rpms/qt5-qtbase
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import qt5-qtbase-5.15.2-2.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-04-21 14:17:16 +00:00 committed by Andrew Lukoshko
parent 935d037ebe
commit 6c94d3b055
12 changed files with 74 additions and 576 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/qtbase-everywhere-src-5.12.5.tar.xz
SOURCES/qtbase-everywhere-src-5.15.2.tar.xz

2
.qt5-qtbase.metadata
View File

@ -1 +1 @@
47145a722a8a8457121071f60b4e44fc66c58979 SOURCES/qtbase-everywhere-src-5.12.5.tar.xz
b5ad67fc6381ad7fae0296944734198488d096a3 SOURCES/qtbase-everywhere-src-5.15.2.tar.xz

146
SOURCES/qtbase-add-expansion-limit-for-entities.patch
View File

@ -1,146 +0,0 @@
From f432c08882ffebe5074ea28de871559a98a4d094 Mon Sep 17 00:00:00 2001
From: Lars Knoll <lars.knoll@qt.io>
Date: Wed, 26 Feb 2020 10:42:10 +0100
Subject: Add an expansion limit for entities
Recursively defined entities can easily exhaust all available
memory. Limit entity expansion to a default of 4096 characters to
avoid DoS attacks when a user loads untrusted content.
[ChangeLog][QtCore][QXmlStream] QXmlStreamReader does now
limit the expansion of entities to 4096 characters. Documents where
a single entity expands to more characters than the limit are not
considered well formed. The limit is there to avoid DoS attacks through
recursively expanding entities when loading untrusted content. Qt 5.15
will add methods that allow changing that limit.
Fixes: QTBUG-47417
Change-Id: I94387815d74fcf34783e136387ee57fac5ded0c9
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit fd4be84d23a0db4186cb42e736a9de3af722c7f7)
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
---
src/corelib/serialization/qxmlstream.g | 14 ++++++++++++-
src/corelib/serialization/qxmlstream_p.h | 14 ++++++++++++-
.../serialization/qxmlstream/tst_qxmlstream.cpp | 23 ++++++++++++++++++++--
3 files changed, 47 insertions(+), 4 deletions(-)
diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g
index 10bfcd491c..5726bafb26 100644
--- a/src/corelib/serialization/qxmlstream.g
+++ b/src/corelib/serialization/qxmlstream.g
@@ -277,9 +277,19 @@ public:
QHash<QStringView, Entity> entityHash;
QHash<QStringView, Entity> parameterEntityHash;
QXmlStreamSimpleStack<Entity *>entityReferenceStack;
+ int entityExpansionLimit = 4096;
+ int entityLength = 0;
inline bool referenceEntity(Entity &entity) {
if (entity.isCurrentlyReferenced) {
- raiseWellFormedError(QXmlStream::tr("Recursive entity detected."));
+ raiseWellFormedError(QXmlStream::tr("Self-referencing entity detected."));
+ return false;
+ }
+ // entityLength represents the amount of additional characters the
+ // entity expands into (can be negative for e.g. &amp;). It's used to
+ // avoid DoS attacks through recursive entity expansions
+ entityLength += entity.value.size() - entity.name.size() - 2;
+ if (entityLength > entityExpansionLimit) {
+ raiseWellFormedError(QXmlStream::tr("Entity expands to more characters than the entity expansion limit."));
return false;
}
entity.isCurrentlyReferenced = true;
@@ -830,6 +840,8 @@ entity_done ::= ENTITY_DONE;
/.
case $rule_number:
entityReferenceStack.pop()->isCurrentlyReferenced = false;
+ if (entityReferenceStack.isEmpty())
+ entityLength = 0;
clearSym();
break;
./
diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
index 61f501f81b..31053f8e0b 100644
--- a/src/corelib/serialization/qxmlstream_p.h
+++ b/src/corelib/serialization/qxmlstream_p.h
@@ -774,9 +774,19 @@ public:
QHash<QStringView, Entity> entityHash;
QHash<QStringView, Entity> parameterEntityHash;
QXmlStreamSimpleStack<Entity *>entityReferenceStack;
+ int entityExpansionLimit = 4096;
+ int entityLength = 0;
inline bool referenceEntity(Entity &entity) {
if (entity.isCurrentlyReferenced) {
- raiseWellFormedError(QXmlStream::tr("Recursive entity detected."));
+ raiseWellFormedError(QXmlStream::tr("Self-referencing entity detected."));
+ return false;
+ }
+ // entityLength represents the amount of additional characters the
+ // entity expands into (can be negative for e.g. &amp;). It's used to
+ // avoid DoS attacks through recursive entity expansions
+ entityLength += entity.value.size() - entity.name.size() - 2;
+ if (entityLength > entityExpansionLimit) {
+ raiseWellFormedError(QXmlStream::tr("Entity expands to more characters than the entity expansion limit."));
return false;
}
entity.isCurrentlyReferenced = true;
@@ -1308,6 +1318,8 @@ bool QXmlStreamReaderPrivate::parse()
case 10:
entityReferenceStack.pop()->isCurrentlyReferenced = false;
+ if (entityReferenceStack.isEmpty())
+ entityLength = 0;
clearSym();
break;
diff --git a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp
index 8fdf91b090..1f9a0d575d 100644
--- a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp
+++ b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp
@@ -393,8 +393,6 @@ public:
return true;
}
- QXmlStreamReader reader(&inputFile);
-
/* See testcases.dtd which reads: 'Nonvalidating parsers
* must also accept "invalid" testcases, but validating ones must reject them.' */
if(type == QLatin1String("invalid") || type == QLatin1String("valid"))
@@ -580,6 +578,8 @@ private slots:
void roundTrip() const;
void roundTrip_data() const;
+ void entityExpansionLimit() const;
+
private:
static QByteArray readFile(const QString &filename);
@@ -1756,6 +1756,25 @@ void tst_QXmlStream::roundTrip_data() const
"</root>\n";
}
+void tst_QXmlStream::entityExpansionLimit() const
+{
+ QString xml = QStringLiteral("<?xml version=\"1.0\"?>"
+ "<!DOCTYPE foo ["
+ "<!ENTITY a \"0123456789\" >"
+ "<!ENTITY b \"&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;\" >"
+ "<!ENTITY c \"&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;\" >"
+ "<!ENTITY d \"&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;\" >"
+ "]>"
+ "<foo>&d;&d;&d;</foo>");
+ {
+ QXmlStreamReader reader(xml);
+ do {
+ reader.readNext();
+ } while (!reader.atEnd());
+ QCOMPARE(reader.error(), QXmlStreamReader::NotWellFormedError);
+ }
+}
+
void tst_QXmlStream::roundTrip() const
{
QFETCH(QString, in);
--
cgit v1.2.1

13
SOURCES/qtbase-allow-dbus-not-running-during-build.patch
View File

@ -1,13 +0,0 @@
diff --git a/tests/auto/auto.pro b/tests/auto/auto.pro
index fbd89e40..722281c1 100644
--- a/tests/auto/auto.pro
+++ b/tests/auto/auto.pro
@@ -37,7 +37,7 @@ else:!qtConfig(process): SUBDIRS -= tools
!cross_compile:qtHaveModule(dbus) {
!system("dbus-send --session --type=signal / local.AutotestCheck.Hello >$$QMAKE_SYSTEM_NULL_DEVICE 2>&1") {
qtConfig(dbus-linked): \
- error("QtDBus is enabled but session bus is not available. Please check the installation.")
+ warning("QtDBus is enabled but session bus is not available. Please check the installation.")
else: \
warning("QtDBus is enabled with runtime support, but session bus is not available. Skipping QtDBus tests.")
SUBDIRS -= dbus

28
SOURCES/qtbase-do-not-load-plugin-from-pwd.patch
View File

@ -1,28 +0,0 @@
From bf131e8d2181b3404f5293546ed390999f760404 Mon Sep 17 00:00:00 2001
From: Olivier Goffart <ogoffart@woboq.com>
Date: Fri, 8 Nov 2019 11:30:40 +0100
Subject: Do not load plugin from the $PWD
I see no reason why this would make sense to look for plugins in the current
directory. And when there are plugins there, it may actually be wrong
Change-Id: I5f5aa168021fedddafce90effde0d5762cd0c4c5
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
src/corelib/plugin/qpluginloader.cpp | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/corelib/plugin/qpluginloader.cpp b/src/corelib/plugin/qpluginloader.cpp
index cadff4f32b..c2443dbdda 100644
--- a/src/corelib/plugin/qpluginloader.cpp
+++ b/src/corelib/plugin/qpluginloader.cpp
@@ -305,7 +305,6 @@ static QString locatePlugin(const QString& fileName)
paths.append(fileName.left(slash)); // don't include the '/'
} else {
paths = QCoreApplication::libraryPaths();
- paths.prepend(QStringLiteral(".")); // search in current dir first
}
for (const QString &path : qAsConst(paths)) {
--
cgit v1.2.1

16
SOURCES/qtbase-everywhere-src-5.14.2-no_relocatable.patch Normal file
View File

@ -0,0 +1,16 @@
diff -up qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp.no_relocatable qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp
--- qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp.no_relocatable 2020-03-27 04:49:31.000000000 -0500
+++ qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp 2020-04-13 15:13:44.075705226 -0500
@@ -671,8 +671,11 @@ static QString getPrefix(
# if QT_CONFIGURE_CROSSBUILD
if (group == QLibraryInfo::DevicePaths)
return QString::fromLocal8Bit(QT_CONFIGURE_PREFIX_PATH);
-# endif
+# elif 0 //QT_CONFIG(relocatable)
return getExtPrefixFromHostBinDir();
+# else
+ return QString::fromLocal8Bit(QT_CONFIGURE_PREFIX_PATH);
+# endif
#elif QT_CONFIG(relocatable)
return getRelocatablePrefix();
#else

70
SOURCES/qtbase-fix-buffer-overflow-in-xbm-parser.patch
View File

@ -1,70 +0,0 @@
diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp
index 7ba44049..8c4be4f0 100644
--- a/src/gui/image/qxbmhandler.cpp
+++ b/src/gui/image/qxbmhandler.cpp
@@ -158,7 +158,9 @@ static bool read_xbm_body(QIODevice *device, int w, int h, QImage *outImage)
w = (w+7)/8; // byte width
while (y < h) { // for all encoded bytes...
- if (p) { // p = "0x.."
+ if (p && p < (buf + readBytes - 3)) { // p = "0x.."
+ if (!isxdigit(p[2]) || !isxdigit(p[3]))
+ return false;
*b++ = hex2byte(p+2);
p += 2;
if (++x == w && ++y < h) {
diff --git a/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp b/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp
index 1eee2f27..f801f3cd 100644
--- a/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp
+++ b/tests/auto/gui/image/qimagereader/tst_qimagereader.cpp
@@ -167,6 +167,8 @@ private slots:
void devicePixelRatio_data();
void devicePixelRatio();
+ void xbmBufferHandling();
+
private:
QString prefix;
QTemporaryDir m_temporaryDir;
@@ -2002,5 +2004,41 @@ void tst_QImageReader::devicePixelRatio()
QCOMPARE(img.devicePixelRatio(), dpr);
}
+void tst_QImageReader::xbmBufferHandling()
+{
+ uint8_t original_buffer[256];
+ for (int i = 0; i < 256; ++i)
+ original_buffer[i] = i;
+
+ QImage image(original_buffer, 256, 8, QImage::Format_MonoLSB);
+ image.setColorTable({0xff000000, 0xffffffff});
+
+ QByteArray buffer;
+ {
+ QBuffer buf(&buffer);
+ QImageWriter writer(&buf, "xbm");
+ writer.write(image);
+ }
+
+ QCOMPARE(QImage::fromData(buffer, "xbm"), image);
+
+ auto i = buffer.indexOf(',');
+ buffer.insert(i + 1, " ");
+ QCOMPARE(QImage::fromData(buffer, "xbm"), image);
+ buffer.insert(i + 1, " ");
+ QCOMPARE(QImage::fromData(buffer, "xbm"), image);
+ buffer.insert(i + 1, " ");
+#if 0 // Lines longer than 300 chars not supported currently
+ QCOMPARE(QImage::fromData(buffer, "xbm"), image);
+#endif
+
+ i = buffer.lastIndexOf("\n ");
+ buffer.truncate(i + 1);
+ buffer.append(QByteArray(297, ' '));
+ buffer.append("0x");
+ // Only check we get no buffer overflow
+ QImage::fromData(buffer, "xbm");
+}
+
QTEST_MAIN(tst_QImageReader)
#include "tst_qimagereader.moc"

13
SOURCES/qtbase-opensource-src-5.3.2-QTBUG-35459.patch
View File

@ -1,13 +0,0 @@
diff -up qtbase-opensource-src-5.3.2/src/xml/sax/qxml.cpp.QTBUG-35459 qtbase-opensource-src-5.3.2/src/xml/sax/qxml.cpp
diff -up qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h.QTBUG-35459 qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h
--- qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h.QTBUG-35459 2014-09-11 05:48:05.000000000 -0500
+++ qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h 2014-09-16 09:35:01.189255615 -0500
@@ -223,7 +223,7 @@ private:
// for the DTD currently being parsed.
static const int dtdRecursionLimit = 2;
// The maximum amount of characters an entity value may contain, after expansion.
- static const int entityCharacterLimit = 1024;
+ static const int entityCharacterLimit = 4096;
const QString &string();
void stringClear();

161
SOURCES/qtbase-openssl-handle-ssl-shutdown-errors-properly.patch
View File

@ -1,161 +0,0 @@
From 36a8bdbc8417506513207daf4f36533a3d6632f3 Mon Sep 17 00:00:00 2001
From: Timur Pocheptsov <timur.pocheptsov@qt.io>
Date: Mon, 13 Apr 2020 20:31:34 +0200
Subject: [PATCH] OpenSSL: handle SSL_shutdown's errors properly
Do not call SSL_shutdown on a session that is in handshake state (SSL_in_init(s)
returns 1). Also, do not call SSL_shutdown if a session encountered a fatal
error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown
was unsuccessful (returned code != 1), we have to clear the error(s) it queued.
Unfortunately, SSL_in_init was a macro in OpenSSL 1.0.x. We have to
resolve SSL_state to implement SSL_in_init.
Fixes: QTBUG-83450
Change-Id: I6326119f4e79605429263045ac20605c30dccca3
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 8907635da59c2ae0e8db01f27b24a841b830e655)
(cherry picked from commit 8ddffc6ba4f38bb8dbeb0cf61b6b10ee73505bbb)
---
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index 4f49a71..9f9eaf3 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -2108,7 +2108,7 @@
shutdown = false;
pendingClose = false;
flushTriggered = false;
-
+ systemOrSslErrorDetected = false;
// we don't want to clear the ignoreErrorsList, so
// that it is possible setting it before connecting
// ignoreErrorsList.clear();
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index ec772dd..c4abc1e 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -471,10 +471,16 @@
void QSslSocketBackendPrivate::destroySslContext()
{
if (ssl) {
- // We do not send a shutdown alert here. Just mark the session as
- // resumable for qhttpnetworkconnection's "optimization", otherwise
- // OpenSSL won't start a session resumption.
- q_SSL_shutdown(ssl);
+ if (!q_SSL_in_init(ssl) && !systemOrSslErrorDetected) {
+ // We do not send a shutdown alert here. Just mark the session as
+ // resumable for qhttpnetworkconnection's "optimization", otherwise
+ // OpenSSL won't start a session resumption.
+ if (q_SSL_shutdown(ssl) != 1) {
+ // Some error may be queued, clear it.
+ const auto errors = getErrorsFromOpenSsl();
+ Q_UNUSED(errors);
+ }
+ }
q_SSL_free(ssl);
ssl = nullptr;
}
@@ -909,6 +915,7 @@
case SSL_ERROR_SSL: // error in the SSL library
// we do not know exactly what the error is, nor whether we can recover from it,
// so just return to prevent an endless loop in the outer "while" statement
+ systemOrSslErrorDetected = true;
{
const ScopedBool bg(inSetAndEmitError, true);
setErrorAndEmit(QAbstractSocket::SslInternalError,
@@ -1309,8 +1316,12 @@
void QSslSocketBackendPrivate::disconnectFromHost()
{
if (ssl) {
- if (!shutdown) {
- q_SSL_shutdown(ssl);
+ if (!shutdown && !q_SSL_in_init(ssl) && !systemOrSslErrorDetected) {
+ if (q_SSL_shutdown(ssl) != 1) {
+ // Some error may be queued, clear it.
+ const auto errors = getErrorsFromOpenSsl();
+ Q_UNUSED(errors);
+ }
shutdown = true;
transmit();
}
diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
index 0c32b0a..c80baa2 100644
--- a/src/network/ssl/qsslsocket_openssl11_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
@@ -186,4 +186,11 @@
}
void q_SSL_set_psk_use_session_callback(SSL *s, q_SSL_psk_use_session_cb_func_t);
+#if OPENSSL_VERSION_NUMBER < 0x10101000L
+// What a mess!
+int q_SSL_in_init(SSL *s);
+#else
+int q_SSL_in_init(const SSL *s);
+#endif // 1.1.1 or 1.1.0
+
#endif
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
index 62ac228..60ba3a0 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -161,6 +161,11 @@
DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
+#if OPENSSL_VERSION_NUMBER < 0x10101000L
+DEFINEFUNC(int, SSL_in_init, SSL *a, a, return 0, return)
+#else
+DEFINEFUNC(int, SSL_in_init, const SSL *a, a, return 0, return)
+#endif
#ifdef TLS1_3_VERSION
DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
@@ -213,6 +218,7 @@
// Functions below are either deprecated or removed in OpenSSL >= 1.1:
DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return nullptr, return)
+DEFINEFUNC(int, SSL_state, const SSL *a, a, return 0, return)
#ifdef SSLEAY_MACROS
DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return nullptr, return)
@@ -988,6 +994,7 @@
#if QT_CONFIG(opensslv11)
RESOLVEFUNC(OPENSSL_init_ssl)
+ RESOLVEFUNC(SSL_in_init)
RESOLVEFUNC(OPENSSL_init_crypto)
RESOLVEFUNC(ASN1_STRING_get0_data)
RESOLVEFUNC(EVP_CIPHER_CTX_reset)
@@ -1060,6 +1067,7 @@
#else // !opensslv11
RESOLVEFUNC(ASN1_STRING_data)
+ RESOLVEFUNC(SSL_state)
#ifdef SSLEAY_MACROS
RESOLVEFUNC(ASN1_dup)
diff --git a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
index 48364ce..c139ecb 100644
--- a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
+++ b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
@@ -132,6 +132,8 @@
int q_SSL_library_init();
void q_SSL_load_error_strings();
+int q_SSL_state(const SSL *a);
+#define q_SSL_in_init(a) (q_SSL_state(a) & SSL_ST_INIT)
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
index 6f34c6c..e657987 100644
--- a/src/network/ssl/qsslsocket_p.h
+++ b/src/network/ssl/qsslsocket_p.h
@@ -220,6 +220,7 @@
bool verifyErrorsHaveBeenIgnored();
bool paused;
bool flushTriggered;
+ bool systemOrSslErrorDetected = false;
};
QT_END_NAMESPACE

52
SOURCES/qtbase-qlibrary-do-not-attempt-to-load-library-relative-to-pwd.patch
View File

@ -1,52 +0,0 @@
From e6f1fde24f77f63fb16b2df239f82a89d2bf05dd Mon Sep 17 00:00:00 2001
From: Thiago Macieira <thiago.macieira@intel.com>
Date: Fri, 10 Jan 2020 09:26:27 -0800
Subject: QLibrary/Unix: do not attempt to load a library relative to $PWD
I added the code in commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d to
find libraries in a haswell/ subdir of the main path, but we only need
to do that transformation if the library is contains at least one
directory seprator. That is, if the user asks to load "lib/foo", then we
should try "lib/haswell/foo" (often, the path prefix will be absolute).
When the library name the user requested has no directory separators, we
let dlopen() do the transformation for us. Testing on Linux confirms
glibc does so:
$ LD_DEBUG=libs /lib64/ld-linux-x86-64.so.2 --inhibit-cache ./qml -help |& grep Xcursor
1972475: find library=libXcursor.so.1 [0]; searching
1972475: trying file=/usr/lib64/haswell/avx512_1/libXcursor.so.1
1972475: trying file=/usr/lib64/haswell/libXcursor.so.1
1972475: trying file=/usr/lib64/libXcursor.so.1
1972475: calling init: /usr/lib64/libXcursor.so.1
1972475: calling fini: /usr/lib64/libXcursor.so.1 [0]
Fixes: QTBUG-81272
Change-Id: I596aec77785a4e4e84d5fffd15e89689bb91ffbb
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
src/corelib/plugin/qlibrary_unix.cpp | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/corelib/plugin/qlibrary_unix.cpp b/src/corelib/plugin/qlibrary_unix.cpp
index e0381498..7cc7c8e3 100644
--- a/src/corelib/plugin/qlibrary_unix.cpp
+++ b/src/corelib/plugin/qlibrary_unix.cpp
@@ -1,7 +1,7 @@
/****************************************************************************
**
** Copyright (C) 2016 The Qt Company Ltd.
-** Copyright (C) 2018 Intel Corporation
+** Copyright (C) 2020 Intel Corporation
** Contact: https://www.qt.io/licensing/
**
** This file is part of the QtCore module of the Qt Toolkit.
@@ -208,6 +208,8 @@ bool QLibraryPrivate::load_sys()
for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) {
if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix)))
continue;
+ if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/')))
+ continue;
if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix)))
continue;
if (loadHints & QLibrary::LoadArchiveMemberHint) {

41
SOURCES/xcberror_filter.patch
View File

@ -1,41 +0,0 @@
From 911762e077c8b2f9795171c1e628942a0a979801 Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Fri, 15 Dec 2017 11:56:12 +0100
Subject: foo
diff --git a/src/plugins/platforms/xcb/qxcbconnection.cpp b/src/plugins/platforms/xcb/qxcbconnection.cpp
index 536c709..c6eb1b1 100644
--- a/src/plugins/platforms/xcb/qxcbconnection.cpp
+++ b/src/plugins/platforms/xcb/qxcbconnection.cpp
@@ -111,6 +111,8 @@ Q_LOGGING_CATEGORY(lcQpaXInputEvents, "qt.qpa.input.events")
Q_LOGGING_CATEGORY(lcQpaScreen, "qt.qpa.screen")
Q_LOGGING_CATEGORY(lcQpaEvents, "qt.qpa.events")
Q_LOGGING_CATEGORY(lcQpaXcb, "qt.qpa.xcb") // for general (uncategorized) XCB logging
+Q_LOGGING_CATEGORY(lcQpaXcbError, "qt.qpa.xcb.xcberror")
+// TODO: How to categorize by xcberror type? (e.g. only BadWindow)
Q_LOGGING_CATEGORY(lcQpaPeeker, "qt.qpa.peeker")
// this event type was added in libxcb 1.10,
@@ -964,7 +966,8 @@ void QXcbConnection::handleXcbError(xcb_generic_error_t *error)
uint clamped_error_code = qMin<uint>(error->error_code, (sizeof(xcb_errors) / sizeof(xcb_errors[0])) - 1);
uint clamped_major_code = qMin<uint>(error->major_code, (sizeof(xcb_protocol_request_codes) / sizeof(xcb_protocol_request_codes[0])) - 1);
- qWarning("QXcbConnection: XCB error: %d (%s), sequence: %d, resource id: %d, major code: %d (%s), minor code: %d",
+ qCWarning(lcQpaXcbError,
+ "QXcbConnection: XCB error: %d (%s), sequence: %d, resource id: %d, major code: %d (%s), minor code: %d",
int(error->error_code), xcb_errors[clamped_error_code],
int(error->sequence), int(error->resource_id),
int(error->major_code), xcb_protocol_request_codes[clamped_major_code],
diff --git a/src/plugins/platforms/xcb/qxcbconnection.h b/src/plugins/platforms/xcb/qxcbconnection.h
index 999dc06..554611c 100644
--- a/src/plugins/platforms/xcb/qxcbconnection.h
+++ b/src/plugins/platforms/xcb/qxcbconnection.h
@@ -91,6 +91,7 @@ Q_DECLARE_LOGGING_CATEGORY(lcQpaXInputEvents)
Q_DECLARE_LOGGING_CATEGORY(lcQpaScreen)
Q_DECLARE_LOGGING_CATEGORY(lcQpaEvents)
Q_DECLARE_LOGGING_CATEGORY(lcQpaXcb)
+Q_DECLARE_LOGGING_CATEGORY(lcQpaXcbError)
Q_DECLARE_LOGGING_CATEGORY(lcQpaPeeker)
class QXcbVirtualDesktop;

106
SPECS/qt5-qtbase.spec
View File

@ -2,8 +2,6 @@
%global multilib_archs x86_64 %{ix86} %{?mips} ppc64 ppc s390x s390 sparc64 sparcv9
%global multilib_basearchs x86_64 %{?mips64} ppc64 s390x sparc64
# support openssl-1.1
%global openssl11 1
%global openssl -openssl-linked
%global no_feature_statx -no-feature-statx
@ -39,8 +37,8 @@ BuildRequires: pkgconfig(libsystemd)
Name: qt5-qtbase
Summary: Qt5 - QtBase components
Version: 5.12.5
Release: 8%{?dist}
Version: 5.15.2
Release: 2%{?dist}
# See LGPL_EXCEPTIONS.txt, for exception details
License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -65,9 +63,6 @@ Source10: macros.qt5-qtbase
# support multilib optflags
Patch2: qtbase-multilib_optflags.patch
# fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549)
Patch4: qtbase-opensource-src-5.3.2-QTBUG-35459.patch
# borrowed from opensuse
# track private api via properly versioned symbols
# downside: binaries produced with these differently-versioned symbols are no longer
@ -96,6 +91,9 @@ Patch53: qtbase-everywhere-src-5.12.1-qt5gui_cmake_isystem_includes.patch
# respect QMAKE_LFLAGS_RELEASE when building qmake
Patch54: qtbase-qmake_LFLAGS.patch
# don't use relocatable heuristics to guess prefix when using -no-feature-relocatable
Patch55: qtbase-everywhere-src-5.14.2-no_relocatable.patch
# drop -O3 and make -O2 by default
Patch61: qt5-qtbase-cxxflag.patch
@ -105,31 +103,11 @@ Patch64: qt5-qtbase-5.12.1-firebird.patch
# fix for new mariadb
Patch65: qtbase-opensource-src-5.9.0-mysql.patch
# use categorized logging for xcb log entries
# https://bugreports.qt.io/browse/QTBUG-55167
# https://bugzilla.redhat.com/show_bug.cgi?id=1497564
Patch67: https://bugreports.qt.io/secure/attachment/66353/xcberror_filter.patch
Patch68: qtbase-ambiguous-python-shebang.patch
Patch101: qtbase-allow-dbus-not-running-during-build.patch
# Security fixes
# CVE-2020-0570 qt5: qt: files placed by attacker can influence the working directory and lead to malicious code execution
Patch200: qtbase-qlibrary-do-not-attempt-to-load-library-relative-to-pwd.patch
# CVE-2020-0569 qt5-qtbase: qt: files placed by attacker can influence the working directory and lead to malicious code execution
Patch201: qtbase-do-not-load-plugin-from-pwd.patch
# CVE-2015-9541 qt5: qt: XML entity expansion vulnerability
Patch202: qtbase-add-expansion-limit-for-entities.patch
# CVE-2020-13962 qt5-qtbase: qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications
Patch203: qtbase-openssl-handle-ssl-shutdown-errors-properly.patch
# CVE-2020-17507 qt5-qtbase: qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp
Patch204: qtbase-fix-buffer-overflow-in-xbm-parser.patch
# Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
# Those themes are there for platform integration. If the required libraries are
@ -171,6 +149,7 @@ BuildRequires: openssl-devel
BuildRequires: pkgconfig(libpulse) pkgconfig(libpulse-mainloop-glib)
BuildRequires: pkgconfig(libinput)
BuildRequires: pkgconfig(xcb-xkb) >= 1.10
BuildRequires: pkgconfig(xcb-util)
BuildRequires: pkgconfig(xkbcommon) >= 0.4.1
BuildRequires: pkgconfig(xkbcommon-x11) >= 0.4.1
BuildRequires: pkgconfig(xkeyboard-config)
@ -222,11 +201,11 @@ Requires: %{name}-common = %{version}-%{release}
%global tds -no-sql-tds
%endif
# workaround gold linker bug by not using it
# workaround gold linker bug(s) by not using it
# https://bugzilla.redhat.com/1458003
# https://sourceware.org/bugzilla/show_bug.cgi?id=21074
# reportedly fixed or worked-around, re-enable if there's evidence of problems -- rex
#global use_gold_linker -no-use-gold-linker
%global use_gold_linker -no-use-gold-linker
%description
Qt is a software toolkit for developing applications.
@ -249,7 +228,7 @@ Summary: Development files for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: %{name}-gui%{?_isa}
%if 0%{?egl}
Requires: pkgconfig(egl)
Requires: libEGL-devel
%endif
Requires: pkgconfig(gl)
Requires: qt5-rpm-macros
@ -362,33 +341,23 @@ Qt5 libraries used for drawing widgets and OpenGL items.
%setup -q -n %{qt_module}-everywhere-src-%{version}
## upstream fixes
%patch4 -p1 -b .QTBUG-35459
# omit '-b .tell-the-truth-about-private-api' so it doesn't end up in installed files -- rdieter
%patch8 -p1
%patch50 -p1 -b .QT_VERSION_CHECK
%patch51 -p1 -b .hidpi_scale_at_192
# FIXME/TODO : rebase or drop -- rdieter
#patch51 -p1 -b .hidpi_scale_at_192
%patch52 -p1 -b .moc_macros
%patch53 -p1 -b .qt5gui_cmake_isystem_includes
%patch54 -p1 -b .qmake_LFLAGS
%patch55 -p1 -b .no_relocatable
%patch61 -p1 -b .qt5-qtbase-cxxflag
%patch64 -p1 -b .firebird
%if 0%{?fedora} > 27 || 0%{?rhel} > 7
%patch65 -p1 -b .mysql
%endif
# FIXME/REBASE
#patch67 -p1 -b .xcberror_filter
%patch68 -p1
%patch101 -p1 -b .qtbase-allow-dbus-not-running-during-build
# Security fixes
%patch200 -p1 -b .qlibrary-do-not-attempt-to-load-library-relative-to-pwd
%patch201 -p1 -b .do-not-load-plugin-from-pwd
%patch202 -p1 -b .add-expansion-limit-for-entities
%patch203 -p1 -b .openssl-handle-ssl-shutdown-errors-properly
%patch204 -p1 -b .fix-buffer-overflow-in-xbm-parser
# move some bundled libs to ensure they're not accidentally used
pushd src/3rdparty
@ -450,6 +419,7 @@ export MAKEFLAGS="%{?_smp_mflags}"
-shared \
-accessibility \
%{?dbus}%{!?dbus:-dbus-runtime} \
%{?egl:-egl} \
-fontconfig \
-glib \
-gtk \
@ -461,6 +431,7 @@ export MAKEFLAGS="%{?_smp_mflags}"
%{!?examples:-nomake examples} \
%{!?build_tests:-nomake tests} \
-no-pch \
-no-reduce-relocations \
-no-rpath \
-no-separate-debug-info \
-no-strip \
@ -475,6 +446,7 @@ export MAKEFLAGS="%{?_smp_mflags}"
-system-zlib \
%{?use_gold_linker} \
-no-directfb \
-no-feature-relocatable \
%{?no_feature_renameat2} \
%{?no_feature_statx} \
%{?no_feature_getentropy} \
@ -515,6 +487,8 @@ done
rm -rf %{buildroot}%{_qt5_libdir}/qt5/tests/auto/corelib/plugin/qpluginloader/elftest
# Remove android stuff which will just add us dependencies on Perl modules
rm -rf %{buildroot}%{_qt5_libdir}/qt5/tests/auto/android
# Remove apache server which will just add us dependencies on Perl modules
rm -rf %{buildroot}%{_qt5_libdir}/qt5/tests/testserver/apache2
%endif
install -m644 -p -D %{SOURCE1} %{buildroot}%{_qt5_datadir}/qtlogging.ini
@ -633,6 +607,7 @@ export PATH=%{buildroot}%{_qt5_bindir}:$PATH
export LD_LIBRARY_PATH=%{buildroot}%{_qt5_libdir}
# dbus tests error out when building if session bus is not available
dbus-launch --exit-with-session \
%make_build sub-tests -k ||:
xvfb-run -a --server-args="-screen 0 1280x1024x32" \
dbus-launch --exit-with-session \
time \
@ -718,10 +693,11 @@ fi
%dir %{_qt5_libdir}/cmake/Qt5Xml/
%dir %{_qt5_docdir}/
%{_qt5_docdir}/global/
%{_qt5_docdir}/config/
%{_qt5_importdir}/
%{_qt5_translationdir}/
%if "%{_qt5_prefix}" != "%{_prefix}"
%dir %{_qt5_prefix}/
%dir %{_qt5_prefix}
%endif
%dir %{_qt5_archdatadir}/
%dir %{_qt5_datadir}/
@ -746,7 +722,6 @@ fi
%dir %{_qt5_plugindir}/script/
%dir %{_qt5_plugindir}/sqldrivers/
%dir %{_qt5_plugindir}/styles/
%{_qt5_plugindir}/generic/libqlibinputplugin.so
%{_qt5_plugindir}/sqldrivers/libqsqlite.so
%{_qt5_libdir}/cmake/Qt5Sql/Qt5Sql_QSQLiteDriverPlugin.cmake
@ -768,6 +743,7 @@ fi
%{_bindir}/qlalr
%{_bindir}/fixqt4headers.pl
%{_bindir}/qvkgen
%{_bindir}/tracegen
%{_qt5_bindir}/moc*
%{_qt5_bindir}/qdbuscpp2xml*
%{_qt5_bindir}/qdbusxml2cpp*
@ -797,6 +773,7 @@ fi
%{_qt5_headerdir}/QtEglFSDeviceIntegration
%{_qt5_headerdir}/QtInputSupport
%{_qt5_headerdir}/QtEdidSupport
%{_qt5_headerdir}/QtXkbCommonSupport
%{_qt5_archdatadir}/mkspecs/
%{_qt5_libdir}/libQt5Concurrent.prl
%{_qt5_libdir}/libQt5Concurrent.so
@ -842,6 +819,27 @@ fi
%{_qt5_libdir}/cmake/Qt5Widgets/Qt5WidgetsMacros.cmake
%{_qt5_libdir}/cmake/Qt5Xml/Qt5XmlConfig*.cmake
%{_qt5_libdir}/cmake/Qt5/Qt5ModuleLocation.cmake
%{_qt5_libdir}/cmake/Qt5AccessibilitySupport/Qt5AccessibilitySupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5DeviceDiscoverySupport/Qt5DeviceDiscoverySupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5EdidSupport/Qt5EdidSupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5EglFSDeviceIntegration/Qt5EglFSDeviceIntegrationConfig*.cmake
%{_qt5_libdir}/cmake/Qt5EglFsKmsSupport/Qt5EglFsKmsSupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5EglSupport/Qt5EglSupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5EventDispatcherSupport/Qt5EventDispatcherSupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5FbSupport/Qt5FbSupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5FontDatabaseSupport/Qt5FontDatabaseSupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5GlxSupport/Qt5GlxSupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5InputSupport/Qt5InputSupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5KmsSupport/Qt5KmsSupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5LinuxAccessibilitySupport/Qt5LinuxAccessibilitySupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5PlatformCompositorSupport/Qt5PlatformCompositorSupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5ServiceSupport/Qt5ServiceSupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5ThemeSupport/Qt5ThemeSupportConfig*.cmake
%{_qt5_libdir}/cmake/Qt5XcbQpa/Qt5XcbQpaConfig*.cmake
%{_qt5_libdir}/cmake/Qt5XkbCommonSupport/Qt5XkbCommonSupportConfig*.cmake
%{_qt5_libdir}/metatypes/qt5core_metatypes.json
%{_qt5_libdir}/metatypes/qt5gui_metatypes.json
%{_qt5_libdir}/metatypes/qt5widgets_metatypes.json
%{_qt5_libdir}/pkgconfig/Qt5.pc
%{_qt5_libdir}/pkgconfig/Qt5Concurrent.pc
%{_qt5_libdir}/pkgconfig/Qt5Core.pc
@ -858,14 +856,14 @@ fi
%{_qt5_libdir}/libQt5EglFsKmsSupport.prl
%{_qt5_libdir}/libQt5EglFsKmsSupport.so
%endif
%{_qt5_libdir}/qt5/bin/tracegen
## private-devel globs
# keep mkspecs/modules stuff in -devel for now, https://bugzilla.redhat.com/show_bug.cgi?id=1705280
%{_qt5_archdatadir}/mkspecs/modules/qt_lib_*_private.pri
%exclude %{_qt5_headerdir}/*/%{version}/*/private/
%exclude %{_qt5_headerdir}/*/%{version}/
%files private-devel
%{_qt5_headerdir}/*/%{version}/*/private/
%{_qt5_headerdir}/*/%{version}/
#{_qt5_archdatadir}/mkspecs/modules/qt_lib_*_private.pri
%files static
@ -916,6 +914,8 @@ fi
%{_qt5_headerdir}/QtKmsSupport
%{_qt5_libdir}/libQt5EdidSupport.*a
%{_qt5_libdir}/libQt5EdidSupport.prl
%{_qt5_libdir}/libQt5XkbCommonSupport.*a
%{_qt5_libdir}/libQt5XkbCommonSupport.prl
%if 0%{?examples}
%files examples
@ -966,10 +966,8 @@ fi
%{_qt5_plugindir}/generic/libqevdevmouseplugin.so
%{_qt5_plugindir}/generic/libqevdevtabletplugin.so
%{_qt5_plugindir}/generic/libqevdevtouchplugin.so
%if 0%{?fedora}
%{_qt5_plugindir}/generic/libqlibinputplugin.so
%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QLibInputPlugin.cmake
%endif
%{_qt5_plugindir}/generic/libqtuiotouchplugin.so
%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEvdevKeyboardPlugin.cmake
%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEvdevMousePlugin.cmake
@ -1026,6 +1024,14 @@ fi
%changelog
* Thu Apr 15 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-Ě
- Drop apache2 test server from unit tests to drop perl(CGI) dependency
Resolves: bz#1930040
* Mon Mar 29 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-1
- 5.15.2 + sync with Fedora
Resolves: bz#1930040
* Mon Oct 05 2020 Jan Grulich <jgrulich@redhat.com> - 5.12.5-8
- Build against system xkb and openssl 1.1
Resolves: bz#1882375