backport upstream patch to fix crash with SVG format check failed error (telegram-desktop) [release 6.6.0-2mamba;Sun Oct 29 2023]
This commit is contained in:
parent
26867e1133
commit
857a6a195a
22
qt6-qtsvg-6.6.0-invalid-svg-crash.patch
Normal file
22
qt6-qtsvg-6.6.0-invalid-svg-crash.patch
Normal file
@ -0,0 +1,22 @@
|
||||
Update:
|
||||
What this fixes was later assigned CVE-2023-45872
|
||||
https://lists.qt-project.org/pipermail/development/2023-October/044577.html
|
||||
|
||||
https://bugs.gentoo.org/915582
|
||||
https://bugreports.qt.io/browse/QTBUG-117944
|
||||
https://codereview.qt-project.org/c/qt/qtsvg/+/510692
|
||||
https://github.com/qt/qtsvg/commit/effc44495a33babd4cf7a2044123f420e6b3da1c
|
||||
From: Paul Olav Tvete <paul.tvete@qt.io>
|
||||
Date: Tue, 10 Oct 2023 10:14:22 +0200
|
||||
Subject: [PATCH] Fix nullptr dereference with invalid SVG
|
||||
--- a/src/svg/qsvghandler.cpp
|
||||
+++ b/src/svg/qsvghandler.cpp
|
||||
@@ -3606,6 +3606,8 @@ void QSvgHandler::init()
|
||||
|
||||
static bool detectCycles(const QSvgNode *node, QList<const QSvgUse *> active = {})
|
||||
{
|
||||
+ if (Q_UNLIKELY(!node))
|
||||
+ return false;
|
||||
switch (node->type()) {
|
||||
case QSvgNode::DOC:
|
||||
case QSvgNode::G:
|
@ -1,8 +1,8 @@
|
||||
%define majver %(echo %version | cut -d. -f1-2)
|
||||
|
||||
Name: qt6-qtsvg
|
||||
Version: 6.5.3
|
||||
Release: 1mamba
|
||||
Version: 6.6.0
|
||||
Release: 2mamba
|
||||
Summary: Qt6 SVG components
|
||||
Group: System/Libraries
|
||||
Vendor: openmamba
|
||||
@ -10,6 +10,7 @@ Distribution: openmamba
|
||||
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
|
||||
URL: https://www.qt.io/
|
||||
Source: https://download.qt.io/official_releases/qt/%{majver}/%{version}/submodules/qtsvg-everywhere-src-%{version}.tar.xz
|
||||
Patch0: qt6-qtsvg-6.6.0-invalid-svg-crash.patch
|
||||
License: GPL
|
||||
## AUTOBUILDREQ-BEGIN
|
||||
BuildRequires: glibc-devel
|
||||
@ -36,6 +37,7 @@ This package contains libraries and header files for developing applications tha
|
||||
|
||||
%prep
|
||||
%setup -q -n qtsvg-everywhere-src-%{version}
|
||||
%patch 0 -p1 -b .invalid-svg-crash
|
||||
|
||||
%build
|
||||
%cmake -d build
|
||||
@ -84,6 +86,12 @@ This package contains libraries and header files for developing applications tha
|
||||
%{_libdir}/pkgconfig/Qt6Svg*.pc
|
||||
|
||||
%changelog
|
||||
* Sun Oct 29 2023 Silvan Calarco <silvan.calarco@mambasoft.it> 6.6.0-2mamba
|
||||
- backport upstream patch to fix crash with SVG format check failed error (telegram-desktop)
|
||||
|
||||
* Tue Oct 17 2023 Silvan Calarco <silvan.calarco@mambasoft.it> 6.6.0-1mamba
|
||||
- update to 6.6.0
|
||||
|
||||
* Fri Sep 29 2023 Automatic Build System <autodist@mambasoft.it> 6.5.3-1mamba
|
||||
- automatic version update by autodist
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user