import qt5-qtbase-5.12.5-8.el8
This commit is contained in:
parent
ebe55effab
commit
646a722241
|
@ -0,0 +1,70 @@
|
|||
diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp
|
||||
index 7ba44049..8c4be4f0 100644
|
||||
--- a/src/gui/image/qxbmhandler.cpp
|
||||
+++ b/src/gui/image/qxbmhandler.cpp
|
||||
@@ -158,7 +158,9 @@ static bool read_xbm_body(QIODevice *device, int w, int h, QImage *outImage)
|
||||
w = (w+7)/8; // byte width
|
||||
|
||||
while (y < h) { // for all encoded bytes...
|
||||
- if (p) { // p = "0x.."
|
||||
+ if (p && p < (buf + readBytes - 3)) { // p = "0x.."
|
||||
+ if (!isxdigit(p[2]) || !isxdigit(p[3]))
|
||||
+ return false;
|
||||
*b++ = hex2byte(p+2);
|
||||
p += 2;
|
||||
if (++x == w && ++y < h) {
|
||||
diff --git a/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp b/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp
|
||||
index 1eee2f27..f801f3cd 100644
|
||||
--- a/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp
|
||||
+++ b/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp
|
||||
@@ -167,6 +167,8 @@ private slots:
|
||||
void devicePixelRatio_data();
|
||||
void devicePixelRatio();
|
||||
|
||||
+ void xbmBufferHandling();
|
||||
+
|
||||
private:
|
||||
QString prefix;
|
||||
QTemporaryDir m_temporaryDir;
|
||||
@@ -2002,5 +2004,41 @@ void tst_QImageReader::devicePixelRatio()
|
||||
QCOMPARE(img.devicePixelRatio(), dpr);
|
||||
}
|
||||
|
||||
+void tst_QImageReader::xbmBufferHandling()
|
||||
+{
|
||||
+ uint8_t original_buffer[256];
|
||||
+ for (int i = 0; i < 256; ++i)
|
||||
+ original_buffer[i] = i;
|
||||
+
|
||||
+ QImage image(original_buffer, 256, 8, QImage::Format_MonoLSB);
|
||||
+ image.setColorTable({0xff000000, 0xffffffff});
|
||||
+
|
||||
+ QByteArray buffer;
|
||||
+ {
|
||||
+ QBuffer buf(&buffer);
|
||||
+ QImageWriter writer(&buf, "xbm");
|
||||
+ writer.write(image);
|
||||
+ }
|
||||
+
|
||||
+ QCOMPARE(QImage::fromData(buffer, "xbm"), image);
|
||||
+
|
||||
+ auto i = buffer.indexOf(',');
|
||||
+ buffer.insert(i + 1, " ");
|
||||
+ QCOMPARE(QImage::fromData(buffer, "xbm"), image);
|
||||
+ buffer.insert(i + 1, " ");
|
||||
+ QCOMPARE(QImage::fromData(buffer, "xbm"), image);
|
||||
+ buffer.insert(i + 1, " ");
|
||||
+#if 0 // Lines longer than 300 chars not supported currently
|
||||
+ QCOMPARE(QImage::fromData(buffer, "xbm"), image);
|
||||
+#endif
|
||||
+
|
||||
+ i = buffer.lastIndexOf("\n ");
|
||||
+ buffer.truncate(i + 1);
|
||||
+ buffer.append(QByteArray(297, ' '));
|
||||
+ buffer.append("0x");
|
||||
+ // Only check we get no buffer overflow
|
||||
+ QImage::fromData(buffer, "xbm");
|
||||
+}
|
||||
+
|
||||
QTEST_MAIN(tst_QImageReader)
|
||||
#include "tst_qimagereader.moc"
|
|
@ -0,0 +1,161 @@
|
|||
From 36a8bdbc8417506513207daf4f36533a3d6632f3 Mon Sep 17 00:00:00 2001
|
||||
From: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
||||
Date: Mon, 13 Apr 2020 20:31:34 +0200
|
||||
Subject: [PATCH] OpenSSL: handle SSL_shutdown's errors properly
|
||||
|
||||
Do not call SSL_shutdown on a session that is in handshake state (SSL_in_init(s)
|
||||
returns 1). Also, do not call SSL_shutdown if a session encountered a fatal
|
||||
error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown
|
||||
was unsuccessful (returned code != 1), we have to clear the error(s) it queued.
|
||||
Unfortunately, SSL_in_init was a macro in OpenSSL 1.0.x. We have to
|
||||
resolve SSL_state to implement SSL_in_init.
|
||||
|
||||
Fixes: QTBUG-83450
|
||||
Change-Id: I6326119f4e79605429263045ac20605c30dccca3
|
||||
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
||||
(cherry picked from commit 8907635da59c2ae0e8db01f27b24a841b830e655)
|
||||
(cherry picked from commit 8ddffc6ba4f38bb8dbeb0cf61b6b10ee73505bbb)
|
||||
---
|
||||
|
||||
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
|
||||
index 4f49a71..9f9eaf3 100644
|
||||
--- a/src/network/ssl/qsslsocket.cpp
|
||||
+++ b/src/network/ssl/qsslsocket.cpp
|
||||
@@ -2108,7 +2108,7 @@
|
||||
shutdown = false;
|
||||
pendingClose = false;
|
||||
flushTriggered = false;
|
||||
-
|
||||
+ systemOrSslErrorDetected = false;
|
||||
// we don't want to clear the ignoreErrorsList, so
|
||||
// that it is possible setting it before connecting
|
||||
// ignoreErrorsList.clear();
|
||||
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
|
||||
index ec772dd..c4abc1e 100644
|
||||
--- a/src/network/ssl/qsslsocket_openssl.cpp
|
||||
+++ b/src/network/ssl/qsslsocket_openssl.cpp
|
||||
@@ -471,10 +471,16 @@
|
||||
void QSslSocketBackendPrivate::destroySslContext()
|
||||
{
|
||||
if (ssl) {
|
||||
- // We do not send a shutdown alert here. Just mark the session as
|
||||
- // resumable for qhttpnetworkconnection's "optimization", otherwise
|
||||
- // OpenSSL won't start a session resumption.
|
||||
- q_SSL_shutdown(ssl);
|
||||
+ if (!q_SSL_in_init(ssl) && !systemOrSslErrorDetected) {
|
||||
+ // We do not send a shutdown alert here. Just mark the session as
|
||||
+ // resumable for qhttpnetworkconnection's "optimization", otherwise
|
||||
+ // OpenSSL won't start a session resumption.
|
||||
+ if (q_SSL_shutdown(ssl) != 1) {
|
||||
+ // Some error may be queued, clear it.
|
||||
+ const auto errors = getErrorsFromOpenSsl();
|
||||
+ Q_UNUSED(errors);
|
||||
+ }
|
||||
+ }
|
||||
q_SSL_free(ssl);
|
||||
ssl = nullptr;
|
||||
}
|
||||
@@ -909,6 +915,7 @@
|
||||
case SSL_ERROR_SSL: // error in the SSL library
|
||||
// we do not know exactly what the error is, nor whether we can recover from it,
|
||||
// so just return to prevent an endless loop in the outer "while" statement
|
||||
+ systemOrSslErrorDetected = true;
|
||||
{
|
||||
const ScopedBool bg(inSetAndEmitError, true);
|
||||
setErrorAndEmit(QAbstractSocket::SslInternalError,
|
||||
@@ -1309,8 +1316,12 @@
|
||||
void QSslSocketBackendPrivate::disconnectFromHost()
|
||||
{
|
||||
if (ssl) {
|
||||
- if (!shutdown) {
|
||||
- q_SSL_shutdown(ssl);
|
||||
+ if (!shutdown && !q_SSL_in_init(ssl) && !systemOrSslErrorDetected) {
|
||||
+ if (q_SSL_shutdown(ssl) != 1) {
|
||||
+ // Some error may be queued, clear it.
|
||||
+ const auto errors = getErrorsFromOpenSsl();
|
||||
+ Q_UNUSED(errors);
|
||||
+ }
|
||||
shutdown = true;
|
||||
transmit();
|
||||
}
|
||||
diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
|
||||
index 0c32b0a..c80baa2 100644
|
||||
--- a/src/network/ssl/qsslsocket_openssl11_symbols_p.h
|
||||
+++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
|
||||
@@ -186,4 +186,11 @@
|
||||
}
|
||||
void q_SSL_set_psk_use_session_callback(SSL *s, q_SSL_psk_use_session_cb_func_t);
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10101000L
|
||||
+// What a mess!
|
||||
+int q_SSL_in_init(SSL *s);
|
||||
+#else
|
||||
+int q_SSL_in_init(const SSL *s);
|
||||
+#endif // 1.1.1 or 1.1.0
|
||||
+
|
||||
#endif
|
||||
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
|
||||
index 62ac228..60ba3a0 100644
|
||||
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
|
||||
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
|
||||
@@ -161,6 +161,11 @@
|
||||
DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
|
||||
DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
|
||||
DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10101000L
|
||||
+DEFINEFUNC(int, SSL_in_init, SSL *a, a, return 0, return)
|
||||
+#else
|
||||
+DEFINEFUNC(int, SSL_in_init, const SSL *a, a, return 0, return)
|
||||
+#endif
|
||||
#ifdef TLS1_3_VERSION
|
||||
DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
|
||||
DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
|
||||
@@ -213,6 +218,7 @@
|
||||
// Functions below are either deprecated or removed in OpenSSL >= 1.1:
|
||||
|
||||
DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return nullptr, return)
|
||||
+DEFINEFUNC(int, SSL_state, const SSL *a, a, return 0, return)
|
||||
|
||||
#ifdef SSLEAY_MACROS
|
||||
DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return nullptr, return)
|
||||
@@ -988,6 +994,7 @@
|
||||
#if QT_CONFIG(opensslv11)
|
||||
|
||||
RESOLVEFUNC(OPENSSL_init_ssl)
|
||||
+ RESOLVEFUNC(SSL_in_init)
|
||||
RESOLVEFUNC(OPENSSL_init_crypto)
|
||||
RESOLVEFUNC(ASN1_STRING_get0_data)
|
||||
RESOLVEFUNC(EVP_CIPHER_CTX_reset)
|
||||
@@ -1060,6 +1067,7 @@
|
||||
#else // !opensslv11
|
||||
|
||||
RESOLVEFUNC(ASN1_STRING_data)
|
||||
+ RESOLVEFUNC(SSL_state)
|
||||
|
||||
#ifdef SSLEAY_MACROS
|
||||
RESOLVEFUNC(ASN1_dup)
|
||||
diff --git a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
|
||||
index 48364ce..c139ecb 100644
|
||||
--- a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
|
||||
+++ b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
|
||||
@@ -132,6 +132,8 @@
|
||||
|
||||
int q_SSL_library_init();
|
||||
void q_SSL_load_error_strings();
|
||||
+int q_SSL_state(const SSL *a);
|
||||
+#define q_SSL_in_init(a) (q_SSL_state(a) & SSL_ST_INIT)
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
||||
int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
|
||||
diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
|
||||
index 6f34c6c..e657987 100644
|
||||
--- a/src/network/ssl/qsslsocket_p.h
|
||||
+++ b/src/network/ssl/qsslsocket_p.h
|
||||
@@ -220,6 +220,7 @@
|
||||
bool verifyErrorsHaveBeenIgnored();
|
||||
bool paused;
|
||||
bool flushTriggered;
|
||||
+ bool systemOrSslErrorDetected = false;
|
||||
};
|
||||
|
||||
QT_END_NAMESPACE
|
|
@ -3,9 +3,7 @@
|
|||
%global multilib_basearchs x86_64 %{?mips64} ppc64 s390x sparc64
|
||||
|
||||
# support openssl-1.1
|
||||
%if 0%{?fedora} > 26
|
||||
%global openssl11 1
|
||||
%endif
|
||||
%global openssl -openssl-linked
|
||||
|
||||
%global no_feature_statx -no-feature-statx
|
||||
|
@ -42,7 +40,7 @@ BuildRequires: pkgconfig(libsystemd)
|
|||
Name: qt5-qtbase
|
||||
Summary: Qt5 - QtBase components
|
||||
Version: 5.12.5
|
||||
Release: 5%{?dist}
|
||||
Release: 8%{?dist}
|
||||
|
||||
# See LGPL_EXCEPTIONS.txt, for exception details
|
||||
License: LGPLv2 with exceptions or GPLv3 with exceptions
|
||||
|
@ -127,6 +125,12 @@ Patch201: qtbase-do-not-load-plugin-from-pwd.patch
|
|||
# CVE-2015-9541 qt5: qt: XML entity expansion vulnerability
|
||||
Patch202: qtbase-add-expansion-limit-for-entities.patch
|
||||
|
||||
# CVE-2020-13962 qt5-qtbase: qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications
|
||||
Patch203: qtbase-openssl-handle-ssl-shutdown-errors-properly.patch
|
||||
|
||||
# CVE-2020-17507 qt5-qtbase: qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp
|
||||
Patch204: qtbase-fix-buffer-overflow-in-xbm-parser.patch
|
||||
|
||||
# Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
|
||||
# Those themes are there for platform integration. If the required libraries are
|
||||
# not there, the platform to integrate with isn't either. Then Qt will just
|
||||
|
@ -163,24 +167,12 @@ BuildRequires: pkgconfig(libproxy-1.0)
|
|||
BuildRequires: pkgconfig(ice) pkgconfig(sm)
|
||||
BuildRequires: pkgconfig(libpng)
|
||||
BuildRequires: pkgconfig(libudev)
|
||||
%if 0%{?fedora} == 26
|
||||
BuildRequires: compat-openssl10-devel
|
||||
%else
|
||||
BuildRequires: openssl-devel%{?openssl11: >= 1.1}
|
||||
%endif
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: pkgconfig(libpulse) pkgconfig(libpulse-mainloop-glib)
|
||||
%if 0%{?fedora}
|
||||
BuildRequires: pkgconfig(libinput)
|
||||
BuildRequires: pkgconfig(xcb-xkb) >= 1.10
|
||||
BuildRequires: pkgconfig(xkbcommon) >= 0.4.1
|
||||
BuildRequires: pkgconfig(xkbcommon-x11) >= 0.4.1
|
||||
%else
|
||||
# not Fedora
|
||||
%if 0%{?rhel} == 6
|
||||
%global xcb -qt-xcb
|
||||
%endif
|
||||
Provides: bundled(libxkbcommon) = 0.4.1
|
||||
%endif
|
||||
BuildRequires: pkgconfig(xkeyboard-config)
|
||||
%if 0%{?fedora} || 0%{?rhel} > 6
|
||||
%global egl 1
|
||||
|
@ -394,6 +386,9 @@ Qt5 libraries used for drawing widgets and OpenGL items.
|
|||
%patch200 -p1 -b .qlibrary-do-not-attempt-to-load-library-relative-to-pwd
|
||||
%patch201 -p1 -b .do-not-load-plugin-from-pwd
|
||||
%patch202 -p1 -b .add-expansion-limit-for-entities
|
||||
%patch203 -p1 -b .openssl-handle-ssl-shutdown-errors-properly
|
||||
%patch204 -p1 -b .fix-buffer-overflow-in-xbm-parser
|
||||
|
||||
|
||||
# move some bundled libs to ensure they're not accidentally used
|
||||
pushd src/3rdparty
|
||||
|
@ -751,6 +746,7 @@ fi
|
|||
%dir %{_qt5_plugindir}/script/
|
||||
%dir %{_qt5_plugindir}/sqldrivers/
|
||||
%dir %{_qt5_plugindir}/styles/
|
||||
%{_qt5_plugindir}/generic/libqlibinputplugin.so
|
||||
%{_qt5_plugindir}/sqldrivers/libqsqlite.so
|
||||
%{_qt5_libdir}/cmake/Qt5Sql/Qt5Sql_QSQLiteDriverPlugin.cmake
|
||||
|
||||
|
@ -836,6 +832,7 @@ fi
|
|||
%{_qt5_libdir}/cmake/Qt5DBus/Qt5DBusConfig*.cmake
|
||||
%{_qt5_libdir}/cmake/Qt5DBus/Qt5DBusMacros.cmake
|
||||
%{_qt5_libdir}/cmake/Qt5Gui/Qt5GuiConfig*.cmake
|
||||
%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QLibInputPlugin.cmake
|
||||
%{_qt5_libdir}/cmake/Qt5Network/Qt5NetworkConfig*.cmake
|
||||
%{_qt5_libdir}/cmake/Qt5OpenGL/Qt5OpenGLConfig*.cmake
|
||||
%{_qt5_libdir}/cmake/Qt5PrintSupport/Qt5PrintSupportConfig*.cmake
|
||||
|
@ -1029,7 +1026,19 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon May 11 2020 Jan Grulich <jgrulich@redhat.com> - 5.12-5-5
|
||||
* Mon Oct 05 2020 Jan Grulich <jgrulich@redhat.com> - 5.12.5-8
|
||||
- Build against system xkb and openssl 1.1
|
||||
Resolves: bz#1882375
|
||||
|
||||
* Thu Sep 24 2020 Jan Grulich <jgrulich@redhat.com> - 5.12.5-7
|
||||
- Fix buffer overflow in XBM parser
|
||||
Resolves: bz#1870364
|
||||
|
||||
* Tue Jul 14 2020 Jan Grulich <jgrulich@redhat.com> - 5.12.5-6
|
||||
- OpenSSL: handle SSL_shutdown's errors properly
|
||||
Resolves: bz#1851538
|
||||
|
||||
* Mon May 11 2020 Jan Grulich <jgrulich@redhat.com> - 5.12.5-5
|
||||
- Fix: Files placed by attacker can influence the working directory and lead to malicious code execution
|
||||
Resolves: bz#1814739
|
||||
Resolves: bz#1814683
|
||||
|
@ -1037,19 +1046,19 @@ fi
|
|||
- Fix: XML entity expansion vulnerability
|
||||
Resolves: bz#1822193
|
||||
|
||||
* Wed Nov 27 2019 Jan Grulich <jgrulich@redhat.com> - 5.12-5-4
|
||||
* Wed Nov 27 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.5-4
|
||||
- Fix build on RHEL 7 kernel
|
||||
Resolves: bz#1733135
|
||||
|
||||
* Thu Nov 07 2019 Jan Grulich <jgrulich@redhat.com> - 5.12-5-2
|
||||
* Thu Nov 07 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.5-2
|
||||
- Remove Android specific test to avoid unnecessary dependencies
|
||||
Resolves: bz#1733135
|
||||
|
||||
* Tue Oct 29 2019 Jan Grulich <jgrulich@redhat.com> - 5.12-5-1
|
||||
* Tue Oct 29 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.5-1
|
||||
- 5.12.5 + sync with Fedora
|
||||
Resolves: bz#1733135
|
||||
|
||||
* Wed May 22 2019 Jan Grulich <jgrulich@redhat.com> - 5.11-1-7
|
||||
* Wed May 22 2019 Jan Grulich <jgrulich@redhat.com> - 5.11.1-7
|
||||
- Move libQt5EglFSDeviceIntegration lib out of the -devel subpkg
|
||||
Resolves: bz#1692970
|
||||
|
||||
|
|
Loading…
Reference in New Issue