]> Nutra Git (v2) - gamesguru/feather.git/commitdiff
projects / gamesguru / feather.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c713ec9)
depends: qt: patch for CVE-2023-45872
authortobtoht <tob@featherwallet.org>
Thu, 19 Oct 2023 22:43:44 +0000 (00:43 +0200)
committertobtoht <tob@featherwallet.org>
Thu, 19 Oct 2023 22:43:44 +0000 (00:43 +0200)
contrib/depends/packages/qt.mk patch | blob | history
contrib/depends/patches/qt/CVE-2023-45872-qtsvg-6.6.0.diff [new file with mode: 0644] patch | blob

diff --git a/contrib/depends/packages/qt.mk b/contrib/depends/packages/qt.mk
index d15567b2a259a8ed4422baefa9e78eb0197a337f..d53c422d0ad8515bd86bd447e6f33e47d8f46f08 100644 (file)
--- a/contrib/depends/packages/qt.mk
+++ b/contrib/depends/packages/qt.mk
@@ -20,6 +20,7 @@ $(package)_patches += xcb-util-image-fix.patch
 $(package)_patches += libxau-fix.patch
 $(package)_patches += toolchain.cmake
 $(package)_patches += xkb-1.6.0.patch
+$(package)_patches += CVE-2023-45872-qtsvg-6.6.0.diff
 #$(package)_patches += fix-static-fontconfig-static-linking.patch
 
 $(package)_qttools_file_name=qttools-$($(package)_suffix)
@@ -191,7 +192,9 @@ define $(package)_preprocess_cmds
   patch -p1 -i $($(package)_patch_dir)/xkb-1.6.0.patch && \
   cd ../qtmultimedia && \
   patch -p1 -i $($(package)_patch_dir)/qtmultimedia-fixes.patch && \
-  patch -p1 -i $($(package)_patch_dir)/v4l2.patch
+  patch -p1 -i $($(package)_patch_dir)/v4l2.patch && \
+  cd ../qtsvg && \
+  patch -p1 -i $($(package)_patch_dir)/CVE-2023-45872-qtsvg-6.6.0.diff
 endef
 
 define $(package)_config_cmds
diff --git a/contrib/depends/patches/qt/CVE-2023-45872-qtsvg-6.6.0.diff b/contrib/depends/patches/qt/CVE-2023-45872-qtsvg-6.6.0.diff
new file mode 100644 (file)
index 0000000..a60618d
--- /dev/null
+++ b/contrib/depends/patches/qt/CVE-2023-45872-qtsvg-6.6.0.diff
@@ -0,0 +1,15 @@
+diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
+index 2649422..335500a 100644
+--- a/src/svg/qsvghandler.cpp
++++ b/src/svg/qsvghandler.cpp
+@@ -3606,6 +3606,8 @@ void QSvgHandler::init()
+ static bool detectCycles(const QSvgNode *node, QList<const QSvgUse *> active = {})
+ {
++    if (Q_UNLIKELY(!node))
++        return false;
+     switch (node->type()) {
+     case QSvgNode::DOC:
+     case QSvgNode::G:
+
+
Unnamed repository; edit this file 'description' to name the repository.