[neon/qt6/qt6-svg/Neon/release] debian/patches: add patch from qt security

[Jonathan Esk-Riddell]

Git commit 3436702d7d3729f4081549742d21ada44bf73bc4 by Jonathan Esk-Riddell.
Committed on 15/05/2023 at 10:21.
Pushed by jriddell into branch 'Neon/release'.

add patch from qt security

A  +36   -0    debian/patches/CVE-2023-32573-qtsvg-6.5.diff
A  +1    -0    debian/patches/series

https://invent.kde.org/neon/qt6/qt6-svg/commit/3436702d7d3729f4081549742d21ada44bf73bc4

diff --git a/debian/patches/CVE-2023-32573-qtsvg-6.5.diff b/debian/patches/CVE-2023-32573-qtsvg-6.5.diff
new file mode 100644
index 0000000..aa86f2a
--- /dev/null
+++ b/debian/patches/CVE-2023-32573-qtsvg-6.5.diff
@@ -0,0 +1,36 @@
+--- a/src/svg/qsvgfont_p.h
++++ b/src/svg/qsvgfont_p.h
+@@ -38,6 +38,7 @@ public:
+ class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted
+ {
+ public:
++    static constexpr qreal DEFAULT_UNITS_PER_EM = 1000;
+     QSvgFont(qreal horizAdvX);
+ 
+     void setFamilyName(const QString &name);
+@@ -50,9 +51,7 @@ public:
+     void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const;
+ public:
+     QString m_familyName;
+-    qreal m_unitsPerEm;
+-    qreal m_ascent;
+-    qreal m_descent;
++    qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
+     qreal m_horizAdvX;
+     QHash<QChar, QSvgGlyph> m_glyphs;
+ };
+
+
+--- a/src/svg/qsvghandler.cpp
++++ b/src/svg/qsvghandler.cpp
+@@ -2622,7 +2622,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent,
+ 
+     qreal unitsPerEm = toDouble(unitsPerEmStr);
+     if (!unitsPerEm)
+-        unitsPerEm = 1000;
++        unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
+ 
+     if (!name.isEmpty())
+         font->setFamilyName(name);
+
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..82460d1
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2023-32573-qtsvg-6.5.diff