From 7e8af6e6c29c14cec57b2c13ec3e9a55efdb2a6f Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Tue, 24 Jun 2025 08:11:29 +0000
Subject: [PATCH] import CS qt5-qtbase-5.15.9-11.el9_6

---
 SOURCES/CVE-2025-5455-qtbase-5.15.patch | 20 ++++++++++++++++++++
 SPECS/qt5-qtbase.spec                   |  8 +++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/CVE-2025-5455-qtbase-5.15.patch

diff --git a/SOURCES/CVE-2025-5455-qtbase-5.15.patch b/SOURCES/CVE-2025-5455-qtbase-5.15.patch
new file mode 100644
index 0000000..9cee864
--- /dev/null
+++ b/SOURCES/CVE-2025-5455-qtbase-5.15.patch
@@ -0,0 +1,20 @@
+diff --git a/src/corelib/io/qdataurl.cpp b/src/corelib/io/qdataurl.cpp
+index f14d399301f..83e59e3ac00 100644
+--- a/src/corelib/io/qdataurl.cpp
++++ b/src/corelib/io/qdataurl.cpp
+@@ -76,10 +76,11 @@ Q_CORE_EXPORT bool qDecodeDataUrl(const QUrl &uri, QString &mimeType, QByteArray
+         }
+ 
+         if (data.toLower().startsWith("charset")) {
+-            int i = 7;      // strlen("charset")
+-            while (data.at(i) == ' ')
+-                ++i;
+-            if (data.at(i) == '=')
++            int prefixSize = 7; // strlen("charset")
++            QLatin1String copy(data.constData() + prefixSize, data.size() - prefixSize);
++            while (copy.startsWith(QLatin1String(" ")))
++                copy = copy.mid(1);
++            if (copy.startsWith(QLatin1String("=")))
+                 data.prepend("text/plain;");
+         }
+ 
diff --git a/SPECS/qt5-qtbase.spec b/SPECS/qt5-qtbase.spec
index a7aab58..04efe3b 100644
--- a/SPECS/qt5-qtbase.spec
+++ b/SPECS/qt5-qtbase.spec
@@ -57,7 +57,7 @@ BuildRequires: pkgconfig(libsystemd)
 Name:    qt5-qtbase
 Summary: Qt5 - QtBase components
 Version: 5.15.9
-Release: 10%{?dist}
+Release: 11%{?dist}
 
 
 # See LGPL_EXCEPTIONS.txt, for exception details
@@ -153,6 +153,7 @@ Patch116: 0001-CVE-2023-51714-qtbase-5.15.patch
 Patch117: 0002-CVE-2023-51714-qtbase-5.15.patch
 Patch118: CVE-2024-25580-qtbase-5.15.patch
 Patch119: CVE-2024-39936.patch
+Patch120: CVE-2025-5455-qtbase-5.15.patch
 
 # gating related patches
 Patch200: qtbase-disable-tests-not-working-in-gating.patch
@@ -446,6 +447,7 @@ Qt5 libraries used for drawing widgets and OpenGL items.
 %patch -P117 -p1
 %patch -P118 -p1
 %patch -P119 -p1
+%patch -P120 -p1
 
 ## gating related patches
 %patch -P200 -p1 -b .disable-tests-not-working-in-gating
@@ -1146,6 +1148,10 @@ fi
 
 
 %changelog
+* Thu Jun 12 2025 Jan Grulich <jgrulich@redhat.com> - 5.15.9-11
+- qt5: QtCore Assertion Failure Denial of Service
+  Resolves: RHEL-96231
+
 * Wed Jul 11 2024 Jan Grulich <jgrulich@redhat.com> - 5.15.9-10
 - HTTP2: Delay any communication until encrypted() can be responded to
   Resolves: RHEL-46351