KDE Frameworks 5.55.0

OBS-URL: https://build.opensuse.org/package/show/KDE:Frameworks5/kimageformats?expand=0&rev=165
2019-02-12 19:03:23 +00:00 · 2019-02-12 19:03:23 +00:00 · 67209f41fd
commit 67209f41fd
parent 2dad735ad1
5 changed files with 18 additions and 153 deletions
--- a/0001-Fix-various-OOB-reads-and-writes-in-kimg_tga-and-kim.patch
+++ b/0001-Fix-various-OOB-reads-and-writes-in-kimg_tga-and-kim.patch
@ -1,145 +0,0 @@
-From 51d710adda146bc19427c9ea3443c9e0919e6647 Mon Sep 17 00:00:00 2001
-From: Fabian Vogt <fabian@ritter-vogt.de>
-Date: Sun, 20 Jan 2019 12:51:02 +0100
-Subject: [PATCH] Fix various OOB reads and writes in kimg_tga and kimg_xcf
-
-Summary:
-I had a look at some image loading code in kimageformats and found memory
-corruption bugs (there might be more):
-
- oobwrite4b.xcf: OOB write in kimg_xcf:
-
-By overflowing the "size = 3 * ncolors + 4;" calculation, it's possible to make
-size == 3 or size == 0, which then allows 1 or 4 bytes to be overwritten:
-https://cgit.kde.org/kimageformats.git/tree/src/imageformats/xcf.cpp?id=3f2552f21b1cdef063c2a93cc95d42a8cf907fcf#n484
-The values aren't arbitrary, so AFAICT DoS only.
-Fix is to move the sanity check for size below the assignment.
-
- oobread.tga: OOB read in kimg_tga:
-
-By overflowing the "size = tga.width * tga.height * pixel_size" calculation,
-it's possible to cause OOB reads later on as the image data array is too small:
-https://cgit.kde.org/kimageformats.git/tree/src/imageformats/tga.cpp?id=3f2552f21b1cdef063c2a93cc95d42a8cf907fcf#n192
-Fix is to use a 64bit integer instead.
-
- oobwrite4b.tga/oobwrite507.tga: OOB write in kimg_tga
-
-If RLE is enabled, any size checks are skipped, so it's possible to write
-either 128 repetitions of an arbitrary four byte value (oobwrite4b.tga)
-or or 507 arbitrary bytes (oobwrite507.tga) out of bounds.
-https://cgit.kde.org/kimageformats.git/tree/src/imageformats/tga.cpp?id=3f2552f21b1cdef063c2a93cc95d42a8cf907fcf#n209
-Fix is to check for "num" being negative before reading into the buffer.
-
-Also, bail out early if there is no more data available (reading a 65kx65k px image from 14B data takes ages otherwise)
-
-Test Plan:
-Stopped crashing and valgrind don't complain anymore.
-
-TGA preview still works for valid files.
-
-Reviewers: aacid
-
-Reviewed By: aacid
-
-Subscribers: lbeltrame, kde-frameworks-devel
-
-Tags: #frameworks
-
-Differential Revision: https://phabricator.kde.org/D18574
---
- src/imageformats/tga.cpp | 27 +++++++++++++++++++++++----
- src/imageformats/xcf.cpp |  3 ++-
- 2 files changed, 25 insertions(+), 5 deletions(-)
-
-diff --git a/src/imageformats/tga.cpp b/src/imageformats/tga.cpp
-index 3a22b45..9217bed 100644
--- a/src/imageformats/tga.cpp
-+++ b/src/imageformats/tga.cpp
-@@ -189,7 +189,7 @@ static bool LoadTGA(QDataStream &s, const TgaHeader &tga, QImage &img)
-     }
- 
-     uint pixel_size = (tga.pixel_size / 8);
-    uint size = tga.width * tga.height * pixel_size;
-+    qint64 size = qint64(tga.width) * qint64(tga.height) * pixel_size;
- 
-     if (size < 1) {
- //          qDebug() << "This TGA file is broken with size " << size;
-@@ -204,20 +204,34 @@ static bool LoadTGA(QDataStream &s, const TgaHeader &tga, QImage &img)
-     }
- 
-     // Allocate image.
-    uchar *const image = new uchar[size];
-+    uchar *const image = reinterpret_cast<uchar*>(malloc(size));
-+    if (!image) {
-+        return false;
-+    }
-+
-+    bool valid = true;
- 
-     if (info.rle) {
-         // Decode image.
-         char *dst = (char *)image;
-        int num = size;
-+        qint64 num = size;
- 
-         while (num > 0) {
-+            if (s.atEnd()) {
-+                valid = false;
-+                break;
-+            }
-+
-             // Get packet header.
-             uchar c;
-             s >> c;
- 
-             uint count = (c & 0x7f) + 1;
-             num -= count * pixel_size;
-+            if (num < 0) {
-+                valid = false;
-+                break;
-+            }
- 
-             if (c & 0x80) {
-                 // RLE pixels.
-@@ -240,6 +254,11 @@ static bool LoadTGA(QDataStream &s, const TgaHeader &tga, QImage &img)
-         s.readRawData((char *)image, size);
-     }
- 
-+    if (!valid) {
-+        free(image);
-+        return false;
-+    }
-+
-     // Convert image to internal format.
-     int y_start, y_step, y_end;
-     if (tga.flags & TGA_ORIGIN_UPPER) {
-@@ -294,7 +313,7 @@ static bool LoadTGA(QDataStream &s, const TgaHeader &tga, QImage &img)
-     }
- 
-     // Free image.
-    delete [] image;
-+    free(image);
- 
-     return true;
- }
-diff --git a/src/imageformats/xcf.cpp b/src/imageformats/xcf.cpp
-index f837112..3afb599 100644
--- a/src/imageformats/xcf.cpp
-+++ b/src/imageformats/xcf.cpp
-@@ -495,11 +495,12 @@ bool XCFImageFormat::loadProperty(QDataStream &xcf_io, PropType &type, QByteArra
-         quint32 ncolors;
-         xcf_io >> ncolors;
- 
-+        size = 3 * ncolors + 4;
-+
-         if (size > 65535 || size < 4) {
-             return false;
-         }
- 
-        size = 3 * ncolors + 4;
-         data = new char[size];
- 
-         // since we already read "ncolors" from the stream, we put that data back
-- 
-2.20.1
-
--- a/kimageformats-5.54.0.tar.xz
+++ b/kimageformats-5.54.0.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:25c4476be9eeea57254b4fb30ea25e169d887d060b1ff176e7ccb687d5bfdf75
-size 203148
--- a/kimageformats-5.55.0.tar.xz
+++ b/kimageformats-5.55.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e1affc14c27c1dbf66839a3a132c8b6eb2df941bfc385fe2a57ba4542ada1d42
+size 204296
--- a/kimageformats.changes
+++ b/kimageformats.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Sun Feb 10 22:03:10 UTC 2019 - lbeltrame@kde.org
+
+- Update to 5.55.0
+  * New feature release
+  * For more details please see:
+  * https://www.kde.org/announcements/kde-frameworks-5.55.0.php
+- Changes since 5.54.0:
+  * Too many changes to list here
+- Dropped patches, now upstream:
+  * 0001-Fix-various-OOB-reads-and-writes-in-kimg_tga-and-kim.patch
+
 -------------------------------------------------------------------
 Thu Jan 31 07:48:50 UTC 2019 - Fabian Vogt <fabian@ritter-vogt.de>

--- a/kimageformats.spec
+++ b/kimageformats.spec
@ -16,13 +16,13 @@
 #


-%define _tar_path 5.54
+%define _tar_path 5.55
 # Full KF5 version (e.g. 5.33.0)
 %{!?_kf5_version: %global _kf5_version %{version}}
 # Last major and minor KF5 version (e.g. 5.33)
 %{!?_kf5_bugfix_version: %define _kf5_bugfix_version %(echo %{_kf5_version} | awk -F. '{print $1"."$2}')}
 Name:           kimageformats
-Version:        5.54.0
+Version:        5.55.0
 Release:        0
 Summary:        Image format plugins for Qt
 License:        LGPL-2.1-or-later
@ -30,8 +30,6 @@ Group:          System/GUI/KDE
 URL:            https://www.kde.org
 Source:         http://download.kde.org/stable/frameworks/%{_tar_path}/%{name}-%{version}.tar.xz
 Source1:        baselibs.conf
-# PATCH-FIX-UPSTREAM
-Patch001:       0001-Fix-various-OOB-reads-and-writes-in-kimg_tga-and-kim.patch
 BuildRequires:  cmake >= 3.0
 BuildRequires:  extra-cmake-modules >= %{_kf5_bugfix_version}
 BuildRequires:  fdupes
@ -65,7 +63,7 @@ it invokes ghostscript for conversion, it should only be used in trusted
 environments.

 %prep
-%autosetup -p1
+%setup -q

 %build
  %cmake_kf5 -d build