reviewed-by: Oswald Buddenhagen @@ -80646,13 +80646,13 @@ index e933112..3868c21 100644 #include "ui_qfiledialog.h" #else -- -1.8.4.5 +2.1.0 From 06ddd1f936477c47566eba0b6ba184f523afca01 Mon Sep 17 00:00:00 2001 From: Tony Theodore Date: Thu, 8 May 2014 00:24:25 +1000 -Subject: [PATCH 17/18] fix include path with current dir +Subject: [PATCH 17/19] fix include path with current dir diff --git a/src/3rdparty/webkit/Source/WebKit/qt/tests/hybridPixmap/hybridPixmap.pro b/src/3rdparty/webkit/Source/WebKit/qt/tests/hybridPixmap/hybridPixmap.pro @@ -80665,13 +80665,13 @@ index 9e80870..4fa0ea2 100644 CONFIG += console +INCLUDEPATH += . -- -1.8.4.5 +2.1.0 From 884606e1ed5d6a9203d3e15404174341cd12aae2 Mon Sep 17 00:00:00 2001 From: Daniel Burr Date: Mon, 1 Sep 2014 15:27:12 +0200 -Subject: [PATCH 18/18] qt dont perform ipc checks for win32 +Subject: [PATCH 18/19] qt dont perform ipc checks for win32 Taken from: http://pkgs.fedoraproject.org/cgit/mingw-qt.git/plain/qt-dont-perform-ipc-checks-for-win32.patch?id2=HEAD @@ -80696,5 +80696,46 @@ index e1e7384..038a33c 100755 if ! compileTest unix/ipc_sysv "ipc_sysv" ; then # SYSV IPC is not supported - check POSIX IPC -- -1.8.4.5 +2.1.0 + + +From c4585ae7d19378bfc58b2e813744ebe41997d36b Mon Sep 17 00:00:00 2001 +From: "Richard J. Moore" +Date: Tue, 24 Feb 2015 19:02:35 +0000 +Subject: [PATCH 19/19] Fix a division by zero when processing malformed BMP + files. + +This fixes a division by 0 when processing a maliciously crafted BMP +file. No impact beyond DoS. + +Backport of 661f6bfd032dacc62841037732816a583640e187 + +Task-number: QTBUG-44547 +Change-Id: I43f06e752b11cb50669101460902a82b885ae618 +Reviewed-by: Thiago Macieira +(cherry picked from commit e50aa2252cdd5cb53eef7d8c4503c7edff634f68) + +diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp +index 8b047d8..39f3866 100644 +--- a/src/gui/image/qbmphandler.cpp ++++ b/src/gui/image/qbmphandler.cpp +@@ -319,10 +319,16 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int + } + } else if (comp == BMP_BITFIELDS && (nbits == 16 || nbits == 32)) { + red_shift = calc_shift(red_mask); ++ if (((red_mask >> red_shift) + 1) == 0) ++ return false; + red_scale = 256 / ((red_mask >> red_shift) + 1); + green_shift = calc_shift(green_mask); ++ if (((green_mask >> green_shift) + 1) == 0) ++ return false; + green_scale = 256 / ((green_mask >> green_shift) + 1); + blue_shift = calc_shift(blue_mask); ++ if (((blue_mask >> blue_shift) + 1) == 0) ++ return false; + blue_scale = 256 / ((blue_mask >> blue_shift) + 1); + } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) { + blue_mask = 0x000000ff; +-- +2.1.0 diff --git a/src/qtbase-1.patch b/src/qtbase-1.patch index 1609768..73423d8 100644 --- a/src/qtbase-1.patch +++ b/src/qtbase-1.patch @@ -4,7 +4,7 @@ See index.html for further information. From 01ab4dd7d61a047c93164b8d8511ddb31d5740f1 Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Tue, 26 Feb 2013 13:23:33 +0100 -Subject: [PATCH 1/4] use pkg-config for freetype +Subject: [PATCH 1/5] use pkg-config for freetype Change-Id: Id2f78ed9dbdcacd570eb25982cbd700d0437542a @@ -27,7 +27,7 @@ index c2b882e..3834d83 100644 From a6a467a7d8e6aaec6197c77887cae7c06f3c8659 Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Sat, 18 May 2013 23:07:46 +0200 -Subject: [PATCH 2/4] use pkgconfig for icu detection (MXE specific) +Subject: [PATCH 2/5] use pkgconfig for icu detection (MXE specific) Change-Id: I874171361fec812cb5a5a56e4d8d90a630be3bf3 @@ -61,7 +61,7 @@ index 16267ff..dd9fb6c 100644 From eed2ebcf407f7e674447917f9657a689d0d2233f Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Sat, 21 Jun 2014 13:12:49 +0200 -Subject: [PATCH 3/4] use pkg-config for harfbuzz (MXE specific) +Subject: [PATCH 3/5] use pkg-config for harfbuzz (MXE specific) Change-Id: Id4e4c37d68b63c9f480d72a561d95d4d2a5ded50 @@ -94,7 +94,7 @@ index 7443368..c24e684 100644 From 315a827326804cd76b43aa01597dc761bb75268e Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Mon, 8 Dec 2014 14:15:12 +0100 -Subject: [PATCH 4/4] fix oci config test on windows +Subject: [PATCH 4/5] fix oci config test on windows Change-Id: If1ce2241682259ca495b0ba68bf18410f8548922 @@ -110,3 +110,47 @@ index 3ffda1d..39b6f3759 100644 -- 2.1.0 + +From 22e870578fbf6d25178674fdc6ff032257459eb9 Mon Sep 17 00:00:00 2001 +From: "Richard J. Moore" +Date: Sat, 21 Feb 2015 17:43:21 +0000 +Subject: [PATCH 5/5] Fix a division by zero when processing malformed BMP + files. + +This fixes a division by 0 when processing a maliciously crafted BMP +file. No impact beyond DoS. + +Task-number: QTBUG-44547 +Change-Id: Ifcded2c0aa712e90d23e6b3969af0ec3add53973 +Reviewed-by: Thiago Macieira +Reviewed-by: Oswald Buddenhagen +(cherry picked from commit 661f6bfd032dacc62841037732816a583640e187) + +diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp +index 21c1a2f..df66499 100644 +--- a/src/gui/image/qbmphandler.cpp ++++ b/src/gui/image/qbmphandler.cpp +@@ -314,12 +314,20 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int + } + } else if (comp == BMP_BITFIELDS && (nbits == 16 || nbits == 32)) { + red_shift = calc_shift(red_mask); ++ if (((red_mask >> red_shift) + 1) == 0) ++ return false; + red_scale = 256 / ((red_mask >> red_shift) + 1); + green_shift = calc_shift(green_mask); ++ if (((green_mask >> green_shift) + 1) == 0) ++ return false; + green_scale = 256 / ((green_mask >> green_shift) + 1); + blue_shift = calc_shift(blue_mask); ++ if (((blue_mask >> blue_shift) + 1) == 0) ++ return false; + blue_scale = 256 / ((blue_mask >> blue_shift) + 1); + alpha_shift = calc_shift(alpha_mask); ++ if (((alpha_mask >> alpha_shift) + 1) == 0) ++ return false; + alpha_scale = 256 / ((alpha_mask >> alpha_shift) + 1); + } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) { + blue_mask = 0x000000ff; +-- +2.1.0 + -- cgit v0.12