Apply patch for security bug #508984. Add missing deps.

Package-Manager: portage-2.2.10/cvs/Linux x86_64 Manifest-Sign-Key: 0xDADED6B2671CB57D!
author: Davide Pesavento <pesa@gentoo.org> 2014-05-28 01:12:26 +0000
committer: Davide Pesavento <pesa@gentoo.org> 2014-05-28 01:12:26 +0000
commit: 8cf54f7afc78633f2b6a12e07b5c8bfc9c20ca1c (patch)
tree: f4a3f80babcab5f0592c3b3f3f699022928275a5 /dev-qt
parent: Depend on the same major version of www-client/chromium. (diff)
download: historical-8cf54f7afc78633f2b6a12e07b5c8bfc9c20ca1c.tar.gz
historical-8cf54f7afc78633f2b6a12e07b5c8bfc9c20ca1c.tar.bz2
historical-8cf54f7afc78633f2b6a12e07b5c8bfc9c20ca1c.zip
4 files changed, 276 insertions, 7 deletions
diff --git a/dev-qt/qtgui/ChangeLog b/dev-qt/qtgui/ChangeLog
index e01faa46706b..1259fb34002f 100644
--- a/dev-qt/qtgui/ChangeLog
+++ b/dev-qt/qtgui/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for dev-qt/qtgui
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtgui/ChangeLog,v 1.22 2014/04/23 11:38:19 zlogene Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtgui/ChangeLog,v 1.23 2014/05/28 01:12:25 pesa Exp $
+
+*qtgui-4.8.5-r2 (28 May 2014)
+
+  28 May 2014; Davide Pesavento <pesa@gentoo.org>
+  +files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch,
+  +qtgui-4.8.5-r2.ebuild:
+  Apply patch for security bug #508984. Add missing deps.
 
   23 Apr 2014; Mikle Kolyada <zlogene@gentoo.org> metadata.xml:
   Revert metadata.
diff --git a/dev-qt/qtgui/Manifest b/dev-qt/qtgui/Manifest
index 174fb2c2e0a7..a5b98924f718 100644
--- a/dev-qt/qtgui/Manifest
+++ b/dev-qt/qtgui/Manifest
@@ -2,17 +2,29 @@
 Hash: SHA256
 
 AUX qtgui-4.7.3-cups.patch 3297 SHA256 3ccfefb432015e4a4ea967b030c51b10dcdfb1f63445557908ddae5e75012d33 SHA512 4a8f828c79bde81ab1e39c9eaba4ef553582d85b62d6d182dda02820c4c8e046de6a25cc77d228955ed37fbc5b55f697a0a464af0bb3e171849851639e9ef4ee WHIRLPOOL 41d82843f91533a5cbb0c9945c9013d9c8f07be3f06fef1b52cf8d18483d9cdfd24fe1d53c18a2f1eebd7a504f1665f1859616ae460d6471dc1599cea63a7bda
+AUX qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch 1440 SHA256 f76ec92367e32cbff23b7fd5064ca7da4fa1146f458630b8897862072cbca554 SHA512 ce1a06dbb52f200b21621a4b7febbd2938d9fb2fa9117c7e1fd2e24283784d645b36bb79ebf411f07ecff774f8c4cde1fa5d27956e4f95f28e0181e5953817b3 WHIRLPOOL a4ee9986ab5df6a6c85282b7367afb2f1708b1a1f8b52e940fe09669bf2e9c6db0fd2cb1fe0b98df9a95a22ad2a6f35f7901d1521ea7acb798327716f53a3817
 AUX qtgui-4.8.5-keyboard-shortcuts.patch 1706 SHA256 597fe8717279af4db6bc074588ef9973b2a48e5249ea3e6e85266ce949335921 SHA512 60a3c28b9fd8032e5ee314f2dc6d043981441858d7b3a3da0d97d87c39599d7e09e398625c03bf44974c3782a824ab8f997f579fcd26e4a023bb7cfe04c0f443 WHIRLPOOL 77269a9d4285f3f8fb544299f5ed938430362cb45eecfa9506beee1cf3fbfa757113d35f40c25f3288c45591fd22a9b4ce64627e9c96d4b0cd25f701be20d5eb
 DIST qt-everywhere-opensource-src-4.8.5.tar.gz 241491467 SHA256 eb728f8268831dc4373be6403b7dd5d5dde03c169ad6882f9a8cb560df6aa138 SHA512 47118d1aa30c59a1eb74e805023cd060edcb35bb0944fe6651889254b75acbd4b83700ba92a9bc215663474d26330cb44f084098c380fac9270742659e5864eb WHIRLPOOL a18f47fd91b522d1543e415aff4f5056202e0cab03da9cfcae9fe2d4118cb1dd1d5fd6a5e2edb9c1e4a68563188d44440e234d268d9c0aef6e3ca3f0988dd357
 EBUILD qtgui-4.8.5-r1.ebuild 5661 SHA256 bc8ed1ba030dc609d567346b51bc8581e5aba7429834507a3309a3b397668b3a SHA512 676f6c4b1355ac97358316c6647ae98b4a3256531e605711d08a081e4b9f57948a5f334a1666bc890e423ab98a5d32c9b112bceeb71d0eb26c8e9275f6a26821 WHIRLPOOL f090a7f16a02e5f85d9346ef83d6cb6688f1881237e33792d491bd7ec034e1907637d54fa7c01bfa10d620fb5e85644581750af48c274e1d25df12650d2dc6c0
-MISC ChangeLog 36174 SHA256 bb76e7d3f25d016c3d9f21d34e7249972a505525fea73a472b9987c36881c085 SHA512 f95b7b3c3dcb0fe89dc030ba0ffac7960390160ca38e359e52a9ca917ec69a560b1aeac64bc35958943636099009764734d4c742556d2f01e9de3b6cee39f6b5 WHIRLPOOL 24f4f8355a53e266ccfb7580df660a8f6bfebeb3b049075c907c7940f034b277e6c3fd1e4ec30242204812fe3ce38d74a64e0c45bf4d815aaec2ba3b3e179db2
+EBUILD qtgui-4.8.5-r2.ebuild 5821 SHA256 e6e1b2aadb33ad48ac97d9011b26a02e0e9ebe3c08126e24fe995d1733cd165c SHA512 885d5d1dda219c34255f296d72c666179017dec221360163df754a0028accc37f6e918016d0f5bf2ee62cb38da840736d6f6aa0eff8bdd1d50301b4b02fa0efe WHIRLPOOL bf04372fb248ab392790df5ed875bf6c8481b5e35ae4cc7cbf2a1533fae044ad0ea1b9816d53d5d62bd918e2ac8f6f2ed3113de909fea87e7a80d7f468c8e8b3
+MISC ChangeLog 36397 SHA256 a33235cffec79233606079e1397c124193b94e4271efb01daa7d10fbb5c3bc0d SHA512 0a5205119b33514abfdd17c0a95682d64eaba1748e2912f7d6addaac5a5e11b1baaf63d45d2607f25e1fc08363f4a25d096307db72243b0cb1f132241bd8d66a WHIRLPOOL 3ce9fff548147c29d696cf5af31d651fb91fd956b7198c2ab42892522c2283a9b10020af44567e33ab816229db1efad9f7112901005e943775436a3f5a7feeed
 MISC metadata.xml 1058 SHA256 fea87cdb725fa8f278ed1310f49796cf553025a0e05d54fa813bd455ad4ab923 SHA512 360984939e4ff6607bfb207e826a54c8faf6c08f5f2b71d10cc7c08b374d2edb9cb91bff959a9626212d2548c09ed85a8c253e22c41aae28c885795e17cee0bb WHIRLPOOL 1d27158db4c3e2c735c5881972d9e10e12087789597a96042e8a9031d3eb847745101bd0fe7c68b42350ea581dcda8851c472e8c8db7982661a1ac89ceb117ca
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iJwEAQEIAAYFAlNXp3wACgkQG9wOWsQutdbSiAQA2qrFh3O3/TD5SR3SAR3aQqcG
-bFnJtBEfssvgqVV9FRF0h5FSPtPdRAKxsqwAHoVFYmZxTSzClq1b3DcEasxr3mKp
-DEthjjFkJSadetqde5W78eLYjPfSIr32cpAsN7v4Lf6bnBIm1g7adZgrKHpQouyi
-NBxpy2E1yDjRJc3Od/8=
-=MMts
+iQJ8BAEBCABmBQJThTf/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4N0Y5QkIzRDgwM0JERkYzMTc5RTI1MjhE
+QURFRDZCMjY3MUNCNTdEAAoJENre1rJnHLV95X0QALHzpLUmSlDM9MwKS7c7AzYF
+cRD7YJli5zAC+It5OxrpastkmZAokFtlm7S/NZQl9Pvcv3IQnt4rScLigA3vnX6k
+swPp87pq5p7WGj36MGG0opOFsuodnD4Spd5GgKmdKRZB7ka4ph6lsE7LnSeRbUUC
+uoYDtS6f6n6w+Rt8gQofiFuUnCAGgATY/Vq7OAzufRyq0lDwuEEo7AQph1B70WsX
+ps/uf5BOYh85+/q99YiUX1jN6jkp5s3B0NR8UkvP1joToIp1urL7hs005hc+EKbA
+p8uFaYRb034DC+gsM/sGslR8ssTu3cusgYbYJr9Io7C4gpmKnCe5BnebomKBwQx9
+CsobgHW9rTQ9ej2cSlzdzQvenXKISq20N54XJLbqsZSqgP3tcJTzjcP92TFkw2Kl
+ePVU99h/VSvlw7jAWQZ6yYml/9r8nmKwexrj5ydxGcQpm0QNxWQVmxUo/6TsbtpH
+0jh8+cE3r/tD0UGKc59i4z3lLE4hG7nkX5nwqvM4hgPXv3Eo0CN1R99fabAzDNbK
+szgs9rjDgH3LRGbMNleZ7pWDfYOhKSRHZzMZiBxXySZoXtJD81XYhrYExTsVZ300
+yFO7Fa9X9uHwrViZEex8Z5xSwzzvaSRCO9yAljNpY6PiRoqQExBCcIsuh95aK+Bc
+yzswlMAi6k4LwsW0uHws
+=iTW2
 -----END PGP SIGNATURE-----
diff --git a/dev-qt/qtgui/files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch b/dev-qt/qtgui/files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch
new file mode 100644
index 000000000000..d800caf97421
--- /dev/null
+++ b/dev-qt/qtgui/files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch
@@ -0,0 +1,43 @@
+From f1b76c126c476c155af8c404b97c42cd1a709333 Mon Sep 17 00:00:00 2001
+From: Lars Knoll <lars.knoll@digia.com>
+Date: Thu, 24 Apr 2014 15:33:27 +0200
+Subject: Don't crash on broken GIF images
+
+Broken GIF images could set invalid width and height
+values inside the image, leading to Qt creating a null
+QImage for it. In that case we need to abort decoding
+the image and return an error.
+
+Initial patch by Rich Moore.
+
+Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5
+
+Task-number: QTBUG-38367
+Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a
+Security-advisory: CVE-2014-0190
+Reviewed-by: Richard J. Moore <rich@kde.org>
+---
+ src/gui/image/qgifhandler.cpp | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
+index 3324f04..5199dd3 100644
+--- a/src/gui/image/qgifhandler.cpp
++++ b/src/gui/image/qgifhandler.cpp
+@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, const uchar *buffer, int length,
+                     memset(bits, 0, image->byteCount());
+                 }
+ 
++                // Check if the previous attempt to create the image failed. If it
++                // did then the image is broken and we should give up.
++                if (image->isNull()) {
++                    state = Error;
++                    return -1;
++                }
++
+                 disposePrevious(image);
+                 disposed = false;
+ 
+-- 
+1.9.3
+
diff --git a/dev-qt/qtgui/qtgui-4.8.5-r2.ebuild b/dev-qt/qtgui/qtgui-4.8.5-r2.ebuild
new file mode 100644
index 000000000000..36c0db43a1eb
--- /dev/null
+++ b/dev-qt/qtgui/qtgui-4.8.5-r2.ebuild
@@ -0,0 +1,207 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtgui/qtgui-4.8.5-r2.ebuild,v 1.1 2014/05/28 01:12:25 pesa Exp $
+
+EAPI=5
+
+inherit eutils qt4-build
+
+DESCRIPTION="The GUI module for the Qt toolkit"
+SLOT="4"
+if [[ ${QT4_BUILD_TYPE} == live ]]; then
+	KEYWORDS=""
+else
+	KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris"
+fi
+
+IUSE="+accessibility cups egl +glib gtkstyle mng nas nis qt3support tiff trace xinerama +xv"
+
+REQUIRED_USE="
+	gtkstyle? ( glib )
+"
+
+# cairo[-qt4] is needed because of bug 454066
+RDEPEND="
+	app-admin/eselect-qtgraphicssystem
+	~dev-qt/qtcore-${PV}[aqua=,debug=,glib=,qt3support=]
+	~dev-qt/qtscript-${PV}[aqua=,debug=]
+	media-libs/fontconfig
+	media-libs/freetype:2
+	media-libs/libpng:0=
+	sys-libs/zlib
+	virtual/jpeg:0
+	!aqua? (
+		x11-libs/libICE
+		x11-libs/libSM
+		x11-libs/libX11
+		x11-libs/libXcursor
+		x11-libs/libXext
+		x11-libs/libXfixes
+		x11-libs/libXi
+		x11-libs/libXrandr
+		x11-libs/libXrender
+		xinerama? ( x11-libs/libXinerama )
+		xv? ( x11-libs/libXv )
+	)
+	cups? ( net-print/cups )
+	egl? ( media-libs/mesa[egl] )
+	glib? ( dev-libs/glib:2 )
+	gtkstyle? (
+		x11-libs/cairo[-qt4]
+		x11-libs/gtk+:2[aqua=]
+	)
+	mng? ( >=media-libs/libmng-1.0.9:= )
+	nas? ( >=media-libs/nas-1.5 )
+	tiff? ( media-libs/tiff:0 )
+	!<dev-qt/qthelp-4.8.5:4
+"
+DEPEND="${RDEPEND}
+	!aqua? (
+		x11-proto/inputproto
+		x11-proto/xextproto
+		xinerama? ( x11-proto/xineramaproto )
+		xv? ( x11-proto/videoproto )
+	)
+"
+PDEPEND="qt3support? ( ~dev-qt/qt3support-${PV}[aqua=,debug=] )"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-4.7.3-cups.patch" # bug 323257
+	"${FILESDIR}/${P}-dont-crash-on-broken-GIF-images.patch" # bug 508984
+	"${FILESDIR}/${P}-keyboard-shortcuts.patch"
+)
+
+pkg_setup() {
+	QT4_TARGET_DIRECTORIES="
+		src/gui
+		src/scripttools
+		src/plugins/imageformats/gif
+		src/plugins/imageformats/ico
+		src/plugins/imageformats/jpeg
+		src/plugins/imageformats/tga
+		src/plugins/inputmethods"
+
+	QT4_EXTRACT_DIRECTORIES="
+		include
+		src"
+
+	use accessibility && QT4_TARGET_DIRECTORIES+=" src/plugins/accessible/widgets"
+	use mng && QT4_TARGET_DIRECTORIES+=" src/plugins/imageformats/mng"
+	use tiff && QT4_TARGET_DIRECTORIES+=" src/plugins/imageformats/tiff"
+	use trace && QT4_TARGET_DIRECTORIES+=" src/plugins/graphicssystems/trace tools/qttracereplay"
+
+	# mac version does not contain qtconfig?
+	[[ ${CHOST} != *-darwin* ]] && QT4_TARGET_DIRECTORIES+=" tools/qtconfig"
+
+	QT4_EXTRACT_DIRECTORIES="${QT4_TARGET_DIRECTORIES} ${QT4_EXTRACT_DIRECTORIES}"
+
+	qt4-build_pkg_setup
+}
+
+src_prepare() {
+	qt4-build_src_prepare
+
+	# Add -xvideo to the list of accepted configure options
+	sed -i -e 's:|-xinerama|:&-xvideo|:' configure || die
+}
+
+src_configure() {
+	myconf="$(qt_use accessibility)
+		$(qt_use cups)
+		$(qt_use glib)
+		$(qt_use mng libmng system)
+		$(qt_use nas nas-sound system)
+		$(qt_use nis)
+		$(qt_use tiff libtiff system)
+		$(qt_use egl)
+		$(qt_use qt3support)
+		$(qt_use gtkstyle)
+		$(qt_use xinerama)
+		$(qt_use xv xvideo)"
+
+	myconf+="
+		-system-libpng -system-libjpeg -system-zlib
+		-no-sql-mysql -no-sql-psql -no-sql-ibase -no-sql-sqlite -no-sql-sqlite2 -no-sql-odbc
+		-sm -xshape -xsync -xcursor -xfixes -xrandr -xrender -mitshm -xinput -xkb
+		-fontconfig -no-svg -no-webkit -no-phonon -no-opengl"
+
+	# bug 367045
+	[[ ${CHOST} == *86*-apple-darwin* ]] && myconf+=" -no-ssse3"
+
+	qt4-build_src_configure
+
+	if use gtkstyle; then
+		sed -i -e 's:-I/usr/include/qt4 ::' src/gui/Makefile || die "sed failed"
+	fi
+
+	sed -i -e 's:-I/usr/include/qt4/QtGui ::' src/gui/Makefile || die "sed failed"
+}
+
+src_install() {
+	QCONFIG_ADD="
+		mitshm tablet x11sm xcursor xfixes xinput xkb xrandr xrender xshape xsync
+		fontconfig system-freetype gif png system-png jpeg system-jpeg
+		$(usev accessibility)
+		$(usev cups)
+		$(use mng && echo system-mng)
+		$(usev nas)
+		$(usev nis)
+		$(use tiff && echo system-tiff)
+		$(usev xinerama)
+		$(use xv && echo xvideo)"
+	QCONFIG_REMOVE="no-freetype no-gif no-jpeg no-png no-gui"
+	QCONFIG_DEFINE="$(use accessibility && echo QT_ACCESSIBILITY)
+			$(use cups && echo QT_CUPS)
+			$(use egl && echo QT_EGL)
+			QT_FONTCONFIG QT_FREETYPE
+			$(use gtkstyle && echo QT_STYLE_GTK)
+			QT_IMAGEFORMAT_JPEG QT_IMAGEFORMAT_PNG
+			$(use mng && echo QT_IMAGEFORMAT_MNG)
+			$(use nas && echo QT_NAS)
+			$(use nis && echo QT_NIS)
+			$(use tiff && echo QT_IMAGEFORMAT_TIFF)
+			QT_SESSIONMANAGER QT_SHAPE QT_TABLET QT_XCURSOR QT_XFIXES
+			$(use xinerama && echo QT_XINERAMA)
+			QT_XINPUT QT_XKB QT_XRANDR QT_XRENDER QT_XSYNC
+			$(use xv && echo QT_XVIDEO)"
+
+	qt4-build_src_install
+
+	# install private headers
+	if use aqua && [[ ${CHOST##*-darwin} -ge 9 ]]; then
+		insinto "${QTLIBDIR#${EPREFIX}}"/QtGui.framework/Headers/private/
+	else
+		insinto "${QTHEADERDIR#${EPREFIX}}"/QtGui/private
+	fi
+	find "${S}"/src/gui -type f -name '*_p.h' -exec doins {} +
+
+	if use aqua && [[ ${CHOST##*-darwin} -ge 9 ]]; then
+		# rerun to get links to headers right
+		fix_includes
+	fi
+
+	# touch the available graphics systems
+	dodir /usr/share/qt4/graphicssystems
+	echo "default" > "${ED}"/usr/share/qt4/graphicssystems/raster || die
+	echo "" > "${ED}"/usr/share/qt4/graphicssystems/native || die
+
+	newicon tools/qtconfig/images/appicon.png qtconfig.png
+	make_desktop_entry qtconfig 'Qt Configuration Tool' qtconfig 'Qt;Settings;DesktopSettings'
+
+	# bug 388551
+	if use gtkstyle; then
+		local tempfile=${T}/${PN}${SLOT}.sh
+		cat <<-EOF > "${tempfile}"
+		export GTK2_RC_FILES=\${HOME}/.gtkrc-2.0
+		EOF
+		insinto /etc/profile.d
+		doins "${tempfile}"
+	fi
+}
+
+pkg_postinst() {
+	qt4-build_pkg_postinst
+
+	# raster is the default graphicssystem, set it on first install
+	eselect qtgraphicssystem set raster --use-old
+}
author	Davide Pesavento <pesa@gentoo.org>	2014-05-28 01:12:26 +0000
committer	Davide Pesavento <pesa@gentoo.org>	2014-05-28 01:12:26 +0000
commit	8cf54f7afc78633f2b6a12e07b5c8bfc9c20ca1c (patch)
tree	f4a3f80babcab5f0592c3b3f3f699022928275a5 /dev-qt
parent	Depend on the same major version of www-client/chromium. (diff)
download	historical-8cf54f7afc78633f2b6a12e07b5c8bfc9c20ca1c.tar.gz historical-8cf54f7afc78633f2b6a12e07b5c8bfc9c20ca1c.tar.bz2 historical-8cf54f7afc78633f2b6a12e07b5c8bfc9c20ca1c.zip