Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package qt6-base for openSUSE:Factory checked in at 2025-07-15 16:42:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/qt6-base (Old) and /work/SRC/openSUSE:Factory/.qt6-base.new.7373 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qt6-base" Tue Jul 15 16:42:23 2025 rev:71 rq:1291918 version:6.9.1 Changes: -------- --- /work/SRC/openSUSE:Factory/qt6-base/qt6-base.changes 2025-06-05 20:32:15.068084042 +0200 +++ /work/SRC/openSUSE:Factory/.qt6-base.new.7373/qt6-base.changes 2025-07-15 16:42:47.913388018 +0200 @@ -1,0 +2,6 @@ +Fri Jul 11 10:11:11 UTC 2025 - Christophe Marin <christo...@krop.fr> + +- Add upstream fix (CVE-2025-5992, boo#1246343) + * 0001-Add-clamping-to-QColorTransferGenericFunction.patch + +------------------------------------------------------------------- New: ---- 0001-Add-clamping-to-QColorTransferGenericFunction.patch ----------(New B)---------- New:- Add upstream fix (CVE-2025-5992, boo#1246343) * 0001-Add-clamping-to-QColorTransferGenericFunction.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ qt6-base.spec ++++++ --- /var/tmp/diff_new_pack.9RI2ik/_old 2025-07-15 16:42:50.201483598 +0200 +++ /var/tmp/diff_new_pack.9RI2ik/_new 2025-07-15 16:42:50.205483766 +0200 @@ -44,6 +44,8 @@ # Patches 0-100 are upstream patches # # PATCH-FIX-UPSTREAM 0001-Rename-variable-being-shadowed.patch alarr...@suse.com -- https://codereview.qt-project.org/c/qt/qtbase/+/638284 Patch0: 0001-Rename-variable-being-shadowed.patch +# CVE-2025-5992 +Patch1: 0001-Add-clamping-to-QColorTransferGenericFunction.patch # Patches 100-200 are openSUSE and/or non-upstream(able) patches # # No need to pollute the library dir with object files, install them in the qt6 subfolder Patch100: 0001-CMake-Install-objects-files-into-ARCHDATADIR.patch ++++++ 0001-Add-clamping-to-QColorTransferGenericFunction.patch ++++++ >From f4822eec1855231f189e5348dffc29299f6edf93 Mon Sep 17 00:00:00 2001 From: Samuel Gaist <samuel.ga...@idiap.ch> Date: Sat, 24 May 2025 21:07:37 +0200 Subject: [PATCH] Add clamping to QColorTransferGenericFunction This ensures that the inputs are within range for the use of these function. Depending on the values passed, they can trigger FE_INVALID errors and thus NaN as return values. This can happen for example when feeding an invalid ICC profile to QColorSpace::fromIccProfile. Credit to OSS-Fuzz Fixes: QTBUG-137159 Pick-to: 6.8 6.5 Change-Id: I435a5768fbb7d3e6cb84d578703e7dde2e39a27e Reviewed-by: Allan Sandfeld Jensen <allan.jen...@qt.io> (cherry picked from commit f12d046383decf8f468de62732c9cff7d4303cbf) Reviewed-by: Qt Cherry-pick Bot <cherrypick_...@qt-project.org> (cherry picked from commit 8706176f8f78df9bf5cc560fb80aefa3fda01d98) --- src/gui/painting/qcolortransfergeneric_p.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/gui/painting/qcolortransfergeneric_p.h b/src/gui/painting/qcolortransfergeneric_p.h index 6caebceb1a4..c2ebd937a44 100644 --- a/src/gui/painting/qcolortransfergeneric_p.h +++ b/src/gui/painting/qcolortransfergeneric_p.h @@ -65,6 +65,7 @@ private: // HLG from linear [0-12] -> [0-1] static float hlgFromLinear(float x) { + x = std::clamp(x, 0.f, 12.f); if (x > 1.f) return m_hlg_a * std::log(x - m_hlg_b) + m_hlg_c; return std::sqrt(x * 0.25f); @@ -73,6 +74,7 @@ private: // HLG to linear [0-1] -> [0-12] static float hlgToLinear(float x) { + x = std::clamp(x, 0.f, 1.f); if (x < 0.5f) return (x * x) * 4.f; return std::exp((x - m_hlg_c) / m_hlg_a) + m_hlg_b; @@ -86,6 +88,7 @@ private: // PQ to linear [0-1] -> [0-64] static float pqToLinear(float e) { + e = std::clamp(e, 0.f, 1.f); // m2-th root of E' const float eRoot = std::pow(e, 1.f / m_pq_m2); // rational transform @@ -99,6 +102,7 @@ private: // PQ from linear [0-64] -> [0-1] static float pqFromLinear(float fd) { + fd = std::clamp(fd, 0.f, 64.f); // scale Fd to Y const float y = fd * (1.f / m_pq_f); // yRoot = Y^m1 -- "root" because m1 is <1 -- 2.50.0
