From owner-svn-ports-branches@FreeBSD.ORG Fri Mar 6 22:05:32 2015 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 398F5C3F; Fri, 6 Mar 2015 22:05:32 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 238A7A46; Fri, 6 Mar 2015 22:05:32 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t26M5WF4008516; Fri, 6 Mar 2015 22:05:32 GMT (envelope-from rakuco@FreeBSD.org) Received: (from rakuco@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t26M5VvJ008513; Fri, 6 Mar 2015 22:05:31 GMT (envelope-from rakuco@FreeBSD.org) Message-Id: <201503062205.t26M5VvJ008513@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: rakuco set sender to rakuco@FreeBSD.org using -f From: Raphael Kubo da Costa Date: Fri, 6 Mar 2015 22:05:31 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r380629 - in branches/2015Q1/x11-toolkits: qt4-gui qt4-gui/files qt5-gui qt5-gui/files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Mar 2015 22:05:32 -0000 Author: rakuco Date: Fri Mar 6 22:05:30 2015 New Revision: 380629 URL: https://svnweb.freebsd.org/changeset/ports/380629 QAT: https://qat.redports.org/buildarchive/r380629/ Log: MFH: r380452 Add patch for CVE-2015-0295, DoS vulnerability in the BMP image handler. Security: c9c3374d-c2c1-11e4-b236-5453ed2e2b49 Approved by: ports-secteam (delphij) Added: branches/2015Q1/x11-toolkits/qt4-gui/files/ - copied from r380452, head/x11-toolkits/qt4-gui/files/ branches/2015Q1/x11-toolkits/qt5-gui/files/patch-CVE-2015-0295 - copied unchanged from r380452, head/x11-toolkits/qt5-gui/files/patch-CVE-2015-0295 Modified: branches/2015Q1/x11-toolkits/qt4-gui/Makefile branches/2015Q1/x11-toolkits/qt5-gui/Makefile Directory Properties: branches/2015Q1/ (props changed) Modified: branches/2015Q1/x11-toolkits/qt4-gui/Makefile ============================================================================== --- branches/2015Q1/x11-toolkits/qt4-gui/Makefile Fri Mar 6 22:03:14 2015 (r380628) +++ branches/2015Q1/x11-toolkits/qt4-gui/Makefile Fri Mar 6 22:05:30 2015 (r380629) @@ -3,7 +3,7 @@ PORTNAME= gui DISTVERSION= ${QT4_VERSION} -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= x11-toolkits PKGNAMEPREFIX= qt4- Modified: branches/2015Q1/x11-toolkits/qt5-gui/Makefile ============================================================================== --- branches/2015Q1/x11-toolkits/qt5-gui/Makefile Fri Mar 6 22:03:14 2015 (r380628) +++ branches/2015Q1/x11-toolkits/qt5-gui/Makefile Fri Mar 6 22:05:30 2015 (r380629) @@ -2,7 +2,7 @@ PORTNAME= gui DISTVERSION= ${QT5_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11-toolkits graphics PKGNAMEPREFIX= qt5- Copied: branches/2015Q1/x11-toolkits/qt5-gui/files/patch-CVE-2015-0295 (from r380452, head/x11-toolkits/qt5-gui/files/patch-CVE-2015-0295) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q1/x11-toolkits/qt5-gui/files/patch-CVE-2015-0295 Fri Mar 6 22:05:30 2015 (r380629, copy of r380452, head/x11-toolkits/qt5-gui/files/patch-CVE-2015-0295) @@ -0,0 +1,37 @@ +commit 661f6bfd032dacc62841037732816a583640e187 +Author: Richard J. Moore +Date: Sat Feb 21 17:43:21 2015 +0000 + + Fix a division by zero when processing malformed BMP files. + + This fixes a division by 0 when processing a maliciously crafted BMP + file. No impact beyond DoS. + + Task-number: QTBUG-44547 + Change-Id: Ifcded2c0aa712e90d23e6b3969af0ec3add53973 + Reviewed-by: Thiago Macieira + Reviewed-by: Oswald Buddenhagen + +--- src/gui/image/qbmphandler.cpp ++++ src/gui/image/qbmphandler.cpp +@@ -314,12 +314,20 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int + } + } else if (comp == BMP_BITFIELDS && (nbits == 16 || nbits == 32)) { + red_shift = calc_shift(red_mask); ++ if (((red_mask >> red_shift) + 1) == 0) ++ return false; + red_scale = 256 / ((red_mask >> red_shift) + 1); + green_shift = calc_shift(green_mask); ++ if (((green_mask >> green_shift) + 1) == 0) ++ return false; + green_scale = 256 / ((green_mask >> green_shift) + 1); + blue_shift = calc_shift(blue_mask); ++ if (((blue_mask >> blue_shift) + 1) == 0) ++ return false; + blue_scale = 256 / ((blue_mask >> blue_shift) + 1); + alpha_shift = calc_shift(alpha_mask); ++ if (((alpha_mask >> alpha_shift) + 1) == 0) ++ return false; + alpha_scale = 256 / ((alpha_mask >> alpha_shift) + 1); + } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) { + blue_mask = 0x000000ff;