Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/qt5-qtsvg.git#9b6d76819193e3a88471c40e2c86a7a97ed8162f
2021-03-24 23:30:28 +00:00 · 2021-03-24 23:30:28 +00:00 · 33aca277bc
commit 33aca277bc
parent 59722001f9
2 changed files with 37 additions and 1 deletions
--- a/qt5-qtsvg.spec
+++ b/qt5-qtsvg.spec
@ -3,7 +3,7 @@
 Summary: Qt5 - Support for rendering and displaying SVG
 Name:    qt5-%{qt_module}
 Version: 5.15.2
-Release: 3%{?dist}
+Release: 4%{?dist}

 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -11,6 +11,9 @@ Url:     http://www.qt.io
 %global majmin %(echo %{version} | cut -d. -f1-2)
 Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz

+# upstream fix
+Patch0: qtsvg-5.15.2-clamp-parsed-doubles-to-float-representtable-values.patch
+
 BuildRequires: make
 BuildRequires: qt5-qtbase-devel >= %{version}
 BuildRequires: pkgconfig(zlib)
@ -86,6 +89,9 @@ popd


 %changelog
+* Tue Mar 09 2021 Than Ngo <than@redhat.com> - 5.15.2-4
+- Resolves: #1931447, Out of bounds read in function QRadialFetchSimd from crafted svg file
+
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.15.2-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

--- a/qtsvg-5.15.2-clamp-parsed-doubles-to-float-representtable-values.patch
+++ b/qtsvg-5.15.2-clamp-parsed-doubles-to-float-representtable-values.patch
@ -0,0 +1,30 @@
+diff -up qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp.orig qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp
+--- qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp.orig	2020-10-27 09:02:11.000000000 +0100
+++ qtsvg-everywhere-src-5.15.2/src/svg/qsvghandler.cpp	2021-03-09 17:48:50.187425243 +0100
+@@ -65,6 +65,7 @@
+ #include "private/qmath_p.h"
+ 
+ #include "float.h"
+#include <cmath>
+ 
+ QT_BEGIN_NAMESPACE
+ 
+@@ -672,6 +673,9 @@ static qreal toDouble(const QChar *&str)
+             val = -val;
+     } else {
+         val = QByteArray::fromRawData(temp, pos).toDouble();
+        // Do not tolerate values too wild to be represented normally by floats
+        if (std::fpclassify(float(val)) != FP_NORMAL)
+            val = 0;
+     }
+     return val;
+ 
+@@ -3043,6 +3047,8 @@ static QSvgStyleProperty *createRadialGr
+         ncy = toDouble(cy);
+     if (!r.isEmpty())
+         nr = toDouble(r);
+    if (nr < 0.5)
+        nr = 0.5;
+ 
+     qreal nfx = ncx;
+     if (!fx.isEmpty())