qt: switch to libressl; patch for CVE-2014-0190.

2014-07-15 20:36:57 +02:00 · 2014-07-15 20:36:57 +02:00 · 3e99ff3d8c
parent cc5c5bcea6
commit 3e99ff3d8c
2 changed files with 37 additions and 4 deletions
--- a/srcpkgs/qt/patches/CVE-2014-0190.patch
+++ b/srcpkgs/qt/patches/CVE-2014-0190.patch
@ -0,0 +1,32 @@
+Don't crash on broken GIF images
+
+Broken GIF images could set invalid width and height
+values inside the image, leading to Qt creating a null
+QImage for it. In that case we need to abort decoding
+the image and return an error.
+
+Initial patch by Rich Moore.
+
+Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5
+
+Task-number: QTBUG-38367
+Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a
+Security-advisory: CVE-2014-0190
+
+diff -up qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp.QTBUG-38367 qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp
+--- qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp.QTBUG-38367	2014-04-10 13:37:12.000000000 -0500
+++ qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp	2014-04-24 15:58:54.515862458 -0500
+@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, co
+                     memset(bits, 0, image->byteCount());
+                 }
+ 
+                // Check if the previous attempt to create the image failed. If it
+                // did then the image is broken and we should give up.
+                if (image->isNull()) {
+                    state = Error;
+                    return -1;
+                }
+
+                 disposePrevious(image);
+                 disposed = false;
+ 
--- a/srcpkgs/qt/template
+++ b/srcpkgs/qt/template
@ -1,7 +1,7 @@
 # Template file for 'qt'
 pkgname=qt
 version=4.8.6
-revision=1
+revision=2
 _distname=qt-everywhere-opensource-src
 patch_args="-Np1"
 wrksrc=${_distname}-${version}
@ -18,10 +18,11 @@ if [ "$CROSS_BUILD" ]; then
 fi

 hostmakedepends="pkg-config"
-makedepends="libpng-devel>=1.6 MesaLib-devel libXrender-devel unixodbc-devel
+makedepends="
+ libressl-devel libpng-devel>=1.6 MesaLib-devel libXrender-devel unixodbc-devel
 fontconfig-devel libXi-devel libXv-devel libXinerama-devel libXrandr-devel
 libXcursor-devel dbus-devel glib-devel icu-devel cups-devel libjpeg-turbo-devel
- sqlite-devel alsa-lib-devel openssl-devel tiff-devel libmng-devel libxshmfence-devel
+ sqlite-devel alsa-lib-devel tiff-devel libmng-devel libxshmfence-devel
 libSM-devel gtk+-devel libmysqlclient-devel>=5.5.27 postgresql-libs-devel
 pulseaudio-devel"

@ -115,7 +116,7 @@ qt-devel-tools_package() {

 qt-devel_package() {
 	lib32depends="libX11-devel>=0 icu-devel>=0"
-	depends="qt-qmake libX11-devel icu-devel"
+	depends="qt-qmake libX11-devel icu-devel qt>=${version}_${revision}"
 	short_desc+=" - development files"
 	pkg_install() {
 		for f in lrelease lupdate moc qdbuscpp2xml qdbusxml2cpp qt3to4 \