Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package qt6-svg for openSUSE:Factory checked in at 2023-05-11 12:34:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/qt6-svg (Old) and /work/SRC/openSUSE:Factory/.qt6-svg.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qt6-svg" Thu May 11 12:34:23 2023 rev:22 rq:1086202 version:6.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/qt6-svg/qt6-svg.changes 2023-04-05 21:37:07.667072802 +0200 +++ /work/SRC/openSUSE:Factory/.qt6-svg.new.1533/qt6-svg.changes 2023-05-11 12:34:58.987144483 +0200 @@ -1,0 +2,6 @@ +Thu May 11 08:39:38 UTC 2023 - Christophe Marin <christo...@krop.fr> + +- Add upstream change (boo#1211298, CVE-2023-32573): + * CVE-2023-32573-qtsvg-6.5.diff + +------------------------------------------------------------------- New: ---- CVE-2023-32573-qtsvg-6.5.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ qt6-svg.spec ++++++ --- /var/tmp/diff_new_pack.d8VI6S/_old 2023-05-11 12:34:59.395146488 +0200 +++ /var/tmp/diff_new_pack.d8VI6S/_new 2023-05-11 12:34:59.399146508 +0200 @@ -34,6 +34,8 @@ URL: https://www.qt.io Source: https://download.qt.io/official_releases/qt/%{short_version}/%{real_version}%{tar_suffix}/submodules/%{tar_name}-%{real_version}%{tar_suffix}.tar.xz Source99: qt6-svg-rpmlintrc +# PATCH-FIX-UPSTREAM +Patch0: CVE-2023-32573-qtsvg-6.5.diff BuildRequires: pkgconfig BuildRequires: qt6-core-private-devel BuildRequires: qt6-gui-private-devel ++++++ CVE-2023-32573-qtsvg-6.5.diff ++++++ >From ff22c3ccf8ccf813fdcfda23f7740ba73ba5ce0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20L=C3=B6hning?= <robert.loehn...@qt.io> Date: Mon, 24 Apr 2023 15:27:17 +0200 Subject: [PATCH] QSvgFont: Initialize used member, remove unused Credit to OSS-Fuzz [ChangeLog][QtSvg] Fixed undefined behavior from using uninitialized variable. Pick-to: 6.5 6.2 5.15 Coverity-Id: 22618 Change-Id: Id52277bb0e2845f4d342e187dbb8093e9276b70c Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfe...@qt.io> --- src/svg/qsvgfont_p.h | 5 ++--- src/svg/qsvghandler.cpp | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/svg/qsvgfont_p.h b/src/svg/qsvgfont_p.h index a7cc98b..9cf3dfe 100644 --- a/src/svg/qsvgfont_p.h +++ b/src/svg/qsvgfont_p.h @@ -38,6 +38,7 @@ public: class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted { public: + static constexpr qreal DEFAULT_UNITS_PER_EM = 1000; QSvgFont(qreal horizAdvX); void setFamilyName(const QString &name); @@ -50,9 +51,7 @@ public: void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const; public: QString m_familyName; - qreal m_unitsPerEm; - qreal m_ascent; - qreal m_descent; + qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM; qreal m_horizAdvX; QHash<QChar, QSvgGlyph> m_glyphs; }; diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp index 29ca733..a891848 100644 --- a/src/svg/qsvghandler.cpp +++ b/src/svg/qsvghandler.cpp @@ -2622,7 +2622,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent, qreal unitsPerEm = toDouble(unitsPerEmStr); if (!unitsPerEm) - unitsPerEm = 1000; + unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM; if (!name.isEmpty()) font->setFamilyName(name); -- 2.40.1
