diff --git a/SOURCES/qtsvg-CVE-2023-32573.patch b/SOURCES/qtsvg-CVE-2023-32573.patch new file mode 100644 index 0000000..0554756 --- /dev/null +++ b/SOURCES/qtsvg-CVE-2023-32573.patch @@ -0,0 +1,34 @@ +--- a/src/svg/qsvgfont_p.h ++++ b/src/svg/qsvgfont_p.h +@@ -74,6 +74,7 @@ public: + class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted + { + public: ++ static constexpr qreal DEFAULT_UNITS_PER_EM = 1000; + QSvgFont(qreal horizAdvX); + + void setFamilyName(const QString &name); +@@ -86,9 +87,7 @@ public: + void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const; + public: + QString m_familyName; +- qreal m_unitsPerEm; +- qreal m_ascent; +- qreal m_descent; ++ qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM; + qreal m_horizAdvX; + QHash m_glyphs; + }; + + +--- a/src/svg/qsvghandler.cpp ++++ b/src/svg/qsvghandler.cpp +@@ -2668,7 +2668,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent, + + qreal unitsPerEm = toDouble(unitsPerEmStr); + if (!unitsPerEm) +- unitsPerEm = 1000; ++ unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM; + + if (!name.isEmpty()) + font->setFamilyName(name); diff --git a/SPECS/qt5-qtsvg.spec b/SPECS/qt5-qtsvg.spec index b5f8488..20da649 100644 --- a/SPECS/qt5-qtsvg.spec +++ b/SPECS/qt5-qtsvg.spec @@ -4,20 +4,16 @@ Summary: Qt5 - Support for rendering and displaying SVG Name: qt5-%{qt_module} -Version: 5.15.2 -Release: 8%{?dist} +Version: 5.15.9 +Release: 2%{?dist} # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions Url: http://www.qt.io %global majmin %(echo %{version} | cut -d. -f1-2) -Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz +Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-opensource-src-%{version}.tar.xz -# upstream fix -Patch0: qtsvg-5.15.2-clamp-parsed-doubles-to-float-representtable-values.patch - -# CVE-2021-45930 qt5-qtsvg: qt: out-of-bounds write may lead to DoS -Patch1: qtsvg-do-stricter-error-checking-when-parsing-path-nodes.patch +Patch0: qtsvg-CVE-2023-32573.patch BuildRequires: make BuildRequires: qt5-qtbase-devel >= %{version} @@ -113,6 +109,18 @@ popd %endif %changelog +* Thu May 18 2023 Jan Grulich - 5.15.9-2 +- Fix uninitialized variable usage in m_unitsPerEm (CVE-2023-32573) + Resolves: bz#2208140 + +* Tue Apr 18 2023 Jan Grulich - 5.15.9-1 +- 5.15.9 + Resolves: bz#2175742 + +* Mon Mar 28 2022 Jan Grulich - 5.15.3-1 +- 5.15.3 + Resolves: bz#2061369 + * Tue Jan 11 2022 Jan Grulich - 5.15.2-8 - Fix out-of-bound write that may lead to DoS Resolves: bz#2038488