rpms/qt5-qtsvg
6
0
Fork 0
Code Issues Pull Requests Releases Activity

5.15.3

Browse Source 
side-tag: c9s-build-side-453

Resolves: bz#2061369
This commit is contained in:
Jan Grulich 2022-03-30 13:18:12 +02:00
parent 2f83391732
commit 1a6207b0c7
5 changed files with 38 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -11,3 +11,4 @@
/qtsvg-everywhere-src-5.14.2.tar.xz /qtsvg-everywhere-src-5.14.2.tar.xz
/qtsvg-everywhere-src-5.15.1.tar.xz /qtsvg-everywhere-src-5.15.1.tar.xz
/qtsvg-everywhere-src-5.15.2.tar.xz /qtsvg-everywhere-src-5.15.2.tar.xz
/qtsvg-everywhere-opensource-src-5.15.3.tar.xz

14
qt5-qtsvg.spec
View File

@ -4,20 +4,18 @@
Summary: Qt5 - Support for rendering and displaying SVG Summary: Qt5 - Support for rendering and displaying SVG
Name: qt5-%{qt_module} Name: qt5-%{qt_module}
Version: 5.15.2 Version: 5.15.3
Release: 8%{?dist} Release: 1%{?dist}
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
License: LGPLv2 with exceptions or GPLv3 with exceptions License: LGPLv2 with exceptions or GPLv3 with exceptions
Url: http://www.qt.io Url: http://www.qt.io
%global majmin %(echo %{version} | cut -d. -f1-2) %global majmin %(echo %{version} | cut -d. -f1-2)
Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-opensource-src-%{version}.tar.xz
# upstream fix # upstream fix
Patch0: qtsvg-5.15.2-clamp-parsed-doubles-to-float-representtable-values.patch Patch0: qtsvg-5.15.2-clamp-parsed-doubles-to-float-representtable-values.patch
Patch1: qtsvg-5.15.2-do-strict-error-checking-when-parsing-path-nodes.patch
# CVE-2021-45930 qt5-qtsvg: qt: out-of-bounds write may lead to DoS
Patch1: qtsvg-do-stricter-error-checking-when-parsing-path-nodes.patch
BuildRequires: make BuildRequires: make
BuildRequires: qt5-qtbase-devel >= %{version} BuildRequires: qt5-qtbase-devel >= %{version}
@ -113,6 +111,10 @@ popd
%endif %endif
%changelog %changelog
* Mon Mar 28 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.3-1
- 5.15.3
Resolves: bz#2061369
* Tue Jan 11 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.2-8 * Tue Jan 11 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.2-8
- Fix out-of-bound write that may lead to DoS - Fix out-of-bound write that may lead to DoS
Resolves: bz#2038488 Resolves: bz#2038488

25
qtsvg-5.15.2-clamp-parsed-doubles-to-float-representtable-values.patch
View File

@ -1,25 +1,18 @@
diff -up qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp.orig qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
--- qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp.orig 2020-10-27 09:02:11.000000000 +0100 index b3d9aaf..9dac05c 100644
+++ qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp 2021-03-09 17:48:50.187425243 +0100 --- a/src/svg/qsvghandler.cpp
@@ -65,6 +65,7 @@ +++ b/src/svg/qsvghandler.cpp
#include "private/qmath_p.h" @@ -673,7 +673,8 @@ static qreal toDouble(const QChar *&str)
#include "float.h"
+#include <cmath>
QT_BEGIN_NAMESPACE
@@ -672,6 +673,9 @@ static qreal toDouble(const QChar *&str)
val = -val; val = -val;
} else { } else {
val = QByteArray::fromRawData(temp, pos).toDouble(); val = QByteArray::fromRawData(temp, pos).toDouble();
- if (qFpClassify(val) != FP_NORMAL)
+ // Do not tolerate values too wild to be represented normally by floats + // Do not tolerate values too wild to be represented normally by floats
+ if (std::fpclassify(float(val)) != FP_NORMAL) + if (qFpClassify(float(val)) != FP_NORMAL)
+ val = 0; val = 0;
} }
return val; return val;
@@ -3046,6 +3047,8 @@ static QSvgStyleProperty *createRadialGradientNode(QSvgNode *node,
@@ -3043,6 +3047,8 @@ static QSvgStyleProperty *createRadialGr
ncy = toDouble(cy); ncy = toDouble(cy);
if (!r.isEmpty()) if (!r.isEmpty())
nr = toDouble(r); nr = toDouble(r);

64
qtsvg-do-stricter-error-checking-when-parsing-path-nodes.patch → qtsvg-5.15.2-do-strict-error-checking-when-parsing-path-nodes.patch
View File

@ -1,31 +1,8 @@
From 5b9285c34731e67f9f1d61ec804740991f2a0380 Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@qt.io>
Date: Mon, 25 Oct 2021 14:17:55 +0200
Subject: [PATCH] Do stricter error checking when parsing path nodes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The SVG spec mandates that path parsing should terminate on the first
error encountered, and an error be reported. To improve the handling
of corrupt files, implement such error handling, and also limit the
number of QPainterPath elements to a reasonable range.
Fixes: QTBUG-96044
Pick-to: 6.2 5.15 5.12
Change-Id: Ic5e65d6b658516d6f1317c72de365c8c7ad81891
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
(cherry picked from commit 36cfd9efb9b22b891adee9c48d30202289cfa620)
---
src/svg/qsvghandler.cpp | 59 +++++++++++++++++------------------------
1 file changed, 25 insertions(+), 34 deletions(-)
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index b542089..2ea80ed 100644 index b3d9aaf..402a71f 100644
--- a/src/svg/qsvghandler.cpp --- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp +++ b/src/svg/qsvghandler.cpp
@@ -1627,6 +1627,7 @@ static void pathArc(QPainterPath &path, @@ -1614,6 +1614,7 @@ static void pathArc(QPainterPath &path,
static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
{ {
@ -33,7 +10,7 @@ index b542089..2ea80ed 100644
qreal x0 = 0, y0 = 0; // starting point qreal x0 = 0, y0 = 0; // starting point
qreal x = 0, y = 0; // current point qreal x = 0, y = 0; // current point
char lastMode = 0; char lastMode = 0;
@@ -1634,7 +1635,8 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1621,7 +1622,8 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
const QChar *str = dataStr.constData(); const QChar *str = dataStr.constData();
const QChar *end = str + dataStr.size(); const QChar *end = str + dataStr.size();
@ -43,7 +20,7 @@ index b542089..2ea80ed 100644
while (str->isSpace() && (str + 1) != end) while (str->isSpace() && (str + 1) != end)
++str; ++str;
QChar pathElem = *str; QChar pathElem = *str;
@@ -1651,14 +1653,13 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1635,14 +1637,13 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
arg.append(0);//dummy arg.append(0);//dummy
const qreal *num = arg.constData(); const qreal *num = arg.constData();
int count = arg.count(); int count = arg.count();
@ -60,7 +37,7 @@ index b542089..2ea80ed 100644
break; break;
} }
x = x0 = num[0] + offsetX; x = x0 = num[0] + offsetX;
@@ -1675,8 +1676,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1659,8 +1660,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
break; break;
case 'M': { case 'M': {
if (count < 2) { if (count < 2) {
@ -70,7 +47,7 @@ index b542089..2ea80ed 100644
break; break;
} }
x = x0 = num[0]; x = x0 = num[0];
@@ -1702,8 +1702,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1686,8 +1686,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
break; break;
case 'l': { case 'l': {
if (count < 2) { if (count < 2) {
@ -80,7 +57,7 @@ index b542089..2ea80ed 100644
break; break;
} }
x = num[0] + offsetX; x = num[0] + offsetX;
@@ -1716,8 +1715,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1700,8 +1699,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
break; break;
case 'L': { case 'L': {
if (count < 2) { if (count < 2) {
@ -90,7 +67,7 @@ index b542089..2ea80ed 100644
break; break;
} }
x = num[0]; x = num[0];
@@ -1757,8 +1755,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1741,8 +1739,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
break; break;
case 'c': { case 'c': {
if (count < 6) { if (count < 6) {
@ -100,7 +77,7 @@ index b542089..2ea80ed 100644
break; break;
} }
QPointF c1(num[0] + offsetX, num[1] + offsetY); QPointF c1(num[0] + offsetX, num[1] + offsetY);
@@ -1774,8 +1771,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1758,8 +1755,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
} }
case 'C': { case 'C': {
if (count < 6) { if (count < 6) {
@ -110,7 +87,7 @@ index b542089..2ea80ed 100644
break; break;
} }
QPointF c1(num[0], num[1]); QPointF c1(num[0], num[1]);
@@ -1791,8 +1787,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1775,8 +1771,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
} }
case 's': { case 's': {
if (count < 4) { if (count < 4) {
@ -120,7 +97,7 @@ index b542089..2ea80ed 100644
break; break;
} }
QPointF c1; QPointF c1;
@@ -1813,8 +1808,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1797,8 +1792,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
} }
case 'S': { case 'S': {
if (count < 4) { if (count < 4) {
@ -130,7 +107,7 @@ index b542089..2ea80ed 100644
break; break;
} }
QPointF c1; QPointF c1;
@@ -1835,8 +1829,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1819,8 +1813,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
} }
case 'q': { case 'q': {
if (count < 4) { if (count < 4) {
@ -140,7 +117,7 @@ index b542089..2ea80ed 100644
break; break;
} }
QPointF c(num[0] + offsetX, num[1] + offsetY); QPointF c(num[0] + offsetX, num[1] + offsetY);
@@ -1851,8 +1844,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1835,8 +1828,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
} }
case 'Q': { case 'Q': {
if (count < 4) { if (count < 4) {
@ -150,7 +127,7 @@ index b542089..2ea80ed 100644
break; break;
} }
QPointF c(num[0], num[1]); QPointF c(num[0], num[1]);
@@ -1867,8 +1859,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1851,8 +1843,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
} }
case 't': { case 't': {
if (count < 2) { if (count < 2) {
@ -160,7 +137,7 @@ index b542089..2ea80ed 100644
break; break;
} }
QPointF e(num[0] + offsetX, num[1] + offsetY); QPointF e(num[0] + offsetX, num[1] + offsetY);
@@ -1888,8 +1879,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1872,8 +1863,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
} }
case 'T': { case 'T': {
if (count < 2) { if (count < 2) {
@ -170,7 +147,7 @@ index b542089..2ea80ed 100644
break; break;
} }
QPointF e(num[0], num[1]); QPointF e(num[0], num[1]);
@@ -1909,8 +1899,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1893,8 +1883,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
} }
case 'a': { case 'a': {
if (count < 7) { if (count < 7) {
@ -180,7 +157,7 @@ index b542089..2ea80ed 100644
break; break;
} }
qreal rx = (*num++); qreal rx = (*num++);
@@ -1932,8 +1921,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1916,8 +1905,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
break; break;
case 'A': { case 'A': {
if (count < 7) { if (count < 7) {
@ -190,7 +167,7 @@ index b542089..2ea80ed 100644
break; break;
} }
qreal rx = (*num++); qreal rx = (*num++);
@@ -1954,12 +1942,15 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) @@ -1938,12 +1926,15 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
} }
break; break;
default: default:
@ -208,7 +185,7 @@ index b542089..2ea80ed 100644
} }
static bool parseStyle(QSvgNode *node, static bool parseStyle(QSvgNode *node,
@@ -2997,8 +2988,8 @@ static QSvgNode *createPathNode(QSvgNode *parent, @@ -2979,8 +2970,8 @@ static QSvgNode *createPathNode(QSvgNode *parent,
QPainterPath qpath; QPainterPath qpath;
qpath.setFillRule(Qt::WindingFill); qpath.setFillRule(Qt::WindingFill);
@ -219,6 +196,3 @@ index b542089..2ea80ed 100644
QSvgNode *path = new QSvgPath(parent, qpath); QSvgNode *path = new QSvgPath(parent, qpath);
return path; return path;
--
GitLab

2
sources
View File

@ -1 +1 @@
SHA512 (qtsvg-everywhere-src-5.15.2.tar.xz) = 101e9c8fc05b1bb9c4e869564bff8e5723dd35f0ef557185e56e9dc12fdce74c531522c9642cdff639900eccf7ed0e04bfa48142741259697dded990fb481730 SHA512 (qtsvg-everywhere-opensource-src-5.15.3.tar.xz) = 288ce98bb6dd746564c7ffbd0d8221d0816c62b7e33424cd21d945b40308292ec9a0b1e2b9cca6ce91d606c06813f05068cad590d827810383175bebfa8ab527