qt: switch to libressl; patch for CVE-2014-0190.

This commit is contained in:
Juan RP 2014-07-15 20:36:57 +02:00
parent cc5c5bcea6
commit 3e99ff3d8c
2 changed files with 37 additions and 4 deletions

View file

@ -0,0 +1,32 @@
Don't crash on broken GIF images
Broken GIF images could set invalid width and height
values inside the image, leading to Qt creating a null
QImage for it. In that case we need to abort decoding
the image and return an error.
Initial patch by Rich Moore.
Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5
Task-number: QTBUG-38367
Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a
Security-advisory: CVE-2014-0190
diff -up qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp.QTBUG-38367 qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp
--- qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp.QTBUG-38367 2014-04-10 13:37:12.000000000 -0500
+++ qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp 2014-04-24 15:58:54.515862458 -0500
@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, co
memset(bits, 0, image->byteCount());
}
+ // Check if the previous attempt to create the image failed. If it
+ // did then the image is broken and we should give up.
+ if (image->isNull()) {
+ state = Error;
+ return -1;
+ }
+
disposePrevious(image);
disposed = false;

View file

@ -1,7 +1,7 @@
# Template file for 'qt'
pkgname=qt
version=4.8.6
revision=1
revision=2
_distname=qt-everywhere-opensource-src
patch_args="-Np1"
wrksrc=${_distname}-${version}
@ -18,10 +18,11 @@ if [ "$CROSS_BUILD" ]; then
fi
hostmakedepends="pkg-config"
makedepends="libpng-devel>=1.6 MesaLib-devel libXrender-devel unixodbc-devel
makedepends="
libressl-devel libpng-devel>=1.6 MesaLib-devel libXrender-devel unixodbc-devel
fontconfig-devel libXi-devel libXv-devel libXinerama-devel libXrandr-devel
libXcursor-devel dbus-devel glib-devel icu-devel cups-devel libjpeg-turbo-devel
sqlite-devel alsa-lib-devel openssl-devel tiff-devel libmng-devel libxshmfence-devel
sqlite-devel alsa-lib-devel tiff-devel libmng-devel libxshmfence-devel
libSM-devel gtk+-devel libmysqlclient-devel>=5.5.27 postgresql-libs-devel
pulseaudio-devel"
@ -115,7 +116,7 @@ qt-devel-tools_package() {
qt-devel_package() {
lib32depends="libX11-devel>=0 icu-devel>=0"
depends="qt-qmake libX11-devel icu-devel"
depends="qt-qmake libX11-devel icu-devel qt>=${version}_${revision}"
short_desc+=" - development files"
pkg_install() {
for f in lrelease lupdate moc qdbuscpp2xml qdbusxml2cpp qt3to4 \