From 5b8abe98556ac417bdcc3da56ec53210668f578d Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Wed, 8 Sep 2021 11:04:03 +0200 Subject: [PATCH] Sync with Fedora: - sync kde/5.15 branch patches - -gui: add mesa-dri-drivers soft dep for rhel8+ too Resolves: bz#1998959 Fix out-of-bound write in QOutlineMapper::converPath Resolves: bz#1996876 --- .gitignore | 1 + 0068-Bump-version.patch | 25 ++++++++ qt5-qtbase-5.12.1-firebird-4.0.0.patch | 17 ++++++ qt5-qtbase.spec | 83 ++++++++++++++++---------- qtbase-CVE-2021-38593.patch | 31 ++++++++++ sources | 1 + 6 files changed, 126 insertions(+), 32 deletions(-) create mode 100644 0068-Bump-version.patch create mode 100644 qt5-qtbase-5.12.1-firebird-4.0.0.patch create mode 100644 qtbase-CVE-2021-38593.patch diff --git a/.gitignore b/.gitignore index 5f93b68..6a0fd60 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ /qtbase-everywhere-src-5.14.2.tar.xz /qtbase-everywhere-src-5.15.1.tar.xz /qtbase-everywhere-src-5.15.2.tar.xz +/kde-5.15-rollup-20210907.patch.gz diff --git a/0068-Bump-version.patch b/0068-Bump-version.patch new file mode 100644 index 0000000..6720f2e --- /dev/null +++ b/0068-Bump-version.patch @@ -0,0 +1,25 @@ +From 6344955d17e17e2398720fe60c34cfc2a4a95208 Mon Sep 17 00:00:00 2001 +From: Liang Qi +Date: Tue, 17 Nov 2020 11:07:30 +0100 +Subject: [PATCH 068/220] Bump version + +Change-Id: I5697edf968dfaebe25c73899d26ed234631e55dc +Reviewed-by: Kevin Funk +Reviewed-by: Jani Heikkinen +--- + .qmake.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/.qmake.conf b/.qmake.conf +index 9476d20099..1bf1a80475 100644 +--- a/.qmake.conf ++++ b/.qmake.conf +@@ -6,4 +6,4 @@ DEFINES += QT_NO_JAVA_STYLE_ITERATORS + QT_SOURCE_TREE = $$PWD + QT_BUILD_TREE = $$shadowed($$PWD) + +-MODULE_VERSION = 5.15.2 ++MODULE_VERSION = 5.15.3 +-- +2.31.1 + diff --git a/qt5-qtbase-5.12.1-firebird-4.0.0.patch b/qt5-qtbase-5.12.1-firebird-4.0.0.patch new file mode 100644 index 0000000..9c09161 --- /dev/null +++ b/qt5-qtbase-5.12.1-firebird-4.0.0.patch @@ -0,0 +1,17 @@ +diff -up qtbase-everywhere-src-5.12.1/src/plugins/sqldrivers/configure.json.firebird qtbase-everywhere-src-5.12.1/src/plugins/sqldrivers/configure.json +--- qtbase-everywhere-src-5.12.1/src/plugins/sqldrivers/configure.json.firebird 2019-01-28 11:11:52.000000000 -0600 ++++ qtbase-everywhere-src-5.12.1/src/plugins/sqldrivers/configure.json 2019-02-03 13:41:27.392305128 -0600 +@@ -49,10 +49,11 @@ + "ibase": { + "label": "InterBase", + "test": {}, +- "headers": "ibase.h", ++ "headers": "ibase.h", + "sources": [ + { "libs": "-lgds32_ms", "condition": "config.win32" }, +- { "libs": "-lgds", "condition": "!config.win32" } ++ { "libs": "-lgds", "condition": "!config.win32" }, ++ { "libs": "-lfbclient", "condition": "!config.win32" } + ] + }, + "mysql": { diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 5aebdc6..d5a9849 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -57,7 +57,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.15.2 -Release: 25%{?dist} +Release: 26%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details @@ -118,7 +118,10 @@ Patch55: qtbase-everywhere-src-5.14.2-no_relocatable.patch Patch61: qt5-qtbase-cxxflag.patch # support firebird version 3.x -Patch64: qt5-qtbase-5.12.1-firebird.patch +Patch63: qt5-qtbase-5.12.1-firebird.patch + +# support firebird version 4.x +Patch64: qt5-qtbase-5.12.1-firebird-4.0.0.patch # fix for new mariadb Patch65: qtbase-opensource-src-5.9.0-mysql.patch @@ -133,13 +136,14 @@ Patch80: qtbase-use-wayland-on-gnome.patch # gcc-11 Patch90: %{name}-gcc11.patch -# glibc stat - ## upstream patches -# see also patch90 -Patch200: qtbase-QTBUG-90395.patch -Patch201: qtbase-QTBUG-89977.patch -Patch202: qtbase-filechooser-portal-send-window-id-in-hex.patch +# https://invent.kde.org/qt/qt/qtbase, kde/5.15 branch +# git diff v5.15.2..HEAD | gzip > kde-5.15-rollup-$(date +%Y%m%d).patch.gz +# patch100 in lookaside cache due to large'ish size -- rdieter +Patch100: kde-5.15-rollup-20210907.patch.gz +Patch101: 0068-Bump-version.patch + +Patch102: qtbase-CVE-2021-38593.patch # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are @@ -331,10 +335,10 @@ Requires: %{name}%{?_isa} = %{version}-%{release} %package mysql Summary: MySQL driver for Qt5's SQL classes -%if 0%{?fedora} > 27 || 0%{?rhel} > 8 -BuildRequires: mariadb-connector-c-devel -%else +%if 0%{?rhel} && 0%{?rhel} < 9 BuildRequires: mysql-devel +%else +BuildRequires: mariadb-connector-c-devel %endif Requires: %{name}%{?_isa} = %{version}-%{release} %description mysql @@ -367,7 +371,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release} %package gui Summary: Qt5 GUI-related libraries Requires: %{name}%{?_isa} = %{version}-%{release} -%if 0%{?fedora} > 20 +%if ! 0%{?rhel} < 8 Recommends: mesa-dri-drivers %endif Obsoletes: qt5-qtbase-x11 < 5.2.0 @@ -395,7 +399,11 @@ Qt5 libraries used for drawing widgets and OpenGL items. %patch54 -p1 -b .qmake_LFLAGS %patch55 -p1 -b .no_relocatable %patch61 -p1 -b .qt5-qtbase-cxxflag +%if 0%{?fedora} < 35 +%patch63 -p1 -b .firebird +%else %patch64 -p1 -b .firebird +%endif %if 0%{?fedora} > 27 %patch65 -p1 -b .mysql %endif @@ -408,8 +416,11 @@ Qt5 libraries used for drawing widgets and OpenGL items. %patch90 -p1 -b .gcc11 ## upstream patches -%patch200 -p1 -b .QTBUG-90395 -%patch201 -p1 -b .QTBUG-89977 +%patch100 -p1 +# revert version bump +%patch101 -p1 -R + +%patch102 -p1 # move some bundled libs to ensure they're not accidentally used pushd src/3rdparty @@ -880,24 +891,24 @@ fi %{_qt5_libdir}/cmake/Qt5Widgets/Qt5WidgetsMacros.cmake %{_qt5_libdir}/cmake/Qt5Xml/Qt5XmlConfig*.cmake %{_qt5_libdir}/cmake/Qt5/Qt5ModuleLocation.cmake -%{_qt5_libdir}/cmake/Qt5AccessibilitySupport/Qt5AccessibilitySupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5DeviceDiscoverySupport/Qt5DeviceDiscoverySupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5EdidSupport/Qt5EdidSupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5EglFSDeviceIntegration/Qt5EglFSDeviceIntegrationConfig*.cmake -%{_qt5_libdir}/cmake/Qt5EglFsKmsSupport/Qt5EglFsKmsSupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5EglSupport/Qt5EglSupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5EventDispatcherSupport/Qt5EventDispatcherSupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5FbSupport/Qt5FbSupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5FontDatabaseSupport/Qt5FontDatabaseSupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5GlxSupport/Qt5GlxSupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5InputSupport/Qt5InputSupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5KmsSupport/Qt5KmsSupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5LinuxAccessibilitySupport/Qt5LinuxAccessibilitySupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5PlatformCompositorSupport/Qt5PlatformCompositorSupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5ServiceSupport/Qt5ServiceSupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5ThemeSupport/Qt5ThemeSupportConfig*.cmake -%{_qt5_libdir}/cmake/Qt5XcbQpa/Qt5XcbQpaConfig*.cmake -%{_qt5_libdir}/cmake/Qt5XkbCommonSupport/Qt5XkbCommonSupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5AccessibilitySupport/ +%{_qt5_libdir}/cmake/Qt5DeviceDiscoverySupport/ +%{_qt5_libdir}/cmake/Qt5EdidSupport/ +%{_qt5_libdir}/cmake/Qt5EglFSDeviceIntegration/ +%{_qt5_libdir}/cmake/Qt5EglFsKmsSupport/ +%{_qt5_libdir}/cmake/Qt5EglSupport/ +%{_qt5_libdir}/cmake/Qt5EventDispatcherSupport/ +%{_qt5_libdir}/cmake/Qt5FbSupport/ +%{_qt5_libdir}/cmake/Qt5FontDatabaseSupport/ +%{_qt5_libdir}/cmake/Qt5GlxSupport/ +%{_qt5_libdir}/cmake/Qt5InputSupport/ +%{_qt5_libdir}/cmake/Qt5KmsSupport/ +%{_qt5_libdir}/cmake/Qt5LinuxAccessibilitySupport/ +%{_qt5_libdir}/cmake/Qt5PlatformCompositorSupport/ +%{_qt5_libdir}/cmake/Qt5ServiceSupport/ +%{_qt5_libdir}/cmake/Qt5ThemeSupport/ +%{_qt5_libdir}/cmake/Qt5XcbQpa/ +%{_qt5_libdir}/cmake/Qt5XkbCommonSupport/ %{_qt5_libdir}/metatypes/qt5core_metatypes.json %{_qt5_libdir}/metatypes/qt5gui_metatypes.json %{_qt5_libdir}/metatypes/qt5widgets_metatypes.json @@ -1091,6 +1102,14 @@ fi %changelog +* Wed Sep 08 2021 Jan Grulich - 5.15.2-26 +- Sync with Fedora: + - sync kde/5.15 branch patches + - -gui: add mesa-dri-drivers soft dep for rhel8+ too + Resolves: bz#1998959 +- Fix out-of-bound write in QOutlineMapper::converPath + Resolves: bz#1996876 + * Tue Aug 10 2021 Mohan Boddu - 5.15.2-25 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 diff --git a/qtbase-CVE-2021-38593.patch b/qtbase-CVE-2021-38593.patch new file mode 100644 index 0000000..75feb11 --- /dev/null +++ b/qtbase-CVE-2021-38593.patch @@ -0,0 +1,31 @@ +From 6b400e3147dcfd8cc3a393ace1bd118c93762e0c Mon Sep 17 00:00:00 2001 +From: Eirik Aavitsland +Date: Fri, 23 Jul 2021 15:53:56 +0200 +Subject: [PATCH] Improve fix for avoiding huge number of tiny dashes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some pathological cases were not caught by the previous fix. + +Fixes: QTBUG-95239 +Pick-to: 6.2 6.1 5.15 +Change-Id: I0337ee3923ff93ccb36c4d7b810a9c0667354cc5 +Reviewed-by: Robert Löhning +--- + src/gui/painting/qpaintengineex.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/gui/painting/qpaintengineex.cpp b/src/gui/painting/qpaintengineex.cpp +index 9fe51082..22e1b18f 100644 +--- a/src/gui/painting/qpaintengineex.cpp ++++ b/src/gui/painting/qpaintengineex.cpp +@@ -426,7 +426,7 @@ void QPaintEngineEx::stroke(const QVectorPath &path, const QPen &inPen) + patternLength *= pw; + if (qFuzzyIsNull(patternLength)) { + pen.setStyle(Qt::NoPen); +- } else if (extent / patternLength > 10000) { ++ } else if (qFuzzyIsNull(extent) || extent / patternLength > 10000) { + // approximate stream of tiny dashes with semi-transparent solid line + pen.setStyle(Qt::SolidLine); + QColor color(pen.color()); diff --git a/sources b/sources index 6ef5740..98f0df5 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (qtbase-everywhere-src-5.15.2.tar.xz) = a549bfaf867d746ff744ab224eb65ac1bdcdac7e8457dfa379941b2b225a90442fcfc1e1175b9afb1f169468f8130b7ab917c67be67156520a4bfb5c92d304f9 +SHA512 (kde-5.15-rollup-20210907.patch.gz) = 34775f02eb4ae8a41f919fe2eb69ba6978235d6fbab412b403147f38ee609a06d1936adfe494e011a078e912e309093cdede0598b0151ac5bbc095da3fdfeff1