From 081d5af6e7f9f81f6fbe17970b48543a2179e5b3 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 9 Nov 2021 05:02:19 -0500 Subject: [PATCH] import qt5-qtbase-5.15.2-3.el8 --- .gitignore | 2 +- .qt5-qtbase.metadata | 2 +- ...ase-add-expansion-limit-for-entities.patch | 146 ---------------- ...-allow-dbus-not-running-during-build.patch | 13 -- .../qtbase-do-not-load-plugin-from-pwd.patch | 28 --- ...everywhere-src-5.14.2-no_relocatable.patch | 16 ++ ...se-fix-buffer-overflow-in-xbm-parser.patch | 70 -------- ...ase-opensource-src-5.3.2-QTBUG-35459.patch | 13 -- ...-handle-ssl-shutdown-errors-properly.patch | 161 ------------------ ...empt-to-load-library-relative-to-pwd.patch | 52 ------ SOURCES/xcberror_filter.patch | 41 ----- SPECS/qt5-qtbase.spec | 110 ++++++------ 12 files changed, 78 insertions(+), 576 deletions(-) delete mode 100644 SOURCES/qtbase-add-expansion-limit-for-entities.patch delete mode 100644 SOURCES/qtbase-allow-dbus-not-running-during-build.patch delete mode 100644 SOURCES/qtbase-do-not-load-plugin-from-pwd.patch create mode 100644 SOURCES/qtbase-everywhere-src-5.14.2-no_relocatable.patch delete mode 100644 SOURCES/qtbase-fix-buffer-overflow-in-xbm-parser.patch delete mode 100644 SOURCES/qtbase-opensource-src-5.3.2-QTBUG-35459.patch delete mode 100644 SOURCES/qtbase-openssl-handle-ssl-shutdown-errors-properly.patch delete mode 100644 SOURCES/qtbase-qlibrary-do-not-attempt-to-load-library-relative-to-pwd.patch delete mode 100644 SOURCES/xcberror_filter.patch diff --git a/.gitignore b/.gitignore index 084698d..5ab0702 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/qtbase-everywhere-src-5.12.5.tar.xz +SOURCES/qtbase-everywhere-src-5.15.2.tar.xz diff --git a/.qt5-qtbase.metadata b/.qt5-qtbase.metadata index 3c4e62e..4ced115 100644 --- a/.qt5-qtbase.metadata +++ b/.qt5-qtbase.metadata @@ -1 +1 @@ -47145a722a8a8457121071f60b4e44fc66c58979 SOURCES/qtbase-everywhere-src-5.12.5.tar.xz +b5ad67fc6381ad7fae0296944734198488d096a3 SOURCES/qtbase-everywhere-src-5.15.2.tar.xz diff --git a/SOURCES/qtbase-add-expansion-limit-for-entities.patch b/SOURCES/qtbase-add-expansion-limit-for-entities.patch deleted file mode 100644 index 162ad91..0000000 --- a/SOURCES/qtbase-add-expansion-limit-for-entities.patch +++ /dev/null @@ -1,146 +0,0 @@ -From f432c08882ffebe5074ea28de871559a98a4d094 Mon Sep 17 00:00:00 2001 -From: Lars Knoll -Date: Wed, 26 Feb 2020 10:42:10 +0100 -Subject: Add an expansion limit for entities - -Recursively defined entities can easily exhaust all available -memory. Limit entity expansion to a default of 4096 characters to -avoid DoS attacks when a user loads untrusted content. - -[ChangeLog][QtCore][QXmlStream] QXmlStreamReader does now -limit the expansion of entities to 4096 characters. Documents where -a single entity expands to more characters than the limit are not -considered well formed. The limit is there to avoid DoS attacks through -recursively expanding entities when loading untrusted content. Qt 5.15 -will add methods that allow changing that limit. - -Fixes: QTBUG-47417 -Change-Id: I94387815d74fcf34783e136387ee57fac5ded0c9 -Reviewed-by: Oswald Buddenhagen -Reviewed-by: Volker Hilsheimer -(cherry picked from commit fd4be84d23a0db4186cb42e736a9de3af722c7f7) -Reviewed-by: Eirik Aavitsland ---- - src/corelib/serialization/qxmlstream.g | 14 ++++++++++++- - src/corelib/serialization/qxmlstream_p.h | 14 ++++++++++++- - .../serialization/qxmlstream/tst_qxmlstream.cpp | 23 ++++++++++++++++++++-- - 3 files changed, 47 insertions(+), 4 deletions(-) - -diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g -index 10bfcd491c..5726bafb26 100644 ---- a/src/corelib/serialization/qxmlstream.g -+++ b/src/corelib/serialization/qxmlstream.g -@@ -277,9 +277,19 @@ public: - QHash entityHash; - QHash parameterEntityHash; - QXmlStreamSimpleStackentityReferenceStack; -+ int entityExpansionLimit = 4096; -+ int entityLength = 0; - inline bool referenceEntity(Entity &entity) { - if (entity.isCurrentlyReferenced) { -- raiseWellFormedError(QXmlStream::tr("Recursive entity detected.")); -+ raiseWellFormedError(QXmlStream::tr("Self-referencing entity detected.")); -+ return false; -+ } -+ // entityLength represents the amount of additional characters the -+ // entity expands into (can be negative for e.g. &). It's used to -+ // avoid DoS attacks through recursive entity expansions -+ entityLength += entity.value.size() - entity.name.size() - 2; -+ if (entityLength > entityExpansionLimit) { -+ raiseWellFormedError(QXmlStream::tr("Entity expands to more characters than the entity expansion limit.")); - return false; - } - entity.isCurrentlyReferenced = true; -@@ -830,6 +840,8 @@ entity_done ::= ENTITY_DONE; - /. - case $rule_number: - entityReferenceStack.pop()->isCurrentlyReferenced = false; -+ if (entityReferenceStack.isEmpty()) -+ entityLength = 0; - clearSym(); - break; - ./ -diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h -index 61f501f81b..31053f8e0b 100644 ---- a/src/corelib/serialization/qxmlstream_p.h -+++ b/src/corelib/serialization/qxmlstream_p.h -@@ -774,9 +774,19 @@ public: - QHash entityHash; - QHash parameterEntityHash; - QXmlStreamSimpleStackentityReferenceStack; -+ int entityExpansionLimit = 4096; -+ int entityLength = 0; - inline bool referenceEntity(Entity &entity) { - if (entity.isCurrentlyReferenced) { -- raiseWellFormedError(QXmlStream::tr("Recursive entity detected.")); -+ raiseWellFormedError(QXmlStream::tr("Self-referencing entity detected.")); -+ return false; -+ } -+ // entityLength represents the amount of additional characters the -+ // entity expands into (can be negative for e.g. &). It's used to -+ // avoid DoS attacks through recursive entity expansions -+ entityLength += entity.value.size() - entity.name.size() - 2; -+ if (entityLength > entityExpansionLimit) { -+ raiseWellFormedError(QXmlStream::tr("Entity expands to more characters than the entity expansion limit.")); - return false; - } - entity.isCurrentlyReferenced = true; -@@ -1308,6 +1318,8 @@ bool QXmlStreamReaderPrivate::parse() - - case 10: - entityReferenceStack.pop()->isCurrentlyReferenced = false; -+ if (entityReferenceStack.isEmpty()) -+ entityLength = 0; - clearSym(); - break; - -diff --git a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp -index 8fdf91b090..1f9a0d575d 100644 ---- a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp -+++ b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp -@@ -393,8 +393,6 @@ public: - return true; - } - -- QXmlStreamReader reader(&inputFile); -- - /* See testcases.dtd which reads: 'Nonvalidating parsers - * must also accept "invalid" testcases, but validating ones must reject them.' */ - if(type == QLatin1String("invalid") || type == QLatin1String("valid")) -@@ -580,6 +578,8 @@ private slots: - void roundTrip() const; - void roundTrip_data() const; - -+ void entityExpansionLimit() const; -+ - private: - static QByteArray readFile(const QString &filename); - -@@ -1756,6 +1756,25 @@ void tst_QXmlStream::roundTrip_data() const - "\n"; - } - -+void tst_QXmlStream::entityExpansionLimit() const -+{ -+ QString xml = QStringLiteral("" -+ "" -+ "" -+ "" -+ "" -+ "]>" -+ "&d;&d;&d;"); -+ { -+ QXmlStreamReader reader(xml); -+ do { -+ reader.readNext(); -+ } while (!reader.atEnd()); -+ QCOMPARE(reader.error(), QXmlStreamReader::NotWellFormedError); -+ } -+} -+ - void tst_QXmlStream::roundTrip() const - { - QFETCH(QString, in); --- -cgit v1.2.1 diff --git a/SOURCES/qtbase-allow-dbus-not-running-during-build.patch b/SOURCES/qtbase-allow-dbus-not-running-during-build.patch deleted file mode 100644 index 11b1d03..0000000 --- a/SOURCES/qtbase-allow-dbus-not-running-during-build.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/tests/auto/auto.pro b/tests/auto/auto.pro -index fbd89e40..722281c1 100644 ---- a/tests/auto/auto.pro -+++ b/tests/auto/auto.pro -@@ -37,7 +37,7 @@ else:!qtConfig(process): SUBDIRS -= tools - !cross_compile:qtHaveModule(dbus) { - !system("dbus-send --session --type=signal / local.AutotestCheck.Hello >$$QMAKE_SYSTEM_NULL_DEVICE 2>&1") { - qtConfig(dbus-linked): \ -- error("QtDBus is enabled but session bus is not available. Please check the installation.") -+ warning("QtDBus is enabled but session bus is not available. Please check the installation.") - else: \ - warning("QtDBus is enabled with runtime support, but session bus is not available. Skipping QtDBus tests.") - SUBDIRS -= dbus diff --git a/SOURCES/qtbase-do-not-load-plugin-from-pwd.patch b/SOURCES/qtbase-do-not-load-plugin-from-pwd.patch deleted file mode 100644 index b07a8ed..0000000 --- a/SOURCES/qtbase-do-not-load-plugin-from-pwd.patch +++ /dev/null @@ -1,28 +0,0 @@ -From bf131e8d2181b3404f5293546ed390999f760404 Mon Sep 17 00:00:00 2001 -From: Olivier Goffart -Date: Fri, 8 Nov 2019 11:30:40 +0100 -Subject: Do not load plugin from the $PWD - -I see no reason why this would make sense to look for plugins in the current -directory. And when there are plugins there, it may actually be wrong - -Change-Id: I5f5aa168021fedddafce90effde0d5762cd0c4c5 -Reviewed-by: Thiago Macieira ---- - src/corelib/plugin/qpluginloader.cpp | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/corelib/plugin/qpluginloader.cpp b/src/corelib/plugin/qpluginloader.cpp -index cadff4f32b..c2443dbdda 100644 ---- a/src/corelib/plugin/qpluginloader.cpp -+++ b/src/corelib/plugin/qpluginloader.cpp -@@ -305,7 +305,6 @@ static QString locatePlugin(const QString& fileName) - paths.append(fileName.left(slash)); // don't include the '/' - } else { - paths = QCoreApplication::libraryPaths(); -- paths.prepend(QStringLiteral(".")); // search in current dir first - } - - for (const QString &path : qAsConst(paths)) { --- -cgit v1.2.1 diff --git a/SOURCES/qtbase-everywhere-src-5.14.2-no_relocatable.patch b/SOURCES/qtbase-everywhere-src-5.14.2-no_relocatable.patch new file mode 100644 index 0000000..56b9db8 --- /dev/null +++ b/SOURCES/qtbase-everywhere-src-5.14.2-no_relocatable.patch @@ -0,0 +1,16 @@ +diff -up qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp.no_relocatable qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp +--- qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp.no_relocatable 2020-03-27 04:49:31.000000000 -0500 ++++ qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp 2020-04-13 15:13:44.075705226 -0500 +@@ -671,8 +671,11 @@ static QString getPrefix( + # if QT_CONFIGURE_CROSSBUILD + if (group == QLibraryInfo::DevicePaths) + return QString::fromLocal8Bit(QT_CONFIGURE_PREFIX_PATH); +-# endif ++# elif 0 //QT_CONFIG(relocatable) + return getExtPrefixFromHostBinDir(); ++# else ++ return QString::fromLocal8Bit(QT_CONFIGURE_PREFIX_PATH); ++# endif + #elif QT_CONFIG(relocatable) + return getRelocatablePrefix(); + #else diff --git a/SOURCES/qtbase-fix-buffer-overflow-in-xbm-parser.patch b/SOURCES/qtbase-fix-buffer-overflow-in-xbm-parser.patch deleted file mode 100644 index 2b33f3b..0000000 --- a/SOURCES/qtbase-fix-buffer-overflow-in-xbm-parser.patch +++ /dev/null @@ -1,70 +0,0 @@ -diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp -index 7ba44049..8c4be4f0 100644 ---- a/src/gui/image/qxbmhandler.cpp -+++ b/src/gui/image/qxbmhandler.cpp -@@ -158,7 +158,9 @@ static bool read_xbm_body(QIODevice *device, int w, int h, QImage *outImage) - w = (w+7)/8; // byte width - - while (y < h) { // for all encoded bytes... -- if (p) { // p = "0x.." -+ if (p && p < (buf + readBytes - 3)) { // p = "0x.." -+ if (!isxdigit(p[2]) || !isxdigit(p[3])) -+ return false; - *b++ = hex2byte(p+2); - p += 2; - if (++x == w && ++y < h) { -diff --git a/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp b/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp -index 1eee2f27..f801f3cd 100644 ---- a/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp -+++ b/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp -@@ -167,6 +167,8 @@ private slots: - void devicePixelRatio_data(); - void devicePixelRatio(); - -+ void xbmBufferHandling(); -+ - private: - QString prefix; - QTemporaryDir m_temporaryDir; -@@ -2002,5 +2004,41 @@ void tst_QImageReader::devicePixelRatio() - QCOMPARE(img.devicePixelRatio(), dpr); - } - -+void tst_QImageReader::xbmBufferHandling() -+{ -+ uint8_t original_buffer[256]; -+ for (int i = 0; i < 256; ++i) -+ original_buffer[i] = i; -+ -+ QImage image(original_buffer, 256, 8, QImage::Format_MonoLSB); -+ image.setColorTable({0xff000000, 0xffffffff}); -+ -+ QByteArray buffer; -+ { -+ QBuffer buf(&buffer); -+ QImageWriter writer(&buf, "xbm"); -+ writer.write(image); -+ } -+ -+ QCOMPARE(QImage::fromData(buffer, "xbm"), image); -+ -+ auto i = buffer.indexOf(','); -+ buffer.insert(i + 1, " "); -+ QCOMPARE(QImage::fromData(buffer, "xbm"), image); -+ buffer.insert(i + 1, " "); -+ QCOMPARE(QImage::fromData(buffer, "xbm"), image); -+ buffer.insert(i + 1, " "); -+#if 0 // Lines longer than 300 chars not supported currently -+ QCOMPARE(QImage::fromData(buffer, "xbm"), image); -+#endif -+ -+ i = buffer.lastIndexOf("\n "); -+ buffer.truncate(i + 1); -+ buffer.append(QByteArray(297, ' ')); -+ buffer.append("0x"); -+ // Only check we get no buffer overflow -+ QImage::fromData(buffer, "xbm"); -+} -+ - QTEST_MAIN(tst_QImageReader) - #include "tst_qimagereader.moc" diff --git a/SOURCES/qtbase-opensource-src-5.3.2-QTBUG-35459.patch b/SOURCES/qtbase-opensource-src-5.3.2-QTBUG-35459.patch deleted file mode 100644 index e156250..0000000 --- a/SOURCES/qtbase-opensource-src-5.3.2-QTBUG-35459.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up qtbase-opensource-src-5.3.2/src/xml/sax/qxml.cpp.QTBUG-35459 qtbase-opensource-src-5.3.2/src/xml/sax/qxml.cpp -diff -up qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h.QTBUG-35459 qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h ---- qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h.QTBUG-35459 2014-09-11 05:48:05.000000000 -0500 -+++ qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h 2014-09-16 09:35:01.189255615 -0500 -@@ -223,7 +223,7 @@ private: - // for the DTD currently being parsed. - static const int dtdRecursionLimit = 2; - // The maximum amount of characters an entity value may contain, after expansion. -- static const int entityCharacterLimit = 1024; -+ static const int entityCharacterLimit = 4096; - - const QString &string(); - void stringClear(); diff --git a/SOURCES/qtbase-openssl-handle-ssl-shutdown-errors-properly.patch b/SOURCES/qtbase-openssl-handle-ssl-shutdown-errors-properly.patch deleted file mode 100644 index 44db0dc..0000000 --- a/SOURCES/qtbase-openssl-handle-ssl-shutdown-errors-properly.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 36a8bdbc8417506513207daf4f36533a3d6632f3 Mon Sep 17 00:00:00 2001 -From: Timur Pocheptsov -Date: Mon, 13 Apr 2020 20:31:34 +0200 -Subject: [PATCH] OpenSSL: handle SSL_shutdown's errors properly - -Do not call SSL_shutdown on a session that is in handshake state (SSL_in_init(s) -returns 1). Also, do not call SSL_shutdown if a session encountered a fatal -error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown -was unsuccessful (returned code != 1), we have to clear the error(s) it queued. -Unfortunately, SSL_in_init was a macro in OpenSSL 1.0.x. We have to -resolve SSL_state to implement SSL_in_init. - -Fixes: QTBUG-83450 -Change-Id: I6326119f4e79605429263045ac20605c30dccca3 -Reviewed-by: MÃ¥rten Nordheim -(cherry picked from commit 8907635da59c2ae0e8db01f27b24a841b830e655) -(cherry picked from commit 8ddffc6ba4f38bb8dbeb0cf61b6b10ee73505bbb) ---- - -diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp -index 4f49a71..9f9eaf3 100644 ---- a/src/network/ssl/qsslsocket.cpp -+++ b/src/network/ssl/qsslsocket.cpp -@@ -2108,7 +2108,7 @@ - shutdown = false; - pendingClose = false; - flushTriggered = false; -- -+ systemOrSslErrorDetected = false; - // we don't want to clear the ignoreErrorsList, so - // that it is possible setting it before connecting - // ignoreErrorsList.clear(); -diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp -index ec772dd..c4abc1e 100644 ---- a/src/network/ssl/qsslsocket_openssl.cpp -+++ b/src/network/ssl/qsslsocket_openssl.cpp -@@ -471,10 +471,16 @@ - void QSslSocketBackendPrivate::destroySslContext() - { - if (ssl) { -- // We do not send a shutdown alert here. Just mark the session as -- // resumable for qhttpnetworkconnection's "optimization", otherwise -- // OpenSSL won't start a session resumption. -- q_SSL_shutdown(ssl); -+ if (!q_SSL_in_init(ssl) && !systemOrSslErrorDetected) { -+ // We do not send a shutdown alert here. Just mark the session as -+ // resumable for qhttpnetworkconnection's "optimization", otherwise -+ // OpenSSL won't start a session resumption. -+ if (q_SSL_shutdown(ssl) != 1) { -+ // Some error may be queued, clear it. -+ const auto errors = getErrorsFromOpenSsl(); -+ Q_UNUSED(errors); -+ } -+ } - q_SSL_free(ssl); - ssl = nullptr; - } -@@ -909,6 +915,7 @@ - case SSL_ERROR_SSL: // error in the SSL library - // we do not know exactly what the error is, nor whether we can recover from it, - // so just return to prevent an endless loop in the outer "while" statement -+ systemOrSslErrorDetected = true; - { - const ScopedBool bg(inSetAndEmitError, true); - setErrorAndEmit(QAbstractSocket::SslInternalError, -@@ -1309,8 +1316,12 @@ - void QSslSocketBackendPrivate::disconnectFromHost() - { - if (ssl) { -- if (!shutdown) { -- q_SSL_shutdown(ssl); -+ if (!shutdown && !q_SSL_in_init(ssl) && !systemOrSslErrorDetected) { -+ if (q_SSL_shutdown(ssl) != 1) { -+ // Some error may be queued, clear it. -+ const auto errors = getErrorsFromOpenSsl(); -+ Q_UNUSED(errors); -+ } - shutdown = true; - transmit(); - } -diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h -index 0c32b0a..c80baa2 100644 ---- a/src/network/ssl/qsslsocket_openssl11_symbols_p.h -+++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h -@@ -186,4 +186,11 @@ - } - void q_SSL_set_psk_use_session_callback(SSL *s, q_SSL_psk_use_session_cb_func_t); - -+#if OPENSSL_VERSION_NUMBER < 0x10101000L -+// What a mess! -+int q_SSL_in_init(SSL *s); -+#else -+int q_SSL_in_init(const SSL *s); -+#endif // 1.1.1 or 1.1.0 -+ - #endif -diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp -index 62ac228..60ba3a0 100644 ---- a/src/network/ssl/qsslsocket_openssl_symbols.cpp -+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp -@@ -161,6 +161,11 @@ - DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) - DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) - DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return) -+#if OPENSSL_VERSION_NUMBER < 0x10101000L -+DEFINEFUNC(int, SSL_in_init, SSL *a, a, return 0, return) -+#else -+DEFINEFUNC(int, SSL_in_init, const SSL *a, a, return 0, return) -+#endif - #ifdef TLS1_3_VERSION - DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return) - DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG) -@@ -213,6 +218,7 @@ - // Functions below are either deprecated or removed in OpenSSL >= 1.1: - - DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return nullptr, return) -+DEFINEFUNC(int, SSL_state, const SSL *a, a, return 0, return) - - #ifdef SSLEAY_MACROS - DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return nullptr, return) -@@ -988,6 +994,7 @@ - #if QT_CONFIG(opensslv11) - - RESOLVEFUNC(OPENSSL_init_ssl) -+ RESOLVEFUNC(SSL_in_init) - RESOLVEFUNC(OPENSSL_init_crypto) - RESOLVEFUNC(ASN1_STRING_get0_data) - RESOLVEFUNC(EVP_CIPHER_CTX_reset) -@@ -1060,6 +1067,7 @@ - #else // !opensslv11 - - RESOLVEFUNC(ASN1_STRING_data) -+ RESOLVEFUNC(SSL_state) - - #ifdef SSLEAY_MACROS - RESOLVEFUNC(ASN1_dup) -diff --git a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h -index 48364ce..c139ecb 100644 ---- a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h -+++ b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h -@@ -132,6 +132,8 @@ - - int q_SSL_library_init(); - void q_SSL_load_error_strings(); -+int q_SSL_state(const SSL *a); -+#define q_SSL_in_init(a) (q_SSL_state(a) & SSL_ST_INIT) - - #if OPENSSL_VERSION_NUMBER >= 0x10001000L - int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h -index 6f34c6c..e657987 100644 ---- a/src/network/ssl/qsslsocket_p.h -+++ b/src/network/ssl/qsslsocket_p.h -@@ -220,6 +220,7 @@ - bool verifyErrorsHaveBeenIgnored(); - bool paused; - bool flushTriggered; -+ bool systemOrSslErrorDetected = false; - }; - - QT_END_NAMESPACE diff --git a/SOURCES/qtbase-qlibrary-do-not-attempt-to-load-library-relative-to-pwd.patch b/SOURCES/qtbase-qlibrary-do-not-attempt-to-load-library-relative-to-pwd.patch deleted file mode 100644 index 824640c..0000000 --- a/SOURCES/qtbase-qlibrary-do-not-attempt-to-load-library-relative-to-pwd.patch +++ /dev/null @@ -1,52 +0,0 @@ -From e6f1fde24f77f63fb16b2df239f82a89d2bf05dd Mon Sep 17 00:00:00 2001 -From: Thiago Macieira -Date: Fri, 10 Jan 2020 09:26:27 -0800 -Subject: QLibrary/Unix: do not attempt to load a library relative to $PWD - -I added the code in commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d to -find libraries in a haswell/ subdir of the main path, but we only need -to do that transformation if the library is contains at least one -directory seprator. That is, if the user asks to load "lib/foo", then we -should try "lib/haswell/foo" (often, the path prefix will be absolute). - -When the library name the user requested has no directory separators, we -let dlopen() do the transformation for us. Testing on Linux confirms -glibc does so: - -$ LD_DEBUG=libs /lib64/ld-linux-x86-64.so.2 --inhibit-cache ./qml -help |& grep Xcursor - 1972475: find library=libXcursor.so.1 [0]; searching - 1972475: trying file=/usr/lib64/haswell/avx512_1/libXcursor.so.1 - 1972475: trying file=/usr/lib64/haswell/libXcursor.so.1 - 1972475: trying file=/usr/lib64/libXcursor.so.1 - 1972475: calling init: /usr/lib64/libXcursor.so.1 - 1972475: calling fini: /usr/lib64/libXcursor.so.1 [0] - -Fixes: QTBUG-81272 -Change-Id: I596aec77785a4e4e84d5fffd15e89689bb91ffbb -Reviewed-by: Thiago Macieira ---- - src/corelib/plugin/qlibrary_unix.cpp | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/corelib/plugin/qlibrary_unix.cpp b/src/corelib/plugin/qlibrary_unix.cpp -index e0381498..7cc7c8e3 100644 ---- a/src/corelib/plugin/qlibrary_unix.cpp -+++ b/src/corelib/plugin/qlibrary_unix.cpp -@@ -1,7 +1,7 @@ - /**************************************************************************** - ** - ** Copyright (C) 2016 The Qt Company Ltd. --** Copyright (C) 2018 Intel Corporation -+** Copyright (C) 2020 Intel Corporation - ** Contact: https://www.qt.io/licensing/ - ** - ** This file is part of the QtCore module of the Qt Toolkit. -@@ -208,6 +208,8 @@ bool QLibraryPrivate::load_sys() - for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) { - if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix))) - continue; -+ if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/'))) -+ continue; - if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix))) - continue; - if (loadHints & QLibrary::LoadArchiveMemberHint) { diff --git a/SOURCES/xcberror_filter.patch b/SOURCES/xcberror_filter.patch deleted file mode 100644 index 76ee7e8..0000000 --- a/SOURCES/xcberror_filter.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 911762e077c8b2f9795171c1e628942a0a979801 Mon Sep 17 00:00:00 2001 -From: Jan Grulich -Date: Fri, 15 Dec 2017 11:56:12 +0100 -Subject: foo - - -diff --git a/src/plugins/platforms/xcb/qxcbconnection.cpp b/src/plugins/platforms/xcb/qxcbconnection.cpp -index 536c709..c6eb1b1 100644 ---- a/src/plugins/platforms/xcb/qxcbconnection.cpp -+++ b/src/plugins/platforms/xcb/qxcbconnection.cpp -@@ -111,6 +111,8 @@ Q_LOGGING_CATEGORY(lcQpaXInputEvents, "qt.qpa.input.events") - Q_LOGGING_CATEGORY(lcQpaScreen, "qt.qpa.screen") - Q_LOGGING_CATEGORY(lcQpaEvents, "qt.qpa.events") - Q_LOGGING_CATEGORY(lcQpaXcb, "qt.qpa.xcb") // for general (uncategorized) XCB logging -+Q_LOGGING_CATEGORY(lcQpaXcbError, "qt.qpa.xcb.xcberror") -+// TODO: How to categorize by xcberror type? (e.g. only BadWindow) - Q_LOGGING_CATEGORY(lcQpaPeeker, "qt.qpa.peeker") - - // this event type was added in libxcb 1.10, -@@ -964,7 +966,8 @@ void QXcbConnection::handleXcbError(xcb_generic_error_t *error) - uint clamped_error_code = qMin(error->error_code, (sizeof(xcb_errors) / sizeof(xcb_errors[0])) - 1); - uint clamped_major_code = qMin(error->major_code, (sizeof(xcb_protocol_request_codes) / sizeof(xcb_protocol_request_codes[0])) - 1); - -- qWarning("QXcbConnection: XCB error: %d (%s), sequence: %d, resource id: %d, major code: %d (%s), minor code: %d", -+ qCWarning(lcQpaXcbError, -+ "QXcbConnection: XCB error: %d (%s), sequence: %d, resource id: %d, major code: %d (%s), minor code: %d", - int(error->error_code), xcb_errors[clamped_error_code], - int(error->sequence), int(error->resource_id), - int(error->major_code), xcb_protocol_request_codes[clamped_major_code], -diff --git a/src/plugins/platforms/xcb/qxcbconnection.h b/src/plugins/platforms/xcb/qxcbconnection.h -index 999dc06..554611c 100644 ---- a/src/plugins/platforms/xcb/qxcbconnection.h -+++ b/src/plugins/platforms/xcb/qxcbconnection.h -@@ -91,6 +91,7 @@ Q_DECLARE_LOGGING_CATEGORY(lcQpaXInputEvents) - Q_DECLARE_LOGGING_CATEGORY(lcQpaScreen) - Q_DECLARE_LOGGING_CATEGORY(lcQpaEvents) - Q_DECLARE_LOGGING_CATEGORY(lcQpaXcb) -+Q_DECLARE_LOGGING_CATEGORY(lcQpaXcbError) - Q_DECLARE_LOGGING_CATEGORY(lcQpaPeeker) - - class QXcbVirtualDesktop; diff --git a/SPECS/qt5-qtbase.spec b/SPECS/qt5-qtbase.spec index ee87039..fa9bdad 100644 --- a/SPECS/qt5-qtbase.spec +++ b/SPECS/qt5-qtbase.spec @@ -2,8 +2,6 @@ %global multilib_archs x86_64 %{ix86} %{?mips} ppc64 ppc s390x s390 sparc64 sparcv9 %global multilib_basearchs x86_64 %{?mips64} ppc64 s390x sparc64 -# support openssl-1.1 -%global openssl11 1 %global openssl -openssl-linked %global no_feature_statx -no-feature-statx @@ -39,8 +37,8 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components -Version: 5.12.5 -Release: 8%{?dist} +Version: 5.15.2 +Release: 3%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -65,9 +63,6 @@ Source10: macros.qt5-qtbase # support multilib optflags Patch2: qtbase-multilib_optflags.patch -# fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549) -Patch4: qtbase-opensource-src-5.3.2-QTBUG-35459.patch - # borrowed from opensuse # track private api via properly versioned symbols # downside: binaries produced with these differently-versioned symbols are no longer @@ -96,6 +91,9 @@ Patch53: qtbase-everywhere-src-5.12.1-qt5gui_cmake_isystem_includes.patch # respect QMAKE_LFLAGS_RELEASE when building qmake Patch54: qtbase-qmake_LFLAGS.patch +# don't use relocatable heuristics to guess prefix when using -no-feature-relocatable +Patch55: qtbase-everywhere-src-5.14.2-no_relocatable.patch + # drop -O3 and make -O2 by default Patch61: qt5-qtbase-cxxflag.patch @@ -105,31 +103,11 @@ Patch64: qt5-qtbase-5.12.1-firebird.patch # fix for new mariadb Patch65: qtbase-opensource-src-5.9.0-mysql.patch -# use categorized logging for xcb log entries -# https://bugreports.qt.io/browse/QTBUG-55167 -# https://bugzilla.redhat.com/show_bug.cgi?id=1497564 -Patch67: https://bugreports.qt.io/secure/attachment/66353/xcberror_filter.patch - Patch68: qtbase-ambiguous-python-shebang.patch -Patch101: qtbase-allow-dbus-not-running-during-build.patch # Security fixes -# CVE-2020-0570 qt5: qt: files placed by attacker can influence the working directory and lead to malicious code execution -Patch200: qtbase-qlibrary-do-not-attempt-to-load-library-relative-to-pwd.patch - -# CVE-2020-0569 qt5-qtbase: qt: files placed by attacker can influence the working directory and lead to malicious code execution -Patch201: qtbase-do-not-load-plugin-from-pwd.patch - -# CVE-2015-9541 qt5: qt: XML entity expansion vulnerability -Patch202: qtbase-add-expansion-limit-for-entities.patch - -# CVE-2020-13962 qt5-qtbase: qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications -Patch203: qtbase-openssl-handle-ssl-shutdown-errors-properly.patch - -# CVE-2020-17507 qt5-qtbase: qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp -Patch204: qtbase-fix-buffer-overflow-in-xbm-parser.patch # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are @@ -171,6 +149,7 @@ BuildRequires: openssl-devel BuildRequires: pkgconfig(libpulse) pkgconfig(libpulse-mainloop-glib) BuildRequires: pkgconfig(libinput) BuildRequires: pkgconfig(xcb-xkb) >= 1.10 +BuildRequires: pkgconfig(xcb-util) BuildRequires: pkgconfig(xkbcommon) >= 0.4.1 BuildRequires: pkgconfig(xkbcommon-x11) >= 0.4.1 BuildRequires: pkgconfig(xkeyboard-config) @@ -222,11 +201,11 @@ Requires: %{name}-common = %{version}-%{release} %global tds -no-sql-tds %endif -# workaround gold linker bug by not using it +# workaround gold linker bug(s) by not using it # https://bugzilla.redhat.com/1458003 # https://sourceware.org/bugzilla/show_bug.cgi?id=21074 # reportedly fixed or worked-around, re-enable if there's evidence of problems -- rex -#global use_gold_linker -no-use-gold-linker +%global use_gold_linker -no-use-gold-linker %description Qt is a software toolkit for developing applications. @@ -249,7 +228,7 @@ Summary: Development files for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}-gui%{?_isa} %if 0%{?egl} -Requires: pkgconfig(egl) +Requires: libEGL-devel %endif Requires: pkgconfig(gl) Requires: qt5-rpm-macros @@ -362,33 +341,23 @@ Qt5 libraries used for drawing widgets and OpenGL items. %setup -q -n %{qt_module}-everywhere-src-%{version} ## upstream fixes -%patch4 -p1 -b .QTBUG-35459 # omit '-b .tell-the-truth-about-private-api' so it doesn't end up in installed files -- rdieter %patch8 -p1 %patch50 -p1 -b .QT_VERSION_CHECK -%patch51 -p1 -b .hidpi_scale_at_192 +# FIXME/TODO : rebase or drop -- rdieter +#patch51 -p1 -b .hidpi_scale_at_192 %patch52 -p1 -b .moc_macros %patch53 -p1 -b .qt5gui_cmake_isystem_includes %patch54 -p1 -b .qmake_LFLAGS +%patch55 -p1 -b .no_relocatable %patch61 -p1 -b .qt5-qtbase-cxxflag %patch64 -p1 -b .firebird %if 0%{?fedora} > 27 || 0%{?rhel} > 7 %patch65 -p1 -b .mysql %endif -# FIXME/REBASE -#patch67 -p1 -b .xcberror_filter %patch68 -p1 -%patch101 -p1 -b .qtbase-allow-dbus-not-running-during-build - -# Security fixes -%patch200 -p1 -b .qlibrary-do-not-attempt-to-load-library-relative-to-pwd -%patch201 -p1 -b .do-not-load-plugin-from-pwd -%patch202 -p1 -b .add-expansion-limit-for-entities -%patch203 -p1 -b .openssl-handle-ssl-shutdown-errors-properly -%patch204 -p1 -b .fix-buffer-overflow-in-xbm-parser - # move some bundled libs to ensure they're not accidentally used pushd src/3rdparty @@ -450,6 +419,7 @@ export MAKEFLAGS="%{?_smp_mflags}" -shared \ -accessibility \ %{?dbus}%{!?dbus:-dbus-runtime} \ + %{?egl:-egl} \ -fontconfig \ -glib \ -gtk \ @@ -461,6 +431,7 @@ export MAKEFLAGS="%{?_smp_mflags}" %{!?examples:-nomake examples} \ %{!?build_tests:-nomake tests} \ -no-pch \ + -no-reduce-relocations \ -no-rpath \ -no-separate-debug-info \ -no-strip \ @@ -475,6 +446,7 @@ export MAKEFLAGS="%{?_smp_mflags}" -system-zlib \ %{?use_gold_linker} \ -no-directfb \ + -no-feature-relocatable \ %{?no_feature_renameat2} \ %{?no_feature_statx} \ %{?no_feature_getentropy} \ @@ -515,6 +487,8 @@ done rm -rf %{buildroot}%{_qt5_libdir}/qt5/tests/auto/corelib/plugin/qpluginloader/elftest # Remove android stuff which will just add us dependencies on Perl modules rm -rf %{buildroot}%{_qt5_libdir}/qt5/tests/auto/android +# Remove apache server which will just add us dependencies on Perl modules +rm -rf %{buildroot}%{_qt5_libdir}/qt5/tests/testserver/apache2 %endif install -m644 -p -D %{SOURCE1} %{buildroot}%{_qt5_datadir}/qtlogging.ini @@ -633,6 +607,7 @@ export PATH=%{buildroot}%{_qt5_bindir}:$PATH export LD_LIBRARY_PATH=%{buildroot}%{_qt5_libdir} # dbus tests error out when building if session bus is not available dbus-launch --exit-with-session \ +%make_build sub-tests -k ||: xvfb-run -a --server-args="-screen 0 1280x1024x32" \ dbus-launch --exit-with-session \ time \ @@ -718,10 +693,11 @@ fi %dir %{_qt5_libdir}/cmake/Qt5Xml/ %dir %{_qt5_docdir}/ %{_qt5_docdir}/global/ +%{_qt5_docdir}/config/ %{_qt5_importdir}/ %{_qt5_translationdir}/ %if "%{_qt5_prefix}" != "%{_prefix}" - %dir %{_qt5_prefix}/ +%dir %{_qt5_prefix} %endif %dir %{_qt5_archdatadir}/ %dir %{_qt5_datadir}/ @@ -746,7 +722,6 @@ fi %dir %{_qt5_plugindir}/script/ %dir %{_qt5_plugindir}/sqldrivers/ %dir %{_qt5_plugindir}/styles/ -%{_qt5_plugindir}/generic/libqlibinputplugin.so %{_qt5_plugindir}/sqldrivers/libqsqlite.so %{_qt5_libdir}/cmake/Qt5Sql/Qt5Sql_QSQLiteDriverPlugin.cmake @@ -768,6 +743,7 @@ fi %{_bindir}/qlalr %{_bindir}/fixqt4headers.pl %{_bindir}/qvkgen +%{_bindir}/tracegen %{_qt5_bindir}/moc* %{_qt5_bindir}/qdbuscpp2xml* %{_qt5_bindir}/qdbusxml2cpp* @@ -797,6 +773,7 @@ fi %{_qt5_headerdir}/QtEglFSDeviceIntegration %{_qt5_headerdir}/QtInputSupport %{_qt5_headerdir}/QtEdidSupport +%{_qt5_headerdir}/QtXkbCommonSupport %{_qt5_archdatadir}/mkspecs/ %{_qt5_libdir}/libQt5Concurrent.prl %{_qt5_libdir}/libQt5Concurrent.so @@ -842,6 +819,27 @@ fi %{_qt5_libdir}/cmake/Qt5Widgets/Qt5WidgetsMacros.cmake %{_qt5_libdir}/cmake/Qt5Xml/Qt5XmlConfig*.cmake %{_qt5_libdir}/cmake/Qt5/Qt5ModuleLocation.cmake +%{_qt5_libdir}/cmake/Qt5AccessibilitySupport/Qt5AccessibilitySupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5DeviceDiscoverySupport/Qt5DeviceDiscoverySupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5EdidSupport/Qt5EdidSupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5EglFSDeviceIntegration/Qt5EglFSDeviceIntegrationConfig*.cmake +%{_qt5_libdir}/cmake/Qt5EglFsKmsSupport/Qt5EglFsKmsSupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5EglSupport/Qt5EglSupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5EventDispatcherSupport/Qt5EventDispatcherSupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5FbSupport/Qt5FbSupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5FontDatabaseSupport/Qt5FontDatabaseSupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5GlxSupport/Qt5GlxSupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5InputSupport/Qt5InputSupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5KmsSupport/Qt5KmsSupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5LinuxAccessibilitySupport/Qt5LinuxAccessibilitySupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5PlatformCompositorSupport/Qt5PlatformCompositorSupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5ServiceSupport/Qt5ServiceSupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5ThemeSupport/Qt5ThemeSupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5XcbQpa/Qt5XcbQpaConfig*.cmake +%{_qt5_libdir}/cmake/Qt5XkbCommonSupport/Qt5XkbCommonSupportConfig*.cmake +%{_qt5_libdir}/metatypes/qt5core_metatypes.json +%{_qt5_libdir}/metatypes/qt5gui_metatypes.json +%{_qt5_libdir}/metatypes/qt5widgets_metatypes.json %{_qt5_libdir}/pkgconfig/Qt5.pc %{_qt5_libdir}/pkgconfig/Qt5Concurrent.pc %{_qt5_libdir}/pkgconfig/Qt5Core.pc @@ -858,14 +856,14 @@ fi %{_qt5_libdir}/libQt5EglFsKmsSupport.prl %{_qt5_libdir}/libQt5EglFsKmsSupport.so %endif - +%{_qt5_libdir}/qt5/bin/tracegen ## private-devel globs # keep mkspecs/modules stuff in -devel for now, https://bugzilla.redhat.com/show_bug.cgi?id=1705280 %{_qt5_archdatadir}/mkspecs/modules/qt_lib_*_private.pri -%exclude %{_qt5_headerdir}/*/%{version}/*/private/ +%exclude %{_qt5_headerdir}/*/%{version}/ %files private-devel -%{_qt5_headerdir}/*/%{version}/*/private/ +%{_qt5_headerdir}/*/%{version}/ #{_qt5_archdatadir}/mkspecs/modules/qt_lib_*_private.pri %files static @@ -916,6 +914,8 @@ fi %{_qt5_headerdir}/QtKmsSupport %{_qt5_libdir}/libQt5EdidSupport.*a %{_qt5_libdir}/libQt5EdidSupport.prl +%{_qt5_libdir}/libQt5XkbCommonSupport.*a +%{_qt5_libdir}/libQt5XkbCommonSupport.prl %if 0%{?examples} %files examples @@ -966,10 +966,8 @@ fi %{_qt5_plugindir}/generic/libqevdevmouseplugin.so %{_qt5_plugindir}/generic/libqevdevtabletplugin.so %{_qt5_plugindir}/generic/libqevdevtouchplugin.so -%if 0%{?fedora} %{_qt5_plugindir}/generic/libqlibinputplugin.so %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QLibInputPlugin.cmake -%endif %{_qt5_plugindir}/generic/libqtuiotouchplugin.so %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEvdevKeyboardPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEvdevMousePlugin.cmake @@ -1026,6 +1024,18 @@ fi %changelog +* Wed Apr 28 2021 Jan Grulich - 5.15.2-3 +- Rebuild (binutils) + Resolves: bz#1930040 + +* Thu Apr 15 2021 Jan Grulich - 5.15.2-2 +- Drop apache2 test server from unit tests to drop perl(CGI) dependency + Resolves: bz#1930040 + +* Mon Mar 29 2021 Jan Grulich - 5.15.2-1 +- 5.15.2 + sync with Fedora + Resolves: bz#1930040 + * Mon Oct 05 2020 Jan Grulich - 5.12.5-8 - Build against system xkb and openssl 1.1 Resolves: bz#1882375