From 9d96753b1336d08a194ebcf8ccfc38c48fa525982b0fafc8e339ad344e67f5cb Mon Sep 17 00:00:00 2001
From: Luca Beltrame <lbeltrame@kde.org>
Date: Fri, 26 May 2023 05:58:56 +0000
Subject: [PATCH] Qt 6.5.1

OBS-URL: https://build.opensuse.org/package/show/KDE:Qt6/qt6-svg?expand=0&rev=34
---
 CVE-2023-32573-qtsvg-6.5.diff     | 58 -------------------------------
 qt6-svg.changes                   |  8 +++++
 qt6-svg.spec                      |  6 ++--
 qtsvg-everywhere-src-6.5.0.tar.xz |  3 --
 qtsvg-everywhere-src-6.5.1.tar.xz |  3 ++
 5 files changed, 13 insertions(+), 65 deletions(-)
 delete mode 100644 CVE-2023-32573-qtsvg-6.5.diff
 delete mode 100644 qtsvg-everywhere-src-6.5.0.tar.xz
 create mode 100644 qtsvg-everywhere-src-6.5.1.tar.xz

diff --git a/CVE-2023-32573-qtsvg-6.5.diff b/CVE-2023-32573-qtsvg-6.5.diff
deleted file mode 100644
index d8fc36f..0000000
--- a/CVE-2023-32573-qtsvg-6.5.diff
+++ /dev/null
@@ -1,58 +0,0 @@
-From ff22c3ccf8ccf813fdcfda23f7740ba73ba5ce0a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Robert=20L=C3=B6hning?= <robert.loehning@qt.io>
-Date: Mon, 24 Apr 2023 15:27:17 +0200
-Subject: [PATCH] QSvgFont: Initialize used member, remove unused
-
-Credit to OSS-Fuzz
-
-[ChangeLog][QtSvg] Fixed undefined behavior from using uninitialized
-variable.
-
-Pick-to: 6.5 6.2 5.15
-Coverity-Id: 22618
-Change-Id: Id52277bb0e2845f4d342e187dbb8093e9276b70c
-Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
----
- src/svg/qsvgfont_p.h    | 5 ++---
- src/svg/qsvghandler.cpp | 2 +-
- 2 files changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/src/svg/qsvgfont_p.h b/src/svg/qsvgfont_p.h
-index a7cc98b..9cf3dfe 100644
---- a/src/svg/qsvgfont_p.h
-+++ b/src/svg/qsvgfont_p.h
-@@ -38,6 +38,7 @@ public:
- class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted
- {
- public:
-+    static constexpr qreal DEFAULT_UNITS_PER_EM = 1000;
-     QSvgFont(qreal horizAdvX);
- 
-     void setFamilyName(const QString &name);
-@@ -50,9 +51,7 @@ public:
-     void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const;
- public:
-     QString m_familyName;
--    qreal m_unitsPerEm;
--    qreal m_ascent;
--    qreal m_descent;
-+    qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
-     qreal m_horizAdvX;
-     QHash<QChar, QSvgGlyph> m_glyphs;
- };
-diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
-index 29ca733..a891848 100644
---- a/src/svg/qsvghandler.cpp
-+++ b/src/svg/qsvghandler.cpp
-@@ -2622,7 +2622,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent,
- 
-     qreal unitsPerEm = toDouble(unitsPerEmStr);
-     if (!unitsPerEm)
--        unitsPerEm = 1000;
-+        unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
- 
-     if (!name.isEmpty())
-         font->setFamilyName(name);
--- 
-2.40.1
-
diff --git a/qt6-svg.changes b/qt6-svg.changes
index 4d5cb90..9e8b75b 100644
--- a/qt6-svg.changes
+++ b/qt6-svg.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed May 24 07:45:44 UTC 2023 - Christophe Marin <christophe@krop.fr>
+
+- Update to 6.5.1
+  * https://www.qt.io/blog/qt-6.5.1-released
+- Drop patch, merged upstream:
+  * CVE-2023-32573-qtsvg-6.5.diff
+
 -------------------------------------------------------------------
 Thu May 11 08:39:38 UTC 2023 - Christophe Marin <christophe@krop.fr>
 
diff --git a/qt6-svg.spec b/qt6-svg.spec
index 379a79a..ce7ec66 100644
--- a/qt6-svg.spec
+++ b/qt6-svg.spec
@@ -16,7 +16,7 @@
 #
 
 
-%define real_version 6.5.0
+%define real_version 6.5.1
 %define short_version 6.5
 %define tar_name qtsvg-everywhere-src
 %define tar_suffix %{nil}
@@ -27,15 +27,13 @@
 %endif
 #
 Name:           qt6-svg%{?pkg_suffix}
-Version:        6.5.0
+Version:        6.5.1
 Release:        0
 Summary:        Classes for rendering and displaying SVG drawings
 License:        LGPL-3.0-only OR (GPL-2.0-only OR GPL-3.0-or-later)
 URL:            https://www.qt.io
 Source:         https://download.qt.io/official_releases/qt/%{short_version}/%{real_version}%{tar_suffix}/submodules/%{tar_name}-%{real_version}%{tar_suffix}.tar.xz
 Source99:       qt6-svg-rpmlintrc
-# PATCH-FIX-UPSTREAM
-Patch0:         CVE-2023-32573-qtsvg-6.5.diff
 BuildRequires:  pkgconfig
 BuildRequires:  qt6-core-private-devel
 BuildRequires:  qt6-gui-private-devel
diff --git a/qtsvg-everywhere-src-6.5.0.tar.xz b/qtsvg-everywhere-src-6.5.0.tar.xz
deleted file mode 100644
index e0e0bd3..0000000
--- a/qtsvg-everywhere-src-6.5.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:64ca7e61f44d51e28bcbb4e0509299b53a9a7e38879e00a7fe91643196067a4f
-size 1727556
diff --git a/qtsvg-everywhere-src-6.5.1.tar.xz b/qtsvg-everywhere-src-6.5.1.tar.xz
new file mode 100644
index 0000000..c9e73f9
--- /dev/null
+++ b/qtsvg-everywhere-src-6.5.1.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d58d29491d44f0f59b684686a9898fec0e6c4fb7c09d9393b4e9c211fe9608ef
+size 1728900