diff --git a/SOURCES/qt5-qtbase-CVE-2018-15518.patch b/SOURCES/qt5-qtbase-CVE-2018-15518.patch new file mode 100644 index 0000000..bdd1b64 --- /dev/null +++ b/SOURCES/qt5-qtbase-CVE-2018-15518.patch @@ -0,0 +1,13 @@ +diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h +index 4157fbbd..f8b1ede9 100644 +--- a/src/corelib/serialization/qxmlstream_p.h ++++ b/src/corelib/serialization/qxmlstream_p.h +@@ -1250,7 +1250,7 @@ bool QXmlStreamReaderPrivate::parse() + state_stack[tos] = 0; + return true; + } else if (act > 0) { +- if (++tos == stack_size-1) ++ if (++tos >= stack_size-1) + reallocateStack(); + + Value &val = sym_stack[tos]; diff --git a/SOURCES/qt5-qtbase-CVE-2018-19870.patch b/SOURCES/qt5-qtbase-CVE-2018-19870.patch new file mode 100644 index 0000000..e4080ef --- /dev/null +++ b/SOURCES/qt5-qtbase-CVE-2018-19870.patch @@ -0,0 +1,25 @@ +diff --git a/src/plugins/imageformats/gif/qgifhandler.cpp b/src/plugins/imageformats/gif/qgifhandler.cpp +index e0f7f44..ebe5964 100644 +--- a/src/plugins/imageformats/gif/qgifhandler.cpp ++++ b/src/plugins/imageformats/gif/qgifhandler.cpp +@@ -354,7 +354,8 @@ int QGIFFormat::decode(QImage *image, const uchar *buffer, int length, + (*image) = QImage(swidth, sheight, format); + bpl = image->bytesPerLine(); + bits = image->bits(); +- memset(bits, 0, image->sizeInBytes()); ++ if (bits) ++ memset(bits, 0, image->sizeInBytes()); + } + + // Check if the previous attempt to create the image failed. If it +@@ -415,6 +416,10 @@ int QGIFFormat::decode(QImage *image, const uchar *buffer, int length, + backingstore = QImage(qMax(backingstore.width(), w), + qMax(backingstore.height(), h), + QImage::Format_RGB32); ++ if (backingstore.isNull()) { ++ state = Error; ++ return -1; ++ } + memset(backingstore.bits(), 0, backingstore.sizeInBytes()); + } + const int dest_bpl = backingstore.bytesPerLine(); diff --git a/SOURCES/qt5-qtbase-CVE-2018-19873.patch b/SOURCES/qt5-qtbase-CVE-2018-19873.patch new file mode 100644 index 0000000..7e38bf6 --- /dev/null +++ b/SOURCES/qt5-qtbase-CVE-2018-19873.patch @@ -0,0 +1,13 @@ +diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp +index 587f375c..5dff4ab0 100644 +--- a/src/gui/image/qbmphandler.cpp ++++ b/src/gui/image/qbmphandler.cpp +@@ -188,6 +188,8 @@ static bool read_dib_infoheader(QDataStream &s, BMP_INFOHDR &bi) + if (!(comp == BMP_RGB || (nbits == 4 && comp == BMP_RLE4) || + (nbits == 8 && comp == BMP_RLE8) || ((nbits == 16 || nbits == 32) && comp == BMP_BITFIELDS))) + return false; // weird compression type ++ if (bi.biWidth < 0 || quint64(bi.biWidth) * qAbs(bi.biHeight) > 16384 * 16384) ++ return false; + + return true; + } diff --git a/SOURCES/qtbase-allow-dbus-not-running-during-build.patch b/SOURCES/qtbase-allow-dbus-not-running-during-build.patch new file mode 100644 index 0000000..11b1d03 --- /dev/null +++ b/SOURCES/qtbase-allow-dbus-not-running-during-build.patch @@ -0,0 +1,13 @@ +diff --git a/tests/auto/auto.pro b/tests/auto/auto.pro +index fbd89e40..722281c1 100644 +--- a/tests/auto/auto.pro ++++ b/tests/auto/auto.pro +@@ -37,7 +37,7 @@ else:!qtConfig(process): SUBDIRS -= tools + !cross_compile:qtHaveModule(dbus) { + !system("dbus-send --session --type=signal / local.AutotestCheck.Hello >$$QMAKE_SYSTEM_NULL_DEVICE 2>&1") { + qtConfig(dbus-linked): \ +- error("QtDBus is enabled but session bus is not available. Please check the installation.") ++ warning("QtDBus is enabled but session bus is not available. Please check the installation.") + else: \ + warning("QtDBus is enabled with runtime support, but session bus is not available. Skipping QtDBus tests.") + SUBDIRS -= dbus diff --git a/SPECS/qt5-qtbase.spec b/SPECS/qt5-qtbase.spec index 03375bd..67c9dad 100644 --- a/SPECS/qt5-qtbase.spec +++ b/SPECS/qt5-qtbase.spec @@ -32,12 +32,13 @@ BuildRequires: pkgconfig(libsystemd) ## skip for now, until we're better at it --rex %global examples 1 -# global tests 1 +%global build_tests 1 +#global tests 1 Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.11.1 -Release: 5%{?dist} +Release: 7%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -114,7 +115,17 @@ Patch68: qtbase-ambiguous-python-shebang.patch Patch69: qt5-qtbase-glibc.patch +# Bug 1667860 - CVE-2018-19870 qt5-qtbase: QImage allocation failure in qgifhandler +Patch70: qt5-qtbase-CVE-2018-19870.patch + +# Bug 1667858 - CVE-2018-15518 qt5-qtbase: Double free in QXmlStreamReader +Patch71: qt5-qtbase-CVE-2018-15518.patch + +# Bug 1667859 - CVE-2018-19873 qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file +Patch72: qt5-qtbase-CVE-2018-19873.patch + Patch100: qtbase-always-generate-private-includes.patch +Patch101: qtbase-allow-dbus-not-running-during-build.patch # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are @@ -198,7 +209,7 @@ BuildRequires: pkgconfig(zlib) BuildRequires: perl-generators BuildRequires: qt5-rpm-macros -%if 0%{?tests} +%if 0%{?build_tests} BuildRequires: dbus-x11 BuildRequires: mesa-dri-drivers BuildRequires: time @@ -265,6 +276,15 @@ Requires: %{name}%{?_isa} = %{version}-%{release} %description examples %{summary}. +%if 0%{?build_tests} +%package tests +Summary: Unit tests for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description tests +%{summary}. +%endif + %package static Summary: Static library files for %{name} Requires: %{name}-devel%{?_isa} = %{version}-%{release} @@ -359,8 +379,12 @@ Qt5 libraries used for drawing widgets and OpenGL items. #patch67 -p1 -b .xcberror_filter %patch68 -p1 -b .ambiguous-python-shebang %patch69 -p1 -b .qtbase-glibc +%patch70 -p1 -b .CVE-2018-19870 +%patch71 -p1 -b .CVE-2018-15518 +%patch72 -p1 -b .CVE-2018-19873 %patch100 -p1 -b .always-generate-private-includes +%patch101 -p1 -b .qtbase-allow-dbus-not-running-during-build rm -fv mkspecs/features/uikit/devices.py.ambiguous-python-shebang @@ -433,7 +457,7 @@ export MAKEFLAGS="%{?_smp_mflags}" -optimized-qmake \ %{?openssl} \ %{!?examples:-nomake examples} \ - %{!?tests:-nomake tests} \ + %{!?build_tests:-nomake tests} \ -no-pch \ -no-rpath \ -no-separate-debug-info \ @@ -463,10 +487,20 @@ make clean -C qmake %make_build +%if 0%{?build_tests} +make sub-tests %{?_smp_mflags} -k ||: +%endif %install make install INSTALL_ROOT=%{buildroot} +%if 0%{?build_tests} +# Install tests for gating +pushd tests +make install INSTALL_ROOT=%{buildroot} +popd +%endif + install -m644 -p -D %{SOURCE1} %{buildroot}%{_qt5_datadir}/qtlogging.ini # Qt5.pc @@ -580,7 +614,6 @@ export PATH=%{buildroot}%{_qt5_bindir}:$PATH export LD_LIBRARY_PATH=%{buildroot}%{_qt5_libdir} # dbus tests error out when building if session bus is not available dbus-launch --exit-with-session \ -make sub-tests %{?_smp_mflags} -k ||: xvfb-run -a --server-args="-screen 0 1280x1024x32" \ dbus-launch --exit-with-session \ time \ @@ -796,7 +829,6 @@ fi %{_qt5_libdir}/pkgconfig/Qt5Widgets.pc %{_qt5_libdir}/pkgconfig/Qt5Xml.pc %if 0%{?egl} -%{_qt5_libdir}/libQt5EglFSDeviceIntegration.so.5* %{_qt5_libdir}/libQt5EglFsKmsSupport.prl %{_qt5_libdir}/libQt5EglFsKmsSupport.so %endif @@ -856,6 +888,11 @@ fi %{_qt5_examplesdir}/ %endif +%if 0%{?build_tests} +%files tests +%{_qt5_libdir}/qt5/tests +%endif + %if "%{?ibase}" != "-no-sql-ibase" %files ibase %{_qt5_plugindir}/sqldrivers/libqsqlibase.so @@ -917,6 +954,7 @@ fi %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QComposePlatformInputContextPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QIbusPlatformInputContextPlugin.cmake %if 0%{?egl} +%{_qt5_libdir}/libQt5EglFSDeviceIntegration.so.5* %{_qt5_libdir}/libQt5EglFsKmsSupport.so.5* %{_qt5_plugindir}/platforms/libqeglfs.so %{_qt5_plugindir}/platforms/libqminimalegl.so @@ -955,6 +993,23 @@ fi %changelog +* Wed May 22 2019 Jan Grulich - 5.11-1-7 +- Move libQt5EglFSDeviceIntegration lib out of the -devel subpkg + Resolves: bz#1692970 + +- Fix QImage allocaion failure + Resolve: bz#1667860 + +- Fix double free in QXmlStreamReader + Resolve: bz#1667858 + +- Fix segmentation fault on malformed BMP file + Resolve: bz#1667859 + +* Fri May 17 2019 Jan Grulich - 5.11.1-6 +- Create a tests subpkg with unit tests for gating + Resolves: bz#1681889 + * Mon Dec 10 2018 Jan Grulich - 5.11.1-5 - Rebuild to fix CET notes Resolves: bz#1657206