import qt5-qtsvg-5.15.2-2.el8

.gitignore

@@ -1 +1 @@
-SOURCES/qtsvg-everywhere-src-5.12.5.tar.xz
+SOURCES/qtsvg-everywhere-src-5.15.2.tar.xz

.qt5-qtsvg.metadata

@@ -1 +1 @@
-184fdb57865e3a42da4f3afc7bb17f9423663d15 SOURCES/qtsvg-everywhere-src-5.12.5.tar.xz
+08531b47924078cbde6dfbf56da83651d58f6a13 SOURCES/qtsvg-everywhere-src-5.15.2.tar.xz

SOURCES/qtsvg-CVE-2021-3481-clamp-parsed-doubles-to-float-representable-values.patch

@@ -0,0 +1,39 @@
+From bfd6ee0d8cf34b63d32adf10ed93daa0086b359f Mon Sep 17 00:00:00 2001
+From: Allan Sandfeld Jensen <allan.jensen@qt.io>
+Date: Thu, 04 Mar 2021 14:28:48 +0100
+Subject: [PATCH] Clamp parsed doubles to float representable values
+
+Parts of our rendering assumes incoming doubles can still be sane
+floats.
+
+Pick-to: 6.1 6.0 5.15 5.12
+Fixes: QTBUG-91507
+Change-Id: I7086a121e1b5ed47695a1251ea90e774dd8f148d
+Reviewed-by: Robert Löhning <robert.loehning@qt.io>
+Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
+Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
+---
+
+diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
+index c937254..c88b6cc 100644
+--- a/src/svg/qsvghandler.cpp
++++ b/src/svg/qsvghandler.cpp
+@@ -672,6 +672,9 @@ static qreal toDouble(const QChar *&str)
+             val = -val;
+     } else {
+         val = QByteArray::fromRawData(temp, pos).toDouble();
++        // Do not tolerate values too wild to be represented normally by floats
++        if (std::fpclassify(float(val)) != FP_NORMAL)
++            val = 0;
+     }
+     return val;
+ 
+@@ -3043,6 +3046,8 @@ static QSvgStyleProperty *createRadialGradientNode(QSvgNode *node,
+         ncy = toDouble(cy);
+     if (!r.isEmpty())
+         nr = toDouble(r);
++    if (nr < 0.5)
++        nr = 0.5;
+ 
+     qreal nfx = ncx;
+     if (!fx.isEmpty())

SPECS/qt5-qtsvg.spec

@@ -4,8 +4,8 @@
 
 Summary: Qt5 - Support for rendering and displaying SVG
 Name:    qt5-%{qt_module}
-Version: 5.12.5
+Version: 5.15.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: LGPLv2 with exceptions or GPLv3 with exceptions
@@ -13,6 +13,8 @@ Url:     http://www.qt.io
 %global majmin %(echo %{version} | cut -d. -f1-2)
 Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz
 
+# Security fixes
+Patch100: qtsvg-CVE-2021-3481-clamp-parsed-doubles-to-float-representable-values.patch
 
 BuildRequires: qt5-qtbase-devel >= %{version}
 BuildRequires: pkgconfig(zlib)
@@ -99,13 +101,13 @@ popd
 %{_qt5_libdir}/libQt5Svg.so.5*
 %{_qt5_plugindir}/iconengines/libqsvgicon.so
 %{_qt5_plugindir}/imageformats/libqsvg.so
-%dir %{_qt5_libdir}/cmake/Qt5Svg/
-%{_qt5_libdir}/cmake/Qt5Svg/Qt5Svg_*Plugin.cmake
 
 %files devel
 %{_qt5_headerdir}/QtSvg/
 %{_qt5_libdir}/libQt5Svg.so
 %{_qt5_libdir}/libQt5Svg.prl
+%dir %{_qt5_libdir}/cmake/Qt5Svg/
+%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QSvg*Plugin.cmake
 %{_qt5_libdir}/cmake/Qt5Svg/Qt5SvgConfig*.cmake
 %{_qt5_libdir}/pkgconfig/Qt5Svg.pc
 %{_qt5_archdatadir}/mkspecs/modules/qt_lib_svg*.pri
@@ -120,6 +122,14 @@ popd
 
 
 %changelog
+* Thu Apr 08 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-2
+- Fix out of bounds read in function QRadialFetchSimd from crafted svg file
+  Resolves: bz#1945643
+
+* Mon Apr 05 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-1
+- 5.15.2
+  Resolves: bz#1930055
+
 * Mon Nov 18 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.5-1
 - 5.12.5
   Resolves: bz#1733151