import qt5-qtsvg-5.15.2-2.el8

This commit is contained in:
CentOS Sources 2021-04-21 14:21:09 +00:00 committed by Andrew Lukoshko
parent ae711b0a32
commit 9808f27283
4 changed files with 55 additions and 6 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/qtsvg-everywhere-src-5.12.5.tar.xz
SOURCES/qtsvg-everywhere-src-5.15.2.tar.xz

View File

@ -1 +1 @@
184fdb57865e3a42da4f3afc7bb17f9423663d15 SOURCES/qtsvg-everywhere-src-5.12.5.tar.xz
08531b47924078cbde6dfbf56da83651d58f6a13 SOURCES/qtsvg-everywhere-src-5.15.2.tar.xz

View File

@ -0,0 +1,39 @@
From bfd6ee0d8cf34b63d32adf10ed93daa0086b359f Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Thu, 04 Mar 2021 14:28:48 +0100
Subject: [PATCH] Clamp parsed doubles to float representable values
Parts of our rendering assumes incoming doubles can still be sane
floats.
Pick-to: 6.1 6.0 5.15 5.12
Fixes: QTBUG-91507
Change-Id: I7086a121e1b5ed47695a1251ea90e774dd8f148d
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
---
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index c937254..c88b6cc 100644
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -672,6 +672,9 @@ static qreal toDouble(const QChar *&str)
val = -val;
} else {
val = QByteArray::fromRawData(temp, pos).toDouble();
+ // Do not tolerate values too wild to be represented normally by floats
+ if (std::fpclassify(float(val)) != FP_NORMAL)
+ val = 0;
}
return val;
@@ -3043,6 +3046,8 @@ static QSvgStyleProperty *createRadialGradientNode(QSvgNode *node,
ncy = toDouble(cy);
if (!r.isEmpty())
nr = toDouble(r);
+ if (nr < 0.5)
+ nr = 0.5;
qreal nfx = ncx;
if (!fx.isEmpty())

View File

@ -4,8 +4,8 @@
Summary: Qt5 - Support for rendering and displaying SVG
Name: qt5-%{qt_module}
Version: 5.12.5
Release: 1%{?dist}
Version: 5.15.2
Release: 2%{?dist}
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -13,6 +13,8 @@ Url: http://www.qt.io
%global majmin %(echo %{version} | cut -d. -f1-2)
Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz
# Security fixes
Patch100: qtsvg-CVE-2021-3481-clamp-parsed-doubles-to-float-representable-values.patch
BuildRequires: qt5-qtbase-devel >= %{version}
BuildRequires: pkgconfig(zlib)
@ -99,13 +101,13 @@ popd
%{_qt5_libdir}/libQt5Svg.so.5*
%{_qt5_plugindir}/iconengines/libqsvgicon.so
%{_qt5_plugindir}/imageformats/libqsvg.so
%dir %{_qt5_libdir}/cmake/Qt5Svg/
%{_qt5_libdir}/cmake/Qt5Svg/Qt5Svg_*Plugin.cmake
%files devel
%{_qt5_headerdir}/QtSvg/
%{_qt5_libdir}/libQt5Svg.so
%{_qt5_libdir}/libQt5Svg.prl
%dir %{_qt5_libdir}/cmake/Qt5Svg/
%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QSvg*Plugin.cmake
%{_qt5_libdir}/cmake/Qt5Svg/Qt5SvgConfig*.cmake
%{_qt5_libdir}/pkgconfig/Qt5Svg.pc
%{_qt5_archdatadir}/mkspecs/modules/qt_lib_svg*.pri
@ -120,6 +122,14 @@ popd
%changelog
* Thu Apr 08 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-2
- Fix out of bounds read in function QRadialFetchSimd from crafted svg file
Resolves: bz#1945643
* Mon Apr 05 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-1
- 5.15.2
Resolves: bz#1930055
* Mon Nov 18 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.5-1
- 5.12.5
Resolves: bz#1733151