[neon/qt/qtsvg/Neon/unstable] debian: Drop CVE-2021-45930.diff, included in the new release.
Dmitry Shachnev
null at kde.org
Tue Jul 23 15:14:26 BST 2024
Git commit 2bcce47a243b1331a4d3d0bfd63b88579f52c352 by Dmitry Shachnev.
Committed on 06/01/2023 at 08:01.
Pushed by jriddell into branch 'Neon/unstable'.
Drop CVE-2021-45930.diff, included in the new release.
M +1 -0 debian/changelog
D +0 -204 debian/patches/CVE-2021-45930.diff
M +0 -1 debian/patches/series
https://invent.kde.org/neon/qt/qtsvg/-/commit/2bcce47a243b1331a4d3d0bfd63b88579f52c352
diff --git a/debian/changelog b/debian/changelog
index 8e09e30..1d0e99f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ qtsvg-opensource-src (5.15.8-1) UNRELEASED; urgency=medium
* New upstream release.
* Bump Qt build-dependencies to 5.15.8.
* Bump ABI version to 5-15-8.
+ * Drop CVE-2021-45930.diff, included in the new release.
-- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Fri, 06 Jan 2023 11:11:22 +0400
diff --git a/debian/patches/CVE-2021-45930.diff b/debian/patches/CVE-2021-45930.diff
deleted file mode 100644
index efc14a6..0000000
--- a/debian/patches/CVE-2021-45930.diff
+++ /dev/null
@@ -1,204 +0,0 @@
-Description: do stricter error checking when parsing path nodes
- The SVG spec mandates that path parsing should terminate on the first
- error encountered, and an error be reported. To improve the handling
- of corrupt files, implement such error handling, and also limit the
- number of QPainterPath elements to a reasonable range.
-Origin: upstream, https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=36cfd9efb9b22b89
-Last-Update: 2022-01-07
-
---- a/src/svg/qsvghandler.cpp
-+++ b/src/svg/qsvghandler.cpp
-@@ -1626,6 +1626,7 @@ static void pathArc(QPainterPath &path,
-
- static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
- {
-+ const int maxElementCount = 0x7fff; // Assume file corruption if more path elements than this
- qreal x0 = 0, y0 = 0; // starting point
- qreal x = 0, y = 0; // current point
- char lastMode = 0;
-@@ -1633,7 +1634,8 @@ static bool parsePathDataFast(const QStr
- const QChar *str = dataStr.constData();
- const QChar *end = str + dataStr.size();
-
-- while (str != end) {
-+ bool ok = true;
-+ while (ok && str != end) {
- while (str->isSpace() && (str + 1) != end)
- ++str;
- QChar pathElem = *str;
-@@ -1650,14 +1652,13 @@ static bool parsePathDataFast(const QStr
- arg.append(0);//dummy
- const qreal *num = arg.constData();
- int count = arg.count();
-- while (count > 0) {
-+ while (ok && count > 0) {
- qreal offsetX = x; // correction offsets
- qreal offsetY = y; // for relative commands
- switch (pathElem.unicode()) {
- case 'm': {
- if (count < 2) {
-- num++;
-- count--;
-+ ok = false;
- break;
- }
- x = x0 = num[0] + offsetX;
-@@ -1674,8 +1675,7 @@ static bool parsePathDataFast(const QStr
- break;
- case 'M': {
- if (count < 2) {
-- num++;
-- count--;
-+ ok = false;
- break;
- }
- x = x0 = num[0];
-@@ -1701,8 +1701,7 @@ static bool parsePathDataFast(const QStr
- break;
- case 'l': {
- if (count < 2) {
-- num++;
-- count--;
-+ ok = false;
- break;
- }
- x = num[0] + offsetX;
-@@ -1715,8 +1714,7 @@ static bool parsePathDataFast(const QStr
- break;
- case 'L': {
- if (count < 2) {
-- num++;
-- count--;
-+ ok = false;
- break;
- }
- x = num[0];
-@@ -1756,8 +1754,7 @@ static bool parsePathDataFast(const QStr
- break;
- case 'c': {
- if (count < 6) {
-- num += count;
-- count = 0;
-+ ok = false;
- break;
- }
- QPointF c1(num[0] + offsetX, num[1] + offsetY);
-@@ -1773,8 +1770,7 @@ static bool parsePathDataFast(const QStr
- }
- case 'C': {
- if (count < 6) {
-- num += count;
-- count = 0;
-+ ok = false;
- break;
- }
- QPointF c1(num[0], num[1]);
-@@ -1790,8 +1786,7 @@ static bool parsePathDataFast(const QStr
- }
- case 's': {
- if (count < 4) {
-- num += count;
-- count = 0;
-+ ok = false;
- break;
- }
- QPointF c1;
-@@ -1812,8 +1807,7 @@ static bool parsePathDataFast(const QStr
- }
- case 'S': {
- if (count < 4) {
-- num += count;
-- count = 0;
-+ ok = false;
- break;
- }
- QPointF c1;
-@@ -1834,8 +1828,7 @@ static bool parsePathDataFast(const QStr
- }
- case 'q': {
- if (count < 4) {
-- num += count;
-- count = 0;
-+ ok = false;
- break;
- }
- QPointF c(num[0] + offsetX, num[1] + offsetY);
-@@ -1850,8 +1843,7 @@ static bool parsePathDataFast(const QStr
- }
- case 'Q': {
- if (count < 4) {
-- num += count;
-- count = 0;
-+ ok = false;
- break;
- }
- QPointF c(num[0], num[1]);
-@@ -1866,8 +1858,7 @@ static bool parsePathDataFast(const QStr
- }
- case 't': {
- if (count < 2) {
-- num += count;
-- count = 0;
-+ ok = false;
- break;
- }
- QPointF e(num[0] + offsetX, num[1] + offsetY);
-@@ -1887,8 +1878,7 @@ static bool parsePathDataFast(const QStr
- }
- case 'T': {
- if (count < 2) {
-- num += count;
-- count = 0;
-+ ok = false;
- break;
- }
- QPointF e(num[0], num[1]);
-@@ -1908,8 +1898,7 @@ static bool parsePathDataFast(const QStr
- }
- case 'a': {
- if (count < 7) {
-- num += count;
-- count = 0;
-+ ok = false;
- break;
- }
- qreal rx = (*num++);
-@@ -1931,8 +1920,7 @@ static bool parsePathDataFast(const QStr
- break;
- case 'A': {
- if (count < 7) {
-- num += count;
-- count = 0;
-+ ok = false;
- break;
- }
- qreal rx = (*num++);
-@@ -1953,12 +1941,15 @@ static bool parsePathDataFast(const QStr
- }
- break;
- default:
-- return false;
-+ ok = false;
-+ break;
- }
- lastMode = pathElem.toLatin1();
-+ if (path.elementCount() > maxElementCount)
-+ ok = false;
- }
- }
-- return true;
-+ return ok;
- }
-
- static bool parseStyle(QSvgNode *node,
-@@ -2995,8 +2986,8 @@ static QSvgNode *createPathNode(QSvgNode
-
- QPainterPath qpath;
- qpath.setFillRule(Qt::WindingFill);
-- //XXX do error handling
-- parsePathDataFast(data, qpath);
-+ if (!parsePathDataFast(data, qpath))
-+ qCWarning(lcSvgHandler, "Invalid path data; path truncated.");
-
- QSvgNode *path = new QSvgPath(parent, qpath);
- return path;
diff --git a/debian/patches/series b/debian/patches/series
index 88d2933..a818b33 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1 @@
-CVE-2021-45930.diff
reject_oversize_svgs.diff
More information about the Neon-commits
mailing list