import CS qt5-qtbase-5.15.9-7.el9
This commit is contained in:
		
							parent
							
								
									736fba2665
								
							
						
					
					
						commit
						f5014e5fe7
					
				
							
								
								
									
										4
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										4
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @ -1,2 +1,2 @@ | |||||||
| SOURCES/kde-5.15-rollup-20220324.patch.gz | SOURCES/kde-5.15-rollup-20230411.patch.gz | ||||||
| SOURCES/qtbase-everywhere-opensource-src-5.15.3.tar.xz | SOURCES/qtbase-everywhere-opensource-src-5.15.9.tar.xz | ||||||
|  | |||||||
| @ -1,2 +1,2 @@ | |||||||
| 981f5fbeb315c2e4adc122cee944368598466b67 SOURCES/kde-5.15-rollup-20220324.patch.gz | 677b605bf6033bdfa84a676096ec6e77da6e844d SOURCES/kde-5.15-rollup-20230411.patch.gz | ||||||
| d7383126e1f412ef26096692b9e50a1887eb11f7 SOURCES/qtbase-everywhere-opensource-src-5.15.3.tar.xz | a5bbeafa6319cd3e666b12ccc722a357de7230be SOURCES/qtbase-everywhere-opensource-src-5.15.9.tar.xz | ||||||
|  | |||||||
							
								
								
									
										13
									
								
								SOURCES/CVE-2023-32762-qtbase-5.15.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								SOURCES/CVE-2023-32762-qtbase-5.15.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,13 @@ | |||||||
|  | --- a/src/network/access/qhsts.cpp
 | ||||||
|  | +++ b/src/network/access/qhsts.cpp
 | ||||||
|  | @@ -364,8 +364,8 @@ quoted-pair    = "\" CHAR
 | ||||||
|  |  bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers) | ||||||
|  |  { | ||||||
|  |      for (const auto &h : headers) { | ||||||
|  | -        // We use '==' since header name was already 'trimmed' for us:
 | ||||||
|  | -        if (h.first == "Strict-Transport-Security") {
 | ||||||
|  | +        // We compare directly because header name was already 'trimmed' for us:
 | ||||||
|  | +        if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
 | ||||||
|  |              header = h.second; | ||||||
|  |              // RFC6797, 8.1: | ||||||
|  |              // | ||||||
							
								
								
									
										49
									
								
								SOURCES/CVE-2023-32763-qtbase-5.15.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										49
									
								
								SOURCES/CVE-2023-32763-qtbase-5.15.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,49 @@ | |||||||
|  | diff --git a/src/gui/painting/qfixed_p.h b/src/gui/painting/qfixed_p.h
 | ||||||
|  | index 84659288..57d750a4 100644
 | ||||||
|  | --- a/src/gui/painting/qfixed_p.h
 | ||||||
|  | +++ b/src/gui/painting/qfixed_p.h
 | ||||||
|  | @@ -54,6 +54,7 @@
 | ||||||
|  |  #include <QtGui/private/qtguiglobal_p.h> | ||||||
|  |  #include "QtCore/qdebug.h" | ||||||
|  |  #include "QtCore/qpoint.h" | ||||||
|  | +#include <QtCore/private/qnumeric_p.h>
 | ||||||
|  |  #include "QtCore/qsize.h" | ||||||
|  |   | ||||||
|  |  QT_BEGIN_NAMESPACE | ||||||
|  | @@ -182,6 +183,14 @@ Q_DECL_CONSTEXPR inline bool operator<(int i, const QFixed &f) { return i * 64 <
 | ||||||
|  |  Q_DECL_CONSTEXPR inline bool operator>(const QFixed &f, int i) { return f.value() > i * 64; } | ||||||
|  |  Q_DECL_CONSTEXPR inline bool operator>(int i, const QFixed &f) { return i * 64 > f.value(); } | ||||||
|  |   | ||||||
|  | +inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r)
 | ||||||
|  | +{
 | ||||||
|  | +    int val;
 | ||||||
|  | +    bool result = add_overflow(v1.value(), v2.value(), &val);
 | ||||||
|  | +    r->setValue(val);
 | ||||||
|  | +    return result;
 | ||||||
|  | +}
 | ||||||
|  | +
 | ||||||
|  |  #ifndef QT_NO_DEBUG_STREAM | ||||||
|  |  inline QDebug &operator<<(QDebug &dbg, const QFixed &f) | ||||||
|  |  { return dbg << f.toReal(); } | ||||||
|  | diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp
 | ||||||
|  | index 26ac37b0..f6c69ff4 100644
 | ||||||
|  | --- a/src/gui/text/qtextlayout.cpp
 | ||||||
|  | +++ b/src/gui/text/qtextlayout.cpp
 | ||||||
|  | @@ -2150,11 +2150,14 @@ found:
 | ||||||
|  |          eng->maxWidth = qMax(eng->maxWidth, line.textWidth); | ||||||
|  |      } else { | ||||||
|  |          eng->minWidth = qMax(eng->minWidth, lbh.minw); | ||||||
|  | -        eng->maxWidth += line.textWidth;
 | ||||||
|  | +        if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth))
 | ||||||
|  | +            eng->maxWidth = QFIXED_MAX;
 | ||||||
|  |      } | ||||||
|  |   | ||||||
|  | -    if (line.textWidth > 0 && item < eng->layoutData->items.size())
 | ||||||
|  | -        eng->maxWidth += lbh.spaceData.textWidth;
 | ||||||
|  | +    if (line.textWidth > 0 && item < eng->layoutData->items.size()) {
 | ||||||
|  | +        if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, &eng->maxWidth))
 | ||||||
|  | +            eng->maxWidth = QFIXED_MAX;
 | ||||||
|  | +    }
 | ||||||
|  |   | ||||||
|  |      line.textWidth += trailingSpace; | ||||||
|  |      if (lbh.spaceData.length) { | ||||||
							
								
								
									
										97
									
								
								SOURCES/CVE-2023-33285-qtbase-5.15.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										97
									
								
								SOURCES/CVE-2023-33285-qtbase-5.15.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,97 @@ | |||||||
|  | From 2103f2487f709dd9546c503820d9ad509e9a63b3 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Thiago Macieira <thiago.macieira@intel.com> | ||||||
|  | Date: Thu, 11 May 2023 21:40:15 -0700 | ||||||
|  | Subject: QDnsLookup/Unix: make sure we don't overflow the buffer | ||||||
|  | MIME-Version: 1.0 | ||||||
|  | Content-Type: text/plain; charset=UTF-8 | ||||||
|  | Content-Transfer-Encoding: 8bit | ||||||
|  | 
 | ||||||
|  | The DNS Records are variable length and encode their size in 16 bits | ||||||
|  | before the Record Data (RDATA). Ensure that both the RDATA and the | ||||||
|  | Record header fields before it fall inside the buffer we have. | ||||||
|  | 
 | ||||||
|  | Additionally reject any replies containing more than one query records. | ||||||
|  | 
 | ||||||
|  | [ChangeLog][QtNetwork][QDnsLookup] Fixed a bug that could cause a buffer | ||||||
|  | overflow in Unix systems while parsing corrupt, malicious, or truncated | ||||||
|  | replies. | ||||||
|  | 
 | ||||||
|  | Pick-to: 5.15 6.2 6.5 6.5.1 | ||||||
|  | Change-Id: I3e3bfef633af4130a03afffd175e4b9547654b95 | ||||||
|  | Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> | ||||||
|  | Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io> | ||||||
|  | (cherry picked from commit 7dba2c87619d558a61a30eb30cc1d9c3fe6df94c) | ||||||
|  | 
 | ||||||
|  | * asturmlechner 2023-05-18: Resolve conflict with dev branch commit | ||||||
|  |   68b625901f9eb7c34e3d7aa302e1c0a454d3190b | ||||||
|  | 
 | ||||||
|  | diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp
 | ||||||
|  | index 12b40fc35d..99e999d436 100644
 | ||||||
|  | --- a/src/network/kernel/qdnslookup_unix.cpp
 | ||||||
|  | +++ b/src/network/kernel/qdnslookup_unix.cpp
 | ||||||
|  | @@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
 | ||||||
|  |      // responseLength in case of error, we still can extract the | ||||||
|  |      // exact error code from the response. | ||||||
|  |      HEADER *header = (HEADER*)response; | ||||||
|  | -    const int answerCount = ntohs(header->ancount);
 | ||||||
|  |      switch (header->rcode) { | ||||||
|  |      case NOERROR: | ||||||
|  |          break; | ||||||
|  | @@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
 | ||||||
|  |          return; | ||||||
|  |      } | ||||||
|  | 
 | ||||||
|  | -    // Skip the query host, type (2 bytes) and class (2 bytes).
 | ||||||
|  |      char host[PACKETSZ], answer[PACKETSZ]; | ||||||
|  |      unsigned char *p = response + sizeof(HEADER); | ||||||
|  | -    int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
 | ||||||
|  | -    if (status < 0) {
 | ||||||
|  | +    int status;
 | ||||||
|  | +
 | ||||||
|  | +    if (ntohs(header->qdcount) == 1) {
 | ||||||
|  | +        // Skip the query host, type (2 bytes) and class (2 bytes).
 | ||||||
|  | +        status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
 | ||||||
|  | +        if (status < 0) {
 | ||||||
|  | +            reply->error = QDnsLookup::InvalidReplyError;
 | ||||||
|  | +            reply->errorString = tr("Could not expand domain name");
 | ||||||
|  | +            return;
 | ||||||
|  | +        }
 | ||||||
|  | +        if ((p - response) + status + 4 >= responseLength)
 | ||||||
|  | +            header->qdcount = 0xffff;   // invalid reply below
 | ||||||
|  | +        else
 | ||||||
|  | +            p += status + 4;
 | ||||||
|  | +    }
 | ||||||
|  | +    if (ntohs(header->qdcount) > 1) {
 | ||||||
|  |          reply->error = QDnsLookup::InvalidReplyError; | ||||||
|  | -        reply->errorString = tr("Could not expand domain name");
 | ||||||
|  | +        reply->errorString = tr("Invalid reply received");
 | ||||||
|  |          return; | ||||||
|  |      } | ||||||
|  | -    p += status + 4;
 | ||||||
|  | 
 | ||||||
|  |      // Extract results. | ||||||
|  | +    const int answerCount = ntohs(header->ancount);
 | ||||||
|  |      int answerIndex = 0; | ||||||
|  |      while ((p < response + responseLength) && (answerIndex < answerCount)) { | ||||||
|  |          status = local_dn_expand(response, response + responseLength, p, host, sizeof(host)); | ||||||
|  | @@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
 | ||||||
|  |          const QString name = QUrl::fromAce(host); | ||||||
|  | 
 | ||||||
|  |          p += status; | ||||||
|  | +
 | ||||||
|  | +        if ((p - response) + 10 > responseLength) {
 | ||||||
|  | +            // probably just a truncated reply, return what we have
 | ||||||
|  | +            return;
 | ||||||
|  | +        }
 | ||||||
|  |          const quint16 type = (p[0] << 8) | p[1]; | ||||||
|  |          p += 2; // RR type | ||||||
|  |          p += 2; // RR class | ||||||
|  | @@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
 | ||||||
|  |          p += 4; | ||||||
|  |          const quint16 size = (p[0] << 8) | p[1]; | ||||||
|  |          p += 2; | ||||||
|  | +        if ((p - response) + size > responseLength)
 | ||||||
|  | +            return;             // truncated
 | ||||||
|  | 
 | ||||||
|  |          if (type == QDnsLookup::A) { | ||||||
|  |              if (size != 4) { | ||||||
							
								
								
									
										54
									
								
								SOURCES/CVE-2023-34410-qtbase-5.15.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										54
									
								
								SOURCES/CVE-2023-34410-qtbase-5.15.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,54 @@ | |||||||
|  | --- a/src/network/ssl/qsslsocket_schannel.cpp
 | ||||||
|  | +++ b/src/network/ssl/qsslsocket_schannel.cpp
 | ||||||
|  | @@ -1880,6 +1880,28 @@ bool QSslSocketBackendPrivate::verifyCertContext(CERT_CONTEXT *certContext)
 | ||||||
|  |      if (configuration.peerVerifyDepth > 0 && DWORD(configuration.peerVerifyDepth) < verifyDepth) | ||||||
|  |          verifyDepth = DWORD(configuration.peerVerifyDepth); | ||||||
|  | 
 | ||||||
|  | +    const auto &caCertificates = q->sslConfiguration().caCertificates();
 | ||||||
|  | +
 | ||||||
|  | +    if (!rootCertOnDemandLoadingAllowed()
 | ||||||
|  | +            && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN)
 | ||||||
|  | +            && (q->peerVerifyMode() == QSslSocket::VerifyPeer
 | ||||||
|  | +                    || (isClient && q->peerVerifyMode() == QSslSocket::AutoVerifyPeer))) {
 | ||||||
|  | +        // When verifying a peer Windows "helpfully" builds a chain that
 | ||||||
|  | +        // may include roots from the system store. But we don't want that if
 | ||||||
|  | +        // the user has set their own CA certificates.
 | ||||||
|  | +        // Since Windows claims this is not a partial chain the root is included
 | ||||||
|  | +        // and we have to check that it is one of our configured CAs.
 | ||||||
|  | +        CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1];
 | ||||||
|  | +        QSslCertificate certificate = getCertificateFromChainElement(element);
 | ||||||
|  | +        if (!caCertificates.contains(certificate)) {
 | ||||||
|  | +            auto error = QSslError(QSslError::CertificateUntrusted, certificate);
 | ||||||
|  | +            sslErrors += error;
 | ||||||
|  | +            emit q->peerVerifyError(error);
 | ||||||
|  | +            if (q->state() != QAbstractSocket::ConnectedState)
 | ||||||
|  | +                return false;
 | ||||||
|  | +        }
 | ||||||
|  | +    }
 | ||||||
|  | +
 | ||||||
|  |      for (DWORD i = 0; i < verifyDepth; i++) { | ||||||
|  |          CERT_CHAIN_ELEMENT *element = chain->rgpElement[i]; | ||||||
|  |          QSslCertificate certificate = getCertificateFromChainElement(element); | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | --- a/src/network/ssl/qsslsocket.cpp
 | ||||||
|  | +++ b/src/network/ssl/qsslsocket.cpp
 | ||||||
|  | @@ -2221,6 +2221,10 @@ QSslSocketPrivate::QSslSocketPrivate()
 | ||||||
|  |      , flushTriggered(false) | ||||||
|  |  { | ||||||
|  |      QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration); | ||||||
|  | +    // If the global configuration doesn't allow root certificates to be loaded
 | ||||||
|  | +    // on demand then we have to disable it for this socket as well.
 | ||||||
|  | +    if (!configuration.allowRootCertOnDemandLoading)
 | ||||||
|  | +        allowRootCertOnDemandLoading = false;
 | ||||||
|  |  } | ||||||
|  | 
 | ||||||
|  |  /*! | ||||||
|  | @@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
 | ||||||
|  |      ptr->sessionProtocol = global->sessionProtocol; | ||||||
|  |      ptr->ciphers = global->ciphers; | ||||||
|  |      ptr->caCertificates = global->caCertificates; | ||||||
|  | +    ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
 | ||||||
|  |      ptr->protocol = global->protocol; | ||||||
|  |      ptr->peerVerifyMode = global->peerVerifyMode; | ||||||
|  |      ptr->peerVerifyDepth = global->peerVerifyDepth; | ||||||
							
								
								
									
										203
									
								
								SOURCES/CVE-2023-37369-qtbase-5.15.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										203
									
								
								SOURCES/CVE-2023-37369-qtbase-5.15.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,203 @@ | |||||||
|  | diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp
 | ||||||
|  | index 7cd457ba3a..11d162cb79 100644
 | ||||||
|  | --- a/src/corelib/serialization/qxmlstream.cpp
 | ||||||
|  | +++ b/src/corelib/serialization/qxmlstream.cpp
 | ||||||
|  | @@ -1302,15 +1302,18 @@ inline int QXmlStreamReaderPrivate::fastScanContentCharList()
 | ||||||
|  |      return n; | ||||||
|  |  } | ||||||
|  | 
 | ||||||
|  | -inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
 | ||||||
|  | +// Fast scan an XML attribute name (e.g. "xml:lang").
 | ||||||
|  | +inline QXmlStreamReaderPrivate::FastScanNameResult
 | ||||||
|  | +QXmlStreamReaderPrivate::fastScanName(Value *val)
 | ||||||
|  |  { | ||||||
|  |      int n = 0; | ||||||
|  |      uint c; | ||||||
|  |      while ((c = getChar()) != StreamEOF) { | ||||||
|  |          if (n >= 4096) { | ||||||
|  |              // This is too long to be a sensible name, and | ||||||
|  | -            // can exhaust memory
 | ||||||
|  | -            return 0;
 | ||||||
|  | +            // can exhaust memory, or the range of decltype(*prefix)
 | ||||||
|  | +            raiseNamePrefixTooLongError();
 | ||||||
|  | +            return {};
 | ||||||
|  |          } | ||||||
|  |          switch (c) { | ||||||
|  |          case '\n': | ||||||
|  | @@ -1339,23 +1342,23 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
 | ||||||
|  |          case '+': | ||||||
|  |          case '*': | ||||||
|  |              putChar(c); | ||||||
|  | -            if (prefix && *prefix == n+1) {
 | ||||||
|  | -                *prefix = 0;
 | ||||||
|  | +            if (val && val->prefix == n + 1) {
 | ||||||
|  | +                val->prefix = 0;
 | ||||||
|  |                  putChar(':'); | ||||||
|  |                  --n; | ||||||
|  |              } | ||||||
|  | -            return n;
 | ||||||
|  | +            return FastScanNameResult(n);
 | ||||||
|  |          case ':': | ||||||
|  | -            if (prefix) {
 | ||||||
|  | -                if (*prefix == 0) {
 | ||||||
|  | -                    *prefix = n+2;
 | ||||||
|  | +            if (val) {
 | ||||||
|  | +                if (val->prefix == 0) {
 | ||||||
|  | +                    val->prefix = n + 2;
 | ||||||
|  |                  } else { // only one colon allowed according to the namespace spec. | ||||||
|  |                      putChar(c); | ||||||
|  | -                    return n;
 | ||||||
|  | +                    return FastScanNameResult(n);
 | ||||||
|  |                  } | ||||||
|  |              } else { | ||||||
|  |                  putChar(c); | ||||||
|  | -                return n;
 | ||||||
|  | +                return FastScanNameResult(n);
 | ||||||
|  |              } | ||||||
|  |              Q_FALLTHROUGH(); | ||||||
|  |          default: | ||||||
|  | @@ -1364,12 +1367,12 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
 | ||||||
|  |          } | ||||||
|  |      } | ||||||
|  | 
 | ||||||
|  | -    if (prefix)
 | ||||||
|  | -        *prefix = 0;
 | ||||||
|  | +    if (val)
 | ||||||
|  | +        val->prefix = 0;
 | ||||||
|  |      int pos = textBuffer.size() - n; | ||||||
|  |      putString(textBuffer, pos); | ||||||
|  |      textBuffer.resize(pos); | ||||||
|  | -    return 0;
 | ||||||
|  | +    return FastScanNameResult(0);
 | ||||||
|  |  } | ||||||
|  | 
 | ||||||
|  |  enum NameChar { NameBeginning, NameNotBeginning, NotName }; | ||||||
|  | @@ -1878,6 +1881,14 @@ void QXmlStreamReaderPrivate::raiseWellFormedError(const QString &message)
 | ||||||
|  |      raiseError(QXmlStreamReader::NotWellFormedError, message); | ||||||
|  |  } | ||||||
|  | 
 | ||||||
|  | +void QXmlStreamReaderPrivate::raiseNamePrefixTooLongError()
 | ||||||
|  | +{
 | ||||||
|  | +    // TODO: add a ImplementationLimitsExceededError and use it instead
 | ||||||
|  | +    raiseError(QXmlStreamReader::NotWellFormedError,
 | ||||||
|  | +               QXmlStream::tr("Length of XML attribute name exceeds implemnetation limits (4KiB "
 | ||||||
|  | +                              "characters)."));
 | ||||||
|  | +}
 | ||||||
|  | +
 | ||||||
|  |  void QXmlStreamReaderPrivate::parseError() | ||||||
|  |  { | ||||||
|  | 
 | ||||||
|  | diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g
 | ||||||
|  | index 4321fed68a..8c6a1a5887 100644
 | ||||||
|  | --- a/src/corelib/serialization/qxmlstream.g
 | ||||||
|  | +++ b/src/corelib/serialization/qxmlstream.g
 | ||||||
|  | @@ -516,7 +516,16 @@ public:
 | ||||||
|  |      int fastScanLiteralContent(); | ||||||
|  |      int fastScanSpace(); | ||||||
|  |      int fastScanContentCharList(); | ||||||
|  | -    int fastScanName(int *prefix = nullptr);
 | ||||||
|  | +
 | ||||||
|  | +    struct FastScanNameResult {
 | ||||||
|  | +        FastScanNameResult() : ok(false) {}
 | ||||||
|  | +        explicit FastScanNameResult(int len) : addToLen(len), ok(true) { }
 | ||||||
|  | +        operator bool() { return ok; }
 | ||||||
|  | +        int operator*() { Q_ASSERT(ok); return addToLen; }
 | ||||||
|  | +        int addToLen;
 | ||||||
|  | +        bool ok;
 | ||||||
|  | +    };
 | ||||||
|  | +    FastScanNameResult fastScanName(Value *val = nullptr);
 | ||||||
|  |      inline int fastScanNMTOKEN(); | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | @@ -525,6 +534,7 @@ public:
 | ||||||
|  | 
 | ||||||
|  |      void raiseError(QXmlStreamReader::Error error, const QString& message = QString()); | ||||||
|  |      void raiseWellFormedError(const QString &message); | ||||||
|  | +    void raiseNamePrefixTooLongError();
 | ||||||
|  | 
 | ||||||
|  |      QXmlStreamEntityResolver *entityResolver; | ||||||
|  | 
 | ||||||
|  | @@ -1811,7 +1821,12 @@ space_opt ::= space;
 | ||||||
|  |  qname ::= LETTER; | ||||||
|  |  /. | ||||||
|  |          case $rule_number: { | ||||||
|  | -            sym(1).len += fastScanName(&sym(1).prefix);
 | ||||||
|  | +            Value &val = sym(1);
 | ||||||
|  | +            if (auto res = fastScanName(&val))
 | ||||||
|  | +                val.len += *res;
 | ||||||
|  | +            else
 | ||||||
|  | +                return false;
 | ||||||
|  | +
 | ||||||
|  |              if (atEnd) { | ||||||
|  |                  resume($rule_number); | ||||||
|  |                  return false; | ||||||
|  | @@ -1822,7 +1837,11 @@ qname ::= LETTER;
 | ||||||
|  |  name ::= LETTER; | ||||||
|  |  /. | ||||||
|  |          case $rule_number: | ||||||
|  | -            sym(1).len += fastScanName();
 | ||||||
|  | +            if (auto res = fastScanName())
 | ||||||
|  | +                sym(1).len += *res;
 | ||||||
|  | +            else
 | ||||||
|  | +                return false;
 | ||||||
|  | +
 | ||||||
|  |              if (atEnd) { | ||||||
|  |                  resume($rule_number); | ||||||
|  |                  return false; | ||||||
|  | diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
 | ||||||
|  | index e5bde7b98e..b01484cac3 100644
 | ||||||
|  | --- a/src/corelib/serialization/qxmlstream_p.h
 | ||||||
|  | +++ b/src/corelib/serialization/qxmlstream_p.h
 | ||||||
|  | @@ -1005,7 +1005,16 @@ public:
 | ||||||
|  |      int fastScanLiteralContent(); | ||||||
|  |      int fastScanSpace(); | ||||||
|  |      int fastScanContentCharList(); | ||||||
|  | -    int fastScanName(int *prefix = nullptr);
 | ||||||
|  | +
 | ||||||
|  | +    struct FastScanNameResult {
 | ||||||
|  | +        FastScanNameResult() : ok(false) {}
 | ||||||
|  | +        explicit FastScanNameResult(int len) : addToLen(len), ok(true) { }
 | ||||||
|  | +        operator bool() { return ok; }
 | ||||||
|  | +        int operator*() { Q_ASSERT(ok); return addToLen; }
 | ||||||
|  | +        int addToLen;
 | ||||||
|  | +        bool ok;
 | ||||||
|  | +    };
 | ||||||
|  | +    FastScanNameResult fastScanName(Value *val = nullptr);
 | ||||||
|  |      inline int fastScanNMTOKEN(); | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | @@ -1014,6 +1023,7 @@ public:
 | ||||||
|  | 
 | ||||||
|  |      void raiseError(QXmlStreamReader::Error error, const QString& message = QString()); | ||||||
|  |      void raiseWellFormedError(const QString &message); | ||||||
|  | +    void raiseNamePrefixTooLongError();
 | ||||||
|  | 
 | ||||||
|  |      QXmlStreamEntityResolver *entityResolver; | ||||||
|  | 
 | ||||||
|  | @@ -1939,7 +1949,12 @@ bool QXmlStreamReaderPrivate::parse()
 | ||||||
|  |          break; | ||||||
|  | 
 | ||||||
|  |          case 262: { | ||||||
|  | -            sym(1).len += fastScanName(&sym(1).prefix);
 | ||||||
|  | +            Value &val = sym(1);
 | ||||||
|  | +            if (auto res = fastScanName(&val))
 | ||||||
|  | +                val.len += *res;
 | ||||||
|  | +            else
 | ||||||
|  | +                return false;
 | ||||||
|  | +
 | ||||||
|  |              if (atEnd) { | ||||||
|  |                  resume(262); | ||||||
|  |                  return false; | ||||||
|  | @@ -1947,7 +1962,11 @@ bool QXmlStreamReaderPrivate::parse()
 | ||||||
|  |          } break; | ||||||
|  | 
 | ||||||
|  |          case 263: | ||||||
|  | -            sym(1).len += fastScanName();
 | ||||||
|  | +            if (auto res = fastScanName())
 | ||||||
|  | +                sym(1).len += *res;
 | ||||||
|  | +            else
 | ||||||
|  | +                return false;
 | ||||||
|  | +
 | ||||||
|  |              if (atEnd) { | ||||||
|  |                  resume(263); | ||||||
|  |                  return false; | ||||||
							
								
								
									
										219
									
								
								SOURCES/CVE-2023-38197-qtbase-5.15.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										219
									
								
								SOURCES/CVE-2023-38197-qtbase-5.15.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,219 @@ | |||||||
|  | diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp
 | ||||||
|  | index bf8a2a9..6ab5d49 100644
 | ||||||
|  | --- a/src/corelib/serialization/qxmlstream.cpp
 | ||||||
|  | +++ b/src/corelib/serialization/qxmlstream.cpp
 | ||||||
|  | @@ -160,7 +160,7 @@
 | ||||||
|  |      addData() or by waiting for it to arrive on the device(). | ||||||
|  | 
 | ||||||
|  |      \value UnexpectedElementError The parser encountered an element | ||||||
|  | -    that was different to those it expected.
 | ||||||
|  | +    or token that was different to those it expected.
 | ||||||
|  | 
 | ||||||
|  |  */ | ||||||
|  | 
 | ||||||
|  | @@ -295,13 +295,34 @@
 | ||||||
|  | 
 | ||||||
|  |    QXmlStreamReader is a well-formed XML 1.0 parser that does \e not | ||||||
|  |    include external parsed entities. As long as no error occurs, the | ||||||
|  | -  application code can thus be assured that the data provided by the
 | ||||||
|  | -  stream reader satisfies the W3C's criteria for well-formed XML. For
 | ||||||
|  | -  example, you can be certain that all tags are indeed nested and
 | ||||||
|  | -  closed properly, that references to internal entities have been
 | ||||||
|  | -  replaced with the correct replacement text, and that attributes have
 | ||||||
|  | -  been normalized or added according to the internal subset of the
 | ||||||
|  | -  DTD.
 | ||||||
|  | +  application code can thus be assured, that
 | ||||||
|  | +  \list
 | ||||||
|  | +  \li the data provided by the stream reader satisfies the W3C's
 | ||||||
|  | +      criteria for well-formed XML,
 | ||||||
|  | +  \li tokens are provided in a valid order.
 | ||||||
|  | +  \endlist
 | ||||||
|  | +
 | ||||||
|  | +  Unless QXmlStreamReader raises an error, it guarantees the following:
 | ||||||
|  | +  \list
 | ||||||
|  | +  \li All tags are nested and closed properly.
 | ||||||
|  | +  \li References to internal entities have been replaced with the
 | ||||||
|  | +      correct replacement text.
 | ||||||
|  | +  \li Attributes have been normalized or added according to the
 | ||||||
|  | +      internal subset of the \l DTD.
 | ||||||
|  | +  \li Tokens of type \l StartDocument happen before all others,
 | ||||||
|  | +      aside from comments and processing instructions.
 | ||||||
|  | +  \li At most one DOCTYPE element (a token of type \l DTD) is present.
 | ||||||
|  | +  \li If present, the DOCTYPE appears before all other elements,
 | ||||||
|  | +      aside from StartDocument, comments and processing instructions.
 | ||||||
|  | +  \endlist
 | ||||||
|  | +
 | ||||||
|  | +  In particular, once any token of type \l StartElement, \l EndElement,
 | ||||||
|  | +  \l Characters, \l EntityReference or \l EndDocument is seen, no
 | ||||||
|  | +  tokens of type StartDocument or DTD will be seen. If one is present in
 | ||||||
|  | +  the input stream, out of order, an error is raised.
 | ||||||
|  | +
 | ||||||
|  | +  \note The token types \l Comment and \l ProcessingInstruction may appear
 | ||||||
|  | +  anywhere in the stream.
 | ||||||
|  | 
 | ||||||
|  |    If an error occurs while parsing, atEnd() and hasError() return | ||||||
|  |    true, and error() returns the error that occurred. The functions | ||||||
|  | @@ -620,6 +641,7 @@
 | ||||||
|  |          d->token = -1; | ||||||
|  |          return readNext(); | ||||||
|  |      } | ||||||
|  | +    d->checkToken();
 | ||||||
|  |      return d->type; | ||||||
|  |  } | ||||||
|  | 
 | ||||||
|  | @@ -740,6 +762,14 @@
 | ||||||
|  |  }; | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | +static const char QXmlStreamReader_XmlContextString[] =
 | ||||||
|  | +    "Prolog\0"
 | ||||||
|  | +    "Body\0";
 | ||||||
|  | +
 | ||||||
|  | +static const short QXmlStreamReader_XmlContextString_indices[] = {
 | ||||||
|  | +    0, 7
 | ||||||
|  | +};
 | ||||||
|  | +
 | ||||||
|  |  /*! | ||||||
|  |      \property  QXmlStreamReader::namespaceProcessing | ||||||
|  |      The namespace-processing flag of the stream reader | ||||||
|  | @@ -775,6 +805,16 @@
 | ||||||
|  |                           QXmlStreamReader_tokenTypeString_indices[d->type]); | ||||||
|  |  } | ||||||
|  | 
 | ||||||
|  | +/*!
 | ||||||
|  | +   \internal
 | ||||||
|  | +   \return \param ctxt (Prolog/Body) as a string.
 | ||||||
|  | + */
 | ||||||
|  | +QString contextString(QXmlStreamReaderPrivate::XmlContext ctxt)
 | ||||||
|  | +{
 | ||||||
|  | +    return QLatin1String(QXmlStreamReader_XmlContextString +
 | ||||||
|  | +                         QXmlStreamReader_XmlContextString_indices[static_cast<int>(ctxt)]);
 | ||||||
|  | +}
 | ||||||
|  | +
 | ||||||
|  |  #endif // QT_NO_XMLSTREAMREADER | ||||||
|  | 
 | ||||||
|  |  QXmlStreamPrivateTagStack::QXmlStreamPrivateTagStack() | ||||||
|  | @@ -866,6 +906,8 @@
 | ||||||
|  | 
 | ||||||
|  |      type = QXmlStreamReader::NoToken; | ||||||
|  |      error = QXmlStreamReader::NoError; | ||||||
|  | +    currentContext = XmlContext::Prolog;
 | ||||||
|  | +    foundDTD = false;
 | ||||||
|  |  } | ||||||
|  | 
 | ||||||
|  |  /* | ||||||
|  | @@ -4061,6 +4103,92 @@
 | ||||||
|  |      } | ||||||
|  |  } | ||||||
|  | 
 | ||||||
|  | +static bool isTokenAllowedInContext(QXmlStreamReader::TokenType type,
 | ||||||
|  | +                                               QXmlStreamReaderPrivate::XmlContext loc)
 | ||||||
|  | +{
 | ||||||
|  | +    switch (type) {
 | ||||||
|  | +    case QXmlStreamReader::StartDocument:
 | ||||||
|  | +    case QXmlStreamReader::DTD:
 | ||||||
|  | +        return loc == QXmlStreamReaderPrivate::XmlContext::Prolog;
 | ||||||
|  | +
 | ||||||
|  | +    case QXmlStreamReader::StartElement:
 | ||||||
|  | +    case QXmlStreamReader::EndElement:
 | ||||||
|  | +    case QXmlStreamReader::Characters:
 | ||||||
|  | +    case QXmlStreamReader::EntityReference:
 | ||||||
|  | +    case QXmlStreamReader::EndDocument:
 | ||||||
|  | +        return loc == QXmlStreamReaderPrivate::XmlContext::Body;
 | ||||||
|  | +
 | ||||||
|  | +    case QXmlStreamReader::Comment:
 | ||||||
|  | +    case QXmlStreamReader::ProcessingInstruction:
 | ||||||
|  | +        return true;
 | ||||||
|  | +
 | ||||||
|  | +    case QXmlStreamReader::NoToken:
 | ||||||
|  | +    case QXmlStreamReader::Invalid:
 | ||||||
|  | +        return false;
 | ||||||
|  | +    default:
 | ||||||
|  | +        return false;
 | ||||||
|  | +    }
 | ||||||
|  | +}
 | ||||||
|  | +
 | ||||||
|  | +/*!
 | ||||||
|  | +   \internal
 | ||||||
|  | +   \brief QXmlStreamReader::isValidToken
 | ||||||
|  | +   \return \c true if \param type is a valid token type.
 | ||||||
|  | +   \return \c false if \param type is an unexpected token,
 | ||||||
|  | +   which indicates a non-well-formed or invalid XML stream.
 | ||||||
|  | + */
 | ||||||
|  | +bool QXmlStreamReaderPrivate::isValidToken(QXmlStreamReader::TokenType type)
 | ||||||
|  | +{
 | ||||||
|  | +    // Don't change currentContext, if Invalid or NoToken occur in the prolog
 | ||||||
|  | +    if (type == QXmlStreamReader::Invalid || type == QXmlStreamReader::NoToken)
 | ||||||
|  | +        return false;
 | ||||||
|  | +
 | ||||||
|  | +    // If a token type gets rejected in the body, there is no recovery
 | ||||||
|  | +    const bool result = isTokenAllowedInContext(type, currentContext);
 | ||||||
|  | +    if (result || currentContext == XmlContext::Body)
 | ||||||
|  | +        return result;
 | ||||||
|  | +
 | ||||||
|  | +    // First non-Prolog token observed => switch context to body and check again.
 | ||||||
|  | +    currentContext = XmlContext::Body;
 | ||||||
|  | +    return isTokenAllowedInContext(type, currentContext);
 | ||||||
|  | +}
 | ||||||
|  | +
 | ||||||
|  | +/*!
 | ||||||
|  | +   \internal
 | ||||||
|  | +   Checks token type and raises an error, if it is invalid
 | ||||||
|  | +   in the current context (prolog/body).
 | ||||||
|  | + */
 | ||||||
|  | +void QXmlStreamReaderPrivate::checkToken()
 | ||||||
|  | +{
 | ||||||
|  | +    Q_Q(QXmlStreamReader);
 | ||||||
|  | +
 | ||||||
|  | +    // The token type must be consumed, to keep track if the body has been reached.
 | ||||||
|  | +    const XmlContext context = currentContext;
 | ||||||
|  | +    const bool ok = isValidToken(type);
 | ||||||
|  | +
 | ||||||
|  | +    // Do nothing if an error has been raised already (going along with an unexpected token)
 | ||||||
|  | +    if (error != QXmlStreamReader::Error::NoError)
 | ||||||
|  | +        return;
 | ||||||
|  | +
 | ||||||
|  | +    if (!ok) {
 | ||||||
|  | +        raiseError(QXmlStreamReader::UnexpectedElementError,
 | ||||||
|  | +                   QLatin1String("Unexpected token type %1 in %2.")
 | ||||||
|  | +                   .arg(q->tokenString(), contextString(context)));
 | ||||||
|  | +        return;
 | ||||||
|  | +    }
 | ||||||
|  | +
 | ||||||
|  | +    if (type != QXmlStreamReader::DTD)
 | ||||||
|  | +        return;
 | ||||||
|  | +
 | ||||||
|  | +    // Raise error on multiple DTD tokens
 | ||||||
|  | +    if (foundDTD) {
 | ||||||
|  | +        raiseError(QXmlStreamReader::UnexpectedElementError,
 | ||||||
|  | +                   QLatin1String("Found second DTD token in %1.").arg(contextString(context)));
 | ||||||
|  | +    } else {
 | ||||||
|  | +        foundDTD = true;
 | ||||||
|  | +    }
 | ||||||
|  | +}
 | ||||||
|  | +
 | ||||||
|  |  /*! | ||||||
|  |   \fn bool QXmlStreamAttributes::hasAttribute(const QString &qualifiedName) const | ||||||
|  |   \since 4.5 | ||||||
|  | diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
 | ||||||
|  | index 8f7c9e0..708059b 100644
 | ||||||
|  | --- a/src/corelib/serialization/qxmlstream_p.h
 | ||||||
|  | +++ b/src/corelib/serialization/qxmlstream_p.h
 | ||||||
|  | @@ -804,6 +804,17 @@
 | ||||||
|  |  #endif | ||||||
|  |      bool atEnd; | ||||||
|  | 
 | ||||||
|  | +    enum class XmlContext
 | ||||||
|  | +    {
 | ||||||
|  | +        Prolog,
 | ||||||
|  | +        Body,
 | ||||||
|  | +    };
 | ||||||
|  | +
 | ||||||
|  | +    XmlContext currentContext = XmlContext::Prolog;
 | ||||||
|  | +    bool foundDTD = false;
 | ||||||
|  | +    bool isValidToken(QXmlStreamReader::TokenType type);
 | ||||||
|  | +    void checkToken();
 | ||||||
|  | +
 | ||||||
|  |      /*! | ||||||
|  |        \sa setType() | ||||||
|  |       */ | ||||||
							
								
								
									
										40
									
								
								SOURCES/qtbase-5.15.8-fix-missing-qtsan-include.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										40
									
								
								SOURCES/qtbase-5.15.8-fix-missing-qtsan-include.patch
									
									
									
									
									
										Normal file
									
								
							
										
											
												File diff suppressed because one or more lines are too long
											
										
									
								
							| @ -1,30 +0,0 @@ | |||||||
| diff --git a/mkspecs/features/uikit/devices.py b/mkspecs/features/uikit/devices.py
 |  | ||||||
| index 8cdcb370..b0c927ea 100755
 |  | ||||||
| --- a/mkspecs/features/uikit/devices.py
 |  | ||||||
| +++ b/mkspecs/features/uikit/devices.py
 |  | ||||||
| @@ -1,4 +1,4 @@
 |  | ||||||
| -#!/usr/bin/python
 |  | ||||||
| +#!/usr/bin/python3
 |  | ||||||
|   |  | ||||||
|  ############################################################################# |  | ||||||
|  ## |  | ||||||
| diff --git a/tests/manual/xembed-raster/gtk-embedder.py b/tests/manual/xembed-raster/gtk-embedder.py
 |  | ||||||
| index 5c37fd44..86ffa9fd 100755
 |  | ||||||
| --- a/tests/manual/xembed-raster/gtk-embedder.py
 |  | ||||||
| +++ b/tests/manual/xembed-raster/gtk-embedder.py
 |  | ||||||
| @@ -1,4 +1,4 @@
 |  | ||||||
| -#!/usr/bin/python
 |  | ||||||
| +#!/usr/bin/python3
 |  | ||||||
|  ############################################################################# |  | ||||||
|  ## |  | ||||||
|  ## Copyright (C) 2013 Canonical Ltd. |  | ||||||
| diff --git a/tests/manual/xembed-widgets/gtk-embedder.py b/tests/manual/xembed-widgets/gtk-embedder.py
 |  | ||||||
| index 2a7c92db..93135b14 100755
 |  | ||||||
| --- a/tests/manual/xembed-widgets/gtk-embedder.py
 |  | ||||||
| +++ b/tests/manual/xembed-widgets/gtk-embedder.py
 |  | ||||||
| @@ -1,4 +1,4 @@
 |  | ||||||
| -#!/usr/bin/python
 |  | ||||||
| +#!/usr/bin/python3
 |  | ||||||
|  ############################################################################# |  | ||||||
|  ## |  | ||||||
|  ## Copyright (C) 2013 Canonical Ltd. |  | ||||||
							
								
								
									
										122
									
								
								SOURCES/qtbase-disable-tests-not-working-in-gating.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										122
									
								
								SOURCES/qtbase-disable-tests-not-working-in-gating.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,122 @@ | |||||||
|  | diff --git a/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp b/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
 | ||||||
|  | index 2accf99c..31478c1d 100644
 | ||||||
|  | --- a/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
 | ||||||
|  | +++ b/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
 | ||||||
|  | @@ -63,7 +63,7 @@ private slots:
 | ||||||
|  |  #endif | ||||||
|  |      void doubleSlashInRoot(); | ||||||
|  |      void setLocale(); | ||||||
|  | -    void lastModified();
 | ||||||
|  | +    // void lastModified();
 | ||||||
|  |      void resourcesInStaticPlugins(); | ||||||
|  | 
 | ||||||
|  |  private: | ||||||
|  | @@ -645,19 +645,19 @@ void tst_QResourceEngine::setLocale()
 | ||||||
|  |      QLocale::setDefault(QLocale::system()); | ||||||
|  |  } | ||||||
|  | 
 | ||||||
|  | -void tst_QResourceEngine::lastModified()
 | ||||||
|  | -{
 | ||||||
|  | -    {
 | ||||||
|  | -        QFileInfo fi(":/");
 | ||||||
|  | -        QVERIFY(fi.exists());
 | ||||||
|  | -        QVERIFY2(!fi.lastModified().isValid(), qPrintable(fi.lastModified().toString()));
 | ||||||
|  | -    }
 | ||||||
|  | -    {
 | ||||||
|  | -        QFileInfo fi(":/search_file.txt");
 | ||||||
|  | -        QVERIFY(fi.exists());
 | ||||||
|  | -        QVERIFY(fi.lastModified().isValid());
 | ||||||
|  | -    }
 | ||||||
|  | -}
 | ||||||
|  | +// void tst_QResourceEngine::lastModified()
 | ||||||
|  | +// {
 | ||||||
|  | +//     {
 | ||||||
|  | +//         QFileInfo fi(":/");
 | ||||||
|  | +//         QVERIFY(fi.exists());
 | ||||||
|  | +//         QVERIFY2(!fi.lastModified().isValid(), qPrintable(fi.lastModified().toString()));
 | ||||||
|  | +//     }
 | ||||||
|  | +//     {
 | ||||||
|  | +//         QFileInfo fi(":/search_file.txt");
 | ||||||
|  | +//         QVERIFY(fi.exists());
 | ||||||
|  | +//         QVERIFY(fi.lastModified().isValid());
 | ||||||
|  | +//     }
 | ||||||
|  | +// }
 | ||||||
|  | 
 | ||||||
|  |  Q_IMPORT_PLUGIN(PluginClass) | ||||||
|  |  void tst_QResourceEngine::resourcesInStaticPlugins() | ||||||
|  | diff --git a/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp b/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
 | ||||||
|  | index fe63cecc..e1686aea 100644
 | ||||||
|  | --- a/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
 | ||||||
|  | +++ b/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
 | ||||||
|  | @@ -46,7 +46,7 @@ private slots:
 | ||||||
|  |      void currentStorage(); | ||||||
|  |      void storageList(); | ||||||
|  |      void tempFile(); | ||||||
|  | -    void caching();
 | ||||||
|  | +    // void caching();
 | ||||||
|  |  #endif | ||||||
|  |  }; | ||||||
|  | 
 | ||||||
|  | @@ -202,34 +202,34 @@ void tst_QStorageInfo::tempFile()
 | ||||||
|  |      QVERIFY(free != storage2.bytesFree()); | ||||||
|  |  } | ||||||
|  | 
 | ||||||
|  | -void tst_QStorageInfo::caching()
 | ||||||
|  | -{
 | ||||||
|  | -    QTemporaryFile file;
 | ||||||
|  | -    QVERIFY2(file.open(), qPrintable(file.errorString()));
 | ||||||
|  | -
 | ||||||
|  | -    QStorageInfo storage1(file.fileName());
 | ||||||
|  | -#ifdef Q_OS_LINUX
 | ||||||
|  | -    if (storage1.fileSystemType() == "btrfs")
 | ||||||
|  | -        QSKIP("This test doesn't work on btrfs, probably due to a btrfs bug");
 | ||||||
|  | -#endif
 | ||||||
|  | -
 | ||||||
|  | -    qint64 free = storage1.bytesFree();
 | ||||||
|  | -    QStorageInfo storage2(storage1);
 | ||||||
|  | -    QCOMPARE(free, storage2.bytesFree());
 | ||||||
|  | -    QVERIFY(free != -1);
 | ||||||
|  | -
 | ||||||
|  | -    file.write(QByteArray(1024*1024, '\0'));
 | ||||||
|  | -    file.flush();
 | ||||||
|  | -
 | ||||||
|  | -    QCOMPARE(free, storage1.bytesFree());
 | ||||||
|  | -    QCOMPARE(free, storage2.bytesFree());
 | ||||||
|  | -    storage2.refresh();
 | ||||||
|  | -    QCOMPARE(storage1, storage2);
 | ||||||
|  | -    if (free == storage2.bytesFree() && storage2.fileSystemType() == "apfs") {
 | ||||||
|  | -        QEXPECT_FAIL("", "This test is likely to fail on APFS", Continue);
 | ||||||
|  | -    }
 | ||||||
|  | -    QVERIFY(free != storage2.bytesFree());
 | ||||||
|  | -}
 | ||||||
|  | +// void tst_QStorageInfo::caching()
 | ||||||
|  | +// {
 | ||||||
|  | +//     QTemporaryFile file;
 | ||||||
|  | +//     QVERIFY2(file.open(), qPrintable(file.errorString()));
 | ||||||
|  | +//
 | ||||||
|  | +//     QStorageInfo storage1(file.fileName());
 | ||||||
|  | +// #ifdef Q_OS_LINUX
 | ||||||
|  | +//     if (storage1.fileSystemType() == "btrfs")
 | ||||||
|  | +//         QSKIP("This test doesn't work on btrfs, probably due to a btrfs bug");
 | ||||||
|  | +// #endif
 | ||||||
|  | +//
 | ||||||
|  | +//     qint64 free = storage1.bytesFree();
 | ||||||
|  | +//     QStorageInfo storage2(storage1);
 | ||||||
|  | +//     QCOMPARE(free, storage2.bytesFree());
 | ||||||
|  | +//     QVERIFY(free != -1);
 | ||||||
|  | +//
 | ||||||
|  | +//     file.write(QByteArray(1024*1024, '\0'));
 | ||||||
|  | +//     file.flush();
 | ||||||
|  | +//
 | ||||||
|  | +//     QCOMPARE(free, storage1.bytesFree());
 | ||||||
|  | +//     QCOMPARE(free, storage2.bytesFree());
 | ||||||
|  | +//     storage2.refresh();
 | ||||||
|  | +//     QCOMPARE(storage1, storage2);
 | ||||||
|  | +//     if (free == storage2.bytesFree() && storage2.fileSystemType() == "apfs") {
 | ||||||
|  | +//         QEXPECT_FAIL("", "This test is likely to fail on APFS", Continue);
 | ||||||
|  | +//     }
 | ||||||
|  | +//     QVERIFY(free != storage2.bytesFree());
 | ||||||
|  | +// }
 | ||||||
|  |  #endif | ||||||
|  | 
 | ||||||
|  |  QTEST_MAIN(tst_QStorageInfo) | ||||||
| @ -0,0 +1,12 @@ | |||||||
|  | diff -up qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h.private_api_warning qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h
 | ||||||
|  | --- qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h.private_api_warning	2022-10-11 09:08:33.712070523 -0500
 | ||||||
|  | +++ qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h	2022-10-11 09:10:58.647038619 -0500
 | ||||||
|  | @@ -435,7 +435,7 @@ inline void QObjectPrivate::checkForInco
 | ||||||
|  |      Q_UNUSED(version); | ||||||
|  |  #else | ||||||
|  |      if (Q_UNLIKELY(version != QObjectPrivateVersion)) { | ||||||
|  | -        qFatal("Cannot mix incompatible Qt library (%d.%d.%d) with this library (%d.%d.%d)",
 | ||||||
|  | +        qWarning("Cannot mix incompatible Qt library (%d.%d.%d) with this library (%d.%d.%d)",
 | ||||||
|  |                  (version >> 16) & 0xff, (version >> 8) & 0xff, version & 0xff, | ||||||
|  |                  (QObjectPrivateVersion >> 16) & 0xff, (QObjectPrivateVersion >> 8) & 0xff, QObjectPrivateVersion & 0xff); | ||||||
|  |      } | ||||||
| @ -1,16 +0,0 @@ | |||||||
| diff --git a/mkspecs/features/qt_module.prf b/mkspecs/features/qt_module.prf
 |  | ||||||
| index e6a0d97..cf93041 100644
 |  | ||||||
| --- a/mkspecs/features/qt_module.prf
 |  | ||||||
| +++ b/mkspecs/features/qt_module.prf
 |  | ||||||
| @@ -216,9 +216,9 @@ android: CONFIG += qt_android_deps no_linker_version_script
 |  | ||||||
|      QMAKE_LFLAGS += $${QMAKE_LFLAGS_VERSION_SCRIPT}$$verscript |  | ||||||
| 
 |  | ||||||
|      internal_module { |  | ||||||
| -        verscript_content = "Qt_$${QT_MAJOR_VERSION}_PRIVATE_API { *; };"
 |  | ||||||
| +        verscript_content = "Qt_$${QT_MAJOR_VERSION}.$${QT_MINOR_VERSION}.$${QT_PATCH_VERSION}_PRIVATE_API { *; };"
 |  | ||||||
|      } else { |  | ||||||
| -        verscript_content = "Qt_$${QT_MAJOR_VERSION}_PRIVATE_API {" \
 |  | ||||||
| +        verscript_content = "Qt_$${QT_MAJOR_VERSION}.$${QT_MINOR_VERSION}.$${QT_PATCH_VERSION}_PRIVATE_API {" \
 |  | ||||||
|                              "    qt_private_api_tag*;" |  | ||||||
| 
 |  | ||||||
|          private_api_headers = $$SYNCQT.PRIVATE_HEADER_FILES $$SYNCQT.QPA_HEADER_FILES |  | ||||||
| @ -2,8 +2,6 @@ | |||||||
| %global multilib_archs x86_64 %{ix86} %{?mips} ppc64 ppc s390x s390 sparc64 sparcv9 | %global multilib_archs x86_64 %{ix86} %{?mips} ppc64 ppc s390x s390 sparc64 sparcv9 | ||||||
| %global multilib_basearchs x86_64 %{?mips64} ppc64 s390x sparc64 | %global multilib_basearchs x86_64 %{?mips64} ppc64 s390x sparc64 | ||||||
| 
 | 
 | ||||||
| %global openssl -openssl-linked |  | ||||||
| 
 |  | ||||||
| %if 0%{?fedora} < 29 && 0%{?rhel} < 9 | %if 0%{?fedora} < 29 && 0%{?rhel} < 9 | ||||||
| %ifarch %{ix86} | %ifarch %{ix86} | ||||||
| %global no_sse2  -no-sse2 | %global no_sse2  -no-sse2 | ||||||
| @ -47,7 +45,6 @@ | |||||||
| %global qt_settings 1 | %global qt_settings 1 | ||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
| %global journald -journald |  | ||||||
| BuildRequires: make | BuildRequires: make | ||||||
| BuildRequires: pkgconfig(libsystemd) | BuildRequires: pkgconfig(libsystemd) | ||||||
| 
 | 
 | ||||||
| @ -59,8 +56,8 @@ BuildRequires: pkgconfig(libsystemd) | |||||||
| 
 | 
 | ||||||
| Name:    qt5-qtbase | Name:    qt5-qtbase | ||||||
| Summary: Qt5 - QtBase components | Summary: Qt5 - QtBase components | ||||||
| Version: 5.15.3 | Version: 5.15.9 | ||||||
| Release: 1%{?dist} | Release: 7%{?dist} | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| # See LGPL_EXCEPTIONS.txt, for exception details | # See LGPL_EXCEPTIONS.txt, for exception details | ||||||
| @ -86,11 +83,8 @@ Source10: macros.qt5-qtbase | |||||||
| # support multilib optflags | # support multilib optflags | ||||||
| Patch2: qtbase-multilib_optflags.patch | Patch2: qtbase-multilib_optflags.patch | ||||||
| 
 | 
 | ||||||
| # borrowed from opensuse | # make mixing versions with private apis a warning instead of fatal error | ||||||
| # track private api via properly versioned symbols | Patch3: qtbase-everywhere-src-5.15.6-private_api_warning.patch | ||||||
| # downside: binaries produced with these differently-versioned symbols are no longer |  | ||||||
| # compatible with qt-project.org's Qt binary releases. |  | ||||||
| Patch8: tell-the-truth-about-private-api.patch |  | ||||||
| 
 | 
 | ||||||
| # upstreamable patches | # upstreamable patches | ||||||
| # namespace QT_VERSION_CHECK to workaround major/minor being pre-defined (#1396755) | # namespace QT_VERSION_CHECK to workaround major/minor being pre-defined (#1396755) | ||||||
| @ -132,9 +126,6 @@ Patch64: qt5-qtbase-5.12.1-firebird-4.0.0.patch | |||||||
| # fix for new mariadb | # fix for new mariadb | ||||||
| Patch65: qtbase-opensource-src-5.9.0-mysql.patch | Patch65: qtbase-opensource-src-5.9.0-mysql.patch | ||||||
| 
 | 
 | ||||||
| # python3 |  | ||||||
| Patch68: qtbase-ambiguous-python-shebang.patch |  | ||||||
| 
 |  | ||||||
| # https://fedoraproject.org/wiki/Changes/Qt_Wayland_By_Default_On_Gnome | # https://fedoraproject.org/wiki/Changes/Qt_Wayland_By_Default_On_Gnome | ||||||
| # https://bugzilla.redhat.com/show_bug.cgi?id=1732129 | # https://bugzilla.redhat.com/show_bug.cgi?id=1732129 | ||||||
| Patch80: qtbase-use-wayland-on-gnome.patch | Patch80: qtbase-use-wayland-on-gnome.patch | ||||||
| @ -144,12 +135,23 @@ Patch90: %{name}-gcc11.patch | |||||||
| 
 | 
 | ||||||
| ## upstream patches | ## upstream patches | ||||||
| # https://invent.kde.org/qt/qt/qtbase, kde/5.15 branch | # https://invent.kde.org/qt/qt/qtbase, kde/5.15 branch | ||||||
| # git diff v5.15.3-lts-lgpl..HEAD | gzip > kde-5.15-rollup-$(date +%Y%m%d).patch.gz | # git diff v5.15.9-lts-lgpl..HEAD | gzip > kde-5.15-rollup-$(date +%Y%m%d).patch.gz | ||||||
| # patch100 in lookaside cache due to large'ish size -- rdieter | # patch100 in lookaside cache due to large'ish size -- rdieter | ||||||
| Patch100: kde-5.15-rollup-20220324.patch.gz | Patch100: kde-5.15-rollup-20230411.patch.gz | ||||||
| # HACK to make 'fedpkg sources' consider it 'used" | # HACK to make 'fedpkg sources' consider it 'used" | ||||||
| Source100: kde-5.15-rollup-20220324.patch.gz | Source100: kde-5.15-rollup-20230411.patch.gz | ||||||
| 
 | 
 | ||||||
|  | Patch101: qtbase-5.15.8-fix-missing-qtsan-include.patch | ||||||
|  | 
 | ||||||
|  | Patch110: CVE-2023-32762-qtbase-5.15.patch | ||||||
|  | Patch111: CVE-2023-32763-qtbase-5.15.patch | ||||||
|  | Patch112: CVE-2023-33285-qtbase-5.15.patch | ||||||
|  | Patch113: CVE-2023-34410-qtbase-5.15.patch | ||||||
|  | Patch114: CVE-2023-37369-qtbase-5.15.patch | ||||||
|  | Patch115: CVE-2023-38197-qtbase-5.15.patch | ||||||
|  | 
 | ||||||
|  | # gating related patches | ||||||
|  | Patch200: qtbase-disable-tests-not-working-in-gating.patch | ||||||
| 
 | 
 | ||||||
| # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. | # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. | ||||||
| # Those themes are there for platform integration. If the required libraries are | # Those themes are there for platform integration. If the required libraries are | ||||||
| @ -174,11 +176,8 @@ BuildRequires: clang >= 3.7.0 | |||||||
| %else | %else | ||||||
| BuildRequires: gcc-c++ | BuildRequires: gcc-c++ | ||||||
| %endif | %endif | ||||||
| # http://bugzilla.redhat.com/1196359 |  | ||||||
| %if 0%{?fedora} || 0%{?rhel} > 6 |  | ||||||
| %global dbus -dbus-linked | %global dbus -dbus-linked | ||||||
| BuildRequires: pkgconfig(dbus-1) | BuildRequires: pkgconfig(dbus-1) | ||||||
| %endif |  | ||||||
| BuildRequires: pkgconfig(libdrm) | BuildRequires: pkgconfig(libdrm) | ||||||
| BuildRequires: pkgconfig(fontconfig) | BuildRequires: pkgconfig(fontconfig) | ||||||
| BuildRequires: pkgconfig(gl) | BuildRequires: pkgconfig(gl) | ||||||
| @ -192,6 +191,7 @@ BuildRequires: pkgconfig(libudev) | |||||||
| BuildRequires: openssl-devel | BuildRequires: openssl-devel | ||||||
| BuildRequires: pkgconfig(libpulse) pkgconfig(libpulse-mainloop-glib) | BuildRequires: pkgconfig(libpulse) pkgconfig(libpulse-mainloop-glib) | ||||||
| BuildRequires: pkgconfig(libinput) | BuildRequires: pkgconfig(libinput) | ||||||
|  | BuildRequires: pkgconfig(libsystemd) | ||||||
| BuildRequires: pkgconfig(xcb-xkb) >= 1.10 | BuildRequires: pkgconfig(xcb-xkb) >= 1.10 | ||||||
| BuildRequires: pkgconfig(xcb-util) | BuildRequires: pkgconfig(xcb-util) | ||||||
| BuildRequires: pkgconfig(xkbcommon) >= 0.4.1 | BuildRequires: pkgconfig(xkbcommon) >= 0.4.1 | ||||||
| @ -222,6 +222,7 @@ BuildRequires: libicu-devel | |||||||
| %endif | %endif | ||||||
| BuildRequires: pkgconfig(xcb) pkgconfig(xcb-glx) pkgconfig(xcb-icccm) pkgconfig(xcb-image) pkgconfig(xcb-keysyms) pkgconfig(xcb-renderutil) | BuildRequires: pkgconfig(xcb) pkgconfig(xcb-glx) pkgconfig(xcb-icccm) pkgconfig(xcb-image) pkgconfig(xcb-keysyms) pkgconfig(xcb-renderutil) | ||||||
| BuildRequires: pkgconfig(zlib) | BuildRequires: pkgconfig(zlib) | ||||||
|  | BuildRequires: pkgconfig(libzstd) | ||||||
| BuildRequires: perl-generators | BuildRequires: perl-generators | ||||||
| # see patch68 | # see patch68 | ||||||
| BuildRequires: python3 | BuildRequires: python3 | ||||||
| @ -270,6 +271,12 @@ Summary: Common files for Qt5 | |||||||
| # offer upgrade path for qtquick1 somewhere... may as well be here -- rex | # offer upgrade path for qtquick1 somewhere... may as well be here -- rex | ||||||
| Obsoletes: qt5-qtquick1 < 5.9.0 | Obsoletes: qt5-qtquick1 < 5.9.0 | ||||||
| Obsoletes: qt5-qtquick1-devel < 5.9.0 | Obsoletes: qt5-qtquick1-devel < 5.9.0 | ||||||
|  | %if "%{?ibase}" == "-no-sql-ibase" | ||||||
|  | Obsoletes: qt5-qtbase-ibase < %{version}-%{release} | ||||||
|  | %endif | ||||||
|  | %if "%{?tds}" == "-no-sql-tds" | ||||||
|  | Obsoletes: qt5-qtbase-tds < %{version}-%{release} | ||||||
|  | %endif | ||||||
| Requires: %{name} = %{version}-%{release} | Requires: %{name} = %{version}-%{release} | ||||||
| BuildArch: noarch | BuildArch: noarch | ||||||
| %description common | %description common | ||||||
| @ -378,7 +385,8 @@ Requires: %{name}%{?_isa} = %{version}-%{release} | |||||||
| %package gui | %package gui | ||||||
| Summary: Qt5 GUI-related libraries | Summary: Qt5 GUI-related libraries | ||||||
| Requires: %{name}%{?_isa} = %{version}-%{release} | Requires: %{name}%{?_isa} = %{version}-%{release} | ||||||
| %if ! 0%{?rhel} < 8 | # where Recommends are supported | ||||||
|  | %if 0%{?fedora} || 0%{?rhel} >= 8 | ||||||
| Recommends: mesa-dri-drivers | Recommends: mesa-dri-drivers | ||||||
| %endif | %endif | ||||||
| Obsoletes: qt5-qtbase-x11 < 5.2.0 | Obsoletes: qt5-qtbase-x11 < 5.2.0 | ||||||
| @ -393,38 +401,46 @@ Qt5 libraries used for drawing widgets and OpenGL items. | |||||||
| %prep | %prep | ||||||
| %setup -q -n %{qt_module}-everywhere-src-%{version} | %setup -q -n %{qt_module}-everywhere-src-%{version} | ||||||
| 
 | 
 | ||||||
|  | ## dowstream patches | ||||||
|  | %patch -P3 -p1 -b .private_api_warning | ||||||
|  | 
 | ||||||
| ## upstream fixes | ## upstream fixes | ||||||
| 
 | %patch -P50 -p1 -b .QT_VERSION_CHECK | ||||||
| # omit '-b .tell-the-truth-about-private-api' so it doesn't end up in installed files -- rdieter | #patch -P51 -p1 -b .hidpi_scale_at_192 | ||||||
| %patch8 -p1 | %patch -P52 -p1 -b .moc_macros | ||||||
| 
 | %patch -P53 -p1 -b .qt5gui_cmake_isystem_includes | ||||||
| %patch50 -p1 -b .QT_VERSION_CHECK | %patch -P54 -p1 -b .qmake_LFLAGS | ||||||
| # FIXME/TODO : rebase or drop -- rdieter | %patch -P55 -p1 -b .no_relocatable | ||||||
| #patch51 -p1 -b .hidpi_scale_at_192 | %patch -P56 -p1 -b .libglvnd | ||||||
| %patch52 -p1 -b .moc_macros | %patch -P61 -p1 -b .qt5-qtbase-cxxflag | ||||||
| %patch53 -p1 -b .qt5gui_cmake_isystem_includes |  | ||||||
| %patch54 -p1 -b .qmake_LFLAGS |  | ||||||
| %patch55 -p1 -b .no_relocatable |  | ||||||
| %patch56 -p1 -b .libglvnd |  | ||||||
| %patch61 -p1 -b .qt5-qtbase-cxxflag |  | ||||||
| %if 0%{?fedora} < 35 | %if 0%{?fedora} < 35 | ||||||
| %patch63 -p1 -b .firebird | %patch -P63 -p1 -b .firebird | ||||||
| %else | %else | ||||||
| %patch64 -p1 -b .firebird | %patch -P64 -p1 -b .firebird | ||||||
| %endif | %endif | ||||||
| %if 0%{?fedora} > 27 | %if 0%{?fedora} > 27 | ||||||
| %patch65 -p1 -b .mysql | %patch -P65 -p1 -b .mysql | ||||||
| %endif | %endif | ||||||
| %patch68 -p1 |  | ||||||
| 
 | 
 | ||||||
| %if 0%{?fedora} > 30 || 0%{?rhel} > 9 | %if 0%{?fedora} > 30 || 0%{?rhel} > 9 | ||||||
| %patch80 -p1 -b .use-wayland-on-gnome.patch | %patch -P80 -p1 -b .use-wayland-on-gnome.patch | ||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
| %patch90 -p1 -b .gcc11 | %patch -P90 -p1 -b .gcc11 | ||||||
| 
 | 
 | ||||||
| ## upstream patches | ## upstream patches | ||||||
| %patch100 -p1 | %patch -P100 -p1 | ||||||
|  | %patch -P101 -p1 | ||||||
|  | 
 | ||||||
|  | %patch -P110 -p1 | ||||||
|  | %patch -P111 -p1 | ||||||
|  | %patch -P112 -p1 | ||||||
|  | %patch -P113 -p1 | ||||||
|  | %patch -P114 -p1 | ||||||
|  | %patch -P115 -p1 | ||||||
|  | 
 | ||||||
|  | ## gating related patches | ||||||
|  | %patch -P200 -p1 -b .disable-tests-not-working-in-gating | ||||||
| 
 | 
 | ||||||
| # move some bundled libs to ensure they're not accidentally used | # move some bundled libs to ensure they're not accidentally used | ||||||
| pushd src/3rdparty | pushd src/3rdparty | ||||||
| @ -497,16 +513,17 @@ export MAKEFLAGS="%{?_smp_mflags}" | |||||||
|   -release \ |   -release \ | ||||||
|   -shared \ |   -shared \ | ||||||
|   -accessibility \ |   -accessibility \ | ||||||
|   %{?dbus}%{!?dbus:-dbus-runtime} \ |   -dbus-linked \ | ||||||
|   %{?egl:-egl -eglfs} \ |   %{?egl:-egl -eglfs} \ | ||||||
|   -fontconfig \ |   -fontconfig \ | ||||||
|   -glib \ |   -glib \ | ||||||
|   -gtk \ |   -gtk \ | ||||||
|   %{?ibase} \ |   %{?ibase} \ | ||||||
|   -icu \ |   -icu \ | ||||||
|   %{?journald} \ |   -journald \ | ||||||
|   -optimized-qmake \ |   -optimized-qmake \ | ||||||
|   %{?openssl} \ |   -openssl-linked \ | ||||||
|  |   -libproxy \ | ||||||
|   %{!?examples:-nomake examples} \ |   %{!?examples:-nomake examples} \ | ||||||
|   %{!?build_tests:-nomake tests} \ |   %{!?build_tests:-nomake tests} \ | ||||||
|   -no-pch \ |   -no-pch \ | ||||||
| @ -535,7 +552,11 @@ export MAKEFLAGS="%{?_smp_mflags}" | |||||||
|   QMAKE_LFLAGS_RELEASE="${LDFLAGS:-$RPM_LD_FLAGS}" |   QMAKE_LFLAGS_RELEASE="${LDFLAGS:-$RPM_LD_FLAGS}" | ||||||
| 
 | 
 | ||||||
| # Validate config results | # Validate config results | ||||||
|  | %if "%{?ibase}" != "-no-sql-ibase" | ||||||
|  | for config_test in egl-x11 ibase ; do | ||||||
|  | %else | ||||||
| for config_test in egl-x11 ; do | for config_test in egl-x11 ; do | ||||||
|  | %endif | ||||||
| config_result="$(grep ^cache.${config_test}.result config.cache | cut -d= -f2 | tr -d ' ')" | config_result="$(grep ^cache.${config_test}.result config.cache | cut -d= -f2 | tr -d ' ')" | ||||||
| if [ "${config_result}" != "true" ]; then | if [ "${config_result}" != "true" ]; then | ||||||
|   echo "${config_test} detection failed" |   echo "${config_test} detection failed" | ||||||
| @ -597,7 +618,7 @@ translationdir=%{_qt5_translationdir} | |||||||
| 
 | 
 | ||||||
| Name: Qt5 | Name: Qt5 | ||||||
| Description: Qt5 Configuration | Description: Qt5 Configuration | ||||||
| Version: 5.15.3 | Version: 5.15.9 | ||||||
| EOF | EOF | ||||||
| 
 | 
 | ||||||
| # rpm macros | # rpm macros | ||||||
| @ -1117,6 +1138,38 @@ fi | |||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Fri Jul 21 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-7 | ||||||
|  | - Fix infinite loops in QXmlStreamReader (CVE-2023-38197) | ||||||
|  |   Resolves: bz#2222771 | ||||||
|  | 
 | ||||||
|  | * Fri Jun 09 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-6 | ||||||
|  | - Don't allow remote attacker to bypass security restrictions caused by | ||||||
|  |   flaw in certificate validation (CVE-2023-34410) (version #2) | ||||||
|  |   Resolves: bz#2212754 | ||||||
|  | 
 | ||||||
|  | * Tue Jun 06 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-5 | ||||||
|  | - Don't allow remote attacker to bypass security restrictions caused by | ||||||
|  |   flaw in certificate validation (CVE-2023-34410) | ||||||
|  |   Resolves: bz#2212754 | ||||||
|  | 
 | ||||||
|  | * Wed May 24 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-4 | ||||||
|  | - Fix specific overflow in qtextlayout | ||||||
|  | - Fix incorrect parsing of the strict-transport-security (HSTS) header | ||||||
|  | - Fix buffer over-read via a crafted reply from a DNS server | ||||||
|  |   Resolves: bz#2209492 | ||||||
|  | 
 | ||||||
|  | * Wed Apr 26 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-3 | ||||||
|  | - Rebuild (elfutils#2188064) | ||||||
|  |   Resolves: bz#2175727 | ||||||
|  | 
 | ||||||
|  | * Tue Apr 25 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-2 | ||||||
|  | - Disable tests failing in gating | ||||||
|  |   Resolves: bz#2175727 | ||||||
|  | 
 | ||||||
|  | * Mon Apr 17 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-1 | ||||||
|  | - 5.15.9 + sync with Fedora | ||||||
|  |   Resolves: bz#2175727 | ||||||
|  | 
 | ||||||
| * Thu Mar 24 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.3-1 | * Thu Mar 24 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.3-1 | ||||||
| - 5.15.3 + sync with Fedora | - 5.15.3 + sync with Fedora | ||||||
|   Resolves: bz#2061354 |   Resolves: bz#2061354 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user