Apply patch for security bug #508984. Add missing deps.

(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0xDADED6B2671CB57D!)
author: Davide Pesavento <pesa@gentoo.org> 2014-05-28 01:12:25 +0000
committer: Davide Pesavento <pesa@gentoo.org> 2014-05-28 01:12:25 +0000
commit: c600689fbfcc6461de3c417b7867d35de6f4f700 (patch)
tree: 6d743c7141c8696d251d07ce2ef7b01b647f7c8b /dev-qt/qtgui
parent: Depend on the same major version of www-client/chromium. (diff)
download: gentoo-2-c600689fbfcc6461de3c417b7867d35de6f4f700.tar.gz
gentoo-2-c600689fbfcc6461de3c417b7867d35de6f4f700.tar.bz2
gentoo-2-c600689fbfcc6461de3c417b7867d35de6f4f700.zip
3 files changed, 258 insertions, 1 deletions
diff --git a/dev-qt/qtgui/ChangeLog b/dev-qt/qtgui/ChangeLog
index e01faa46706b..1259fb34002f 100644
--- a/dev-qt/qtgui/ChangeLog
+++ b/dev-qt/qtgui/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for dev-qt/qtgui
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtgui/ChangeLog,v 1.22 2014/04/23 11:38:19 zlogene Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtgui/ChangeLog,v 1.23 2014/05/28 01:12:25 pesa Exp $
+
+*qtgui-4.8.5-r2 (28 May 2014)
+
+  28 May 2014; Davide Pesavento <pesa@gentoo.org>
+  +files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch,
+  +qtgui-4.8.5-r2.ebuild:
+  Apply patch for security bug #508984. Add missing deps.
 
   23 Apr 2014; Mikle Kolyada <zlogene@gentoo.org> metadata.xml:
   Revert metadata.
diff --git a/dev-qt/qtgui/files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch b/dev-qt/qtgui/files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch
new file mode 100644
index 000000000000..d800caf97421
--- /dev/null
+++ b/dev-qt/qtgui/files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch
@@ -0,0 +1,43 @@
+From f1b76c126c476c155af8c404b97c42cd1a709333 Mon Sep 17 00:00:00 2001
+From: Lars Knoll <lars.knoll@digia.com>
+Date: Thu, 24 Apr 2014 15:33:27 +0200
+Subject: Don't crash on broken GIF images
+
+Broken GIF images could set invalid width and height
+values inside the image, leading to Qt creating a null
+QImage for it. In that case we need to abort decoding
+the image and return an error.
+
+Initial patch by Rich Moore.
+
+Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5
+
+Task-number: QTBUG-38367
+Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a
+Security-advisory: CVE-2014-0190
+Reviewed-by: Richard J. Moore <rich@kde.org>
+---
+ src/gui/image/qgifhandler.cpp | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
+index 3324f04..5199dd3 100644
+--- a/src/gui/image/qgifhandler.cpp
++++ b/src/gui/image/qgifhandler.cpp
+@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, const uchar *buffer, int length,
+                     memset(bits, 0, image->byteCount());
+                 }
+ 
++                // Check if the previous attempt to create the image failed. If it
++                // did then the image is broken and we should give up.
++                if (image->isNull()) {
++                    state = Error;
++                    return -1;
++                }
++
+                 disposePrevious(image);
+                 disposed = false;
+ 
+-- 
+1.9.3
+
diff --git a/dev-qt/qtgui/qtgui-4.8.5-r2.ebuild b/dev-qt/qtgui/qtgui-4.8.5-r2.ebuild
new file mode 100644
index 000000000000..36c0db43a1eb
--- /dev/null
+++ b/dev-qt/qtgui/qtgui-4.8.5-r2.ebuild
@@ -0,0 +1,207 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtgui/qtgui-4.8.5-r2.ebuild,v 1.1 2014/05/28 01:12:25 pesa Exp $
+
+EAPI=5
+
+inherit eutils qt4-build
+
+DESCRIPTION="The GUI module for the Qt toolkit"
+SLOT="4"
+if [[ ${QT4_BUILD_TYPE} == live ]]; then
+	KEYWORDS=""
+else
+	KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris"
+fi
+
+IUSE="+accessibility cups egl +glib gtkstyle mng nas nis qt3support tiff trace xinerama +xv"
+
+REQUIRED_USE="
+	gtkstyle? ( glib )
+"
+
+# cairo[-qt4] is needed because of bug 454066
+RDEPEND="
+	app-admin/eselect-qtgraphicssystem
+	~dev-qt/qtcore-${PV}[aqua=,debug=,glib=,qt3support=]
+	~dev-qt/qtscript-${PV}[aqua=,debug=]
+	media-libs/fontconfig
+	media-libs/freetype:2
+	media-libs/libpng:0=
+	sys-libs/zlib
+	virtual/jpeg:0
+	!aqua? (
+		x11-libs/libICE
+		x11-libs/libSM
+		x11-libs/libX11
+		x11-libs/libXcursor
+		x11-libs/libXext
+		x11-libs/libXfixes
+		x11-libs/libXi
+		x11-libs/libXrandr
+		x11-libs/libXrender
+		xinerama? ( x11-libs/libXinerama )
+		xv? ( x11-libs/libXv )
+	)
+	cups? ( net-print/cups )
+	egl? ( media-libs/mesa[egl] )
+	glib? ( dev-libs/glib:2 )
+	gtkstyle? (
+		x11-libs/cairo[-qt4]
+		x11-libs/gtk+:2[aqua=]
+	)
+	mng? ( >=media-libs/libmng-1.0.9:= )
+	nas? ( >=media-libs/nas-1.5 )
+	tiff? ( media-libs/tiff:0 )
+	!<dev-qt/qthelp-4.8.5:4
+"
+DEPEND="${RDEPEND}
+	!aqua? (
+		x11-proto/inputproto
+		x11-proto/xextproto
+		xinerama? ( x11-proto/xineramaproto )
+		xv? ( x11-proto/videoproto )
+	)
+"
+PDEPEND="qt3support? ( ~dev-qt/qt3support-${PV}[aqua=,debug=] )"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-4.7.3-cups.patch" # bug 323257
+	"${FILESDIR}/${P}-dont-crash-on-broken-GIF-images.patch" # bug 508984
+	"${FILESDIR}/${P}-keyboard-shortcuts.patch"
+)
+
+pkg_setup() {
+	QT4_TARGET_DIRECTORIES="
+		src/gui
+		src/scripttools
+		src/plugins/imageformats/gif
+		src/plugins/imageformats/ico
+		src/plugins/imageformats/jpeg
+		src/plugins/imageformats/tga
+		src/plugins/inputmethods"
+
+	QT4_EXTRACT_DIRECTORIES="
+		include
+		src"
+
+	use accessibility && QT4_TARGET_DIRECTORIES+=" src/plugins/accessible/widgets"
+	use mng && QT4_TARGET_DIRECTORIES+=" src/plugins/imageformats/mng"
+	use tiff && QT4_TARGET_DIRECTORIES+=" src/plugins/imageformats/tiff"
+	use trace && QT4_TARGET_DIRECTORIES+=" src/plugins/graphicssystems/trace tools/qttracereplay"
+
+	# mac version does not contain qtconfig?
+	[[ ${CHOST} != *-darwin* ]] && QT4_TARGET_DIRECTORIES+=" tools/qtconfig"
+
+	QT4_EXTRACT_DIRECTORIES="${QT4_TARGET_DIRECTORIES} ${QT4_EXTRACT_DIRECTORIES}"
+
+	qt4-build_pkg_setup
+}
+
+src_prepare() {
+	qt4-build_src_prepare
+
+	# Add -xvideo to the list of accepted configure options
+	sed -i -e 's:|-xinerama|:&-xvideo|:' configure || die
+}
+
+src_configure() {
+	myconf="$(qt_use accessibility)
+		$(qt_use cups)
+		$(qt_use glib)
+		$(qt_use mng libmng system)
+		$(qt_use nas nas-sound system)
+		$(qt_use nis)
+		$(qt_use tiff libtiff system)
+		$(qt_use egl)
+		$(qt_use qt3support)
+		$(qt_use gtkstyle)
+		$(qt_use xinerama)
+		$(qt_use xv xvideo)"
+
+	myconf+="
+		-system-libpng -system-libjpeg -system-zlib
+		-no-sql-mysql -no-sql-psql -no-sql-ibase -no-sql-sqlite -no-sql-sqlite2 -no-sql-odbc
+		-sm -xshape -xsync -xcursor -xfixes -xrandr -xrender -mitshm -xinput -xkb
+		-fontconfig -no-svg -no-webkit -no-phonon -no-opengl"
+
+	# bug 367045
+	[[ ${CHOST} == *86*-apple-darwin* ]] && myconf+=" -no-ssse3"
+
+	qt4-build_src_configure
+
+	if use gtkstyle; then
+		sed -i -e 's:-I/usr/include/qt4 ::' src/gui/Makefile || die "sed failed"
+	fi
+
+	sed -i -e 's:-I/usr/include/qt4/QtGui ::' src/gui/Makefile || die "sed failed"
+}
+
+src_install() {
+	QCONFIG_ADD="
+		mitshm tablet x11sm xcursor xfixes xinput xkb xrandr xrender xshape xsync
+		fontconfig system-freetype gif png system-png jpeg system-jpeg
+		$(usev accessibility)
+		$(usev cups)
+		$(use mng && echo system-mng)
+		$(usev nas)
+		$(usev nis)
+		$(use tiff && echo system-tiff)
+		$(usev xinerama)
+		$(use xv && echo xvideo)"
+	QCONFIG_REMOVE="no-freetype no-gif no-jpeg no-png no-gui"
+	QCONFIG_DEFINE="$(use accessibility && echo QT_ACCESSIBILITY)
+			$(use cups && echo QT_CUPS)
+			$(use egl && echo QT_EGL)
+			QT_FONTCONFIG QT_FREETYPE
+			$(use gtkstyle && echo QT_STYLE_GTK)
+			QT_IMAGEFORMAT_JPEG QT_IMAGEFORMAT_PNG
+			$(use mng && echo QT_IMAGEFORMAT_MNG)
+			$(use nas && echo QT_NAS)
+			$(use nis && echo QT_NIS)
+			$(use tiff && echo QT_IMAGEFORMAT_TIFF)
+			QT_SESSIONMANAGER QT_SHAPE QT_TABLET QT_XCURSOR QT_XFIXES
+			$(use xinerama && echo QT_XINERAMA)
+			QT_XINPUT QT_XKB QT_XRANDR QT_XRENDER QT_XSYNC
+			$(use xv && echo QT_XVIDEO)"
+
+	qt4-build_src_install
+
+	# install private headers
+	if use aqua && [[ ${CHOST##*-darwin} -ge 9 ]]; then
+		insinto "${QTLIBDIR#${EPREFIX}}"/QtGui.framework/Headers/private/
+	else
+		insinto "${QTHEADERDIR#${EPREFIX}}"/QtGui/private
+	fi
+	find "${S}"/src/gui -type f -name '*_p.h' -exec doins {} +
+
+	if use aqua && [[ ${CHOST##*-darwin} -ge 9 ]]; then
+		# rerun to get links to headers right
+		fix_includes
+	fi
+
+	# touch the available graphics systems
+	dodir /usr/share/qt4/graphicssystems
+	echo "default" > "${ED}"/usr/share/qt4/graphicssystems/raster || die
+	echo "" > "${ED}"/usr/share/qt4/graphicssystems/native || die
+
+	newicon tools/qtconfig/images/appicon.png qtconfig.png
+	make_desktop_entry qtconfig 'Qt Configuration Tool' qtconfig 'Qt;Settings;DesktopSettings'
+
+	# bug 388551
+	if use gtkstyle; then
+		local tempfile=${T}/${PN}${SLOT}.sh
+		cat <<-EOF > "${tempfile}"
+		export GTK2_RC_FILES=\${HOME}/.gtkrc-2.0
+		EOF
+		insinto /etc/profile.d
+		doins "${tempfile}"
+	fi
+}
+
+pkg_postinst() {
+	qt4-build_pkg_postinst
+
+	# raster is the default graphicssystem, set it on first install
+	eselect qtgraphicssystem set raster --use-old
+}
author	Davide Pesavento <pesa@gentoo.org>	2014-05-28 01:12:25 +0000
committer	Davide Pesavento <pesa@gentoo.org>	2014-05-28 01:12:25 +0000
commit	c600689fbfcc6461de3c417b7867d35de6f4f700 (patch)
tree	6d743c7141c8696d251d07ce2ef7b01b647f7c8b /dev-qt/qtgui
parent	Depend on the same major version of www-client/chromium. (diff)
download	gentoo-2-c600689fbfcc6461de3c417b7867d35de6f4f700.tar.gz gentoo-2-c600689fbfcc6461de3c417b7867d35de6f4f700.tar.bz2 gentoo-2-c600689fbfcc6461de3c417b7867d35de6f4f700.zip