diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000000000000000000000000000000000000..05a0e946187b8160d0c54c23a9f8100f44e0f43b
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.xz filter=lfs diff=lfs merge=lfs -text
diff --git a/.lfsconfig b/.lfsconfig
new file mode 100644
index 0000000000000000000000000000000000000000..03e91334a333601eb9636b6a2f44ee41b0026296
--- /dev/null
+++ b/.lfsconfig
@@ -0,0 +1,2 @@
+[lfs]
+	url = https://artlfs.openeuler.openatom.cn/src-openEuler/qt5-qtbase
diff --git a/CVE-2025-30348.patch b/CVE-2025-30348.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bbc001a77d408c2982bee33e8b4e5e7be9b8c9f2
--- /dev/null
+++ b/CVE-2025-30348.patch
@@ -0,0 +1,156 @@
+From 16918c1df3e709df2a97281e3825d94c84edb668 Mon Sep 17 00:00:00 2001
+From: Christian Ehrlicher <ch.ehrlicher@gmx.de>
+Date: Tue, 06 Aug 2024 22:39:44 +0200
+Subject: [PATCH] XML/QDom: speedup encodeText()
+
+The code copied the whole string, then replaced parts inline, at
+the cost of relocating everything beyond, at each replacement.
+Instead, copy character by character (in chunks where possible)
+and append replacements as we skip what they replace.
+
+Manual conflict resolution for 6.5:
+- This is a manual cherry-pick. The original change was only
+  picked to 6.8, but the quadratic behavior is present in Qt 5, too.
+- Changed Task-number to Fixes: because this is the real fix;
+  the QString change, 315210de916d060c044c01e53ff249d676122b1b,
+  was unrelated to the original QTBUG-127549.
+
+Manual conflcit resolution for 5.15:
+- Kept/re-added QTextCodec::canEncode() check
+- Ported from Qt 6 to 5, to wit:
+  - qsizetype -> int
+  - QStringView::first/sliced(n) -> left/mid(n)
+    (these functions are clearly called in-range, so the widened
+    contract of the Qt 5 functions doesn't matter)
+- Ported from C++17- and C++14-isms to C++11:
+  - replaced polymorphic lambda with a normal one (this requires
+    rewriting the !canEncode() branch to use QByteArray/QLatin1String
+    instead of QString)
+- As a drive-by, corrected the indentation of the case labels to
+  horizontally align existing code (and follow Qt style)
+
+Fixes: QTBUG-127549
+Change-Id: I368482859ed0c4127f1eec2919183711b5488ada
+Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
+(cherry picked from commit 2ce08e3671b8d18b0284447e5908ce15e6e8f80f)
+Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
+(cherry picked from commit 225e235cf966a44af23dbe9aaaa2fd20ab6430ee)
+Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
+(cherry picked from commit 905a5bd421efff6a1d90b6140500d134d32ca745)
+---
+
+diff --git a/src/xml/dom/qdom.cpp b/src/xml/dom/qdom.cpp
+index 872221c..bf70477 100644
+--- a/src/xml/dom/qdom.cpp
++++ b/src/xml/dom/qdom.cpp
+@@ -3676,59 +3676,67 @@
+     const QTextCodec *const codec = s.codec();
+     Q_ASSERT(codec);
+ #endif
+-    QString retval(str);
+-    int len = retval.length();
+-    int i = 0;
++    QString retval;
++    int start = 0;
++    auto appendToOutput = [&](int cur, QLatin1String replacement)
++    {
++        if (start < cur) {
++            retval.reserve(str.size() + replacement.size());
++            retval.append(QStringView(str).left(cur).mid(start));
++        }
++        // Skip over str[cur], replaced by replacement
++        start = cur + 1;
++        retval.append(replacement);
++    };
+ 
+-    while (i < len) {
+-        const QChar ati(retval.at(i));
+-
+-        if (ati == QLatin1Char('<')) {
+-            retval.replace(i, 1, QLatin1String("&lt;"));
+-            len += 3;
+-            i += 4;
+-        } else if (encodeQuotes && (ati == QLatin1Char('"'))) {
+-            retval.replace(i, 1, QLatin1String("&quot;"));
+-            len += 5;
+-            i += 6;
+-        } else if (ati == QLatin1Char('&')) {
+-            retval.replace(i, 1, QLatin1String("&amp;"));
+-            len += 4;
+-            i += 5;
+-        } else if (ati == QLatin1Char('>') && i >= 2 && retval[i - 1] == QLatin1Char(']') && retval[i - 2] == QLatin1Char(']')) {
+-            retval.replace(i, 1, QLatin1String("&gt;"));
+-            len += 3;
+-            i += 4;
+-        } else if (performAVN &&
+-                   (ati == QChar(0xA) ||
+-                    ati == QChar(0xD) ||
+-                    ati == QChar(0x9))) {
+-            const QString replacement(QLatin1String("&#x") + QString::number(ati.unicode(), 16) + QLatin1Char(';'));
+-            retval.replace(i, 1, replacement);
+-            i += replacement.length();
+-            len += replacement.length() - 1;
+-        } else if (encodeEOLs && ati == QChar(0xD)) {
+-            retval.replace(i, 1, QLatin1String("&#xd;")); // Replace a single 0xD with a ref for 0xD
+-            len += 4;
+-            i += 5;
+-        } else {
++    const int len = str.size();
++    for (int cur = 0; cur < len; ++cur) {
++        switch (const char16_t ati = str[cur].unicode()) {
++        case u'<':
++            appendToOutput(cur, QLatin1String("&lt;"));
++            break;
++        case u'"':
++            if (encodeQuotes)
++                appendToOutput(cur, QLatin1String("&quot;"));
++            break;
++        case u'&':
++            appendToOutput(cur, QLatin1String("&amp;"));
++            break;
++        case u'>':
++            if (cur >= 2 && str[cur - 1] == u']' && str[cur - 2] == u']')
++                appendToOutput(cur, QLatin1String("&gt;"));
++            break;
++        case u'\r':
++            if (performAVN || encodeEOLs)
++                appendToOutput(cur, QLatin1String("&#xd;"));    // \r == 0x0d
++            break;
++        case u'\n':
++            if (performAVN)
++                appendToOutput(cur, QLatin1String("&#xa;"));    // \n == 0x0a
++            break;
++        case u'\t':
++            if (performAVN)
++                appendToOutput(cur, QLatin1String("&#x9;"));    // \t == 0x09
++            break;
++        default:
+ #if QT_CONFIG(textcodec)
+             if(codec->canEncode(ati))
+-                ++i;
++                ; // continue
+             else
+ #endif
+             {
+                 // We have to use a character reference to get it through.
+-                const ushort codepoint(ati.unicode());
+-                const QString replacement(QLatin1String("&#x") + QString::number(codepoint, 16) + QLatin1Char(';'));
+-                retval.replace(i, 1, replacement);
+-                i += replacement.length();
+-                len += replacement.length() - 1;
++                const QByteArray replacement = "&#x" + QByteArray::number(uint{ati}, 16) + ';';
++                appendToOutput(cur, QLatin1String{replacement});
+             }
++            break;
+         }
+     }
+-
+-    return retval;
++    if (start > 0) {
++        retval.append(QStringView(str).left(len).mid(start));
++        return retval;
++    }
++    return str;
+ }
+ 
+ void QDomAttrPrivate::save(QTextStream& s, int, int) const
diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index 5eb3091a8aab8bbe1ac4300ea967317414450ff8..c8473ac9099bfa741125e7eb19b69434c082ce91 100644
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -34,7 +34,7 @@ BuildRequires:    pkgconfig(libsystemd)
 Name:             qt5-qtbase
 Summary:          Qt5 - QtBase components
 Version:          5.15.2
-Release:          16
+Release:          17
 
 
 # See LGPL_EXCEPTIONS.txt, for exception details
@@ -134,6 +134,7 @@ Patch1000:        1000-add-loongarch64-support-for-syscall_fork.patch
 Patch1001:        1001-add-sw_64-support-for-syscall_fork.patch
 Patch1002:        qtbase5.15-CVE-2023-51714.patch
 Patch1003:        CVE-2023-45935.patch
+Patch1004:        CVE-2025-30348.patch
 
 # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
 # Those themes are there for platform integration. If the required libraries are
@@ -362,50 +363,7 @@ Qt5 libraries used for drawing widgets and OpenGL items.
 
 
 %prep
-%setup -q -n %{qt_module}-everywhere-src-%{version}
-
-## upstream fixes
-
-# omit '-b .tell-the-truth-about-private-api' so it doesn't end up in installed files -- rdieter
-%patch0001 -p1
-
-%patch0002 -p1 -b .QT_VERSION_CHECK
-# FIXME/TODO : rebase or drop -- rdieter
-#patch51 -p1 -b .hidpi_scale_at_192
-%patch0004 -p1 -b .moc_macros
-%patch0005 -p1 -b .qt5gui_cmake_isystem_includes
-%patch0006 -p1 -b .qmake_LFLAGS
-%patch0007 -p1 -b .no_relocatable
-%patch0008 -p1 -b .qt5-qtbase-cxxflag
-%patch0009 -p1 -b .firebird
-%patch0010 -p1 -b .mysql
-%patch0011 -p1
-%patch0012 -p1 -b .use-wayland-on-gnome.patch
-%patch0013 -p1 -b .gcc11
-
-## upstream patches
-%patch0014 -p1 -b .QTBUG-90395
-%patch0015 -p1 -b .QTBUG-89977
-%patch0017 -p1 -b .QTBUG-91909
-%patch0018 -p1
-%patch0019 -p1
-%patch0020 -p1
-%patch0021 -p1
-%patch0022 -p1
-%patch0023 -p1
-%patch0024 -p1
-%patch0025 -p1
-%patch0026 -p1
-%patch0027 -p1
-%patch0028 -p1
-%patch0029 -p1
-%patch0030 -p1
-%patch0031 -p1
-%patch0032 -p1
-%patch1000 -p1
-%patch1001 -p1
-%patch1002 -p1
-%patch1003 -p1
+%autosetup -p1 -n %{qt_module}-everywhere-src-%{version}
 
 # move some bundled libs to ensure they're not accidentally used
 pushd src/3rdparty
@@ -1048,6 +1006,9 @@ fi
 
 
 %changelog
+* Wed Apr 02 2025 Funda Wang <fundawang@yeah.net> - 5.15.2-17
+- fix CVE-2025-30348
+
 * Wed Apr 24 2024 lvfei <lvfei@kylinos.cn> - 5.15.2-16
 - Fix CVE-2023-45935
 
diff --git a/qtbase-everywhere-src-5.15.2.tar.xz b/qtbase-everywhere-src-5.15.2.tar.xz
index ce7477b11ce7c3c5b170945b84817bf5b4719f7b..7163f211a6d9a18517d4611d31aa20839576de90 100644
Binary files a/qtbase-everywhere-src-5.15.2.tar.xz and b/qtbase-everywhere-src-5.15.2.tar.xz differ