Date: Fri, 6 Mar 2015 22:05:31 +0000 (UTC) From: Raphael Kubo da Costa <rakuco@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r380629 - in branches/2015Q1/x11-toolkits: qt4-gui qt4-gui/files qt5-gui qt5-gui/files Message-ID: <201503062205.t26M5VvJ008513@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rakuco Date: Fri Mar 6 22:05:30 2015 New Revision: 380629 URL: https://svnweb.freebsd.org/changeset/ports/380629 QAT: https://qat.redports.org/buildarchive/r380629/ Log: MFH: r380452 Add patch for CVE-2015-0295, DoS vulnerability in the BMP image handler. Security: c9c3374d-c2c1-11e4-b236-5453ed2e2b49 Approved by: ports-secteam (delphij) Added: branches/2015Q1/x11-toolkits/qt4-gui/files/ - copied from r380452, head/x11-toolkits/qt4-gui/files/ branches/2015Q1/x11-toolkits/qt5-gui/files/patch-CVE-2015-0295 - copied unchanged from r380452, head/x11-toolkits/qt5-gui/files/patch-CVE-2015-0295 Modified: branches/2015Q1/x11-toolkits/qt4-gui/Makefile branches/2015Q1/x11-toolkits/qt5-gui/Makefile Directory Properties: branches/2015Q1/ (props changed) Modified: branches/2015Q1/x11-toolkits/qt4-gui/Makefile ============================================================================== --- branches/2015Q1/x11-toolkits/qt4-gui/Makefile Fri Mar 6 22:03:14 2015 (r380628) +++ branches/2015Q1/x11-toolkits/qt4-gui/Makefile Fri Mar 6 22:05:30 2015 (r380629) @@ -3,7 +3,7 @@ PORTNAME= gui DISTVERSION= ${QT4_VERSION} -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= x11-toolkits PKGNAMEPREFIX= qt4- Modified: branches/2015Q1/x11-toolkits/qt5-gui/Makefile ============================================================================== --- branches/2015Q1/x11-toolkits/qt5-gui/Makefile Fri Mar 6 22:03:14 2015 (r380628) +++ branches/2015Q1/x11-toolkits/qt5-gui/Makefile Fri Mar 6 22:05:30 2015 (r380629) @@ -2,7 +2,7 @@ PORTNAME= gui DISTVERSION= ${QT5_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11-toolkits graphics PKGNAMEPREFIX= qt5- Copied: branches/2015Q1/x11-toolkits/qt5-gui/files/patch-CVE-2015-0295 (from r380452, head/x11-toolkits/qt5-gui/files/patch-CVE-2015-0295) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q1/x11-toolkits/qt5-gui/files/patch-CVE-2015-0295 Fri Mar 6 22:05:30 2015 (r380629, copy of r380452, head/x11-toolkits/qt5-gui/files/patch-CVE-2015-0295) @@ -0,0 +1,37 @@ +commit 661f6bfd032dacc62841037732816a583640e187 +Author: Richard J. Moore <rich@kde.org> +Date: Sat Feb 21 17:43:21 2015 +0000 + + Fix a division by zero when processing malformed BMP files. + + This fixes a division by 0 when processing a maliciously crafted BMP + file. No impact beyond DoS. + + Task-number: QTBUG-44547 + Change-Id: Ifcded2c0aa712e90d23e6b3969af0ec3add53973 + Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> + Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com> + +--- src/gui/image/qbmphandler.cpp ++++ src/gui/image/qbmphandler.cpp +@@ -314,12 +314,20 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int + } + } else if (comp == BMP_BITFIELDS && (nbits == 16 || nbits == 32)) { + red_shift = calc_shift(red_mask); ++ if (((red_mask >> red_shift) + 1) == 0) ++ return false; + red_scale = 256 / ((red_mask >> red_shift) + 1); + green_shift = calc_shift(green_mask); ++ if (((green_mask >> green_shift) + 1) == 0) ++ return false; + green_scale = 256 / ((green_mask >> green_shift) + 1); + blue_shift = calc_shift(blue_mask); ++ if (((blue_mask >> blue_shift) + 1) == 0) ++ return false; + blue_scale = 256 / ((blue_mask >> blue_shift) + 1); + alpha_shift = calc_shift(alpha_mask); ++ if (((alpha_mask >> alpha_shift) + 1) == 0) ++ return false; + alpha_scale = 256 / ((alpha_mask >> alpha_shift) + 1); + } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) { + blue_mask = 0x000000ff;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201503062205.t26M5VvJ008513>