pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/qt4-libs SECURITY: add a fix from upstream for a D...
details: https://anonhg.NetBSD.org/pkgsrc/rev/bebcb99c1f96
branches: trunk
changeset: 648950:bebcb99c1f96
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Tue Mar 24 21:43:52 2015 +0000
description:
SECURITY: add a fix from upstream for a DoS in the BMP handler. Bump
PKGREVISION.
https://codereview.qt-project.org/#/c/107108/4
Fix a division by zero when processing malformed BMP files.
This fixes a division by 0 when processing a maliciously crafted BMP
file. No impact beyond DoS.
diffstat:
x11/qt4-libs/Makefile | 4 +-
x11/qt4-libs/distinfo | 3 +-
x11/qt4-libs/patches/patch-src_gui_image_qbmphandler.cpp | 25 ++++++++++++++++
3 files changed, 29 insertions(+), 3 deletions(-)
diffs (59 lines):
diff -r cea4f9701662 -r bebcb99c1f96 x11/qt4-libs/Makefile
--- a/x11/qt4-libs/Makefile Tue Mar 24 16:34:12 2015 +0000
+++ b/x11/qt4-libs/Makefile Tue Mar 24 21:43:52 2015 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.102 2014/11/28 21:07:51 spz Exp $
+# $NetBSD: Makefile,v 1.103 2015/03/24 21:43:52 bsiegert Exp $
PKGNAME= qt4-libs-${QTVERSION}
-PKGREVISION= 3
+PKGREVISION= 4
COMMENT= C++ X GUI toolkit
.include "../../x11/qt4-libs/Makefile.common"
diff -r cea4f9701662 -r bebcb99c1f96 x11/qt4-libs/distinfo
--- a/x11/qt4-libs/distinfo Tue Mar 24 16:34:12 2015 +0000
+++ b/x11/qt4-libs/distinfo Tue Mar 24 21:43:52 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.97 2015/03/24 14:28:52 joerg Exp $
+$NetBSD: distinfo,v 1.98 2015/03/24 21:43:52 bsiegert Exp $
SHA1 (qt-everywhere-opensource-src-4.8.6.tar.gz) = ddf9c20ca8309a116e0466c42984238009525da6
RMD160 (qt-everywhere-opensource-src-4.8.6.tar.gz) = 0220d4e76ac761c9ecfb8ddab6f2c1dc6ad70c33
@@ -69,6 +69,7 @@
SHA1 (patch-src_3rdparty_webkit_Source_WebCore_platform_qt_PlatformKeyboardEventQt.cpp) = b28cf71983f8e71b82b1c634a10b3898ca13ede5
SHA1 (patch-src_corelib_io_io.pri) = cde98927b524c92fae1e053c2359e77bde2c240a
SHA1 (patch-src_corelib_io_qfilesystemwatcher.cpp) = bb16b95d20286b1aa069dc25843d7e0067cc0268
+SHA1 (patch-src_gui_image_qbmphandler.cpp) = efe717ee805f808dc8a1ce7c56b3872bc3d75f69
SHA1 (patch-src_gui_kernel_qcocoaapplicationdelegate__mac.mm) = 0caa9b006b3ffee4ab747fca9fd224c7c49211c9
SHA1 (patch-src_network_ssl_qsslsocket__openssl__symbols.cpp) = 3ad682b86d2e9bd2b282caa298508dc3e9dd8566
SHA1 (patch-src_network_ssl_qsslsocket__openssl__symbols__p.h) = 417846ba9edab8638cafa41a54ef60029467ef80
diff -r cea4f9701662 -r bebcb99c1f96 x11/qt4-libs/patches/patch-src_gui_image_qbmphandler.cpp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/qt4-libs/patches/patch-src_gui_image_qbmphandler.cpp Tue Mar 24 21:43:52 2015 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-src_gui_image_qbmphandler.cpp,v 1.1 2015/03/24 21:43:52 bsiegert Exp $
+https://codereview.qt-project.org/#/c/107108/4
+
+Fix a division by zero when processing malformed BMP files.
+This fixes a division by 0 when processing a maliciously crafted BMP
+file. No impact beyond DoS.
+--- src/gui/image/qbmphandler.cpp.orig 2015-03-24 20:09:44.000000000 +0000
++++ src/gui/image/qbmphandler.cpp
+@@ -319,10 +319,16 @@ static bool read_dib_body(QDataStream &s
+ }
+ } else if (comp == BMP_BITFIELDS && (nbits == 16 || nbits == 32)) {
+ red_shift = calc_shift(red_mask);
++ if (((red_mask >> red_shift) + 1) == 0)
++ return false;
+ red_scale = 256 / ((red_mask >> red_shift) + 1);
+ green_shift = calc_shift(green_mask);
++ if (((green_mask >> green_shift) + 1) == 0)
++ return false;
+ green_scale = 256 / ((green_mask >> green_shift) + 1);
+ blue_shift = calc_shift(blue_mask);
++ if (((blue_mask >> blue_shift) + 1) == 0)
++ return false;
+ blue_scale = 256 / ((blue_mask >> blue_shift) + 1);
+ } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) {
+ blue_mask = 0x000000ff;
Home |
Main Index |
Thread Index |
Old Index