backport upstream patch to fix crash with SVG format check failed error (telegram-desktop) [release 6.6.0-2mamba;Sun Oct 29 2023]

This commit is contained in:
Silvan Calarco 2024-01-05 17:14:49 +01:00
parent 26867e1133
commit 857a6a195a
2 changed files with 32 additions and 2 deletions

View File

@ -0,0 +1,22 @@
Update:
What this fixes was later assigned CVE-2023-45872
https://lists.qt-project.org/pipermail/development/2023-October/044577.html
https://bugs.gentoo.org/915582
https://bugreports.qt.io/browse/QTBUG-117944
https://codereview.qt-project.org/c/qt/qtsvg/+/510692
https://github.com/qt/qtsvg/commit/effc44495a33babd4cf7a2044123f420e6b3da1c
From: Paul Olav Tvete <paul.tvete@qt.io>
Date: Tue, 10 Oct 2023 10:14:22 +0200
Subject: [PATCH] Fix nullptr dereference with invalid SVG
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -3606,6 +3606,8 @@ void QSvgHandler::init()
static bool detectCycles(const QSvgNode *node, QList<const QSvgUse *> active = {})
{
+ if (Q_UNLIKELY(!node))
+ return false;
switch (node->type()) {
case QSvgNode::DOC:
case QSvgNode::G:

View File

@ -1,8 +1,8 @@
%define majver %(echo %version | cut -d. -f1-2) %define majver %(echo %version | cut -d. -f1-2)
Name: qt6-qtsvg Name: qt6-qtsvg
Version: 6.5.3 Version: 6.6.0
Release: 1mamba Release: 2mamba
Summary: Qt6 SVG components Summary: Qt6 SVG components
Group: System/Libraries Group: System/Libraries
Vendor: openmamba Vendor: openmamba
@ -10,6 +10,7 @@ Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it> Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: https://www.qt.io/ URL: https://www.qt.io/
Source: https://download.qt.io/official_releases/qt/%{majver}/%{version}/submodules/qtsvg-everywhere-src-%{version}.tar.xz Source: https://download.qt.io/official_releases/qt/%{majver}/%{version}/submodules/qtsvg-everywhere-src-%{version}.tar.xz
Patch0: qt6-qtsvg-6.6.0-invalid-svg-crash.patch
License: GPL License: GPL
## AUTOBUILDREQ-BEGIN ## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel BuildRequires: glibc-devel
@ -36,6 +37,7 @@ This package contains libraries and header files for developing applications tha
%prep %prep
%setup -q -n qtsvg-everywhere-src-%{version} %setup -q -n qtsvg-everywhere-src-%{version}
%patch 0 -p1 -b .invalid-svg-crash
%build %build
%cmake -d build %cmake -d build
@ -84,6 +86,12 @@ This package contains libraries and header files for developing applications tha
%{_libdir}/pkgconfig/Qt6Svg*.pc %{_libdir}/pkgconfig/Qt6Svg*.pc
%changelog %changelog
* Sun Oct 29 2023 Silvan Calarco <silvan.calarco@mambasoft.it> 6.6.0-2mamba
- backport upstream patch to fix crash with SVG format check failed error (telegram-desktop)
* Tue Oct 17 2023 Silvan Calarco <silvan.calarco@mambasoft.it> 6.6.0-1mamba
- update to 6.6.0
* Fri Sep 29 2023 Automatic Build System <autodist@mambasoft.it> 6.5.3-1mamba * Fri Sep 29 2023 Automatic Build System <autodist@mambasoft.it> 6.5.3-1mamba
- automatic version update by autodist - automatic version update by autodist