Attachment #160579 for bug #202808

Lines 71-76 Link Here

(-)Mk/Uses/qmake.mk (+1 lines)
71	QMAKE_CFLAGS="${CFLAGS}" \	71	QMAKE_CFLAGS="${CFLAGS}" \
72	QMAKE_CXXFLAGS="${CXXFLAGS}" \	72	QMAKE_CXXFLAGS="${CXXFLAGS}" \
73	QMAKE_LFLAGS="${LDFLAGS}" \	73	QMAKE_LFLAGS="${LDFLAGS}" \
		74	QMAKE_LIBS="${LIBS}" \
74	QMAKE_CFLAGS_DEBUG="" \	75	QMAKE_CFLAGS_DEBUG="" \
75	QMAKE_CFLAGS_RELEASE="" \	76	QMAKE_CFLAGS_RELEASE="" \
76	QMAKE_CXXFLAGS_DEBUG="" \	77	QMAKE_CXXFLAGS_DEBUG="" \

Lines 26-32 Link Here

(-)Mk/bsd.qt.mk (-1 / +1 lines)
26		26
27	# Qt versions currently supported by the framework.	27	# Qt versions currently supported by the framework.
28	_QT_SUPPORTED?= 4 5	28	_QT_SUPPORTED?= 4 5
29	QT4_VERSION?= 4.8.6	29	QT4_VERSION?= 4.8.7
30	QT5_VERSION?= 5.4.1	30	QT5_VERSION?= 5.4.1
31		31
32	QT_PREFIX?= ${LOCALBASE}	32	QT_PREFIX?= ${LOCALBASE}

Lines 3-9 Link Here

(-)databases/qt4-odbc-plugin/Makefile (-1 lines)
3		3
4	PORTNAME= qt4-${DB}-plugin	4	PORTNAME= qt4-${DB}-plugin
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= databases	6	CATEGORIES= databases
8		7
9	MAINTAINER= kde@FreeBSD.org	8	MAINTAINER= kde@FreeBSD.org

Lines 3-9 Link Here

(-)databases/qt4-sql/Makefile (-1 lines)
3		3
4	PORTNAME= sql	4	PORTNAME= sql
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= databases	6	CATEGORIES= databases
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)databases/qt4-sqlite-plugin/Makefile (-1 lines)
3		3
4	PORTNAME= qt4-${DB}-plugin	4	PORTNAME= qt4-${DB}-plugin
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= databases	6	CATEGORIES= databases
8		7
9	MAINTAINER= kde@FreeBSD.org	8	MAINTAINER= kde@FreeBSD.org

Lines 3-9 Link Here

(-)databases/qt4-sqlite3-plugin/Makefile (-1 lines)
3		3
4	PORTNAME= qt4-${DB}-plugin	4	PORTNAME= qt4-${DB}-plugin
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= databases	6	CATEGORIES= databases
8		7
9	MAINTAINER= kde@FreeBSD.org	8	MAINTAINER= kde@FreeBSD.org

Lines 3-9 Link Here

(-)devel/dbus-qt4/Makefile (-1 lines)
3		3
4	PORTNAME= dbus	4	PORTNAME= dbus
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= devel	6	CATEGORIES= devel
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 487-492 Link Here

(-)devel/qmake4/pkg-plist (+2 lines)
487	%%QT_MKSPECDIR%%/win32-msvc2012/qplatformdefs.h	487	%%QT_MKSPECDIR%%/win32-msvc2012/qplatformdefs.h
488	%%QT_MKSPECDIR%%/win32-msvc2013/qmake.conf	488	%%QT_MKSPECDIR%%/win32-msvc2013/qmake.conf
489	%%QT_MKSPECDIR%%/win32-msvc2013/qplatformdefs.h	489	%%QT_MKSPECDIR%%/win32-msvc2013/qplatformdefs.h
		490	%%QT_MKSPECDIR%%/win32-msvc2015/qmake.conf
		491	%%QT_MKSPECDIR%%/win32-msvc2015/qplatformdefs.h
490	%%QT_MKSPECDIR%%/wince50standard-armv4i-msvc2005/default_post.prf	492	%%QT_MKSPECDIR%%/wince50standard-armv4i-msvc2005/default_post.prf
491	%%QT_MKSPECDIR%%/wince50standard-armv4i-msvc2005/qmake.conf	493	%%QT_MKSPECDIR%%/wince50standard-armv4i-msvc2005/qmake.conf
492	%%QT_MKSPECDIR%%/wince50standard-armv4i-msvc2005/qplatformdefs.h	494	%%QT_MKSPECDIR%%/wince50standard-armv4i-msvc2005/qplatformdefs.h

Lines 3-9 Link Here

(-)devel/qt4/Makefile (-1 lines)
3		3
4	PORTNAME= qt4	4	PORTNAME= qt4
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 2
7	CATEGORIES= devel	6	CATEGORIES= devel
8		7
9	MAINTAINER= kde@FreeBSD.org	8	MAINTAINER= kde@FreeBSD.org

Lines 1-2 Link Here

(-)devel/qt4/distinfo (-2 / +2 lines)
1	SHA256 (KDE/qt-everywhere-opensource-src-4.8.6.tar.gz) = 8b14dd91b52862e09b8e6a963507b74bc2580787d171feda197badfa7034032c	1	SHA256 (KDE/qt-everywhere-opensource-src-4.8.7.tar.gz) = e2882295097e47fe089f8ac741a95fef47e0a73a3f3cdf21b56990638f626ea0
2	SIZE (KDE/qt-everywhere-opensource-src-4.8.6.tar.gz) = 241623667	2	SIZE (KDE/qt-everywhere-opensource-src-4.8.7.tar.gz) = 241075567




 fi
 
 # X11/MINGW/SYMBIAN OpenGL
@@ -7729,7 +7717,7 @@ case "$XPLATFORM" in
     *-g++*)
 	# Check gcc's version
 	case "$(${QMAKE_CONF_COMPILER} -dumpversion)" in
-	    4*|3.4*)
+	    5*|4*|3.4*)
 		;;
             3.3*)
                 canBuildWebKit="no"

Lines 3-9 Link Here

(-)devel/qt4-assistant/Makefile (-1 lines)
3		3
4	PORTNAME= assistant	4	PORTNAME= assistant
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= devel	6	CATEGORIES= devel
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)devel/qt4-corelib/Makefile (-1 lines)
3		3
4	PORTNAME= corelib	4	PORTNAME= corelib
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 5
7	CATEGORIES= devel	6	CATEGORIES= devel
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)devel/qt4-designer/Makefile (-1 lines)
3		3
4	PORTNAME= designer	4	PORTNAME= designer
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= devel	6	CATEGORIES= devel
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)devel/qt4-help/Makefile (-1 lines)
3		3
4	PORTNAME= help	4	PORTNAME= help
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= devel	6	CATEGORIES= devel
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)devel/qt4-linguist/Makefile (-1 lines)
3		3
4	PORTNAME= linguist	4	PORTNAME= linguist
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 2
7	CATEGORIES= devel	6	CATEGORIES= devel
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)devel/qt4-qmlviewer/Makefile (-1 lines)
3		3
4	PORTNAME= qmlviewer	4	PORTNAME= qmlviewer
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= devel	6	CATEGORIES= devel
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)devel/qt4-qt3support/Makefile (-1 lines)
3		3
4	PORTNAME= qt3support	4	PORTNAME= qt3support
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= devel x11-toolkits	6	CATEGORIES= devel x11-toolkits
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)devel/qt4-qvfb/Makefile (-1 lines)
3		3
4	PORTNAME= qvfb	4	PORTNAME= qvfb
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= devel	6	CATEGORIES= devel
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)devel/qt4-script/Makefile (-1 lines)
3		3
4	PORTNAME= script	4	PORTNAME= script
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= devel	6	CATEGORIES= devel
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8




--- src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h.orig	2014-04-10 20:37:12.000000000 +0200
+++ src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h	2014-04-24 15:06:18.000000000 +0200
@@ -71,18 +71,10 @@
 
 #if OS(WINDOWS) && !OS(WINCE)
 #include <windows.h>
-#elif OS(DARWIN)
-#include <libkern/OSAtomic.h>
 #elif OS(ANDROID)
 #include <cutils/atomic.h>
 #elif OS(QNX)
 #include <atomic.h>
-#elif COMPILER(GCC) && !OS(SYMBIAN)
-#if (__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 2))
-#include <ext/atomicity.h>
-#else
-#include <bits/atomicity.h>
-#endif
 #endif
 
 #if USE(PTHREADS)
@@ -230,12 +222,6 @@
 inline int atomicDecrement(int volatile* addend) { return InterlockedDecrement(reinterpret_cast<long volatile*>(addend)); }
 #endif
 
-#elif OS(DARWIN)
-#define WTF_USE_LOCKFREE_THREADSAFESHARED 1
-
-inline int atomicIncrement(int volatile* addend) { return OSAtomicIncrement32Barrier(const_cast<int*>(addend)); }
-inline int atomicDecrement(int volatile* addend) { return OSAtomicDecrement32Barrier(const_cast<int*>(addend)); }
-
 #elif OS(ANDROID)
 
 inline int atomicIncrement(int volatile* addend) { return android_atomic_inc(addend); }

Lines 2-8 Link Here

(-)devel/qt4-scripttools/Makefile (-1 lines)
2		2
3	PORTNAME= scripttools	3	PORTNAME= scripttools
4	DISTVERSION= ${QT4_VERSION}	4	DISTVERSION= ${QT4_VERSION}
5	PORTREVISION= 1
6	CATEGORIES= devel	5	CATEGORIES= devel
7	PKGNAMEPREFIX= qt4-	6	PKGNAMEPREFIX= qt4-
8		7

Lines 3-9 Link Here

(-)devel/qt4-testlib/Makefile (-1 lines)
3		3
4	PORTNAME= testlib	4	PORTNAME= testlib
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= devel	6	CATEGORIES= devel
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)graphics/qt4-imageformats/Makefile (-1 lines)
3		3
4	PORTNAME= imageformats	4	PORTNAME= imageformats
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 3
7	CATEGORIES= graphics	6	CATEGORIES= graphics
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8




commit f1b76c126c476c155af8c404b97c42cd1a709333
Author: Lars Knoll <lars.knoll@digia.com>
Date:   Thu Apr 24 15:33:27 2014 +0200

    Don't crash on broken GIF images
    
    Broken GIF images could set invalid width and height
    values inside the image, leading to Qt creating a null
    QImage for it. In that case we need to abort decoding
    the image and return an error.
    
    Initial patch by Rich Moore.
    
    Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5
    
    Task-number: QTBUG-38367
    Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a
    Security-advisory: CVE-2014-0190
    Reviewed-by: Richard J. Moore <rich@kde.org>

diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
index 3324f04..5199dd3 100644
--- src/gui/image/qgifhandler.cpp
+++ src/gui/image/qgifhandler.cpp
@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, const uchar *buffer, int length,
                     memset(bits, 0, image->byteCount());
                 }
 
+                // Check if the previous attempt to create the image failed. If it
+                // did then the image is broken and we should give up.
+                if (image->isNull()) {
+                    state = Error;
+                    return -1;
+                }
+
                 disposePrevious(image);
                 disposed = false;
 




commit a1cf194c54be57d6ab55dfd26b9562a60532208e
Author: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
Date:   Wed Mar 11 09:00:41 2015 +0100

    Fixes crash in gif image decoder
    
    Fuzzing test revealed that for certain malformed gif files,
    qgifhandler would segfault.
    
    Change-Id: I5bb6f60e1c61849e0d8c735edc3869945e5331c1
    (cherry picked from qtbase/ea2c5417fcd374302f5019e67f72af5facbd29f6)
    Reviewed-by: Richard J. Moore <rich@kde.org>

--- src/gui/image/qgifhandler.cpp
+++ src/gui/image/qgifhandler.cpp
@@ -944,6 +944,8 @@ void QGIFFormat::fillRect(QImage *image, int col, int row, int w, int h, QRgb co
 
 void QGIFFormat::nextY(unsigned char *bits, int bpl)
 {
+    if (out_of_bounds)
+        return;
     int my;
     switch (interlace) {
     case 0: // Non-interlaced




commit 3e55cd6dc467303a3c35312e9fcb255c2c048b32
Author: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
Date:   Wed Mar 11 13:34:01 2015 +0100

    Fixes crash in bmp and ico image decoding
    
    Fuzzing test revealed that for certain malformed bmp and ico files,
    the handler would segfault.
    
    Change-Id: I19d45145f31e7f808f7f6a1a1610270ea4159cbe
    (cherry picked from qtbase/2adbbae5432aa9d8cc41c6fcf55c2e310d2d4078)
    Reviewed-by: Richard J. Moore <rich@kde.org>

--- src/gui/image/qbmphandler.cpp
+++ src/gui/image/qbmphandler.cpp
@@ -478,12 +478,6 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
                             p = data + (h-y-1)*bpl;
                             break;
                         case 2:                        // delta (jump)
-                            // Protection
-                            if ((uint)x >= (uint)w)
-                                x = w-1;
-                            if ((uint)y >= (uint)h)
-                                y = h-1;
-
                             {
                                 quint8 tmp;
                                 d->getChar((char *)&tmp);
@@ -491,6 +485,13 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
                                 d->getChar((char *)&tmp);
                                 y += tmp;
                             }
+
+                            // Protection
+                            if ((uint)x >= (uint)w)
+                                x = w-1;
+                            if ((uint)y >= (uint)h)
+                                y = h-1;
+
                             p = data + (h-y-1)*bpl + x;
                             break;
                         default:                // absolute mode
--- src/plugins/imageformats/ico/qicohandler.cpp
+++ src/plugins/imageformats/ico/qicohandler.cpp
@@ -571,7 +571,7 @@ QImage ICOReader::iconAt(int index)
                 QImage::Format format = QImage::Format_ARGB32;
                 if (icoAttrib.nbits == 24)
                     format = QImage::Format_RGB32;
-                else if (icoAttrib.ncolors == 2)
+                else if (icoAttrib.ncolors == 2 && icoAttrib.depth == 1)
                     format = QImage::Format_Mono;
                 else if (icoAttrib.ncolors > 0)
                     format = QImage::Format_Indexed8;

Lines 3-9 Link Here

(-)graphics/qt4-opengl/Makefile (-1 lines)
3		3
4	PORTNAME= opengl	4	PORTNAME= opengl
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 2
7	CATEGORIES= graphics	6	CATEGORIES= graphics
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 7-12 Link Here

(-)graphics/qt4-opengl/pkg-plist (+1 lines)
7	%%QT_INCDIR%%/Qt/qglpixelbuffer.h	7	%%QT_INCDIR%%/Qt/qglpixelbuffer.h
8	%%QT_INCDIR%%/Qt/qglscreen_qws.h	8	%%QT_INCDIR%%/Qt/qglscreen_qws.h
9	%%QT_INCDIR%%/Qt/qglshaderprogram.h	9	%%QT_INCDIR%%/Qt/qglshaderprogram.h
		10	%%QT_INCDIR%%/QtOpenGL/QGL
10	%%QT_INCDIR%%/QtOpenGL/QGLBuffer	11	%%QT_INCDIR%%/QtOpenGL/QGLBuffer
11	%%QT_INCDIR%%/QtOpenGL/QGLColormap	12	%%QT_INCDIR%%/QtOpenGL/QGLColormap
12	%%QT_INCDIR%%/QtOpenGL/QGLContext	13	%%QT_INCDIR%%/QtOpenGL/QGLContext

Lines 3-9 Link Here

(-)graphics/qt4-svg/Makefile (-1 lines)
3		3
4	PORTNAME= svg	4	PORTNAME= svg
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= graphics	6	CATEGORIES= graphics
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 2-8 Link Here

(-)misc/qt4-l10n/Makefile (-1 lines)
2		2
3	PORTNAME= l10n	3	PORTNAME= l10n
4	DISTVERSION= ${QT4_VERSION}	4	DISTVERSION= ${QT4_VERSION}
5	PORTREVISION= 1
6	CATEGORIES= misc	5	CATEGORIES= misc
7	PKGNAMEPREFIX= qt4-	6	PKGNAMEPREFIX= qt4-
8		7

Lines 28-33 Link Here

(-)misc/qt4-l10n/pkg-plist (+1 lines)
28	%%QT_L10NDIR%%/linguist_de.qm	28	%%QT_L10NDIR%%/linguist_de.qm
29	%%QT_L10NDIR%%/linguist_eu.qm	29	%%QT_L10NDIR%%/linguist_eu.qm
30	%%QT_L10NDIR%%/linguist_fr.qm	30	%%QT_L10NDIR%%/linguist_fr.qm
		31	%%QT_L10NDIR%%/linguist_he.qm
31	%%QT_L10NDIR%%/linguist_hu.qm	32	%%QT_L10NDIR%%/linguist_hu.qm
32	%%QT_L10NDIR%%/linguist_ja.qm	33	%%QT_L10NDIR%%/linguist_ja.qm
33	%%QT_L10NDIR%%/linguist_ko.qm	34	%%QT_L10NDIR%%/linguist_ko.qm

Lines 3-9 Link Here

(-)misc/qt4-qtconfig/Makefile (-1 lines)
3		3
4	PORTNAME= qtconfig	4	PORTNAME= qtconfig
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= misc	6	CATEGORIES= misc
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)misc/qt4-qtdemo/Makefile (-1 lines)
3		3
4	PORTNAME= qtdemo	4	PORTNAME= qtdemo
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 2
7	CATEGORIES= misc	6	CATEGORIES= misc
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 2-8 Link Here

(-)multimedia/qt4-multimedia/Makefile (-1 lines)
2		2
3	PORTNAME= multimedia	3	PORTNAME= multimedia
4	DISTVERSION= ${QT4_VERSION}	4	DISTVERSION= ${QT4_VERSION}
5	PORTREVISION= 1
6	CATEGORIES= multimedia	5	CATEGORIES= multimedia
7	PKGNAMEPREFIX= qt4-	6	PKGNAMEPREFIX= qt4-
8		7

Lines 3-9 Link Here

(-)net/qt4-network/Makefile (-1 lines)
3		3
4	PORTNAME= network	4	PORTNAME= network
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= net ipv6	6	CATEGORIES= net ipv6
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)textproc/clucene-qt4/Makefile (-1 lines)
3		3
4	PORTNAME= clucene	4	PORTNAME= clucene
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= textproc	6	CATEGORIES= textproc
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)textproc/qt4-xml/Makefile (-1 lines)
3		3
4	PORTNAME= xml	4	PORTNAME= xml
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= textproc	6	CATEGORIES= textproc
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)textproc/qt4-xmlpatterns/Makefile (-1 lines)
3		3
4	PORTNAME= xmlpatterns	4	PORTNAME= xmlpatterns
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 1
7	CATEGORIES= textproc	6	CATEGORIES= textproc
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 3-9 Link Here

(-)www/webkit-qt4/Makefile (-1 lines)
3		3
4	PORTNAME= webkit	4	PORTNAME= webkit
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 2
7	CATEGORIES= www	6	CATEGORIES= www
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8

Lines 2-8 Link Here

(-)x11/qt4-graphicssystems-opengl/Makefile (-1 lines)
2		2
3	PORTNAME= graphicssystems	3	PORTNAME= graphicssystems
4	DISTVERSION= ${QT4_VERSION}	4	DISTVERSION= ${QT4_VERSION}
5	PORTREVISION= 1
6	CATEGORIES= x11	5	CATEGORIES= x11
7	PKGNAMEPREFIX= qt4-	6	PKGNAMEPREFIX= qt4-
8	PKGNAMESUFFIX= -opengl	7	PKGNAMESUFFIX= -opengl

Lines 2-8 Link Here

(-)x11-toolkits/qt4-declarative/Makefile (-1 lines)
2		2
3	PORTNAME= declarative	3	PORTNAME= declarative
4	DISTVERSION= ${QT4_VERSION}	4	DISTVERSION= ${QT4_VERSION}
5	PORTREVISION= 2
6	CATEGORIES= x11-toolkits	5	CATEGORIES= x11-toolkits
7	PKGNAMEPREFIX= qt4-	6	PKGNAMEPREFIX= qt4-
8		7

Lines 3-9 Link Here

(-)x11-toolkits/qt4-gui/Makefile (-1 lines)
3		3
4	PORTNAME= gui	4	PORTNAME= gui
5	DISTVERSION= ${QT4_VERSION}	5	DISTVERSION= ${QT4_VERSION}
6	PORTREVISION= 5
7	CATEGORIES= x11-toolkits	6	CATEGORIES= x11-toolkits
8	PKGNAMEPREFIX= qt4-	7	PKGNAMEPREFIX= qt4-
9		8




commit e50aa2252cdd5cb53eef7d8c4503c7edff634f68
Author: Richard J. Moore <rich@kde.org>
Date:   Tue Feb 24 19:02:35 2015 +0000

    Fix a division by zero when processing malformed BMP files.
    
    This fixes a division by 0 when processing a maliciously crafted BMP
    file. No impact beyond DoS.
    
    Backport of 661f6bfd032dacc62841037732816a583640e187
    
    Task-number: QTBUG-44547
    Change-Id: I43f06e752b11cb50669101460902a82b885ae618
    Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>

--- src/gui/image/qbmphandler.cpp
+++ src/gui/image/qbmphandler.cpp
@@ -319,10 +319,16 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
         }
     } else if (comp == BMP_BITFIELDS && (nbits == 16 || nbits == 32)) {
         red_shift = calc_shift(red_mask);
+        if (((red_mask >> red_shift) + 1) == 0)
+            return false;
         red_scale = 256 / ((red_mask >> red_shift) + 1);
         green_shift = calc_shift(green_mask);
+        if (((green_mask >> green_shift) + 1) == 0)
+            return false;
         green_scale = 256 / ((green_mask >> green_shift) + 1);
         blue_shift = calc_shift(blue_mask);
+        if (((blue_mask >> blue_shift) + 1) == 0)
+            return false;
         blue_scale = 256 / ((blue_mask >> blue_shift) + 1);
     } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) {
         blue_mask = 0x000000ff;




commit 3e55cd6dc467303a3c35312e9fcb255c2c048b32
Author: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
Date:   Wed Mar 11 13:34:01 2015 +0100

    Fixes crash in bmp and ico image decoding
    
    Fuzzing test revealed that for certain malformed bmp and ico files,
    the handler would segfault.
    
    Change-Id: I19d45145f31e7f808f7f6a1a1610270ea4159cbe
    (cherry picked from qtbase/2adbbae5432aa9d8cc41c6fcf55c2e310d2d4078)
    Reviewed-by: Richard J. Moore <rich@kde.org>

--- src/gui/image/qbmphandler.cpp
+++ src/gui/image/qbmphandler.cpp
@@ -478,12 +478,6 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
                             p = data + (h-y-1)*bpl;
                             break;
                         case 2:                        // delta (jump)
-                            // Protection
-                            if ((uint)x >= (uint)w)
-                                x = w-1;
-                            if ((uint)y >= (uint)h)
-                                y = h-1;
-
                             {
                                 quint8 tmp;
                                 d->getChar((char *)&tmp);
@@ -491,6 +485,13 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
                                 d->getChar((char *)&tmp);
                                 y += tmp;
                             }
+
+                            // Protection
+                            if ((uint)x >= (uint)w)
+                                x = w-1;
+                            if ((uint)y >= (uint)h)
+                                y = h-1;
+
                             p = data + (h-y-1)*bpl + x;
                             break;
                         default:                // absolute mode
--- src/plugins/imageformats/ico/qicohandler.cpp
+++ src/plugins/imageformats/ico/qicohandler.cpp
@@ -571,7 +571,7 @@ QImage ICOReader::iconAt(int index)
                 QImage::Format format = QImage::Format_ARGB32;
                 if (icoAttrib.nbits == 24)
                     format = QImage::Format_RGB32;
-                else if (icoAttrib.ncolors == 2)
+                else if (icoAttrib.ncolors == 2 && icoAttrib.depth == 1)
                     format = QImage::Format_Mono;
                 else if (icoAttrib.ncolors > 0)
                     format = QImage::Format_Indexed8;

Return to bug 202808

Lines 53-64 Link Here

(-)devel/qt4/files/extrapatch-configure (-9 lines)
53	fi	53	fi
54		54
55	# X11/MINGW/SYMBIAN OpenGL	55	# X11/MINGW/SYMBIAN OpenGL
56	@@ -7729,7 +7717,7 @@ case "$XPLATFORM" in
57	-g++)
58	# Check gcc's version
59	case "$(${QMAKE_CONF_COMPILER} -dumpversion)" in
60	- 4\|3.4)
61	+ 5\|4\|3.4*)
62	;;
63	3.3*)
64	canBuildWebKit="no"

Lines 1-34 Link Here

(-)devel/qt4-script/files/patch-src__3rdparty__javascriptcore__JavaScriptCore__wtf__Threading.h (-34 lines)
1	--- src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h.orig 2014-04-10 20:37:12.000000000 +0200
2	+++ src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h 2014-04-24 15:06:18.000000000 +0200
3	@@ -71,18 +71,10 @@
4
5	#if OS(WINDOWS) && !OS(WINCE)
6	#include <windows.h>
7	-#elif OS(DARWIN)
8	-#include <libkern/OSAtomic.h>
9	#elif OS(ANDROID)
10	#include <cutils/atomic.h>
11	#elif OS(QNX)
12	#include <atomic.h>
13	-#elif COMPILER(GCC) && !OS(SYMBIAN)
14	-#if (__GNUC__ > 4) \|\| ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 2))
15	-#include <ext/atomicity.h>
16	-#else
17	-#include <bits/atomicity.h>
18	-#endif
19	#endif
20
21	#if USE(PTHREADS)
22	@@ -230,12 +222,6 @@
23	inline int atomicDecrement(int volatile* addend) { return InterlockedDecrement(reinterpret_cast<long volatile*>(addend)); }
24	#endif
25
26	-#elif OS(DARWIN)
27	-#define WTF_USE_LOCKFREE_THREADSAFESHARED 1
28	-
29	-inline int atomicIncrement(int volatile* addend) { return OSAtomicIncrement32Barrier(const_cast<int*>(addend)); }
30	-inline int atomicDecrement(int volatile* addend) { return OSAtomicDecrement32Barrier(const_cast<int*>(addend)); }
31	-
32	#elif OS(ANDROID)
33
34	inline int atomicIncrement(int volatile* addend) { return android_atomic_inc(addend); }

Lines 1-38 Link Here

(-)graphics/qt4-imageformats/files/patch-CVE-2014-0190 (-38 lines)
1	commit f1b76c126c476c155af8c404b97c42cd1a709333
2	Author: Lars Knoll <lars.knoll@digia.com>
3	Date: Thu Apr 24 15:33:27 2014 +0200
4
5	Don't crash on broken GIF images
6
7	Broken GIF images could set invalid width and height
8	values inside the image, leading to Qt creating a null
9	QImage for it. In that case we need to abort decoding
10	the image and return an error.
11
12	Initial patch by Rich Moore.
13
14	Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5
15
16	Task-number: QTBUG-38367
17	Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a
18	Security-advisory: CVE-2014-0190
19	Reviewed-by: Richard J. Moore <rich@kde.org>
20
21	diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
22	index 3324f04..5199dd3 100644
23	--- src/gui/image/qgifhandler.cpp
24	+++ src/gui/image/qgifhandler.cpp
25	@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage image, const uchar buffer, int length,
26	memset(bits, 0, image->byteCount());
27	}
28
29	+ // Check if the previous attempt to create the image failed. If it
30	+ // did then the image is broken and we should give up.
31	+ if (image->isNull()) {
32	+ state = Error;
33	+ return -1;
34	+ }
35	+
36	disposePrevious(image);
37	disposed = false;
38

Lines 1-24 Link Here

(-)graphics/qt4-imageformats/files/patch-CVE-2015-1858 (-24 lines)
1	commit a1cf194c54be57d6ab55dfd26b9562a60532208e
2	Author: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
3	Date: Wed Mar 11 09:00:41 2015 +0100
4
5	Fixes crash in gif image decoder
6
7	Fuzzing test revealed that for certain malformed gif files,
8	qgifhandler would segfault.
9
10	Change-Id: I5bb6f60e1c61849e0d8c735edc3869945e5331c1
11	(cherry picked from qtbase/ea2c5417fcd374302f5019e67f72af5facbd29f6)
12	Reviewed-by: Richard J. Moore <rich@kde.org>
13
14	--- src/gui/image/qgifhandler.cpp
15	+++ src/gui/image/qgifhandler.cpp
16	@@ -944,6 +944,8 @@ void QGIFFormat::fillRect(QImage *image, int col, int row, int w, int h, QRgb co
17
18	void QGIFFormat::nextY(unsigned char *bits, int bpl)
19	{
20	+ if (out_of_bounds)
21	+ return;
22	int my;
23	switch (interlace) {
24	case 0: // Non-interlaced

Lines 1-53 Link Here

(-)graphics/qt4-imageformats/files/patch-CVE-2015-1859 (-53 lines)
1	commit 3e55cd6dc467303a3c35312e9fcb255c2c048b32
2	Author: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
3	Date: Wed Mar 11 13:34:01 2015 +0100
4
5	Fixes crash in bmp and ico image decoding
6
7	Fuzzing test revealed that for certain malformed bmp and ico files,
8	the handler would segfault.
9
10	Change-Id: I19d45145f31e7f808f7f6a1a1610270ea4159cbe
11	(cherry picked from qtbase/2adbbae5432aa9d8cc41c6fcf55c2e310d2d4078)
12	Reviewed-by: Richard J. Moore <rich@kde.org>
13
14	--- src/gui/image/qbmphandler.cpp
15	+++ src/gui/image/qbmphandler.cpp
16	@@ -478,12 +478,6 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
17	p = data + (h-y-1)*bpl;
18	break;
19	case 2: // delta (jump)
20	- // Protection
21	- if ((uint)x >= (uint)w)
22	- x = w-1;
23	- if ((uint)y >= (uint)h)
24	- y = h-1;
25	-
26	{
27	quint8 tmp;
28	d->getChar((char *)&tmp);
29	@@ -491,6 +485,13 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
30	d->getChar((char *)&tmp);
31	y += tmp;
32	}
33	+
34	+ // Protection
35	+ if ((uint)x >= (uint)w)
36	+ x = w-1;
37	+ if ((uint)y >= (uint)h)
38	+ y = h-1;
39	+
40	p = data + (h-y-1)*bpl + x;
41	break;
42	default: // absolute mode
43	--- src/plugins/imageformats/ico/qicohandler.cpp
44	+++ src/plugins/imageformats/ico/qicohandler.cpp
45	@@ -571,7 +571,7 @@ QImage ICOReader::iconAt(int index)
46	QImage::Format format = QImage::Format_ARGB32;
47	if (icoAttrib.nbits == 24)
48	format = QImage::Format_RGB32;
49	- else if (icoAttrib.ncolors == 2)
50	+ else if (icoAttrib.ncolors == 2 && icoAttrib.depth == 1)
51	format = QImage::Format_Mono;
52	else if (icoAttrib.ncolors > 0)
53	format = QImage::Format_Indexed8;

Lines 1-34 Link Here

(-)x11-toolkits/qt4-gui/files/patch-CVE-2015-0295 (-34 lines)
1	commit e50aa2252cdd5cb53eef7d8c4503c7edff634f68
2	Author: Richard J. Moore <rich@kde.org>
3	Date: Tue Feb 24 19:02:35 2015 +0000
4
5	Fix a division by zero when processing malformed BMP files.
6
7	This fixes a division by 0 when processing a maliciously crafted BMP
8	file. No impact beyond DoS.
9
10	Backport of 661f6bfd032dacc62841037732816a583640e187
11
12	Task-number: QTBUG-44547
13	Change-Id: I43f06e752b11cb50669101460902a82b885ae618
14	Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
15
16	--- src/gui/image/qbmphandler.cpp
17	+++ src/gui/image/qbmphandler.cpp
18	@@ -319,10 +319,16 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
19	}
20	} else if (comp == BMP_BITFIELDS && (nbits == 16 \|\| nbits == 32)) {
21	red_shift = calc_shift(red_mask);
22	+ if (((red_mask >> red_shift) + 1) == 0)
23	+ return false;
24	red_scale = 256 / ((red_mask >> red_shift) + 1);
25	green_shift = calc_shift(green_mask);
26	+ if (((green_mask >> green_shift) + 1) == 0)
27	+ return false;
28	green_scale = 256 / ((green_mask >> green_shift) + 1);
29	blue_shift = calc_shift(blue_mask);
30	+ if (((blue_mask >> blue_shift) + 1) == 0)
31	+ return false;
32	blue_scale = 256 / ((blue_mask >> blue_shift) + 1);
33	} else if (comp == BMP_RGB && (nbits == 24 \|\| nbits == 32)) {
34	blue_mask = 0x000000ff;