backport upstream patch to fix crash with SVG format check failed error (telegram-desktop) [release 6.6.0-2mamba;Sun Oct 29 2023]
This commit is contained in:
parent
26867e1133
commit
857a6a195a
22
qt6-qtsvg-6.6.0-invalid-svg-crash.patch
Normal file
22
qt6-qtsvg-6.6.0-invalid-svg-crash.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
Update:
|
||||||
|
What this fixes was later assigned CVE-2023-45872
|
||||||
|
https://lists.qt-project.org/pipermail/development/2023-October/044577.html
|
||||||
|
|
||||||
|
https://bugs.gentoo.org/915582
|
||||||
|
https://bugreports.qt.io/browse/QTBUG-117944
|
||||||
|
https://codereview.qt-project.org/c/qt/qtsvg/+/510692
|
||||||
|
https://github.com/qt/qtsvg/commit/effc44495a33babd4cf7a2044123f420e6b3da1c
|
||||||
|
From: Paul Olav Tvete <paul.tvete@qt.io>
|
||||||
|
Date: Tue, 10 Oct 2023 10:14:22 +0200
|
||||||
|
Subject: [PATCH] Fix nullptr dereference with invalid SVG
|
||||||
|
--- a/src/svg/qsvghandler.cpp
|
||||||
|
+++ b/src/svg/qsvghandler.cpp
|
||||||
|
@@ -3606,6 +3606,8 @@ void QSvgHandler::init()
|
||||||
|
|
||||||
|
static bool detectCycles(const QSvgNode *node, QList<const QSvgUse *> active = {})
|
||||||
|
{
|
||||||
|
+ if (Q_UNLIKELY(!node))
|
||||||
|
+ return false;
|
||||||
|
switch (node->type()) {
|
||||||
|
case QSvgNode::DOC:
|
||||||
|
case QSvgNode::G:
|
@ -1,8 +1,8 @@
|
|||||||
%define majver %(echo %version | cut -d. -f1-2)
|
%define majver %(echo %version | cut -d. -f1-2)
|
||||||
|
|
||||||
Name: qt6-qtsvg
|
Name: qt6-qtsvg
|
||||||
Version: 6.5.3
|
Version: 6.6.0
|
||||||
Release: 1mamba
|
Release: 2mamba
|
||||||
Summary: Qt6 SVG components
|
Summary: Qt6 SVG components
|
||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
Vendor: openmamba
|
Vendor: openmamba
|
||||||
@ -10,6 +10,7 @@ Distribution: openmamba
|
|||||||
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
|
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
|
||||||
URL: https://www.qt.io/
|
URL: https://www.qt.io/
|
||||||
Source: https://download.qt.io/official_releases/qt/%{majver}/%{version}/submodules/qtsvg-everywhere-src-%{version}.tar.xz
|
Source: https://download.qt.io/official_releases/qt/%{majver}/%{version}/submodules/qtsvg-everywhere-src-%{version}.tar.xz
|
||||||
|
Patch0: qt6-qtsvg-6.6.0-invalid-svg-crash.patch
|
||||||
License: GPL
|
License: GPL
|
||||||
## AUTOBUILDREQ-BEGIN
|
## AUTOBUILDREQ-BEGIN
|
||||||
BuildRequires: glibc-devel
|
BuildRequires: glibc-devel
|
||||||
@ -36,6 +37,7 @@ This package contains libraries and header files for developing applications tha
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n qtsvg-everywhere-src-%{version}
|
%setup -q -n qtsvg-everywhere-src-%{version}
|
||||||
|
%patch 0 -p1 -b .invalid-svg-crash
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%cmake -d build
|
%cmake -d build
|
||||||
@ -84,6 +86,12 @@ This package contains libraries and header files for developing applications tha
|
|||||||
%{_libdir}/pkgconfig/Qt6Svg*.pc
|
%{_libdir}/pkgconfig/Qt6Svg*.pc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Oct 29 2023 Silvan Calarco <silvan.calarco@mambasoft.it> 6.6.0-2mamba
|
||||||
|
- backport upstream patch to fix crash with SVG format check failed error (telegram-desktop)
|
||||||
|
|
||||||
|
* Tue Oct 17 2023 Silvan Calarco <silvan.calarco@mambasoft.it> 6.6.0-1mamba
|
||||||
|
- update to 6.6.0
|
||||||
|
|
||||||
* Fri Sep 29 2023 Automatic Build System <autodist@mambasoft.it> 6.5.3-1mamba
|
* Fri Sep 29 2023 Automatic Build System <autodist@mambasoft.it> 6.5.3-1mamba
|
||||||
- automatic version update by autodist
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user