gentoo auto-resync : 06:05:2023 - 23:35:15

3 files changed, 88 insertions, 0 deletions

diff --git a/dev-qt/qtsvg/Manifest b/dev-qt/qtsvg/Manifest
index 142b1a39f03b..a0319b2551ab 100644
--- a/dev-qt/qtsvg/Manifest
+++ b/dev-qt/qtsvg/Manifest
@@ -1,6 +1,8 @@
+AUX qtsvg-5.15.9-fix-ub-ossfuzz-22618.patch 1907 BLAKE2B 1d28a94ba450d74a3b990beada37abc9310fcdc6eb61f978101daf1c5093d98fdd58f00aaa28447f5b6f0d2fbd903d619a57f86474a05183f12bb5192c0e4d90 SHA512 ea6b2a0d1a1f54ee1f6a756a0a271047b32d674945787b0ed5245f6b4aafd3bcf560daf269225db2a62842ccf3b2f4c9b65b0af0a7787c6cc451d75606707736
 DIST qtsvg-5.15.9-gentoo-kde-1.tar.xz 4368 BLAKE2B d2758227d565d9043022e22d0eaa34cdd4b851435e331c30af8c4b2b232a068d5bd222389588dd01ab872611d34da0be90f4921377de63e7b5477c0d74bb5090 SHA512 2b99a16e277795431ea7953119efe70a9bcf084b2cd1e63003d4ba032067eeaaacac47239788a5860c1d5960af738df7bda4a317b484f3f64e1cd1e3aa31b749
 DIST qtsvg-everywhere-opensource-src-5.15.9.tar.xz 1889044 BLAKE2B 0163c88701d510ab99a1d0d91f98fced612e428fdb04573aba5e819cb7a713d283e1cae94f0e31a7016d14a1f61f202a417453f63768ebdfa185772abcf0cf71 SHA512 e091c059492662fad713d1f99bfa5e21a8f8e77e24b067d176a6e732b420a22e3777fa99a880c6f992a19b2e5b16c01f131da875d9e08e6a515108b468192fe5
 DIST qtsvg-everywhere-src-6.5.0.tar.xz 1727556 BLAKE2B 275442f9a00b65d51789e52ec13e9bb61825c8ce55a2262a78e110fc225a3f8622d3436d580d4e89db99db93884b60d8201d032823032de6311caa41a767b200 SHA512 ef317b9b3621b5554df20bc570b67392f9c0ab37929b4c9dc0e9902c1b63763aff5d9bdf50b50f7c0a3c9f74c513a53553744dda68d8d29f593fc70f787f1009
+EBUILD qtsvg-5.15.9-r1.ebuild 561 BLAKE2B e7337cb17c52ee2002f5c741a02386aa8847364bb9d4bc9c7ed8846c3b99683ed2d952275eeee8e1d1a61ee1a9647cb6c5c83d12cc4170138918f03f92c79098 SHA512 1f220a0f727609549f1eb0b7caf701c04d3d24b213fd145c0b012773523d13d35d7e82020dda65cefee9dea048ee296c43acea496a803e464b19901df76780e5
 EBUILD qtsvg-5.15.9.ebuild 496 BLAKE2B a9a417892487c84120f966f2bd06d84f7348e069ec3917aca6c88c33345109bf127802e01fae1da95a5945fc7e44db8f3a2f3b7f6b699fcfbcc3367b082f2563 SHA512 b94101d98d128f952a0bdc6b14e04c76e492d6925e06d6c0d97d077f908196d944169a196a28e4aac384c261c93a6b5fa2dd94646c4186b392fd1ec57f885e15
 EBUILD qtsvg-6.5.0.ebuild 342 BLAKE2B 9e9ecaf7a291e80c41e1698e0e8cb4798422e17f95ca4bef5e9523c81db42fd2cd971f193d12b999401f96c8293b54fe8b8d5bbf33f636b3d31e78c3e6b65c92 SHA512 f9f43ca3a2b52c25bbc6ed1438fcbe8458e3b47cda7a08c060cb5dd27315dce0434aa6d542ff58070de2ede5f703f2d951f60bb35827638a5ff52ffc4e2c69fe
 MISC metadata.xml 482 BLAKE2B 651a49dc4a07f5e5a9c21990868e666d98acdea7d7b0b2c0e4c98eafc3da72c803d380e4abda30f33250f7bbd7654df713833ccdddcb975cbad6f92e488f643b SHA512 192c670abd7da29645513bf1d9297d942efdc49f5cf170861e7689fda47f51daa47f10c7c81c3b045366e0259179c6839ff7747197c9d792e8d0fd1a5818973e
diff --git a/dev-qt/qtsvg/files/qtsvg-5.15.9-fix-ub-ossfuzz-22618.patch b/dev-qt/qtsvg/files/qtsvg-5.15.9-fix-ub-ossfuzz-22618.patch
new file mode 100644
index 000000000000..adc43d7c3fba
--- /dev/null
+++ b/dev-qt/qtsvg/files/qtsvg-5.15.9-fix-ub-ossfuzz-22618.patch
@@ -0,0 +1,59 @@
+From 837b5163e17edbd3a9f098e9a1ab73febab419b4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Robert=20L=C3=B6hning?= <robert.loehning@qt.io>
+Date: Mon, 24 Apr 2023 15:27:17 +0200
+Subject: [PATCH] QSvgFont: Initialize used member, remove unused
+
+Credit to OSS-Fuzz
+
+[ChangeLog][QtSvg] Fixed undefined behavior from using uninitialized
+variable.
+
+Pick-to: 6.5 6.2 5.15
+Coverity-Id: 22618
+Change-Id: Id52277bb0e2845f4d342e187dbb8093e9276b70c
+Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
+(cherry picked from commit ff22c3ccf8ccf813fdcfda23f7740ba73ba5ce0a)
+---
+ src/svg/qsvgfont_p.h    | 5 ++---
+ src/svg/qsvghandler.cpp | 2 +-
+ 2 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/src/svg/qsvgfont_p.h b/src/svg/qsvgfont_p.h
+index fd0a3fab..fcffbe85 100644
+--- a/src/svg/qsvgfont_p.h
++++ b/src/svg/qsvgfont_p.h
+@@ -74,6 +74,7 @@ public:
+ class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted
+ {
+ public:
++    static constexpr qreal DEFAULT_UNITS_PER_EM = 1000;
+     QSvgFont(qreal horizAdvX);
+ 
+     void setFamilyName(const QString &name);
+@@ -86,9 +87,7 @@ public:
+     void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const;
+ public:
+     QString m_familyName;
+-    qreal m_unitsPerEm;
+-    qreal m_ascent;
+-    qreal m_descent;
++    qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
+     qreal m_horizAdvX;
+     QHash<QChar, QSvgGlyph> m_glyphs;
+ };
+diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
+index 8dda5632..222b6d89 100644
+--- a/src/svg/qsvghandler.cpp
++++ b/src/svg/qsvghandler.cpp
+@@ -2671,7 +2671,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent,
+ 
+     qreal unitsPerEm = toDouble(unitsPerEmStr);
+     if (!unitsPerEm)
+-        unitsPerEm = 1000;
++        unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
+ 
+     if (!name.isEmpty())
+         font->setFamilyName(name);
+-- 
+GitLab
+
diff --git a/dev-qt/qtsvg/qtsvg-5.15.9-r1.ebuild b/dev-qt/qtsvg/qtsvg-5.15.9-r1.ebuild
new file mode 100644
index 000000000000..96f2aa87d916
--- /dev/null
+++ b/dev-qt/qtsvg/qtsvg-5.15.9-r1.ebuild
@@ -0,0 +1,27 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+if [[ ${PV} != *9999* ]]; then
+	QT5_KDEPATCHSET_REV=1
+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+inherit qt5-build
+
+DESCRIPTION="SVG rendering library for the Qt5 framework"
+
+IUSE=""
+
+RDEPEND="
+	=dev-qt/qtcore-${QT5_PV}*
+	=dev-qt/qtgui-${QT5_PV}*
+	=dev-qt/qtwidgets-${QT5_PV}*
+	sys-libs/zlib:=
+"
+DEPEND="${RDEPEND}
+	test? ( =dev-qt/qtxml-${QT5_PV}* )
+"
+
+PATCHES=( "${FILESDIR}/${P}-fix-ub-ossfuzz-22618.patch" )