qt6-imageformats: fix CVE-2025-5683

srcpkgs/qt6-imageformats/patches/CVE-2025-5683-qtimageformats-6.8.patch

@@ -0,0 +1,28 @@
+diff --git a/src/plugins/imageformats/icns/qicnshandler.cpp b/src/plugins/imageformats/icns/qicnshandler.cpp
+index 6cf74b219a1..501394deede 100644
+--- a/src/plugins/imageformats/icns/qicnshandler.cpp
++++ b/src/plugins/imageformats/icns/qicnshandler.cpp
+@@ -324,8 +324,11 @@ static inline bool isPowOf2OrDividesBy16(quint32 u, qreal r)
+ 
+ static inline bool isBlockHeaderValid(const ICNSBlockHeader &header, quint64 bound = 0)
+ {
+-    return header.ostype != 0 && (bound == 0
+-                || qBound(quint64(ICNSBlockHeaderSize), quint64(header.length), bound) == header.length);
++    return header.ostype != 0 &&
++        (bound == 0 ||
++            // qBound can be used but requires checking the limits first
++            // this requires less operations
++            (ICNSBlockHeaderSize <= header.length && header.length <= bound));
+ }
+ 
+ static inline bool isIconCompressed(const ICNSEntry &icon)
+@@ -870,7 +873,7 @@ bool QICNSHandler::scanDevice()
+             return false;
+ 
+         const qint64 blockDataOffset = device()->pos();
+-        if (!isBlockHeaderValid(blockHeader, ICNSBlockHeaderSize + filelength - blockDataOffset)) {
++        if (!isBlockHeaderValid(blockHeader, ICNSBlockHeaderSize - blockDataOffset + filelength)) {
+             qWarning("QICNSHandler::scanDevice(): Failed, bad header at pos %s. OSType \"%s\", length %u",
+                      QByteArray::number(blockDataOffset).constData(),
+                      nameFromOSType(blockHeader.ostype).constData(), blockHeader.length);
+

srcpkgs/qt6-imageformats/template

@@ -1,7 +1,7 @@
 # Template file for 'qt6-imageformats'
 pkgname=qt6-imageformats
 version=6.8.2
-revision=1
+revision=2
 build_style=cmake
 hostmakedepends="perl qt6-base"
 makedepends="qt6-base-devel jasper-devel libmng-devel tiff-devel libwebp-devel"