depends: qt: patch for CVE-2023-45872

This commit is contained in:
tobtoht 2023-10-20 00:43:44 +02:00
parent c713ec9696
commit 5e60d472a2
No known key found for this signature in database
GPG key ID: E45B10DD027D2472
2 changed files with 19 additions and 1 deletions

View file

@ -20,6 +20,7 @@ $(package)_patches += xcb-util-image-fix.patch
$(package)_patches += libxau-fix.patch $(package)_patches += libxau-fix.patch
$(package)_patches += toolchain.cmake $(package)_patches += toolchain.cmake
$(package)_patches += xkb-1.6.0.patch $(package)_patches += xkb-1.6.0.patch
$(package)_patches += CVE-2023-45872-qtsvg-6.6.0.diff
#$(package)_patches += fix-static-fontconfig-static-linking.patch #$(package)_patches += fix-static-fontconfig-static-linking.patch
$(package)_qttools_file_name=qttools-$($(package)_suffix) $(package)_qttools_file_name=qttools-$($(package)_suffix)
@ -191,7 +192,9 @@ define $(package)_preprocess_cmds
patch -p1 -i $($(package)_patch_dir)/xkb-1.6.0.patch && \ patch -p1 -i $($(package)_patch_dir)/xkb-1.6.0.patch && \
cd ../qtmultimedia && \ cd ../qtmultimedia && \
patch -p1 -i $($(package)_patch_dir)/qtmultimedia-fixes.patch && \ patch -p1 -i $($(package)_patch_dir)/qtmultimedia-fixes.patch && \
patch -p1 -i $($(package)_patch_dir)/v4l2.patch patch -p1 -i $($(package)_patch_dir)/v4l2.patch && \
cd ../qtsvg && \
patch -p1 -i $($(package)_patch_dir)/CVE-2023-45872-qtsvg-6.6.0.diff
endef endef
define $(package)_config_cmds define $(package)_config_cmds

View file

@ -0,0 +1,15 @@
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index 2649422..335500a 100644
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -3606,6 +3606,8 @@ void QSvgHandler::init()
static bool detectCycles(const QSvgNode *node, QList<const QSvgUse *> active = {})
{
+ if (Q_UNLIKELY(!node))
+ return false;
switch (node->type()) {
case QSvgNode::DOC:
case QSvgNode::G: