diff options
Diffstat (limited to 'dev-qt/qtgui/files')
5 files changed, 0 insertions, 215 deletions
diff --git a/dev-qt/qtgui/files/qtgui-4.8.5-CVE-2015-0295.patch b/dev-qt/qtgui/files/qtgui-4.8.5-CVE-2015-0295.patch deleted file mode 100644 index 3ac87d8dc369..000000000000 --- a/dev-qt/qtgui/files/qtgui-4.8.5-CVE-2015-0295.patch +++ /dev/null @@ -1,40 +0,0 @@ -From e50aa2252cdd5cb53eef7d8c4503c7edff634f68 Mon Sep 17 00:00:00 2001 -From: "Richard J. Moore" <rich@kde.org> -Date: Tue, 24 Feb 2015 19:02:35 +0000 -Subject: [PATCH] Fix a division by zero when processing malformed BMP files. - -This fixes a division by 0 when processing a maliciously crafted BMP -file. No impact beyond DoS. - -Backport of 661f6bfd032dacc62841037732816a583640e187 - -Task-number: QTBUG-44547 -Change-Id: I43f06e752b11cb50669101460902a82b885ae618 -Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> ---- - src/gui/image/qbmphandler.cpp | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp -index b22e842..30fa9e0 100644 ---- a/src/gui/image/qbmphandler.cpp -+++ b/src/gui/image/qbmphandler.cpp -@@ -319,10 +319,16 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int - } - } else if (comp == BMP_BITFIELDS && (nbits == 16 || nbits == 32)) { - red_shift = calc_shift(red_mask); -+ if (((red_mask >> red_shift) + 1) == 0) -+ return false; - red_scale = 256 / ((red_mask >> red_shift) + 1); - green_shift = calc_shift(green_mask); -+ if (((green_mask >> green_shift) + 1) == 0) -+ return false; - green_scale = 256 / ((green_mask >> green_shift) + 1); - blue_shift = calc_shift(blue_mask); -+ if (((blue_mask >> blue_shift) + 1) == 0) -+ return false; - blue_scale = 256 / ((blue_mask >> blue_shift) + 1); - } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) { - blue_mask = 0x000000ff; --- -2.0.5
\ No newline at end of file diff --git a/dev-qt/qtgui/files/qtgui-4.8.5-cleanlooks-floating-point-exception.patch b/dev-qt/qtgui/files/qtgui-4.8.5-cleanlooks-floating-point-exception.patch deleted file mode 100644 index a54efef0d78b..000000000000 --- a/dev-qt/qtgui/files/qtgui-4.8.5-cleanlooks-floating-point-exception.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 0db65e148dcb4d5e5b98475f207d41a287c401a1 Mon Sep 17 00:00:00 2001 -From: Alexandre Rostovtsev <tetromino@gentoo.org> -Date: Wed, 28 May 2014 00:22:55 -0400 -Subject: [PATCH] Cleanlooks style: Fix floating point exception - -In QCleanlooksStyle::drawControl, if indeterminate == true and -rect.width() == 4, we will end up with slideWidth of zero, and -take a mod by zero when calculating the value of step. - -This causes a crash in Quassel 0.10; see -https://bugs.gentoo.org/show_bug.cgi?id=507124 - -Instead, calculate slideWidth based on max(width, minWidth) where -minWidth was already set as 4, ensuring that slideWidth >= 2. - -Change-Id: I6678789105e359fa26c99409f449cad0ba3bd0ae -(cherry picked from qtstyleplugins/8ff2ac6035fb1d01f5c0054ba14afb949410e3a7) -Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> ---- - src/gui/styles/qcleanlooksstyle.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/gui/styles/qcleanlooksstyle.cpp b/src/gui/styles/qcleanlooksstyle.cpp -index 504734a..3f665ca 100644 ---- a/src/gui/styles/qcleanlooksstyle.cpp -+++ b/src/gui/styles/qcleanlooksstyle.cpp -@@ -1773,7 +1773,7 @@ void QCleanlooksStyle::drawControl(ControlElement element, const QStyleOption *o - } - } else { - Q_D(const QCleanlooksStyle); -- int slideWidth = ((rect.width() - 4) * 2) / 3; -+ int slideWidth = (qMax(rect.width() - 4, minWidth) * 2) / 3; - int step = ((d->animateStep * slideWidth) / d->animationFps) % slideWidth; - if ((((d->animateStep * slideWidth) / d->animationFps) % (2 * slideWidth)) >= slideWidth) - step = slideWidth - step; --- -2.0.0 - diff --git a/dev-qt/qtgui/files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch b/dev-qt/qtgui/files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch deleted file mode 100644 index d800caf97421..000000000000 --- a/dev-qt/qtgui/files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch +++ /dev/null @@ -1,43 +0,0 @@ -From f1b76c126c476c155af8c404b97c42cd1a709333 Mon Sep 17 00:00:00 2001 -From: Lars Knoll <lars.knoll@digia.com> -Date: Thu, 24 Apr 2014 15:33:27 +0200 -Subject: Don't crash on broken GIF images - -Broken GIF images could set invalid width and height -values inside the image, leading to Qt creating a null -QImage for it. In that case we need to abort decoding -the image and return an error. - -Initial patch by Rich Moore. - -Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5 - -Task-number: QTBUG-38367 -Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a -Security-advisory: CVE-2014-0190 -Reviewed-by: Richard J. Moore <rich@kde.org> ---- - src/gui/image/qgifhandler.cpp | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp -index 3324f04..5199dd3 100644 ---- a/src/gui/image/qgifhandler.cpp -+++ b/src/gui/image/qgifhandler.cpp -@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, const uchar *buffer, int length, - memset(bits, 0, image->byteCount()); - } - -+ // Check if the previous attempt to create the image failed. If it -+ // did then the image is broken and we should give up. -+ if (image->isNull()) { -+ state = Error; -+ return -1; -+ } -+ - disposePrevious(image); - disposed = false; - --- -1.9.3 - diff --git a/dev-qt/qtgui/files/qtgui-4.8.6-CVE-2015-1858.patch b/dev-qt/qtgui/files/qtgui-4.8.6-CVE-2015-1858.patch deleted file mode 100644 index c1aac444a644..000000000000 --- a/dev-qt/qtgui/files/qtgui-4.8.6-CVE-2015-1858.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 3e55cd6dc467303a3c35312e9fcb255c2c048b32 Mon Sep 17 00:00:00 2001 -From: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com> -Date: Wed, 11 Mar 2015 13:34:01 +0100 -Subject: Fixes crash in bmp and ico image decoding - -Fuzzing test revealed that for certain malformed bmp and ico files, -the handler would segfault. - -Change-Id: I19d45145f31e7f808f7f6a1a1610270ea4159cbe -(cherry picked from qtbase/2adbbae5432aa9d8cc41c6fcf55c2e310d2d4078) -Reviewed-by: Richard J. Moore <rich@kde.org> ---- - src/gui/image/qbmphandler.cpp | 13 +++++++------ - src/plugins/imageformats/ico/qicohandler.cpp | 2 +- - 2 files changed, 8 insertions(+), 7 deletions(-) - -diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp -index 30fa9e0..17a880b 100644 ---- a/src/gui/image/qbmphandler.cpp -+++ b/src/gui/image/qbmphandler.cpp -@@ -478,12 +478,6 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int - p = data + (h-y-1)*bpl; - break; - case 2: // delta (jump) -- // Protection -- if ((uint)x >= (uint)w) -- x = w-1; -- if ((uint)y >= (uint)h) -- y = h-1; -- - { - quint8 tmp; - d->getChar((char *)&tmp); -@@ -491,6 +485,13 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int - d->getChar((char *)&tmp); - y += tmp; - } -+ -+ // Protection -+ if ((uint)x >= (uint)w) -+ x = w-1; -+ if ((uint)y >= (uint)h) -+ y = h-1; -+ - p = data + (h-y-1)*bpl + x; - break; - default: // absolute mode -diff --git a/src/plugins/imageformats/ico/qicohandler.cpp b/src/plugins/imageformats/ico/qicohandler.cpp -index 1a88605..3c34765 100644 ---- a/src/plugins/imageformats/ico/qicohandler.cpp -+++ b/src/plugins/imageformats/ico/qicohandler.cpp -@@ -571,7 +571,7 @@ QImage ICOReader::iconAt(int index) - QImage::Format format = QImage::Format_ARGB32; - if (icoAttrib.nbits == 24) - format = QImage::Format_RGB32; -- else if (icoAttrib.ncolors == 2) -+ else if (icoAttrib.ncolors == 2 && icoAttrib.depth == 1) - format = QImage::Format_Mono; - else if (icoAttrib.ncolors > 0) - format = QImage::Format_Indexed8; --- -cgit v0.11.0 - diff --git a/dev-qt/qtgui/files/qtgui-4.8.6-CVE-2015-1860.patch b/dev-qt/qtgui/files/qtgui-4.8.6-CVE-2015-1860.patch deleted file mode 100644 index d881db8d5b86..000000000000 --- a/dev-qt/qtgui/files/qtgui-4.8.6-CVE-2015-1860.patch +++ /dev/null @@ -1,31 +0,0 @@ -From a1cf194c54be57d6ab55dfd26b9562a60532208e Mon Sep 17 00:00:00 2001 -From: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com> -Date: Wed, 11 Mar 2015 09:00:41 +0100 -Subject: Fixes crash in gif image decoder - -Fuzzing test revealed that for certain malformed gif files, -qgifhandler would segfault. - -Change-Id: I5bb6f60e1c61849e0d8c735edc3869945e5331c1 -(cherry picked from qtbase/ea2c5417fcd374302f5019e67f72af5facbd29f6) -Reviewed-by: Richard J. Moore <rich@kde.org> ---- - src/gui/image/qgifhandler.cpp | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp -index 5199dd3..49aa2a6 100644 ---- a/src/gui/image/qgifhandler.cpp -+++ b/src/gui/image/qgifhandler.cpp -@@ -944,6 +944,8 @@ void QGIFFormat::fillRect(QImage *image, int col, int row, int w, int h, QRgb co - - void QGIFFormat::nextY(unsigned char *bits, int bpl) - { -+ if (out_of_bounds) -+ return; - int my; - switch (interlace) { - case 0: // Non-interlaced --- -cgit v0.11.0 - |