|
|
Author: than
Update of /cvs/dist/rpms/qt/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv11086
Modified Files:
qt.spec
Added Files:
0073-xinerama-aware-qpopup.patch 0076-fix-qprocess.diff
0077-utf8-decoder-fixes.diff
Log Message:
- apply patches to fix
Qt UTF-8 overlong sequence decoding vulnerability
QPopupMenu aware of Xinerama
a regression in QProgress::writeToStdin()
0073-xinerama-aware-qpopup.patch:
qpopupmenu.cpp | 42 ++++++++++++++++++++++++------------------
qpopupmenu.h | 1 +
2 files changed, 25 insertions(+), 18 deletions(-)
--- NEW FILE 0073-xinerama-aware-qpopup.patch ---
qt-bugs@ issue : none
bugs.kde.org number : none
applied: no
author: Lubos Lunak <l.lunak@xxxxxxx>
Makes QPopupMenu aware of Xinerama (see e.g.
https://bugzilla.novell.com/show_bug.cgi?id=216235).
--- src/widgets/qpopupmenu.cpp
+++ src/widgets/qpopupmenu.cpp
@@ -454,6 +454,15 @@ void QPopupMenu::frameChanged()
menuContentsChanged();
}
+QRect QPopupMenu::screenRect( const QPoint& pos )
+{
+ int screen_num = QApplication::desktop()->screenNumber( pos );
+#ifdef Q_WS_MAC
+ return QApplication::desktop()->availableGeometry( screen_num );
+#else
+ return QApplication::desktop()->screenGeometry( screen_num );
+#endif
+}
/*!
Displays the popup menu so that the item number \a indexAtPoint
will be at the specified \e global position \a pos. To translate a
@@ -498,6 +507,15 @@ void QPopupMenu::popup( const QPoint &po
// point.
#endif
+ QRect screen = screenRect( geometry().center());
+ QRect screen2 = screenRect( QApplication::reverseLayout()
+ ? pos+QPoint(width(),0) : pos );
+ // if the widget is not in the screen given by the position, move it
+ // there, so that updateSize() uses the right size of the screen
+ if( screen != screen2 ) {
+ screen = screen2;
+ move( screen.x(), screen.y());
+ }
if(d->scroll.scrollable) {
d->scroll.scrollable = QPopupMenuPrivate::Scroll::ScrollNone;
d->scroll.topScrollableIndex = d->scroll.scrollableSize = 0;
@@ -517,18 +535,6 @@ void QPopupMenu::popup( const QPoint &po
updateSize(TRUE);
}
- int screen_num;
- if (QApplication::desktop()->isVirtualDesktop())
- screen_num =
- QApplication::desktop()->screenNumber(
QApplication::reverseLayout() ?
- pos+QPoint(width(),0) : pos
);
- else
- screen_num = QApplication::desktop()->screenNumber( this );
-#ifdef Q_WS_MAC
- QRect screen = QApplication::desktop()->availableGeometry( screen_num );
-#else
- QRect screen = QApplication::desktop()->screenGeometry( screen_num );
-#endif
int sw = screen.width(); // screen width
int sh = screen.height(); // screen height
int sx = screen.x(); // screen pos
@@ -1056,7 +1062,7 @@ QSize QPopupMenu::updateSize(bool force_
mi->iconSet()->pixmap( QIconSet::Small,
QIconSet::Normal ).width() + 4 );
}
- int dh = QApplication::desktop()->height();
+ int dh = screenRect( geometry().center()).height();
ncols = 1;
for ( QMenuItemListIt it2( *mitems ); it2.current(); ++it2 ) {
@@ -2297,9 +2303,9 @@ void QPopupMenu::subMenuTimer() {
bool right = FALSE;
if ( ( parentMenu && parentMenu->isPopupMenu &&
((QPopupMenu*)parentMenu)->geometry().x() < geometry().x() ) ||
- p.x() < 0 )
+ p.x() < screenRect( p ).left())
right = TRUE;
- if ( right && (ps.width() > QApplication::desktop()->width() -
mapToGlobal( r.topRight() ).x() ) )
+ if ( right && (ps.width() > screenRect( p ).right() - mapToGlobal(
r.topRight() ).x() ) )
right = FALSE;
if ( right )
p.setX( mapToGlobal( r.topRight() ).x() );
@@ -2310,7 +2316,7 @@ void QPopupMenu::subMenuTimer() {
bool left = FALSE;
if ( ( parentMenu && parentMenu->isPopupMenu &&
((QPopupMenu*)parentMenu)->geometry().x() > geometry().x() ) ||
- p.x() + ps.width() > QApplication::desktop()->width() )
+ p.x() + ps.width() > screenRect( p ).right() )
left = TRUE;
if ( left && (ps.width() > mapToGlobal( r.topLeft() ).x() ) )
left = FALSE;
@@ -2318,8 +2324,8 @@ void QPopupMenu::subMenuTimer() {
p.setX( mapToGlobal( r.topLeft() ).x() - ps.width() );
}
QRect pr = popup->itemGeometry(popup->count() - 1);
- if (p.y() + ps.height() > QApplication::desktop()->height() &&
- p.y() - ps.height() + (QCOORD) pr.height() >= 0)
+ if (p.y() + ps.height() > screenRect( p ).bottom() &&
+ p.y() - ps.height() + (QCOORD) pr.height() >= screenRect( p ).top())
p.setY( p.y() - ps.height() + (QCOORD) pr.height());
if ( style().styleHint(QStyle::SH_PopupMenu_SloppySubMenus, this )) {
Index: src/widgets/qpopupmenu.h
===================================================================
--- src/widgets/qpopupmenu.h (revision 636368)
+++ src/widgets/qpopupmenu.h (working copy)
@@ -152,6 +152,7 @@ private:
QSize updateSize(bool force_recalc=FALSE, bool do_resize=TRUE);
void updateRow( int row );
+ QRect screenRect(const QPoint& pos);
#ifndef QT_NO_ACCEL
void updateAccel( QWidget * );
void enableAccel( bool );
0076-fix-qprocess.diff:
qprocess.cpp | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE 0076-fix-qprocess.diff ---
qt-bugs@ issue : none
bugs.kde.org number : none
applied: no
author: from trolltech
Fixes a regression in QProgress::writeToStdin()
--- src/kernel/qprocess.cpp
+++ src/kernel/qprocess.cpp
@@ -727,7 +727,7 @@ void QProcess::closeStdinLaunch()
void QProcess::writeToStdin( const QString& buf )
{
QByteArray tmp = buf.local8Bit();
- tmp.resize( tmp.size() - 1 ); // drop the implicit \0
+ tmp.resize( qstrlen( tmp.data() ) );
writeToStdin( tmp );
}
0077-utf8-decoder-fixes.diff:
codecs/qutfcodec.cpp | 16 +++++++++++++++-
tools/qstring.cpp | 10 ++++++++++
2 files changed, 25 insertions(+), 1 deletion(-)
--- NEW FILE 0077-utf8-decoder-fixes.diff ---
qt-bugs@ issue : N154454
bugs.kde.org number : none
applied: no
author: Dirk Mueller <mueller@xxxxxxx>
This patch makes the utf8 decoders in Qt reject overlong
sequences, like required.
--- src/codecs/qutfcodec.cpp
+++ src/codecs/qutfcodec.cpp
@@ -154,6 +154,7 @@
class QUtf8Decoder : public QTextDecoder {
uint uc;
+ uint min_uc;
int need;
bool headerDone;
public:
@@ -167,8 +168,9 @@
result.setLength( len ); // worst case
QChar *qch = (QChar *)result.unicode();
uchar ch;
+ int error = -1;
for (int i=0; i<len; i++) {
- ch = *chars++;
+ ch = chars[i];
if (need) {
if ( (ch&0xc0) == 0x80 ) {
uc = (uc << 6) | (ch & 0x3f);
@@ -182,6 +184,8 @@
*qch++ = QChar(high);
*qch++ = QChar(low);
headerDone = TRUE;
+ } else if ((uc < min_uc) || (uc >= 0xd800 && uc <=
0xdfff) || (uc >= 0xfffe)) {
+ *qch++ = QChar::replacement;
} else {
if (headerDone || QChar(uc) != QChar::byteOrderMark)
*qch++ = uc;
@@ -190,6 +194,7 @@
}
} else {
// error
+ i = error;
*qch++ = QChar::replacement;
need = 0;
}
@@ -200,12 +205,21 @@
} else if ((ch & 0xe0) == 0xc0) {
uc = ch & 0x1f;
need = 1;
+ error = i;
+ min_uc = 0x80;
} else if ((ch & 0xf0) == 0xe0) {
uc = ch & 0x0f;
need = 2;
+ error = i;
+ min_uc = 0x800;
} else if ((ch&0xf8) == 0xf0) {
uc = ch & 0x07;
need = 3;
+ error = i;
+ min_uc = 0x10000;
+ } else {
+ // error
+ *qch++ = QChar::replacement;
}
}
}
--- src/tools/qstring.cpp
+++ src/tools/qstring.cpp
@@ -5805,6 +5805,7 @@
result.setLength( len ); // worst case
QChar *qch = (QChar *)result.unicode();
uint uc = 0;
+ uint min_uc = 0;
int need = 0;
int error = -1;
uchar ch;
@@ -5822,6 +5823,12 @@
unsigned short low = uc%0x400 + 0xdc00;
*qch++ = QChar(high);
*qch++ = QChar(low);
+ } else if (uc < min_uc || (uc >= 0xd800 && uc <= 0xdfff) ||
(uc >= 0xfffe)) {
+ // overlong seqence, UTF16 surrogate or BOM
+ i = error;
+ qch = addOne(qch, result);
+ *qch++ = QChar(0xdbff);
+ *qch++ = QChar(0xde00+((uchar)utf8[i]));
} else {
*qch++ = uc;
}
@@ -5844,14 +5851,17 @@
uc = ch & 0x1f;
need = 1;
error = i;
+ min_uc = 0x80;
} else if ((ch & 0xf0) == 0xe0) {
uc = ch & 0x0f;
need = 2;
error = i;
+ min_uc = 0x800;
} else if ((ch&0xf8) == 0xf0) {
uc = ch & 0x07;
need = 3;
error = i;
+ min_uc = 0x10000;
} else {
// Error
qch = addOne(qch, result);
Index: qt.spec
===================================================================
RCS file: /cvs/dist/rpms/qt/devel/qt.spec,v
retrieving revision 1.132
retrieving revision 1.133
diff -u -r1.132 -r1.133
--- qt.spec 27 Mar 2007 13:05:38 -0000 1.132
+++ qt.spec 2 Apr 2007 09:00:37 -0000 1.133
@@ -1,7 +1,7 @@
Summary: The shared library for the Qt GUI toolkit.
Name: qt
Version: 3.3.8
-Release: 2%{?dist}
+Release: 3%{?dist}
Epoch: 1
License: GPL/QPL
Group: System Environment/Libraries
@@ -53,6 +53,9 @@
Patch102: 0048-qclipboard_hack_80072.patch
Patch103: 0056-khotkeys_input_84434.patch
Patch104: qt-font-default-subst.diff
+patch105: 0073-xinerama-aware-qpopup.patch
+Patch106: 0076-fix-qprocess.diff
+Patch107: 0077-utf8-decoder-fixes.diff
# upstream patches
Patch200: qt-x11-free-3.3.4-fullscreen.patch
@@ -285,6 +288,10 @@
%patch102 -p0 -b .0048-qclipboard_hack_80072
%patch103 -p0 -b .0056-khotkeys_input_84434
%patch104 -p0 -b .qt-font-default-subst
+%patch105 -p0 -b .0073-xinerama-aware-qpopup
+%patch106 -p0 -b .0076-fix-qprocess
+%patch107 -p0 -b .0077-utf8-decoder-fixes
+
%patch200 -p1 -b .fullscreen
# convert to UTF-8
@@ -557,6 +564,12 @@
%changelog
+* Mon Apr 02 2007 Than Ngo <than@xxxxxxxxxx> - 1:3.3.8-3.fc7
+- apply patches to fix
+ Qt UTF-8 overlong sequence decoding vulnerability
+ QPopupMenu aware of Xinerama
+ a regression in QProgress::writeToStdin()
+
* Tue Mar 27 2007 Than Ngo <than@xxxxxxxxxx> 1:3.3.8-2.fc7
- enable tablet support
--
fedora-cvs-commits mailing list
fedora-cvs-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-cvs-commits
|
|