[neon/qt/qtsvg/Neon/release] debian: Drop CVE-2021-3481.diff, included in the new release.

Dmitry Shachnev null at kde.org
Fri Jul 15 12:11:36 BST 2022 

Git commit cbaed9d410dd562cde7eb559b084008029f0324b by Dmitry Shachnev.
Committed on 12/05/2022 at 21:46.
Pushed by jriddell into branch 'Neon/release'.

Drop CVE-2021-3481.diff, included in the new release.

M  +1    -0    debian/changelog
D  +0    -25   debian/patches/CVE-2021-3481.diff
M  +0    -1    debian/patches/series

https://invent.kde.org/neon/qt/qtsvg/commit/cbaed9d410dd562cde7eb559b084008029f0324b

diff --git a/debian/changelog b/debian/changelog
index d0bb691..320a25b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ qtsvg-opensource-src (5.15.4-1) UNRELEASED; urgency=medium
   * New upstream release.
   * Bump Qt build-dependencies to 5.15.4.
   * Bump ABI version to 5-15-4.
+  * Drop CVE-2021-3481.diff, included in the new release.
 
  -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Fri, 13 May 2022 00:26:34 +0300
 
diff --git a/debian/patches/CVE-2021-3481.diff b/debian/patches/CVE-2021-3481.diff
deleted file mode 100644
index f49d1df..0000000
--- a/debian/patches/CVE-2021-3481.diff
+++ /dev/null
@@ -1,25 +0,0 @@
-Description: clamp parsed doubles to float representable values
-Origin: upstream, https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=bfd6ee0d8cf34b63
-Last-Update: 2022-03-05
-
---- a/src/svg/qsvghandler.cpp
-+++ b/src/svg/qsvghandler.cpp
-@@ -673,7 +673,8 @@ static qreal toDouble(const QChar *&str)
-             val = -val;
-     } else {
-         val = QByteArray::fromRawData(temp, pos).toDouble();
--        if (qFpClassify(val) != FP_NORMAL)
-+        // Do not tolerate values too wild to be represented normally by floats
-+        if (qFpClassify(float(val)) != FP_NORMAL)
-             val = 0;
-     }
-     return val;
-@@ -3046,6 +3047,8 @@ static QSvgStyleProperty *createRadialGr
-         ncy = toDouble(cy);
-     if (!r.isEmpty())
-         nr = toDouble(r);
-+    if (nr < 0.5)
-+        nr = 0.5;
- 
-     qreal nfx = ncx;
-     if (!fx.isEmpty())
diff --git a/debian/patches/series b/debian/patches/series
index dccecd7..88d2933 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,2 @@
-CVE-2021-3481.diff
 CVE-2021-45930.diff
 reject_oversize_svgs.diff

More information about the Neon-commits mailing list