From 0ff9c0527d8b1109c8e09846cb01356cffd9b9ca Mon Sep 17 00:00:00 2001 From: Martchus Date: Mon, 16 Oct 2023 18:28:09 +0200 Subject: [PATCH] Fix crashes with malformed SVGs in Qt 6 Svg packages --- ...nullptr-dereference-with-invalid-SVG.patch | 1 + qt6-svg/android-aarch64/PKGBUILD | 18 ++++++++++-- qt6-svg/android-aarch64/PKGBUILD.sh.ep | 2 +- ...nullptr-dereference-with-invalid-SVG.patch | 1 + qt6-svg/mingw-w64-static/PKGBUILD | 18 ++++++++++-- ...nullptr-dereference-with-invalid-SVG.patch | 29 +++++++++++++++++++ qt6-svg/mingw-w64/PKGBUILD | 18 ++++++++++-- qt6-svg/mingw-w64/PKGBUILD.sh.ep | 2 +- ...nullptr-dereference-with-invalid-SVG.patch | 1 + qt6-svg/static-compat/PKGBUILD | 18 ++++++++++-- qt6-svg/static-compat/PKGBUILD.sh.ep | 2 +- 11 files changed, 95 insertions(+), 15 deletions(-) create mode 120000 qt6-svg/android-aarch64/0001-Fix-nullptr-dereference-with-invalid-SVG.patch create mode 120000 qt6-svg/mingw-w64-static/0001-Fix-nullptr-dereference-with-invalid-SVG.patch create mode 100644 qt6-svg/mingw-w64/0001-Fix-nullptr-dereference-with-invalid-SVG.patch create mode 120000 qt6-svg/static-compat/0001-Fix-nullptr-dereference-with-invalid-SVG.patch diff --git a/qt6-svg/android-aarch64/0001-Fix-nullptr-dereference-with-invalid-SVG.patch b/qt6-svg/android-aarch64/0001-Fix-nullptr-dereference-with-invalid-SVG.patch new file mode 120000 index 00000000..46f6220c --- /dev/null +++ b/qt6-svg/android-aarch64/0001-Fix-nullptr-dereference-with-invalid-SVG.patch @@ -0,0 +1 @@ +../mingw-w64/0001-Fix-nullptr-dereference-with-invalid-SVG.patch \ No newline at end of file diff --git a/qt6-svg/android-aarch64/PKGBUILD b/qt6-svg/android-aarch64/PKGBUILD index 1019678c..64d2ab3e 100644 --- a/qt6-svg/android-aarch64/PKGBUILD +++ b/qt6-svg/android-aarch64/PKGBUILD @@ -7,7 +7,7 @@ _android_arch=aarch64 pkgname=android-$_android_arch-qt6-svg _qtver=6.6.0 pkgver=${_qtver/-/} -pkgrel=1 +pkgrel=2 arch=(any) url='https://www.qt.io' license=(GPL3 LGPL3 FDL custom) @@ -17,8 +17,20 @@ makedepends=('android-cmake' 'qt6-base' 'ninja' 'java-environment-openjdk>=11') options=('!strip' '!buildflags' 'staticlibs' '!emptydirs') groups=(android-${_android_arch}-qt6) _pkgfqn="qtsvg-everywhere-src-${_qtver}" -source=("https://download.qt.io/official_releases/qt/${pkgver%.*}/${_qtver}/submodules/${_pkgfqn}.tar.xz") -sha256sums=('33da25fef51102f564624a7ea3e57cb4a0a31b7b44783d1af5749ac36d3c72de') +source=("https://download.qt.io/official_releases/qt/${pkgver%.*}/${_qtver}/submodules/${_pkgfqn}.tar.xz" + '0001-Fix-nullptr-dereference-with-invalid-SVG.patch') +sha256sums=('33da25fef51102f564624a7ea3e57cb4a0a31b7b44783d1af5749ac36d3c72de' + '83f59c72773071df6adca9c0f6f457a460bd63a4d2b85f1e0df9cabf6b1c55e9') + +prepare () { + cd $_pkgfqn + + # apply patches; further descriptions can be found in patch files itself + for patch in "$srcdir/"*.patch; do + msg2 "Applying patch $patch" + patch -p1 -i "$patch" + done +} build() { source android-env ${_android_arch} diff --git a/qt6-svg/android-aarch64/PKGBUILD.sh.ep b/qt6-svg/android-aarch64/PKGBUILD.sh.ep index 3e0ab40b..00c1964c 100644 --- a/qt6-svg/android-aarch64/PKGBUILD.sh.ep +++ b/qt6-svg/android-aarch64/PKGBUILD.sh.ep @@ -2,7 +2,7 @@ \ _qtver=6.6.0 pkgver=${_qtver/-/} -pkgrel=1 +pkgrel=2 arch=(any) url='https://www.qt.io' license=(GPL3 LGPL3 FDL custom) diff --git a/qt6-svg/mingw-w64-static/0001-Fix-nullptr-dereference-with-invalid-SVG.patch b/qt6-svg/mingw-w64-static/0001-Fix-nullptr-dereference-with-invalid-SVG.patch new file mode 120000 index 00000000..46f6220c --- /dev/null +++ b/qt6-svg/mingw-w64-static/0001-Fix-nullptr-dereference-with-invalid-SVG.patch @@ -0,0 +1 @@ +../mingw-w64/0001-Fix-nullptr-dereference-with-invalid-SVG.patch \ No newline at end of file diff --git a/qt6-svg/mingw-w64-static/PKGBUILD b/qt6-svg/mingw-w64-static/PKGBUILD index 3a3cd93f..05c99bde 100644 --- a/qt6-svg/mingw-w64-static/PKGBUILD +++ b/qt6-svg/mingw-w64-static/PKGBUILD @@ -6,7 +6,7 @@ pkgname=mingw-w64-qt6-svg-static _qtver=6.6.0 pkgver=${_qtver/-/} -pkgrel=1 +pkgrel=2 arch=(any) url='https://www.qt.io' license=(GPL3 LGPL3 FDL custom) @@ -16,11 +16,23 @@ makedepends=('mingw-w64-cmake-static' 'qt6-base' 'ninja') options=('!strip' '!buildflags' 'staticlibs' '!emptydirs') groups=(mingw-w64-qt6) _pkgfqn="qtsvg-everywhere-src-${_qtver}" -source=("https://download.qt.io/official_releases/qt/${pkgver%.*}/${_qtver}/submodules/${_pkgfqn}.tar.xz") -sha256sums=('33da25fef51102f564624a7ea3e57cb4a0a31b7b44783d1af5749ac36d3c72de') +source=("https://download.qt.io/official_releases/qt/${pkgver%.*}/${_qtver}/submodules/${_pkgfqn}.tar.xz" + '0001-Fix-nullptr-dereference-with-invalid-SVG.patch') +sha256sums=('33da25fef51102f564624a7ea3e57cb4a0a31b7b44783d1af5749ac36d3c72de' + '83f59c72773071df6adca9c0f6f457a460bd63a4d2b85f1e0df9cabf6b1c55e9') _architectures='i686-w64-mingw32 x86_64-w64-mingw32' +prepare () { + cd $_pkgfqn + + # apply patches; further descriptions can be found in patch files itself + for patch in "$srcdir/"*.patch; do + msg2 "Applying patch $patch" + patch -p1 -i "$patch" + done +} + build() { for _arch in ${_architectures}; do export PKG_CONFIG=/usr/bin/$_arch-pkg-config diff --git a/qt6-svg/mingw-w64/0001-Fix-nullptr-dereference-with-invalid-SVG.patch b/qt6-svg/mingw-w64/0001-Fix-nullptr-dereference-with-invalid-SVG.patch new file mode 100644 index 00000000..3b84eb4b --- /dev/null +++ b/qt6-svg/mingw-w64/0001-Fix-nullptr-dereference-with-invalid-SVG.patch @@ -0,0 +1,29 @@ +From 50aaab95b65433a6a8ed616c6f473ca12389e3f0 Mon Sep 17 00:00:00 2001 +From: Paul Olav Tvete +Date: Tue, 10 Oct 2023 10:14:22 +0200 +Subject: [PATCH] Fix nullptr dereference with invalid SVG + +Fixes: QTBUG-117944 +Pick-to: 6.6 6.5 6.2 +Change-Id: I9059dc28c750fc0585f1fb982152b211c323c6cd +Reviewed-by: Eskil Abrahamsen Blomfeldt +--- + src/svg/qsvghandler.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp +index 2649422..335500a 100644 +--- a/src/svg/qsvghandler.cpp ++++ b/src/svg/qsvghandler.cpp +@@ -3606,6 +3606,8 @@ void QSvgHandler::init() + + static bool detectCycles(const QSvgNode *node, QList active = {}) + { ++ if (Q_UNLIKELY(!node)) ++ return false; + switch (node->type()) { + case QSvgNode::DOC: + case QSvgNode::G: +-- +2.42.0 + diff --git a/qt6-svg/mingw-w64/PKGBUILD b/qt6-svg/mingw-w64/PKGBUILD index 1009d9f6..99296769 100644 --- a/qt6-svg/mingw-w64/PKGBUILD +++ b/qt6-svg/mingw-w64/PKGBUILD @@ -6,7 +6,7 @@ pkgname=mingw-w64-qt6-svg _qtver=6.6.0 pkgver=${_qtver/-/} -pkgrel=1 +pkgrel=2 arch=(any) url='https://www.qt.io' license=(GPL3 LGPL3 FDL custom) @@ -16,11 +16,23 @@ makedepends=('mingw-w64-cmake' 'qt6-base' 'ninja') options=('!strip' '!buildflags' 'staticlibs' '!emptydirs') groups=(mingw-w64-qt6) _pkgfqn="qtsvg-everywhere-src-${_qtver}" -source=("https://download.qt.io/official_releases/qt/${pkgver%.*}/${_qtver}/submodules/${_pkgfqn}.tar.xz") -sha256sums=('33da25fef51102f564624a7ea3e57cb4a0a31b7b44783d1af5749ac36d3c72de') +source=("https://download.qt.io/official_releases/qt/${pkgver%.*}/${_qtver}/submodules/${_pkgfqn}.tar.xz" + '0001-Fix-nullptr-dereference-with-invalid-SVG.patch') +sha256sums=('33da25fef51102f564624a7ea3e57cb4a0a31b7b44783d1af5749ac36d3c72de' + '83f59c72773071df6adca9c0f6f457a460bd63a4d2b85f1e0df9cabf6b1c55e9') _architectures='i686-w64-mingw32 x86_64-w64-mingw32' +prepare () { + cd $_pkgfqn + + # apply patches; further descriptions can be found in patch files itself + for patch in "$srcdir/"*.patch; do + msg2 "Applying patch $patch" + patch -p1 -i "$patch" + done +} + build() { for _arch in ${_architectures}; do export PKG_CONFIG=/usr/bin/$_arch-pkg-config diff --git a/qt6-svg/mingw-w64/PKGBUILD.sh.ep b/qt6-svg/mingw-w64/PKGBUILD.sh.ep index 99c9fb21..919d93b6 100644 --- a/qt6-svg/mingw-w64/PKGBUILD.sh.ep +++ b/qt6-svg/mingw-w64/PKGBUILD.sh.ep @@ -2,7 +2,7 @@ \ _qtver=6.6.0 pkgver=${_qtver/-/} -pkgrel=1 +pkgrel=2 arch=(any) url='https://www.qt.io' license=(GPL3 LGPL3 FDL custom) diff --git a/qt6-svg/static-compat/0001-Fix-nullptr-dereference-with-invalid-SVG.patch b/qt6-svg/static-compat/0001-Fix-nullptr-dereference-with-invalid-SVG.patch new file mode 120000 index 00000000..46f6220c --- /dev/null +++ b/qt6-svg/static-compat/0001-Fix-nullptr-dereference-with-invalid-SVG.patch @@ -0,0 +1 @@ +../mingw-w64/0001-Fix-nullptr-dereference-with-invalid-SVG.patch \ No newline at end of file diff --git a/qt6-svg/static-compat/PKGBUILD b/qt6-svg/static-compat/PKGBUILD index 1ca2fe6e..efe05989 100644 --- a/qt6-svg/static-compat/PKGBUILD +++ b/qt6-svg/static-compat/PKGBUILD @@ -6,7 +6,7 @@ pkgname=static-compat-qt6-svg _qtver=6.6.0 pkgver=${_qtver/-/} -pkgrel=1 +pkgrel=2 arch=(x86_64) url='https://www.qt.io' license=(GPL3 LGPL3 FDL custom) @@ -15,8 +15,20 @@ depends=(static-compat-qt6-base) makedepends=(static-compat-cmake ninja) options=('!strip' '!buildflags' 'staticlibs' '!emptydirs') _pkgfqn="qtsvg-everywhere-src-${_qtver}" -source=("https://download.qt.io/official_releases/qt/${pkgver%.*}/${_qtver}/submodules/${_pkgfqn}.tar.xz") -sha256sums=('33da25fef51102f564624a7ea3e57cb4a0a31b7b44783d1af5749ac36d3c72de') +source=("https://download.qt.io/official_releases/qt/${pkgver%.*}/${_qtver}/submodules/${_pkgfqn}.tar.xz" + '0001-Fix-nullptr-dereference-with-invalid-SVG.patch') +sha256sums=('33da25fef51102f564624a7ea3e57cb4a0a31b7b44783d1af5749ac36d3c72de' + '83f59c72773071df6adca9c0f6f457a460bd63a4d2b85f1e0df9cabf6b1c55e9') + +prepare () { + cd $_pkgfqn + + # apply patches; further descriptions can be found in patch files itself + for patch in "$srcdir/"*.patch; do + msg2 "Applying patch $patch" + patch -p1 -i "$patch" + done +} build() { check_buildoption ccache y && ccache_args=' diff --git a/qt6-svg/static-compat/PKGBUILD.sh.ep b/qt6-svg/static-compat/PKGBUILD.sh.ep index 3d376250..957c0d29 100644 --- a/qt6-svg/static-compat/PKGBUILD.sh.ep +++ b/qt6-svg/static-compat/PKGBUILD.sh.ep @@ -2,7 +2,7 @@ \ _qtver=6.6.0 pkgver=${_qtver/-/} -pkgrel=1 +pkgrel=2 arch=(x86_64) url='https://www.qt.io' license=(GPL3 LGPL3 FDL custom)