5 changed files with 84 additions and 262 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/qtsvg-everywhere-opensource-src-5.15.3.tar.xz
+SOURCES/qtsvg-everywhere-opensource-src-5.15.9.tar.xz
--- a/.qt5-qtsvg.metadata
+++ b/.qt5-qtsvg.metadata
@ -0,0 +1 @@
+0e2402a26d18744ef2479bda008ad620a6f45f37 SOURCES/qtsvg-everywhere-opensource-src-5.15.9.tar.xz
--- a/SOURCES/qtsvg-5.15.2-clamp-parsed-doubles-to-float-representtable-values.patch
+++ b/SOURCES/qtsvg-5.15.2-clamp-parsed-doubles-to-float-representtable-values.patch
@ -1,23 +0,0 @@
-diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
-index b3d9aaf..9dac05c 100644
--- a/src/svg/qsvghandler.cpp
-+++ b/src/svg/qsvghandler.cpp
-@@ -673,7 +673,8 @@ static qreal toDouble(const QChar *&str)
-             val = -val;
-     } else {
-         val = QByteArray::fromRawData(temp, pos).toDouble();
-        if (qFpClassify(val) != FP_NORMAL)
-+        // Do not tolerate values too wild to be represented normally by floats
-+        if (qFpClassify(float(val)) != FP_NORMAL)
-             val = 0;
-     }
-     return val;
-@@ -3046,6 +3047,8 @@ static QSvgStyleProperty *createRadialGradientNode(QSvgNode *node,
-         ncy = toDouble(cy);
-     if (!r.isEmpty())
-         nr = toDouble(r);
-+    if (nr < 0.5)
-+        nr = 0.5;
- 
-     qreal nfx = ncx;
-     if (!fx.isEmpty())
--- a/SOURCES/qtsvg-5.15.2-do-strict-error-checking-when-parsing-path-nodes.patch
+++ b/SOURCES/qtsvg-5.15.2-do-strict-error-checking-when-parsing-path-nodes.patch
@ -1,198 +0,0 @@
-diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
-index b3d9aaf..402a71f 100644
--- a/src/svg/qsvghandler.cpp
-+++ b/src/svg/qsvghandler.cpp
-@@ -1614,6 +1614,7 @@ static void pathArc(QPainterPath &path,
-
- static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
- {
-+    const int maxElementCount = 0x7fff; // Assume file corruption if more path elements than this
-     qreal x0 = 0, y0 = 0;              // starting point
-     qreal x = 0, y = 0;                // current point
-     char lastMode = 0;
-@@ -1621,7 +1622,8 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-     const QChar *str = dataStr.constData();
-     const QChar *end = str + dataStr.size();
-
-    while (str != end) {
-+    bool ok = true;
-+    while (ok && str != end) {
-         while (str->isSpace() && (str + 1) != end)
-             ++str;
-         QChar pathElem = *str;
-@@ -1635,14 +1637,13 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-             arg.append(0);//dummy
-         const qreal *num = arg.constData();
-         int count = arg.count();
-        while (count > 0) {
-+        while (ok && count > 0) {
-             qreal offsetX = x;        // correction offsets
-             qreal offsetY = y;        // for relative commands
-             switch (pathElem.unicode()) {
-             case 'm': {
-                 if (count < 2) {
-                    num++;
-                    count--;
-+                    ok = false;
-                     break;
-                 }
-                 x = x0 = num[0] + offsetX;
-@@ -1659,8 +1660,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-                 break;
-             case 'M': {
-                 if (count < 2) {
-                    num++;
-                    count--;
-+                    ok = false;
-                     break;
-                 }
-                 x = x0 = num[0];
-@@ -1686,8 +1686,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-                 break;
-             case 'l': {
-                 if (count < 2) {
-                    num++;
-                    count--;
-+                    ok = false;
-                     break;
-                 }
-                 x = num[0] + offsetX;
-@@ -1700,8 +1699,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-                 break;
-             case 'L': {
-                 if (count < 2) {
-                    num++;
-                    count--;
-+                    ok = false;
-                     break;
-                 }
-                 x = num[0];
-@@ -1741,8 +1739,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-                 break;
-             case 'c': {
-                 if (count < 6) {
-                    num += count;
-                    count = 0;
-+                    ok = false;
-                     break;
-                 }
-                 QPointF c1(num[0] + offsetX, num[1] + offsetY);
-@@ -1758,8 +1755,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-             }
-             case 'C': {
-                 if (count < 6) {
-                    num += count;
-                    count = 0;
-+                    ok = false;
-                     break;
-                 }
-                 QPointF c1(num[0], num[1]);
-@@ -1775,8 +1771,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-             }
-             case 's': {
-                 if (count < 4) {
-                    num += count;
-                    count = 0;
-+                    ok = false;
-                     break;
-                 }
-                 QPointF c1;
-@@ -1797,8 +1792,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-             }
-             case 'S': {
-                 if (count < 4) {
-                    num += count;
-                    count = 0;
-+                    ok = false;
-                     break;
-                 }
-                 QPointF c1;
-@@ -1819,8 +1813,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-             }
-             case 'q': {
-                 if (count < 4) {
-                    num += count;
-                    count = 0;
-+                    ok = false;
-                     break;
-                 }
-                 QPointF c(num[0] + offsetX, num[1] + offsetY);
-@@ -1835,8 +1828,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-             }
-             case 'Q': {
-                 if (count < 4) {
-                    num += count;
-                    count = 0;
-+                    ok = false;
-                     break;
-                 }
-                 QPointF c(num[0], num[1]);
-@@ -1851,8 +1843,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-             }
-             case 't': {
-                 if (count < 2) {
-                    num += count;
-                    count = 0;
-+                    ok = false;
-                     break;
-                 }
-                 QPointF e(num[0] + offsetX, num[1] + offsetY);
-@@ -1872,8 +1863,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-             }
-             case 'T': {
-                 if (count < 2) {
-                    num += count;
-                    count = 0;
-+                    ok = false;
-                     break;
-                 }
-                 QPointF e(num[0], num[1]);
-@@ -1893,8 +1883,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-             }
-             case 'a': {
-                 if (count < 7) {
-                    num += count;
-                    count = 0;
-+                    ok = false;
-                     break;
-                 }
-                 qreal rx = (*num++);
-@@ -1916,8 +1905,7 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-                 break;
-             case 'A': {
-                 if (count < 7) {
-                    num += count;
-                    count = 0;
-+                    ok = false;
-                     break;
-                 }
-                 qreal rx = (*num++);
-@@ -1938,12 +1926,15 @@ static bool parsePathDataFast(const QStringRef &dataStr, QPainterPath &path)
-             }
-                 break;
-             default:
-                return false;
-+                ok = false;
-+                break;
-             }
-             lastMode = pathElem.toLatin1();
-+            if (path.elementCount() > maxElementCount)
-+                ok = false;
-         }
-     }
-    return true;
-+    return ok;
- }
-
- static bool parseStyle(QSvgNode *node,
-@@ -2979,8 +2970,8 @@ static QSvgNode *createPathNode(QSvgNode *parent,
-
-     QPainterPath qpath;
-     qpath.setFillRule(Qt::WindingFill);
-    //XXX do error handling
-    parsePathDataFast(data, qpath);
-+    if (!parsePathDataFast(data, qpath))
-+        qCWarning(lcSvgHandler, "Invalid path data; path truncated.");
-
-     QSvgNode *path = new QSvgPath(parent, qpath);
-     return path;
--- a/SPECS/qt5-qtsvg.spec
+++ b/SPECS/qt5-qtsvg.spec
@ -4,7 +4,7 @@

 Summary: Qt5 - Support for rendering and displaying SVG
 Name:    qt5-%{qt_module}
-Version: 5.15.3
+Version: 5.15.9
 Release: 2%{?dist}

 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
@ -13,11 +13,9 @@ Url:     http://www.qt.io
 %global majmin %(echo %{version} | cut -d. -f1-2)
 Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-opensource-src-%{version}.tar.xz

-# upstream fix
-Patch0: qtsvg-5.15.2-clamp-parsed-doubles-to-float-representtable-values.patch
-Patch1: qtsvg-5.15.2-do-strict-error-checking-when-parsing-path-nodes.patch
-Patch2: qtsvg-CVE-2023-32573.patch
+Patch0:  qtsvg-CVE-2023-32573.patch

+BuildRequires: make
 BuildRequires: qt5-qtbase-devel >= %{version}
 BuildRequires: pkgconfig(zlib)

@ -51,7 +49,6 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
 %{summary}.
 %endif

-
 %prep
 %autosetup -n %{qt_module}-everywhere-src-%{version} -p1

@ -62,27 +59,16 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
 %make_build

 %if 0%{?build_tests}
-make sub-tests %{?_smp_mflags} -k ||:
+%qt5_build_tests
 %endif

-
 %install
 make install INSTALL_ROOT=%{buildroot}

 %if 0%{?build_tests}
-# Install tests for gating
-mkdir -p %{buildroot}%{_qt5_libdir}/qt5
-find ./tests -not -path '*/\.*' -type d | while read LINE
-do
-    mkdir -p "%{buildroot}%{_qt5_libdir}/qt5/$LINE"
-done
-find ./tests -not -path '*/\.*' -not -name '*.h' -not -name '*.cpp' -not -name '*.pro' -not -name 'uic_wrapper.sh' -not -name 'Makefile' -not -name 'target_wrapper.sh' -type f | while read LINE
-do
-    cp -r --parents "$LINE" %{buildroot}%{_qt5_libdir}/qt5/
-done
+%qt5_install_tests
 %endif

-
 ## .prl/.la file love
 # nuke .prl reference(s) to %%buildroot, excessive (.la-like) libs
 pushd %{buildroot}%{_qt5_libdir}
@ -103,13 +89,13 @@ popd
 %{_qt5_libdir}/libQt5Svg.so.5*
 %{_qt5_plugindir}/iconengines/libqsvgicon.so
 %{_qt5_plugindir}/imageformats/libqsvg.so
+%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QSvg*Plugin.cmake

 %files devel
 %{_qt5_headerdir}/QtSvg/
 %{_qt5_libdir}/libQt5Svg.so
 %{_qt5_libdir}/libQt5Svg.prl
 %dir %{_qt5_libdir}/cmake/Qt5Svg/
-%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QSvg*Plugin.cmake
 %{_qt5_libdir}/cmake/Qt5Svg/Qt5SvgConfig*.cmake
 %{_qt5_libdir}/pkgconfig/Qt5Svg.pc
 %{_qt5_archdatadir}/mkspecs/modules/qt_lib_svg*.pri
@ -122,43 +108,99 @@ popd
 %{_qt5_libdir}/qt5/tests
 %endif

-
 %changelog
-* Thu May 18 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.3-2
+* Thu May 18 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-2
 - Fix uninitialized variable usage in m_unitsPerEm (CVE-2023-32573)
-  Resolves: bz#2208141
+  Resolves: bz#2208140
+
+* Tue Apr 18 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-1
+- 5.15.9
+  Resolves: bz#2175742

 * Mon Mar 28 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.3-1
 - 5.15.3
-  Resolves: bz#2061405
+  Resolves: bz#2061369

-* Wed Jan 12 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.2-4
+* Tue Jan 11 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.2-8
 - Fix out-of-bound write that may lead to DoS
-  Resolves: bz#2038487
+  Resolves: bz#2038488

-* Wed Apr 28 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-3
- Rebuild (binutils)
-  Resolves: bz#1930055
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 5.15.2-7
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688

-* Thu Apr 08 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-2
- Fix out of bounds read in function QRadialFetchSimd from crafted svg file
-  Resolves: bz#1945643
+* Wed Jun 09 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-6
+- Add gating tests
+  Resolves: bz#1968474

-* Mon Apr 05 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-1
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.15.2-5
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Mar 09 2021 Than Ngo <than@redhat.com> - 5.15.2-4
+- Resolves: #1931447, Out of bounds read in function QRadialFetchSimd from crafted svg file
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.15.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Nov 24 07:54:16 CET 2020 Jan Grulich <jgrulich@redhat.com> - 5.15.2-2
+- Rebuild for qtbase with -no-reduce-relocations option
+
+* Fri Nov 20 09:30:47 CET 2020 Jan Grulich <jgrulich@redhat.com> - 5.15.2-1
 - 5.15.2
-  Resolves: bz#1930055

-* Mon Nov 18 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.5-1
+* Thu Sep 10 2020 Jan Grulich <jgrulich@redhat.com> - 5.15.1-1
+- 5.15.1
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.14.2-3
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.14.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Sat Apr 04 2020 Rex Dieter <rdieter@fedoraproject.org> - 5.14.2-1
+- 5.14.2
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.13.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Dec 09 2019 Jan Grulich <jgrulich@redhat.com> - 5.13.2-1
+- 5.13.2
+
+* Tue Sep 24 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.5-1
 - 5.12.5
-  Resolves: bz#1733151

-* Mon Dec 10 2018 Jan Grulich <jgrulich@redhat.com> - 5.11.1-2
- Rebuild to fix CET notes
-  Resolves: bz#1657241
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.12.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

-* Tue Jul 03 2018 Jan Grulich <jgrulich@redhat.com> - 5.11.1-1
+* Fri Jun 14 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.4-1
+- 5.12.4
+
+* Tue Jun 04 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.3-1
+- 5.12.3
+
+* Fri Feb 15 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.12.1-1
+- 5.12.1
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.11.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Dec 07 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.11.3-1
+- 5.11.3
+
+* Fri Sep 21 2018 Jan Grulich <jgrulich@redhat.com> - 5.11.2-1
+- 5.11.2
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.11.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Jun 20 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.11.1-1
 - 5.11.1

+* Sun May 27 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.11.0-1
+- 5.11.0
+- use %%make_build %%ldconfig_scriptlets
+
 * Wed Feb 14 2018 Jan Grulich <jgrulich@redhat.com> - 5.10.1-1
 - 5.10.1
				`@ -0,0 +1 @@`
				`0e2402a26d18744ef2479bda008ad620a6f45f37 SOURCES/qtsvg-everywhere-opensource-src-5.15.9.tar.xz`