.gitignore

@@ -1 +1 @@
-SOURCES/qt3d-everywhere-opensource-src-5.15.3.tar.xz
+SOURCES/qt3d-everywhere-opensource-src-5.15.9.tar.xz

.qt5-qt3d.metadata

@@ -1 +1 @@
-b483197cd18ec907c726269ab4f776b646586400 SOURCES/qt3d-everywhere-opensource-src-5.15.3.tar.xz
+270c5afb84242b63eaac960bba1645f39f6ca009 SOURCES/qt3d-everywhere-opensource-src-5.15.9.tar.xz

SOURCES/assimp-CVE-2025-120985.patch

@@ -0,0 +1,42 @@
+From 0978918f7148fbcd3d05cc6573dae7859975a895 Mon Sep 17 00:00:00 2001
+From: Jan Grulich <jgrulich@redhat.com>
+Date: Tue, 4 Nov 2025 10:09:13 +0100
+Subject: [PATCH] Fix Heap-buffer-overflow in Q3DImporter::InternReadFile
+ (#6370)
+
+Checks if multiplying texture width and height would overflow before
+performing the operation. This avoids incorrect memory allocations and
+potential crashes with very large textures.
+
+Fixes #6358
+
+Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
+---
+ src/3rdparty/assimp/src/codeAssetLib/Q3D/Q3DLoader.cpp | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/3rdparty/assimp/src/codeAssetLib/Q3D/Q3DLoader.cpp b/src/3rdparty/assimp/src/codeAssetLib/Q3D/Q3DLoader.cpp
+index 2862350a5a..9c90ce1535 100644
+--- a/src/3rdparty/assimp/src/codeAssetLib/Q3D/Q3DLoader.cpp
++++ b/src/3rdparty/assimp/src/codeAssetLib/Q3D/Q3DLoader.cpp
+@@ -55,6 +55,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ #include <assimp/DefaultLogger.hpp>
+ #include <assimp/IOSystem.hpp>
+ 
++#include <limits>
++
+ namespace Assimp {
+ 
+ static constexpr aiImporterDesc desc = {
+@@ -309,6 +311,11 @@ void Q3DImporter::InternReadFile(const std::string &pFile,
+                     throw DeadlyImportError("Quick3D: Invalid texture. Width or height is zero");
+                 }
+ 
++                const unsigned int uint_max = std::numeric_limits<unsigned int>::max();
++                if (tex->mWidth > (uint_max / tex->mHeight)) {
++                    throw DeadlyImportError("Quick3D: Texture dimensions are too large, resulting in overflow.");
++                }
++
+                 unsigned int mul = tex->mWidth * tex->mHeight;
+                 aiTexel *begin = tex->pcData = new aiTexel[mul];
+                 aiTexel *const end = &begin[mul - 1] + 1;

SOURCES/assimp-CVE-2025-3158.patch

@@ -0,0 +1,13 @@
+diff --git a/src/3rdparty/assimp/src/code/LWO/LWOAnimation.cpp b/src/3rdparty/assimp/src/code/LWO/LWOAnimation.cpp
+index 3a0d2c3..834bdd6 100644
+--- a/src/3rdparty/assimp/src/code/LWO/LWOAnimation.cpp
++++ b/src/3rdparty/assimp/src/code/LWO/LWOAnimation.cpp
+@@ -196,7 +196,7 @@ void AnimResolver::UpdateAnimRangeSetup()
+                 unsigned int tt = 1;
+                 for (const double tmp =  delta*(num+1);cur_minus <= tmp;cur_minus += delta,++tt) {
+                     m = (delta == tmp ? (*it).keys.begin() :  n - (old_size+1));
+-                    for (;m != n; --n) {
++                    for (;m < n; --n) {
+                         (*n).time -= cur_minus;
+ 
+                         // offset repeat? add delta offset to key value

SOURCES/assimp-CVE-2025-3159.patch

@@ -0,0 +1,16 @@
+diff --git a/src/3rdparty/assimp/src/code/ASE/ASEParser.cpp b/src/3rdparty/assimp/src/code/ASE/ASEParser.cpp
+index 913e7b1..1de9b4d 100644
+--- a/src/3rdparty/assimp/src/code/ASE/ASEParser.cpp
++++ b/src/3rdparty/assimp/src/code/ASE/ASEParser.cpp
+@@ -1599,9 +1599,9 @@ void Parser::ParseLV4MeshBonesVertices(unsigned int iNumVertices,ASE::Mesh& mesh
+             {
+                 // read the vertex index
+                 unsigned int iIndex = strtoul10(filePtr,&filePtr);
+-                if (iIndex >= mesh.mPositions.size())
++                if (iIndex >= mesh.mBoneVertices.size())
+                 {
+-                    iIndex = (unsigned int)mesh.mPositions.size()-1;
++                    iIndex = (unsigned int)mesh.mBoneVertices.size()-1;
+                     LogWarning("Bone vertex index is out of bounds. Using the largest valid "
+                         "bone vertex index instead");
+                 }

SPECS/qt5-qt3d.spec

@@ -6,8 +6,8 @@
 
 Summary: Qt5 - Qt3D QML bindings and C++ APIs
 Name:    qt5-%{qt_module}
-Version: 5.15.3
-Release: 1%{?dist}
+Version: 5.15.9
+Release: 2%{?dist}.1
 
 # See LICENSE.GPL LICENSE.LGPL LGPL_EXCEPTION.txt, for details
 # See also http://doc.qt.io/qt-5/licensing.html
@@ -17,22 +17,26 @@ Url:     http://www.qt.io
 Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-opensource-src-%{version}.tar.xz
 Source1: qt3dcore-config-multilib_p.h
 
+# Assimp CVEs
+Patch0:  assimp-CVE-2025-3158.patch
+Patch1:  assimp-CVE-2025-3159.patch
+Patch2:  assimp-CVE-2025-120985.patch
+
+BuildRequires: make
 BuildRequires: qt5-rpm-macros >= %{version}
 BuildRequires: qt5-qtbase-static >= %{version}
 BuildRequires: qt5-qtbase-private-devel
-#libQt53DRender.so.5(Qt_5_PRIVATE_API)(64bit)
-#libQt5Core.so.5(Qt_5_PRIVATE_API)(64bit)
-#libQt5Gui.so.5(Qt_5_PRIVATE_API)(64bit)
-#libQt5Qml.so.5(Qt_5_PRIVATE_API)(64bit)
-#libQt5Quick.so.5(Qt_5_PRIVATE_API)(64bit)
 %{?_qt5:Requires: %{_qt5}%{?_isa} = %{_qt5_version}}
 BuildRequires: qt5-qtdeclarative-devel
 BuildRequires: qt5-qtimageformats
 BuildRequires: qt5-qtxmlpatterns-devel
-
+%if 0%{?fedora}
+BuildRequires: pkgconfig(assimp) >= 3.3.1
+%else
+Provides: bundled(assimp) = 4.1
+%endif
 Requires: qt5-qtimageformats%{?_isa} >= %{version}
 
-
 %description
 Qt 3D provides functionality for near-realtime simulation systems with
 support for 2D and 3D rendering in both Qt C++ and Qt Quick applications).
@@ -59,35 +63,32 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
 %{summary}.
 %endif
 
-
 %prep
 %setup -q -n %{qt_module}-everywhere-src-%{version}
 
+%patch -P0 -p1 -b .assimp-CVE-2025-3158
+%patch -P1 -p1 -b .assimp-CVE-2025-3159
 
 %build
+# QT is known not to work properly with LTO at this point.  Some of the issues
+# are being worked on upstream and disabling LTO should be re-evaluated as
+# we update this change.  Until such time...
+# Disable LTO
+%define _lto_cflags %{nil}
+
 %{qmake_qt5}
 
 %make_build
 
 %if 0%{?build_tests}
-make sub-tests %{?_smp_mflags} -k ||:
+%qt5_build_tests
 %endif
 
-
 %install
 make install INSTALL_ROOT=%{buildroot}
 
 %if 0%{?build_tests}
-# Install tests for gating
-mkdir -p %{buildroot}%{_qt5_libdir}/qt5
-find ./tests -not -path '*/\.*' -type d | while read LINE
-do
-    mkdir -p "%{buildroot}%{_qt5_libdir}/qt5/$LINE"
-done
-find ./tests -not -path '*/\.*' -not -name '*.h' -not -name '*.cpp' -not -name '*.pro' -not -name 'uic_wrapper.sh' -not -name 'Makefile' -not -name 'target_wrapper.sh' -type f | while read LINE
-do
-    cp -r --parents "$LINE" %{buildroot}%{_qt5_libdir}/qt5/
-done
+%qt5_install_tests
 %endif
 
 %ifarch %{multilib_archs}
@@ -207,42 +208,111 @@ popd
 %{_qt5_libdir}/qt5/tests
 %endif
 
-
 %changelog
+* Wed Nov 05 2025 Jan Grulich <jgrulich@redhat.com> - 5.15.9-2.1
+- Assimp: Fix heap-based overflow in Q3DLoader::InternReadFile
+  Resolves: RHEL-120988
+
+* Wed Jul 23 2025 Jan Grulich <jgrulich@redhat.com> - 5.15.9-2
+- Assimp: Fix heap-based overflow in Assimp::LWO::AnimResolver::UpdateAnimRangeSetup
+  Resolves: RHEL-105000
+- Assimp: Fix heap-based overflow in Assimp::ASE::Parser::ParseLV4MeshBonesVertices
+  Resolves: RHEL-105005
+
+* Tue Apr 18 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-1
+- 5.15.9
+  Resolves: bz#2175729
+
 * Mon Mar 28 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.3-1
 - 5.15.3
-  Resolves: bz#2061381
+  Resolves: bz#2061356
 
-* Wed Apr 28 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-2
-- Rebuild (binutils)
-  Resolves: bz#1930063
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 5.15.2-9
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Sun Apr 04 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-1
+* Wed Jun 09 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-8
+- Add gating tests
+  Resolves: bz#1968482
+
+* Mon May 17 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-7
+- Provides: bundled(assimp)
+  Resolves: bz#1961111
+
+* Thu Apr 29 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-6
+- Define multilib architectures
+  Resolves: bz#1952538
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.15.2-5
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.15.2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Jan 15 11:34:02 CET 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-3
+- Fix multilib issue with qt3dcore-config header file
+
+* Tue Nov 24 07:54:17 CET 2020 Jan Grulich <jgrulich@redhat.com> - 5.15.2-2
+- Rebuild for qtbase with -no-reduce-relocations option
+
+* Fri Nov 20 09:30:48 CET 2020 Jan Grulich <jgrulich@redhat.com> - 5.15.2-1
 - 5.15.2
-  Resolves: bz#1930063
 
-* Wed Nov 20 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.5-2
-- Fix multilib issue
-  Resolves: bz#1765637
+* Thu Sep 10 2020 Jan Grulich <jgrulich@redhat.com> - 5.15.1-1
+- 5.15.1
 
-* Mon Nov 18 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.5-1
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.14.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 01 2020 Jeff Law <law@redhat.com> - 5.14.2-2
+- Disable LTO
+
+* Sat Apr 04 2020 Rex Dieter <rdieter@fedoraproject.org> - 5.14.2-1
+- 5.14.2
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.13.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Dec 09 2019 Jan Grulich <jgrulich@redhat.com> - 5.13.2-1
+- 5.13.2
+
+* Tue Sep 24 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.5-1
 - 5.12.5
-  Resolves: bz#1733159
 
-* Mon Dec 10 2018 Jan Grulich <jgrulich@redhat.com> - 5.11.1-4
-- Rebuild for broken CI
-  Resolves: bz#1657230
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.12.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 
-* Mon Dec 10 2018 Jan Grulich <jgrulich@redhat.com> - 5.11.1-3
-- Rebuild to fix CET notes
-  Resolves: bz#1657230
+* Fri Jun 14 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.4-1
+- 5.12.4
 
-* Tue Jul 10 2018 Jan Grulich <jgrulich@redhat.com> - 5.11.1-2
-- drop assimp dependency
+* Tue Jun 04 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.3-1
+- 5.12.3
 
-* Tue Jul 03 2018 Jan Grulich <jgrulich@redhat.com> - 5.11.1-1
+* Fri Feb 15 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.12.1-1
+- 5.12.1
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.11.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Dec 07 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.11.3-1
+- 5.11.3
+
+* Fri Sep 21 2018 Jan Grulich <jgrulich@redhat.com> - 5.11.2-1
+- 5.11.2
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.11.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Tue Jun 19 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.11.1-1
 - 5.11.1
 
+* Sun May 27 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.11.0-1
+- 5.11.0
+- use %%make_build %%ldconfig_scriptlets
+
+* Thu Mar 08 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.10.1-2
+- BR: qt5-rpm-macros
+
 * Wed Feb 14 2018 Jan Grulich <jgrulich@redhat.com> - 5.10.1-1
 - 5.10.1