packages/qt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!52 [sync] PR-51: fix CVE-2023-32573

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @peijiankang 
Signed-off-by: @peijiankang
This commit is contained in:
openeuler-ci-bot 2023-08-22 01:15:40 +00:00 committed by Gitee
commit b3258e5115
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
CVE-2023-32573.patch Normal file
View File

@ -0,0 +1,34 @@
diff -up qt-everywhere-opensource-src-4.8.7/src/svg/qsvgfont_p.h.me qt-everywhere-opensource-src-4.8.7/src/svg/qsvgfont_p.h
--- qt-everywhere-opensource-src-4.8.7/src/svg/qsvgfont_p.h.me 2023-05-18 14:45:36.239081107 +0200
+++ qt-everywhere-opensource-src-4.8.7/src/svg/qsvgfont_p.h 2023-05-18 14:47:11.440869275 +0200
@@ -78,6 +78,7 @@ public:
class QSvgFont : public QSvgRefCounted
{
public:
+ static const qreal DEFAULT_UNITS_PER_EM = 1000;
QSvgFont(qreal horizAdvX);
void setFamilyName(const QString &name);
@@ -90,9 +91,7 @@ public:
void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const;
public:
QString m_familyName;
- qreal m_unitsPerEm;
- qreal m_ascent;
- qreal m_descent;
+ qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
qreal m_horizAdvX;
QHash<QChar, QSvgGlyph> m_glyphs;
};
diff -up qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp.me qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp
--- qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp.me 2023-05-18 14:45:24.569107055 +0200
+++ qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp 2023-05-18 14:45:10.885137479 +0200
@@ -2571,7 +2571,7 @@ static bool parseFontFaceNode(QSvgStyleP
qreal unitsPerEm = toDouble(unitsPerEmStr);
if (!unitsPerEm)
- unitsPerEm = 1000;
+ unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
if (!name.isEmpty())
font->setFamilyName(name);

9
qt.spec
View File

@ -13,7 +13,7 @@
Name: qt
Epoch: 1
Version: 4.8.7
Release: 55
Release: 56
Summary: A software toolkit for developing applications
License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
URL: http://qt-project.org/
@ -88,6 +88,7 @@ Patch6003: CVE-2018-19870.patch
Patch6004: CVE-2018-19873.patch
Patch6005: CVE-2020-17507.patch
Patch6006: CVE-2020-0570.patch
Patch6007: CVE-2023-32573.patch
BuildRequires: cups-devel desktop-file-utils gcc-c++ libjpeg-devel findutils libmng-devel libtiff-devel pkgconfig pkgconfig(alsa)
BuildRequires: pkgconfig(dbus-1) pkgconfig(fontconfig) pkgconfig(glib-2.0) pkgconfig(icu-i18n) openssl-devel pkgconfig(libpng)
@ -465,6 +466,12 @@ fi
%{_qt4_prefix}/examples/
%changelog
* Mon Aug 21 2023 peijiankang<peijiankang@kylinos.cn> - 1:4.8.7-56
- Type:cves
- ID:CVE-2023-32573
- SUG:NA
- DESC:fix CVE-2023-32573
* Mon Aug 14 2023 huayadong <huayadong@kylinos.cn> - 1:4.8.7-55
- update Patch11 and add Patch48 to fix builderror