Pullup ticket #4562 - requested by spz

x11/qt4-libs: security patch

Revisions pulled up:
- x11/qt4-libs/Makefile                                         1.102
- x11/qt4-libs/distinfo                                         1.95
- x11/qt4-libs/patches/patch-CVE-2014-0190                      1.1

---
   Module Name:	pkgsrc
   Committed By:	spz
   Date:		Fri Nov 28 21:07:52 UTC 2014

   Modified Files:
   	pkgsrc/x11/qt4-libs: Makefile distinfo
   Added Files:
   	pkgsrc/x11/qt4-libs/patches: patch-CVE-2014-0190

   Log Message:
   add the fix for CVE-2014-0190 from upstream
   can be dropped again with the next qt4 release

3 files changed, 45 insertions, 3 deletions

diff --git a/x11/qt4-libs/Makefile b/x11/qt4-libs/Makefile
index 7a843c629c7..f492452595a 100644
--- a/x11/qt4-libs/Makefile
+++ b/x11/qt4-libs/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.101 2014/08/23 20:09:31 wiz Exp $
+# $NetBSD: Makefile,v 1.101.2.1 2014/12/02 20:27:50 tron Exp $
 
 PKGNAME=	qt4-libs-${QTVERSION}
-PKGREVISION=	2
+PKGREVISION=	3
 COMMENT=	C++ X GUI toolkit
 
 .include "../../x11/qt4-libs/Makefile.common"
diff --git a/x11/qt4-libs/distinfo b/x11/qt4-libs/distinfo
index be7d6e54a1d..69da04f005a 100644
--- a/x11/qt4-libs/distinfo
+++ b/x11/qt4-libs/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.92 2014/08/23 20:09:31 wiz Exp $
+$NetBSD: distinfo,v 1.92.2.1 2014/12/02 20:27:50 tron Exp $
 
 SHA1 (qt-everywhere-opensource-src-4.8.6.tar.gz) = ddf9c20ca8309a116e0466c42984238009525da6
 RMD160 (qt-everywhere-opensource-src-4.8.6.tar.gz) = 0220d4e76ac761c9ecfb8ddab6f2c1dc6ad70c33
 Size (qt-everywhere-opensource-src-4.8.6.tar.gz) = 241623667 bytes
+SHA1 (patch-CVE-2014-0190) = 1e0b283cb0959caa3cb9b44694b3a61c77631593
 SHA1 (patch-aa) = 9b5f8bd980d8c3f38fd3c541380fd42d2a93a609
 SHA1 (patch-ab) = 447a888cbc784a54935f23d1005d6977374a484d
 SHA1 (patch-ac) = 078ddafefc719f248740f40e2063dae07cd601e5
diff --git a/x11/qt4-libs/patches/patch-CVE-2014-0190 b/x11/qt4-libs/patches/patch-CVE-2014-0190
new file mode 100644
index 00000000000..fc40db1f092
--- /dev/null
+++ b/x11/qt4-libs/patches/patch-CVE-2014-0190
@@ -0,0 +1,41 @@
+$NetBSD: patch-CVE-2014-0190,v 1.1.2.2 2014/12/02 20:27:50 tron Exp $
+
+patch for CVE-2014-0190 from https://codereview.qt-project.org/#/c/84035/1/src/gui/image/qgifhandler.cpp,unified
+
+Upstream commit message:
+   Author: Lars Knoll <lars.knoll@digia.com>
+   AuthorDate: 2014-04-24 15:33:27 +0200
+   Commit: Lars Knoll <lars.knoll@digia.com>
+   CommitDate: 2014-04-24 15:43:28 +0200
+   
+   Don't crash on broken GIF images
+   
+   Broken GIF images could set invalid width and height
+   values inside the image, leading to Qt creating a null
+   QImage for it. In that case we need to abort decoding
+   the image and return an error.
+   
+   Initial patch by Rich Moore.
+   
+   Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5
+   
+   Task-number: QTBUG-38367
+   Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a
+   Security-advisory: CVE-2014-0190
+
+--- src/gui/image/qgifhandler.cpp.orig	2014-04-10 18:37:12.000000000 +0000
++++ src/gui/image/qgifhandler.cpp
+@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, co
+                     memset(bits, 0, image->byteCount());
+                 }
+ 
++                // Check if the previous attempt to create the image failed. If it
++                // did then the image is broken and we should give up.
++                if (image->isNull()) {
++                    state = Error;
++                    return -1;
++                }
++
+                 disposePrevious(image);
+                 disposed = false;
+