From b14233a09457ee77b48bfae8c663d237452507ff Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Mon, 27 Feb 2023 10:19:00 +0100
Subject: [PATCH] Refresh kde-5.15-rollup patch

---
 .gitignore                       |   1 +
 CVE-2023-24607-qtbase-5.15.patch | 332 -------------------------------
 qt5-qtbase.spec                  |  12 +-
 sources                          |   2 +-
 4 files changed, 8 insertions(+), 339 deletions(-)
 delete mode 100644 CVE-2023-24607-qtbase-5.15.patch

diff --git a/.gitignore b/.gitignore
index c1cb017..9ee0c48 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,3 +16,4 @@
 /kde-5.15-rollup-20221031.patch.gz
 /qtbase-everywhere-opensource-src-5.15.8.tar.xz
 /kde-5.15-rollup-20230105.patch.gz
+/kde-5.15-rollup-20230227.patch.gz
diff --git a/CVE-2023-24607-qtbase-5.15.patch b/CVE-2023-24607-qtbase-5.15.patch
deleted file mode 100644
index 2f09737..0000000
--- a/CVE-2023-24607-qtbase-5.15.patch
+++ /dev/null
@@ -1,332 +0,0 @@
---- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
-+++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
-@@ -92,23 +92,39 @@ inline static QString fromSQLTCHAR(const QVarLengthArray<SQLTCHAR>& input, int s
-     return result;
- }
- 
-+template <size_t SizeOfChar = sizeof(SQLTCHAR)>
-+void toSQLTCHARImpl(QVarLengthArray<SQLTCHAR> &result, const QString &input); // primary template undefined
-+
-+template <typename Container>
-+void do_append(QVarLengthArray<SQLTCHAR> &result, const Container &c)
-+{
-+    result.append(reinterpret_cast<const SQLTCHAR *>(c.data()), c.size());
-+}
-+
-+template <>
-+void toSQLTCHARImpl<1>(QVarLengthArray<SQLTCHAR> &result, const QString &input)
-+{
-+    const auto u8 = input.toUtf8();
-+    do_append(result, u8);
-+}
-+
-+template <>
-+void toSQLTCHARImpl<2>(QVarLengthArray<SQLTCHAR> &result, const QString &input)
-+{
-+    do_append(result, input);
-+}
-+
-+template <>
-+void toSQLTCHARImpl<4>(QVarLengthArray<SQLTCHAR> &result, const QString &input)
-+{
-+    const auto u32 = input.toUcs4();
-+    do_append(result, u32);
-+}
-+
- inline static QVarLengthArray<SQLTCHAR> toSQLTCHAR(const QString &input)
- {
-     QVarLengthArray<SQLTCHAR> result;
--    result.resize(input.size());
--    switch(sizeof(SQLTCHAR)) {
--        case 1:
--            memcpy(result.data(), input.toUtf8().data(), input.size());
--            break;
--        case 2:
--            memcpy(result.data(), input.unicode(), input.size() * 2);
--            break;
--        case 4:
--            memcpy(result.data(), input.toUcs4().data(), input.size() * 4);
--            break;
--        default:
--            qCritical("sizeof(SQLTCHAR) is %d. Don't know how to handle this.", int(sizeof(SQLTCHAR)));
--    }
-+    toSQLTCHARImpl(result, input);
-     result.append(0); // make sure it's null terminated, doesn't matter if it already is, it does if it isn't.
-     return result;
- }
-
---- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
-+++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
-@@ -1732,10 +1732,11 @@ bool QODBCResult::exec()
-             case QVariant::String:
-                 if (d->unicode) {
-                     if (bindValueType(i) & QSql::Out) {
--                        const QByteArray &first = tmpStorage.at(i);
--                        QVarLengthArray<SQLTCHAR> array;
--                        array.append((const SQLTCHAR *)first.constData(), first.size());
--                        values[i] = fromSQLTCHAR(array, first.size()/sizeof(SQLTCHAR));
-+                        const QByteArray &bytes = tmpStorage.at(i);
-+                        const auto strSize = bytes.size() / int(sizeof(SQLTCHAR));
-+                        QVarLengthArray<SQLTCHAR> string(strSize);
-+                        memcpy(string.data(), bytes.data(), strSize * sizeof(SQLTCHAR));
-+                        values[i] = fromSQLTCHAR(string);
-                     }
-                     break;
-                 }
-
---- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
-+++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
-@@ -779,6 +779,14 @@ QChar QODBCDriverPrivate::quoteChar()
-     return quote;
- }
-
-+static SQLRETURN qt_string_SQLSetConnectAttr(SQLHDBC handle, SQLINTEGER attr, const QString &val)
-+{
-+    auto encoded = toSQLTCHAR(val);
-+    return SQLSetConnectAttr(handle, attr,
-+                             encoded.data(),
-+                             SQLINTEGER(encoded.size() * sizeof(SQLTCHAR))); // size in bytes
-+}
-+
-
- bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
- {
-@@ -814,10 +822,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
-             v = val.toUInt();
-             r = SQLSetConnectAttr(hDbc, SQL_ATTR_LOGIN_TIMEOUT, (SQLPOINTER) size_t(v), 0);
-         } else if (opt.toUpper() == QLatin1String("SQL_ATTR_CURRENT_CATALOG")) {
--            val.utf16(); // 0 terminate
--            r = SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG,
--                                    toSQLTCHAR(val).data(),
--                                    val.length()*sizeof(SQLTCHAR));
-+            r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG, val);
-         } else if (opt.toUpper() == QLatin1String("SQL_ATTR_METADATA_ID")) {
-             if (val.toUpper() == QLatin1String("SQL_TRUE")) {
-                 v = SQL_TRUE;
-@@ -832,10 +837,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
-             v = val.toUInt();
-             r = SQLSetConnectAttr(hDbc, SQL_ATTR_PACKET_SIZE, (SQLPOINTER) size_t(v), 0);
-         } else if (opt.toUpper() == QLatin1String("SQL_ATTR_TRACEFILE")) {
--            val.utf16(); // 0 terminate
--            r = SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE,
--                                    toSQLTCHAR(val).data(),
--                                    val.length()*sizeof(SQLTCHAR));
-+            r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, val);
-         } else if (opt.toUpper() == QLatin1String("SQL_ATTR_TRACE")) {
-             if (val.toUpper() == QLatin1String("SQL_OPT_TRACE_OFF")) {
-                 v = SQL_OPT_TRACE_OFF;
-@@ -1038,9 +1040,12 @@ bool QODBCResult::reset (const QString& query)
-         return false;
-     }
-
--    r = SQLExecDirect(d->hStmt,
--                       toSQLTCHAR(query).data(),
--                       (SQLINTEGER) query.length());
-+    {
-+        auto encoded = toSQLTCHAR(query);
-+        r = SQLExecDirect(d->hStmt,
-+                          encoded.data(),
-+                          SQLINTEGER(encoded.size()));
-+    }
-     if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO && r!= SQL_NO_DATA) {
-         setLastError(qMakeError(QCoreApplication::translate("QODBCResult",
-                      "Unable to execute statement"), QSqlError::StatementError, d));
-@@ -1387,9 +1392,12 @@ bool QODBCResult::prepare(const QString& query)
-         return false;
-     }
-
--    r = SQLPrepare(d->hStmt,
--                    toSQLTCHAR(query).data(),
--                    (SQLINTEGER) query.length());
-+    {
-+        auto encoded = toSQLTCHAR(query);
-+        r = SQLPrepare(d->hStmt,
-+                       encoded.data(),
-+                       SQLINTEGER(encoded.size()));
-+    }
-
-     if (r != SQL_SUCCESS) {
-         setLastError(qMakeError(QCoreApplication::translate("QODBCResult",
-@@ -1417,7 +1425,7 @@ bool QODBCResult::exec()
-         SQLCloseCursor(d->hStmt);
-
-     QVector<QVariant>& values = boundValues();
--    QVector<QByteArray> tmpStorage(values.count(), QByteArray()); // holds temporary buffers
-+    QVector<QByteArray> tmpStorage(values.count(), QByteArray()); // targets for SQLBindParameter()
-     QVarLengthArray<SQLLEN, 32> indicators(values.count());
-     memset(indicators.data(), 0, indicators.size() * sizeof(SQLLEN));
-
-@@ -1596,35 +1604,36 @@ bool QODBCResult::exec()
-             case QVariant::String:
-                 if (d->unicode) {
-                     QByteArray &ba = tmpStorage[i];
--                    QString str = val.toString();
-+                    {
-+                        const auto encoded = toSQLTCHAR(val.toString());
-+                        ba = QByteArray(reinterpret_cast<const char *>(encoded.data()),
-+                                        encoded.size() * sizeof(SQLTCHAR));
-+                    }
-+
-                     if (*ind != SQL_NULL_DATA)
--                        *ind = str.length() * sizeof(SQLTCHAR);
--                    int strSize = str.length() * sizeof(SQLTCHAR);
-+                        *ind = ba.size();
-
-                     if (bindValueType(i) & QSql::Out) {
--                        const QVarLengthArray<SQLTCHAR> a(toSQLTCHAR(str));
--                        ba = QByteArray((const char *)a.constData(), a.size() * sizeof(SQLTCHAR));
-                         r = SQLBindParameter(d->hStmt,
-                                             i + 1,
-                                             qParamType[bindValueType(i) & QSql::InOut],
-                                             SQL_C_TCHAR,
--                                            strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR,
-+                                            ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR,
-                                             0, // god knows... don't change this!
-                                             0,
--                                            ba.data(),
-+                                            const_cast<char *>(ba.constData()), // don't detach
-                                             ba.size(),
-                                             ind);
-                         break;
-                     }
--                    ba = QByteArray ((const char *)toSQLTCHAR(str).constData(), str.size()*sizeof(SQLTCHAR));
-                     r = SQLBindParameter(d->hStmt,
-                                           i + 1,
-                                           qParamType[bindValueType(i) & QSql::InOut],
-                                           SQL_C_TCHAR,
--                                          strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR,
--                                          strSize,
-+                                          ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR,
-+                                          ba.size(),
-                                           0,
--                                          const_cast<char *>(ba.constData()),
-+                                          const_cast<char *>(ba.constData()), // don't detach
-                                           ba.size(),
-                                           ind);
-                     break;
-@@ -1982,14 +1991,16 @@ bool QODBCDriver::open(const QString & db,
-     SQLSMALLINT cb;
-     QVarLengthArray<SQLTCHAR> connOut(1024);
-     memset(connOut.data(), 0, connOut.size() * sizeof(SQLTCHAR));
--    r = SQLDriverConnect(d->hDbc,
--                          NULL,
--                          toSQLTCHAR(connQStr).data(),
--                          (SQLSMALLINT)connQStr.length(),
--                          connOut.data(),
--                          1024,
--                          &cb,
--                          /*SQL_DRIVER_NOPROMPT*/0);
-+    {
-+        auto encoded = toSQLTCHAR(connQStr);
-+        r = SQLDriverConnect(d->hDbc,
-+                             nullptr,
-+                             encoded.data(), SQLSMALLINT(encoded.size()),
-+                             connOut.data(),
-+                             1024,
-+                             &cb,
-+                             /*SQL_DRIVER_NOPROMPT*/0);
-+    }
-
-     if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO) {
-         setLastError(qMakeError(tr("Unable to connect"), QSqlError::ConnectionError, d));
-@@ -2368,17 +2379,15 @@ QStringList QODBCDriver::tables(QSql::TableType type) const
-     if (tableType.isEmpty())
-         return tl;
-
--    QString joinedTableTypeString = tableType.join(QLatin1Char(','));
-+    {
-+        auto joinedTableTypeString = toSQLTCHAR(tableType.join(u','));
-
--    r = SQLTables(hStmt,
--                   NULL,
--                   0,
--                   NULL,
--                   0,
--                   NULL,
--                   0,
--                   toSQLTCHAR(joinedTableTypeString).data(),
--                   joinedTableTypeString.length() /* characters, not bytes */);
-+        r = SQLTables(hStmt,
-+                      nullptr, 0,
-+                      nullptr, 0,
-+                      nullptr, 0,
-+                      joinedTableTypeString.data(), joinedTableTypeString.size());
-+    }
-
-     if (r != SQL_SUCCESS)
-         qSqlWarning(QLatin1String("QODBCDriver::tables Unable to execute table list"), d);
-@@ -2452,28 +2461,30 @@ QSqlIndex QODBCDriver::primaryIndex(const QString& tablename) const
-                         SQL_ATTR_CURSOR_TYPE,
-                         (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY,
-                         SQL_IS_UINTEGER);
--    r = SQLPrimaryKeys(hStmt,
--                        catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(),
--                        catalog.length(),
--                        schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(),
--                        schema.length(),
--                        toSQLTCHAR(table).data(),
--                        table.length() /* in characters, not in bytes */);
-+    {
-+        auto c = toSQLTCHAR(catalog);
-+        auto s = toSQLTCHAR(schema);
-+        auto t = toSQLTCHAR(table);
-+        r = SQLPrimaryKeys(hStmt,
-+                           catalog.isEmpty() ? nullptr : c.data(), c.size(),
-+                           schema.isEmpty()  ? nullptr : s.data(), s.size(),
-+                           t.data(), t.size());
-+    }
-
-     // if the SQLPrimaryKeys() call does not succeed (e.g the driver
-     // does not support it) - try an alternative method to get hold of
-     // the primary index (e.g MS Access and FoxPro)
-     if (r != SQL_SUCCESS) {
--            r = SQLSpecialColumns(hStmt,
--                        SQL_BEST_ROWID,
--                        catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(),
--                        catalog.length(),
--                        schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(),
--                        schema.length(),
--                        toSQLTCHAR(table).data(),
--                        table.length(),
--                        SQL_SCOPE_CURROW,
--                        SQL_NULLABLE);
-+        auto c = toSQLTCHAR(catalog);
-+        auto s = toSQLTCHAR(schema);
-+        auto t = toSQLTCHAR(table);
-+        r = SQLSpecialColumns(hStmt,
-+                              SQL_BEST_ROWID,
-+                              catalog.isEmpty() ? nullptr : c.data(), c.size(),
-+                              schema.isEmpty()  ? nullptr : s.data(), s.size(),
-+                              t.data(), t.size(),
-+                              SQL_SCOPE_CURROW,
-+                              SQL_NULLABLE);
-
-             if (r != SQL_SUCCESS) {
-                 qSqlWarning(QLatin1String("QODBCDriver::primaryIndex: Unable to execute primary key list"), d);
-@@ -2554,15 +2565,17 @@ QSqlRecord QODBCDriver::record(const QString& tablename) const
-                         SQL_ATTR_CURSOR_TYPE,
-                         (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY,
-                         SQL_IS_UINTEGER);
--    r =  SQLColumns(hStmt,
--                     catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(),
--                     catalog.length(),
--                     schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(),
--                     schema.length(),
--                     toSQLTCHAR(table).data(),
--                     table.length(),
--                     NULL,
--                     0);
-+    {
-+        auto c = toSQLTCHAR(catalog);
-+        auto s = toSQLTCHAR(schema);
-+        auto t = toSQLTCHAR(table);
-+        r =  SQLColumns(hStmt,
-+                        catalog.isEmpty() ? nullptr : c.data(), c.size(),
-+                        schema.isEmpty()  ? nullptr : s.data(), s.size(),
-+                        t.data(), t.size(),
-+                        nullptr,
-+                        0);
-+    }
-     if (r != SQL_SUCCESS)
-         qSqlWarning(QLatin1String("QODBCDriver::record: Unable to execute column list"), d);
-
diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index 4f93ea6..3d51816 100644
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -53,7 +53,7 @@
 Name:    qt5-qtbase
 Summary: Qt5 - QtBase components
 Version: 5.15.8
-Release: 5%{?dist}
+Release: 6%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, for exception details
 License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0
@@ -135,13 +135,11 @@ Patch90: %{name}-gcc11.patch
 # https://invent.kde.org/qt/qt/qtbase, kde/5.15 branch
 # git diff v5.15.8-lts-lgpl..HEAD | gzip > kde-5.15-rollup-$(date +%Y%m%d).patch.gz
 # patch100 in lookaside cache due to large'ish size -- rdieter
-Patch100: kde-5.15-rollup-20230105.patch.gz
+Patch100: kde-5.15-rollup-20230227.patch.gz
 # HACK to make 'fedpkg sources' consider it 'used"
-Source100: kde-5.15-rollup-20230105.patch.gz
+Source100: kde-5.15-rollup-20230227.patch.gz
 
 Patch101: qtbase-5.15.8-fix-missing-qtsan-include.patch
-# CVE-2023-24607 in Qt SQL ODBC driver plugin
-Patch102: CVE-2023-24607-qtbase-5.15.patch
 
 # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
 # Those themes are there for platform integration. If the required libraries are
@@ -418,7 +416,6 @@ Qt5 libraries used for drawing widgets and OpenGL items.
 ## upstream patches
 %patch100 -p1
 %patch101 -p1
-%patch102 -p1
 
 # move some bundled libs to ensure they're not accidentally used
 pushd src/3rdparty
@@ -1098,6 +1095,9 @@ fi
 
 
 %changelog
+* Mon Feb 27 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.8-6
+- refresh kde-5.15-rollup patch
+
 * Wed Feb 08 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.8-5
 - Fix possible DOS involving the Qt SQL ODBC driver plugin
   CVE-2023-24607
diff --git a/sources b/sources
index b0afb49..de36a5c 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 SHA512 (qtbase-everywhere-opensource-src-5.15.8.tar.xz) = 29e8877bafdbc908072209f1b27a5040b022e2b71f17f4ab4cecd570adeae21597f9af7f1d38758760f3cb30376eeb15c5f066bf02c6e9a9e3a4d07f967046ce
-SHA512 (kde-5.15-rollup-20230105.patch.gz) = 837987cbb0e31179170c938fb0fb0e431e41273be53b737fa183aeb114eca2c8c36cba5ce65c51c145e7f43c2fd8789a3a8156d61b7127dc08929802fbb848c8
+SHA512 (kde-5.15-rollup-20230227.patch.gz) = beb2171fe7eda2074dc28f35f001a71a94418cf17b9a5556b8f2041ed2f9b654f0aadcd02ec48a734cb8dccabd3f4ec971a8e389bef67c94398a11698278e1bc