[neon/qt/qtsvg/Neon/release] debian: Refresh debian/patches/CVE-2021-3481.diff.

Dmitry Shachnev null at kde.org
Fri Jul 15 12:11:36 BST 2022 

Git commit b908ae11a71e879e97d998897600ca61843b4ec9 by Dmitry Shachnev.
Committed on 05/03/2022 at 18:37.
Pushed by jriddell into branch 'Neon/release'.

Refresh debian/patches/CVE-2021-3481.diff.

M  +1    -0    debian/changelog
M  +6    -16   debian/patches/CVE-2021-3481.diff

https://invent.kde.org/neon/qt/qtsvg/commit/b908ae11a71e879e97d998897600ca61843b4ec9

diff --git a/debian/changelog b/debian/changelog
index c385987..41ec778 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ qtsvg-opensource-src (5.15.3-1) UNRELEASED; urgency=medium
   * Update debian/watch.
   * Bump Qt build-dependencies to 5.15.3.
   * Bump ABI version to 5-15-3.
+  * Refresh debian/patches/CVE-2021-3481.diff.
 
  -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Sat, 05 Mar 2022 20:44:59 +0300
 
diff --git a/debian/patches/CVE-2021-3481.diff b/debian/patches/CVE-2021-3481.diff
index a5256f8..f49d1df 100644
--- a/debian/patches/CVE-2021-3481.diff
+++ b/debian/patches/CVE-2021-3481.diff
@@ -1,30 +1,20 @@
 Description: clamp parsed doubles to float representable values
-Origin: upstream, commits:
- https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=aceea78cc05ac8ff
- https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=bfd6ee0d8cf34b63
-Last-Update: 2021-04-12
+Origin: upstream, https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=bfd6ee0d8cf34b63
+Last-Update: 2022-03-05
 
 --- a/src/svg/qsvghandler.cpp
 +++ b/src/svg/qsvghandler.cpp
-@@ -65,6 +65,7 @@
- #include "private/qmath_p.h"
- 
- #include "float.h"
-+#include <cmath>
- 
- QT_BEGIN_NAMESPACE
- 
-@@ -672,6 +673,9 @@ static qreal toDouble(const QChar *&str)
+@@ -673,7 +673,8 @@ static qreal toDouble(const QChar *&str)
              val = -val;
      } else {
          val = QByteArray::fromRawData(temp, pos).toDouble();
+-        if (qFpClassify(val) != FP_NORMAL)
 +        // Do not tolerate values too wild to be represented normally by floats
 +        if (qFpClassify(float(val)) != FP_NORMAL)
-+            val = 0;
+             val = 0;
      }
      return val;
- 
-@@ -3043,6 +3047,8 @@ static QSvgStyleProperty *createRadialGr
+@@ -3046,6 +3047,8 @@ static QSvgStyleProperty *createRadialGr
          ncy = toDouble(cy);
      if (!r.isEmpty())
          nr = toDouble(r);

More information about the Neon-commits mailing list