qt5-qtsvg: add a security fix from upstream This doesn't have a CVE assigned (yet); it's listed as a security fix in Red Hat errata, etc. (https://bugzilla.redhat.com/show_bug.cgi?id=1931444)diff -r1.49 -r1.50 pkgsrc/x11/qt5-qtsvg/Makefile
(gutteridge)
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.49 2020/11/29 22:33:23 dbj Exp $ | 1 | # $NetBSD: Makefile,v 1.50 2021/03/20 00:44:01 gutteridge Exp $ | |
2 | 2 | |||
3 | DISTNAME= qtsvg-everywhere-src-${QTVERSION} | 3 | DISTNAME= qtsvg-everywhere-src-${QTVERSION} | |
4 | PKGNAME= qt5-qtsvg-${QTVERSION} | 4 | PKGNAME= qt5-qtsvg-${QTVERSION} | |
5 | PKGREVISION= 1 | 5 | PKGREVISION= 2 | |
6 | COMMENT= Qt5 module for SVG | 6 | COMMENT= Qt5 module for SVG | |
7 | 7 | |||
8 | BUILD_TARGET= sub-src | 8 | BUILD_TARGET= sub-src | |
9 | MAKE_ENV+= QTDIR=${QTDIR} | 9 | MAKE_ENV+= QTDIR=${QTDIR} | |
10 | 10 | |||
11 | INSTALL_ENV+= INSTALL_ROOT=${DESTDIR} | 11 | INSTALL_ENV+= INSTALL_ROOT=${DESTDIR} | |
12 | INSTALLATION_DIRS+= lib/pkgconfig | 12 | INSTALLATION_DIRS+= lib/pkgconfig | |
13 | 13 | |||
14 | .include "../../x11/qt5-qtbase/Makefile.common" | 14 | .include "../../x11/qt5-qtbase/Makefile.common" | |
15 | 15 | |||
16 | post-install: | 16 | post-install: | |
17 | .for i in Qt5Svg.pc | 17 | .for i in Qt5Svg.pc | |
18 | cd ${DESTDIR}${PREFIX}/lib/pkgconfig && \ | 18 | cd ${DESTDIR}${PREFIX}/lib/pkgconfig && \ |
@@ -1,6 +1,7 @@ | @@ -1,6 +1,7 @@ | |||
1 | $NetBSD: distinfo,v 1.20 2020/11/21 11:22:34 adam Exp $ | 1 | $NetBSD: distinfo,v 1.21 2021/03/20 00:44:01 gutteridge Exp $ | |
2 | 2 | |||
3 | SHA1 (qtsvg-everywhere-src-5.15.2.tar.xz) = 08531b47924078cbde6dfbf56da83651d58f6a13 | 3 | SHA1 (qtsvg-everywhere-src-5.15.2.tar.xz) = 08531b47924078cbde6dfbf56da83651d58f6a13 | |
4 | RMD160 (qtsvg-everywhere-src-5.15.2.tar.xz) = 39c8cf9d5a9de89a46b5fd41c0416504cf32478c | 4 | RMD160 (qtsvg-everywhere-src-5.15.2.tar.xz) = 39c8cf9d5a9de89a46b5fd41c0416504cf32478c | |
5 | SHA512 (qtsvg-everywhere-src-5.15.2.tar.xz) = 101e9c8fc05b1bb9c4e869564bff8e5723dd35f0ef557185e56e9dc12fdce74c531522c9642cdff639900eccf7ed0e04bfa48142741259697dded990fb481730 | 5 | SHA512 (qtsvg-everywhere-src-5.15.2.tar.xz) = 101e9c8fc05b1bb9c4e869564bff8e5723dd35f0ef557185e56e9dc12fdce74c531522c9642cdff639900eccf7ed0e04bfa48142741259697dded990fb481730 | |
6 | Size (qtsvg-everywhere-src-5.15.2.tar.xz) = 1886268 bytes | 6 | Size (qtsvg-everywhere-src-5.15.2.tar.xz) = 1886268 bytes | |
7 | SHA1 (patch-src_svg_qsvghandler.cpp) = a5148ae6caf1b2db9cc4a6f4de9967747c0a3932 |
$NetBSD: patch-src_svg_qsvghandler.cpp,v 1.1 2021/03/20 00:44:01 gutteridge Exp $
Fix out of bounds read in function QRadialFetchSimd from crafted svg file.
https://bugreports.qt.io/browse/QTBUG-91507
--- src/svg/qsvghandler.cpp.orig 2020-10-27 08:02:11.000000000 +0000
+++ src/svg/qsvghandler.cpp
@@ -672,6 +672,9 @@ static qreal toDouble(const QChar *&str)
val = -val;
} else {
val = QByteArray::fromRawData(temp, pos).toDouble();
+ // Do not tolerate values too wild to be represented normally by floats
+ if (std::fpclassify(float(val)) != FP_NORMAL)
+ val = 0;
}
return val;
@@ -3043,6 +3046,8 @@ static QSvgStyleProperty *createRadialGr
ncy = toDouble(cy);
if (!r.isEmpty())
nr = toDouble(r);
+ if (nr < 0.5)
+ nr = 0.5;
qreal nfx = ncx;
if (!fx.isEmpty())