rpms/qt5-qtbase
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS qt5-qtbase-5.15.9-7.el9

Browse Source
This commit is contained in:
eabdullin 2023-09-21 20:10:18 +00:00
parent 736fba2665
commit f5014e5fe7
14 changed files with 910 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/kde-5.15-rollup-20220324.patch.gz
SOURCES/qtbase-everywhere-opensource-src-5.15.3.tar.xz
SOURCES/kde-5.15-rollup-20230411.patch.gz
SOURCES/qtbase-everywhere-opensource-src-5.15.9.tar.xz

4
.qt5-qtbase.metadata
View File

@ -1,2 +1,2 @@
981f5fbeb315c2e4adc122cee944368598466b67 SOURCES/kde-5.15-rollup-20220324.patch.gz
d7383126e1f412ef26096692b9e50a1887eb11f7 SOURCES/qtbase-everywhere-opensource-src-5.15.3.tar.xz
677b605bf6033bdfa84a676096ec6e77da6e844d SOURCES/kde-5.15-rollup-20230411.patch.gz
a5bbeafa6319cd3e666b12ccc722a357de7230be SOURCES/qtbase-everywhere-opensource-src-5.15.9.tar.xz

13
SOURCES/CVE-2023-32762-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,13 @@
--- a/src/network/access/qhsts.cpp
+++ b/src/network/access/qhsts.cpp
@@ -364,8 +364,8 @@ quoted-pair = "\" CHAR
bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers)
{
for (const auto &h : headers) {
- // We use '==' since header name was already 'trimmed' for us:
- if (h.first == "Strict-Transport-Security") {
+ // We compare directly because header name was already 'trimmed' for us:
+ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
header = h.second;
// RFC6797, 8.1:
//

49
SOURCES/CVE-2023-32763-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,49 @@
diff --git a/src/gui/painting/qfixed_p.h b/src/gui/painting/qfixed_p.h
index 84659288..57d750a4 100644
--- a/src/gui/painting/qfixed_p.h
+++ b/src/gui/painting/qfixed_p.h
@@ -54,6 +54,7 @@
#include <QtGui/private/qtguiglobal_p.h>
#include "QtCore/qdebug.h"
#include "QtCore/qpoint.h"
+#include <QtCore/private/qnumeric_p.h>
#include "QtCore/qsize.h"
QT_BEGIN_NAMESPACE
@@ -182,6 +183,14 @@ Q_DECL_CONSTEXPR inline bool operator<(int i, const QFixed &f) { return i * 64 <
Q_DECL_CONSTEXPR inline bool operator>(const QFixed &f, int i) { return f.value() > i * 64; }
Q_DECL_CONSTEXPR inline bool operator>(int i, const QFixed &f) { return i * 64 > f.value(); }
+inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r)
+{
+ int val;
+ bool result = add_overflow(v1.value(), v2.value(), &val);
+ r->setValue(val);
+ return result;
+}
+
#ifndef QT_NO_DEBUG_STREAM
inline QDebug &operator<<(QDebug &dbg, const QFixed &f)
{ return dbg << f.toReal(); }
diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp
index 26ac37b0..f6c69ff4 100644
--- a/src/gui/text/qtextlayout.cpp
+++ b/src/gui/text/qtextlayout.cpp
@@ -2150,11 +2150,14 @@ found:
eng->maxWidth = qMax(eng->maxWidth, line.textWidth);
} else {
eng->minWidth = qMax(eng->minWidth, lbh.minw);
- eng->maxWidth += line.textWidth;
+ if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth))
+ eng->maxWidth = QFIXED_MAX;
}
- if (line.textWidth > 0 && item < eng->layoutData->items.size())
- eng->maxWidth += lbh.spaceData.textWidth;
+ if (line.textWidth > 0 && item < eng->layoutData->items.size()) {
+ if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, &eng->maxWidth))
+ eng->maxWidth = QFIXED_MAX;
+ }
line.textWidth += trailingSpace;
if (lbh.spaceData.length) {

97
SOURCES/CVE-2023-33285-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,97 @@
From 2103f2487f709dd9546c503820d9ad509e9a63b3 Mon Sep 17 00:00:00 2001
From: Thiago Macieira <thiago.macieira@intel.com>
Date: Thu, 11 May 2023 21:40:15 -0700
Subject: QDnsLookup/Unix: make sure we don't overflow the buffer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The DNS Records are variable length and encode their size in 16 bits
before the Record Data (RDATA). Ensure that both the RDATA and the
Record header fields before it fall inside the buffer we have.
Additionally reject any replies containing more than one query records.
[ChangeLog][QtNetwork][QDnsLookup] Fixed a bug that could cause a buffer
overflow in Unix systems while parsing corrupt, malicious, or truncated
replies.
Pick-to: 5.15 6.2 6.5 6.5.1
Change-Id: I3e3bfef633af4130a03afffd175e4b9547654b95
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
(cherry picked from commit 7dba2c87619d558a61a30eb30cc1d9c3fe6df94c)
* asturmlechner 2023-05-18: Resolve conflict with dev branch commit
68b625901f9eb7c34e3d7aa302e1c0a454d3190b
diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp
index 12b40fc35d..99e999d436 100644
--- a/src/network/kernel/qdnslookup_unix.cpp
+++ b/src/network/kernel/qdnslookup_unix.cpp
@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
// responseLength in case of error, we still can extract the
// exact error code from the response.
HEADER *header = (HEADER*)response;
- const int answerCount = ntohs(header->ancount);
switch (header->rcode) {
case NOERROR:
break;
@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
return;
}
- // Skip the query host, type (2 bytes) and class (2 bytes).
char host[PACKETSZ], answer[PACKETSZ];
unsigned char *p = response + sizeof(HEADER);
- int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
- if (status < 0) {
+ int status;
+
+ if (ntohs(header->qdcount) == 1) {
+ // Skip the query host, type (2 bytes) and class (2 bytes).
+ status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
+ if (status < 0) {
+ reply->error = QDnsLookup::InvalidReplyError;
+ reply->errorString = tr("Could not expand domain name");
+ return;
+ }
+ if ((p - response) + status + 4 >= responseLength)
+ header->qdcount = 0xffff; // invalid reply below
+ else
+ p += status + 4;
+ }
+ if (ntohs(header->qdcount) > 1) {
reply->error = QDnsLookup::InvalidReplyError;
- reply->errorString = tr("Could not expand domain name");
+ reply->errorString = tr("Invalid reply received");
return;
}
- p += status + 4;
// Extract results.
+ const int answerCount = ntohs(header->ancount);
int answerIndex = 0;
while ((p < response + responseLength) && (answerIndex < answerCount)) {
status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
const QString name = QUrl::fromAce(host);
p += status;
+
+ if ((p - response) + 10 > responseLength) {
+ // probably just a truncated reply, return what we have
+ return;
+ }
const quint16 type = (p[0] << 8) | p[1];
p += 2; // RR type
p += 2; // RR class
@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
p += 4;
const quint16 size = (p[0] << 8) | p[1];
p += 2;
+ if ((p - response) + size > responseLength)
+ return; // truncated
if (type == QDnsLookup::A) {
if (size != 4) {

54
SOURCES/CVE-2023-34410-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,54 @@
--- a/src/network/ssl/qsslsocket_schannel.cpp
+++ b/src/network/ssl/qsslsocket_schannel.cpp
@@ -1880,6 +1880,28 @@ bool QSslSocketBackendPrivate::verifyCertContext(CERT_CONTEXT *certContext)
if (configuration.peerVerifyDepth > 0 && DWORD(configuration.peerVerifyDepth) < verifyDepth)
verifyDepth = DWORD(configuration.peerVerifyDepth);
+ const auto &caCertificates = q->sslConfiguration().caCertificates();
+
+ if (!rootCertOnDemandLoadingAllowed()
+ && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN)
+ && (q->peerVerifyMode() == QSslSocket::VerifyPeer
+ || (isClient && q->peerVerifyMode() == QSslSocket::AutoVerifyPeer))) {
+ // When verifying a peer Windows "helpfully" builds a chain that
+ // may include roots from the system store. But we don't want that if
+ // the user has set their own CA certificates.
+ // Since Windows claims this is not a partial chain the root is included
+ // and we have to check that it is one of our configured CAs.
+ CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1];
+ QSslCertificate certificate = getCertificateFromChainElement(element);
+ if (!caCertificates.contains(certificate)) {
+ auto error = QSslError(QSslError::CertificateUntrusted, certificate);
+ sslErrors += error;
+ emit q->peerVerifyError(error);
+ if (q->state() != QAbstractSocket::ConnectedState)
+ return false;
+ }
+ }
+
for (DWORD i = 0; i < verifyDepth; i++) {
CERT_CHAIN_ELEMENT *element = chain->rgpElement[i];
QSslCertificate certificate = getCertificateFromChainElement(element);
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -2221,6 +2221,10 @@ QSslSocketPrivate::QSslSocketPrivate()
, flushTriggered(false)
{
QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
+ // If the global configuration doesn't allow root certificates to be loaded
+ // on demand then we have to disable it for this socket as well.
+ if (!configuration.allowRootCertOnDemandLoading)
+ allowRootCertOnDemandLoading = false;
}
/*!
@@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
ptr->sessionProtocol = global->sessionProtocol;
ptr->ciphers = global->ciphers;
ptr->caCertificates = global->caCertificates;
+ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
ptr->protocol = global->protocol;
ptr->peerVerifyMode = global->peerVerifyMode;
ptr->peerVerifyDepth = global->peerVerifyDepth;

203
SOURCES/CVE-2023-37369-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,203 @@
diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp
index 7cd457ba3a..11d162cb79 100644
--- a/src/corelib/serialization/qxmlstream.cpp
+++ b/src/corelib/serialization/qxmlstream.cpp
@@ -1302,15 +1302,18 @@ inline int QXmlStreamReaderPrivate::fastScanContentCharList()
return n;
}
-inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
+// Fast scan an XML attribute name (e.g. "xml:lang").
+inline QXmlStreamReaderPrivate::FastScanNameResult
+QXmlStreamReaderPrivate::fastScanName(Value *val)
{
int n = 0;
uint c;
while ((c = getChar()) != StreamEOF) {
if (n >= 4096) {
// This is too long to be a sensible name, and
- // can exhaust memory
- return 0;
+ // can exhaust memory, or the range of decltype(*prefix)
+ raiseNamePrefixTooLongError();
+ return {};
}
switch (c) {
case '\n':
@@ -1339,23 +1342,23 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
case '+':
case '*':
putChar(c);
- if (prefix && *prefix == n+1) {
- *prefix = 0;
+ if (val && val->prefix == n + 1) {
+ val->prefix = 0;
putChar(':');
--n;
}
- return n;
+ return FastScanNameResult(n);
case ':':
- if (prefix) {
- if (*prefix == 0) {
- *prefix = n+2;
+ if (val) {
+ if (val->prefix == 0) {
+ val->prefix = n + 2;
} else { // only one colon allowed according to the namespace spec.
putChar(c);
- return n;
+ return FastScanNameResult(n);
}
} else {
putChar(c);
- return n;
+ return FastScanNameResult(n);
}
Q_FALLTHROUGH();
default:
@@ -1364,12 +1367,12 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
}
}
- if (prefix)
- *prefix = 0;
+ if (val)
+ val->prefix = 0;
int pos = textBuffer.size() - n;
putString(textBuffer, pos);
textBuffer.resize(pos);
- return 0;
+ return FastScanNameResult(0);
}
enum NameChar { NameBeginning, NameNotBeginning, NotName };
@@ -1878,6 +1881,14 @@ void QXmlStreamReaderPrivate::raiseWellFormedError(const QString &message)
raiseError(QXmlStreamReader::NotWellFormedError, message);
}
+void QXmlStreamReaderPrivate::raiseNamePrefixTooLongError()
+{
+ // TODO: add a ImplementationLimitsExceededError and use it instead
+ raiseError(QXmlStreamReader::NotWellFormedError,
+ QXmlStream::tr("Length of XML attribute name exceeds implemnetation limits (4KiB "
+ "characters)."));
+}
+
void QXmlStreamReaderPrivate::parseError()
{
diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g
index 4321fed68a..8c6a1a5887 100644
--- a/src/corelib/serialization/qxmlstream.g
+++ b/src/corelib/serialization/qxmlstream.g
@@ -516,7 +516,16 @@ public:
int fastScanLiteralContent();
int fastScanSpace();
int fastScanContentCharList();
- int fastScanName(int *prefix = nullptr);
+
+ struct FastScanNameResult {
+ FastScanNameResult() : ok(false) {}
+ explicit FastScanNameResult(int len) : addToLen(len), ok(true) { }
+ operator bool() { return ok; }
+ int operator*() { Q_ASSERT(ok); return addToLen; }
+ int addToLen;
+ bool ok;
+ };
+ FastScanNameResult fastScanName(Value *val = nullptr);
inline int fastScanNMTOKEN();
@@ -525,6 +534,7 @@ public:
void raiseError(QXmlStreamReader::Error error, const QString& message = QString());
void raiseWellFormedError(const QString &message);
+ void raiseNamePrefixTooLongError();
QXmlStreamEntityResolver *entityResolver;
@@ -1811,7 +1821,12 @@ space_opt ::= space;
qname ::= LETTER;
/.
case $rule_number: {
- sym(1).len += fastScanName(&sym(1).prefix);
+ Value &val = sym(1);
+ if (auto res = fastScanName(&val))
+ val.len += *res;
+ else
+ return false;
+
if (atEnd) {
resume($rule_number);
return false;
@@ -1822,7 +1837,11 @@ qname ::= LETTER;
name ::= LETTER;
/.
case $rule_number:
- sym(1).len += fastScanName();
+ if (auto res = fastScanName())
+ sym(1).len += *res;
+ else
+ return false;
+
if (atEnd) {
resume($rule_number);
return false;
diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
index e5bde7b98e..b01484cac3 100644
--- a/src/corelib/serialization/qxmlstream_p.h
+++ b/src/corelib/serialization/qxmlstream_p.h
@@ -1005,7 +1005,16 @@ public:
int fastScanLiteralContent();
int fastScanSpace();
int fastScanContentCharList();
- int fastScanName(int *prefix = nullptr);
+
+ struct FastScanNameResult {
+ FastScanNameResult() : ok(false) {}
+ explicit FastScanNameResult(int len) : addToLen(len), ok(true) { }
+ operator bool() { return ok; }
+ int operator*() { Q_ASSERT(ok); return addToLen; }
+ int addToLen;
+ bool ok;
+ };
+ FastScanNameResult fastScanName(Value *val = nullptr);
inline int fastScanNMTOKEN();
@@ -1014,6 +1023,7 @@ public:
void raiseError(QXmlStreamReader::Error error, const QString& message = QString());
void raiseWellFormedError(const QString &message);
+ void raiseNamePrefixTooLongError();
QXmlStreamEntityResolver *entityResolver;
@@ -1939,7 +1949,12 @@ bool QXmlStreamReaderPrivate::parse()
break;
case 262: {
- sym(1).len += fastScanName(&sym(1).prefix);
+ Value &val = sym(1);
+ if (auto res = fastScanName(&val))
+ val.len += *res;
+ else
+ return false;
+
if (atEnd) {
resume(262);
return false;
@@ -1947,7 +1962,11 @@ bool QXmlStreamReaderPrivate::parse()
} break;
case 263:
- sym(1).len += fastScanName();
+ if (auto res = fastScanName())
+ sym(1).len += *res;
+ else
+ return false;
+
if (atEnd) {
resume(263);
return false;

219
SOURCES/CVE-2023-38197-qtbase-5.15.patch Normal file
View File

@ -0,0 +1,219 @@
diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp
index bf8a2a9..6ab5d49 100644
--- a/src/corelib/serialization/qxmlstream.cpp
+++ b/src/corelib/serialization/qxmlstream.cpp
@@ -160,7 +160,7 @@
addData() or by waiting for it to arrive on the device().
\value UnexpectedElementError The parser encountered an element
- that was different to those it expected.
+ or token that was different to those it expected.
*/
@@ -295,13 +295,34 @@
QXmlStreamReader is a well-formed XML 1.0 parser that does \e not
include external parsed entities. As long as no error occurs, the
- application code can thus be assured that the data provided by the
- stream reader satisfies the W3C's criteria for well-formed XML. For
- example, you can be certain that all tags are indeed nested and
- closed properly, that references to internal entities have been
- replaced with the correct replacement text, and that attributes have
- been normalized or added according to the internal subset of the
- DTD.
+ application code can thus be assured, that
+ \list
+ \li the data provided by the stream reader satisfies the W3C's
+ criteria for well-formed XML,
+ \li tokens are provided in a valid order.
+ \endlist
+
+ Unless QXmlStreamReader raises an error, it guarantees the following:
+ \list
+ \li All tags are nested and closed properly.
+ \li References to internal entities have been replaced with the
+ correct replacement text.
+ \li Attributes have been normalized or added according to the
+ internal subset of the \l DTD.
+ \li Tokens of type \l StartDocument happen before all others,
+ aside from comments and processing instructions.
+ \li At most one DOCTYPE element (a token of type \l DTD) is present.
+ \li If present, the DOCTYPE appears before all other elements,
+ aside from StartDocument, comments and processing instructions.
+ \endlist
+
+ In particular, once any token of type \l StartElement, \l EndElement,
+ \l Characters, \l EntityReference or \l EndDocument is seen, no
+ tokens of type StartDocument or DTD will be seen. If one is present in
+ the input stream, out of order, an error is raised.
+
+ \note The token types \l Comment and \l ProcessingInstruction may appear
+ anywhere in the stream.
If an error occurs while parsing, atEnd() and hasError() return
true, and error() returns the error that occurred. The functions
@@ -620,6 +641,7 @@
d->token = -1;
return readNext();
}
+ d->checkToken();
return d->type;
}
@@ -740,6 +762,14 @@
};
+static const char QXmlStreamReader_XmlContextString[] =
+ "Prolog\0"
+ "Body\0";
+
+static const short QXmlStreamReader_XmlContextString_indices[] = {
+ 0, 7
+};
+
/*!
\property QXmlStreamReader::namespaceProcessing
The namespace-processing flag of the stream reader
@@ -775,6 +805,16 @@
QXmlStreamReader_tokenTypeString_indices[d->type]);
}
+/*!
+ \internal
+ \return \param ctxt (Prolog/Body) as a string.
+ */
+QString contextString(QXmlStreamReaderPrivate::XmlContext ctxt)
+{
+ return QLatin1String(QXmlStreamReader_XmlContextString +
+ QXmlStreamReader_XmlContextString_indices[static_cast<int>(ctxt)]);
+}
+
#endif // QT_NO_XMLSTREAMREADER
QXmlStreamPrivateTagStack::QXmlStreamPrivateTagStack()
@@ -866,6 +906,8 @@
type = QXmlStreamReader::NoToken;
error = QXmlStreamReader::NoError;
+ currentContext = XmlContext::Prolog;
+ foundDTD = false;
}
/*
@@ -4061,6 +4103,92 @@
}
}
+static bool isTokenAllowedInContext(QXmlStreamReader::TokenType type,
+ QXmlStreamReaderPrivate::XmlContext loc)
+{
+ switch (type) {
+ case QXmlStreamReader::StartDocument:
+ case QXmlStreamReader::DTD:
+ return loc == QXmlStreamReaderPrivate::XmlContext::Prolog;
+
+ case QXmlStreamReader::StartElement:
+ case QXmlStreamReader::EndElement:
+ case QXmlStreamReader::Characters:
+ case QXmlStreamReader::EntityReference:
+ case QXmlStreamReader::EndDocument:
+ return loc == QXmlStreamReaderPrivate::XmlContext::Body;
+
+ case QXmlStreamReader::Comment:
+ case QXmlStreamReader::ProcessingInstruction:
+ return true;
+
+ case QXmlStreamReader::NoToken:
+ case QXmlStreamReader::Invalid:
+ return false;
+ default:
+ return false;
+ }
+}
+
+/*!
+ \internal
+ \brief QXmlStreamReader::isValidToken
+ \return \c true if \param type is a valid token type.
+ \return \c false if \param type is an unexpected token,
+ which indicates a non-well-formed or invalid XML stream.
+ */
+bool QXmlStreamReaderPrivate::isValidToken(QXmlStreamReader::TokenType type)
+{
+ // Don't change currentContext, if Invalid or NoToken occur in the prolog
+ if (type == QXmlStreamReader::Invalid || type == QXmlStreamReader::NoToken)
+ return false;
+
+ // If a token type gets rejected in the body, there is no recovery
+ const bool result = isTokenAllowedInContext(type, currentContext);
+ if (result || currentContext == XmlContext::Body)
+ return result;
+
+ // First non-Prolog token observed => switch context to body and check again.
+ currentContext = XmlContext::Body;
+ return isTokenAllowedInContext(type, currentContext);
+}
+
+/*!
+ \internal
+ Checks token type and raises an error, if it is invalid
+ in the current context (prolog/body).
+ */
+void QXmlStreamReaderPrivate::checkToken()
+{
+ Q_Q(QXmlStreamReader);
+
+ // The token type must be consumed, to keep track if the body has been reached.
+ const XmlContext context = currentContext;
+ const bool ok = isValidToken(type);
+
+ // Do nothing if an error has been raised already (going along with an unexpected token)
+ if (error != QXmlStreamReader::Error::NoError)
+ return;
+
+ if (!ok) {
+ raiseError(QXmlStreamReader::UnexpectedElementError,
+ QLatin1String("Unexpected token type %1 in %2.")
+ .arg(q->tokenString(), contextString(context)));
+ return;
+ }
+
+ if (type != QXmlStreamReader::DTD)
+ return;
+
+ // Raise error on multiple DTD tokens
+ if (foundDTD) {
+ raiseError(QXmlStreamReader::UnexpectedElementError,
+ QLatin1String("Found second DTD token in %1.").arg(contextString(context)));
+ } else {
+ foundDTD = true;
+ }
+}
+
/*!
\fn bool QXmlStreamAttributes::hasAttribute(const QString &qualifiedName) const
\since 4.5
diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
index 8f7c9e0..708059b 100644
--- a/src/corelib/serialization/qxmlstream_p.h
+++ b/src/corelib/serialization/qxmlstream_p.h
@@ -804,6 +804,17 @@
#endif
bool atEnd;
+ enum class XmlContext
+ {
+ Prolog,
+ Body,
+ };
+
+ XmlContext currentContext = XmlContext::Prolog;
+ bool foundDTD = false;
+ bool isValidToken(QXmlStreamReader::TokenType type);
+ void checkToken();
+
/*!
\sa setType()
*/

40
SOURCES/qtbase-5.15.8-fix-missing-qtsan-include.patch Normal file
View File

File diff suppressed because one or more lines are too long

30
SOURCES/qtbase-ambiguous-python-shebang.patch
View File

@ -1,30 +0,0 @@
diff --git a/mkspecs/features/uikit/devices.py b/mkspecs/features/uikit/devices.py
index 8cdcb370..b0c927ea 100755
--- a/mkspecs/features/uikit/devices.py
+++ b/mkspecs/features/uikit/devices.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
#############################################################################
##
diff --git a/tests/manual/xembed-raster/gtk-embedder.py b/tests/manual/xembed-raster/gtk-embedder.py
index 5c37fd44..86ffa9fd 100755
--- a/tests/manual/xembed-raster/gtk-embedder.py
+++ b/tests/manual/xembed-raster/gtk-embedder.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
#############################################################################
##
## Copyright (C) 2013 Canonical Ltd.
diff --git a/tests/manual/xembed-widgets/gtk-embedder.py b/tests/manual/xembed-widgets/gtk-embedder.py
index 2a7c92db..93135b14 100755
--- a/tests/manual/xembed-widgets/gtk-embedder.py
+++ b/tests/manual/xembed-widgets/gtk-embedder.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
#############################################################################
##
## Copyright (C) 2013 Canonical Ltd.

122
SOURCES/qtbase-disable-tests-not-working-in-gating.patch Normal file
View File

@ -0,0 +1,122 @@
diff --git a/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp b/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
index 2accf99c..31478c1d 100644
--- a/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
+++ b/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
@@ -63,7 +63,7 @@ private slots:
#endif
void doubleSlashInRoot();
void setLocale();
- void lastModified();
+ // void lastModified();
void resourcesInStaticPlugins();
private:
@@ -645,19 +645,19 @@ void tst_QResourceEngine::setLocale()
QLocale::setDefault(QLocale::system());
}
-void tst_QResourceEngine::lastModified()
-{
- {
- QFileInfo fi(":/");
- QVERIFY(fi.exists());
- QVERIFY2(!fi.lastModified().isValid(), qPrintable(fi.lastModified().toString()));
- }
- {
- QFileInfo fi(":/search_file.txt");
- QVERIFY(fi.exists());
- QVERIFY(fi.lastModified().isValid());
- }
-}
+// void tst_QResourceEngine::lastModified()
+// {
+// {
+// QFileInfo fi(":/");
+// QVERIFY(fi.exists());
+// QVERIFY2(!fi.lastModified().isValid(), qPrintable(fi.lastModified().toString()));
+// }
+// {
+// QFileInfo fi(":/search_file.txt");
+// QVERIFY(fi.exists());
+// QVERIFY(fi.lastModified().isValid());
+// }
+// }
Q_IMPORT_PLUGIN(PluginClass)
void tst_QResourceEngine::resourcesInStaticPlugins()
diff --git a/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp b/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
index fe63cecc..e1686aea 100644
--- a/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
+++ b/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
@@ -46,7 +46,7 @@ private slots:
void currentStorage();
void storageList();
void tempFile();
- void caching();
+ // void caching();
#endif
};
@@ -202,34 +202,34 @@ void tst_QStorageInfo::tempFile()
QVERIFY(free != storage2.bytesFree());
}
-void tst_QStorageInfo::caching()
-{
- QTemporaryFile file;
- QVERIFY2(file.open(), qPrintable(file.errorString()));
-
- QStorageInfo storage1(file.fileName());
-#ifdef Q_OS_LINUX
- if (storage1.fileSystemType() == "btrfs")
- QSKIP("This test doesn't work on btrfs, probably due to a btrfs bug");
-#endif
-
- qint64 free = storage1.bytesFree();
- QStorageInfo storage2(storage1);
- QCOMPARE(free, storage2.bytesFree());
- QVERIFY(free != -1);
-
- file.write(QByteArray(1024*1024, '\0'));
- file.flush();
-
- QCOMPARE(free, storage1.bytesFree());
- QCOMPARE(free, storage2.bytesFree());
- storage2.refresh();
- QCOMPARE(storage1, storage2);
- if (free == storage2.bytesFree() && storage2.fileSystemType() == "apfs") {
- QEXPECT_FAIL("", "This test is likely to fail on APFS", Continue);
- }
- QVERIFY(free != storage2.bytesFree());
-}
+// void tst_QStorageInfo::caching()
+// {
+// QTemporaryFile file;
+// QVERIFY2(file.open(), qPrintable(file.errorString()));
+//
+// QStorageInfo storage1(file.fileName());
+// #ifdef Q_OS_LINUX
+// if (storage1.fileSystemType() == "btrfs")
+// QSKIP("This test doesn't work on btrfs, probably due to a btrfs bug");
+// #endif
+//
+// qint64 free = storage1.bytesFree();
+// QStorageInfo storage2(storage1);
+// QCOMPARE(free, storage2.bytesFree());
+// QVERIFY(free != -1);
+//
+// file.write(QByteArray(1024*1024, '\0'));
+// file.flush();
+//
+// QCOMPARE(free, storage1.bytesFree());
+// QCOMPARE(free, storage2.bytesFree());
+// storage2.refresh();
+// QCOMPARE(storage1, storage2);
+// if (free == storage2.bytesFree() && storage2.fileSystemType() == "apfs") {
+// QEXPECT_FAIL("", "This test is likely to fail on APFS", Continue);
+// }
+// QVERIFY(free != storage2.bytesFree());
+// }
#endif
QTEST_MAIN(tst_QStorageInfo)

12
SOURCES/qtbase-everywhere-src-5.15.6-private_api_warning.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h.private_api_warning qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h
--- qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h.private_api_warning 2022-10-11 09:08:33.712070523 -0500
+++ qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h 2022-10-11 09:10:58.647038619 -0500
@@ -435,7 +435,7 @@ inline void QObjectPrivate::checkForInco
Q_UNUSED(version);
#else
if (Q_UNLIKELY(version != QObjectPrivateVersion)) {
- qFatal("Cannot mix incompatible Qt library (%d.%d.%d) with this library (%d.%d.%d)",
+ qWarning("Cannot mix incompatible Qt library (%d.%d.%d) with this library (%d.%d.%d)",
(version >> 16) & 0xff, (version >> 8) & 0xff, version & 0xff,
(QObjectPrivateVersion >> 16) & 0xff, (QObjectPrivateVersion >> 8) & 0xff, QObjectPrivateVersion & 0xff);
}

16
SOURCES/tell-the-truth-about-private-api.patch
View File

@ -1,16 +0,0 @@
diff --git a/mkspecs/features/qt_module.prf b/mkspecs/features/qt_module.prf
index e6a0d97..cf93041 100644
--- a/mkspecs/features/qt_module.prf
+++ b/mkspecs/features/qt_module.prf
@@ -216,9 +216,9 @@ android: CONFIG += qt_android_deps no_linker_version_script
QMAKE_LFLAGS += $${QMAKE_LFLAGS_VERSION_SCRIPT}$$verscript
internal_module {
- verscript_content = "Qt_$${QT_MAJOR_VERSION}_PRIVATE_API { *; };"
+ verscript_content = "Qt_$${QT_MAJOR_VERSION}.$${QT_MINOR_VERSION}.$${QT_PATCH_VERSION}_PRIVATE_API { *; };"
} else {
- verscript_content = "Qt_$${QT_MAJOR_VERSION}_PRIVATE_API {" \
+ verscript_content = "Qt_$${QT_MAJOR_VERSION}.$${QT_MINOR_VERSION}.$${QT_PATCH_VERSION}_PRIVATE_API {" \
" qt_private_api_tag*;"
private_api_headers = $$SYNCQT.PRIVATE_HEADER_FILES $$SYNCQT.QPA_HEADER_FILES

141
SPECS/qt5-qtbase.spec
View File

@ -2,8 +2,6 @@
%global multilib_archs x86_64 %{ix86} %{?mips} ppc64 ppc s390x s390 sparc64 sparcv9
%global multilib_basearchs x86_64 %{?mips64} ppc64 s390x sparc64
%global openssl -openssl-linked
%if 0%{?fedora} < 29 && 0%{?rhel} < 9
%ifarch %{ix86}
%global no_sse2 -no-sse2
@ -47,7 +45,6 @@
%global qt_settings 1
%endif
%global journald -journald
BuildRequires: make
BuildRequires: pkgconfig(libsystemd)
@ -59,8 +56,8 @@ BuildRequires: pkgconfig(libsystemd)
Name: qt5-qtbase
Summary: Qt5 - QtBase components
Version: 5.15.3
Release: 1%{?dist}
Version: 5.15.9
Release: 7%{?dist}
# See LGPL_EXCEPTIONS.txt, for exception details
@ -86,11 +83,8 @@ Source10: macros.qt5-qtbase
# support multilib optflags
Patch2: qtbase-multilib_optflags.patch
# borrowed from opensuse
# track private api via properly versioned symbols
# downside: binaries produced with these differently-versioned symbols are no longer
# compatible with qt-project.org's Qt binary releases.
Patch8: tell-the-truth-about-private-api.patch
# make mixing versions with private apis a warning instead of fatal error
Patch3: qtbase-everywhere-src-5.15.6-private_api_warning.patch
# upstreamable patches
# namespace QT_VERSION_CHECK to workaround major/minor being pre-defined (#1396755)
@ -132,9 +126,6 @@ Patch64: qt5-qtbase-5.12.1-firebird-4.0.0.patch
# fix for new mariadb
Patch65: qtbase-opensource-src-5.9.0-mysql.patch
# python3
Patch68: qtbase-ambiguous-python-shebang.patch
# https://fedoraproject.org/wiki/Changes/Qt_Wayland_By_Default_On_Gnome
# https://bugzilla.redhat.com/show_bug.cgi?id=1732129
Patch80: qtbase-use-wayland-on-gnome.patch
@ -144,12 +135,23 @@ Patch90: %{name}-gcc11.patch
## upstream patches
# https://invent.kde.org/qt/qt/qtbase, kde/5.15 branch
# git diff v5.15.3-lts-lgpl..HEAD | gzip > kde-5.15-rollup-$(date +%Y%m%d).patch.gz
# git diff v5.15.9-lts-lgpl..HEAD | gzip > kde-5.15-rollup-$(date +%Y%m%d).patch.gz
# patch100 in lookaside cache due to large'ish size -- rdieter
Patch100: kde-5.15-rollup-20220324.patch.gz
Patch100: kde-5.15-rollup-20230411.patch.gz
# HACK to make 'fedpkg sources' consider it 'used"
Source100: kde-5.15-rollup-20220324.patch.gz
Source100: kde-5.15-rollup-20230411.patch.gz
Patch101: qtbase-5.15.8-fix-missing-qtsan-include.patch
Patch110: CVE-2023-32762-qtbase-5.15.patch
Patch111: CVE-2023-32763-qtbase-5.15.patch
Patch112: CVE-2023-33285-qtbase-5.15.patch
Patch113: CVE-2023-34410-qtbase-5.15.patch
Patch114: CVE-2023-37369-qtbase-5.15.patch
Patch115: CVE-2023-38197-qtbase-5.15.patch
# gating related patches
Patch200: qtbase-disable-tests-not-working-in-gating.patch
# Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
# Those themes are there for platform integration. If the required libraries are
@ -174,11 +176,8 @@ BuildRequires: clang >= 3.7.0
%else
BuildRequires: gcc-c++
%endif
# http://bugzilla.redhat.com/1196359
%if 0%{?fedora} || 0%{?rhel} > 6
%global dbus -dbus-linked
BuildRequires: pkgconfig(dbus-1)
%endif
BuildRequires: pkgconfig(libdrm)
BuildRequires: pkgconfig(fontconfig)
BuildRequires: pkgconfig(gl)
@ -192,6 +191,7 @@ BuildRequires: pkgconfig(libudev)
BuildRequires: openssl-devel
BuildRequires: pkgconfig(libpulse) pkgconfig(libpulse-mainloop-glib)
BuildRequires: pkgconfig(libinput)
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(xcb-xkb) >= 1.10
BuildRequires: pkgconfig(xcb-util)
BuildRequires: pkgconfig(xkbcommon) >= 0.4.1
@ -222,6 +222,7 @@ BuildRequires: libicu-devel
%endif
BuildRequires: pkgconfig(xcb) pkgconfig(xcb-glx) pkgconfig(xcb-icccm) pkgconfig(xcb-image) pkgconfig(xcb-keysyms) pkgconfig(xcb-renderutil)
BuildRequires: pkgconfig(zlib)
BuildRequires: pkgconfig(libzstd)
BuildRequires: perl-generators
# see patch68
BuildRequires: python3
@ -270,6 +271,12 @@ Summary: Common files for Qt5
# offer upgrade path for qtquick1 somewhere... may as well be here -- rex
Obsoletes: qt5-qtquick1 < 5.9.0
Obsoletes: qt5-qtquick1-devel < 5.9.0
%if "%{?ibase}" == "-no-sql-ibase"
Obsoletes: qt5-qtbase-ibase < %{version}-%{release}
%endif
%if "%{?tds}" == "-no-sql-tds"
Obsoletes: qt5-qtbase-tds < %{version}-%{release}
%endif
Requires: %{name} = %{version}-%{release}
BuildArch: noarch
%description common
@ -378,7 +385,8 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
%package gui
Summary: Qt5 GUI-related libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
%if ! 0%{?rhel} < 8
# where Recommends are supported
%if 0%{?fedora} || 0%{?rhel} >= 8
Recommends: mesa-dri-drivers
%endif
Obsoletes: qt5-qtbase-x11 < 5.2.0
@ -393,38 +401,46 @@ Qt5 libraries used for drawing widgets and OpenGL items.
%prep
%setup -q -n %{qt_module}-everywhere-src-%{version}
## dowstream patches
%patch -P3 -p1 -b .private_api_warning
## upstream fixes
# omit '-b .tell-the-truth-about-private-api' so it doesn't end up in installed files -- rdieter
%patch8 -p1
%patch50 -p1 -b .QT_VERSION_CHECK
# FIXME/TODO : rebase or drop -- rdieter
#patch51 -p1 -b .hidpi_scale_at_192
%patch52 -p1 -b .moc_macros
%patch53 -p1 -b .qt5gui_cmake_isystem_includes
%patch54 -p1 -b .qmake_LFLAGS
%patch55 -p1 -b .no_relocatable
%patch56 -p1 -b .libglvnd
%patch61 -p1 -b .qt5-qtbase-cxxflag
%patch -P50 -p1 -b .QT_VERSION_CHECK
#patch -P51 -p1 -b .hidpi_scale_at_192
%patch -P52 -p1 -b .moc_macros
%patch -P53 -p1 -b .qt5gui_cmake_isystem_includes
%patch -P54 -p1 -b .qmake_LFLAGS
%patch -P55 -p1 -b .no_relocatable
%patch -P56 -p1 -b .libglvnd
%patch -P61 -p1 -b .qt5-qtbase-cxxflag
%if 0%{?fedora} < 35
%patch63 -p1 -b .firebird
%patch -P63 -p1 -b .firebird
%else
%patch64 -p1 -b .firebird
%patch -P64 -p1 -b .firebird
%endif
%if 0%{?fedora} > 27
%patch65 -p1 -b .mysql
%patch -P65 -p1 -b .mysql
%endif
%patch68 -p1
%if 0%{?fedora} > 30 || 0%{?rhel} > 9
%patch80 -p1 -b .use-wayland-on-gnome.patch
%patch -P80 -p1 -b .use-wayland-on-gnome.patch
%endif
%patch90 -p1 -b .gcc11
%patch -P90 -p1 -b .gcc11
## upstream patches
%patch100 -p1
%patch -P100 -p1
%patch -P101 -p1
%patch -P110 -p1
%patch -P111 -p1
%patch -P112 -p1
%patch -P113 -p1
%patch -P114 -p1
%patch -P115 -p1
## gating related patches
%patch -P200 -p1 -b .disable-tests-not-working-in-gating
# move some bundled libs to ensure they're not accidentally used
pushd src/3rdparty
@ -497,16 +513,17 @@ export MAKEFLAGS="%{?_smp_mflags}"
-release \
-shared \
-accessibility \
%{?dbus}%{!?dbus:-dbus-runtime} \
-dbus-linked \
%{?egl:-egl -eglfs} \
-fontconfig \
-glib \
-gtk \
%{?ibase} \
-icu \
%{?journald} \
-journald \
-optimized-qmake \
%{?openssl} \
-openssl-linked \
-libproxy \
%{!?examples:-nomake examples} \
%{!?build_tests:-nomake tests} \
-no-pch \
@ -535,7 +552,11 @@ export MAKEFLAGS="%{?_smp_mflags}"
QMAKE_LFLAGS_RELEASE="${LDFLAGS:-$RPM_LD_FLAGS}"
# Validate config results
%if "%{?ibase}" != "-no-sql-ibase"
for config_test in egl-x11 ibase ; do
%else
for config_test in egl-x11 ; do
%endif
config_result="$(grep ^cache.${config_test}.result config.cache | cut -d= -f2 | tr -d ' ')"
if [ "${config_result}" != "true" ]; then
echo "${config_test} detection failed"
@ -597,7 +618,7 @@ translationdir=%{_qt5_translationdir}
Name: Qt5
Description: Qt5 Configuration
Version: 5.15.3
Version: 5.15.9
EOF
# rpm macros
@ -1117,6 +1138,38 @@ fi
%changelog
* Fri Jul 21 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-7
- Fix infinite loops in QXmlStreamReader (CVE-2023-38197)
Resolves: bz#2222771
* Fri Jun 09 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-6
- Don't allow remote attacker to bypass security restrictions caused by
flaw in certificate validation (CVE-2023-34410) (version #2)
Resolves: bz#2212754
* Tue Jun 06 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-5
- Don't allow remote attacker to bypass security restrictions caused by
flaw in certificate validation (CVE-2023-34410)
Resolves: bz#2212754
* Wed May 24 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-4
- Fix specific overflow in qtextlayout
- Fix incorrect parsing of the strict-transport-security (HSTS) header
- Fix buffer over-read via a crafted reply from a DNS server
Resolves: bz#2209492
* Wed Apr 26 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-3
- Rebuild (elfutils#2188064)
Resolves: bz#2175727
* Tue Apr 25 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-2
- Disable tests failing in gating
Resolves: bz#2175727
* Mon Apr 17 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-1
- 5.15.9 + sync with Fedora
Resolves: bz#2175727
* Thu Mar 24 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.3-1
- 5.15.3 + sync with Fedora
Resolves: bz#2061354