commit 8508223e020ea4e3d8b067971a9e0d9abf198a8a Author: MSVSphere Packaging Team Date: Fri Sep 22 20:01:29 2023 +0300 import qt5-qtsvg-5.15.9-2.el9 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9436774 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/qtsvg-everywhere-opensource-src-5.15.9.tar.xz diff --git a/.qt5-qtsvg.metadata b/.qt5-qtsvg.metadata new file mode 100644 index 0000000..1dd0734 --- /dev/null +++ b/.qt5-qtsvg.metadata @@ -0,0 +1 @@ +0e2402a26d18744ef2479bda008ad620a6f45f37 SOURCES/qtsvg-everywhere-opensource-src-5.15.9.tar.xz diff --git a/SOURCES/qtsvg-CVE-2023-32573.patch b/SOURCES/qtsvg-CVE-2023-32573.patch new file mode 100644 index 0000000..0554756 --- /dev/null +++ b/SOURCES/qtsvg-CVE-2023-32573.patch @@ -0,0 +1,34 @@ +--- a/src/svg/qsvgfont_p.h ++++ b/src/svg/qsvgfont_p.h +@@ -74,6 +74,7 @@ public: + class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted + { + public: ++ static constexpr qreal DEFAULT_UNITS_PER_EM = 1000; + QSvgFont(qreal horizAdvX); + + void setFamilyName(const QString &name); +@@ -86,9 +87,7 @@ public: + void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const; + public: + QString m_familyName; +- qreal m_unitsPerEm; +- qreal m_ascent; +- qreal m_descent; ++ qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM; + qreal m_horizAdvX; + QHash m_glyphs; + }; + + +--- a/src/svg/qsvghandler.cpp ++++ b/src/svg/qsvghandler.cpp +@@ -2668,7 +2668,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent, + + qreal unitsPerEm = toDouble(unitsPerEmStr); + if (!unitsPerEm) +- unitsPerEm = 1000; ++ unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM; + + if (!name.isEmpty()) + font->setFamilyName(name); diff --git a/SPECS/qt5-qtsvg.spec b/SPECS/qt5-qtsvg.spec new file mode 100644 index 0000000..20da649 --- /dev/null +++ b/SPECS/qt5-qtsvg.spec @@ -0,0 +1,404 @@ +%global qt_module qtsvg + +%global build_tests 1 + +Summary: Qt5 - Support for rendering and displaying SVG +Name: qt5-%{qt_module} +Version: 5.15.9 +Release: 2%{?dist} + +# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details +License: LGPLv2 with exceptions or GPLv3 with exceptions +Url: http://www.qt.io +%global majmin %(echo %{version} | cut -d. -f1-2) +Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-opensource-src-%{version}.tar.xz + +Patch0: qtsvg-CVE-2023-32573.patch + +BuildRequires: make +BuildRequires: qt5-qtbase-devel >= %{version} +BuildRequires: pkgconfig(zlib) + +BuildRequires: qt5-qtbase-private-devel +%{?_qt5:Requires: %{_qt5}%{?_isa} = %{_qt5_version}} + +%description +Scalable Vector Graphics (SVG) is an XML-based language for describing +two-dimensional vector graphics. Qt provides classes for rendering and +displaying SVG drawings in widgets and on other paint devices. + +%package devel +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: qt5-qtbase-devel%{?_isa} +%description devel +%{summary}. + +%package examples +Summary: Programming examples for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +%description examples +%{summary}. + +%if 0%{?build_tests} +%package tests +Summary: Unit tests for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description tests +%{summary}. +%endif + +%prep +%autosetup -n %{qt_module}-everywhere-src-%{version} -p1 + + +%build +%{qmake_qt5} + +%make_build + +%if 0%{?build_tests} +%qt5_build_tests +%endif + +%install +make install INSTALL_ROOT=%{buildroot} + +%if 0%{?build_tests} +%qt5_install_tests +%endif + +## .prl/.la file love +# nuke .prl reference(s) to %%buildroot, excessive (.la-like) libs +pushd %{buildroot}%{_qt5_libdir} +for prl_file in libQt5*.prl ; do + sed -i -e "/^QMAKE_PRL_BUILD_DIR/d" ${prl_file} + if [ -f "$(basename ${prl_file} .prl).so" ]; then + rm -fv "$(basename ${prl_file} .prl).la" + sed -i -e "/^QMAKE_PRL_LIBS/d" ${prl_file} + fi +done +popd + + +%ldconfig_scriptlets + +%files +%license LICENSE.* +%{_qt5_libdir}/libQt5Svg.so.5* +%{_qt5_plugindir}/iconengines/libqsvgicon.so +%{_qt5_plugindir}/imageformats/libqsvg.so +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QSvg*Plugin.cmake + +%files devel +%{_qt5_headerdir}/QtSvg/ +%{_qt5_libdir}/libQt5Svg.so +%{_qt5_libdir}/libQt5Svg.prl +%dir %{_qt5_libdir}/cmake/Qt5Svg/ +%{_qt5_libdir}/cmake/Qt5Svg/Qt5SvgConfig*.cmake +%{_qt5_libdir}/pkgconfig/Qt5Svg.pc +%{_qt5_archdatadir}/mkspecs/modules/qt_lib_svg*.pri + +%files examples +%{_qt5_examplesdir}/ + +%if 0%{?build_tests} +%files tests +%{_qt5_libdir}/qt5/tests +%endif + +%changelog +* Thu May 18 2023 Jan Grulich - 5.15.9-2 +- Fix uninitialized variable usage in m_unitsPerEm (CVE-2023-32573) + Resolves: bz#2208140 + +* Tue Apr 18 2023 Jan Grulich - 5.15.9-1 +- 5.15.9 + Resolves: bz#2175742 + +* Mon Mar 28 2022 Jan Grulich - 5.15.3-1 +- 5.15.3 + Resolves: bz#2061369 + +* Tue Jan 11 2022 Jan Grulich - 5.15.2-8 +- Fix out-of-bound write that may lead to DoS + Resolves: bz#2038488 + +* Tue Aug 10 2021 Mohan Boddu - 5.15.2-7 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jun 09 2021 Jan Grulich - 5.15.2-6 +- Add gating tests + Resolves: bz#1968474 + +* Fri Apr 16 2021 Mohan Boddu - 5.15.2-5 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Mar 09 2021 Than Ngo - 5.15.2-4 +- Resolves: #1931447, Out of bounds read in function QRadialFetchSimd from crafted svg file + +* Wed Jan 27 2021 Fedora Release Engineering - 5.15.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Nov 24 07:54:16 CET 2020 Jan Grulich - 5.15.2-2 +- Rebuild for qtbase with -no-reduce-relocations option + +* Fri Nov 20 09:30:47 CET 2020 Jan Grulich - 5.15.2-1 +- 5.15.2 + +* Thu Sep 10 2020 Jan Grulich - 5.15.1-1 +- 5.15.1 + +* Sat Aug 01 2020 Fedora Release Engineering - 5.14.2-3 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 5.14.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Sat Apr 04 2020 Rex Dieter - 5.14.2-1 +- 5.14.2 + +* Thu Jan 30 2020 Fedora Release Engineering - 5.13.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Dec 09 2019 Jan Grulich - 5.13.2-1 +- 5.13.2 + +* Tue Sep 24 2019 Jan Grulich - 5.12.5-1 +- 5.12.5 + +* Fri Jul 26 2019 Fedora Release Engineering - 5.12.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Jun 14 2019 Jan Grulich - 5.12.4-1 +- 5.12.4 + +* Tue Jun 04 2019 Jan Grulich - 5.12.3-1 +- 5.12.3 + +* Fri Feb 15 2019 Rex Dieter - 5.12.1-1 +- 5.12.1 + +* Sat Feb 02 2019 Fedora Release Engineering - 5.11.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Dec 07 2018 Rex Dieter - 5.11.3-1 +- 5.11.3 + +* Fri Sep 21 2018 Jan Grulich - 5.11.2-1 +- 5.11.2 + +* Sat Jul 14 2018 Fedora Release Engineering - 5.11.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jun 20 2018 Rex Dieter - 5.11.1-1 +- 5.11.1 + +* Sun May 27 2018 Rex Dieter - 5.11.0-1 +- 5.11.0 +- use %%make_build %%ldconfig_scriptlets + +* Wed Feb 14 2018 Jan Grulich - 5.10.1-1 +- 5.10.1 + +* Fri Feb 09 2018 Fedora Release Engineering - 5.10.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Dec 19 2017 Jan Grulich - 5.10.0-1 +- 5.10.0 + +* Thu Nov 23 2017 Jan Grulich - 5.9.3-1 +- 5.9.3 + +* Mon Oct 09 2017 Jan Grulich - 5.9.2-1 +- 5.9.2 + +* Thu Aug 03 2017 Fedora Release Engineering - 5.9.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 5.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Jul 19 2017 Rex Dieter - 5.9.1-1 +- 5.9.1 + +* Fri Jun 16 2017 Rex Dieter - 5.9.0-3 +- drop shadow/out-of-tree builds (#1456211,QTBUG-37417) + +* Fri Jun 02 2017 Rex Dieter - 5.9.0-2 +- use macros in Source0, apply examples patch, +whitespace between .spec sections + +* Wed May 31 2017 Helio Chissini de Castro - 5.9.0-1 +- Upstream official release + +* Fri May 26 2017 Helio Chissini de Castro - 5.9.0-0.1.rc +- Upstream Release Candidate retagged + +* Wed May 24 2017 Helio Chissini de Castro - 5.9.0-0.rc.1 +- Upstream Release Candidate 1 + +* Fri May 05 2017 Helio Chissini de Castro - 5.9.0-0.beta.3 +- New upstream beta3 release + +* Sun Apr 16 2017 Helio Chissini de Castro - 5.9.0-0.beta.1 +- New upstream beta release + +* Mon Apr 03 2017 Rex Dieter - 5.8.0-2 +- build -doc unconditionally + +* Mon Jan 30 2017 Helio Chissini de Castro - 5.8.0-1 +- New upstream version + +* Sat Dec 10 2016 Rex Dieter - 5.7.1-2 +- 5.7.1 dec5 snapshot +- drop BR: cmake (handled by qt5-rpm-macros now) +- BR: qt5-qtbase-private-devel + +* Wed Nov 09 2016 Helio Chissini de Castro - 5.7.1-1 +- New upstream version + +* Mon Jul 04 2016 Helio Chissini de Castro - 5.7.0-2 +- Compiled with gcc + +* Tue Jun 14 2016 Helio Chissini de Castro - 5.7.0-1 +- Qt 5.7.0 release + +* Thu Jun 09 2016 Jan Grulich - 5.6.1-1 +- Update to 5.6.1 + +* Sun Mar 20 2016 Rex Dieter - 5.6.0-3 +- rebuild + +* Fri Mar 18 2016 Rex Dieter - 5.6.0-2 +- rebuild + +* Mon Mar 14 2016 Helio Chissini de Castro - 5.6.0-1 +- 5.6.0 final release + +* Tue Feb 23 2016 Helio Chissini de Castro - 5.6.0-0.8.rc +- Update to final RC + +* Mon Feb 15 2016 Helio Chissini de Castro - 5.6.0-0.7 +- Update RC release + +* Thu Feb 04 2016 Fedora Release Engineering - 5.6.0-0.6.beta3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Dec 28 2015 Rex Dieter 5.6.0-0.5.beta3 +- update source URL, BR: cmake, use %%license + +* Mon Dec 21 2015 Helio Chissini de Castro - 5.6.0-0.4 +- Update to final beta3 release + +* Thu Dec 10 2015 Helio Chissini de Castro - 5.6.0-0.3 +- Official beta3 release + +* Mon Dec 07 2015 Jan Grulich - 5.6.0-0.2 +- (re)add bootstrap macro support + +* Tue Nov 03 2015 Helio Chissini de Castro - 5.6.0-0.1 +- Start to implement 5.6.0 beta3 + +* Thu Oct 15 2015 Helio Chissini de Castro - 5.5.1-2 +- Update to final release 5.5.1 + +* Tue Sep 29 2015 Helio Chissini de Castro - 5.5.1-1 +- Update to Qt 5.5.1 RC1 + +* Wed Jul 29 2015 Rex Dieter 5.5.0-3 +- -docs: BuildRequires: qt5-qhelpgenerator, standardize bootstrapping + +* Thu Jul 16 2015 Rex Dieter 5.5.0-2 +- tighten qtbase dep (#1233829) + +* Wed Jul 1 2015 Helio Chissini de Castro 5.5.0-1 +- New final upstream release Qt 5.5.0 + +* Thu Jun 25 2015 Helio Chissini de Castro - 5.5.0-0.2.rc +- Update for official RC1 released packages + +* Wed Jun 17 2015 Daniel Vrátil - 5.5.0-0.1.rc +- Qt 5.5.0 RC1 + +* Wed Jun 03 2015 Jan Grulich - 5.4.2-1 +- 5.4.2 + +* Sat May 02 2015 Kalev Lember - 5.4.1-3 +- Rebuilt for GCC 5 C++11 ABI change + +* Fri Feb 27 2015 Rex Dieter - 5.4.1-2 +- rebuild (gcc5) + +* Tue Feb 24 2015 Jan Grulich 5.4.1-1 +- 5.4.1 + +* Wed Dec 10 2014 Rex Dieter 5.4.0-1 +- 5.4.0 (final) + +* Fri Nov 28 2014 Rex Dieter 5.4.0-0.3.rc +- 5.4.0-rc + +* Mon Nov 03 2014 Rex Dieter 5.4.0-0.2.beta3 +- out-of-tree build, use %%qmake_qt5 + +* Sun Oct 19 2014 Rex Dieter 5.4.0-0.1.beta3 +- 5.4.0-beta3 + +* Wed Sep 17 2014 Rex Dieter - 5.3.2-1 +- 5.3.2 + +* Sun Aug 17 2014 Fedora Release Engineering - 5.3.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Jun 17 2014 Jan Grulich - 5.3.1-1 +- 5.3.1 + +* Sun Jun 08 2014 Fedora Release Engineering - 5.3.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 21 2014 Jan Grulich 5.3.0-1 +- 5.3.0 + +* Mon May 05 2014 Rex Dieter 5.2.1-2 +- use standard (same as qtbase) .prl sanitation + +* Thu Feb 06 2014 Rex Dieter 5.2.1-1 +- 5.2.1 + +* Mon Jan 27 2014 Rex Dieter 5.2.0-2 +- -examples subpkg + +* Thu Dec 12 2013 Rex Dieter 5.2.0-1 +- 5.2.0 + +* Fri Dec 06 2013 Rex Dieter 5.2.0-0.11.rc1 +- rebuild + +* Mon Dec 02 2013 Rex Dieter 5.2.0-0.10.rc1 +- 5.2.0-rc1 + +* Sun Nov 10 2013 Rex Dieter 5.2.0-0.4.beta31 +- rebuild (arm/qreal) + +* Thu Oct 24 2013 Rex Dieter 5.2.0-0.3.beta31 +- 5.2.0-beta31 + +* Wed Oct 16 2013 Rex Dieter 5.2.0-0.2.alpha +- ppc bootstrap + +* Wed Oct 02 2013 Rex Dieter 5.2.0-0.1.alpha +- 5.2.0-alpha +- -doc subpkg + +* Wed Aug 28 2013 Rex Dieter 5.1.1-1 +- 5.1.1 + +* Thu Apr 11 2013 Rex Dieter 5.0.2-1 +- 5.0.2 + +* Sat Feb 23 2013 Rex Dieter 5.0.1-1 +- first try +