rpms/qt5-qtbase
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Import from AlmaLinux stable repository

Browse Source
This commit is contained in:
eabdullin 2024-05-15 08:44:08 +00:00
parent 9fffa85029
commit 394a3bba83
17 changed files with 1218 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/kde-5.15-rollup-20220324.patch.gz
SOURCES/qtbase-everywhere-opensource-src-5.15.3.tar.xz
SOURCES/kde-5.15-rollup-20230411.patch.gz
SOURCES/qtbase-everywhere-opensource-src-5.15.9.tar.xz

4
.qt5-qtbase.metadata
View File

@ -1,2 +1,2 @@
981f5fbeb315c2e4adc122cee944368598466b67 SOURCES/kde-5.15-rollup-20220324.patch.gz
d7383126e1f412ef26096692b9e50a1887eb11f7 SOURCES/qtbase-everywhere-opensource-src-5.15.3.tar.xz
677b605bf6033bdfa84a676096ec6e77da6e844d SOURCES/kde-5.15-rollup-20230411.patch.gz
a5bbeafa6319cd3e666b12ccc722a357de7230be SOURCES/qtbase-everywhere-opensource-src-5.15.9.tar.xz

38
SOURCES/0001-CVE-2023-51714-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,38 @@
From ea63c28efc1d2ecb467b83a34923d12462efa96f Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@qt.io>
Date: Tue, 12 Dec 2023 20:51:56 +0100
Subject: [PATCH] HPack: fix a Yoda Condition
Putting the variable on the LHS of a relational operation makes the
expression easier to read. In this case, we find that the whole
expression is nonsensical as an overflow protection, because if
name.size() + value.size() overflows, the result will exactly _not_
be > max() - 32, because UB will have happened.
To be fixed in a follow-up commit.
As a drive-by, add parentheses around the RHS.
Change-Id: I35ce598884c37c51b74756b3bd2734b9aad63c09
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 658607a34ead214fbacbc2cca44915655c318ea9)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 4f7efd41740107f90960116700e3134f5e433867)
(cherry picked from commit 13c16b756900fe524f6d9534e8a07aa003c05e0c)
(cherry picked from commit 1d4788a39668fb2dc5912a8d9c4272dc40e99f92)
(cherry picked from commit 87de75b5cc946d196decaa6aef4792a6cac0b6db)
---
diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
index 834214f..ab166a6 100644
--- a/src/network/access/http2/hpacktable.cpp
+++ b/src/network/access/http2/hpacktable.cpp
@@ -63,7 +63,7 @@
// 32 octets of overhead."
const unsigned sum = unsigned(name.size() + value.size());
- if (std::numeric_limits<unsigned>::max() - 32 < sum)
+ if (sum > (std::numeric_limits<unsigned>::max() - 32))
return HeaderSize();
return HeaderSize(true, quint32(sum + 32));
}

59
SOURCES/0002-CVE-2023-51714-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,59 @@
From 23c3fc483e8b6e21012a61f0bea884446f727776 Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@qt.io>
Date: Tue, 12 Dec 2023 22:08:07 +0100
Subject: [PATCH] HPack: fix incorrect integer overflow check
This code never worked:
For the comparison with max() - 32 to trigger, on 32-bit platforms (or
Qt 5) signed interger overflow would have had to happen in the
addition of the two sizes. The compiler can therefore remove the
overflow check as dead code.
On Qt 6 and 64-bit platforms, the signed integer addition would be
very unlikely to overflow, but the following truncation to uint32
would yield the correct result only in a narrow 32-value window just
below UINT_MAX, if even that.
Fix by using the proper tool, qAddOverflow.
Manual conflict resolutions:
- qAddOverflow doesn't exist in Qt 5, use private add_overflow
predecessor API instead
Change-Id: I7599f2e75ff7f488077b0c60b81022591005661c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit ee5da1f2eaf8932aeca02ffea6e4c618585e29e3)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit debeb8878da2dc706ead04b6072ecbe7e5313860)
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
(cherry picked from commit 811b9eef6d08d929af8708adbf2a5effb0eb62d7)
(cherry picked from commit f931facd077ce945f1e42eaa3bead208822d3e00)
(cherry picked from commit 9ef4ca5ecfed771dab890856130e93ef5ceabef5)
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
---
diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
index ab166a6..de91fc0 100644
--- a/src/network/access/http2/hpacktable.cpp
+++ b/src/network/access/http2/hpacktable.cpp
@@ -40,6 +40,7 @@
#include "hpacktable_p.h"
#include <QtCore/qdebug.h>
+#include <QtCore/private/qnumeric_p.h>
#include <algorithm>
#include <cstddef>
@@ -62,7 +63,9 @@
// for counting the number of references to the name and value would have
// 32 octets of overhead."
- const unsigned sum = unsigned(name.size() + value.size());
+ size_t sum;
+ if (add_overflow(size_t(name.size()), size_t(value.size()), &sum))
+ return HeaderSize();
if (sum > (std::numeric_limits<unsigned>::max() - 32))
return HeaderSize();
return HeaderSize(true, quint32(sum + 32));

13
SOURCES/CVE-2023-32762-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,13 @@
--- a/src/network/access/qhsts.cpp
+++ b/src/network/access/qhsts.cpp
@@ -364,8 +364,8 @@ quoted-pair = "\" CHAR
bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers)
{
for (const auto &h : headers) {
- // We use '==' since header name was already 'trimmed' for us:
- if (h.first == "Strict-Transport-Security") {
+ // We compare directly because header name was already 'trimmed' for us:
+ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
header = h.second;
// RFC6797, 8.1:
//

49
SOURCES/CVE-2023-32763-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,49 @@
diff --git a/src/gui/painting/qfixed_p.h b/src/gui/painting/qfixed_p.h
index 84659288..57d750a4 100644
--- a/src/gui/painting/qfixed_p.h
+++ b/src/gui/painting/qfixed_p.h
@@ -54,6 +54,7 @@
#include <QtGui/private/qtguiglobal_p.h>
#include "QtCore/qdebug.h"
#include "QtCore/qpoint.h"
+#include <QtCore/private/qnumeric_p.h>
#include "QtCore/qsize.h"
QT_BEGIN_NAMESPACE
@@ -182,6 +183,14 @@ Q_DECL_CONSTEXPR inline bool operator<(int i, const QFixed &f) { return i * 64 <
Q_DECL_CONSTEXPR inline bool operator>(const QFixed &f, int i) { return f.value() > i * 64; }
Q_DECL_CONSTEXPR inline bool operator>(int i, const QFixed &f) { return i * 64 > f.value(); }
+inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r)
+{
+ int val;
+ bool result = add_overflow(v1.value(), v2.value(), &val);
+ r->setValue(val);
+ return result;
+}
+
#ifndef QT_NO_DEBUG_STREAM
inline QDebug &operator<<(QDebug &dbg, const QFixed &f)
{ return dbg << f.toReal(); }
diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp
index 26ac37b0..f6c69ff4 100644
--- a/src/gui/text/qtextlayout.cpp
+++ b/src/gui/text/qtextlayout.cpp
@@ -2150,11 +2150,14 @@ found:
eng->maxWidth = qMax(eng->maxWidth, line.textWidth);
} else {
eng->minWidth = qMax(eng->minWidth, lbh.minw);
- eng->maxWidth += line.textWidth;
+ if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth))
+ eng->maxWidth = QFIXED_MAX;
}
- if (line.textWidth > 0 && item < eng->layoutData->items.size())
- eng->maxWidth += lbh.spaceData.textWidth;
+ if (line.textWidth > 0 && item < eng->layoutData->items.size()) {
+ if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, &eng->maxWidth))
+ eng->maxWidth = QFIXED_MAX;
+ }
line.textWidth += trailingSpace;
if (lbh.spaceData.length) {

97
SOURCES/CVE-2023-33285-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,97 @@
From 2103f2487f709dd9546c503820d9ad509e9a63b3 Mon Sep 17 00:00:00 2001
From: Thiago Macieira <thiago.macieira@intel.com>
Date: Thu, 11 May 2023 21:40:15 -0700
Subject: QDnsLookup/Unix: make sure we don't overflow the buffer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The DNS Records are variable length and encode their size in 16 bits
before the Record Data (RDATA). Ensure that both the RDATA and the
Record header fields before it fall inside the buffer we have.
Additionally reject any replies containing more than one query records.
[ChangeLog][QtNetwork][QDnsLookup] Fixed a bug that could cause a buffer
overflow in Unix systems while parsing corrupt, malicious, or truncated
replies.
Pick-to: 5.15 6.2 6.5 6.5.1
Change-Id: I3e3bfef633af4130a03afffd175e4b9547654b95
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
(cherry picked from commit 7dba2c87619d558a61a30eb30cc1d9c3fe6df94c)
* asturmlechner 2023-05-18: Resolve conflict with dev branch commit
68b625901f9eb7c34e3d7aa302e1c0a454d3190b
diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp
index 12b40fc35d..99e999d436 100644
--- a/src/network/kernel/qdnslookup_unix.cpp
+++ b/src/network/kernel/qdnslookup_unix.cpp
@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
// responseLength in case of error, we still can extract the
// exact error code from the response.
HEADER *header = (HEADER*)response;
- const int answerCount = ntohs(header->ancount);
switch (header->rcode) {
case NOERROR:
break;
@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
return;
}
- // Skip the query host, type (2 bytes) and class (2 bytes).
char host[PACKETSZ], answer[PACKETSZ];
unsigned char *p = response + sizeof(HEADER);
- int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
- if (status < 0) {
+ int status;
+
+ if (ntohs(header->qdcount) == 1) {
+ // Skip the query host, type (2 bytes) and class (2 bytes).
+ status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
+ if (status < 0) {
+ reply->error = QDnsLookup::InvalidReplyError;
+ reply->errorString = tr("Could not expand domain name");
+ return;
+ }
+ if ((p - response) + status + 4 >= responseLength)
+ header->qdcount = 0xffff; // invalid reply below
+ else
+ p += status + 4;
+ }
+ if (ntohs(header->qdcount) > 1) {
reply->error = QDnsLookup::InvalidReplyError;
- reply->errorString = tr("Could not expand domain name");
+ reply->errorString = tr("Invalid reply received");
return;
}
- p += status + 4;
// Extract results.
+ const int answerCount = ntohs(header->ancount);
int answerIndex = 0;
while ((p < response + responseLength) && (answerIndex < answerCount)) {
status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
const QString name = QUrl::fromAce(host);
p += status;
+
+ if ((p - response) + 10 > responseLength) {
+ // probably just a truncated reply, return what we have
+ return;
+ }
const quint16 type = (p[0] << 8) | p[1];
p += 2; // RR type
p += 2; // RR class
@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
p += 4;
const quint16 size = (p[0] << 8) | p[1];
p += 2;
+ if ((p - response) + size > responseLength)
+ return; // truncated
if (type == QDnsLookup::A) {
if (size != 4) {

54
SOURCES/CVE-2023-34410-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,54 @@
--- a/src/network/ssl/qsslsocket_schannel.cpp
+++ b/src/network/ssl/qsslsocket_schannel.cpp
@@ -1880,6 +1880,28 @@ bool QSslSocketBackendPrivate::verifyCertContext(CERT_CONTEXT *certContext)
if (configuration.peerVerifyDepth > 0 && DWORD(configuration.peerVerifyDepth) < verifyDepth)
verifyDepth = DWORD(configuration.peerVerifyDepth);
+ const auto &caCertificates = q->sslConfiguration().caCertificates();
+
+ if (!rootCertOnDemandLoadingAllowed()
+ && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN)
+ && (q->peerVerifyMode() == QSslSocket::VerifyPeer
+ || (isClient && q->peerVerifyMode() == QSslSocket::AutoVerifyPeer))) {
+ // When verifying a peer Windows "helpfully" builds a chain that
+ // may include roots from the system store. But we don't want that if
+ // the user has set their own CA certificates.
+ // Since Windows claims this is not a partial chain the root is included
+ // and we have to check that it is one of our configured CAs.
+ CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1];
+ QSslCertificate certificate = getCertificateFromChainElement(element);
+ if (!caCertificates.contains(certificate)) {
+ auto error = QSslError(QSslError::CertificateUntrusted, certificate);
+ sslErrors += error;
+ emit q->peerVerifyError(error);
+ if (q->state() != QAbstractSocket::ConnectedState)
+ return false;
+ }
+ }
+
for (DWORD i = 0; i < verifyDepth; i++) {
CERT_CHAIN_ELEMENT *element = chain->rgpElement[i];
QSslCertificate certificate = getCertificateFromChainElement(element);
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -2221,6 +2221,10 @@ QSslSocketPrivate::QSslSocketPrivate()
, flushTriggered(false)
{
QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
+ // If the global configuration doesn't allow root certificates to be loaded
+ // on demand then we have to disable it for this socket as well.
+ if (!configuration.allowRootCertOnDemandLoading)
+ allowRootCertOnDemandLoading = false;
}
/*!
@@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
ptr->sessionProtocol = global->sessionProtocol;
ptr->ciphers = global->ciphers;
ptr->caCertificates = global->caCertificates;
+ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
ptr->protocol = global->protocol;
ptr->peerVerifyMode = global->peerVerifyMode;
ptr->peerVerifyDepth = global->peerVerifyDepth;

203
SOURCES/CVE-2023-37369-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,203 @@
diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp
index 7cd457ba3a..11d162cb79 100644
--- a/src/corelib/serialization/qxmlstream.cpp
+++ b/src/corelib/serialization/qxmlstream.cpp
@@ -1302,15 +1302,18 @@ inline int QXmlStreamReaderPrivate::fastScanContentCharList()
return n;
}
-inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
+// Fast scan an XML attribute name (e.g. "xml:lang").
+inline QXmlStreamReaderPrivate::FastScanNameResult
+QXmlStreamReaderPrivate::fastScanName(Value *val)
{
int n = 0;
uint c;
while ((c = getChar()) != StreamEOF) {
if (n >= 4096) {
// This is too long to be a sensible name, and
- // can exhaust memory
- return 0;
+ // can exhaust memory, or the range of decltype(*prefix)
+ raiseNamePrefixTooLongError();
+ return {};
}
switch (c) {
case '\n':
@@ -1339,23 +1342,23 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
case '+':
case '*':
putChar(c);
- if (prefix && *prefix == n+1) {
- *prefix = 0;
+ if (val && val->prefix == n + 1) {
+ val->prefix = 0;
putChar(':');
--n;
}
- return n;
+ return FastScanNameResult(n);
case ':':
- if (prefix) {
- if (*prefix == 0) {
- *prefix = n+2;
+ if (val) {
+ if (val->prefix == 0) {
+ val->prefix = n + 2;
} else { // only one colon allowed according to the namespace spec.
putChar(c);
- return n;
+ return FastScanNameResult(n);
}
} else {
putChar(c);
- return n;
+ return FastScanNameResult(n);
}
Q_FALLTHROUGH();
default:
@@ -1364,12 +1367,12 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
}
}
- if (prefix)
- *prefix = 0;
+ if (val)
+ val->prefix = 0;
int pos = textBuffer.size() - n;
putString(textBuffer, pos);
textBuffer.resize(pos);
- return 0;
+ return FastScanNameResult(0);
}
enum NameChar { NameBeginning, NameNotBeginning, NotName };
@@ -1878,6 +1881,14 @@ void QXmlStreamReaderPrivate::raiseWellFormedError(const QString &message)
raiseError(QXmlStreamReader::NotWellFormedError, message);
}
+void QXmlStreamReaderPrivate::raiseNamePrefixTooLongError()
+{
+ // TODO: add a ImplementationLimitsExceededError and use it instead
+ raiseError(QXmlStreamReader::NotWellFormedError,
+ QXmlStream::tr("Length of XML attribute name exceeds implemnetation limits (4KiB "
+ "characters)."));
+}
+
void QXmlStreamReaderPrivate::parseError()
{
diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g
index 4321fed68a..8c6a1a5887 100644
--- a/src/corelib/serialization/qxmlstream.g
+++ b/src/corelib/serialization/qxmlstream.g
@@ -516,7 +516,16 @@ public:
int fastScanLiteralContent();
int fastScanSpace();
int fastScanContentCharList();
- int fastScanName(int *prefix = nullptr);
+
+ struct FastScanNameResult {
+ FastScanNameResult() : ok(false) {}
+ explicit FastScanNameResult(int len) : addToLen(len), ok(true) { }
+ operator bool() { return ok; }
+ int operator*() { Q_ASSERT(ok); return addToLen; }
+ int addToLen;
+ bool ok;
+ };
+ FastScanNameResult fastScanName(Value *val = nullptr);
inline int fastScanNMTOKEN();
@@ -525,6 +534,7 @@ public:
void raiseError(QXmlStreamReader::Error error, const QString& message = QString());
void raiseWellFormedError(const QString &message);
+ void raiseNamePrefixTooLongError();
QXmlStreamEntityResolver *entityResolver;
@@ -1811,7 +1821,12 @@ space_opt ::= space;
qname ::= LETTER;
/.
case $rule_number: {
- sym(1).len += fastScanName(&sym(1).prefix);
+ Value &val = sym(1);
+ if (auto res = fastScanName(&val))
+ val.len += *res;
+ else
+ return false;
+
if (atEnd) {
resume($rule_number);
return false;
@@ -1822,7 +1837,11 @@ qname ::= LETTER;
name ::= LETTER;
/.
case $rule_number:
- sym(1).len += fastScanName();
+ if (auto res = fastScanName())
+ sym(1).len += *res;
+ else
+ return false;
+
if (atEnd) {
resume($rule_number);
return false;
diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
index e5bde7b98e..b01484cac3 100644
--- a/src/corelib/serialization/qxmlstream_p.h
+++ b/src/corelib/serialization/qxmlstream_p.h
@@ -1005,7 +1005,16 @@ public:
int fastScanLiteralContent();
int fastScanSpace();
int fastScanContentCharList();
- int fastScanName(int *prefix = nullptr);
+
+ struct FastScanNameResult {
+ FastScanNameResult() : ok(false) {}
+ explicit FastScanNameResult(int len) : addToLen(len), ok(true) { }
+ operator bool() { return ok; }
+ int operator*() { Q_ASSERT(ok); return addToLen; }
+ int addToLen;
+ bool ok;
+ };
+ FastScanNameResult fastScanName(Value *val = nullptr);
inline int fastScanNMTOKEN();
@@ -1014,6 +1023,7 @@ public:
void raiseError(QXmlStreamReader::Error error, const QString& message = QString());
void raiseWellFormedError(const QString &message);
+ void raiseNamePrefixTooLongError();
QXmlStreamEntityResolver *entityResolver;
@@ -1939,7 +1949,12 @@ bool QXmlStreamReaderPrivate::parse()
break;
case 262: {
- sym(1).len += fastScanName(&sym(1).prefix);
+ Value &val = sym(1);
+ if (auto res = fastScanName(&val))
+ val.len += *res;
+ else
+ return false;
+
if (atEnd) {
resume(262);
return false;
@@ -1947,7 +1962,11 @@ bool QXmlStreamReaderPrivate::parse()
} break;
case 263:
- sym(1).len += fastScanName();
+ if (auto res = fastScanName())
+ sym(1).len += *res;
+ else
+ return false;
+
if (atEnd) {
resume(263);
return false;

219
SOURCES/CVE-2023-38197-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,219 @@
diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp
index bf8a2a9..6ab5d49 100644
--- a/src/corelib/serialization/qxmlstream.cpp
+++ b/src/corelib/serialization/qxmlstream.cpp
@@ -160,7 +160,7 @@
addData() or by waiting for it to arrive on the device().
\value UnexpectedElementError The parser encountered an element
- that was different to those it expected.
+ or token that was different to those it expected.
*/
@@ -295,13 +295,34 @@
QXmlStreamReader is a well-formed XML 1.0 parser that does \e not
include external parsed entities. As long as no error occurs, the
- application code can thus be assured that the data provided by the
- stream reader satisfies the W3C's criteria for well-formed XML. For
- example, you can be certain that all tags are indeed nested and
- closed properly, that references to internal entities have been
- replaced with the correct replacement text, and that attributes have
- been normalized or added according to the internal subset of the
- DTD.
+ application code can thus be assured, that
+ \list
+ \li the data provided by the stream reader satisfies the W3C's
+ criteria for well-formed XML,
+ \li tokens are provided in a valid order.
+ \endlist
+
+ Unless QXmlStreamReader raises an error, it guarantees the following:
+ \list
+ \li All tags are nested and closed properly.
+ \li References to internal entities have been replaced with the
+ correct replacement text.
+ \li Attributes have been normalized or added according to the
+ internal subset of the \l DTD.
+ \li Tokens of type \l StartDocument happen before all others,
+ aside from comments and processing instructions.
+ \li At most one DOCTYPE element (a token of type \l DTD) is present.
+ \li If present, the DOCTYPE appears before all other elements,
+ aside from StartDocument, comments and processing instructions.
+ \endlist
+
+ In particular, once any token of type \l StartElement, \l EndElement,
+ \l Characters, \l EntityReference or \l EndDocument is seen, no
+ tokens of type StartDocument or DTD will be seen. If one is present in
+ the input stream, out of order, an error is raised.
+
+ \note The token types \l Comment and \l ProcessingInstruction may appear
+ anywhere in the stream.
If an error occurs while parsing, atEnd() and hasError() return
true, and error() returns the error that occurred. The functions
@@ -620,6 +641,7 @@
d->token = -1;
return readNext();
}
+ d->checkToken();
return d->type;
}
@@ -740,6 +762,14 @@
};
+static const char QXmlStreamReader_XmlContextString[] =
+ "Prolog\0"
+ "Body\0";
+
+static const short QXmlStreamReader_XmlContextString_indices[] = {
+ 0, 7
+};
+
/*!
\property QXmlStreamReader::namespaceProcessing
The namespace-processing flag of the stream reader
@@ -775,6 +805,16 @@
QXmlStreamReader_tokenTypeString_indices[d->type]);
}
+/*!
+ \internal
+ \return \param ctxt (Prolog/Body) as a string.
+ */
+QString contextString(QXmlStreamReaderPrivate::XmlContext ctxt)
+{
+ return QLatin1String(QXmlStreamReader_XmlContextString +
+ QXmlStreamReader_XmlContextString_indices[static_cast<int>(ctxt)]);
+}
+
#endif // QT_NO_XMLSTREAMREADER
QXmlStreamPrivateTagStack::QXmlStreamPrivateTagStack()
@@ -866,6 +906,8 @@
type = QXmlStreamReader::NoToken;
error = QXmlStreamReader::NoError;
+ currentContext = XmlContext::Prolog;
+ foundDTD = false;
}
/*
@@ -4061,6 +4103,92 @@
}
}
+static bool isTokenAllowedInContext(QXmlStreamReader::TokenType type,
+ QXmlStreamReaderPrivate::XmlContext loc)
+{
+ switch (type) {
+ case QXmlStreamReader::StartDocument:
+ case QXmlStreamReader::DTD:
+ return loc == QXmlStreamReaderPrivate::XmlContext::Prolog;
+
+ case QXmlStreamReader::StartElement:
+ case QXmlStreamReader::EndElement:
+ case QXmlStreamReader::Characters:
+ case QXmlStreamReader::EntityReference:
+ case QXmlStreamReader::EndDocument:
+ return loc == QXmlStreamReaderPrivate::XmlContext::Body;
+
+ case QXmlStreamReader::Comment:
+ case QXmlStreamReader::ProcessingInstruction:
+ return true;
+
+ case QXmlStreamReader::NoToken:
+ case QXmlStreamReader::Invalid:
+ return false;
+ default:
+ return false;
+ }
+}
+
+/*!
+ \internal
+ \brief QXmlStreamReader::isValidToken
+ \return \c true if \param type is a valid token type.
+ \return \c false if \param type is an unexpected token,
+ which indicates a non-well-formed or invalid XML stream.
+ */
+bool QXmlStreamReaderPrivate::isValidToken(QXmlStreamReader::TokenType type)
+{
+ // Don't change currentContext, if Invalid or NoToken occur in the prolog
+ if (type == QXmlStreamReader::Invalid || type == QXmlStreamReader::NoToken)
+ return false;
+
+ // If a token type gets rejected in the body, there is no recovery
+ const bool result = isTokenAllowedInContext(type, currentContext);
+ if (result || currentContext == XmlContext::Body)
+ return result;
+
+ // First non-Prolog token observed => switch context to body and check again.
+ currentContext = XmlContext::Body;
+ return isTokenAllowedInContext(type, currentContext);
+}
+
+/*!
+ \internal
+ Checks token type and raises an error, if it is invalid
+ in the current context (prolog/body).
+ */
+void QXmlStreamReaderPrivate::checkToken()
+{
+ Q_Q(QXmlStreamReader);
+
+ // The token type must be consumed, to keep track if the body has been reached.
+ const XmlContext context = currentContext;
+ const bool ok = isValidToken(type);
+
+ // Do nothing if an error has been raised already (going along with an unexpected token)
+ if (error != QXmlStreamReader::Error::NoError)
+ return;
+
+ if (!ok) {
+ raiseError(QXmlStreamReader::UnexpectedElementError,
+ QLatin1String("Unexpected token type %1 in %2.")
+ .arg(q->tokenString(), contextString(context)));
+ return;
+ }
+
+ if (type != QXmlStreamReader::DTD)
+ return;
+
+ // Raise error on multiple DTD tokens
+ if (foundDTD) {
+ raiseError(QXmlStreamReader::UnexpectedElementError,
+ QLatin1String("Found second DTD token in %1.").arg(contextString(context)));
+ } else {
+ foundDTD = true;
+ }
+}
+
/*!
\fn bool QXmlStreamAttributes::hasAttribute(const QString &qualifiedName) const
\since 4.5
diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
index 8f7c9e0..708059b 100644
--- a/src/corelib/serialization/qxmlstream_p.h
+++ b/src/corelib/serialization/qxmlstream_p.h
@@ -804,6 +804,17 @@
#endif
bool atEnd;
+ enum class XmlContext
+ {
+ Prolog,
+ Body,
+ };
+
+ XmlContext currentContext = XmlContext::Prolog;
+ bool foundDTD = false;
+ bool isValidToken(QXmlStreamReader::TokenType type);
+ void checkToken();
+
/*!
\sa setType()
*/

197
SOURCES/CVE-2024-25580-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,197 @@
diff --git a/src/gui/util/qktxhandler.cpp b/src/gui/util/qktxhandler.cpp
index 0d98e97453..6a79e55109 100644
--- a/src/gui/util/qktxhandler.cpp
+++ b/src/gui/util/qktxhandler.cpp
@@ -73,7 +73,7 @@ struct KTXHeader {
quint32 bytesOfKeyValueData;
};
-static const quint32 headerSize = sizeof(KTXHeader);
+static constexpr quint32 qktxh_headerSize = sizeof(KTXHeader);
// Currently unused, declared for future reference
struct KTXKeyValuePairItem {
@@ -103,11 +103,36 @@ struct KTXMipmapLevel {
*/
};
-bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block)
+static bool qAddOverflow(quint32 v1, quint32 v2, quint32 *r) {
+ // unsigned additions are well-defined
+ *r = v1 + v2;
+ return v1 > quint32(v1 + v2);
+}
+
+// Returns the nearest multiple of 4 greater than or equal to 'value'
+static bool nearestMultipleOf4(quint32 value, quint32 *result)
+{
+ constexpr quint32 rounding = 4;
+ *result = 0;
+ if (qAddOverflow(value, rounding - 1, result))
+ return true;
+ *result &= ~(rounding - 1);
+ return false;
+}
+
+// Returns a slice with prechecked bounds
+static QByteArray safeSlice(const QByteArray& array, quint32 start, quint32 length)
{
- Q_UNUSED(suffix)
+ quint32 end = 0;
+ if (qAddOverflow(start, length, &end) || end > quint32(array.length()))
+ return {};
+ return QByteArray(array.data() + start, length);
+}
- return (qstrncmp(block.constData(), ktxIdentifier, KTX_IDENTIFIER_LENGTH) == 0);
+bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block)
+{
+ Q_UNUSED(suffix);
+ return block.startsWith(QByteArray::fromRawData(ktxIdentifier, KTX_IDENTIFIER_LENGTH));
}
QTextureFileData QKtxHandler::read()
@@ -115,42 +140,97 @@ QTextureFileData QKtxHandler::read()
if (!device())
return QTextureFileData();
- QByteArray buf = device()->readAll();
- const quint32 dataSize = quint32(buf.size());
- if (dataSize < headerSize || !canRead(QByteArray(), buf)) {
- qCDebug(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData());
+ const QByteArray buf = device()->readAll();
+ if (size_t(buf.size()) > std::numeric_limits<quint32>::max()) {
+ qWarning(lcQtGuiTextureIO, "Too big KTX file %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ if (!canRead(QByteArray(), buf)) {
+ qWarning(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ if (buf.size() < qsizetype(qktxh_headerSize)) {
+ qWarning(lcQtGuiTextureIO, "Invalid KTX header size in %s", logName().constData());
return QTextureFileData();
}
- const KTXHeader *header = reinterpret_cast<const KTXHeader *>(buf.constData());
- if (!checkHeader(*header)) {
- qCDebug(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData());
+ KTXHeader header;
+ memcpy(&header, buf.data(), qktxh_headerSize);
+ if (!checkHeader(header)) {
+ qWarning(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData());
return QTextureFileData();
}
QTextureFileData texData;
texData.setData(buf);
- texData.setSize(QSize(decode(header->pixelWidth), decode(header->pixelHeight)));
- texData.setGLFormat(decode(header->glFormat));
- texData.setGLInternalFormat(decode(header->glInternalFormat));
- texData.setGLBaseInternalFormat(decode(header->glBaseInternalFormat));
-
- texData.setNumLevels(decode(header->numberOfMipmapLevels));
- quint32 offset = headerSize + decode(header->bytesOfKeyValueData);
- const int maxLevels = qMin(texData.numLevels(), 32); // Cap iterations in case of corrupt file.
- for (int i = 0; i < maxLevels; i++) {
- if (offset + sizeof(KTXMipmapLevel) > dataSize) // Corrupt file; avoid oob read
- break;
- const KTXMipmapLevel *level = reinterpret_cast<const KTXMipmapLevel *>(buf.constData() + offset);
- quint32 levelLen = decode(level->imageSize);
- texData.setDataOffset(offset + sizeof(KTXMipmapLevel::imageSize), i);
- texData.setDataLength(levelLen, i);
- offset += sizeof(KTXMipmapLevel::imageSize) + levelLen + (3 - ((levelLen + 3) % 4));
+ texData.setSize(QSize(decode(header.pixelWidth), decode(header.pixelHeight)));
+ texData.setGLFormat(decode(header.glFormat));
+ texData.setGLInternalFormat(decode(header.glInternalFormat));
+ texData.setGLBaseInternalFormat(decode(header.glBaseInternalFormat));
+
+ texData.setNumLevels(decode(header.numberOfMipmapLevels));
+
+ const quint32 bytesOfKeyValueData = decode(header.bytesOfKeyValueData);
+ quint32 headerKeyValueSize;
+ if (qAddOverflow(qktxh_headerSize, bytesOfKeyValueData, &headerKeyValueSize)) {
+ qWarning(lcQtGuiTextureIO, "Overflow in size of key value data in header of KTX file %s",
+ logName().constData());
+ return QTextureFileData();
+ }
+
+ if (headerKeyValueSize >= quint32(buf.size())) {
+ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ // Technically, any number of levels is allowed but if the value is bigger than
+ // what is possible in KTX V2 (and what makes sense) we return an error.
+ // maxLevels = log2(max(width, height, depth))
+ const int maxLevels = (sizeof(quint32) * 8)
+ - qCountLeadingZeroBits(std::max(
+ { header.pixelWidth, header.pixelHeight, header.pixelDepth }));
+
+ if (texData.numLevels() > maxLevels) {
+ qWarning(lcQtGuiTextureIO, "Too many levels in KTX file %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ quint32 offset = headerKeyValueSize;
+ for (int level = 0; level < texData.numLevels(); level++) {
+ const auto imageSizeSlice = safeSlice(buf, offset, sizeof(quint32));
+ if (imageSizeSlice.isEmpty()) {
+ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ const quint32 imageSize = decode(qFromUnaligned<quint32>(imageSizeSlice.data()));
+ offset += sizeof(quint32); // overflow checked indirectly above
+
+ texData.setDataOffset(offset, level);
+ texData.setDataLength(imageSize, level);
+
+ // Add image data and padding to offset
+ quint32 padded = 0;
+ if (nearestMultipleOf4(imageSize, &padded)) {
+ qWarning(lcQtGuiTextureIO, "Overflow in KTX file %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ quint32 offsetNext;
+ if (qAddOverflow(offset, padded, &offsetNext)) {
+ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ offset = offsetNext;
}
if (!texData.isValid()) {
- qCDebug(lcQtGuiTextureIO, "Invalid values in header of KTX file %s", logName().constData());
+ qWarning(lcQtGuiTextureIO, "Invalid values in header of KTX file %s",
+ logName().constData());
return QTextureFileData();
}
@@ -191,7 +271,7 @@ bool QKtxHandler::checkHeader(const KTXHeader &header)
(decode(header.numberOfFaces) == 1));
}
-quint32 QKtxHandler::decode(quint32 val)
+quint32 QKtxHandler::decode(quint32 val) const
{
return inverseEndian ? qbswap<quint32>(val) : val;
}
diff --git a/src/gui/util/qktxhandler_p.h b/src/gui/util/qktxhandler_p.h
index f831e59d95..cdf1b2eaf8 100644
--- a/src/gui/util/qktxhandler_p.h
+++ b/src/gui/util/qktxhandler_p.h
@@ -68,7 +68,7 @@ public:
private:
bool checkHeader(const KTXHeader &header);
- quint32 decode(quint32 val);
+ quint32 decode(quint32 val) const;
bool inverseEndian = false;
};

40
SOURCES/qtbase-5.15.8-fix-missing-qtsan-include.patch Normal file
View File

File diff suppressed because one or more lines are too long

30
SOURCES/qtbase-ambiguous-python-shebang.patch
View File

@ -1,30 +0,0 @@
diff --git a/mkspecs/features/uikit/devices.py b/mkspecs/features/uikit/devices.py
index 8cdcb370..b0c927ea 100755
--- a/mkspecs/features/uikit/devices.py
+++ b/mkspecs/features/uikit/devices.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
#############################################################################
##
diff --git a/tests/manual/xembed-raster/gtk-embedder.py b/tests/manual/xembed-raster/gtk-embedder.py
index 5c37fd44..86ffa9fd 100755
--- a/tests/manual/xembed-raster/gtk-embedder.py
+++ b/tests/manual/xembed-raster/gtk-embedder.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
#############################################################################
##
## Copyright (C) 2013 Canonical Ltd.
diff --git a/tests/manual/xembed-widgets/gtk-embedder.py b/tests/manual/xembed-widgets/gtk-embedder.py
index 2a7c92db..93135b14 100755
--- a/tests/manual/xembed-widgets/gtk-embedder.py
+++ b/tests/manual/xembed-widgets/gtk-embedder.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
#############################################################################
##
## Copyright (C) 2013 Canonical Ltd.

122
SOURCES/qtbase-disable-tests-not-working-in-gating.patch Normal file
View File

@ -0,0 +1,122 @@
diff --git a/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp b/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
index 2accf99c..31478c1d 100644
--- a/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
+++ b/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
@@ -63,7 +63,7 @@ private slots:
#endif
void doubleSlashInRoot();
void setLocale();
- void lastModified();
+ // void lastModified();
void resourcesInStaticPlugins();
private:
@@ -645,19 +645,19 @@ void tst_QResourceEngine::setLocale()
QLocale::setDefault(QLocale::system());
}
-void tst_QResourceEngine::lastModified()
-{
- {
- QFileInfo fi(":/");
- QVERIFY(fi.exists());
- QVERIFY2(!fi.lastModified().isValid(), qPrintable(fi.lastModified().toString()));
- }
- {
- QFileInfo fi(":/search_file.txt");
- QVERIFY(fi.exists());
- QVERIFY(fi.lastModified().isValid());
- }
-}
+// void tst_QResourceEngine::lastModified()
+// {
+// {
+// QFileInfo fi(":/");
+// QVERIFY(fi.exists());
+// QVERIFY2(!fi.lastModified().isValid(), qPrintable(fi.lastModified().toString()));
+// }
+// {
+// QFileInfo fi(":/search_file.txt");
+// QVERIFY(fi.exists());
+// QVERIFY(fi.lastModified().isValid());
+// }
+// }
Q_IMPORT_PLUGIN(PluginClass)
void tst_QResourceEngine::resourcesInStaticPlugins()
diff --git a/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp b/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
index fe63cecc..e1686aea 100644
--- a/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
+++ b/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
@@ -46,7 +46,7 @@ private slots:
void currentStorage();
void storageList();
void tempFile();
- void caching();
+ // void caching();
#endif
};
@@ -202,34 +202,34 @@ void tst_QStorageInfo::tempFile()
QVERIFY(free != storage2.bytesFree());
}
-void tst_QStorageInfo::caching()
-{
- QTemporaryFile file;
- QVERIFY2(file.open(), qPrintable(file.errorString()));
-
- QStorageInfo storage1(file.fileName());
-#ifdef Q_OS_LINUX
- if (storage1.fileSystemType() == "btrfs")
- QSKIP("This test doesn't work on btrfs, probably due to a btrfs bug");
-#endif
-
- qint64 free = storage1.bytesFree();
- QStorageInfo storage2(storage1);
- QCOMPARE(free, storage2.bytesFree());
- QVERIFY(free != -1);
-
- file.write(QByteArray(1024*1024, '\0'));
- file.flush();
-
- QCOMPARE(free, storage1.bytesFree());
- QCOMPARE(free, storage2.bytesFree());
- storage2.refresh();
- QCOMPARE(storage1, storage2);
- if (free == storage2.bytesFree() && storage2.fileSystemType() == "apfs") {
- QEXPECT_FAIL("", "This test is likely to fail on APFS", Continue);
- }
- QVERIFY(free != storage2.bytesFree());
-}
+// void tst_QStorageInfo::caching()
+// {
+// QTemporaryFile file;
+// QVERIFY2(file.open(), qPrintable(file.errorString()));
+//
+// QStorageInfo storage1(file.fileName());
+// #ifdef Q_OS_LINUX
+// if (storage1.fileSystemType() == "btrfs")
+// QSKIP("This test doesn't work on btrfs, probably due to a btrfs bug");
+// #endif
+//
+// qint64 free = storage1.bytesFree();
+// QStorageInfo storage2(storage1);
+// QCOMPARE(free, storage2.bytesFree());
+// QVERIFY(free != -1);
+//
+// file.write(QByteArray(1024*1024, '\0'));
+// file.flush();
+//
+// QCOMPARE(free, storage1.bytesFree());
+// QCOMPARE(free, storage2.bytesFree());
+// storage2.refresh();
+// QCOMPARE(storage1, storage2);
+// if (free == storage2.bytesFree() && storage2.fileSystemType() == "apfs") {
+// QEXPECT_FAIL("", "This test is likely to fail on APFS", Continue);
+// }
+// QVERIFY(free != storage2.bytesFree());
+// }
#endif
QTEST_MAIN(tst_QStorageInfo)

12
SOURCES/qtbase-everywhere-src-5.15.6-private_api_warning.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h.private_api_warning qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h
--- qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h.private_api_warning 2022-10-11 09:08:33.712070523 -0500
+++ qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h 2022-10-11 09:10:58.647038619 -0500
@@ -435,7 +435,7 @@ inline void QObjectPrivate::checkForInco
Q_UNUSED(version);
#else
if (Q_UNLIKELY(version != QObjectPrivateVersion)) {
- qFatal("Cannot mix incompatible Qt library (%d.%d.%d) with this library (%d.%d.%d)",
+ qWarning("Cannot mix incompatible Qt library (%d.%d.%d) with this library (%d.%d.%d)",
(version >> 16) & 0xff, (version >> 8) & 0xff, version & 0xff,
(QObjectPrivateVersion >> 16) & 0xff, (QObjectPrivateVersion >> 8) & 0xff, QObjectPrivateVersion & 0xff);
}

16
SOURCES/tell-the-truth-about-private-api.patch
View File

@ -1,16 +0,0 @@
diff --git a/mkspecs/features/qt_module.prf b/mkspecs/features/qt_module.prf
index e6a0d97..cf93041 100644
--- a/mkspecs/features/qt_module.prf
+++ b/mkspecs/features/qt_module.prf
@@ -216,9 +216,9 @@ android: CONFIG += qt_android_deps no_linker_version_script
QMAKE_LFLAGS += $${QMAKE_LFLAGS_VERSION_SCRIPT}$$verscript
internal_module {
- verscript_content = "Qt_$${QT_MAJOR_VERSION}_PRIVATE_API { *; };"
+ verscript_content = "Qt_$${QT_MAJOR_VERSION}.$${QT_MINOR_VERSION}.$${QT_PATCH_VERSION}_PRIVATE_API { *; };"
} else {
- verscript_content = "Qt_$${QT_MAJOR_VERSION}_PRIVATE_API {" \
+ verscript_content = "Qt_$${QT_MAJOR_VERSION}.$${QT_MINOR_VERSION}.$${QT_PATCH_VERSION}_PRIVATE_API {" \
" qt_private_api_tag*;"
private_api_headers = $$SYNCQT.PRIVATE_HEADER_FILES $$SYNCQT.QPA_HEADER_FILES

155
SPECS/qt5-qtbase.spec
View File

@ -2,8 +2,6 @@
%global multilib_archs x86_64 %{ix86} %{?mips} ppc64 ppc s390x s390 sparc64 sparcv9
%global multilib_basearchs x86_64 %{?mips64} ppc64 s390x sparc64
%global openssl -openssl-linked
%if 0%{?fedora} < 29 && 0%{?rhel} < 9
%ifarch %{ix86}
%global no_sse2 -no-sse2
@ -47,7 +45,6 @@
%global qt_settings 1
%endif
%global journald -journald
BuildRequires: make
BuildRequires: pkgconfig(libsystemd)
@ -59,8 +56,8 @@ BuildRequires: pkgconfig(libsystemd)
Name: qt5-qtbase
Summary: Qt5 - QtBase components
Version: 5.15.3
Release: 1%{?dist}
Version: 5.15.9
Release: 9%{?dist}
# See LGPL_EXCEPTIONS.txt, for exception details
@ -86,11 +83,8 @@ Source10: macros.qt5-qtbase
# support multilib optflags
Patch2: qtbase-multilib_optflags.patch
# borrowed from opensuse
# track private api via properly versioned symbols
# downside: binaries produced with these differently-versioned symbols are no longer
# compatible with qt-project.org's Qt binary releases.
Patch8: tell-the-truth-about-private-api.patch
# make mixing versions with private apis a warning instead of fatal error
Patch3: qtbase-everywhere-src-5.15.6-private_api_warning.patch
# upstreamable patches
# namespace QT_VERSION_CHECK to workaround major/minor being pre-defined (#1396755)
@ -132,9 +126,6 @@ Patch64: qt5-qtbase-5.12.1-firebird-4.0.0.patch
# fix for new mariadb
Patch65: qtbase-opensource-src-5.9.0-mysql.patch
# python3
Patch68: qtbase-ambiguous-python-shebang.patch
# https://fedoraproject.org/wiki/Changes/Qt_Wayland_By_Default_On_Gnome
# https://bugzilla.redhat.com/show_bug.cgi?id=1732129
Patch80: qtbase-use-wayland-on-gnome.patch
@ -144,12 +135,26 @@ Patch90: %{name}-gcc11.patch
## upstream patches
# https://invent.kde.org/qt/qt/qtbase, kde/5.15 branch
# git diff v5.15.3-lts-lgpl..HEAD | gzip > kde-5.15-rollup-$(date +%Y%m%d).patch.gz
# git diff v5.15.9-lts-lgpl..HEAD | gzip > kde-5.15-rollup-$(date +%Y%m%d).patch.gz
# patch100 in lookaside cache due to large'ish size -- rdieter
Patch100: kde-5.15-rollup-20220324.patch.gz
Patch100: kde-5.15-rollup-20230411.patch.gz
# HACK to make 'fedpkg sources' consider it 'used"
Source100: kde-5.15-rollup-20220324.patch.gz
Source100: kde-5.15-rollup-20230411.patch.gz
Patch101: qtbase-5.15.8-fix-missing-qtsan-include.patch
Patch110: CVE-2023-32762-qtbase-5.15.patch
Patch111: CVE-2023-32763-qtbase-5.15.patch
Patch112: CVE-2023-33285-qtbase-5.15.patch
Patch113: CVE-2023-34410-qtbase-5.15.patch
Patch114: CVE-2023-37369-qtbase-5.15.patch
Patch115: CVE-2023-38197-qtbase-5.15.patch
Patch116: 0001-CVE-2023-51714-qtbase-5.15.patch
Patch117: 0002-CVE-2023-51714-qtbase-5.15.patch
Patch118: CVE-2024-25580-qtbase-5.15.patch
# gating related patches
Patch200: qtbase-disable-tests-not-working-in-gating.patch
# Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
# Those themes are there for platform integration. If the required libraries are
@ -174,11 +179,8 @@ BuildRequires: clang >= 3.7.0
%else
BuildRequires: gcc-c++
%endif
# http://bugzilla.redhat.com/1196359
%if 0%{?fedora} || 0%{?rhel} > 6
%global dbus -dbus-linked
BuildRequires: pkgconfig(dbus-1)
%endif
BuildRequires: pkgconfig(libdrm)
BuildRequires: pkgconfig(fontconfig)
BuildRequires: pkgconfig(gl)
@ -192,6 +194,7 @@ BuildRequires: pkgconfig(libudev)
BuildRequires: openssl-devel
BuildRequires: pkgconfig(libpulse) pkgconfig(libpulse-mainloop-glib)
BuildRequires: pkgconfig(libinput)
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(xcb-xkb) >= 1.10
BuildRequires: pkgconfig(xcb-util)
BuildRequires: pkgconfig(xkbcommon) >= 0.4.1
@ -222,6 +225,7 @@ BuildRequires: libicu-devel
%endif
BuildRequires: pkgconfig(xcb) pkgconfig(xcb-glx) pkgconfig(xcb-icccm) pkgconfig(xcb-image) pkgconfig(xcb-keysyms) pkgconfig(xcb-renderutil)
BuildRequires: pkgconfig(zlib)
BuildRequires: pkgconfig(libzstd)
BuildRequires: perl-generators
# see patch68
BuildRequires: python3
@ -270,6 +274,12 @@ Summary: Common files for Qt5
# offer upgrade path for qtquick1 somewhere... may as well be here -- rex
Obsoletes: qt5-qtquick1 < 5.9.0
Obsoletes: qt5-qtquick1-devel < 5.9.0
%if "%{?ibase}" == "-no-sql-ibase"
Obsoletes: qt5-qtbase-ibase < %{version}-%{release}
%endif
%if "%{?tds}" == "-no-sql-tds"
Obsoletes: qt5-qtbase-tds < %{version}-%{release}
%endif
Requires: %{name} = %{version}-%{release}
BuildArch: noarch
%description common
@ -378,7 +388,8 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
%package gui
Summary: Qt5 GUI-related libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
%if ! 0%{?rhel} < 8
# where Recommends are supported
%if 0%{?fedora} || 0%{?rhel} >= 8
Recommends: mesa-dri-drivers
%endif
Obsoletes: qt5-qtbase-x11 < 5.2.0
@ -393,38 +404,49 @@ Qt5 libraries used for drawing widgets and OpenGL items.
%prep
%setup -q -n %{qt_module}-everywhere-src-%{version}
## dowstream patches
%patch -P3 -p1 -b .private_api_warning
## upstream fixes
# omit '-b .tell-the-truth-about-private-api' so it doesn't end up in installed files -- rdieter
%patch8 -p1
%patch50 -p1 -b .QT_VERSION_CHECK
# FIXME/TODO : rebase or drop -- rdieter
#patch51 -p1 -b .hidpi_scale_at_192
%patch52 -p1 -b .moc_macros
%patch53 -p1 -b .qt5gui_cmake_isystem_includes
%patch54 -p1 -b .qmake_LFLAGS
%patch55 -p1 -b .no_relocatable
%patch56 -p1 -b .libglvnd
%patch61 -p1 -b .qt5-qtbase-cxxflag
%patch -P50 -p1 -b .QT_VERSION_CHECK
#patch -P51 -p1 -b .hidpi_scale_at_192
%patch -P52 -p1 -b .moc_macros
%patch -P53 -p1 -b .qt5gui_cmake_isystem_includes
%patch -P54 -p1 -b .qmake_LFLAGS
%patch -P55 -p1 -b .no_relocatable
%patch -P56 -p1 -b .libglvnd
%patch -P61 -p1 -b .qt5-qtbase-cxxflag
%if 0%{?fedora} < 35
%patch63 -p1 -b .firebird
%patch -P63 -p1 -b .firebird
%else
%patch64 -p1 -b .firebird
%patch -P64 -p1 -b .firebird
%endif
%if 0%{?fedora} > 27
%patch65 -p1 -b .mysql
%patch -P65 -p1 -b .mysql
%endif
%patch68 -p1
%if 0%{?fedora} > 30 || 0%{?rhel} > 9
%patch80 -p1 -b .use-wayland-on-gnome.patch
%patch -P80 -p1 -b .use-wayland-on-gnome.patch
%endif
%patch90 -p1 -b .gcc11
%patch -P90 -p1 -b .gcc11
## upstream patches
%patch100 -p1
%patch -P100 -p1
%patch -P101 -p1
%patch -P110 -p1
%patch -P111 -p1
%patch -P112 -p1
%patch -P113 -p1
%patch -P114 -p1
%patch -P115 -p1
%patch -P116 -p1
%patch -P117 -p1
%patch -P118 -p1
## gating related patches
%patch -P200 -p1 -b .disable-tests-not-working-in-gating
# move some bundled libs to ensure they're not accidentally used
pushd src/3rdparty
@ -497,16 +519,17 @@ export MAKEFLAGS="%{?_smp_mflags}"
-release \
-shared \
-accessibility \
%{?dbus}%{!?dbus:-dbus-runtime} \
-dbus-linked \
%{?egl:-egl -eglfs} \
-fontconfig \
-glib \
-gtk \
%{?ibase} \
-icu \
%{?journald} \
-journald \
-optimized-qmake \
%{?openssl} \
-openssl-linked \
-libproxy \
%{!?examples:-nomake examples} \
%{!?build_tests:-nomake tests} \
-no-pch \
@ -535,7 +558,11 @@ export MAKEFLAGS="%{?_smp_mflags}"
QMAKE_LFLAGS_RELEASE="${LDFLAGS:-$RPM_LD_FLAGS}"
# Validate config results
%if "%{?ibase}" != "-no-sql-ibase"
for config_test in egl-x11 ibase ; do
%else
for config_test in egl-x11 ; do
%endif
config_result="$(grep ^cache.${config_test}.result config.cache | cut -d= -f2 | tr -d ' ')"
if [ "${config_result}" != "true" ]; then
echo "${config_test} detection failed"
@ -597,7 +624,7 @@ translationdir=%{_qt5_translationdir}
Name: Qt5
Description: Qt5 Configuration
Version: 5.15.3
Version: 5.15.9
EOF
# rpm macros
@ -1117,6 +1144,46 @@ fi
%changelog
* Fri Feb 16 2024 Jan Grulich <jgrulich@redhat.com> - 5.15.9-9
- Fix CVE-2024-25580: potential buffer overflow when reading KTX images
Resolves: RHEL-25726
* Thu Jan 04 2024 Jan Grulich <jgrulich@redhat.com> - 5.15.9-8
- Fix incorrect integer overflow check in HTTP2 implementation
Resolves: RHEL-20239
* Fri Jul 21 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-7
- Fix infinite loops in QXmlStreamReader (CVE-2023-38197)
Resolves: bz#2222771
* Fri Jun 09 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-6
- Don't allow remote attacker to bypass security restrictions caused by
flaw in certificate validation (CVE-2023-34410) (version #2)
Resolves: bz#2212754
* Tue Jun 06 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-5
- Don't allow remote attacker to bypass security restrictions caused by
flaw in certificate validation (CVE-2023-34410)
Resolves: bz#2212754
* Wed May 24 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-4
- Fix specific overflow in qtextlayout
- Fix incorrect parsing of the strict-transport-security (HSTS) header
- Fix buffer over-read via a crafted reply from a DNS server
Resolves: bz#2209492
* Wed Apr 26 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-3
- Rebuild (elfutils#2188064)
Resolves: bz#2175727
* Tue Apr 25 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-2
- Disable tests failing in gating
Resolves: bz#2175727
* Mon Apr 17 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-1
- 5.15.9 + sync with Fedora
Resolves: bz#2175727
* Thu Mar 24 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.3-1
- 5.15.3 + sync with Fedora
Resolves: bz#2061354