rpms
/
qt5-qtbase
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed bz#1994724, CVE-2021-38593

This commit is contained in:
Than Ngo 2022-05-30 14:33:02 +02:00
parent fac656cd23
commit aebce69e3b
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
qt5-qtbase.spec
View File

@ -58,7 +58,7 @@ BuildRequires: pkgconfig(libsystemd)
Name: qt5-qtbase
Summary: Qt5 - QtBase components
Version: 5.15.3
Release: 1%{?dist}
Release: 2%{?dist}
# See LGPL_EXCEPTIONS.txt, for exception details
License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -146,6 +146,7 @@ Patch90: %{name}-gcc11.patch
Patch100: kde-5.15-rollup-20220304.patch.gz
# HACK to make 'fedpkg sources' consider it 'used"
Source100: kde-5.15-rollup-20220304.patch.gz
Patch101: qtbase-everywhere-src-5.15.4-cve-2021-38593.patch
Patch102: qtbase-everywhere-src-5.15.2-CVE-2022-2525.patch
# Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
@ -420,6 +421,7 @@ Qt5 libraries used for drawing widgets and OpenGL items.
## upstream patches
%patch100 -p1
%patch101 -p1
%patch102 -p1
# move some bundled libs to ensure they're not accidentally used
@ -1094,6 +1096,9 @@ fi
%changelog
* Mon May 30 2022 Than Ngo <than@redhat.com> - 5.15.3-2
- Fixed bz#1994724, CVE-2021-38593
* Fri Mar 04 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.3-1
- 5.15.3 + kde-5.15 fixes

12
qtbase-everywhere-src-5.15.4-cve-2021-38593.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up qtbase-everywhere-src-5.15.4/src/gui/painting/qpaintengineex.cpp.me qtbase-everywhere-src-5.15.4/src/gui/painting/qpaintengineex.cpp
--- qtbase-everywhere-src-5.15.4/src/gui/painting/qpaintengineex.cpp.me 2022-05-30 14:21:52.215469841 +0200
+++ qtbase-everywhere-src-5.15.4/src/gui/painting/qpaintengineex.cpp 2022-05-30 14:22:39.552558748 +0200
@@ -426,7 +426,7 @@ void QPaintEngineEx::stroke(const QVecto
patternLength *= pw;
if (qFuzzyIsNull(patternLength)) {
pen.setStyle(Qt::NoPen);
- } else if (extent / patternLength > 10000) {
+ } else if (qFuzzyIsNull(extent) || extent / patternLength > 10000) {
// approximate stream of tiny dashes with semi-transparent solid line
pen.setStyle(Qt::SolidLine);
QColor color(pen.color());