Import from AlmaLinux stable repository
This commit is contained in:
parent
9fffa85029
commit
394a3bba83
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/kde-5.15-rollup-20220324.patch.gz
|
||||
SOURCES/qtbase-everywhere-opensource-src-5.15.3.tar.xz
|
||||
SOURCES/kde-5.15-rollup-20230411.patch.gz
|
||||
SOURCES/qtbase-everywhere-opensource-src-5.15.9.tar.xz
|
||||
|
@ -1,2 +1,2 @@
|
||||
981f5fbeb315c2e4adc122cee944368598466b67 SOURCES/kde-5.15-rollup-20220324.patch.gz
|
||||
d7383126e1f412ef26096692b9e50a1887eb11f7 SOURCES/qtbase-everywhere-opensource-src-5.15.3.tar.xz
|
||||
677b605bf6033bdfa84a676096ec6e77da6e844d SOURCES/kde-5.15-rollup-20230411.patch.gz
|
||||
a5bbeafa6319cd3e666b12ccc722a357de7230be SOURCES/qtbase-everywhere-opensource-src-5.15.9.tar.xz
|
||||
|
38
SOURCES/0001-CVE-2023-51714-qtbase-5.15.patch
Normal file
38
SOURCES/0001-CVE-2023-51714-qtbase-5.15.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From ea63c28efc1d2ecb467b83a34923d12462efa96f Mon Sep 17 00:00:00 2001
|
||||
From: Marc Mutz <marc.mutz@qt.io>
|
||||
Date: Tue, 12 Dec 2023 20:51:56 +0100
|
||||
Subject: [PATCH] HPack: fix a Yoda Condition
|
||||
|
||||
Putting the variable on the LHS of a relational operation makes the
|
||||
expression easier to read. In this case, we find that the whole
|
||||
expression is nonsensical as an overflow protection, because if
|
||||
name.size() + value.size() overflows, the result will exactly _not_
|
||||
be > max() - 32, because UB will have happened.
|
||||
|
||||
To be fixed in a follow-up commit.
|
||||
|
||||
As a drive-by, add parentheses around the RHS.
|
||||
|
||||
Change-Id: I35ce598884c37c51b74756b3bd2734b9aad63c09
|
||||
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
||||
(cherry picked from commit 658607a34ead214fbacbc2cca44915655c318ea9)
|
||||
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
||||
(cherry picked from commit 4f7efd41740107f90960116700e3134f5e433867)
|
||||
(cherry picked from commit 13c16b756900fe524f6d9534e8a07aa003c05e0c)
|
||||
(cherry picked from commit 1d4788a39668fb2dc5912a8d9c4272dc40e99f92)
|
||||
(cherry picked from commit 87de75b5cc946d196decaa6aef4792a6cac0b6db)
|
||||
---
|
||||
|
||||
diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
|
||||
index 834214f..ab166a6 100644
|
||||
--- a/src/network/access/http2/hpacktable.cpp
|
||||
+++ b/src/network/access/http2/hpacktable.cpp
|
||||
@@ -63,7 +63,7 @@
|
||||
// 32 octets of overhead."
|
||||
|
||||
const unsigned sum = unsigned(name.size() + value.size());
|
||||
- if (std::numeric_limits<unsigned>::max() - 32 < sum)
|
||||
+ if (sum > (std::numeric_limits<unsigned>::max() - 32))
|
||||
return HeaderSize();
|
||||
return HeaderSize(true, quint32(sum + 32));
|
||||
}
|
59
SOURCES/0002-CVE-2023-51714-qtbase-5.15.patch
Normal file
59
SOURCES/0002-CVE-2023-51714-qtbase-5.15.patch
Normal file
@ -0,0 +1,59 @@
|
||||
From 23c3fc483e8b6e21012a61f0bea884446f727776 Mon Sep 17 00:00:00 2001
|
||||
From: Marc Mutz <marc.mutz@qt.io>
|
||||
Date: Tue, 12 Dec 2023 22:08:07 +0100
|
||||
Subject: [PATCH] HPack: fix incorrect integer overflow check
|
||||
|
||||
This code never worked:
|
||||
|
||||
For the comparison with max() - 32 to trigger, on 32-bit platforms (or
|
||||
Qt 5) signed interger overflow would have had to happen in the
|
||||
addition of the two sizes. The compiler can therefore remove the
|
||||
overflow check as dead code.
|
||||
|
||||
On Qt 6 and 64-bit platforms, the signed integer addition would be
|
||||
very unlikely to overflow, but the following truncation to uint32
|
||||
would yield the correct result only in a narrow 32-value window just
|
||||
below UINT_MAX, if even that.
|
||||
|
||||
Fix by using the proper tool, qAddOverflow.
|
||||
|
||||
Manual conflict resolutions:
|
||||
- qAddOverflow doesn't exist in Qt 5, use private add_overflow
|
||||
predecessor API instead
|
||||
|
||||
Change-Id: I7599f2e75ff7f488077b0c60b81022591005661c
|
||||
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
||||
(cherry picked from commit ee5da1f2eaf8932aeca02ffea6e4c618585e29e3)
|
||||
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
||||
(cherry picked from commit debeb8878da2dc706ead04b6072ecbe7e5313860)
|
||||
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
||||
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
|
||||
(cherry picked from commit 811b9eef6d08d929af8708adbf2a5effb0eb62d7)
|
||||
(cherry picked from commit f931facd077ce945f1e42eaa3bead208822d3e00)
|
||||
(cherry picked from commit 9ef4ca5ecfed771dab890856130e93ef5ceabef5)
|
||||
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
|
||||
---
|
||||
|
||||
diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
|
||||
index ab166a6..de91fc0 100644
|
||||
--- a/src/network/access/http2/hpacktable.cpp
|
||||
+++ b/src/network/access/http2/hpacktable.cpp
|
||||
@@ -40,6 +40,7 @@
|
||||
#include "hpacktable_p.h"
|
||||
|
||||
#include <QtCore/qdebug.h>
|
||||
+#include <QtCore/private/qnumeric_p.h>
|
||||
|
||||
#include <algorithm>
|
||||
#include <cstddef>
|
||||
@@ -62,7 +63,9 @@
|
||||
// for counting the number of references to the name and value would have
|
||||
// 32 octets of overhead."
|
||||
|
||||
- const unsigned sum = unsigned(name.size() + value.size());
|
||||
+ size_t sum;
|
||||
+ if (add_overflow(size_t(name.size()), size_t(value.size()), &sum))
|
||||
+ return HeaderSize();
|
||||
if (sum > (std::numeric_limits<unsigned>::max() - 32))
|
||||
return HeaderSize();
|
||||
return HeaderSize(true, quint32(sum + 32));
|
13
SOURCES/CVE-2023-32762-qtbase-5.15.patch
Normal file
13
SOURCES/CVE-2023-32762-qtbase-5.15.patch
Normal file
@ -0,0 +1,13 @@
|
||||
--- a/src/network/access/qhsts.cpp
|
||||
+++ b/src/network/access/qhsts.cpp
|
||||
@@ -364,8 +364,8 @@ quoted-pair = "\" CHAR
|
||||
bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers)
|
||||
{
|
||||
for (const auto &h : headers) {
|
||||
- // We use '==' since header name was already 'trimmed' for us:
|
||||
- if (h.first == "Strict-Transport-Security") {
|
||||
+ // We compare directly because header name was already 'trimmed' for us:
|
||||
+ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
|
||||
header = h.second;
|
||||
// RFC6797, 8.1:
|
||||
//
|
49
SOURCES/CVE-2023-32763-qtbase-5.15.patch
Normal file
49
SOURCES/CVE-2023-32763-qtbase-5.15.patch
Normal file
@ -0,0 +1,49 @@
|
||||
diff --git a/src/gui/painting/qfixed_p.h b/src/gui/painting/qfixed_p.h
|
||||
index 84659288..57d750a4 100644
|
||||
--- a/src/gui/painting/qfixed_p.h
|
||||
+++ b/src/gui/painting/qfixed_p.h
|
||||
@@ -54,6 +54,7 @@
|
||||
#include <QtGui/private/qtguiglobal_p.h>
|
||||
#include "QtCore/qdebug.h"
|
||||
#include "QtCore/qpoint.h"
|
||||
+#include <QtCore/private/qnumeric_p.h>
|
||||
#include "QtCore/qsize.h"
|
||||
|
||||
QT_BEGIN_NAMESPACE
|
||||
@@ -182,6 +183,14 @@ Q_DECL_CONSTEXPR inline bool operator<(int i, const QFixed &f) { return i * 64 <
|
||||
Q_DECL_CONSTEXPR inline bool operator>(const QFixed &f, int i) { return f.value() > i * 64; }
|
||||
Q_DECL_CONSTEXPR inline bool operator>(int i, const QFixed &f) { return i * 64 > f.value(); }
|
||||
|
||||
+inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r)
|
||||
+{
|
||||
+ int val;
|
||||
+ bool result = add_overflow(v1.value(), v2.value(), &val);
|
||||
+ r->setValue(val);
|
||||
+ return result;
|
||||
+}
|
||||
+
|
||||
#ifndef QT_NO_DEBUG_STREAM
|
||||
inline QDebug &operator<<(QDebug &dbg, const QFixed &f)
|
||||
{ return dbg << f.toReal(); }
|
||||
diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp
|
||||
index 26ac37b0..f6c69ff4 100644
|
||||
--- a/src/gui/text/qtextlayout.cpp
|
||||
+++ b/src/gui/text/qtextlayout.cpp
|
||||
@@ -2150,11 +2150,14 @@ found:
|
||||
eng->maxWidth = qMax(eng->maxWidth, line.textWidth);
|
||||
} else {
|
||||
eng->minWidth = qMax(eng->minWidth, lbh.minw);
|
||||
- eng->maxWidth += line.textWidth;
|
||||
+ if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth))
|
||||
+ eng->maxWidth = QFIXED_MAX;
|
||||
}
|
||||
|
||||
- if (line.textWidth > 0 && item < eng->layoutData->items.size())
|
||||
- eng->maxWidth += lbh.spaceData.textWidth;
|
||||
+ if (line.textWidth > 0 && item < eng->layoutData->items.size()) {
|
||||
+ if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, &eng->maxWidth))
|
||||
+ eng->maxWidth = QFIXED_MAX;
|
||||
+ }
|
||||
|
||||
line.textWidth += trailingSpace;
|
||||
if (lbh.spaceData.length) {
|
97
SOURCES/CVE-2023-33285-qtbase-5.15.patch
Normal file
97
SOURCES/CVE-2023-33285-qtbase-5.15.patch
Normal file
@ -0,0 +1,97 @@
|
||||
From 2103f2487f709dd9546c503820d9ad509e9a63b3 Mon Sep 17 00:00:00 2001
|
||||
From: Thiago Macieira <thiago.macieira@intel.com>
|
||||
Date: Thu, 11 May 2023 21:40:15 -0700
|
||||
Subject: QDnsLookup/Unix: make sure we don't overflow the buffer
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The DNS Records are variable length and encode their size in 16 bits
|
||||
before the Record Data (RDATA). Ensure that both the RDATA and the
|
||||
Record header fields before it fall inside the buffer we have.
|
||||
|
||||
Additionally reject any replies containing more than one query records.
|
||||
|
||||
[ChangeLog][QtNetwork][QDnsLookup] Fixed a bug that could cause a buffer
|
||||
overflow in Unix systems while parsing corrupt, malicious, or truncated
|
||||
replies.
|
||||
|
||||
Pick-to: 5.15 6.2 6.5 6.5.1
|
||||
Change-Id: I3e3bfef633af4130a03afffd175e4b9547654b95
|
||||
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
||||
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
|
||||
(cherry picked from commit 7dba2c87619d558a61a30eb30cc1d9c3fe6df94c)
|
||||
|
||||
* asturmlechner 2023-05-18: Resolve conflict with dev branch commit
|
||||
68b625901f9eb7c34e3d7aa302e1c0a454d3190b
|
||||
|
||||
diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp
|
||||
index 12b40fc35d..99e999d436 100644
|
||||
--- a/src/network/kernel/qdnslookup_unix.cpp
|
||||
+++ b/src/network/kernel/qdnslookup_unix.cpp
|
||||
@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
|
||||
// responseLength in case of error, we still can extract the
|
||||
// exact error code from the response.
|
||||
HEADER *header = (HEADER*)response;
|
||||
- const int answerCount = ntohs(header->ancount);
|
||||
switch (header->rcode) {
|
||||
case NOERROR:
|
||||
break;
|
||||
@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
|
||||
return;
|
||||
}
|
||||
|
||||
- // Skip the query host, type (2 bytes) and class (2 bytes).
|
||||
char host[PACKETSZ], answer[PACKETSZ];
|
||||
unsigned char *p = response + sizeof(HEADER);
|
||||
- int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
|
||||
- if (status < 0) {
|
||||
+ int status;
|
||||
+
|
||||
+ if (ntohs(header->qdcount) == 1) {
|
||||
+ // Skip the query host, type (2 bytes) and class (2 bytes).
|
||||
+ status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
|
||||
+ if (status < 0) {
|
||||
+ reply->error = QDnsLookup::InvalidReplyError;
|
||||
+ reply->errorString = tr("Could not expand domain name");
|
||||
+ return;
|
||||
+ }
|
||||
+ if ((p - response) + status + 4 >= responseLength)
|
||||
+ header->qdcount = 0xffff; // invalid reply below
|
||||
+ else
|
||||
+ p += status + 4;
|
||||
+ }
|
||||
+ if (ntohs(header->qdcount) > 1) {
|
||||
reply->error = QDnsLookup::InvalidReplyError;
|
||||
- reply->errorString = tr("Could not expand domain name");
|
||||
+ reply->errorString = tr("Invalid reply received");
|
||||
return;
|
||||
}
|
||||
- p += status + 4;
|
||||
|
||||
// Extract results.
|
||||
+ const int answerCount = ntohs(header->ancount);
|
||||
int answerIndex = 0;
|
||||
while ((p < response + responseLength) && (answerIndex < answerCount)) {
|
||||
status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
|
||||
@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
|
||||
const QString name = QUrl::fromAce(host);
|
||||
|
||||
p += status;
|
||||
+
|
||||
+ if ((p - response) + 10 > responseLength) {
|
||||
+ // probably just a truncated reply, return what we have
|
||||
+ return;
|
||||
+ }
|
||||
const quint16 type = (p[0] << 8) | p[1];
|
||||
p += 2; // RR type
|
||||
p += 2; // RR class
|
||||
@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
|
||||
p += 4;
|
||||
const quint16 size = (p[0] << 8) | p[1];
|
||||
p += 2;
|
||||
+ if ((p - response) + size > responseLength)
|
||||
+ return; // truncated
|
||||
|
||||
if (type == QDnsLookup::A) {
|
||||
if (size != 4) {
|
54
SOURCES/CVE-2023-34410-qtbase-5.15.patch
Normal file
54
SOURCES/CVE-2023-34410-qtbase-5.15.patch
Normal file
@ -0,0 +1,54 @@
|
||||
--- a/src/network/ssl/qsslsocket_schannel.cpp
|
||||
+++ b/src/network/ssl/qsslsocket_schannel.cpp
|
||||
@@ -1880,6 +1880,28 @@ bool QSslSocketBackendPrivate::verifyCertContext(CERT_CONTEXT *certContext)
|
||||
if (configuration.peerVerifyDepth > 0 && DWORD(configuration.peerVerifyDepth) < verifyDepth)
|
||||
verifyDepth = DWORD(configuration.peerVerifyDepth);
|
||||
|
||||
+ const auto &caCertificates = q->sslConfiguration().caCertificates();
|
||||
+
|
||||
+ if (!rootCertOnDemandLoadingAllowed()
|
||||
+ && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN)
|
||||
+ && (q->peerVerifyMode() == QSslSocket::VerifyPeer
|
||||
+ || (isClient && q->peerVerifyMode() == QSslSocket::AutoVerifyPeer))) {
|
||||
+ // When verifying a peer Windows "helpfully" builds a chain that
|
||||
+ // may include roots from the system store. But we don't want that if
|
||||
+ // the user has set their own CA certificates.
|
||||
+ // Since Windows claims this is not a partial chain the root is included
|
||||
+ // and we have to check that it is one of our configured CAs.
|
||||
+ CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1];
|
||||
+ QSslCertificate certificate = getCertificateFromChainElement(element);
|
||||
+ if (!caCertificates.contains(certificate)) {
|
||||
+ auto error = QSslError(QSslError::CertificateUntrusted, certificate);
|
||||
+ sslErrors += error;
|
||||
+ emit q->peerVerifyError(error);
|
||||
+ if (q->state() != QAbstractSocket::ConnectedState)
|
||||
+ return false;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
for (DWORD i = 0; i < verifyDepth; i++) {
|
||||
CERT_CHAIN_ELEMENT *element = chain->rgpElement[i];
|
||||
QSslCertificate certificate = getCertificateFromChainElement(element);
|
||||
|
||||
|
||||
--- a/src/network/ssl/qsslsocket.cpp
|
||||
+++ b/src/network/ssl/qsslsocket.cpp
|
||||
@@ -2221,6 +2221,10 @@ QSslSocketPrivate::QSslSocketPrivate()
|
||||
, flushTriggered(false)
|
||||
{
|
||||
QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
|
||||
+ // If the global configuration doesn't allow root certificates to be loaded
|
||||
+ // on demand then we have to disable it for this socket as well.
|
||||
+ if (!configuration.allowRootCertOnDemandLoading)
|
||||
+ allowRootCertOnDemandLoading = false;
|
||||
}
|
||||
|
||||
/*!
|
||||
@@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
|
||||
ptr->sessionProtocol = global->sessionProtocol;
|
||||
ptr->ciphers = global->ciphers;
|
||||
ptr->caCertificates = global->caCertificates;
|
||||
+ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
|
||||
ptr->protocol = global->protocol;
|
||||
ptr->peerVerifyMode = global->peerVerifyMode;
|
||||
ptr->peerVerifyDepth = global->peerVerifyDepth;
|
203
SOURCES/CVE-2023-37369-qtbase-5.15.patch
Normal file
203
SOURCES/CVE-2023-37369-qtbase-5.15.patch
Normal file
@ -0,0 +1,203 @@
|
||||
diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp
|
||||
index 7cd457ba3a..11d162cb79 100644
|
||||
--- a/src/corelib/serialization/qxmlstream.cpp
|
||||
+++ b/src/corelib/serialization/qxmlstream.cpp
|
||||
@@ -1302,15 +1302,18 @@ inline int QXmlStreamReaderPrivate::fastScanContentCharList()
|
||||
return n;
|
||||
}
|
||||
|
||||
-inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
|
||||
+// Fast scan an XML attribute name (e.g. "xml:lang").
|
||||
+inline QXmlStreamReaderPrivate::FastScanNameResult
|
||||
+QXmlStreamReaderPrivate::fastScanName(Value *val)
|
||||
{
|
||||
int n = 0;
|
||||
uint c;
|
||||
while ((c = getChar()) != StreamEOF) {
|
||||
if (n >= 4096) {
|
||||
// This is too long to be a sensible name, and
|
||||
- // can exhaust memory
|
||||
- return 0;
|
||||
+ // can exhaust memory, or the range of decltype(*prefix)
|
||||
+ raiseNamePrefixTooLongError();
|
||||
+ return {};
|
||||
}
|
||||
switch (c) {
|
||||
case '\n':
|
||||
@@ -1339,23 +1342,23 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
|
||||
case '+':
|
||||
case '*':
|
||||
putChar(c);
|
||||
- if (prefix && *prefix == n+1) {
|
||||
- *prefix = 0;
|
||||
+ if (val && val->prefix == n + 1) {
|
||||
+ val->prefix = 0;
|
||||
putChar(':');
|
||||
--n;
|
||||
}
|
||||
- return n;
|
||||
+ return FastScanNameResult(n);
|
||||
case ':':
|
||||
- if (prefix) {
|
||||
- if (*prefix == 0) {
|
||||
- *prefix = n+2;
|
||||
+ if (val) {
|
||||
+ if (val->prefix == 0) {
|
||||
+ val->prefix = n + 2;
|
||||
} else { // only one colon allowed according to the namespace spec.
|
||||
putChar(c);
|
||||
- return n;
|
||||
+ return FastScanNameResult(n);
|
||||
}
|
||||
} else {
|
||||
putChar(c);
|
||||
- return n;
|
||||
+ return FastScanNameResult(n);
|
||||
}
|
||||
Q_FALLTHROUGH();
|
||||
default:
|
||||
@@ -1364,12 +1367,12 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
|
||||
}
|
||||
}
|
||||
|
||||
- if (prefix)
|
||||
- *prefix = 0;
|
||||
+ if (val)
|
||||
+ val->prefix = 0;
|
||||
int pos = textBuffer.size() - n;
|
||||
putString(textBuffer, pos);
|
||||
textBuffer.resize(pos);
|
||||
- return 0;
|
||||
+ return FastScanNameResult(0);
|
||||
}
|
||||
|
||||
enum NameChar { NameBeginning, NameNotBeginning, NotName };
|
||||
@@ -1878,6 +1881,14 @@ void QXmlStreamReaderPrivate::raiseWellFormedError(const QString &message)
|
||||
raiseError(QXmlStreamReader::NotWellFormedError, message);
|
||||
}
|
||||
|
||||
+void QXmlStreamReaderPrivate::raiseNamePrefixTooLongError()
|
||||
+{
|
||||
+ // TODO: add a ImplementationLimitsExceededError and use it instead
|
||||
+ raiseError(QXmlStreamReader::NotWellFormedError,
|
||||
+ QXmlStream::tr("Length of XML attribute name exceeds implemnetation limits (4KiB "
|
||||
+ "characters)."));
|
||||
+}
|
||||
+
|
||||
void QXmlStreamReaderPrivate::parseError()
|
||||
{
|
||||
|
||||
diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g
|
||||
index 4321fed68a..8c6a1a5887 100644
|
||||
--- a/src/corelib/serialization/qxmlstream.g
|
||||
+++ b/src/corelib/serialization/qxmlstream.g
|
||||
@@ -516,7 +516,16 @@ public:
|
||||
int fastScanLiteralContent();
|
||||
int fastScanSpace();
|
||||
int fastScanContentCharList();
|
||||
- int fastScanName(int *prefix = nullptr);
|
||||
+
|
||||
+ struct FastScanNameResult {
|
||||
+ FastScanNameResult() : ok(false) {}
|
||||
+ explicit FastScanNameResult(int len) : addToLen(len), ok(true) { }
|
||||
+ operator bool() { return ok; }
|
||||
+ int operator*() { Q_ASSERT(ok); return addToLen; }
|
||||
+ int addToLen;
|
||||
+ bool ok;
|
||||
+ };
|
||||
+ FastScanNameResult fastScanName(Value *val = nullptr);
|
||||
inline int fastScanNMTOKEN();
|
||||
|
||||
|
||||
@@ -525,6 +534,7 @@ public:
|
||||
|
||||
void raiseError(QXmlStreamReader::Error error, const QString& message = QString());
|
||||
void raiseWellFormedError(const QString &message);
|
||||
+ void raiseNamePrefixTooLongError();
|
||||
|
||||
QXmlStreamEntityResolver *entityResolver;
|
||||
|
||||
@@ -1811,7 +1821,12 @@ space_opt ::= space;
|
||||
qname ::= LETTER;
|
||||
/.
|
||||
case $rule_number: {
|
||||
- sym(1).len += fastScanName(&sym(1).prefix);
|
||||
+ Value &val = sym(1);
|
||||
+ if (auto res = fastScanName(&val))
|
||||
+ val.len += *res;
|
||||
+ else
|
||||
+ return false;
|
||||
+
|
||||
if (atEnd) {
|
||||
resume($rule_number);
|
||||
return false;
|
||||
@@ -1822,7 +1837,11 @@ qname ::= LETTER;
|
||||
name ::= LETTER;
|
||||
/.
|
||||
case $rule_number:
|
||||
- sym(1).len += fastScanName();
|
||||
+ if (auto res = fastScanName())
|
||||
+ sym(1).len += *res;
|
||||
+ else
|
||||
+ return false;
|
||||
+
|
||||
if (atEnd) {
|
||||
resume($rule_number);
|
||||
return false;
|
||||
diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
|
||||
index e5bde7b98e..b01484cac3 100644
|
||||
--- a/src/corelib/serialization/qxmlstream_p.h
|
||||
+++ b/src/corelib/serialization/qxmlstream_p.h
|
||||
@@ -1005,7 +1005,16 @@ public:
|
||||
int fastScanLiteralContent();
|
||||
int fastScanSpace();
|
||||
int fastScanContentCharList();
|
||||
- int fastScanName(int *prefix = nullptr);
|
||||
+
|
||||
+ struct FastScanNameResult {
|
||||
+ FastScanNameResult() : ok(false) {}
|
||||
+ explicit FastScanNameResult(int len) : addToLen(len), ok(true) { }
|
||||
+ operator bool() { return ok; }
|
||||
+ int operator*() { Q_ASSERT(ok); return addToLen; }
|
||||
+ int addToLen;
|
||||
+ bool ok;
|
||||
+ };
|
||||
+ FastScanNameResult fastScanName(Value *val = nullptr);
|
||||
inline int fastScanNMTOKEN();
|
||||
|
||||
|
||||
@@ -1014,6 +1023,7 @@ public:
|
||||
|
||||
void raiseError(QXmlStreamReader::Error error, const QString& message = QString());
|
||||
void raiseWellFormedError(const QString &message);
|
||||
+ void raiseNamePrefixTooLongError();
|
||||
|
||||
QXmlStreamEntityResolver *entityResolver;
|
||||
|
||||
@@ -1939,7 +1949,12 @@ bool QXmlStreamReaderPrivate::parse()
|
||||
break;
|
||||
|
||||
case 262: {
|
||||
- sym(1).len += fastScanName(&sym(1).prefix);
|
||||
+ Value &val = sym(1);
|
||||
+ if (auto res = fastScanName(&val))
|
||||
+ val.len += *res;
|
||||
+ else
|
||||
+ return false;
|
||||
+
|
||||
if (atEnd) {
|
||||
resume(262);
|
||||
return false;
|
||||
@@ -1947,7 +1962,11 @@ bool QXmlStreamReaderPrivate::parse()
|
||||
} break;
|
||||
|
||||
case 263:
|
||||
- sym(1).len += fastScanName();
|
||||
+ if (auto res = fastScanName())
|
||||
+ sym(1).len += *res;
|
||||
+ else
|
||||
+ return false;
|
||||
+
|
||||
if (atEnd) {
|
||||
resume(263);
|
||||
return false;
|
219
SOURCES/CVE-2023-38197-qtbase-5.15.patch
Normal file
219
SOURCES/CVE-2023-38197-qtbase-5.15.patch
Normal file
@ -0,0 +1,219 @@
|
||||
diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp
|
||||
index bf8a2a9..6ab5d49 100644
|
||||
--- a/src/corelib/serialization/qxmlstream.cpp
|
||||
+++ b/src/corelib/serialization/qxmlstream.cpp
|
||||
@@ -160,7 +160,7 @@
|
||||
addData() or by waiting for it to arrive on the device().
|
||||
|
||||
\value UnexpectedElementError The parser encountered an element
|
||||
- that was different to those it expected.
|
||||
+ or token that was different to those it expected.
|
||||
|
||||
*/
|
||||
|
||||
@@ -295,13 +295,34 @@
|
||||
|
||||
QXmlStreamReader is a well-formed XML 1.0 parser that does \e not
|
||||
include external parsed entities. As long as no error occurs, the
|
||||
- application code can thus be assured that the data provided by the
|
||||
- stream reader satisfies the W3C's criteria for well-formed XML. For
|
||||
- example, you can be certain that all tags are indeed nested and
|
||||
- closed properly, that references to internal entities have been
|
||||
- replaced with the correct replacement text, and that attributes have
|
||||
- been normalized or added according to the internal subset of the
|
||||
- DTD.
|
||||
+ application code can thus be assured, that
|
||||
+ \list
|
||||
+ \li the data provided by the stream reader satisfies the W3C's
|
||||
+ criteria for well-formed XML,
|
||||
+ \li tokens are provided in a valid order.
|
||||
+ \endlist
|
||||
+
|
||||
+ Unless QXmlStreamReader raises an error, it guarantees the following:
|
||||
+ \list
|
||||
+ \li All tags are nested and closed properly.
|
||||
+ \li References to internal entities have been replaced with the
|
||||
+ correct replacement text.
|
||||
+ \li Attributes have been normalized or added according to the
|
||||
+ internal subset of the \l DTD.
|
||||
+ \li Tokens of type \l StartDocument happen before all others,
|
||||
+ aside from comments and processing instructions.
|
||||
+ \li At most one DOCTYPE element (a token of type \l DTD) is present.
|
||||
+ \li If present, the DOCTYPE appears before all other elements,
|
||||
+ aside from StartDocument, comments and processing instructions.
|
||||
+ \endlist
|
||||
+
|
||||
+ In particular, once any token of type \l StartElement, \l EndElement,
|
||||
+ \l Characters, \l EntityReference or \l EndDocument is seen, no
|
||||
+ tokens of type StartDocument or DTD will be seen. If one is present in
|
||||
+ the input stream, out of order, an error is raised.
|
||||
+
|
||||
+ \note The token types \l Comment and \l ProcessingInstruction may appear
|
||||
+ anywhere in the stream.
|
||||
|
||||
If an error occurs while parsing, atEnd() and hasError() return
|
||||
true, and error() returns the error that occurred. The functions
|
||||
@@ -620,6 +641,7 @@
|
||||
d->token = -1;
|
||||
return readNext();
|
||||
}
|
||||
+ d->checkToken();
|
||||
return d->type;
|
||||
}
|
||||
|
||||
@@ -740,6 +762,14 @@
|
||||
};
|
||||
|
||||
|
||||
+static const char QXmlStreamReader_XmlContextString[] =
|
||||
+ "Prolog\0"
|
||||
+ "Body\0";
|
||||
+
|
||||
+static const short QXmlStreamReader_XmlContextString_indices[] = {
|
||||
+ 0, 7
|
||||
+};
|
||||
+
|
||||
/*!
|
||||
\property QXmlStreamReader::namespaceProcessing
|
||||
The namespace-processing flag of the stream reader
|
||||
@@ -775,6 +805,16 @@
|
||||
QXmlStreamReader_tokenTypeString_indices[d->type]);
|
||||
}
|
||||
|
||||
+/*!
|
||||
+ \internal
|
||||
+ \return \param ctxt (Prolog/Body) as a string.
|
||||
+ */
|
||||
+QString contextString(QXmlStreamReaderPrivate::XmlContext ctxt)
|
||||
+{
|
||||
+ return QLatin1String(QXmlStreamReader_XmlContextString +
|
||||
+ QXmlStreamReader_XmlContextString_indices[static_cast<int>(ctxt)]);
|
||||
+}
|
||||
+
|
||||
#endif // QT_NO_XMLSTREAMREADER
|
||||
|
||||
QXmlStreamPrivateTagStack::QXmlStreamPrivateTagStack()
|
||||
@@ -866,6 +906,8 @@
|
||||
|
||||
type = QXmlStreamReader::NoToken;
|
||||
error = QXmlStreamReader::NoError;
|
||||
+ currentContext = XmlContext::Prolog;
|
||||
+ foundDTD = false;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -4061,6 +4103,92 @@
|
||||
}
|
||||
}
|
||||
|
||||
+static bool isTokenAllowedInContext(QXmlStreamReader::TokenType type,
|
||||
+ QXmlStreamReaderPrivate::XmlContext loc)
|
||||
+{
|
||||
+ switch (type) {
|
||||
+ case QXmlStreamReader::StartDocument:
|
||||
+ case QXmlStreamReader::DTD:
|
||||
+ return loc == QXmlStreamReaderPrivate::XmlContext::Prolog;
|
||||
+
|
||||
+ case QXmlStreamReader::StartElement:
|
||||
+ case QXmlStreamReader::EndElement:
|
||||
+ case QXmlStreamReader::Characters:
|
||||
+ case QXmlStreamReader::EntityReference:
|
||||
+ case QXmlStreamReader::EndDocument:
|
||||
+ return loc == QXmlStreamReaderPrivate::XmlContext::Body;
|
||||
+
|
||||
+ case QXmlStreamReader::Comment:
|
||||
+ case QXmlStreamReader::ProcessingInstruction:
|
||||
+ return true;
|
||||
+
|
||||
+ case QXmlStreamReader::NoToken:
|
||||
+ case QXmlStreamReader::Invalid:
|
||||
+ return false;
|
||||
+ default:
|
||||
+ return false;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+/*!
|
||||
+ \internal
|
||||
+ \brief QXmlStreamReader::isValidToken
|
||||
+ \return \c true if \param type is a valid token type.
|
||||
+ \return \c false if \param type is an unexpected token,
|
||||
+ which indicates a non-well-formed or invalid XML stream.
|
||||
+ */
|
||||
+bool QXmlStreamReaderPrivate::isValidToken(QXmlStreamReader::TokenType type)
|
||||
+{
|
||||
+ // Don't change currentContext, if Invalid or NoToken occur in the prolog
|
||||
+ if (type == QXmlStreamReader::Invalid || type == QXmlStreamReader::NoToken)
|
||||
+ return false;
|
||||
+
|
||||
+ // If a token type gets rejected in the body, there is no recovery
|
||||
+ const bool result = isTokenAllowedInContext(type, currentContext);
|
||||
+ if (result || currentContext == XmlContext::Body)
|
||||
+ return result;
|
||||
+
|
||||
+ // First non-Prolog token observed => switch context to body and check again.
|
||||
+ currentContext = XmlContext::Body;
|
||||
+ return isTokenAllowedInContext(type, currentContext);
|
||||
+}
|
||||
+
|
||||
+/*!
|
||||
+ \internal
|
||||
+ Checks token type and raises an error, if it is invalid
|
||||
+ in the current context (prolog/body).
|
||||
+ */
|
||||
+void QXmlStreamReaderPrivate::checkToken()
|
||||
+{
|
||||
+ Q_Q(QXmlStreamReader);
|
||||
+
|
||||
+ // The token type must be consumed, to keep track if the body has been reached.
|
||||
+ const XmlContext context = currentContext;
|
||||
+ const bool ok = isValidToken(type);
|
||||
+
|
||||
+ // Do nothing if an error has been raised already (going along with an unexpected token)
|
||||
+ if (error != QXmlStreamReader::Error::NoError)
|
||||
+ return;
|
||||
+
|
||||
+ if (!ok) {
|
||||
+ raiseError(QXmlStreamReader::UnexpectedElementError,
|
||||
+ QLatin1String("Unexpected token type %1 in %2.")
|
||||
+ .arg(q->tokenString(), contextString(context)));
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ if (type != QXmlStreamReader::DTD)
|
||||
+ return;
|
||||
+
|
||||
+ // Raise error on multiple DTD tokens
|
||||
+ if (foundDTD) {
|
||||
+ raiseError(QXmlStreamReader::UnexpectedElementError,
|
||||
+ QLatin1String("Found second DTD token in %1.").arg(contextString(context)));
|
||||
+ } else {
|
||||
+ foundDTD = true;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
/*!
|
||||
\fn bool QXmlStreamAttributes::hasAttribute(const QString &qualifiedName) const
|
||||
\since 4.5
|
||||
diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
|
||||
index 8f7c9e0..708059b 100644
|
||||
--- a/src/corelib/serialization/qxmlstream_p.h
|
||||
+++ b/src/corelib/serialization/qxmlstream_p.h
|
||||
@@ -804,6 +804,17 @@
|
||||
#endif
|
||||
bool atEnd;
|
||||
|
||||
+ enum class XmlContext
|
||||
+ {
|
||||
+ Prolog,
|
||||
+ Body,
|
||||
+ };
|
||||
+
|
||||
+ XmlContext currentContext = XmlContext::Prolog;
|
||||
+ bool foundDTD = false;
|
||||
+ bool isValidToken(QXmlStreamReader::TokenType type);
|
||||
+ void checkToken();
|
||||
+
|
||||
/*!
|
||||
\sa setType()
|
||||
*/
|
197
SOURCES/CVE-2024-25580-qtbase-5.15.patch
Normal file
197
SOURCES/CVE-2024-25580-qtbase-5.15.patch
Normal file
@ -0,0 +1,197 @@
|
||||
diff --git a/src/gui/util/qktxhandler.cpp b/src/gui/util/qktxhandler.cpp
|
||||
index 0d98e97453..6a79e55109 100644
|
||||
--- a/src/gui/util/qktxhandler.cpp
|
||||
+++ b/src/gui/util/qktxhandler.cpp
|
||||
@@ -73,7 +73,7 @@ struct KTXHeader {
|
||||
quint32 bytesOfKeyValueData;
|
||||
};
|
||||
|
||||
-static const quint32 headerSize = sizeof(KTXHeader);
|
||||
+static constexpr quint32 qktxh_headerSize = sizeof(KTXHeader);
|
||||
|
||||
// Currently unused, declared for future reference
|
||||
struct KTXKeyValuePairItem {
|
||||
@@ -103,11 +103,36 @@ struct KTXMipmapLevel {
|
||||
*/
|
||||
};
|
||||
|
||||
-bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block)
|
||||
+static bool qAddOverflow(quint32 v1, quint32 v2, quint32 *r) {
|
||||
+ // unsigned additions are well-defined
|
||||
+ *r = v1 + v2;
|
||||
+ return v1 > quint32(v1 + v2);
|
||||
+}
|
||||
+
|
||||
+// Returns the nearest multiple of 4 greater than or equal to 'value'
|
||||
+static bool nearestMultipleOf4(quint32 value, quint32 *result)
|
||||
+{
|
||||
+ constexpr quint32 rounding = 4;
|
||||
+ *result = 0;
|
||||
+ if (qAddOverflow(value, rounding - 1, result))
|
||||
+ return true;
|
||||
+ *result &= ~(rounding - 1);
|
||||
+ return false;
|
||||
+}
|
||||
+
|
||||
+// Returns a slice with prechecked bounds
|
||||
+static QByteArray safeSlice(const QByteArray& array, quint32 start, quint32 length)
|
||||
{
|
||||
- Q_UNUSED(suffix)
|
||||
+ quint32 end = 0;
|
||||
+ if (qAddOverflow(start, length, &end) || end > quint32(array.length()))
|
||||
+ return {};
|
||||
+ return QByteArray(array.data() + start, length);
|
||||
+}
|
||||
|
||||
- return (qstrncmp(block.constData(), ktxIdentifier, KTX_IDENTIFIER_LENGTH) == 0);
|
||||
+bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block)
|
||||
+{
|
||||
+ Q_UNUSED(suffix);
|
||||
+ return block.startsWith(QByteArray::fromRawData(ktxIdentifier, KTX_IDENTIFIER_LENGTH));
|
||||
}
|
||||
|
||||
QTextureFileData QKtxHandler::read()
|
||||
@@ -115,42 +140,97 @@ QTextureFileData QKtxHandler::read()
|
||||
if (!device())
|
||||
return QTextureFileData();
|
||||
|
||||
- QByteArray buf = device()->readAll();
|
||||
- const quint32 dataSize = quint32(buf.size());
|
||||
- if (dataSize < headerSize || !canRead(QByteArray(), buf)) {
|
||||
- qCDebug(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData());
|
||||
+ const QByteArray buf = device()->readAll();
|
||||
+ if (size_t(buf.size()) > std::numeric_limits<quint32>::max()) {
|
||||
+ qWarning(lcQtGuiTextureIO, "Too big KTX file %s", logName().constData());
|
||||
+ return QTextureFileData();
|
||||
+ }
|
||||
+
|
||||
+ if (!canRead(QByteArray(), buf)) {
|
||||
+ qWarning(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData());
|
||||
+ return QTextureFileData();
|
||||
+ }
|
||||
+
|
||||
+ if (buf.size() < qsizetype(qktxh_headerSize)) {
|
||||
+ qWarning(lcQtGuiTextureIO, "Invalid KTX header size in %s", logName().constData());
|
||||
return QTextureFileData();
|
||||
}
|
||||
|
||||
- const KTXHeader *header = reinterpret_cast<const KTXHeader *>(buf.constData());
|
||||
- if (!checkHeader(*header)) {
|
||||
- qCDebug(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData());
|
||||
+ KTXHeader header;
|
||||
+ memcpy(&header, buf.data(), qktxh_headerSize);
|
||||
+ if (!checkHeader(header)) {
|
||||
+ qWarning(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData());
|
||||
return QTextureFileData();
|
||||
}
|
||||
|
||||
QTextureFileData texData;
|
||||
texData.setData(buf);
|
||||
|
||||
- texData.setSize(QSize(decode(header->pixelWidth), decode(header->pixelHeight)));
|
||||
- texData.setGLFormat(decode(header->glFormat));
|
||||
- texData.setGLInternalFormat(decode(header->glInternalFormat));
|
||||
- texData.setGLBaseInternalFormat(decode(header->glBaseInternalFormat));
|
||||
-
|
||||
- texData.setNumLevels(decode(header->numberOfMipmapLevels));
|
||||
- quint32 offset = headerSize + decode(header->bytesOfKeyValueData);
|
||||
- const int maxLevels = qMin(texData.numLevels(), 32); // Cap iterations in case of corrupt file.
|
||||
- for (int i = 0; i < maxLevels; i++) {
|
||||
- if (offset + sizeof(KTXMipmapLevel) > dataSize) // Corrupt file; avoid oob read
|
||||
- break;
|
||||
- const KTXMipmapLevel *level = reinterpret_cast<const KTXMipmapLevel *>(buf.constData() + offset);
|
||||
- quint32 levelLen = decode(level->imageSize);
|
||||
- texData.setDataOffset(offset + sizeof(KTXMipmapLevel::imageSize), i);
|
||||
- texData.setDataLength(levelLen, i);
|
||||
- offset += sizeof(KTXMipmapLevel::imageSize) + levelLen + (3 - ((levelLen + 3) % 4));
|
||||
+ texData.setSize(QSize(decode(header.pixelWidth), decode(header.pixelHeight)));
|
||||
+ texData.setGLFormat(decode(header.glFormat));
|
||||
+ texData.setGLInternalFormat(decode(header.glInternalFormat));
|
||||
+ texData.setGLBaseInternalFormat(decode(header.glBaseInternalFormat));
|
||||
+
|
||||
+ texData.setNumLevels(decode(header.numberOfMipmapLevels));
|
||||
+
|
||||
+ const quint32 bytesOfKeyValueData = decode(header.bytesOfKeyValueData);
|
||||
+ quint32 headerKeyValueSize;
|
||||
+ if (qAddOverflow(qktxh_headerSize, bytesOfKeyValueData, &headerKeyValueSize)) {
|
||||
+ qWarning(lcQtGuiTextureIO, "Overflow in size of key value data in header of KTX file %s",
|
||||
+ logName().constData());
|
||||
+ return QTextureFileData();
|
||||
+ }
|
||||
+
|
||||
+ if (headerKeyValueSize >= quint32(buf.size())) {
|
||||
+ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData());
|
||||
+ return QTextureFileData();
|
||||
+ }
|
||||
+
|
||||
+ // Technically, any number of levels is allowed but if the value is bigger than
|
||||
+ // what is possible in KTX V2 (and what makes sense) we return an error.
|
||||
+ // maxLevels = log2(max(width, height, depth))
|
||||
+ const int maxLevels = (sizeof(quint32) * 8)
|
||||
+ - qCountLeadingZeroBits(std::max(
|
||||
+ { header.pixelWidth, header.pixelHeight, header.pixelDepth }));
|
||||
+
|
||||
+ if (texData.numLevels() > maxLevels) {
|
||||
+ qWarning(lcQtGuiTextureIO, "Too many levels in KTX file %s", logName().constData());
|
||||
+ return QTextureFileData();
|
||||
+ }
|
||||
+
|
||||
+ quint32 offset = headerKeyValueSize;
|
||||
+ for (int level = 0; level < texData.numLevels(); level++) {
|
||||
+ const auto imageSizeSlice = safeSlice(buf, offset, sizeof(quint32));
|
||||
+ if (imageSizeSlice.isEmpty()) {
|
||||
+ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData());
|
||||
+ return QTextureFileData();
|
||||
+ }
|
||||
+
|
||||
+ const quint32 imageSize = decode(qFromUnaligned<quint32>(imageSizeSlice.data()));
|
||||
+ offset += sizeof(quint32); // overflow checked indirectly above
|
||||
+
|
||||
+ texData.setDataOffset(offset, level);
|
||||
+ texData.setDataLength(imageSize, level);
|
||||
+
|
||||
+ // Add image data and padding to offset
|
||||
+ quint32 padded = 0;
|
||||
+ if (nearestMultipleOf4(imageSize, &padded)) {
|
||||
+ qWarning(lcQtGuiTextureIO, "Overflow in KTX file %s", logName().constData());
|
||||
+ return QTextureFileData();
|
||||
+ }
|
||||
+
|
||||
+ quint32 offsetNext;
|
||||
+ if (qAddOverflow(offset, padded, &offsetNext)) {
|
||||
+ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData());
|
||||
+ return QTextureFileData();
|
||||
+ }
|
||||
+
|
||||
+ offset = offsetNext;
|
||||
}
|
||||
|
||||
if (!texData.isValid()) {
|
||||
- qCDebug(lcQtGuiTextureIO, "Invalid values in header of KTX file %s", logName().constData());
|
||||
+ qWarning(lcQtGuiTextureIO, "Invalid values in header of KTX file %s",
|
||||
+ logName().constData());
|
||||
return QTextureFileData();
|
||||
}
|
||||
|
||||
@@ -191,7 +271,7 @@ bool QKtxHandler::checkHeader(const KTXHeader &header)
|
||||
(decode(header.numberOfFaces) == 1));
|
||||
}
|
||||
|
||||
-quint32 QKtxHandler::decode(quint32 val)
|
||||
+quint32 QKtxHandler::decode(quint32 val) const
|
||||
{
|
||||
return inverseEndian ? qbswap<quint32>(val) : val;
|
||||
}
|
||||
diff --git a/src/gui/util/qktxhandler_p.h b/src/gui/util/qktxhandler_p.h
|
||||
index f831e59d95..cdf1b2eaf8 100644
|
||||
--- a/src/gui/util/qktxhandler_p.h
|
||||
+++ b/src/gui/util/qktxhandler_p.h
|
||||
@@ -68,7 +68,7 @@ public:
|
||||
|
||||
private:
|
||||
bool checkHeader(const KTXHeader &header);
|
||||
- quint32 decode(quint32 val);
|
||||
+ quint32 decode(quint32 val) const;
|
||||
|
||||
bool inverseEndian = false;
|
||||
};
|
40
SOURCES/qtbase-5.15.8-fix-missing-qtsan-include.patch
Normal file
40
SOURCES/qtbase-5.15.8-fix-missing-qtsan-include.patch
Normal file
File diff suppressed because one or more lines are too long
@ -1,30 +0,0 @@
|
||||
diff --git a/mkspecs/features/uikit/devices.py b/mkspecs/features/uikit/devices.py
|
||||
index 8cdcb370..b0c927ea 100755
|
||||
--- a/mkspecs/features/uikit/devices.py
|
||||
+++ b/mkspecs/features/uikit/devices.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/python
|
||||
+#!/usr/bin/python3
|
||||
|
||||
#############################################################################
|
||||
##
|
||||
diff --git a/tests/manual/xembed-raster/gtk-embedder.py b/tests/manual/xembed-raster/gtk-embedder.py
|
||||
index 5c37fd44..86ffa9fd 100755
|
||||
--- a/tests/manual/xembed-raster/gtk-embedder.py
|
||||
+++ b/tests/manual/xembed-raster/gtk-embedder.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/python
|
||||
+#!/usr/bin/python3
|
||||
#############################################################################
|
||||
##
|
||||
## Copyright (C) 2013 Canonical Ltd.
|
||||
diff --git a/tests/manual/xembed-widgets/gtk-embedder.py b/tests/manual/xembed-widgets/gtk-embedder.py
|
||||
index 2a7c92db..93135b14 100755
|
||||
--- a/tests/manual/xembed-widgets/gtk-embedder.py
|
||||
+++ b/tests/manual/xembed-widgets/gtk-embedder.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/python
|
||||
+#!/usr/bin/python3
|
||||
#############################################################################
|
||||
##
|
||||
## Copyright (C) 2013 Canonical Ltd.
|
122
SOURCES/qtbase-disable-tests-not-working-in-gating.patch
Normal file
122
SOURCES/qtbase-disable-tests-not-working-in-gating.patch
Normal file
@ -0,0 +1,122 @@
|
||||
diff --git a/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp b/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
|
||||
index 2accf99c..31478c1d 100644
|
||||
--- a/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
|
||||
+++ b/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
|
||||
@@ -63,7 +63,7 @@ private slots:
|
||||
#endif
|
||||
void doubleSlashInRoot();
|
||||
void setLocale();
|
||||
- void lastModified();
|
||||
+ // void lastModified();
|
||||
void resourcesInStaticPlugins();
|
||||
|
||||
private:
|
||||
@@ -645,19 +645,19 @@ void tst_QResourceEngine::setLocale()
|
||||
QLocale::setDefault(QLocale::system());
|
||||
}
|
||||
|
||||
-void tst_QResourceEngine::lastModified()
|
||||
-{
|
||||
- {
|
||||
- QFileInfo fi(":/");
|
||||
- QVERIFY(fi.exists());
|
||||
- QVERIFY2(!fi.lastModified().isValid(), qPrintable(fi.lastModified().toString()));
|
||||
- }
|
||||
- {
|
||||
- QFileInfo fi(":/search_file.txt");
|
||||
- QVERIFY(fi.exists());
|
||||
- QVERIFY(fi.lastModified().isValid());
|
||||
- }
|
||||
-}
|
||||
+// void tst_QResourceEngine::lastModified()
|
||||
+// {
|
||||
+// {
|
||||
+// QFileInfo fi(":/");
|
||||
+// QVERIFY(fi.exists());
|
||||
+// QVERIFY2(!fi.lastModified().isValid(), qPrintable(fi.lastModified().toString()));
|
||||
+// }
|
||||
+// {
|
||||
+// QFileInfo fi(":/search_file.txt");
|
||||
+// QVERIFY(fi.exists());
|
||||
+// QVERIFY(fi.lastModified().isValid());
|
||||
+// }
|
||||
+// }
|
||||
|
||||
Q_IMPORT_PLUGIN(PluginClass)
|
||||
void tst_QResourceEngine::resourcesInStaticPlugins()
|
||||
diff --git a/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp b/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
|
||||
index fe63cecc..e1686aea 100644
|
||||
--- a/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
|
||||
+++ b/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
|
||||
@@ -46,7 +46,7 @@ private slots:
|
||||
void currentStorage();
|
||||
void storageList();
|
||||
void tempFile();
|
||||
- void caching();
|
||||
+ // void caching();
|
||||
#endif
|
||||
};
|
||||
|
||||
@@ -202,34 +202,34 @@ void tst_QStorageInfo::tempFile()
|
||||
QVERIFY(free != storage2.bytesFree());
|
||||
}
|
||||
|
||||
-void tst_QStorageInfo::caching()
|
||||
-{
|
||||
- QTemporaryFile file;
|
||||
- QVERIFY2(file.open(), qPrintable(file.errorString()));
|
||||
-
|
||||
- QStorageInfo storage1(file.fileName());
|
||||
-#ifdef Q_OS_LINUX
|
||||
- if (storage1.fileSystemType() == "btrfs")
|
||||
- QSKIP("This test doesn't work on btrfs, probably due to a btrfs bug");
|
||||
-#endif
|
||||
-
|
||||
- qint64 free = storage1.bytesFree();
|
||||
- QStorageInfo storage2(storage1);
|
||||
- QCOMPARE(free, storage2.bytesFree());
|
||||
- QVERIFY(free != -1);
|
||||
-
|
||||
- file.write(QByteArray(1024*1024, '\0'));
|
||||
- file.flush();
|
||||
-
|
||||
- QCOMPARE(free, storage1.bytesFree());
|
||||
- QCOMPARE(free, storage2.bytesFree());
|
||||
- storage2.refresh();
|
||||
- QCOMPARE(storage1, storage2);
|
||||
- if (free == storage2.bytesFree() && storage2.fileSystemType() == "apfs") {
|
||||
- QEXPECT_FAIL("", "This test is likely to fail on APFS", Continue);
|
||||
- }
|
||||
- QVERIFY(free != storage2.bytesFree());
|
||||
-}
|
||||
+// void tst_QStorageInfo::caching()
|
||||
+// {
|
||||
+// QTemporaryFile file;
|
||||
+// QVERIFY2(file.open(), qPrintable(file.errorString()));
|
||||
+//
|
||||
+// QStorageInfo storage1(file.fileName());
|
||||
+// #ifdef Q_OS_LINUX
|
||||
+// if (storage1.fileSystemType() == "btrfs")
|
||||
+// QSKIP("This test doesn't work on btrfs, probably due to a btrfs bug");
|
||||
+// #endif
|
||||
+//
|
||||
+// qint64 free = storage1.bytesFree();
|
||||
+// QStorageInfo storage2(storage1);
|
||||
+// QCOMPARE(free, storage2.bytesFree());
|
||||
+// QVERIFY(free != -1);
|
||||
+//
|
||||
+// file.write(QByteArray(1024*1024, '\0'));
|
||||
+// file.flush();
|
||||
+//
|
||||
+// QCOMPARE(free, storage1.bytesFree());
|
||||
+// QCOMPARE(free, storage2.bytesFree());
|
||||
+// storage2.refresh();
|
||||
+// QCOMPARE(storage1, storage2);
|
||||
+// if (free == storage2.bytesFree() && storage2.fileSystemType() == "apfs") {
|
||||
+// QEXPECT_FAIL("", "This test is likely to fail on APFS", Continue);
|
||||
+// }
|
||||
+// QVERIFY(free != storage2.bytesFree());
|
||||
+// }
|
||||
#endif
|
||||
|
||||
QTEST_MAIN(tst_QStorageInfo)
|
@ -0,0 +1,12 @@
|
||||
diff -up qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h.private_api_warning qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h
|
||||
--- qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h.private_api_warning 2022-10-11 09:08:33.712070523 -0500
|
||||
+++ qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h 2022-10-11 09:10:58.647038619 -0500
|
||||
@@ -435,7 +435,7 @@ inline void QObjectPrivate::checkForInco
|
||||
Q_UNUSED(version);
|
||||
#else
|
||||
if (Q_UNLIKELY(version != QObjectPrivateVersion)) {
|
||||
- qFatal("Cannot mix incompatible Qt library (%d.%d.%d) with this library (%d.%d.%d)",
|
||||
+ qWarning("Cannot mix incompatible Qt library (%d.%d.%d) with this library (%d.%d.%d)",
|
||||
(version >> 16) & 0xff, (version >> 8) & 0xff, version & 0xff,
|
||||
(QObjectPrivateVersion >> 16) & 0xff, (QObjectPrivateVersion >> 8) & 0xff, QObjectPrivateVersion & 0xff);
|
||||
}
|
@ -1,16 +0,0 @@
|
||||
diff --git a/mkspecs/features/qt_module.prf b/mkspecs/features/qt_module.prf
|
||||
index e6a0d97..cf93041 100644
|
||||
--- a/mkspecs/features/qt_module.prf
|
||||
+++ b/mkspecs/features/qt_module.prf
|
||||
@@ -216,9 +216,9 @@ android: CONFIG += qt_android_deps no_linker_version_script
|
||||
QMAKE_LFLAGS += $${QMAKE_LFLAGS_VERSION_SCRIPT}$$verscript
|
||||
|
||||
internal_module {
|
||||
- verscript_content = "Qt_$${QT_MAJOR_VERSION}_PRIVATE_API { *; };"
|
||||
+ verscript_content = "Qt_$${QT_MAJOR_VERSION}.$${QT_MINOR_VERSION}.$${QT_PATCH_VERSION}_PRIVATE_API { *; };"
|
||||
} else {
|
||||
- verscript_content = "Qt_$${QT_MAJOR_VERSION}_PRIVATE_API {" \
|
||||
+ verscript_content = "Qt_$${QT_MAJOR_VERSION}.$${QT_MINOR_VERSION}.$${QT_PATCH_VERSION}_PRIVATE_API {" \
|
||||
" qt_private_api_tag*;"
|
||||
|
||||
private_api_headers = $$SYNCQT.PRIVATE_HEADER_FILES $$SYNCQT.QPA_HEADER_FILES
|
@ -2,8 +2,6 @@
|
||||
%global multilib_archs x86_64 %{ix86} %{?mips} ppc64 ppc s390x s390 sparc64 sparcv9
|
||||
%global multilib_basearchs x86_64 %{?mips64} ppc64 s390x sparc64
|
||||
|
||||
%global openssl -openssl-linked
|
||||
|
||||
%if 0%{?fedora} < 29 && 0%{?rhel} < 9
|
||||
%ifarch %{ix86}
|
||||
%global no_sse2 -no-sse2
|
||||
@ -47,7 +45,6 @@
|
||||
%global qt_settings 1
|
||||
%endif
|
||||
|
||||
%global journald -journald
|
||||
BuildRequires: make
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
|
||||
@ -59,8 +56,8 @@ BuildRequires: pkgconfig(libsystemd)
|
||||
|
||||
Name: qt5-qtbase
|
||||
Summary: Qt5 - QtBase components
|
||||
Version: 5.15.3
|
||||
Release: 1%{?dist}
|
||||
Version: 5.15.9
|
||||
Release: 9%{?dist}
|
||||
|
||||
|
||||
# See LGPL_EXCEPTIONS.txt, for exception details
|
||||
@ -86,11 +83,8 @@ Source10: macros.qt5-qtbase
|
||||
# support multilib optflags
|
||||
Patch2: qtbase-multilib_optflags.patch
|
||||
|
||||
# borrowed from opensuse
|
||||
# track private api via properly versioned symbols
|
||||
# downside: binaries produced with these differently-versioned symbols are no longer
|
||||
# compatible with qt-project.org's Qt binary releases.
|
||||
Patch8: tell-the-truth-about-private-api.patch
|
||||
# make mixing versions with private apis a warning instead of fatal error
|
||||
Patch3: qtbase-everywhere-src-5.15.6-private_api_warning.patch
|
||||
|
||||
# upstreamable patches
|
||||
# namespace QT_VERSION_CHECK to workaround major/minor being pre-defined (#1396755)
|
||||
@ -132,9 +126,6 @@ Patch64: qt5-qtbase-5.12.1-firebird-4.0.0.patch
|
||||
# fix for new mariadb
|
||||
Patch65: qtbase-opensource-src-5.9.0-mysql.patch
|
||||
|
||||
# python3
|
||||
Patch68: qtbase-ambiguous-python-shebang.patch
|
||||
|
||||
# https://fedoraproject.org/wiki/Changes/Qt_Wayland_By_Default_On_Gnome
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1732129
|
||||
Patch80: qtbase-use-wayland-on-gnome.patch
|
||||
@ -144,12 +135,26 @@ Patch90: %{name}-gcc11.patch
|
||||
|
||||
## upstream patches
|
||||
# https://invent.kde.org/qt/qt/qtbase, kde/5.15 branch
|
||||
# git diff v5.15.3-lts-lgpl..HEAD | gzip > kde-5.15-rollup-$(date +%Y%m%d).patch.gz
|
||||
# git diff v5.15.9-lts-lgpl..HEAD | gzip > kde-5.15-rollup-$(date +%Y%m%d).patch.gz
|
||||
# patch100 in lookaside cache due to large'ish size -- rdieter
|
||||
Patch100: kde-5.15-rollup-20220324.patch.gz
|
||||
Patch100: kde-5.15-rollup-20230411.patch.gz
|
||||
# HACK to make 'fedpkg sources' consider it 'used"
|
||||
Source100: kde-5.15-rollup-20220324.patch.gz
|
||||
Source100: kde-5.15-rollup-20230411.patch.gz
|
||||
|
||||
Patch101: qtbase-5.15.8-fix-missing-qtsan-include.patch
|
||||
|
||||
Patch110: CVE-2023-32762-qtbase-5.15.patch
|
||||
Patch111: CVE-2023-32763-qtbase-5.15.patch
|
||||
Patch112: CVE-2023-33285-qtbase-5.15.patch
|
||||
Patch113: CVE-2023-34410-qtbase-5.15.patch
|
||||
Patch114: CVE-2023-37369-qtbase-5.15.patch
|
||||
Patch115: CVE-2023-38197-qtbase-5.15.patch
|
||||
Patch116: 0001-CVE-2023-51714-qtbase-5.15.patch
|
||||
Patch117: 0002-CVE-2023-51714-qtbase-5.15.patch
|
||||
Patch118: CVE-2024-25580-qtbase-5.15.patch
|
||||
|
||||
# gating related patches
|
||||
Patch200: qtbase-disable-tests-not-working-in-gating.patch
|
||||
|
||||
# Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
|
||||
# Those themes are there for platform integration. If the required libraries are
|
||||
@ -174,11 +179,8 @@ BuildRequires: clang >= 3.7.0
|
||||
%else
|
||||
BuildRequires: gcc-c++
|
||||
%endif
|
||||
# http://bugzilla.redhat.com/1196359
|
||||
%if 0%{?fedora} || 0%{?rhel} > 6
|
||||
%global dbus -dbus-linked
|
||||
BuildRequires: pkgconfig(dbus-1)
|
||||
%endif
|
||||
BuildRequires: pkgconfig(libdrm)
|
||||
BuildRequires: pkgconfig(fontconfig)
|
||||
BuildRequires: pkgconfig(gl)
|
||||
@ -192,6 +194,7 @@ BuildRequires: pkgconfig(libudev)
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: pkgconfig(libpulse) pkgconfig(libpulse-mainloop-glib)
|
||||
BuildRequires: pkgconfig(libinput)
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
BuildRequires: pkgconfig(xcb-xkb) >= 1.10
|
||||
BuildRequires: pkgconfig(xcb-util)
|
||||
BuildRequires: pkgconfig(xkbcommon) >= 0.4.1
|
||||
@ -222,6 +225,7 @@ BuildRequires: libicu-devel
|
||||
%endif
|
||||
BuildRequires: pkgconfig(xcb) pkgconfig(xcb-glx) pkgconfig(xcb-icccm) pkgconfig(xcb-image) pkgconfig(xcb-keysyms) pkgconfig(xcb-renderutil)
|
||||
BuildRequires: pkgconfig(zlib)
|
||||
BuildRequires: pkgconfig(libzstd)
|
||||
BuildRequires: perl-generators
|
||||
# see patch68
|
||||
BuildRequires: python3
|
||||
@ -270,6 +274,12 @@ Summary: Common files for Qt5
|
||||
# offer upgrade path for qtquick1 somewhere... may as well be here -- rex
|
||||
Obsoletes: qt5-qtquick1 < 5.9.0
|
||||
Obsoletes: qt5-qtquick1-devel < 5.9.0
|
||||
%if "%{?ibase}" == "-no-sql-ibase"
|
||||
Obsoletes: qt5-qtbase-ibase < %{version}-%{release}
|
||||
%endif
|
||||
%if "%{?tds}" == "-no-sql-tds"
|
||||
Obsoletes: qt5-qtbase-tds < %{version}-%{release}
|
||||
%endif
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
BuildArch: noarch
|
||||
%description common
|
||||
@ -378,7 +388,8 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
%package gui
|
||||
Summary: Qt5 GUI-related libraries
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
%if ! 0%{?rhel} < 8
|
||||
# where Recommends are supported
|
||||
%if 0%{?fedora} || 0%{?rhel} >= 8
|
||||
Recommends: mesa-dri-drivers
|
||||
%endif
|
||||
Obsoletes: qt5-qtbase-x11 < 5.2.0
|
||||
@ -393,38 +404,49 @@ Qt5 libraries used for drawing widgets and OpenGL items.
|
||||
%prep
|
||||
%setup -q -n %{qt_module}-everywhere-src-%{version}
|
||||
|
||||
## dowstream patches
|
||||
%patch -P3 -p1 -b .private_api_warning
|
||||
|
||||
## upstream fixes
|
||||
|
||||
# omit '-b .tell-the-truth-about-private-api' so it doesn't end up in installed files -- rdieter
|
||||
%patch8 -p1
|
||||
|
||||
%patch50 -p1 -b .QT_VERSION_CHECK
|
||||
# FIXME/TODO : rebase or drop -- rdieter
|
||||
#patch51 -p1 -b .hidpi_scale_at_192
|
||||
%patch52 -p1 -b .moc_macros
|
||||
%patch53 -p1 -b .qt5gui_cmake_isystem_includes
|
||||
%patch54 -p1 -b .qmake_LFLAGS
|
||||
%patch55 -p1 -b .no_relocatable
|
||||
%patch56 -p1 -b .libglvnd
|
||||
%patch61 -p1 -b .qt5-qtbase-cxxflag
|
||||
%patch -P50 -p1 -b .QT_VERSION_CHECK
|
||||
#patch -P51 -p1 -b .hidpi_scale_at_192
|
||||
%patch -P52 -p1 -b .moc_macros
|
||||
%patch -P53 -p1 -b .qt5gui_cmake_isystem_includes
|
||||
%patch -P54 -p1 -b .qmake_LFLAGS
|
||||
%patch -P55 -p1 -b .no_relocatable
|
||||
%patch -P56 -p1 -b .libglvnd
|
||||
%patch -P61 -p1 -b .qt5-qtbase-cxxflag
|
||||
%if 0%{?fedora} < 35
|
||||
%patch63 -p1 -b .firebird
|
||||
%patch -P63 -p1 -b .firebird
|
||||
%else
|
||||
%patch64 -p1 -b .firebird
|
||||
%patch -P64 -p1 -b .firebird
|
||||
%endif
|
||||
%if 0%{?fedora} > 27
|
||||
%patch65 -p1 -b .mysql
|
||||
%patch -P65 -p1 -b .mysql
|
||||
%endif
|
||||
%patch68 -p1
|
||||
|
||||
%if 0%{?fedora} > 30 || 0%{?rhel} > 9
|
||||
%patch80 -p1 -b .use-wayland-on-gnome.patch
|
||||
%patch -P80 -p1 -b .use-wayland-on-gnome.patch
|
||||
%endif
|
||||
|
||||
%patch90 -p1 -b .gcc11
|
||||
%patch -P90 -p1 -b .gcc11
|
||||
|
||||
## upstream patches
|
||||
%patch100 -p1
|
||||
%patch -P100 -p1
|
||||
%patch -P101 -p1
|
||||
|
||||
%patch -P110 -p1
|
||||
%patch -P111 -p1
|
||||
%patch -P112 -p1
|
||||
%patch -P113 -p1
|
||||
%patch -P114 -p1
|
||||
%patch -P115 -p1
|
||||
%patch -P116 -p1
|
||||
%patch -P117 -p1
|
||||
%patch -P118 -p1
|
||||
|
||||
## gating related patches
|
||||
%patch -P200 -p1 -b .disable-tests-not-working-in-gating
|
||||
|
||||
# move some bundled libs to ensure they're not accidentally used
|
||||
pushd src/3rdparty
|
||||
@ -497,16 +519,17 @@ export MAKEFLAGS="%{?_smp_mflags}"
|
||||
-release \
|
||||
-shared \
|
||||
-accessibility \
|
||||
%{?dbus}%{!?dbus:-dbus-runtime} \
|
||||
-dbus-linked \
|
||||
%{?egl:-egl -eglfs} \
|
||||
-fontconfig \
|
||||
-glib \
|
||||
-gtk \
|
||||
%{?ibase} \
|
||||
-icu \
|
||||
%{?journald} \
|
||||
-journald \
|
||||
-optimized-qmake \
|
||||
%{?openssl} \
|
||||
-openssl-linked \
|
||||
-libproxy \
|
||||
%{!?examples:-nomake examples} \
|
||||
%{!?build_tests:-nomake tests} \
|
||||
-no-pch \
|
||||
@ -535,7 +558,11 @@ export MAKEFLAGS="%{?_smp_mflags}"
|
||||
QMAKE_LFLAGS_RELEASE="${LDFLAGS:-$RPM_LD_FLAGS}"
|
||||
|
||||
# Validate config results
|
||||
%if "%{?ibase}" != "-no-sql-ibase"
|
||||
for config_test in egl-x11 ibase ; do
|
||||
%else
|
||||
for config_test in egl-x11 ; do
|
||||
%endif
|
||||
config_result="$(grep ^cache.${config_test}.result config.cache | cut -d= -f2 | tr -d ' ')"
|
||||
if [ "${config_result}" != "true" ]; then
|
||||
echo "${config_test} detection failed"
|
||||
@ -597,7 +624,7 @@ translationdir=%{_qt5_translationdir}
|
||||
|
||||
Name: Qt5
|
||||
Description: Qt5 Configuration
|
||||
Version: 5.15.3
|
||||
Version: 5.15.9
|
||||
EOF
|
||||
|
||||
# rpm macros
|
||||
@ -1117,6 +1144,46 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Feb 16 2024 Jan Grulich <jgrulich@redhat.com> - 5.15.9-9
|
||||
- Fix CVE-2024-25580: potential buffer overflow when reading KTX images
|
||||
Resolves: RHEL-25726
|
||||
|
||||
* Thu Jan 04 2024 Jan Grulich <jgrulich@redhat.com> - 5.15.9-8
|
||||
- Fix incorrect integer overflow check in HTTP2 implementation
|
||||
Resolves: RHEL-20239
|
||||
|
||||
* Fri Jul 21 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-7
|
||||
- Fix infinite loops in QXmlStreamReader (CVE-2023-38197)
|
||||
Resolves: bz#2222771
|
||||
|
||||
* Fri Jun 09 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-6
|
||||
- Don't allow remote attacker to bypass security restrictions caused by
|
||||
flaw in certificate validation (CVE-2023-34410) (version #2)
|
||||
Resolves: bz#2212754
|
||||
|
||||
* Tue Jun 06 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-5
|
||||
- Don't allow remote attacker to bypass security restrictions caused by
|
||||
flaw in certificate validation (CVE-2023-34410)
|
||||
Resolves: bz#2212754
|
||||
|
||||
* Wed May 24 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-4
|
||||
- Fix specific overflow in qtextlayout
|
||||
- Fix incorrect parsing of the strict-transport-security (HSTS) header
|
||||
- Fix buffer over-read via a crafted reply from a DNS server
|
||||
Resolves: bz#2209492
|
||||
|
||||
* Wed Apr 26 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-3
|
||||
- Rebuild (elfutils#2188064)
|
||||
Resolves: bz#2175727
|
||||
|
||||
* Tue Apr 25 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-2
|
||||
- Disable tests failing in gating
|
||||
Resolves: bz#2175727
|
||||
|
||||
* Mon Apr 17 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-1
|
||||
- 5.15.9 + sync with Fedora
|
||||
Resolves: bz#2175727
|
||||
|
||||
* Thu Mar 24 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.3-1
|
||||
- 5.15.3 + sync with Fedora
|
||||
Resolves: bz#2061354
|
||||
|
Loading…
Reference in New Issue
Block a user