From patchwork Fri Jan 21 16:50:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Quentin Schulz X-Patchwork-Id: 1582661 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=cherrycloud.onmicrosoft.com header.i=@cherrycloud.onmicrosoft.com header.a=rsa-sha256 header.s=selector2-cherrycloud-onmicrosoft-com header.b=eLD7Nr3s; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver=) Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4JgQPw1QMbz9sCD for ; Sat, 22 Jan 2022 03:51:32 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 90B1E400F5; Fri, 21 Jan 2022 16:51:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CUVjjetwkhOG; Fri, 21 Jan 2022 16:51:28 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp2.osuosl.org (Postfix) with ESMTP id 0A6ED402EB; Fri, 21 Jan 2022 16:51:27 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 3B4061BF2CB for ; Fri, 21 Jan 2022 16:51:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 36B95416D7 for ; Fri, 21 Jan 2022 16:51:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=cherrycloud.onmicrosoft.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nrkZDHpYdPo7 for ; Fri, 21 Jan 2022 16:51:23 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50081.outbound.protection.outlook.com [40.107.5.81]) by smtp4.osuosl.org (Postfix) with ESMTPS id 26646416CC for ; Fri, 21 Jan 2022 16:51:23 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X0LkL3B0pUSIZhKKsAc5xAbOOUODd/c4ztVcolB2B+4cYw21It/ERHarD3PTsIS1hh4Ek3ZWDKSVoG/cMDWI07xQGrzI/9e4ULaUn01GXSa9HUugVE0zB5Li/a58ZLUHalGIw6AZD8FeknJUm1A/vNrYQGEzzoLsfggL1xNhBbenXG+FJS/snGGiXIGiLH8CyAKZ4zC2aXQdtBc+ecBPWoBbI77hyRcQjsneWlhPMypg1qi0w0FAnWVdw2WQ9k8ZJ9ZK4+POvM0rMwySGjllRWK9/qwsf+kIV3kSMzEfwhsQAn5hT884WvYwcRLL6dDKms66kH73STll3nG7H/AiKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DOFRIoJfW/cLuRSuMghorIRbxddvBF2PSGjSjLPqu00=; b=JPm/LXTDWOHoHs/87ST06h8UWCrH8+LbsuwxQNurH6icJQNYgDu1pw49SFkcFwQZLu04Tf+I5CMtpNw9K6QIpJAe+RK3oVH0ba/RBXoCLsT7HXEzznfrC8mAfWck9hCwnJcE251/XlgSz+6uVwkl9L9oivZC9/Ju0Vsu5IMTealcqrv1l5R6rmXnpZHAQlp7h9XkqIWOyzG8Tt5ilcITHQS1lh1QkjXyAW8fQz6wVHUqY3W8FshgPFu1vrVckEveqhfh2PdOox+jHS53ex55jrJ+gBRIdIiTCHrAjijGl4JpI0AKlnKNPRAYgryiqGOVJ4RXnxE/yCwtGukTQ29hoQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cherrycloud.onmicrosoft.com; s=selector2-cherrycloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DOFRIoJfW/cLuRSuMghorIRbxddvBF2PSGjSjLPqu00=; b=eLD7Nr3sVmtkphhlKU0+tb1wB+892LN7ofr6VtuInCUmT+Z0gdHEeAcuK+O8ncUPVWxvgW949h8wx0igm8KhpNMEagJs0k2xBnla+RJBUEanDphWRnuXPB7KIkvmGcroZhO2s6tqHZ4MuEmRS10v5VLdjj2JpId4asY8O5GfnPc= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=theobroma-systems.com; Received: from PA4PR04MB9367.eurprd04.prod.outlook.com (2603:10a6:102:2aa::7) by DB8PR04MB6953.eurprd04.prod.outlook.com (2603:10a6:10:111::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.12; Fri, 21 Jan 2022 16:51:04 +0000 Received: from PA4PR04MB9367.eurprd04.prod.outlook.com ([fe80::a8e8:87d3:e868:cc93]) by PA4PR04MB9367.eurprd04.prod.outlook.com ([fe80::a8e8:87d3:e868:cc93%8]) with mapi id 15.20.4909.008; Fri, 21 Jan 2022 16:51:04 +0000 From: Quentin Schulz To: buildroot@buildroot.org Date: Fri, 21 Jan 2022 17:50:46 +0100 Message-Id: <20220121165046.183224-1-quentin.schulz@theobroma-systems.com> X-Mailer: git-send-email 2.34.1 X-ClientProxiedBy: AM6PR02CA0030.eurprd02.prod.outlook.com (2603:10a6:20b:6e::43) To PA4PR04MB9367.eurprd04.prod.outlook.com (2603:10a6:102:2aa::7) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2ea6ce11-5440-4e6c-8fb8-08d9dcfe367c X-MS-TrafficTypeDiagnostic: DB8PR04MB6953:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Wy40pdXxWIOUK0JVQATNRIlwebFTRA5te387hHRZYfBqVvoIOAH5rQHFl8YVbu6a1NfvW2e3hCUQrn0pJynPaUx7c5o97+rQLfFF8HeJDtxNKcc6HRhqJgVL4ZU7PBDBOPPc+boeIvJyD/AuRiD2H+EpBfRdvYK/IpCSunQHwNTdN4RM7eogSpfoRzBXefGyFdxJecwiM173x5JUP314oG0IQ2shKpCcAULPOVLI6kD21M3ngV8xssNzfKICEWRESoThgKqnGKnLxSBTgfXgqSIjdnZLx+vU7IUIWMlQTXLoDg/99sIsJkzY6sMp04ArdnMDOPEStCvobULswh2Uwb6bRjW+tgB+TQ4UeqH/twGuZ6iJEH0fDmyGDK0M96ghT8AMOXMn9Ns3KAvKNhBMNu+uGGl2bAUXyxf8PgNrThXE2g5232RgXEwF8RcSSJvWUlHH+sOxWAfZ2mtcQrE7NeBhYAiP5nsVouSuEFUiXw/uJYtKo44yuEcGh/i+q0tpus+8I2p3/dDg088rhTaLZtL3BacI0I5iy1Sqk77XK3NFGw0BYZdBIBIHod2e0BqmB9qD46ATceH65j1Lrh6rA4dXiyJdOPthoD5HPMhDPdnnLIHrzt/P03A2w9tEycKaot424vzYKgJaGUo2aT+zMlJIxwBsNNVgQzkeXGOUSLqwUdU+uXkSsBe6nG2KPihUWW+jZIlUIvCRfz9d9VFWvCLvYo1m49vN8ocJC28rkfdNN/UeqA8GxoLi/AWGin5RGzLUTOs/hy44H+RKIzIb/g== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PA4PR04MB9367.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(8936002)(4326008)(966005)(186003)(2906002)(36756003)(86362001)(66574015)(44832011)(6506007)(6916009)(6486002)(2616005)(5660300002)(52116002)(8676002)(83380400001)(30864003)(1076003)(54906003)(6512007)(66946007)(508600001)(66556008)(26005)(66476007)(6666004)(38350700002)(38100700002)(316002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?/INor8vInMarTgckwSzXWs1R8Z3C?= =?utf-8?q?YGCWuOBzRATwYEHOH224+Y0kFn2kyMhjBuj92xNVgIDkaKztcm+tlo+Xf9ZYFyYOT?= =?utf-8?q?atUIEqMoJqdv4A2naR8QGIreseDb34ZaCtU9r7p2XHrIW2ELD91wod/BE2E7jyi9M?= =?utf-8?q?9I5B4t1sDR190u54rx0/yuJPVLhGAdiEo1zpyG1B1aPtCyHauDFb/0ldbnVBkofNI?= =?utf-8?q?+eBQekCCEo+kEfO9TQHLi8H0ngtnBodgAsozBGDR2aXbhCInEk7oMlYoyiSM0SA7Z?= =?utf-8?q?Ql6dRplScJzZLHpkjBgTMOg1OzSxo8aTJcCJN4utyrYrqK4tTR+zaffp3YZx4dVZD?= =?utf-8?q?cF3CTqM5EdW0PGY4rrGF8ACs5dTczj2k2j3G99H+CL1JuWBoWCaoOM+Kv9L4KWjAp?= =?utf-8?q?hY4aMi/HMkyvgg7yW1uYtkMqTFIWGRtuDikmIPiz2pEa+QVd/m56AZCZU4kAk0xXr?= =?utf-8?q?qwvlMl77M82XSdr9l7Z4fG5dSio4uojTYcCME0CPXYuL/J0UFlHlWIIRrrnPO9nqG?= =?utf-8?q?pfE2BwYK9BTOZgPKYOd9YoR2NIFKa7p8NZ+mGmngkXPoblDIEc27pVTQpMLQaDDRn?= =?utf-8?q?275WRaR/oJZk2Xl4oObgYnI5ewI2JGQFrSvMv3jzrCaGwsL/+OXRGNMR8zeITHOuO?= =?utf-8?q?wO9YRu/fgM5kgoL0+xIpPzE2wVY8H8sgZphA7h/zsKEm3gIUHHpKWMPcjFNxrS2Oe?= =?utf-8?q?/shT0qihEB61kaFfkEA1NnMwXz8H1Ao2FzohNW89ZKpXDG8lPgCnCT1EfiqOuAgb7?= =?utf-8?q?qji1DE87w1nSra2aDB967EUDqfDtuP5c8HfMGQUbI3tOZO7LflUaOXmPKO8SRBtc9?= =?utf-8?q?QWUNjEmLz/Xbt83VfHrs08VMPH0fwasYC++Zr5gDpIccUkbhIQGwQDIqQS7VES+Dz?= =?utf-8?q?koHNsIrdr1KPZDW5miKCBiCz1KdhhuUJI3g36cthIZN6CFM1gr+2lN0meZNBinXA1?= =?utf-8?q?39tXbrffQS7gCPRMjkDFxD+9IObCzgpQuaIBDJ9lxEScJdfbMzmiwFdfpW2UTRljG?= =?utf-8?q?0SQcmrV14lwgg5I92wmcRPnG6V9p2EdDPkeeyt1hhPRDiXaR3Sp1eROMVa1hK+c0K?= =?utf-8?q?vqQieHL0KuZDHpEpadm53W1/8IWkvpTKFLcVMuG5YuCdw//44gYJZZ4Y8obhJLLDo?= =?utf-8?q?NuivKEmP1QBFQsU/S9Oyo7mn86mybou3iSDF90Bb39DK61R/iDz96dDs6JE9tZlzf?= =?utf-8?q?MmfWQ8oEd9b7MuHD88rk2P22ehpMfjlBrmtZH/pDLLpUKOSqHmsM+D+u8rL8TqoOU?= =?utf-8?q?0rM4sunoqNqDrn0Opmqvz1bqjSFOsf5j4SxcDBKOFoWDvrsFTE3hW7/HZVozJlZIG?= =?utf-8?q?z/JyYDR4k95qbVAQWqCQSakcvfUJejlFzf4QNmHkSa6opXBsNAokIMjPQlTIeREJC?= =?utf-8?q?4x/i1kMgMXuR1dqNuZ+G7vFW30aJkcw2oon2suX6jZV2ILaAyKCZUQal39+tmOQEb?= =?utf-8?q?i4tZj7TfiMLRPz/WPhhnsVOAaSUo9txwqGQ0A8ylkMFSG1gf+VnuQEwLhIJWqnz0F?= =?utf-8?q?YPJGVF+5WxcOhsES1u2DEkA1a5d9SO4c3SzUXWiiTi0AUPxgu6pRT/EZ8Nr3S2XD8?= =?utf-8?q?sLCED+qu5DXCAt66b69cxsadxrQE/5fsza0Nm+pRX2wvVK0whyB0VWHt4C9WW6r/j?= =?utf-8?q?dbTIjvUBpy++xvnwJUm8EZEgcs7StUZQ=3D=3D?= X-OriginatorOrg: theobroma-systems.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2ea6ce11-5440-4e6c-8fb8-08d9dcfe367c X-MS-Exchange-CrossTenant-AuthSource: PA4PR04MB9367.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jan 2022 16:51:04.6540 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 5e0e1b52-21b5-4e7b-83bb-514ec460677e X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: x42S1vDfFbXVVDENwMuP1MUZofgf4QkDPp67wQ+HML+ezBlnAU6IY33ZX5qHqgqWS1tHiRZF3HYp7C2zeGjNB7qZNIVWqAXTHvbTABbHj7u1zbBlUImRMQinKMxhzjrs X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR04MB6953 Subject: [Buildroot] [PATCH v2] package/qt5/qt5base: fix CVE-2021-38593 X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Quentin Schulz , Quentin Schulz , Peter Seiderer , Julien Corjon Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" 5.15.2 is the last public release of 5.15 and does not contain this CVE fix. However, >=6.1.2 and >5.12.12 all contain the necessary patches so let's port them to 5.15.2. Technically only the first two patches are required to patch the CVE. However, the second patch introduces a regression that is fixed in the third patch. The patches are taken from KDE kde/5.15 git branch. Cc: Quentin Schulz Signed-off-by: Quentin Schulz --- v2: - added third patch for fixing regression introduced by the second patch, - cherry-picked commits from kde git kde/5.15 branch instead of taking patches from 5.12.12 since they all applied nicely, ...-intensive-painting-of-high-number-o.patch | 163 ++++++++++++++++++ ...-avoiding-huge-number-of-tiny-dashes.patch | 37 ++++ ...-avoiding-huge-number-of-tiny-dashes.patch | 100 +++++++++++ package/qt5/qt5base/qt5base.mk | 4 + 4 files changed, 304 insertions(+) create mode 100644 package/qt5/qt5base/0010-Avoid-processing-intensive-painting-of-high-number-o.patch create mode 100644 package/qt5/qt5base/0011-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch create mode 100644 package/qt5/qt5base/0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch diff --git a/package/qt5/qt5base/0010-Avoid-processing-intensive-painting-of-high-number-o.patch b/package/qt5/qt5base/0010-Avoid-processing-intensive-painting-of-high-number-o.patch new file mode 100644 index 0000000000..03287d19ca --- /dev/null +++ b/package/qt5/qt5base/0010-Avoid-processing-intensive-painting-of-high-number-o.patch @@ -0,0 +1,163 @@ +From 307bc02e379e63aa9b7a3d21bbcd9c84d34c600f Mon Sep 17 00:00:00 2001 +From: Eirik Aavitsland +Date: Tue, 13 Apr 2021 14:23:45 +0200 +Subject: [PATCH] Avoid processing-intensive painting of high number of tiny + dashes + +When stroking a dashed path, an unnecessary amount of processing would +be spent if there is a huge number of dashes visible, e.g. because of +scaling. Since the dashes are too small to be indivdually visible +anyway, just replace with a semi-transparent solid line for such +cases. + +Pick-to: 6.1 6.0 5.15 +Change-Id: I9e9f7861257ad5bce46a0cf113d1a9d7824911e6 +Reviewed-by: Allan Sandfeld Jensen +(cherry picked from commit f4d791b330d02777fcaf02938732892eb3167e9b) + +* asturmlechner 2021-08-21: +Conflict from preceding 94dd2ceb in dev branch: + src/gui/painting/qpaintengineex.cpp + Resolved via: + + if (pen.style() > Qt::SolidLine) { + QRectF cpRect = path.controlPointRect(); + const QTransform &xf = state()->matrix; +- if (pen.isCosmetic()) { ++ if (qt_pen_is_cosmetic(pen, state()->renderHints)){ + clipRect = d->exDeviceRect; + cpRect.translate(xf.dx(), xf.dy()); + } else { + +FTBFS from preceding 471e4fcb in dev branch changing QVector to QList: + Resolved via: + + QRectF extentRect = cpRect.adjusted(-pw, -pw, pw, pw) & clipRect; + qreal extent = qMax(extentRect.width(), extentRect.height()); + qreal patternLength = 0; +- const QList pattern = pen.dashPattern(); ++ const QVector pattern = pen.dashPattern(); + const int patternSize = qMin(pattern.size(), 32); + for (int i = 0; i < patternSize; i++) + patternLength += qMax(pattern.at(i), qreal(0)); + +[Retrieved from: https://invent.kde.org/qt/qt/qtbase/-/commit/081d835c040a90f8ee76807354355062ac521dfb] +Signed-off-by: Quentin Schulz +--- + src/gui/painting/qpaintengineex.cpp | 44 +++++++++++++++---- + .../other/lancelot/scripts/tinydashes.qps | 34 ++++++++++++++ + 2 files changed, 69 insertions(+), 9 deletions(-) + create mode 100644 tests/auto/other/lancelot/scripts/tinydashes.qps + +diff --git a/src/gui/painting/qpaintengineex.cpp b/src/gui/painting/qpaintengineex.cpp +index 5d8f89eadd..55fdb0c2a0 100644 +--- a/src/gui/painting/qpaintengineex.cpp ++++ b/src/gui/painting/qpaintengineex.cpp +@@ -385,7 +385,7 @@ QPainterState *QPaintEngineEx::createState(QPainterState *orig) const + + Q_GUI_EXPORT extern bool qt_scaleForTransform(const QTransform &transform, qreal *scale); // qtransform.cpp + +-void QPaintEngineEx::stroke(const QVectorPath &path, const QPen &pen) ++void QPaintEngineEx::stroke(const QVectorPath &path, const QPen &inPen) + { + #ifdef QT_DEBUG_DRAW + qDebug() << "QPaintEngineEx::stroke()" << pen; +@@ -403,6 +403,38 @@ void QPaintEngineEx::stroke(const QVectorPath &path, const QPen &pen) + d->stroker.setCubicToHook(qpaintengineex_cubicTo); + } + ++ QRectF clipRect; ++ QPen pen = inPen; ++ if (pen.style() > Qt::SolidLine) { ++ QRectF cpRect = path.controlPointRect(); ++ const QTransform &xf = state()->matrix; ++ if (qt_pen_is_cosmetic(pen, state()->renderHints)){ ++ clipRect = d->exDeviceRect; ++ cpRect.translate(xf.dx(), xf.dy()); ++ } else { ++ clipRect = xf.inverted().mapRect(QRectF(d->exDeviceRect)); ++ } ++ // Check to avoid generating unwieldy amount of dashes that will not be visible anyway ++ QRectF extentRect = cpRect & clipRect; ++ qreal extent = qMax(extentRect.width(), extentRect.height()); ++ qreal patternLength = 0; ++ const QVector pattern = pen.dashPattern(); ++ const int patternSize = qMin(pattern.size(), 32); ++ for (int i = 0; i < patternSize; i++) ++ patternLength += qMax(pattern.at(i), qreal(0)); ++ if (pen.widthF()) ++ patternLength *= pen.widthF(); ++ if (qFuzzyIsNull(patternLength)) { ++ pen.setStyle(Qt::NoPen); ++ } else if (extent / patternLength > 10000) { ++ // approximate stream of tiny dashes with semi-transparent solid line ++ pen.setStyle(Qt::SolidLine); ++ QColor color(pen.color()); ++ color.setAlpha(color.alpha() / 2); ++ pen.setColor(color); ++ } ++ } ++ + if (!qpen_fast_equals(pen, d->strokerPen)) { + d->strokerPen = pen; + d->stroker.setJoinStyle(pen.joinStyle()); +@@ -430,14 +462,8 @@ void QPaintEngineEx::stroke(const QVectorPath &path, const QPen &pen) + return; + } + +- if (pen.style() > Qt::SolidLine) { +- if (qt_pen_is_cosmetic(pen, state()->renderHints)){ +- d->activeStroker->setClipRect(d->exDeviceRect); +- } else { +- QRectF clipRect = state()->matrix.inverted().mapRect(QRectF(d->exDeviceRect)); +- d->activeStroker->setClipRect(clipRect); +- } +- } ++ if (!clipRect.isNull()) ++ d->activeStroker->setClipRect(clipRect); + + if (d->activeStroker == &d->stroker) + d->stroker.setForceOpen(path.hasExplicitOpen()); +diff --git a/tests/auto/other/lancelot/scripts/tinydashes.qps b/tests/auto/other/lancelot/scripts/tinydashes.qps +new file mode 100644 +index 0000000000..d41ced7f5f +--- /dev/null ++++ b/tests/auto/other/lancelot/scripts/tinydashes.qps +@@ -0,0 +1,34 @@ ++# Version: 1 ++# CheckVsReference: 5% ++ ++path_addEllipse mypath 20.0 20.0 200.0 200.0 ++ ++save ++setPen blue 20 SolidLine FlatCap ++pen_setCosmetic true ++pen_setDashPattern [ 0.0004 0.0004 ] ++setBrush yellow ++ ++drawPath mypath ++translate 300 0 ++setRenderHint Antialiasing true ++drawPath mypath ++restore ++ ++path_addEllipse bigpath 200000.0 200000.0 2000000.0 2000000.0 ++ ++setPen blue 20 DotLine FlatCap ++setBrush yellow ++ ++save ++translate 0 300 ++scale 0.0001 0.00011 ++drawPath bigpath ++restore ++ ++save ++translate 300 300 ++setRenderHint Antialiasing true ++scale 0.0001 0.00011 ++drawPath bigpath ++restore +-- +2.34.1 + diff --git a/package/qt5/qt5base/0011-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch b/package/qt5/qt5base/0011-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch new file mode 100644 index 0000000000..16e0f20200 --- /dev/null +++ b/package/qt5/qt5base/0011-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch @@ -0,0 +1,37 @@ +From 856d11f695fb6effe26a359f9ad0efdf24067085 Mon Sep 17 00:00:00 2001 +From: Eirik Aavitsland +Date: Fri, 23 Jul 2021 15:53:56 +0200 +Subject: [PATCH] Improve fix for avoiding huge number of tiny dashes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some pathological cases were not caught by the previous fix. + +Fixes: QTBUG-95239 +Pick-to: 6.2 6.1 5.15 +Change-Id: I0337ee3923ff93ccb36c4d7b810a9c0667354cc5 +Reviewed-by: Robert Löhning +(cherry picked from commit 6b400e3147dcfd8cc3a393ace1bd118c93762e0c) +[Retrieved from: https://invent.kde.org/qt/qt/qtbase/-/commit/fed5713eeba5bf8e0ee413cb4e77109bfa7c2bce] +Signed-off-by: Quentin Schulz +--- + src/gui/painting/qpaintengineex.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/gui/painting/qpaintengineex.cpp b/src/gui/painting/qpaintengineex.cpp +index 55fdb0c2a0..19e4b23423 100644 +--- a/src/gui/painting/qpaintengineex.cpp ++++ b/src/gui/painting/qpaintengineex.cpp +@@ -426,7 +426,7 @@ void QPaintEngineEx::stroke(const QVectorPath &path, const QPen &inPen) + patternLength *= pen.widthF(); + if (qFuzzyIsNull(patternLength)) { + pen.setStyle(Qt::NoPen); +- } else if (extent / patternLength > 10000) { ++ } else if (qFuzzyIsNull(extent) || extent / patternLength > 10000) { + // approximate stream of tiny dashes with semi-transparent solid line + pen.setStyle(Qt::SolidLine); + QColor color(pen.color()); +-- +2.34.1 + diff --git a/package/qt5/qt5base/0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch b/package/qt5/qt5base/0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch new file mode 100644 index 0000000000..ca3c2736ae --- /dev/null +++ b/package/qt5/qt5base/0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch @@ -0,0 +1,100 @@ +From 3b1a60f651776a7b2d155803b07a52a9e27bdf78 Mon Sep 17 00:00:00 2001 +From: Eirik Aavitsland +Date: Fri, 30 Jul 2021 13:03:49 +0200 +Subject: [PATCH] Refix for avoiding huge number of tiny dashes + +Previous fix hit too widely so some valid horizontal and vertical +lines were affected; the root problem being that such lines have an +empty control point rect (width or height is 0). Fix by caculating in +the pen width. + +Pick-to: 6.2 6.1 5.15 +Change-Id: I7a436e873f6d485028f6759d0e2c6456f07eebdc +Reviewed-by: Allan Sandfeld Jensen +(cherry picked from commit 84aba80944a2e1c3058d7a1372e0e66676411884) +[Retrieved from: https://invent.kde.org/qt/qt/qtbase/-/commit/427df34efdcb56582a9ae9f7d2d1f39eeff70328] +Signed-off-by: Quentin Schulz +--- + src/gui/painting/qpaintengineex.cpp | 8 ++--- + .../gui/painting/qpainter/tst_qpainter.cpp | 31 +++++++++++++++++++ + 2 files changed, 35 insertions(+), 4 deletions(-) + +diff --git a/src/gui/painting/qpaintengineex.cpp b/src/gui/painting/qpaintengineex.cpp +index 19e4b23423..9fe510827a 100644 +--- a/src/gui/painting/qpaintengineex.cpp ++++ b/src/gui/painting/qpaintengineex.cpp +@@ -415,18 +415,18 @@ void QPaintEngineEx::stroke(const QVectorPath &path, const QPen &inPen) + clipRect = xf.inverted().mapRect(QRectF(d->exDeviceRect)); + } + // Check to avoid generating unwieldy amount of dashes that will not be visible anyway +- QRectF extentRect = cpRect & clipRect; ++ qreal pw = pen.widthF() ? pen.widthF() : 1; ++ QRectF extentRect = cpRect.adjusted(-pw, -pw, pw, pw) & clipRect; + qreal extent = qMax(extentRect.width(), extentRect.height()); + qreal patternLength = 0; + const QVector pattern = pen.dashPattern(); + const int patternSize = qMin(pattern.size(), 32); + for (int i = 0; i < patternSize; i++) + patternLength += qMax(pattern.at(i), qreal(0)); +- if (pen.widthF()) +- patternLength *= pen.widthF(); ++ patternLength *= pw; + if (qFuzzyIsNull(patternLength)) { + pen.setStyle(Qt::NoPen); +- } else if (qFuzzyIsNull(extent) || extent / patternLength > 10000) { ++ } else if (extent / patternLength > 10000) { + // approximate stream of tiny dashes with semi-transparent solid line + pen.setStyle(Qt::SolidLine); + QColor color(pen.color()); +diff --git a/tests/auto/gui/painting/qpainter/tst_qpainter.cpp b/tests/auto/gui/painting/qpainter/tst_qpainter.cpp +index 42e98ce363..d7c3f95f1d 100644 +--- a/tests/auto/gui/painting/qpainter/tst_qpainter.cpp ++++ b/tests/auto/gui/painting/qpainter/tst_qpainter.cpp +@@ -308,6 +308,7 @@ private slots: + void fillPolygon(); + + void drawImageAtPointF(); ++ void scaledDashes(); + + private: + void fillData(); +@@ -5468,6 +5469,36 @@ void tst_QPainter::drawImageAtPointF() + paint.end(); + } + ++void tst_QPainter::scaledDashes() ++{ ++ // Test that we do not hit the limit-huge-number-of-dashes path ++ QRgb fore = qRgb(0, 0, 0xff); ++ QRgb back = qRgb(0xff, 0xff, 0); ++ QImage image(5, 32, QImage::Format_RGB32); ++ image.fill(back); ++ QPainter p(&image); ++ QPen pen(QColor(fore), 3, Qt::DotLine); ++ p.setPen(pen); ++ p.scale(1, 2); ++ p.drawLine(2, 0, 2, 16); ++ p.end(); ++ ++ bool foreFound = false; ++ bool backFound = false; ++ int i = 0; ++ while (i < 32 && (!foreFound || !backFound)) { ++ QRgb pix = image.pixel(3, i); ++ if (pix == fore) ++ foreFound = true; ++ else if (pix == back) ++ backFound = true; ++ i++; ++ } ++ ++ QVERIFY(foreFound); ++ QVERIFY(backFound); ++} ++ + QTEST_MAIN(tst_QPainter) + + #include "tst_qpainter.moc" +-- +2.34.1 + diff --git a/package/qt5/qt5base/qt5base.mk b/package/qt5/qt5base/qt5base.mk index bcdf036f00..4ef3759566 100644 --- a/package/qt5/qt5base/qt5base.mk +++ b/package/qt5/qt5base/qt5base.mk @@ -11,6 +11,10 @@ QT5BASE_SOURCE = qtbase-$(QT5_SOURCE_TARBALL_PREFIX)-$(QT5BASE_VERSION).tar.xz QT5BASE_DEPENDENCIES = host-pkgconf pcre2 zlib QT5BASE_INSTALL_STAGING = YES +# 0010-Avoid-processing-intensive-painting-of-high-number-o.patch +# 0011-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch +QT5BASE_IGNORE_CVES += CVE-2021-38593 + # A few comments: # * -no-pch to workaround the issue described at # http://comments.gmane.org/gmane.comp.lib.qt.devel/5933.