rpms/qt5-qtbase
6
0
Fork 0
Code Issues Pull Requests Releases Activity

fixed bz#1994719, CVE-2021-38593

Browse Source
This commit is contained in:
Than Ngo 2022-05-30 14:26:12 +02:00
parent f38863308a
commit 05667a24ea
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
qt5-qtbase.spec
View File

@ -61,7 +61,7 @@ BuildRequires: pkgconfig(libsystemd)
Name: qt5-qtbase Name: qt5-qtbase
Summary: Qt5 - QtBase components Summary: Qt5 - QtBase components
Version: 5.15.4 Version: 5.15.4
Release: 2%{?dist} Release: 3%{?dist}
# See LGPL_EXCEPTIONS.txt, for exception details # See LGPL_EXCEPTIONS.txt, for exception details
License: LGPLv2 with exceptions or GPLv3 with exceptions License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -149,6 +149,8 @@ Patch90: %{name}-gcc11.patch
Patch100: kde-5.15-rollup-20220516.patch.gz Patch100: kde-5.15-rollup-20220516.patch.gz
# HACK to make 'fedpkg sources' consider it 'used" # HACK to make 'fedpkg sources' consider it 'used"
Source100: kde-5.15-rollup-20220516.patch.gz Source100: kde-5.15-rollup-20220516.patch.gz
# CVS-2021-38593
Patch101: qtbase-everywhere-src-5.15.4-cve-2021-38593.patch
# Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
# Those themes are there for platform integration. If the required libraries are # Those themes are there for platform integration. If the required libraries are
@ -426,6 +428,7 @@ Qt5 libraries used for drawing widgets and OpenGL items.
## upstream patches ## upstream patches
%patch100 -p1 %patch100 -p1
%patch101 -p1
# move some bundled libs to ensure they're not accidentally used # move some bundled libs to ensure they're not accidentally used
pushd src/3rdparty pushd src/3rdparty
@ -1103,6 +1106,9 @@ fi
%changelog %changelog
* Mon May 30 2022 Than Ngo <than@redhat.com> - 5.15.4-3
- bz#1994719, CVE-2021-38593
* Sun May 22 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.4-2 * Sun May 22 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.4-2
- Rebuild (broken update) - Rebuild (broken update)

12
qtbase-everywhere-src-5.15.4-cve-2021-38593.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up qtbase-everywhere-src-5.15.4/src/gui/painting/qpaintengineex.cpp.me qtbase-everywhere-src-5.15.4/src/gui/painting/qpaintengineex.cpp
--- qtbase-everywhere-src-5.15.4/src/gui/painting/qpaintengineex.cpp.me 2022-05-30 14:21:52.215469841 +0200
+++ qtbase-everywhere-src-5.15.4/src/gui/painting/qpaintengineex.cpp 2022-05-30 14:22:39.552558748 +0200
@@ -426,7 +426,7 @@ void QPaintEngineEx::stroke(const QVecto
patternLength *= pw;
if (qFuzzyIsNull(patternLength)) {
pen.setStyle(Qt::NoPen);
- } else if (extent / patternLength > 10000) {
+ } else if (qFuzzyIsNull(extent) || extent / patternLength > 10000) {
// approximate stream of tiny dashes with semi-transparent solid line
pen.setStyle(Qt::SolidLine);
QColor color(pen.color());