packages/qt5-qtsvg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:09f0045d2202117b59ac8cdb812a75f1ba18f20f
Branches Tags
packages:main
...
compare: packages:0f4f18abafaeaf3aba73de81c436a716a848882c
Branches Tags
packages:main

10 Commits
09f0045d22 ... 0f4f18abaf

Author SHA1 Message Date
openeuler-ci-bot
0f4f18abaf
!23 update to upstream version 5.15.2 
Merge pull request !23 from lyn/openEuler-22.03-LTS-Next
 2022-01-18 06:41:09 +00:00
lyn1001
e36aa7fafa update to 5.15.2 2022-01-18 09:38:08 +08:00
openeuler-ci-bot
17c3b21d3d
!21 Fix CVE-2021-45930 
Merge pull request !21 from wk333/openEuler-22.03-LTS-Next
 2022-01-14 02:55:37 +00:00
wk333
32f4ba0caf Fix CVE-2021-45930 2022-01-14 10:09:41 +08:00
openeuler-ci-bot
b26725b99f !5 Fix Source0 
From: @kkkl12
Reviewed-by: @small_leek
Signed-off-by: @small_leek
 2020-09-14 15:26:52 +08:00
kkkl12
8bc6afc420 Fix Source0 2020-09-14 15:14:59 +08:00
openeuler-ci-bot
d9c41eb508 !4 add yaml file 
Merge pull request !4 from sugarfillet/master
 2020-05-21 10:33:06 +08:00
sugarfillet
2a8eafa217 add yaml file 2020-05-08 15:59:37 +08:00
openeuler-ci-bot
b375323b7b !3 修改source地址 
Merge pull request !3 from sherlock2010/master
 2020-01-10 16:17:01 +08:00
sherlock2010
4dc13f7692 change the source to valid address 2020-01-10 15:26:07 +08:00
7 changed files with 275 additions and 17 deletions
Show Stats Expand all files Collapse all files

221
CVE-2021-45930.patch Normal file
View File

@ -0,0 +1,221 @@
From 36cfd9efb9b22b891adee9c48d30202289cfa620 Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@qt.io>
Date: Mon, 25 Oct 2021 14:17:55 +0200
Subject: [PATCH] Do stricter error checking when parsing path nodes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The SVG spec mandates that path parsing should terminate on the first
error encountered, and an error be reported. To improve the handling
of corrupt files, implement such error handling, and also limit the
number of QPainterPath elements to a reasonable range.
Fixes: QTBUG-96044
Pick-to: 6.2 5.15 5.12
Change-Id: Ic5e65d6b658516d6f1317c72de365c8c7ad81891
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
---
src/svg/qsvghandler.cpp | 59 +++++++++++++++++------------------------
1 file changed, 25 insertions(+), 34 deletions(-)
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index db29211..dd869ff 100644
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -1615,6 +1615,7 @@ static void pathArc(QPainterPath &path,
static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
{
+ const int maxElementCount = 0x7fff; // Assume file corruption if more path elements than this
qreal x0 = 0, y0 = 0; // starting point
qreal x = 0, y = 0; // current point
char lastMode = 0;
@@ -1622,7 +1623,8 @@ static bool parsePathDataFast(const QStr
const QChar *str = dataStr.constData();
const QChar *end = str + dataStr.size();
- while (str != end) {
+ bool ok = true;
+ while (ok && str != end) {
while (str->isSpace() && (str + 1) != end)
++str;
QChar pathElem = *str;
@@ -1636,14 +1638,13 @@ static bool parsePathDataFast(const QStr
arg.append(0);//dummy
const qreal *num = arg.constData();
int count = arg.count();
- while (count > 0) {
+ while (ok && count > 0) {
qreal offsetX = x; // correction offsets
qreal offsetY = y; // for relative commands
switch (pathElem.unicode()) {
case 'm': {
if (count < 2) {
- num++;
- count--;
+ ok = false;
break;
}
x = x0 = num[0] + offsetX;
@@ -1660,8 +1661,7 @@ static bool parsePathDataFast(const QStr
break;
case 'M': {
if (count < 2) {
- num++;
- count--;
+ ok = false;
break;
}
x = x0 = num[0];
@@ -1687,8 +1687,7 @@ static bool parsePathDataFast(const QStr
break;
case 'l': {
if (count < 2) {
- num++;
- count--;
+ ok = false;
break;
}
x = num[0] + offsetX;
@@ -1701,8 +1700,7 @@ static bool parsePathDataFast(const QStr
break;
case 'L': {
if (count < 2) {
- num++;
- count--;
+ ok = false;
break;
}
x = num[0];
@@ -1742,8 +1740,7 @@ static bool parsePathDataFast(const QStr
break;
case 'c': {
if (count < 6) {
- num += count;
- count = 0;
+ ok = false;
break;
}
QPointF c1(num[0] + offsetX, num[1] + offsetY);
@@ -1759,8 +1756,7 @@ static bool parsePathDataFast(const QStr
}
case 'C': {
if (count < 6) {
- num += count;
- count = 0;
+ ok = false;
break;
}
QPointF c1(num[0], num[1]);
@@ -1776,8 +1772,7 @@ static bool parsePathDataFast(const QStr
}
case 's': {
if (count < 4) {
- num += count;
- count = 0;
+ ok = false;
break;
}
QPointF c1;
@@ -1798,8 +1793,7 @@ static bool parsePathDataFast(const QStr
}
case 'S': {
if (count < 4) {
- num += count;
- count = 0;
+ ok = false;
break;
}
QPointF c1;
@@ -1820,8 +1814,7 @@ static bool parsePathDataFast(const QStr
}
case 'q': {
if (count < 4) {
- num += count;
- count = 0;
+ ok = false;
break;
}
QPointF c(num[0] + offsetX, num[1] + offsetY);
@@ -1836,8 +1829,7 @@ static bool parsePathDataFast(const QStr
}
case 'Q': {
if (count < 4) {
- num += count;
- count = 0;
+ ok = false;
break;
}
QPointF c(num[0], num[1]);
@@ -1852,8 +1844,7 @@ static bool parsePathDataFast(const QStr
}
case 't': {
if (count < 2) {
- num += count;
- count = 0;
+ ok = false;
break;
}
QPointF e(num[0] + offsetX, num[1] + offsetY);
@@ -1873,8 +1864,7 @@ static bool parsePathDataFast(const QStr
}
case 'T': {
if (count < 2) {
- num += count;
- count = 0;
+ ok = false;
break;
}
QPointF e(num[0], num[1]);
@@ -1894,8 +1884,7 @@ static bool parsePathDataFast(const QStr
}
case 'a': {
if (count < 7) {
- num += count;
- count = 0;
+ ok = false;
break;
}
qreal rx = (*num++);
@@ -1917,8 +1906,7 @@ static bool parsePathDataFast(const QStr
break;
case 'A': {
if (count < 7) {
- num += count;
- count = 0;
+ ok = false;
break;
}
qreal rx = (*num++);
@@ -1939,12 +1927,15 @@ static bool parsePathDataFast(const QStr
}
break;
default:
- return false;
+ ok = false;
+ break;
}
lastMode = pathElem.toLatin1();
+ if (path.elementCount() > maxElementCount)
+ ok = false;
}
}
- return true;
+ return ok;
}
static bool parseStyle(QSvgNode *node,
@@ -2980,8 +2971,8 @@ static QSvgNode *createPathNode(QSvgNode
QPainterPath qpath;
qpath.setFillRule(Qt::WindingFill);
- //XXX do error handling
- parsePathDataFast(data, qpath);
+ if (!parsePathDataFast(data, qpath))
+ qCWarning(lcSvgHandler, "Invalid path data; path truncated.");
QSvgNode *path = new QSvgPath(parent, qpath);
return path;

25
qt5-qtsvg.spec
View File

@ -1,12 +1,14 @@
Name: qt5-qtsvg
Version: 5.11.1
Release: 3
Version: 5.15.2
Release: 1
Summary: Qt GUI toolkit for rendering and displaying SVG
License: LGPLv2 with exceptions or GPLv3 with exceptions
Url: http://www.qt.io
Source0: https://download.qt.io/official_releases/qt/5.11/%{version}/submodules/qtsvg-everywhere-src-%{version}.tar.xz
Patch0001: qtsvg-opensource-src-5.6.0-beta1-example-install.patch
BuildRequires: qt5-qtbase-devel >= %{version} pkgconfig(zlib) qt5-qtbase-private-devel
Source0: https://download.qt.io/official_releases/qt/5.15/%{version}/submodules/qtsvg-everywhere-src-%{version}.tar.xz
Patch0: qtsvg-5.15.2-clamp-parsed-doubles-to-float-representtable-values.patch
Patch1: CVE-2021-45930.patch
BuildRequires: qt5-qtbase-devel >= %{version} pkgconfig(zlib) qt5-qtbase-private-devel make
%{?_qt5:Requires: %{_qt5} = %{_qt5_version}}
%description
@ -51,6 +53,7 @@ popd
%dir %{_qt5_libdir}/cmake/Qt5Svg/
%{_qt5_libdir}/{libQt5Svg.so.5*,cmake/Qt5Svg/Qt5Svg_*Plugin.cmake}
%{_qt5_plugindir}/{iconengines/libqsvgicon.so,imageformats/libqsvg.so}
%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QSvg*Plugin.cmake
%files devel
%{_qt5_examplesdir}/
@ -60,5 +63,17 @@ popd
%{_qt5_archdatadir}/mkspecs/modules/qt_lib_svg*.pri
%changelog
* Tue Jan 18 2022 liyanan <liyanan32@huawei.com> - 5.15.2-1
- update to upstream version 5.15.2
* Thu Jan 13 2022 wangkai <wangkai385@huawei.com> - 5.11.1-6
- Fix CVE-2021-45930
* Mon Sep 14 2020 liuweibo <liuweibo10@huawei.com> - 5.11.1-5
- Fix Source0
* Fri Jan 10 2020 zhouyihang <zhouyihang1@huawei.com> - 5.11.1-4
- change the source to valid address
* Thu Nov 07 2019 yanzhihua <yanzhihua4@huawei.com> - 5.11.1-3
- Package init

4
qt5-qtsvg.yaml Normal file
View File

@ -0,0 +1,4 @@
version_control: git
src_repo: https://code.qt.io/qt/qtsvg.git
tag_prefix: "^v"
separator: "."

30
qtsvg-5.15.2-clamp-parsed-doubles-to-float-representtable-values.patch Normal file
View File

@ -0,0 +1,30 @@
diff -up qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp.orig qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp
--- qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp.orig 2020-10-27 09:02:11.000000000 +0100
+++ qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp 2021-03-09 17:48:50.187425243 +0100
@@ -65,6 +65,7 @@
#include "private/qmath_p.h"
#include "float.h"
+#include <cmath>
QT_BEGIN_NAMESPACE
@@ -672,6 +673,9 @@ static qreal toDouble(const QChar *&str)
val = -val;
} else {
val = QByteArray::fromRawData(temp, pos).toDouble();
+ // Do not tolerate values too wild to be represented normally by floats
+ if (std::fpclassify(float(val)) != FP_NORMAL)
+ val = 0;
}
return val;
@@ -3043,6 +3047,8 @@ static QSvgStyleProperty *createRadialGr
ncy = toDouble(cy);
if (!r.isEmpty())
nr = toDouble(r);
+ if (nr < 0.5)
+ nr = 0.5;
qreal nfx = ncx;
if (!fx.isEmpty())

BIN
qtsvg-everywhere-src-5.11.1.tar.xz
View File

Binary file not shown.

BIN
qtsvg-everywhere-src-5.15.2.tar.xz Normal file
View File

Binary file not shown.

12
qtsvg-opensource-src-5.6.0-beta1-example-install.patch
View File

@ -1,12 +0,0 @@
diff --git a/examples/svg/richtext/textobject/textobject.pro b/examples/svg/richtext/textobject/textobject.pro
index 8892ae7..f9ec7c6 100644
--- a/examples/svg/richtext/textobject/textobject.pro
+++ b/examples/svg/richtext/textobject/textobject.pro
@@ -14,6 +14,6 @@ INSTALLS += target
wince*{
filesToDeploy.files = files/*.svg
- filesToDeploy.path = files
+ filesToDeploy.path = $$[QT_INSTALL_EXAMPLES]/svg/richtext/textobject/files
DEPLOYMENT += filesToDeploy
}