diff --git a/.gitignore b/.gitignore index 9ba394a..b9a5a49 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/qtsvg-everywhere-src-5.12.5.tar.xz +SOURCES/qtsvg-everywhere-src-5.15.2.tar.xz diff --git a/.qt5-qtsvg.metadata b/.qt5-qtsvg.metadata index 657440c..b640080 100644 --- a/.qt5-qtsvg.metadata +++ b/.qt5-qtsvg.metadata @@ -1 +1 @@ -184fdb57865e3a42da4f3afc7bb17f9423663d15 SOURCES/qtsvg-everywhere-src-5.12.5.tar.xz +08531b47924078cbde6dfbf56da83651d58f6a13 SOURCES/qtsvg-everywhere-src-5.15.2.tar.xz diff --git a/SOURCES/qtsvg-CVE-2021-3481-clamp-parsed-doubles-to-float-representable-values.patch b/SOURCES/qtsvg-CVE-2021-3481-clamp-parsed-doubles-to-float-representable-values.patch new file mode 100644 index 0000000..f865de8 --- /dev/null +++ b/SOURCES/qtsvg-CVE-2021-3481-clamp-parsed-doubles-to-float-representable-values.patch @@ -0,0 +1,39 @@ +From bfd6ee0d8cf34b63d32adf10ed93daa0086b359f Mon Sep 17 00:00:00 2001 +From: Allan Sandfeld Jensen +Date: Thu, 04 Mar 2021 14:28:48 +0100 +Subject: [PATCH] Clamp parsed doubles to float representable values + +Parts of our rendering assumes incoming doubles can still be sane +floats. + +Pick-to: 6.1 6.0 5.15 5.12 +Fixes: QTBUG-91507 +Change-Id: I7086a121e1b5ed47695a1251ea90e774dd8f148d +Reviewed-by: Robert Löhning +Reviewed-by: Allan Sandfeld Jensen +Reviewed-by: Mårten Nordheim +--- + +diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp +index c937254..c88b6cc 100644 +--- a/src/svg/qsvghandler.cpp ++++ b/src/svg/qsvghandler.cpp +@@ -672,6 +672,9 @@ static qreal toDouble(const QChar *&str) + val = -val; + } else { + val = QByteArray::fromRawData(temp, pos).toDouble(); ++ // Do not tolerate values too wild to be represented normally by floats ++ if (std::fpclassify(float(val)) != FP_NORMAL) ++ val = 0; + } + return val; + +@@ -3043,6 +3046,8 @@ static QSvgStyleProperty *createRadialGradientNode(QSvgNode *node, + ncy = toDouble(cy); + if (!r.isEmpty()) + nr = toDouble(r); ++ if (nr < 0.5) ++ nr = 0.5; + + qreal nfx = ncx; + if (!fx.isEmpty()) diff --git a/SPECS/qt5-qtsvg.spec b/SPECS/qt5-qtsvg.spec index 0e9e6f9..a35189b 100644 --- a/SPECS/qt5-qtsvg.spec +++ b/SPECS/qt5-qtsvg.spec @@ -4,8 +4,8 @@ Summary: Qt5 - Support for rendering and displaying SVG Name: qt5-%{qt_module} -Version: 5.12.5 -Release: 1%{?dist} +Version: 5.15.2 +Release: 3%{?dist} # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -13,6 +13,8 @@ Url: http://www.qt.io %global majmin %(echo %{version} | cut -d. -f1-2) Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz +# Security fixes +Patch100: qtsvg-CVE-2021-3481-clamp-parsed-doubles-to-float-representable-values.patch BuildRequires: qt5-qtbase-devel >= %{version} BuildRequires: pkgconfig(zlib) @@ -99,13 +101,13 @@ popd %{_qt5_libdir}/libQt5Svg.so.5* %{_qt5_plugindir}/iconengines/libqsvgicon.so %{_qt5_plugindir}/imageformats/libqsvg.so -%dir %{_qt5_libdir}/cmake/Qt5Svg/ -%{_qt5_libdir}/cmake/Qt5Svg/Qt5Svg_*Plugin.cmake %files devel %{_qt5_headerdir}/QtSvg/ %{_qt5_libdir}/libQt5Svg.so %{_qt5_libdir}/libQt5Svg.prl +%dir %{_qt5_libdir}/cmake/Qt5Svg/ +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QSvg*Plugin.cmake %{_qt5_libdir}/cmake/Qt5Svg/Qt5SvgConfig*.cmake %{_qt5_libdir}/pkgconfig/Qt5Svg.pc %{_qt5_archdatadir}/mkspecs/modules/qt_lib_svg*.pri @@ -120,6 +122,18 @@ popd %changelog +* Wed Apr 28 2021 Jan Grulich - 5.15.2-3 +- Rebuild (binutils) + Resolves: bz#1930055 + +* Thu Apr 08 2021 Jan Grulich - 5.15.2-2 +- Fix out of bounds read in function QRadialFetchSimd from crafted svg file + Resolves: bz#1945643 + +* Mon Apr 05 2021 Jan Grulich - 5.15.2-1 +- 5.15.2 + Resolves: bz#1930055 + * Mon Nov 18 2019 Jan Grulich - 5.12.5-1 - 5.12.5 Resolves: bz#1733151