From 698c87579714bf013f6f40fd8ec02d9a06c02e6f Mon Sep 17 00:00:00 2001 From: kang_xiao_qiang Date: Sun, 20 Sep 2020 16:40:46 +0800 Subject: [PATCH 1/2] fix cve --- CVE-2020-17507.patch | 27 +++++++++++++++++++++++++++ qt.spec | 6 +++++- 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 CVE-2020-17507.patch diff --git a/CVE-2020-17507.patch b/CVE-2020-17507.patch new file mode 100644 index 0000000..5534134 --- /dev/null +++ b/CVE-2020-17507.patch @@ -0,0 +1,27 @@ +From 1a27a6cefbb457f2fb74159267835aaefb7c992d Mon Sep 17 00:00:00 2001 +From: kang_xiao_qiang +Date: Sun, 20 Sep 2020 15:35:21 +0800 +Subject: [PATCH] 2 + +--- + src/gui/image/qxbmhandler.cpp | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp +index 414e8233..7483b245 100644 +--- a/src/gui/image/qxbmhandler.cpp ++++ b/src/gui/image/qxbmhandler.cpp +@@ -154,7 +154,9 @@ static bool read_xbm_body(QIODevice *device, int w, int h, QImage *outImage) + w = (w+7)/8; // byte width + + while (y < h) { // for all encoded bytes... +- if (p) { // p = "0x.." ++ if (p && p < (buf + readBytes - 3)) { // p = "0x.." ++ if (!isxdigit(p[2]) || !isxdigit(p[3])) ++ return false; + *b++ = hex2byte(p+2); + p += 2; + if (++x == w && ++y < h) { +-- +2.23.0 + diff --git a/qt.spec b/qt.spec index 5407417..87bafd7 100644 --- a/qt.spec +++ b/qt.spec @@ -13,7 +13,7 @@ Name: qt Epoch: 1 Version: 4.8.7 -Release: 49 +Release: 50 Summary: A software toolkit for developing applications License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT URL: http://qt-project.org/ @@ -78,6 +78,7 @@ Patch6001: CVE-2018-19872.patch Patch6002: CVE-2018-19871.patch Patch6003: CVE-2018-19870.patch Patch6004: CVE-2018-19873.patch +Patch45: CVE-2020-17507.patch BuildRequires: cups-devel desktop-file-utils gcc-c++ libjpeg-devel findutils libmng-devel libtiff-devel pkgconfig pkgconfig(alsa) BuildRequires: pkgconfig(dbus-1) pkgconfig(fontconfig) pkgconfig(glib-2.0) pkgconfig(icu-i18n) openssl-devel pkgconfig(libpng) @@ -444,6 +445,9 @@ fi %{_qt4_prefix}/examples/ %changelog +* Sun Sep 20 2020 shaoqiang kang - 1:4.8.7-50 +- fix CVE-2020-17507 + * Tue Sep 2020 shaoqiang kang - 1:4.8.7-49 - Modify source -- Gitee From 41b163278ded0b9a87b9c2d26578aa6bc73e1048 Mon Sep 17 00:00:00 2001 From: kang_xiao_qiang Date: Sun, 20 Sep 2020 17:49:29 +0800 Subject: [PATCH 2/2] fix cve --- CVE-2020-17507.patch | 7 ++++--- qt.spec | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CVE-2020-17507.patch b/CVE-2020-17507.patch index 5534134..756ad15 100644 --- a/CVE-2020-17507.patch +++ b/CVE-2020-17507.patch @@ -1,8 +1,9 @@ From 1a27a6cefbb457f2fb74159267835aaefb7c992d Mon Sep 17 00:00:00 2001 -From: kang_xiao_qiang -Date: Sun, 20 Sep 2020 15:35:21 +0800 -Subject: [PATCH] 2 +From: Dmitry Shachnev +Date: Tue, 18 Aug 2020 16:16:57 +0300 +Subject: [PATCH] Backport upstream patch to fix buffer overflow in XBMparser. +Closes: #968444, CVE-2020-17507. --- src/gui/image/qxbmhandler.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/qt.spec b/qt.spec index 87bafd7..5582f17 100644 --- a/qt.spec +++ b/qt.spec @@ -78,7 +78,7 @@ Patch6001: CVE-2018-19872.patch Patch6002: CVE-2018-19871.patch Patch6003: CVE-2018-19870.patch Patch6004: CVE-2018-19873.patch -Patch45: CVE-2020-17507.patch +Patch45: CVE-2020-17507.patch BuildRequires: cups-devel desktop-file-utils gcc-c++ libjpeg-devel findutils libmng-devel libtiff-devel pkgconfig pkgconfig(alsa) BuildRequires: pkgconfig(dbus-1) pkgconfig(fontconfig) pkgconfig(glib-2.0) pkgconfig(icu-i18n) openssl-devel pkgconfig(libpng) -- Gitee