From 857a6a195ab7cf5f30dbbce922cd08bc39431358 Mon Sep 17 00:00:00 2001
From: Silvan Calarco <silvan.calarco@mambasoft.it>
Date: Fri, 5 Jan 2024 17:14:49 +0100
Subject: [PATCH] backport upstream patch to fix crash with SVG format check
 failed error (telegram-desktop) [release 6.6.0-2mamba;Sun Oct 29 2023]

---
 qt6-qtsvg-6.6.0-invalid-svg-crash.patch | 22 ++++++++++++++++++++++
 qt6-qtsvg.spec                          | 12 ++++++++++--
 2 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 qt6-qtsvg-6.6.0-invalid-svg-crash.patch

diff --git a/qt6-qtsvg-6.6.0-invalid-svg-crash.patch b/qt6-qtsvg-6.6.0-invalid-svg-crash.patch
new file mode 100644
index 0000000..8c8bf90
--- /dev/null
+++ b/qt6-qtsvg-6.6.0-invalid-svg-crash.patch
@@ -0,0 +1,22 @@
+Update:
+  What this fixes was later assigned CVE-2023-45872
+  https://lists.qt-project.org/pipermail/development/2023-October/044577.html
+
+https://bugs.gentoo.org/915582
+https://bugreports.qt.io/browse/QTBUG-117944
+https://codereview.qt-project.org/c/qt/qtsvg/+/510692
+https://github.com/qt/qtsvg/commit/effc44495a33babd4cf7a2044123f420e6b3da1c
+From: Paul Olav Tvete <paul.tvete@qt.io>
+Date: Tue, 10 Oct 2023 10:14:22 +0200
+Subject: [PATCH] Fix nullptr dereference with invalid SVG
+--- a/src/svg/qsvghandler.cpp
++++ b/src/svg/qsvghandler.cpp
+@@ -3606,6 +3606,8 @@ void QSvgHandler::init()
+ 
+ static bool detectCycles(const QSvgNode *node, QList<const QSvgUse *> active = {})
+ {
++    if (Q_UNLIKELY(!node))
++        return false;
+     switch (node->type()) {
+     case QSvgNode::DOC:
+     case QSvgNode::G:
diff --git a/qt6-qtsvg.spec b/qt6-qtsvg.spec
index 9798152..cb7f64a 100644
--- a/qt6-qtsvg.spec
+++ b/qt6-qtsvg.spec
@@ -1,8 +1,8 @@
 %define majver %(echo %version | cut -d. -f1-2)
 
 Name:          qt6-qtsvg
-Version:       6.5.3
-Release:       1mamba
+Version:       6.6.0
+Release:       2mamba
 Summary:       Qt6 SVG components
 Group:         System/Libraries
 Vendor:        openmamba
@@ -10,6 +10,7 @@ Distribution:  openmamba
 Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
 URL:           https://www.qt.io/
 Source:        https://download.qt.io/official_releases/qt/%{majver}/%{version}/submodules/qtsvg-everywhere-src-%{version}.tar.xz
+Patch0:        qt6-qtsvg-6.6.0-invalid-svg-crash.patch
 License:       GPL
 ## AUTOBUILDREQ-BEGIN
 BuildRequires: glibc-devel
@@ -36,6 +37,7 @@ This package contains libraries and header files for developing applications tha
 
 %prep
 %setup -q -n qtsvg-everywhere-src-%{version}
+%patch 0 -p1 -b .invalid-svg-crash
 
 %build
 %cmake -d build
@@ -84,6 +86,12 @@ This package contains libraries and header files for developing applications tha
 %{_libdir}/pkgconfig/Qt6Svg*.pc
 
 %changelog
+* Sun Oct 29 2023 Silvan Calarco <silvan.calarco@mambasoft.it> 6.6.0-2mamba
+- backport upstream patch to fix crash with SVG format check failed error (telegram-desktop)
+
+* Tue Oct 17 2023 Silvan Calarco <silvan.calarco@mambasoft.it> 6.6.0-1mamba
+- update to 6.6.0
+
 * Fri Sep 29 2023 Automatic Build System <autodist@mambasoft.it> 6.5.3-1mamba
 - automatic version update by autodist