diff --git a/SPECS/qtbase/CVE-2024-56732.patch b/SPECS/qtbase/CVE-2024-56732.patch new file mode 100644 index 00000000000..5f11b9db367 --- /dev/null +++ b/SPECS/qtbase/CVE-2024-56732.patch @@ -0,0 +1,58 @@ +From 1767f99e2e2196c3fcae27db6d8b60098d3f6d26 Mon Sep 17 00:00:00 2001 +From: Behdad Esfahbod +Date: Sun, 10 Nov 2024 22:43:28 -0700 +Subject: [PATCH] [cairo] Guard hb_cairo_glyphs_from_buffer() against bad UTF-8 + +Previously it was assuming valid UTF-8. +--- + src/3rdparty/harfbuzz-ng/src/hb-cairo.cc | 2 ++ + src/3rdparty/harfbuzz-ng/src/hb-utf.hh | 6 ++++-- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/3rdparty/harfbuzz-ng/src/hb-cairo.cc b/src/3rdparty/harfbuzz-ng/src/hb-cairo.cc +index d8b582c4908..4d22ae059ff 100644 +--- a/src/3rdparty/harfbuzz-ng/src/hb-cairo.cc ++++ b/src/3rdparty/harfbuzz-ng/src/hb-cairo.cc +@@ -1000,6 +1000,7 @@ hb_cairo_glyphs_from_buffer (hb_buffer_t *buffer, + end = start + hb_glyph[i].cluster - hb_glyph[i+1].cluster; + else + end = (const char *) hb_utf_offset_to_pointer ((const uint8_t *) start, ++ (const uint8_t *) utf8, utf8_len, + (signed) (hb_glyph[i].cluster - hb_glyph[i+1].cluster)); + (*clusters)[cluster].num_bytes = end - start; + start = end; +@@ -1020,6 +1021,7 @@ hb_cairo_glyphs_from_buffer (hb_buffer_t *buffer, + end = start + hb_glyph[i].cluster - hb_glyph[i-1].cluster; + else + end = (const char *) hb_utf_offset_to_pointer ((const uint8_t *) start, ++ (const uint8_t *) utf8, utf8_len, + (signed) (hb_glyph[i].cluster - hb_glyph[i-1].cluster)); + (*clusters)[cluster].num_bytes = end - start; + start = end; +diff --git a/src/3rdparty/harfbuzz-ng/src/hb-utf.hh b/src/3rdparty/harfbuzz-ng/src/hb-utf.hh +index 1120bd1cccf..6db9bf2fd79 100644 +--- a/src/3rdparty/harfbuzz-ng/src/hb-utf.hh ++++ b/src/3rdparty/harfbuzz-ng/src/hb-utf.hh +@@ -458,19 +458,21 @@ struct hb_ascii_t + template + static inline const typename utf_t::codepoint_t * + hb_utf_offset_to_pointer (const typename utf_t::codepoint_t *start, ++ const typename utf_t::codepoint_t *text, ++ unsigned text_len, + signed offset) + { + hb_codepoint_t unicode; + + while (offset-- > 0) + start = utf_t::next (start, +- start + utf_t::max_len, ++ text + text_len, + &unicode, + HB_BUFFER_REPLACEMENT_CODEPOINT_DEFAULT); + + while (offset++ < 0) + start = utf_t::prev (start, +- start - utf_t::max_len, ++ text, + &unicode, + HB_BUFFER_REPLACEMENT_CODEPOINT_DEFAULT); diff --git a/SPECS/qtbase/qtbase.spec b/SPECS/qtbase/qtbase.spec index 118a2de7001..35ffc98f5ca 100644 --- a/SPECS/qtbase/qtbase.spec +++ b/SPECS/qtbase/qtbase.spec @@ -35,7 +35,7 @@ Name: qtbase Summary: Qt6 - QtBase components Version: 6.6.2 -Release: 1%{?dist} +Release: 2%{?dist} # See LICENSE.GPL3-EXCEPT.txt, for exception details License: GFDL AND LGPLv3 AND GPLv2 AND GPLv3 with exceptions AND QT License Agreement 4.0 Vendor: Microsoft Corporation @@ -43,6 +43,7 @@ Distribution: Azure Linux URL: https://qt-project.org/ %global majmin %(echo %{version} | cut -d. -f1-2) Source0: https://download.qt.io/archive/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz +Patch0: CVE-2024-56732.patch BuildRequires: build-essential BuildRequires: systemd @@ -700,6 +701,9 @@ fi %{_qt_plugindir}/platformthemes/libqxdgdesktopportal.so %changelog +* Wed Jan 15 2025 Lanze Liu - 6.6.2-2 +- Added a patch for addressing CVE-2024-56732 + * Fri May 17 2024 Neha Agarwal - 6.6.2-1 - Upgrade to version 6.6.2 to fix CVE-2023-51714