diff options
| author | Marek Vasut <marex@denx.de> | 2023-10-10 15:59:40 +0200 |
|---|---|---|
| committer | Martin Jansa <martin.jansa@gmail.com> | 2023-10-11 14:18:48 +0200 |
| commit | 4302ed02150c6c7c8dc7bd18869070acaded3655 (patch) | |
| tree | 22078bd4a360f313366466e9aaa80ffefe15b43a /recipes-qt/qt5 | |
| parent | b06461fcc1b4b2af35e874417a3e95dbd0fa3d32 (diff) | |
qtsvg: Pick CVE-2023-32573 fix
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and
6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm
initialization is mishandled.
Advisory:
https://nvd.nist.gov/vuln/detail/CVE-2023-32573
Patch:
https://download.qt.io/official_releases/qt/5.15/CVE-2023-32573-qtsvg-5.15.diff
Signed-off-by: Marek Vasut <marex@denx.de>
Diffstat (limited to 'recipes-qt/qt5')
| -rw-r--r-- | recipes-qt/qt5/qtsvg/CVE-2023-32573-qtsvg-5.15.diff | 34 | ||||
| -rw-r--r-- | recipes-qt/qt5/qtsvg_git.bb | 4 |
2 files changed, 38 insertions, 0 deletions
diff --git a/recipes-qt/qt5/qtsvg/CVE-2023-32573-qtsvg-5.15.diff b/recipes-qt/qt5/qtsvg/CVE-2023-32573-qtsvg-5.15.diff new file mode 100644 index 00000000..f2a61e29 --- /dev/null +++ b/recipes-qt/qt5/qtsvg/CVE-2023-32573-qtsvg-5.15.diff @@ -0,0 +1,34 @@ +--- a/src/svg/qsvgfont_p.h
++++ b/src/svg/qsvgfont_p.h
+@@ -74,6 +74,7 @@ public:
+ class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted
+ {
+ public:
++ static constexpr qreal DEFAULT_UNITS_PER_EM = 1000;
+ QSvgFont(qreal horizAdvX);
+
+ void setFamilyName(const QString &name);
+@@ -86,9 +87,7 @@ public:
+ void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const;
+ public:
+ QString m_familyName;
+- qreal m_unitsPerEm;
+- qreal m_ascent;
+- qreal m_descent;
++ qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
+ qreal m_horizAdvX;
+ QHash<QChar, QSvgGlyph> m_glyphs;
+ };
+
+
+--- a/src/svg/qsvghandler.cpp
++++ b/src/svg/qsvghandler.cpp
+@@ -2668,7 +2668,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent,
+
+ qreal unitsPerEm = toDouble(unitsPerEmStr);
+ if (!unitsPerEm)
+- unitsPerEm = 1000;
++ unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
+
+ if (!name.isEmpty())
+ font->setFamilyName(name);
\ No newline at end of file diff --git a/recipes-qt/qt5/qtsvg_git.bb b/recipes-qt/qt5/qtsvg_git.bb index 4654a8ae..34d34b92 100644 --- a/recipes-qt/qt5/qtsvg_git.bb +++ b/recipes-qt/qt5/qtsvg_git.bb @@ -13,3 +13,7 @@ LIC_FILES_CHKSUM = " \ DEPENDS += "qtbase" SRCREV = "78ec450b81c403d3b4e6a2c178e300cef3637cca" + +SRC_URI += "\ + file://CVE-2023-32573-qtsvg-5.15.diff \ +" |