[SCM] Qt 4 packaging branch, squeeze, updated. debian/4.6.3-4+squeeze1-8-g78be4db
Lisandro Damián Nicanor Pérez
lisandro at alioth.debian.org
Sat Feb 9 18:42:44 UTC 2013
Gitweb-URL: http://git.debian.org/?p=pkg-kde/qt/qt4-x11.git;a=commitdiff;h=78be4db
The following commit has been merged in the squeeze branch:
commit 78be4db259a2d4a636e016f171f2347d94be4aa3
Author: Lisandro Damián Nicanor Pérez Meyer <perezmeyer at gmail.com>
Date: Sat Feb 9 15:42:28 2013 -0300
Fix CVE-2011-3194.
---
debian/changelog | 1 +
debian/patches/CVE-2011-3194.patch | 41 ++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 43 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 73c6a94..bd2d6bb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,6 +12,7 @@ qt4-x11 (4:4.6.3-4+squeeze2) UNRELEASED; urgency=high
* Add CVE-2011-3922.patch: Stack-buffer-overflow in glyph handling.
* Add Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch,
fixing CVE-2011-3193.
+ * Backport CVE-2011-3194.patch to fix CVE-2011-3194.
-- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Sat, 09 Feb 2013 13:43:51 -0300
diff --git a/debian/patches/CVE-2011-3194.patch b/debian/patches/CVE-2011-3194.patch
new file mode 100644
index 0000000..c505c98
--- /dev/null
+++ b/debian/patches/CVE-2011-3194.patch
@@ -0,0 +1,41 @@
+Description: fix tiff reader to handle TIFFTAG_SAMPLESPERPIXEL for grayscale images
+ This commit fixes reading a .tiff file from ImageMagick which reports
+ the following:
+ TIFFTAG_BITSPERSAMPLE = 8
+ TIFFTAG_SAMPLESPERPIXEL = 2
+ TIFFTAG_PHOTOMETRIC = PHOTOMETRIC_MINISBLACK
+ The reader uses QImage::Format_Indexed8, but since the samples per pixel
+ value this should be (non-existent) QImage::Format_Indexed16, causing
+ memory corruption. The fix falls back to the "normal" way of reading
+ tiff images.
+ .
+ This patch was backported by Lisandro Damián Nicanor Pérez Meyer
+ <lisandro at debian.org>
+Origin: backport, commit:cb6380beb81ab9571c547270c144988781fed465
+Author: L. Lunak <l.lunak at suse.cz>
+
+--- a/src/plugins/imageformats/tiff/qtiffhandler.cpp
++++ b/src/plugins/imageformats/tiff/qtiffhandler.cpp
+@@ -197,8 +197,12 @@ bool QTiffHandler::read(QImage *image)
+ if (!TIFFGetField(tiff, TIFFTAG_BITSPERSAMPLE, &bitPerSample))
+ bitPerSample = 1;
+
++ uint16 samplesPerPixel; // they may be e.g. grayscale with 2 samples per pixel
++ if (!TIFFGetField(tiff, TIFFTAG_SAMPLESPERPIXEL, &samplesPerPixel))
++ samplesPerPixel = 1;
++
+ bool grayscale = photometric == PHOTOMETRIC_MINISBLACK || photometric == PHOTOMETRIC_MINISWHITE;
+- if (grayscale && bitPerSample == 1) {
++ if (grayscale && bitPerSample == 1 && samplesPerPixel == 1) {
+ if (image->size() != QSize(width, height) || image->format() != QImage::Format_Mono)
+ *image = QImage(width, height, QImage::Format_Mono);
+ QVector<QRgb> colortable(2);
+@@ -220,7 +224,7 @@ bool QTiffHandler::read(QImage *image)
+ }
+ }
+ } else {
+- if ((grayscale || photometric == PHOTOMETRIC_PALETTE) && bitPerSample == 8) {
++ if ((grayscale || photometric == PHOTOMETRIC_PALETTE) && bitPerSample == 8 && samplesPerPixel == 1) {
+ if (image->size() != QSize(width, height) || image->format() != QImage::Format_Indexed8)
+ *image = QImage(width, height, QImage::Format_Indexed8);
+ if (!image->isNull()) {
diff --git a/debian/patches/series b/debian/patches/series
index 503f669..3470a97 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,6 +12,7 @@ CVE-2011-3922.patch
Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
# qt-copy patches
+CVE-2011-3194.patch
0180-window-role.diff
0195-compositing-properties.diff
0209-prevent-qt-mixing.diff
--
Qt 4 packaging
More information about the pkg-kde-commits
mailing list