diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b2c6ca4 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/qtsvg-everywhere-src-5.15.2.tar.xz diff --git a/EMPTY b/EMPTY deleted file mode 100644 index 0519ecb..0000000 --- a/EMPTY +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/qt5-qtsvg.spec b/qt5-qtsvg.spec new file mode 100644 index 0000000..7a9e978 --- /dev/null +++ b/qt5-qtsvg.spec @@ -0,0 +1,355 @@ +%global qt_module qtsvg + +%global build_tests 1 + +Summary: Qt5 - Support for rendering and displaying SVG +Name: qt5-%{qt_module} +Version: 5.15.2 +Release: 4%{?dist} + +# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details +License: LGPLv2 with exceptions or GPLv3 with exceptions +Url: http://www.qt.io +%global majmin %(echo %{version} | cut -d. -f1-2) +Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz + +# Security fixes +Patch100: qtsvg-CVE-2021-3481-clamp-parsed-doubles-to-float-representable-values.patch + +# CVE-2021-45930 qt5-qtsvg: qt: out-of-bounds write may lead to DoS +Patch101: qtsvg-do-stricter-error-checking-when-parsing-path-nodes.patch + +BuildRequires: qt5-qtbase-devel >= %{version} +BuildRequires: pkgconfig(zlib) + +BuildRequires: qt5-qtbase-private-devel +%{?_qt5:Requires: %{_qt5}%{?_isa} = %{_qt5_version}} + +%description +Scalable Vector Graphics (SVG) is an XML-based language for describing +two-dimensional vector graphics. Qt provides classes for rendering and +displaying SVG drawings in widgets and on other paint devices. + +%package devel +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: qt5-qtbase-devel%{?_isa} +%description devel +%{summary}. + +%package examples +Summary: Programming examples for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +%description examples +%{summary}. + +%if 0%{?build_tests} +%package tests +Summary: Unit tests for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description tests +%{summary}. +%endif + + +%prep +%autosetup -n %{qt_module}-everywhere-src-%{version} -p1 + + +%build +%{qmake_qt5} + +%make_build + +%if 0%{?build_tests} +make sub-tests %{?_smp_mflags} -k ||: +%endif + + +%install +make install INSTALL_ROOT=%{buildroot} + +%if 0%{?build_tests} +# Install tests for gating +mkdir -p %{buildroot}%{_qt5_libdir}/qt5 +find ./tests -not -path '*/\.*' -type d | while read LINE +do + mkdir -p "%{buildroot}%{_qt5_libdir}/qt5/$LINE" +done +find ./tests -not -path '*/\.*' -not -name '*.h' -not -name '*.cpp' -not -name '*.pro' -not -name 'uic_wrapper.sh' -not -name 'Makefile' -not -name 'target_wrapper.sh' -type f | while read LINE +do + cp -r --parents "$LINE" %{buildroot}%{_qt5_libdir}/qt5/ +done +%endif + + +## .prl/.la file love +# nuke .prl reference(s) to %%buildroot, excessive (.la-like) libs +pushd %{buildroot}%{_qt5_libdir} +for prl_file in libQt5*.prl ; do + sed -i -e "/^QMAKE_PRL_BUILD_DIR/d" ${prl_file} + if [ -f "$(basename ${prl_file} .prl).so" ]; then + rm -fv "$(basename ${prl_file} .prl).la" + sed -i -e "/^QMAKE_PRL_LIBS/d" ${prl_file} + fi +done +popd + + +%ldconfig_scriptlets + +%files +%license LICENSE.* +%{_qt5_libdir}/libQt5Svg.so.5* +%{_qt5_plugindir}/iconengines/libqsvgicon.so +%{_qt5_plugindir}/imageformats/libqsvg.so + +%files devel +%{_qt5_headerdir}/QtSvg/ +%{_qt5_libdir}/libQt5Svg.so +%{_qt5_libdir}/libQt5Svg.prl +%dir %{_qt5_libdir}/cmake/Qt5Svg/ +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QSvg*Plugin.cmake +%{_qt5_libdir}/cmake/Qt5Svg/Qt5SvgConfig*.cmake +%{_qt5_libdir}/pkgconfig/Qt5Svg.pc +%{_qt5_archdatadir}/mkspecs/modules/qt_lib_svg*.pri + +%files examples +%{_qt5_examplesdir}/ + +%if 0%{?build_tests} +%files tests +%{_qt5_libdir}/qt5/tests +%endif + + +%changelog +* Wed Jan 12 2022 Jan Grulich - 5.15.2-4 +- Fix out-of-bound write that may lead to DoS + Resolves: bz#2038487 + +* Wed Apr 28 2021 Jan Grulich - 5.15.2-3 +- Rebuild (binutils) + Resolves: bz#1930055 + +* Thu Apr 08 2021 Jan Grulich - 5.15.2-2 +- Fix out of bounds read in function QRadialFetchSimd from crafted svg file + Resolves: bz#1945643 + +* Mon Apr 05 2021 Jan Grulich - 5.15.2-1 +- 5.15.2 + Resolves: bz#1930055 + +* Mon Nov 18 2019 Jan Grulich - 5.12.5-1 +- 5.12.5 + Resolves: bz#1733151 + +* Mon Dec 10 2018 Jan Grulich - 5.11.1-2 +- Rebuild to fix CET notes + Resolves: bz#1657241 + +* Tue Jul 03 2018 Jan Grulich - 5.11.1-1 +- 5.11.1 + +* Wed Feb 14 2018 Jan Grulich - 5.10.1-1 +- 5.10.1 + +* Fri Feb 09 2018 Fedora Release Engineering - 5.10.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Dec 19 2017 Jan Grulich - 5.10.0-1 +- 5.10.0 + +* Thu Nov 23 2017 Jan Grulich - 5.9.3-1 +- 5.9.3 + +* Mon Oct 09 2017 Jan Grulich - 5.9.2-1 +- 5.9.2 + +* Thu Aug 03 2017 Fedora Release Engineering - 5.9.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 5.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Jul 19 2017 Rex Dieter - 5.9.1-1 +- 5.9.1 + +* Fri Jun 16 2017 Rex Dieter - 5.9.0-3 +- drop shadow/out-of-tree builds (#1456211,QTBUG-37417) + +* Fri Jun 02 2017 Rex Dieter - 5.9.0-2 +- use macros in Source0, apply examples patch, +whitespace between .spec sections + +* Wed May 31 2017 Helio Chissini de Castro - 5.9.0-1 +- Upstream official release + +* Fri May 26 2017 Helio Chissini de Castro - 5.9.0-0.1.rc +- Upstream Release Candidate retagged + +* Wed May 24 2017 Helio Chissini de Castro - 5.9.0-0.rc.1 +- Upstream Release Candidate 1 + +* Fri May 05 2017 Helio Chissini de Castro - 5.9.0-0.beta.3 +- New upstream beta3 release + +* Sun Apr 16 2017 Helio Chissini de Castro - 5.9.0-0.beta.1 +- New upstream beta release + +* Mon Apr 03 2017 Rex Dieter - 5.8.0-2 +- build -doc unconditionally + +* Mon Jan 30 2017 Helio Chissini de Castro - 5.8.0-1 +- New upstream version + +* Sat Dec 10 2016 Rex Dieter - 5.7.1-2 +- 5.7.1 dec5 snapshot +- drop BR: cmake (handled by qt5-rpm-macros now) +- BR: qt5-qtbase-private-devel + +* Wed Nov 09 2016 Helio Chissini de Castro - 5.7.1-1 +- New upstream version + +* Mon Jul 04 2016 Helio Chissini de Castro - 5.7.0-2 +- Compiled with gcc + +* Tue Jun 14 2016 Helio Chissini de Castro - 5.7.0-1 +- Qt 5.7.0 release + +* Thu Jun 09 2016 Jan Grulich - 5.6.1-1 +- Update to 5.6.1 + +* Sun Mar 20 2016 Rex Dieter - 5.6.0-3 +- rebuild + +* Fri Mar 18 2016 Rex Dieter - 5.6.0-2 +- rebuild + +* Mon Mar 14 2016 Helio Chissini de Castro - 5.6.0-1 +- 5.6.0 final release + +* Tue Feb 23 2016 Helio Chissini de Castro - 5.6.0-0.8.rc +- Update to final RC + +* Mon Feb 15 2016 Helio Chissini de Castro - 5.6.0-0.7 +- Update RC release + +* Thu Feb 04 2016 Fedora Release Engineering - 5.6.0-0.6.beta3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Dec 28 2015 Rex Dieter 5.6.0-0.5.beta3 +- update source URL, BR: cmake, use %%license + +* Mon Dec 21 2015 Helio Chissini de Castro - 5.6.0-0.4 +- Update to final beta3 release + +* Thu Dec 10 2015 Helio Chissini de Castro - 5.6.0-0.3 +- Official beta3 release + +* Mon Dec 07 2015 Jan Grulich - 5.6.0-0.2 +- (re)add bootstrap macro support + +* Tue Nov 03 2015 Helio Chissini de Castro - 5.6.0-0.1 +- Start to implement 5.6.0 beta3 + +* Thu Oct 15 2015 Helio Chissini de Castro - 5.5.1-2 +- Update to final release 5.5.1 + +* Tue Sep 29 2015 Helio Chissini de Castro - 5.5.1-1 +- Update to Qt 5.5.1 RC1 + +* Wed Jul 29 2015 Rex Dieter 5.5.0-3 +- -docs: BuildRequires: qt5-qhelpgenerator, standardize bootstrapping + +* Thu Jul 16 2015 Rex Dieter 5.5.0-2 +- tighten qtbase dep (#1233829) + +* Wed Jul 1 2015 Helio Chissini de Castro 5.5.0-1 +- New final upstream release Qt 5.5.0 + +* Thu Jun 25 2015 Helio Chissini de Castro - 5.5.0-0.2.rc +- Update for official RC1 released packages + +* Wed Jun 17 2015 Daniel Vrátil - 5.5.0-0.1.rc +- Qt 5.5.0 RC1 + +* Wed Jun 03 2015 Jan Grulich - 5.4.2-1 +- 5.4.2 + +* Sat May 02 2015 Kalev Lember - 5.4.1-3 +- Rebuilt for GCC 5 C++11 ABI change + +* Fri Feb 27 2015 Rex Dieter - 5.4.1-2 +- rebuild (gcc5) + +* Tue Feb 24 2015 Jan Grulich 5.4.1-1 +- 5.4.1 + +* Wed Dec 10 2014 Rex Dieter 5.4.0-1 +- 5.4.0 (final) + +* Fri Nov 28 2014 Rex Dieter 5.4.0-0.3.rc +- 5.4.0-rc + +* Mon Nov 03 2014 Rex Dieter 5.4.0-0.2.beta3 +- out-of-tree build, use %%qmake_qt5 + +* Sun Oct 19 2014 Rex Dieter 5.4.0-0.1.beta3 +- 5.4.0-beta3 + +* Wed Sep 17 2014 Rex Dieter - 5.3.2-1 +- 5.3.2 + +* Sun Aug 17 2014 Fedora Release Engineering - 5.3.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Jun 17 2014 Jan Grulich - 5.3.1-1 +- 5.3.1 + +* Sun Jun 08 2014 Fedora Release Engineering - 5.3.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 21 2014 Jan Grulich 5.3.0-1 +- 5.3.0 + +* Mon May 05 2014 Rex Dieter 5.2.1-2 +- use standard (same as qtbase) .prl sanitation + +* Thu Feb 06 2014 Rex Dieter 5.2.1-1 +- 5.2.1 + +* Mon Jan 27 2014 Rex Dieter 5.2.0-2 +- -examples subpkg + +* Thu Dec 12 2013 Rex Dieter 5.2.0-1 +- 5.2.0 + +* Fri Dec 06 2013 Rex Dieter 5.2.0-0.11.rc1 +- rebuild + +* Mon Dec 02 2013 Rex Dieter 5.2.0-0.10.rc1 +- 5.2.0-rc1 + +* Sun Nov 10 2013 Rex Dieter 5.2.0-0.4.beta31 +- rebuild (arm/qreal) + +* Thu Oct 24 2013 Rex Dieter 5.2.0-0.3.beta31 +- 5.2.0-beta31 + +* Wed Oct 16 2013 Rex Dieter 5.2.0-0.2.alpha +- ppc bootstrap + +* Wed Oct 02 2013 Rex Dieter 5.2.0-0.1.alpha +- 5.2.0-alpha +- -doc subpkg + +* Wed Aug 28 2013 Rex Dieter 5.1.1-1 +- 5.1.1 + +* Thu Apr 11 2013 Rex Dieter 5.0.2-1 +- 5.0.2 + +* Sat Feb 23 2013 Rex Dieter 5.0.1-1 +- first try + diff --git a/qtsvg-CVE-2021-3481-clamp-parsed-doubles-to-float-representable-values.patch b/qtsvg-CVE-2021-3481-clamp-parsed-doubles-to-float-representable-values.patch new file mode 100644 index 0000000..f865de8 --- /dev/null +++ b/qtsvg-CVE-2021-3481-clamp-parsed-doubles-to-float-representable-values.patch @@ -0,0 +1,39 @@ +From bfd6ee0d8cf34b63d32adf10ed93daa0086b359f Mon Sep 17 00:00:00 2001 +From: Allan Sandfeld Jensen +Date: Thu, 04 Mar 2021 14:28:48 +0100 +Subject: [PATCH] Clamp parsed doubles to float representable values + +Parts of our rendering assumes incoming doubles can still be sane +floats. + +Pick-to: 6.1 6.0 5.15 5.12 +Fixes: QTBUG-91507 +Change-Id: I7086a121e1b5ed47695a1251ea90e774dd8f148d +Reviewed-by: Robert Löhning +Reviewed-by: Allan Sandfeld Jensen +Reviewed-by: Mårten Nordheim +--- + +diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp +index c937254..c88b6cc 100644 +--- a/src/svg/qsvghandler.cpp ++++ b/src/svg/qsvghandler.cpp +@@ -672,6 +672,9 @@ static qreal toDouble(const QChar *&str) + val = -val; + } else { + val = QByteArray::fromRawData(temp, pos).toDouble(); ++ // Do not tolerate values too wild to be represented normally by floats ++ if (std::fpclassify(float(val)) != FP_NORMAL) ++ val = 0; + } + return val; + +@@ -3043,6 +3046,8 @@ static QSvgStyleProperty *createRadialGradientNode(QSvgNode *node, + ncy = toDouble(cy); + if (!r.isEmpty()) + nr = toDouble(r); ++ if (nr < 0.5) ++ nr = 0.5; + + qreal nfx = ncx; + if (!fx.isEmpty()) diff --git a/qtsvg-do-stricter-error-checking-when-parsing-path-nodes.patch b/qtsvg-do-stricter-error-checking-when-parsing-path-nodes.patch new file mode 100644 index 0000000..274cf43 --- /dev/null +++ b/qtsvg-do-stricter-error-checking-when-parsing-path-nodes.patch @@ -0,0 +1,224 @@ +From 5b9285c34731e67f9f1d61ec804740991f2a0380 Mon Sep 17 00:00:00 2001 +From: Eirik Aavitsland +Date: Mon, 25 Oct 2021 14:17:55 +0200 +Subject: [PATCH] Do stricter error checking when parsing path nodes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The SVG spec mandates that path parsing should terminate on the first +error encountered, and an error be reported. To improve the handling +of corrupt files, implement such error handling, and also limit the +number of QPainterPath elements to a reasonable range. + +Fixes: QTBUG-96044 +Pick-to: 6.2 5.15 5.12 +Change-Id: Ic5e65d6b658516d6f1317c72de365c8c7ad81891 +Reviewed-by: Allan Sandfeld Jensen +Reviewed-by: Robert Löhning +(cherry picked from commit 36cfd9efb9b22b891adee9c48d30202289cfa620) +--- + src/svg/qsvghandler.cpp | 59 +++++++++++++++++------------------------ + 1 file changed, 25 insertions(+), 34 deletions(-) + +diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp +index b542089..2ea80ed 100644 +--- a/src/svg/qsvghandler.cpp ++++ b/src/svg/qsvghandler.cpp +@@ -1627,6 +1627,7 @@ static void pathArc(QPainterPath &path, + + static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + { ++ const int maxElementCount = 0x7fff; // Assume file corruption if more path elements than this + qreal x0 = 0, y0 = 0; // starting point + qreal x = 0, y = 0; // current point + char lastMode = 0; +@@ -1634,7 +1635,8 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + const QChar *str = dataStr.constData(); + const QChar *end = str + dataStr.size(); + +- while (str != end) { ++ bool ok = true; ++ while (ok && str != end) { + while (str->isSpace() && (str + 1) != end) + ++str; + QChar pathElem = *str; +@@ -1651,14 +1653,13 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + arg.append(0);//dummy + const qreal *num = arg.constData(); + int count = arg.count(); +- while (count > 0) { ++ while (ok && count > 0) { + qreal offsetX = x; // correction offsets + qreal offsetY = y; // for relative commands + switch (pathElem.unicode()) { + case 'm': { + if (count < 2) { +- num++; +- count--; ++ ok = false; + break; + } + x = x0 = num[0] + offsetX; +@@ -1675,8 +1676,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + break; + case 'M': { + if (count < 2) { +- num++; +- count--; ++ ok = false; + break; + } + x = x0 = num[0]; +@@ -1702,8 +1702,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + break; + case 'l': { + if (count < 2) { +- num++; +- count--; ++ ok = false; + break; + } + x = num[0] + offsetX; +@@ -1716,8 +1715,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + break; + case 'L': { + if (count < 2) { +- num++; +- count--; ++ ok = false; + break; + } + x = num[0]; +@@ -1757,8 +1755,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + break; + case 'c': { + if (count < 6) { +- num += count; +- count = 0; ++ ok = false; + break; + } + QPointF c1(num[0] + offsetX, num[1] + offsetY); +@@ -1774,8 +1771,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + } + case 'C': { + if (count < 6) { +- num += count; +- count = 0; ++ ok = false; + break; + } + QPointF c1(num[0], num[1]); +@@ -1791,8 +1787,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + } + case 's': { + if (count < 4) { +- num += count; +- count = 0; ++ ok = false; + break; + } + QPointF c1; +@@ -1813,8 +1808,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + } + case 'S': { + if (count < 4) { +- num += count; +- count = 0; ++ ok = false; + break; + } + QPointF c1; +@@ -1835,8 +1829,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + } + case 'q': { + if (count < 4) { +- num += count; +- count = 0; ++ ok = false; + break; + } + QPointF c(num[0] + offsetX, num[1] + offsetY); +@@ -1851,8 +1844,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + } + case 'Q': { + if (count < 4) { +- num += count; +- count = 0; ++ ok = false; + break; + } + QPointF c(num[0], num[1]); +@@ -1867,8 +1859,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + } + case 't': { + if (count < 2) { +- num += count; +- count = 0; ++ ok = false; + break; + } + QPointF e(num[0] + offsetX, num[1] + offsetY); +@@ -1888,8 +1879,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + } + case 'T': { + if (count < 2) { +- num += count; +- count = 0; ++ ok = false; + break; + } + QPointF e(num[0], num[1]); +@@ -1909,8 +1899,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + } + case 'a': { + if (count < 7) { +- num += count; +- count = 0; ++ ok = false; + break; + } + qreal rx = (*num++); +@@ -1932,8 +1921,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + break; + case 'A': { + if (count < 7) { +- num += count; +- count = 0; ++ ok = false; + break; + } + qreal rx = (*num++); +@@ -1954,12 +1942,15 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path) + } + break; + default: +- return false; ++ ok = false; ++ break; + } + lastMode = pathElem.toLatin1(); ++ if (path.elementCount() > maxElementCount) ++ ok = false; + } + } +- return true; ++ return ok; + } + + static bool parseStyle(QSvgNode *node, +@@ -2997,8 +2988,8 @@ static QSvgNode *createPathNode(QSvgNode *parent, + + QPainterPath qpath; + qpath.setFillRule(Qt::WindingFill); +- //XXX do error handling +- parsePathDataFast(data, qpath); ++ if (!parsePathDataFast(data, qpath)) ++ qCWarning(lcSvgHandler, "Invalid path data; path truncated."); + + QSvgNode *path = new QSvgPath(parent, qpath); + return path; +-- +GitLab + diff --git a/sources b/sources new file mode 100644 index 0000000..c985c88 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (qtsvg-everywhere-src-5.15.2.tar.xz) = 101e9c8fc05b1bb9c4e869564bff8e5723dd35f0ef557185e56e9dc12fdce74c531522c9642cdff639900eccf7ed0e04bfa48142741259697dded990fb481730