12 changed files with 441 additions and 643 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/kde-5.15-rollup-20230411.patch.gz
+SOURCES/kde-5.15-rollup-20220324.patch.gz
-SOURCES/qtbase-everywhere-opensource-src-5.15.9.tar.xz
+SOURCES/qtbase-everywhere-opensource-src-5.15.3.tar.xz
--- a/.qt5-qtbase.metadata
+++ b/.qt5-qtbase.metadata
@ -1,2 +1,2 @@
-677b605bf6033bdfa84a676096ec6e77da6e844d SOURCES/kde-5.15-rollup-20230411.patch.gz
+981f5fbeb315c2e4adc122cee944368598466b67 SOURCES/kde-5.15-rollup-20220324.patch.gz
-a5bbeafa6319cd3e666b12ccc722a357de7230be SOURCES/qtbase-everywhere-opensource-src-5.15.9.tar.xz
+d7383126e1f412ef26096692b9e50a1887eb11f7 SOURCES/qtbase-everywhere-opensource-src-5.15.3.tar.xz
--- a/SOURCES/CVE-2023-37369-qtbase-5.15.patch
+++ b/SOURCES/CVE-2023-37369-qtbase-5.15.patch
@ -1,8 +1,8 @@
 diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp
-index 7cd457ba3a..11d162cb79 100644
+index 4f282f19..6c98e7c0 100644
 --- a/src/corelib/serialization/qxmlstream.cpp
 +++ b/src/corelib/serialization/qxmlstream.cpp
-@@ -1302,15 +1302,18 @@ inline int QXmlStreamReaderPrivate::fastScanContentCharList()
+@@ -1302,11 +1302,19 @@ inline int QXmlStreamReaderPrivate::fastScanContentCharList()
     return n;
 }
@ -14,17 +14,16 @@ index 7cd457ba3a..11d162cb79 100644
     int n = 0;
     uint c;
     while ((c = getChar()) != StreamEOF) {
-         if (n >= 4096) {
+        if (n >= 4096) {
-             // This is too long to be a sensible name, and
+            // This is too long to be a sensible name, and
 -            // can exhaust memory
 -            return 0;
 +            // can exhaust memory, or the range of decltype(*prefix)
 +            raiseNamePrefixTooLongError();
 +            return {};
-         }
+        }
         switch (c) {
         case '\n':
-@@ -1339,23 +1342,23 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
+         case ' ':
@@ -1334,23 +1342,23 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
         case '+':
         case '*':
             putChar(c);
@ -56,7 +55,7 @@ index 7cd457ba3a..11d162cb79 100644
             }
             Q_FALLTHROUGH();
         default:
-@@ -1364,12 +1367,12 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
+@@ -1359,12 +1367,12 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
         }
     }
@ -72,7 +71,7 @@ index 7cd457ba3a..11d162cb79 100644
 }
 enum NameChar { NameBeginning, NameNotBeginning, NotName };
-@@ -1878,6 +1881,14 @@ void QXmlStreamReaderPrivate::raiseWellFormedError(const QString &message)
+@@ -1873,6 +1881,14 @@ void QXmlStreamReaderPrivate::raiseWellFormedError(const QString &message)
     raiseError(QXmlStreamReader::NotWellFormedError, message);
 }
@ -88,7 +87,7 @@ index 7cd457ba3a..11d162cb79 100644
 {
 diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g
-index 4321fed68a..8c6a1a5887 100644
+index b623de95..e4310285 100644
 --- a/src/corelib/serialization/qxmlstream.g
 +++ b/src/corelib/serialization/qxmlstream.g
@@ -516,7 +516,16 @@ public:
@ -117,7 +116,7 @@ index 4321fed68a..8c6a1a5887 100644
     QXmlStreamEntityResolver *entityResolver;
-@@ -1811,7 +1821,12 @@ space_opt ::= space;
+@@ -1809,7 +1819,12 @@ space_opt ::= space;
 qname ::= LETTER;
 /.
         case $rule_number: {
@ -131,7 +130,7 @@ index 4321fed68a..8c6a1a5887 100644
             if (atEnd) {
                 resume($rule_number);
                 return false;
-@@ -1822,7 +1837,11 @@ qname ::= LETTER;
+@@ -1820,7 +1835,11 @@ qname ::= LETTER;
 name ::= LETTER;
 /.
         case $rule_number:
@ -145,7 +144,7 @@ index 4321fed68a..8c6a1a5887 100644
                 resume($rule_number);
                 return false;
 diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
-index e5bde7b98e..b01484cac3 100644
+index 103b123b..80e7f740 100644
 --- a/src/corelib/serialization/qxmlstream_p.h
 +++ b/src/corelib/serialization/qxmlstream_p.h
@@ -1005,7 +1005,16 @@ public:
@ -174,7 +173,7 @@ index e5bde7b98e..b01484cac3 100644
     QXmlStreamEntityResolver *entityResolver;
-@@ -1939,7 +1949,12 @@ bool QXmlStreamReaderPrivate::parse()
+@@ -1937,7 +1947,12 @@ bool QXmlStreamReaderPrivate::parse()
         break;
         case 262: {
@ -188,7 +187,7 @@ index e5bde7b98e..b01484cac3 100644
             if (atEnd) {
                 resume(262);
                 return false;
-@@ -1947,7 +1962,11 @@ bool QXmlStreamReaderPrivate::parse()
+@@ -1945,7 +1960,11 @@ bool QXmlStreamReaderPrivate::parse()
         } break;
         case 263:
--- a/SOURCES/CVE-2024-39936.patch
+++ b/SOURCES/CVE-2024-39936.patch
@ -0,0 +1,168 @@
 From b1e75376cc3adfc7da5502a277dfe9711f3e0536 Mon Sep 17 00:00:00 2001
 From: Mårten Nordheim <marten.nordheim@qt.io>
 Date: Tue, 25 Jun 2024 17:09:35 +0200
 Subject: [PATCH] HTTP2: Delay any communication until encrypted() can be responded to
 We have the encrypted() signal that lets users do extra checks on the
 established connection. It is emitted as BlockingQueued, so the HTTP
 thread stalls until it is done emitting. Users can potentially call
 abort() on the QNetworkReply at that point, which is passed as a Queued
 call back to the HTTP thread. That means that any currently queued
 signal emission will be processed before the abort() call is processed.
 In the case of HTTP2 it is a little special since it is multiplexed and
 the code is built to start requests as they are available. This means
 that, while the code worked fine for HTTP1, since one connection only
 has one request, it is not working for HTTP2, since we try to send more
 requests in-between the encrypted() signal and the abort() call.
 This patch changes the code to delay any communication until the
 encrypted() signal has been emitted and processed, for HTTP2 only.
 It's done by adding a few booleans, both to know that we have to return
 early and so we can keep track of what events arose and what we need to
 resume once enough time has passed that any abort() call must have been
 processed.
 Fixes: QTBUG-126610
 Pick-to: 6.8 6.7 6.5 6.2 5.15 5.12
 Change-Id: Ic25a600c278203256e35f541026f34a8783235ae
 Reviewed-by: Marc Mutz <marc.mutz@qt.io>
 Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
 ---
 diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp
 index 91c41d82..562dfd66 100644
 --- a/src/network/access/qhttp2protocolhandler.cpp
 +++ b/src/network/access/qhttp2protocolhandler.cpp
@@ -371,12 +371,12 @@ bool QHttp2ProtocolHandler::sendRequest()
         }
     }
 -    if (!prefaceSent && !sendClientPreface())
 -        return false;
 -
     if (!requests.size())
         return true;
 +    if (!prefaceSent && !sendClientPreface())
 +        return false;
 +
     m_channel->state = QHttpNetworkConnectionChannel::WritingState;
     // Check what was promised/pushed, maybe we do not have to send a request
     // and have a response already?
 diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp
 index 647ef431..608e7914 100644
 --- a/src/network/access/qhttpnetworkconnectionchannel.cpp
 +++ b/src/network/access/qhttpnetworkconnectionchannel.cpp
@@ -255,6 +255,10 @@ void QHttpNetworkConnectionChannel::abort()
 bool QHttpNetworkConnectionChannel::sendRequest()
 {
     Q_ASSERT(!protocolHandler.isNull());
 +    if (waitingForPotentialAbort) {
 +        needInvokeSendRequest = true;
 +        return false; // this return value is unused
 +    }
     return protocolHandler->sendRequest();
 }
@@ -267,21 +271,28 @@ bool QHttpNetworkConnectionChannel::sendRequest()
 void QHttpNetworkConnectionChannel::sendRequestDelayed()
 {
     QMetaObject::invokeMethod(this, [this] {
 -        Q_ASSERT(!protocolHandler.isNull());
         if (reply)
 -            protocolHandler->sendRequest();
 +            sendRequest();
     }, Qt::ConnectionType::QueuedConnection);
 }
 void QHttpNetworkConnectionChannel::_q_receiveReply()
 {
     Q_ASSERT(!protocolHandler.isNull());
 +    if (waitingForPotentialAbort) {
 +        needInvokeReceiveReply = true;
 +        return;
 +    }
     protocolHandler->_q_receiveReply();
 }
 void QHttpNetworkConnectionChannel::_q_readyRead()
 {
     Q_ASSERT(!protocolHandler.isNull());
 +    if (waitingForPotentialAbort) {
 +        needInvokeReadyRead = true;
 +        return;
 +    }
     protocolHandler->_q_readyRead();
 }
@@ -1287,7 +1298,18 @@ void QHttpNetworkConnectionChannel::_q_encrypted()
             // Similar to HTTP/1.1 counterpart below:
             const auto &pairs = spdyRequestsToSend.values(); // (request, reply)
             const auto &pair = pairs.first();
 +            waitingForPotentialAbort = true;
             emit pair.second->encrypted();
 +
 +            // We don't send or handle any received data until any effects from
 +            // emitting encrypted() have been processed. This is necessary
 +            // because the user may have called abort(). We may also abort the
 +            // whole connection if the request has been aborted and there is
 +            // no more requests to send.
 +            QMetaObject::invokeMethod(this,
 +                                      &QHttpNetworkConnectionChannel::checkAndResumeCommunication,
 +                                      Qt::QueuedConnection);
 +
             // In case our peer has sent us its settings (window size, max concurrent streams etc.)
             // let's give _q_receiveReply a chance to read them first ('invokeMethod', QueuedConnection).
             QMetaObject::invokeMethod(connection, "_q_startNextRequest", Qt::QueuedConnection);
@@ -1305,6 +1327,26 @@ void QHttpNetworkConnectionChannel::_q_encrypted()
     }
 }
 +void QHttpNetworkConnectionChannel::checkAndResumeCommunication()
 +{
 +    Q_ASSERT(connection->connectionType() > QHttpNetworkConnection::ConnectionTypeHTTP);
 +
 +    // Because HTTP/2 requires that we send a SETTINGS frame as the first thing we do, and respond
 +    // to a SETTINGS frame with an ACK, we need to delay any handling until we can ensure that any
 +    // effects from emitting encrypted() have been processed.
 +    // This function is called after encrypted() was emitted, so check for changes.
 +
 +    if (!reply && spdyRequestsToSend.isEmpty())
 +        abort();
 +    waitingForPotentialAbort = false;
 +    if (needInvokeReadyRead)
 +        _q_readyRead();
 +    if (needInvokeReceiveReply)
 +        _q_receiveReply();
 +    if (needInvokeSendRequest)
 +        sendRequest();
 +}
 +
 void QHttpNetworkConnectionChannel::requeueSpdyRequests()
 {
     QList<HttpMessagePair> spdyPairs = spdyRequestsToSend.values();
 diff --git a/src/network/access/qhttpnetworkconnectionchannel_p.h b/src/network/access/qhttpnetworkconnectionchannel_p.h
 index d8ac3979..eac44464 100644
 --- a/src/network/access/qhttpnetworkconnectionchannel_p.h
 +++ b/src/network/access/qhttpnetworkconnectionchannel_p.h
@@ -107,6 +107,10 @@ public:
     QAbstractSocket *socket;
     bool ssl;
     bool isInitialized;
 +    bool waitingForPotentialAbort = false;
 +    bool needInvokeReceiveReply = false;
 +    bool needInvokeReadyRead = false;
 +    bool needInvokeSendRequest = false;
     ChannelState state;
     QHttpNetworkRequest request; // current request, only used for HTTP
     QHttpNetworkReply *reply; // current reply for this request, only used for HTTP
@@ -187,6 +191,8 @@ public:
     void closeAndResendCurrentRequest();
     void resendCurrentRequest();
 +    void checkAndResumeCommunication();
 +
     bool isSocketBusy() const;
     bool isSocketWriting() const;
     bool isSocketWaiting() const;
--- a/SOURCES/qtbase-5.15.8-fix-missing-qtsan-include.patch
+++ b/SOURCES/qtbase-5.15.8-fix-missing-qtsan-include.patch
--- a/SOURCES/qtbase-ambiguous-python-shebang.patch
+++ b/SOURCES/qtbase-ambiguous-python-shebang.patch
@ -0,0 +1,30 @@
 diff --git a/mkspecs/features/uikit/devices.py b/mkspecs/features/uikit/devices.py
 index 8cdcb370..b0c927ea 100755
 --- a/mkspecs/features/uikit/devices.py
 +++ b/mkspecs/features/uikit/devices.py
@@ -1,4 +1,4 @@
 -#!/usr/bin/python
 +#!/usr/bin/python3
 #############################################################################
 ##
 diff --git a/tests/manual/xembed-raster/gtk-embedder.py b/tests/manual/xembed-raster/gtk-embedder.py
 index 5c37fd44..86ffa9fd 100755
 --- a/tests/manual/xembed-raster/gtk-embedder.py
 +++ b/tests/manual/xembed-raster/gtk-embedder.py
@@ -1,4 +1,4 @@
 -#!/usr/bin/python
 +#!/usr/bin/python3
 #############################################################################
 ##
 ## Copyright (C) 2013 Canonical Ltd.
 diff --git a/tests/manual/xembed-widgets/gtk-embedder.py b/tests/manual/xembed-widgets/gtk-embedder.py
 index 2a7c92db..93135b14 100755
 --- a/tests/manual/xembed-widgets/gtk-embedder.py
 +++ b/tests/manual/xembed-widgets/gtk-embedder.py
@@ -1,4 +1,4 @@
 -#!/usr/bin/python
 +#!/usr/bin/python3
 #############################################################################
 ##
 ## Copyright (C) 2013 Canonical Ltd.
--- a/SOURCES/qtbase-disable-tests-not-working-in-gating.patch
+++ b/SOURCES/qtbase-disable-tests-not-working-in-gating.patch
@ -1,122 +0,0 @@
 diff --git a/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp b/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
 index 2accf99c..31478c1d 100644
 --- a/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
 +++ b/tests/auto/corelib/io/qresourceengine/tst_qresourceengine.cpp
@@ -63,7 +63,7 @@ private slots:
 #endif
     void doubleSlashInRoot();
     void setLocale();
 -    void lastModified();
 +    // void lastModified();
     void resourcesInStaticPlugins();
 private:
@@ -645,19 +645,19 @@ void tst_QResourceEngine::setLocale()
     QLocale::setDefault(QLocale::system());
 }
 -void tst_QResourceEngine::lastModified()
 -{
 -    {
 -        QFileInfo fi(":/");
 -        QVERIFY(fi.exists());
 -        QVERIFY2(!fi.lastModified().isValid(), qPrintable(fi.lastModified().toString()));
 -    }
 -    {
 -        QFileInfo fi(":/search_file.txt");
 -        QVERIFY(fi.exists());
 -        QVERIFY(fi.lastModified().isValid());
 -    }
 -}
 +// void tst_QResourceEngine::lastModified()
 +// {
 +//     {
 +//         QFileInfo fi(":/");
 +//         QVERIFY(fi.exists());
 +//         QVERIFY2(!fi.lastModified().isValid(), qPrintable(fi.lastModified().toString()));
 +//     }
 +//     {
 +//         QFileInfo fi(":/search_file.txt");
 +//         QVERIFY(fi.exists());
 +//         QVERIFY(fi.lastModified().isValid());
 +//     }
 +// }
 Q_IMPORT_PLUGIN(PluginClass)
 void tst_QResourceEngine::resourcesInStaticPlugins()
 diff --git a/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp b/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
 index fe63cecc..e1686aea 100644
 --- a/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
 +++ b/tests/auto/corelib/io/qstorageinfo/tst_qstorageinfo.cpp
@@ -46,7 +46,7 @@ private slots:
     void currentStorage();
     void storageList();
     void tempFile();
 -    void caching();
 +    // void caching();
 #endif
 };
@@ -202,34 +202,34 @@ void tst_QStorageInfo::tempFile()
     QVERIFY(free != storage2.bytesFree());
 }
 -void tst_QStorageInfo::caching()
 -{
 -    QTemporaryFile file;
 -    QVERIFY2(file.open(), qPrintable(file.errorString()));
 -
 -    QStorageInfo storage1(file.fileName());
 -#ifdef Q_OS_LINUX
 -    if (storage1.fileSystemType() == "btrfs")
 -        QSKIP("This test doesn't work on btrfs, probably due to a btrfs bug");
 -#endif
 -
 -    qint64 free = storage1.bytesFree();
 -    QStorageInfo storage2(storage1);
 -    QCOMPARE(free, storage2.bytesFree());
 -    QVERIFY(free != -1);
 -
 -    file.write(QByteArray(1024*1024, '\0'));
 -    file.flush();
 -
 -    QCOMPARE(free, storage1.bytesFree());
 -    QCOMPARE(free, storage2.bytesFree());
 -    storage2.refresh();
 -    QCOMPARE(storage1, storage2);
 -    if (free == storage2.bytesFree() && storage2.fileSystemType() == "apfs") {
 -        QEXPECT_FAIL("", "This test is likely to fail on APFS", Continue);
 -    }
 -    QVERIFY(free != storage2.bytesFree());
 -}
 +// void tst_QStorageInfo::caching()
 +// {
 +//     QTemporaryFile file;
 +//     QVERIFY2(file.open(), qPrintable(file.errorString()));
 +//
 +//     QStorageInfo storage1(file.fileName());
 +// #ifdef Q_OS_LINUX
 +//     if (storage1.fileSystemType() == "btrfs")
 +//         QSKIP("This test doesn't work on btrfs, probably due to a btrfs bug");
 +// #endif
 +//
 +//     qint64 free = storage1.bytesFree();
 +//     QStorageInfo storage2(storage1);
 +//     QCOMPARE(free, storage2.bytesFree());
 +//     QVERIFY(free != -1);
 +//
 +//     file.write(QByteArray(1024*1024, '\0'));
 +//     file.flush();
 +//
 +//     QCOMPARE(free, storage1.bytesFree());
 +//     QCOMPARE(free, storage2.bytesFree());
 +//     storage2.refresh();
 +//     QCOMPARE(storage1, storage2);
 +//     if (free == storage2.bytesFree() && storage2.fileSystemType() == "apfs") {
 +//         QEXPECT_FAIL("", "This test is likely to fail on APFS", Continue);
 +//     }
 +//     QVERIFY(free != storage2.bytesFree());
 +// }
 #endif
 QTEST_MAIN(tst_QStorageInfo)
--- a/SOURCES/qtbase-everywhere-src-5.15.6-private_api_warning.patch
+++ b/SOURCES/qtbase-everywhere-src-5.15.6-private_api_warning.patch
@ -1,12 +0,0 @@
 diff -up qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h.private_api_warning qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h
 --- qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h.private_api_warning	2022-10-11 09:08:33.712070523 -0500
 +++ qtbase-everywhere-src-5.15.6/src/corelib/kernel/qobject_p.h	2022-10-11 09:10:58.647038619 -0500
@@ -435,7 +435,7 @@ inline void QObjectPrivate::checkForInco
     Q_UNUSED(version);
 #else
     if (Q_UNLIKELY(version != QObjectPrivateVersion)) {
 -        qFatal("Cannot mix incompatible Qt library (%d.%d.%d) with this library (%d.%d.%d)",
 +        qWarning("Cannot mix incompatible Qt library (%d.%d.%d) with this library (%d.%d.%d)",
                 (version >> 16) & 0xff, (version >> 8) & 0xff, version & 0xff,
                 (QObjectPrivateVersion >> 16) & 0xff, (QObjectPrivateVersion >> 8) & 0xff, QObjectPrivateVersion & 0xff);
     }
--- a/SOURCES/qtbase-h2-emit-encrypted-for-first-reply-similar-to-h1.patch
+++ b/SOURCES/qtbase-h2-emit-encrypted-for-first-reply-similar-to-h1.patch
@ -0,0 +1,60 @@
 From 95064c35826793c5d6a4edff9fa08ad308b047bb Mon Sep 17 00:00:00 2001
 From: Timur Pocheptsov <timur.pocheptsov@qt.io>
 Date: Tue, 20 Jul 2021 08:16:28 +0200
 Subject: [PATCH] H2: emit encrypted for at least the first reply, similar to
 H1
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Fixes: QTBUG-95277
 Change-Id: I1fe01503376c0d6278e366d7bd31b412b7cc3a69
 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
 (cherry picked from commit c23b7886348dc313ccec1a131850a7cce1b429de)
 ---
 src/network/access/qhttpnetworkconnectionchannel.cpp | 4 ++++
 tests/auto/network/access/http2/tst_http2.cpp        | 9 +++++++++
 2 files changed, 13 insertions(+)
 diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp
 index f1db2744..647ef431 100644
 --- a/src/network/access/qhttpnetworkconnectionchannel.cpp
 +++ b/src/network/access/qhttpnetworkconnectionchannel.cpp
@@ -1284,6 +1284,10 @@ void QHttpNetworkConnectionChannel::_q_encrypted()
         connection->connectionType() == QHttpNetworkConnection::ConnectionTypeHTTP2Direct) {
         // we call setSpdyWasUsed(true) on the replies in the SPDY handler when the request is sent
         if (spdyRequestsToSend.count() > 0) {
 +            // Similar to HTTP/1.1 counterpart below:
 +            const auto &pairs = spdyRequestsToSend.values(); // (request, reply)
 +            const auto &pair = pairs.first();
 +            emit pair.second->encrypted();
             // In case our peer has sent us its settings (window size, max concurrent streams etc.)
             // let's give _q_receiveReply a chance to read them first ('invokeMethod', QueuedConnection).
             QMetaObject::invokeMethod(connection, "_q_startNextRequest", Qt::QueuedConnection);
 diff --git a/tests/auto/network/access/http2/tst_http2.cpp b/tests/auto/network/access/http2/tst_http2.cpp
 index 6702f25b..95a97902 100644
 --- a/tests/auto/network/access/http2/tst_http2.cpp
 +++ b/tests/auto/network/access/http2/tst_http2.cpp
@@ -267,6 +267,10 @@ void tst_Http2::singleRequest()
     request.setAttribute(h2Attribute, QVariant(true));
     auto reply = manager->get(request);
 +#if QT_CONFIG(ssl)
 +    QSignalSpy encSpy(reply, &QNetworkReply::encrypted);
 +#endif // QT_CONFIG(ssl)
 +
     connect(reply, &QNetworkReply::finished, this, &tst_Http2::replyFinished);
     // Since we're using self-signed certificates,
     // ignore SSL errors:
@@ -281,6 +285,11 @@ void tst_Http2::singleRequest()
     QCOMPARE(reply->error(), QNetworkReply::NoError);
     QVERIFY(reply->isFinished());
 +
 +#if QT_CONFIG(ssl)
 +    if (connectionType == H2Type::h2Alpn || connectionType == H2Type::h2Direct)
 +        QCOMPARE(encSpy.count(), 1);
 +#endif // QT_CONFIG(ssl)
 }
 void tst_Http2::multipleRequests()
--- a/SOURCES/qtbase-use-wayland-on-gnome.patch
+++ b/SOURCES/qtbase-use-wayland-on-gnome.patch
@ -1,20 +0,0 @@
 diff --git a/src/gui/kernel/qguiapplication.cpp b/src/gui/kernel/qguiapplication.cpp
 index b8bfad4f16..676fdfad5e 100644
 --- a/src/gui/kernel/qguiapplication.cpp
 +++ b/src/gui/kernel/qguiapplication.cpp
@@ -1376,14 +1376,7 @@ void QGuiApplicationPrivate::createPlatformIntegration()
         if (sessionType == QByteArrayLiteral("x11") && !platformName.contains(QByteArrayLiteral("xcb"))) {
             platformName = QByteArrayLiteral("xcb");
         } else if (sessionType == QByteArrayLiteral("wayland") && !platformName.contains(QByteArrayLiteral("wayland"))) {
 -            QByteArray currentDesktop = qgetenv("XDG_CURRENT_DESKTOP").toLower();
 -            QByteArray sessionDesktop = qgetenv("XDG_SESSION_DESKTOP").toLower();
 -            if (currentDesktop.contains("gnome") || sessionDesktop.contains("gnome")) {
 -                qInfo() << "Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome."
 -                        << "Use QT_QPA_PLATFORM=wayland to run on Wayland anyway.";
 -            } else {
 -                platformName = QByteArrayLiteral("wayland");
 -            }
 +            platformName = QByteArrayLiteral("wayland");
         }
     }
 #ifdef QT_QPA_DEFAULT_PLATFORM_NAME
--- a/SOURCES/tell-the-truth-about-private-api.patch
+++ b/SOURCES/tell-the-truth-about-private-api.patch
@ -0,0 +1,16 @@
 diff --git a/mkspecs/features/qt_module.prf b/mkspecs/features/qt_module.prf
 index e6a0d97..cf93041 100644
 --- a/mkspecs/features/qt_module.prf
 +++ b/mkspecs/features/qt_module.prf
@@ -216,9 +216,9 @@ android: CONFIG += qt_android_deps no_linker_version_script
     QMAKE_LFLAGS += $${QMAKE_LFLAGS_VERSION_SCRIPT}$$verscript
     internal_module {
 -        verscript_content = "Qt_$${QT_MAJOR_VERSION}_PRIVATE_API { *; };"
 +        verscript_content = "Qt_$${QT_MAJOR_VERSION}.$${QT_MINOR_VERSION}.$${QT_PATCH_VERSION}_PRIVATE_API { *; };"
     } else {
 -        verscript_content = "Qt_$${QT_MAJOR_VERSION}_PRIVATE_API {" \
 +        verscript_content = "Qt_$${QT_MAJOR_VERSION}.$${QT_MINOR_VERSION}.$${QT_PATCH_VERSION}_PRIVATE_API {" \
                             "    qt_private_api_tag*;"
         private_api_headers = $$SYNCQT.PRIVATE_HEADER_FILES $$SYNCQT.QPA_HEADER_FILES
--- a/SPECS/qt5-qtbase.spec
+++ b/SPECS/qt5-qtbase.spec
@ -2,21 +2,11 @@
 %global multilib_archs x86_64 %{ix86} %{?mips} ppc64 ppc s390x s390 sparc64 sparcv9
 %global multilib_basearchs x86_64 %{?mips64} ppc64 s390x sparc64
-%if 0%{?fedora} < 29 && 0%{?rhel} < 9
+%global openssl -openssl-linked
 %ifarch %{ix86}
 %global no_sse2  -no-sse2
 %endif
 %endif
 # workaround https://bugzilla.redhat.com/show_bug.cgi?id=1668865
 # for current stable releases
 %if 0%{?fedora} < 30  || 0%{?rhel} > 6
 %global no_feature_statx -no-feature-statx
 %global no_feature_renameat2 -no-feature-renameat2
 %endif
 %if 0%{?rhel} && 0%{?rhel} > 6
 %global no_feature_getentropy -no-feature-getentropy
 %endif
 # support qtchooser (adds qtchooser .conf file)
 %global qtchooser 1
@ -40,25 +30,18 @@
 %global rpm_macros_dir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
-# use external qt_settings pkg
+%global journald -journald
 %if 0%{?fedora}
 %global qt_settings 1
 %endif
 BuildRequires: make
 BuildRequires: pkgconfig(libsystemd)
 ## skip for now, until we're better at it --rex
 %global examples 1
 %global build_tests 1
 ## skip for now, until we're better at it --rex
 #global tests 1
 Name:    qt5-qtbase
 Summary: Qt5 - QtBase components
-Version: 5.15.9
+Version: 5.15.3
-Release: 9%{?dist}
+Release: 8%{?dist}
 # See LGPL_EXCEPTIONS.txt, for exception details
 License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -83,8 +66,11 @@ Source10: macros.qt5-qtbase
 # support multilib optflags
 Patch2: qtbase-multilib_optflags.patch
-# make mixing versions with private apis a warning instead of fatal error
+# borrowed from opensuse
-Patch3: qtbase-everywhere-src-5.15.6-private_api_warning.patch
+# track private api via properly versioned symbols
 # downside: binaries produced with these differently-versioned symbols are no longer
 # compatible with qt-project.org's Qt binary releases.
 Patch8: tell-the-truth-about-private-api.patch
 # upstreamable patches
 # namespace QT_VERSION_CHECK to workaround major/minor being pre-defined (#1396755)
@ -126,22 +112,18 @@ Patch64: qt5-qtbase-5.12.1-firebird-4.0.0.patch
 # fix for new mariadb
 Patch65: qtbase-opensource-src-5.9.0-mysql.patch
-# https://fedoraproject.org/wiki/Changes/Qt_Wayland_By_Default_On_Gnome
+Patch68: qtbase-ambiguous-python-shebang.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1732129
 Patch80: qtbase-use-wayland-on-gnome.patch
 # gcc-11
 Patch90: %{name}-gcc11.patch
 ## upstream patches
 # https://invent.kde.org/qt/qt/qtbase, kde/5.15 branch
-# git diff v5.15.9-lts-lgpl..HEAD | gzip > kde-5.15-rollup-$(date +%Y%m%d).patch.gz
+# git diff v5.15.3-lts-lgpl..HEAD | gzip > kde-5.15-rollup-$(date +%Y%m%d).patch.gz
 # patch100 in lookaside cache due to large'ish size -- rdieter
-Patch100: kde-5.15-rollup-20230411.patch.gz
+Patch100: kde-5.15-rollup-20220324.patch.gz
 # HACK to make 'fedpkg sources' consider it 'used"
-Source100: kde-5.15-rollup-20230411.patch.gz
+Source100: kde-5.15-rollup-20220324.patch.gz
 Patch101: qtbase-5.15.8-fix-missing-qtsan-include.patch
 Patch110: CVE-2023-32762-qtbase-5.15.patch
 Patch111: CVE-2023-32763-qtbase-5.15.patch
@ -152,9 +134,9 @@ Patch115: CVE-2023-38197-qtbase-5.15.patch
 Patch116: 0001-CVE-2023-51714-qtbase-5.15.patch
 Patch117: 0002-CVE-2023-51714-qtbase-5.15.patch
 Patch118: CVE-2024-25580-qtbase-5.15.patch
-
+# Fix related to CVE-2024-39936, which I think is needed to be backported
-# gating related patches
+Patch119: qtbase-h2-emit-encrypted-for-first-reply-similar-to-h1.patch
-Patch200: qtbase-disable-tests-not-working-in-gating.patch
+Patch120: CVE-2024-39936.patch
 # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
 # Those themes are there for platform integration. If the required libraries are
@ -179,8 +161,11 @@ BuildRequires: clang >= 3.7.0
 %else
 BuildRequires: gcc-c++
 %endif
 # http://bugzilla.redhat.com/1196359
 %if 0%{?fedora} || 0%{?rhel} > 6
 %global dbus -dbus-linked
 BuildRequires: pkgconfig(dbus-1)
 %endif
 BuildRequires: pkgconfig(libdrm)
 BuildRequires: pkgconfig(fontconfig)
 BuildRequires: pkgconfig(gl)
@ -194,19 +179,15 @@ BuildRequires: pkgconfig(libudev)
 BuildRequires: openssl-devel
 BuildRequires: pkgconfig(libpulse) pkgconfig(libpulse-mainloop-glib)
 BuildRequires: pkgconfig(libinput)
 BuildRequires: pkgconfig(libsystemd)
 BuildRequires: pkgconfig(xcb-xkb) >= 1.10
 BuildRequires: pkgconfig(xcb-util)
 BuildRequires: pkgconfig(xkbcommon) >= 0.4.1
 BuildRequires: pkgconfig(xkbcommon-x11) >= 0.4.1
 BuildRequires: pkgconfig(xkeyboard-config)
 %global vulkan 1
 BuildRequires: pkgconfig(vulkan)
 %if 0%{?fedora} || 0%{?rhel} > 6
 %global egl 1
 BuildRequires: libEGL-devel
 BuildRequires: pkgconfig(gbm)
 ## TODO: apparently only needed if building opengl_es2 support, do we actually use it?  -- rex
 BuildRequires: pkgconfig(glesv2)
 %global sqlite -system-sqlite
 BuildRequires: pkgconfig(sqlite3) >= 3.7
@ -225,9 +206,7 @@ BuildRequires: libicu-devel
 %endif
 BuildRequires: pkgconfig(xcb) pkgconfig(xcb-glx) pkgconfig(xcb-icccm) pkgconfig(xcb-image) pkgconfig(xcb-keysyms) pkgconfig(xcb-renderutil)
 BuildRequires: pkgconfig(zlib)
 BuildRequires: pkgconfig(libzstd)
 BuildRequires: perl-generators
 # see patch68
 BuildRequires: python3
 BuildRequires: qt5-rpm-macros
@ -245,9 +224,6 @@ Conflicts: qt < 1:4.8.6-10
 Requires(post): %{_sbindir}/update-alternatives
 Requires(postun): %{_sbindir}/update-alternatives
 %endif
 %if 0%{?qt_settings}
 Requires: qt-settings
 %endif
 Requires: %{name}-common = %{version}-%{release}
 ## Sql drivers
@ -260,7 +236,6 @@ Requires: %{name}-common = %{version}-%{release}
 # https://bugzilla.redhat.com/1458003
 # https://sourceware.org/bugzilla/show_bug.cgi?id=21074
 # reportedly fixed or worked-around, re-enable if there's evidence of problems -- rex
 # https://bugzilla.redhat.com/show_bug.cgi?id=1635973
 %global use_gold_linker -no-use-gold-linker
 %description
@ -274,12 +249,6 @@ Summary: Common files for Qt5
 # offer upgrade path for qtquick1 somewhere... may as well be here -- rex
 Obsoletes: qt5-qtquick1 < 5.9.0
 Obsoletes: qt5-qtquick1-devel < 5.9.0
 %if "%{?ibase}" == "-no-sql-ibase"
 Obsoletes: qt5-qtbase-ibase < %{version}-%{release}
 %endif
 %if "%{?tds}" == "-no-sql-tds"
 Obsoletes: qt5-qtbase-tds < %{version}-%{release}
 %endif
 Requires: %{name} = %{version}-%{release}
 BuildArch: noarch
 %description common
@ -293,9 +262,6 @@ Requires: %{name}-gui%{?_isa}
 Requires: libEGL-devel
 %endif
 Requires: pkgconfig(gl)
 %if 0%{?vulkan}
 Requires: pkgconfig(vulkan)
 %endif
 Requires: qt5-rpm-macros
 %if 0%{?use_clang}
 Requires: clang >= 3.7.0
@ -334,8 +300,10 @@ Summary: Static library files for %{name}
 Requires: %{name}-devel%{?_isa} = %{version}-%{release}
 Requires: pkgconfig(fontconfig)
 Requires: pkgconfig(glib-2.0)
 %if 0%{?fedora} || 0%{?rhel} > 7
 Requires: pkgconfig(libinput)
 Requires: pkgconfig(xkbcommon)
 %endif
 Requires: pkgconfig(zlib)
 %description static
@ -352,10 +320,10 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
 %package mysql
 Summary: MySQL driver for Qt5's SQL classes
-%if 0%{?rhel} && 0%{?rhel} < 9
+%if 0%{?fedora} > 27 || 0%{?rhel} > 7
 BuildRequires: mysql-devel
 %else
 BuildRequires: mariadb-connector-c-devel
 %else
 BuildRequires: mysql-devel
 %endif
 Requires: %{name}%{?_isa} = %{version}-%{release}
 %description mysql
@ -388,8 +356,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
 %package gui
 Summary: Qt5 GUI-related libraries
 Requires: %{name}%{?_isa} = %{version}-%{release}
-# where Recommends are supported
+%if 0%{?fedora} > 20
 %if 0%{?fedora} || 0%{?rhel} >= 8
 Recommends: mesa-dri-drivers
 %endif
 Obsoletes: qt5-qtbase-x11 < 5.2.0
@ -404,49 +371,41 @@ Qt5 libraries used for drawing widgets and OpenGL items.
 %prep
 %setup -q -n %{qt_module}-everywhere-src-%{version}
 ## dowstream patches
 %patch -P3 -p1 -b .private_api_warning
 ## upstream fixes
-%patch -P50 -p1 -b .QT_VERSION_CHECK
+# omit '-b .tell-the-truth-about-private-api' so it doesn't end up in installed files -- rdieter
-#patch -P51 -p1 -b .hidpi_scale_at_192
+%patch8 -p1
 %patch -P52 -p1 -b .moc_macros
 %patch -P53 -p1 -b .qt5gui_cmake_isystem_includes
 %patch -P54 -p1 -b .qmake_LFLAGS
 %patch -P55 -p1 -b .no_relocatable
 %patch -P56 -p1 -b .libglvnd
 %patch -P61 -p1 -b .qt5-qtbase-cxxflag
 %if 0%{?fedora} < 35
 %patch -P63 -p1 -b .firebird
 %else
 %patch -P64 -p1 -b .firebird
 %endif
 %if 0%{?fedora} > 27
 %patch -P65 -p1 -b .mysql
 %endif
-%if 0%{?fedora} > 30 || 0%{?rhel} > 9
+%patch50 -p1 -b .QT_VERSION_CHECK
-%patch -P80 -p1 -b .use-wayland-on-gnome.patch
+# FIXME/TODO : rebase or drop -- rdieter
 #patch51 -p1 -b .hidpi_scale_at_192
 %patch52 -p1 -b .moc_macros
 %patch53 -p1 -b .qt5gui_cmake_isystem_includes
 %patch54 -p1 -b .qmake_LFLAGS
 %patch55 -p1 -b .no_relocatable
 %patch56 -p1 -b .libglvnd
 %patch61 -p1 -b .qt5-qtbase-cxxflag
 %patch64 -p1 -b .firebird
 %if 0%{?fedora} > 27 || 0%{?rhel} > 7
 %patch65 -p1 -b .mysql
 %endif
 %patch68 -p1
-%patch -P90 -p1 -b .gcc11
+%patch90 -p1 -b .gcc11
 ## upstream patches
-%patch -P100 -p1
+%patch100 -p1
 %patch -P101 -p1
-%patch -P110 -p1
+%patch110 -p1
-%patch -P111 -p1
+%patch111 -p1
-%patch -P112 -p1
+%patch112 -p1
-%patch -P113 -p1
+%patch113 -p1
-%patch -P114 -p1
+%patch114 -p1
-%patch -P115 -p1
+%patch115 -p1
-%patch -P116 -p1
+%patch116 -p1
-%patch -P117 -p1
+%patch117 -p1
-%patch -P118 -p1
+%patch118 -p1
-
+%patch119 -p1
-## gating related patches
+%patch120 -p1
 %patch -P200 -p1 -b .disable-tests-not-working-in-gating
 # move some bundled libs to ensure they're not accidentally used
 pushd src/3rdparty
@ -471,7 +430,6 @@ sed -i -e "s|^#!/usr/bin/env perl$|#!%{__perl}|" \
 bin/syncqt.pl \
 mkspecs/features/data/unix/findclasslist.pl
 %build
 # QT is known not to work properly with LTO at this point.  Some of the issues
 # are being worked on upstream and disabling LTO should be re-evaluated as
@ -480,10 +438,6 @@ sed -i -e "s|^#!/usr/bin/env perl$|#!%{__perl}|" \
 # https://bugzilla.redhat.com/1900527
 %define _lto_cflags %{nil}
 ## FIXME/TODO:
 # * for %%ix86, add sse2 enabled builds for Qt5Gui, Qt5Core, QtNetwork, see also:
 #   http://anonscm.debian.org/cgit/pkg-kde/qt/qtbase.git/tree/debian/rules (234-249)
 ## adjust $RPM_OPT_FLAGS
 # remove -fexceptions
 RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fexceptions||g'`
@ -519,24 +473,22 @@ export MAKEFLAGS="%{?_smp_mflags}"
  -release \
  -shared \
  -accessibility \
-  -dbus-linked \
+  %{?dbus}%{!?dbus:-dbus-runtime} \
  %{?egl:-egl -eglfs} \
  -fontconfig \
  -glib \
  -gtk \
  %{?ibase} \
  -icu \
-  -journald \
+  %{?journald} \
  -optimized-qmake \
-  -openssl-linked \
+  %{?openssl} \
  -libproxy \
  %{!?examples:-nomake examples} \
  %{!?build_tests:-nomake tests} \
  -no-pch \
  -no-reduce-relocations \
  -no-rpath \
  -no-separate-debug-info \
  %{?no_sse2} \
  -no-strip \
  -system-libjpeg \
  -system-libpng \
@ -557,20 +509,6 @@ export MAKEFLAGS="%{?_smp_mflags}"
  QMAKE_CXXFLAGS_RELEASE="${CXXFLAGS:-$RPM_OPT_FLAGS}" \
  QMAKE_LFLAGS_RELEASE="${LDFLAGS:-$RPM_LD_FLAGS}"
 # Validate config results
 %if "%{?ibase}" != "-no-sql-ibase"
 for config_test in egl-x11 ibase ; do
 %else
 for config_test in egl-x11 ; do
 %endif
 config_result="$(grep ^cache.${config_test}.result config.cache | cut -d= -f2 | tr -d ' ')"
 if [ "${config_result}" != "true" ]; then
  echo "${config_test} detection failed"
  config_failed=1
 fi
 done
 if [ ${config_failed} -eq 1 ]; then exit 1; fi
 # ensure qmake build using optflags (which can happen if not munging qmake.conf defaults)
 make clean -C qmake
 %make_build -C qmake all binary \
@ -582,7 +520,7 @@ make clean -C qmake
 %make_build
 %if 0%{?build_tests}
-%qt5_build_tests
+make sub-tests %{?_smp_mflags} -k ||:
 %endif
 %install
@ -590,7 +528,15 @@ make install INSTALL_ROOT=%{buildroot}
 %if 0%{?build_tests}
 # Install tests for gating
-%qt5_install_tests
+mkdir -p %{buildroot}%{_qt5_libdir}/qt5
 find ./tests -not -path '*/\.*' -type d | while read LINE
 do
    mkdir -p "%{buildroot}%{_qt5_libdir}/qt5/$LINE"
 done
 find ./tests -not -path '*/\.*' -not -name '*.h' -not -name '*.cpp' -not -name '*.pro' -not -name 'uic_wrapper.sh' -not -name 'Makefile' -type f | while read LINE
 do
    cp -r --parents "$LINE" %{buildroot}%{_qt5_libdir}/qt5/
 done
 # Remove tests which will produce error when checking rpath
 rm -rf %{buildroot}%{_qt5_libdir}/qt5/tests/auto/corelib/plugin/qpluginloader/elftest
@ -624,7 +570,7 @@ translationdir=%{_qt5_translationdir}
 Name: Qt5
 Description: Qt5 Configuration
-Version: 5.15.9
+Version: 5.15.3
 EOF
 # rpm macros
@ -668,7 +614,6 @@ popd
  mkdir -p %{buildroot}%{_sysconfdir}/xdg/qtchooser
  pushd    %{buildroot}%{_sysconfdir}/xdg/qtchooser
  echo "%{_qt5_bindir}" >  5-%{__isa_bits}.conf
 ## FIXME/TODO: verify qtchooser (still) happy if _qt5_prefix uses %%_prefix instead of %%_libdir/qt5
  echo "%{_qt5_prefix}" >> 5-%{__isa_bits}.conf
  # alternatives targets
  touch default.conf 5.conf
@ -689,8 +634,6 @@ popd
 install -p -m755 -D %{SOURCE6} %{buildroot}%{_sysconfdir}/X11/xinit/xinitrc.d/10-qt5-check-opengl2.sh
 # f29+ enables sse2 unconditionally on ix86 -- rex
 %if 0%{?fedora} < 29 && 0%{?rhel} < 9
 # fix bz#1442553 multilib issue
 privat_header_file=%{buildroot}%{_qt5_headerdir}/QtCore/%{version}/QtCore/private/qconfig_p.h
 grep -v QT_FEATURE_sse2 $privat_header_file > ${privat_header_file}.me
@ -702,7 +645,6 @@ cat >>${privat_header_file}<<EOF
 #define QT_FEATURE_sse2 -1
 #endif
 EOF
 %endif
 # install privat headers for qtxcb
 mkdir -p %{buildroot}%{_qt5_headerdir}/QtXcb
@ -1030,12 +972,6 @@ fi
 %{_qt5_libdir}/libQt5EdidSupport.prl
 %{_qt5_libdir}/libQt5XkbCommonSupport.*a
 %{_qt5_libdir}/libQt5XkbCommonSupport.prl
 %if 0%{?vulkan}
 %{_qt5_headerdir}/QtVulkanSupport/
 %{_qt5_libdir}/cmake/Qt5VulkanSupport/
 %{_qt5_libdir}/libQt5VulkanSupport.*a
 %{_qt5_libdir}/libQt5VulkanSupport.prl
 %endif
 %if 0%{?examples}
 %files examples
@ -1144,344 +1080,127 @@ fi
 %changelog
-* Fri Feb 16 2024 Jan Grulich <jgrulich@redhat.com> - 5.15.9-9
+* Tue Jul 16 2024 Jan Grulich <jgrulich@redhat.com> - 5.15.3-8
 - HTTP2: Delay any communication until encrypted() can be responded to
  Resolves: RHEL-46340
 * Fri Feb 16 2024 Jan Grulich <jgrulich@redhat.com> - 5.15.3-7
 - Fix CVE-2024-25580: potential buffer overflow when reading KTX images
-  Resolves: RHEL-25726
+  Resolves: RHEL-25725
-* Thu Jan 04 2024 Jan Grulich <jgrulich@redhat.com> - 5.15.9-8
+* Thu Jan 04 2024 Jan Grulich <jgrulich@redhat.com> - 5.15.3-6
 - Fix incorrect integer overflow check in HTTP2 implementation
-  Resolves: RHEL-20239
+  Resolves: RHEL-20238
-* Fri Jul 21 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-7
+* Fri Jul 21 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.3-5
 - Fix infinite loops in QXmlStreamReader (CVE-2023-38197)
-  Resolves: bz#2222771
+  Resolves: bz#2222770
-* Fri Jun 09 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-6
+* Fri Jun 09 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.3-4
 - Don't allow remote attacker to bypass security restrictions caused by
  flaw in certificate validation (CVE-2023-34410) (version #2)
-  Resolves: bz#2212754
+  Resolves: bz#2212753
-* Tue Jun 06 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-5
+* Tue Jun 06 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.3-3
 - Don't allow remote attacker to bypass security restrictions caused by
  flaw in certificate validation (CVE-2023-34410)
-  Resolves: bz#2212754
+  Resolves: bz#2212753
-* Wed May 24 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-4
+* Wed May 24 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.3-2
 - Fix specific overflow in qtextlayout
 - Fix incorrect parsing of the strict-transport-security (HSTS) header
 - Fix buffer over-read via a crafted reply from a DNS server
-  Resolves: bz#2209492
+  Resolves: bz#2209491
 * Wed Apr 26 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-3
 - Rebuild (elfutils#2188064)
  Resolves: bz#2175727
 * Tue Apr 25 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-2
 - Disable tests failing in gating
  Resolves: bz#2175727
 * Mon Apr 17 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-1
 - 5.15.9 + sync with Fedora
  Resolves: bz#2175727
 * Thu Mar 24 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.3-1
 - 5.15.3 + sync with Fedora
-  Resolves: bz#2061354
+  Resolves: bz#2061377
  Resolves: bz#2059853
-* Mon Jan 31 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.2-29
+* Tue Oct 12 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-4
- Sync with Fedora:
+- Fix out-of-bounds write in QOutlineMapper::convertPath
-  - sync kde/5.15 branch patches
+  Resolves: bz#1996877
-  Resolves: bz#2018876
+* Wed Apr 28 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-3
 - Rebuild (binutils)
  Resolves: bz#1930040
-* Tue Dec 07 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-28
+* Thu Apr 15 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-2
- Sync with Fedora:
+- Drop apache2 test server from unit tests to drop perl(CGI) dependency
-  - sync kde/5.15 branch patches
+  Resolves: bz#1930040
-  Resolves: bz#2018876
+* Mon Mar 29 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-1
 - 5.15.2 + sync with Fedora
  Resolves: bz#1930040
-* Mon Oct 18 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-27
+* Mon Oct 05 2020 Jan Grulich <jgrulich@redhat.com> - 5.12.5-8
- Sync with Fedora:
+- Build against system xkb and openssl 1.1
-  - sync kde/5.15 branch patches
+  Resolves: bz#1882375
  - validate configure results (base, egl-x11)
-  Resolves: bz#2014991
+* Thu Sep 24 2020 Jan Grulich <jgrulich@redhat.com> - 5.12.5-7
 - Fix buffer overflow in XBM parser
  Resolves: bz#1870364
-* Wed Sep 08 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-26
+* Tue Jul 14 2020 Jan Grulich <jgrulich@redhat.com> - 5.12.5-6
- Sync with Fedora:
+- OpenSSL: handle SSL_shutdown's errors properly
-  - sync kde/5.15 branch patches
+  Resolves: bz#1851538
  - -gui: add mesa-dri-drivers soft dep for rhel8+ too
  Resolves: bz#1998959
 - Fix out-of-bound write in QOutlineMapper::converPath
  Resolves: bz#1996876
-* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 5.15.2-25
+* Mon May 11 2020 Jan Grulich <jgrulich@redhat.com> - 5.12.5-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Fix: Files placed by attacker can influence the working directory and lead to malicious code execution
-  Related: rhbz#1991688
+  Resolves: bz#1814739
  Resolves: bz#1814683
-* Fri Aug  6 2021 Florian Weimer <fweimer@redhat.com> - 5.15.2-24
+- Fix: XML entity expansion vulnerability
- Rebuild to pick up new build flags from redhat-rpm-config (#1984652)
+  Resolves: bz#1822193
-* Tue Jul 13 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-23
+* Wed Nov 27 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.5-4
- Drop BR: libproxy
+- Fix build on RHEL 7 kernel
-  Resolves: bz#1981680
+  Resolves: bz#1733135
-* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.15.2-22
+* Thu Nov 07 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.5-2
- Rebuilt for RHEL 9 BETA for openssl 3.0
+- Remove Android specific test to avoid unnecessary dependencies
-  Related: rhbz#1971065
+  Resolves: bz#1733135
-* Tue Jun 15 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-21
+* Tue Oct 29 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.5-1
- Rebuild (qt5)
+- 5.12.5 + sync with Fedora
-  Resolves: bz#1968459
+  Resolves: bz#1733135
-* Fri Jun 11 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-20
+* Wed May 22 2019 Jan Grulich <jgrulich@redhat.com> - 5.11.1-7
- Rebuild (qt5)
+- Move libQt5EglFSDeviceIntegration lib out of the -devel subpkg
-  Resolves: bz#1968459
+  Resolves: bz#1692970
-* Thu Jun 10 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-19
+- Fix QImage allocaion failure
- Let qt5_install_tests macro handle mangling python shebangs
+  Resolve: bz#1667860
  Resolves: bz#1968459
-* Wed Jun 09 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-18
+- Fix double free in QXmlStreamReader
- Add gating tests
+  Resolve: bz#1667858
  Resolves: bz#1968459
-* Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-17
+- Fix segmentation fault on malformed BMP file
- Do not use Wayland backend by default on GNOME wayland session
+  Resolve: bz#1667859
  Resolves: bz#1966425
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.15.2-16
+* Fri May 17 2019 Jan Grulich <jgrulich@redhat.com> - 5.11.1-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Create a tests subpkg with unit tests for gating
  Resolves: bz#1681889
-* Tue Mar 09 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-15
+* Mon Dec 10 2018 Jan Grulich <jgrulich@redhat.com> - 5.11.1-5
- FileChooser portal: send window id in hex
+- Rebuild to fix CET notes
  Resolves: bz#1657206
-* Fri Feb 19 2021 Rex Dieter <rdieter@fedoraproject.org> - 5.15.2-14
+* Fri Aug 17 2018 Jan Grulich <jgrulich@redhat.com> - 5.11.1-4
- %%build: explicitly pass -egl build option
+- Attempt not to hardcode ABI-tag for specific kernel version
- unconditional BR: pkgconfig(glesv2) again
+  Resolves: bz#1612434
-* Tue Feb 09 2021 Pavel Raiskup <praiskup@redhat.com> - 5.15.2-13
+* Fri Aug 03 2018 Jan Grulich <jgrulich@redhat.com> - 5.11.1-3
- rebuild all postgresql deps once more, for libpq ABI fix rhbz#1908268
+- Fix build failure with glibc
-* Mon Feb 08 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-12
+* Wed Aug 01 2018 Charalampos Stratakis <cstratak@redhat.com> - 5.11.1-2
- Use Wayland platform on GNOME for RHEL 9
+- Rebuild for platform-python
-* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 5.15.2-11
+* Wed Jun 27 2018 Jan Grulich <jgrulich@redhat.com> - 5.11.1-1
- rebuild for libpq ABI fix rhbz#1908268
+- Update to 5.11.1
-* Sat Feb 06 2021 Rex Dieter <rdieter@fedoraproject.org> - 5.15.2-10
+* Wed Jun 27 2018 Jan Grulich <jgrulich@redhat.com> - 5.10.1-7
- FTBFS: qendian.h (and qfloat16.h) missing <limits> include (QTBUG-90395)
+- Do not require qt-settings package
 - Qt build on GCC 11 (QTBUG-89977)
 * Mon Feb 01 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-9
 - Disable getentropy on RHEL
 * Fri Jan 29 2021 Jan Grulich <jgrulich@redhat.com> - 5.15.2-8
 - Disable statx and renameat2 on RHEL
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.15.2-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Sat Dec 19 2020 Rex Dieter <rdieter@fedoraproject.org> - 5.15.2-6
 - rebuild (gcc11)
 * Mon Nov 30 2020 Rex Dieter <rdieter@fedoraproject.org> - 5.15.2-5
 - re-enable vulkan support on s390x, root cause fixed
 * Sun Nov 29 2020 Rex Dieter <rdieter@fedoraproject.org> - 5.15.2-4
 - drop vulkan support on s390x (#1902449)
 * Fri Nov 27 2020 Jan Grulich <jgrulich@redhat.com> - 5.15.2-3
 - Require qt-settings only in Fedora builds
 * Mon Nov 23 2020 Rex Dieter <rdieter@fedoraproject.org> - 5.15.2-2
 - -no-reduce-relocations (#1900527)
 * Fri Nov 20 09:27:41 CET 2020 Jan Grulich <jgrulich@redhat.com> - 5.15.2-1
 - 5.15.2
 * Tue Nov 03 2020 Sandro Mani <manisandro@gmail.com> - 5.15.1-7
 - Backport upstream fix for QTBUG-86319
 * Sun Oct 18 2020 Jeff Law <law@redhat.com> - 5.15.1-6
 - Fix missing #includes for gcc-11
 * Wed Sep 30 2020 Jan Grulich <jgrulich@redhat.com> - 5.15.1-5
 - Upstream fix: Emit QScreen::geometryChanged when the logical DPI changes
 * Tue Sep 29 2020 Yaroslav Fedevych <yaroslav@fedevych.name> - 5.15.1-4
 - qt5-qtbase-devel requires vulkan headers
 * Thu Sep 17 2020 Rex Dieter <rdieter@fedoraproject.org> - 5.15.1-3
 - enable vulkan support (#1794969)
 * Thu Sep 10 2020 Rex Dieter <rdieter@fedoraproject.org> - 5.15.1-2
 - CentOS8 - numpad do not work in KDE Plasma (#1868371)
 * Thu Sep 10 2020 Jan Grulich <jgrulich@redhat.com> - 5.15.1-1
 - 5.15.1
 * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.14.2-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Wed Jul 01 2020 Jeff Law <law@redhat.com> - 5.14.2-7
 - Disable LTO
 * Mon Jun 15 2020 Rex Dieter <rdieter@fedoraproject.org> - 5.14.2-6
 - Qt5 private header packaging breaks Qt5 Cmake files (#1846613)
 * Sat May 16 2020 Pete Walter <pwalter@fedoraproject.org> - 5.14.2-5
 - Rebuild for ICU 67
 * Tue Apr 14 2020 Rex Dieter <rdieter@fedoraproject.org> - 5.14.2-4
 - backport "Mutex deadlock in QPluginLoader, Krita fails to start" (QTBUG-83207)
 * Mon Apr 13 2020 Rex Dieter <rdieter@fedoraproject.org> - 5.14.2-3
 - %%build: -no-feature-relocatable + matching patch (#1823118)
 * Wed Apr 08 2020 Than Ngo <than@redhat.com> - 5.14.2-2
 - Fixed bz#1801370 - CVE-2015-9541 XML entity expansion vulnerability via a crafted SVG document
 * Sat Apr 04 2020 Rex Dieter <rdieter@fedoraproject.org> - 5.14.2-1
 - 5.14.2
 * Sun Mar 22 2020 Robert-André Mauchin <zebob.m@gmail.com> - 5.13.2-4
 - Upstream patch to add support for PostgreSQL 12 (#1815921)
 * Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.13.2-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Mon Jan 20 2020 Than Ngo <than@redhat.com> - 5.13.2-2
 - upstream patches fix following issues:
    Do-not-load-plugin-from-the-PWD
    QLibrary-Unix-do-not-attempt-to-load-a-library-relat
 * Mon Dec 09 2019 Jan Grulich <jgrulich@redhat.com> - 5.13.2-1
 - 5.13.2
 * Fri Nov 01 2019 Pete Walter <pwalter@fedoraproject.org> - 5.12.5-2
 - Rebuild for ICU 65
 * Tue Sep 24 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.5-1
 - 5.12.5
 * Wed Aug 21 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.12.4-7
 - s/pkgconfig(egl)/libEGL-devel/
 * Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.12.4-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Tue Jul 23 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.4-5
 - Use qtwayland by default on Gnome Wayland sessions
  Resolves: bz#1732129
 * Mon Jul 15 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.4-4
 - Revert "Reset QWidget's winId when backing window surface is destroyed"
 * Fri Jun 28 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.12.4-3
 - omit QTBUG-73231 patch fix, appears to introduce incompatible symbols
 * Wed Jun 26 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.12.4-2
 - pull in some upstream crash fixes
 * Fri Jun 14 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.4-1
 - 5.12.4
 * Wed Jun 12 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.12.3-2
 - pull in candidate upstream nvidia/optima fix (kde#406180)
 * Tue Jun 04 2019 Jan Grulich <jgrulich@redhat.com> - 5.12.3-1
 - 5.12.3
 * Fri May 10 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.12.1-7
 - Fix install targets for generated private headers (#1702858)
 * Wed May 08 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.12.1-6
 - Blacklist nouveau and llvmpipe for multithreading (#1706420)
 - drop BR: pkgconfig(glesv2) on f31+, no longer provided in mesa-19.1+
 * Thu May 02 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.12.1-5
 - keep mkspecs/modules/*_private.pri in -devel #1705280)
 * Tue Apr 30 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.12.1-4
 - CMake generates wrong -isystem /usr/include compilations flags with Qt5::Gui (#1704474)
 * Tue Apr 30 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.12.1-3
 - -private-devel subpkg, move Requires: cups-devel here
 * Mon Mar 04 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.12.1-2
 - -devel: Requires: cups-devel
 * Thu Feb 14 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.12.1-1
 - 5.12.1
 * Wed Feb 13 2019 Than Ngo <than@redhat.com> - 5.11.3-4
 - fixed build issue with gcc9
 * Sun Feb 03 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.11.3-3
 - disable renameat2/statx feature on < f30 (#1668865)
 * Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.11.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Fri Dec 07 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.11.3-1
 - 5.11.3
 * Thu Oct 25 2018 Than Ngo <than@redhat.com> - 5.11.2-3
 - backported patch to fix selection rendering issues if rounding leads to left-out pixels
 - backported patch to optimize insertionPointsForLine
 * Thu Oct 11 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.11.2-2
 - -no-use-gold-linker (#1635973)
 * Fri Sep 21 2018 Jan Grulich <jgrulich@redhat.com> - 5.11.2-1
 - 5.11.2
 * Thu Jul 26 2018 Than Ngo <than@redhat.com> - 5.11.1-7
 - fixed FTBFS
 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.11.1-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Tue Jul 10 2018 Pete Walter <pwalter@fedoraproject.org> - 5.11.1-5
 - Rebuild for ICU 62
 * Mon Jul 02 2018 Than Ngo <than@redhat.com> - 5.11.1-4
 - fixed bz#1597110 - BRP mangle shebangs and calculation of provides should ignore backups files
 * Fri Jun 29 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.11.1-3
 - apply sse2-related multilib hack on < f29 only
 - safer %%_qt5_prefix, %%qt5_archdatadir ownership
 - rebuild for %%_qt5_prefix = %%_prefix
 * Sat Jun 23 2018 Than Ngo <than@redhat.com> - 5.11.1-2
 - fixed #1592146, python3
 * Tue Jun 19 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.11.1-1
 - 5.11.1
 - relax qt5-rpm-macros dep
 - drop workaround for QTBUG-37417
 - drop CMake-Restore-qt5_use_modules-function.patch (upstreamed)
 * Mon Jun 18 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.11.0-3
 - backport CMake-Restore-qt5_use_modules-function.patch
 - %%build: %%ix86 --no-sse2 on < f29 only
 * Wed May 30 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.11.0-2
 - move libQt5EglFSDeviceIntegration to -gui (#1557223)
 * Tue May 22 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.11.0-1
 - 5.11.0
 - drop support for inject_optflags (not used since f23)
 * Mon Apr 30 2018 Pete Walter <pwalter@fedoraproject.org> - 5.10.1-8
 - Rebuild for ICU 61.1
 * Thu Mar 08 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.10.1-7
 - enforce qt5-rpm-macros versioning
 - BR: gcc-c++
 - Qt5.pc: fix version, add %%check
 * Fri Feb 23 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.10.1-6
 - qt5-qtbase: RPM build flags only partially injected (#1543888)
`@ -1,2 +1,2 @@`
	`SOURCES/kde-5.15-rollup-20230411.patch.gz`	`SOURCES/kde-5.15-rollup-20220324.patch.gz`
	`SOURCES/qtbase-everywhere-opensource-src-5.15.9.tar.xz`	`SOURCES/qtbase-everywhere-opensource-src-5.15.3.tar.xz`
`@ -1,2 +1,2 @@`
	`677b605bf6033bdfa84a676096ec6e77da6e844d SOURCES/kde-5.15-rollup-20230411.patch.gz`	`981f5fbeb315c2e4adc122cee944368598466b67 SOURCES/kde-5.15-rollup-20220324.patch.gz`
	`a5bbeafa6319cd3e666b12ccc722a357de7230be SOURCES/qtbase-everywhere-opensource-src-5.15.9.tar.xz`	`d7383126e1f412ef26096692b9e50a1887eb11f7 SOURCES/qtbase-everywhere-opensource-src-5.15.3.tar.xz`