diff --git a/CVE-2023-24607.patch b/CVE-2023-24607.patch new file mode 100644 index 0000000000000000000000000000000000000000..6d2069f58c799e65637c9501af7db48cfd474ba5 --- /dev/null +++ b/CVE-2023-24607.patch @@ -0,0 +1,336 @@ + src/plugins/sqldrivers/odbc/qsql_odbc.cpp | 210 ++++++++++++---------- + 1 file changed, 120 insertions(+), 90 deletions(-) + +diff --git a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +index 547eb204..8d7ce3e3 100644 +--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp ++++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +@@ -91,23 +91,39 @@ inline static QString fromSQLTCHAR(const QVarLengthArray& input, int s + return result; + } + ++template ++void toSQLTCHARImpl(QVarLengthArray &result, const QString &input); // primary template undefined ++ ++template ++void do_append(QVarLengthArray &result, const Container &c) ++{ ++ result.append(reinterpret_cast(c.data()), c.size()); ++} ++ ++template <> ++void toSQLTCHARImpl<1>(QVarLengthArray &result, const QString &input) ++{ ++ const auto u8 = input.toUtf8(); ++ do_append(result, u8); ++} ++ ++template <> ++void toSQLTCHARImpl<2>(QVarLengthArray &result, const QString &input) ++{ ++ do_append(result, input); ++} ++ ++template <> ++void toSQLTCHARImpl<4>(QVarLengthArray &result, const QString &input) ++{ ++ const auto u32 = input.toUcs4(); ++ do_append(result, u32); ++} ++ + inline static QVarLengthArray toSQLTCHAR(const QString &input) + { + QVarLengthArray result; +- result.resize(input.size()); +- switch(sizeof(SQLTCHAR)) { +- case 1: +- memcpy(result.data(), input.toUtf8().data(), input.size()); +- break; +- case 2: +- memcpy(result.data(), input.unicode(), input.size() * 2); +- break; +- case 4: +- memcpy(result.data(), input.toUcs4().data(), input.size() * 4); +- break; +- default: +- qCritical("sizeof(SQLTCHAR) is %d. Don't know how to handle this.", int(sizeof(SQLTCHAR))); +- } ++ toSQLTCHARImpl(result, input); + result.append(0); // make sure it's null terminated, doesn't matter if it already is, it does if it isn't. + return result; + } +@@ -768,6 +784,14 @@ QChar QODBCDriverPrivate::quoteChar() + return quote; + } + ++static SQLRETURN qt_string_SQLSetConnectAttr(SQLHDBC handle, SQLINTEGER attr, const QString &val) ++{ ++ auto encoded = toSQLTCHAR(val); ++ return SQLSetConnectAttr(handle, attr, ++ encoded.data(), ++ SQLINTEGER(encoded.size() * sizeof(SQLTCHAR))); // size in bytes ++} ++ + + bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) + { +@@ -803,10 +826,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) + v = val.toUInt(); + r = SQLSetConnectAttr(hDbc, SQL_ATTR_LOGIN_TIMEOUT, (SQLPOINTER) size_t(v), 0); + } else if (opt.toUpper() == QLatin1String("SQL_ATTR_CURRENT_CATALOG")) { +- val.utf16(); // 0 terminate +- r = SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG, +- toSQLTCHAR(val).data(), +- val.length()*sizeof(SQLTCHAR)); ++ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG, val); + } else if (opt.toUpper() == QLatin1String("SQL_ATTR_METADATA_ID")) { + if (val.toUpper() == QLatin1String("SQL_TRUE")) { + v = SQL_TRUE; +@@ -821,10 +841,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) + v = val.toUInt(); + r = SQLSetConnectAttr(hDbc, SQL_ATTR_PACKET_SIZE, (SQLPOINTER) size_t(v), 0); + } else if (opt.toUpper() == QLatin1String("SQL_ATTR_TRACEFILE")) { +- val.utf16(); // 0 terminate +- r = SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, +- toSQLTCHAR(val).data(), +- val.length()*sizeof(SQLTCHAR)); ++ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, val); + } else if (opt.toUpper() == QLatin1String("SQL_ATTR_TRACE")) { + if (val.toUpper() == QLatin1String("SQL_OPT_TRACE_OFF")) { + v = SQL_OPT_TRACE_OFF; +@@ -1027,9 +1044,13 @@ bool QODBCResult::reset (const QString& query) + return false; + } + +- r = SQLExecDirect(d->hStmt, +- toSQLTCHAR(query).data(), +- (SQLINTEGER) query.length()); ++ { ++ auto encoded = toSQLTCHAR(query); ++ r = SQLExecDirect(d->hStmt, ++ encoded.data(), ++ SQLINTEGER(encoded.size())); ++ } ++ + if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO && r!= SQL_NO_DATA) { + setLastError(qMakeError(QCoreApplication::translate("QODBCResult", + "Unable to execute statement"), QSqlError::StatementError, d)); +@@ -1375,9 +1396,12 @@ bool QODBCResult::prepare(const QString& query) + return false; + } + +- r = SQLPrepare(d->hStmt, +- toSQLTCHAR(query).data(), +- (SQLINTEGER) query.length()); ++ { ++ auto encoded = toSQLTCHAR(query); ++ r = SQLPrepare(d->hStmt, ++ encoded.data(), ++ SQLINTEGER(encoded.size())); ++ } + + if (r != SQL_SUCCESS) { + setLastError(qMakeError(QCoreApplication::translate("QODBCResult", +@@ -1405,7 +1429,7 @@ bool QODBCResult::exec() + SQLCloseCursor(d->hStmt); + + QVector& values = boundValues(); +- QVector tmpStorage(values.count(), QByteArray()); // holds temporary buffers ++ QVector tmpStorage(values.count(), QByteArray()); // targets for SQLBindParameter() + QVarLengthArray indicators(values.count()); + memset(indicators.data(), 0, indicators.size() * sizeof(SQLLEN)); + +@@ -1582,35 +1606,36 @@ bool QODBCResult::exec() + case QVariant::String: + if (d->unicode) { + QByteArray &ba = tmpStorage[i]; +- QString str = val.toString(); ++ { ++ const auto encoded = toSQLTCHAR(val.toString()); ++ ba = QByteArray(reinterpret_cast(encoded.data()), ++ encoded.size() * sizeof(SQLTCHAR)); ++ } ++ + if (*ind != SQL_NULL_DATA) +- *ind = str.length() * sizeof(SQLTCHAR); +- int strSize = str.length() * sizeof(SQLTCHAR); ++ *ind = ba.size(); + + if (bindValueType(i) & QSql::Out) { +- const QVarLengthArray a(toSQLTCHAR(str)); +- ba = QByteArray((const char *)a.constData(), a.size() * sizeof(SQLTCHAR)); + r = SQLBindParameter(d->hStmt, + i + 1, + qParamType[bindValueType(i) & QSql::InOut], + SQL_C_TCHAR, +- strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, ++ ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, + 0, // god knows... don't change this! + 0, +- ba.data(), ++ const_cast(ba.constData()), // don't detach + ba.size(), + ind); + break; + } +- ba = QByteArray ((const char *)toSQLTCHAR(str).constData(), str.size()*sizeof(SQLTCHAR)); + r = SQLBindParameter(d->hStmt, + i + 1, + qParamType[bindValueType(i) & QSql::InOut], + SQL_C_TCHAR, +- strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, +- strSize, ++ ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, ++ ba.size(), + 0, +- const_cast(ba.constData()), ++ const_cast(ba.constData()), // don't detach + ba.size(), + ind); + break; +@@ -1718,10 +1743,11 @@ bool QODBCResult::exec() + case QVariant::String: + if (d->unicode) { + if (bindValueType(i) & QSql::Out) { +- const QByteArray &first = tmpStorage.at(i); +- QVarLengthArray array; +- array.append((const SQLTCHAR *)first.constData(), first.size()); +- values[i] = fromSQLTCHAR(array, first.size()/sizeof(SQLTCHAR)); ++ const QByteArray &bytes = tmpStorage.at(i); ++ const auto strSize = bytes.size() / int(sizeof(SQLTCHAR)); ++ QVarLengthArray string(strSize); ++ memcpy(string.data(), bytes.data(), strSize * sizeof(SQLTCHAR)); ++ values[i] = fromSQLTCHAR(string); + } + break; + } +@@ -1968,14 +1993,16 @@ bool QODBCDriver::open(const QString & db, + SQLSMALLINT cb; + QVarLengthArray connOut(1024); + memset(connOut.data(), 0, connOut.size() * sizeof(SQLTCHAR)); +- r = SQLDriverConnect(d->hDbc, +- NULL, +- toSQLTCHAR(connQStr).data(), +- (SQLSMALLINT)connQStr.length(), +- connOut.data(), +- 1024, +- &cb, +- /*SQL_DRIVER_NOPROMPT*/0); ++ { ++ auto encoded = toSQLTCHAR(connQStr); ++ r = SQLDriverConnect(d->hDbc, ++ nullptr, ++ encoded.data(), SQLSMALLINT(encoded.size()), ++ connOut.data(), ++ 1024, ++ &cb, ++ /*SQL_DRIVER_NOPROMPT*/0); ++ } + + if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO) { + setLastError(qMakeError(tr("Unable to connect"), QSqlError::ConnectionError, d)); +@@ -2354,17 +2381,15 @@ QStringList QODBCDriver::tables(QSql::TableType type) const + if (tableType.isEmpty()) + return tl; + +- QString joinedTableTypeString = tableType.join(QLatin1Char(',')); ++ { ++ auto joinedTableTypeString = toSQLTCHAR(tableType.join(u',')); + +- r = SQLTables(hStmt, +- NULL, +- 0, +- NULL, +- 0, +- NULL, +- 0, +- toSQLTCHAR(joinedTableTypeString).data(), +- joinedTableTypeString.length() /* characters, not bytes */); ++ r = SQLTables(hStmt, ++ nullptr, 0, ++ nullptr, 0, ++ nullptr, 0, ++ joinedTableTypeString.data(), joinedTableTypeString.size()); ++ } + + if (r != SQL_SUCCESS) + qSqlWarning(QLatin1String("QODBCDriver::tables Unable to execute table list"), d); +@@ -2438,28 +2463,30 @@ QSqlIndex QODBCDriver::primaryIndex(const QString& tablename) const + SQL_ATTR_CURSOR_TYPE, + (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, + SQL_IS_UINTEGER); +- r = SQLPrimaryKeys(hStmt, +- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), +- catalog.length(), +- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), +- schema.length(), +- toSQLTCHAR(table).data(), +- table.length() /* in characters, not in bytes */); ++ { ++ auto c = toSQLTCHAR(catalog); ++ auto s = toSQLTCHAR(schema); ++ auto t = toSQLTCHAR(table); ++ r = SQLPrimaryKeys(hStmt, ++ catalog.isEmpty() ? nullptr : c.data(), c.size(), ++ schema.isEmpty() ? nullptr : s.data(), s.size(), ++ t.data(), t.size()); ++ } + + // if the SQLPrimaryKeys() call does not succeed (e.g the driver + // does not support it) - try an alternative method to get hold of + // the primary index (e.g MS Access and FoxPro) + if (r != SQL_SUCCESS) { +- r = SQLSpecialColumns(hStmt, +- SQL_BEST_ROWID, +- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), +- catalog.length(), +- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), +- schema.length(), +- toSQLTCHAR(table).data(), +- table.length(), +- SQL_SCOPE_CURROW, +- SQL_NULLABLE); ++ auto c = toSQLTCHAR(catalog); ++ auto s = toSQLTCHAR(schema); ++ auto t = toSQLTCHAR(table); ++ r = SQLSpecialColumns(hStmt, ++ SQL_BEST_ROWID, ++ catalog.isEmpty() ? nullptr : c.data(), c.size(), ++ schema.isEmpty() ? nullptr : s.data(), s.size(), ++ t.data(), t.size(), ++ SQL_SCOPE_CURROW, ++ SQL_NULLABLE); + + if (r != SQL_SUCCESS) { + qSqlWarning(QLatin1String("QODBCDriver::primaryIndex: Unable to execute primary key list"), d); +@@ -2540,15 +2567,18 @@ QSqlRecord QODBCDriver::record(const QString& tablename) const + SQL_ATTR_CURSOR_TYPE, + (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, + SQL_IS_UINTEGER); +- r = SQLColumns(hStmt, +- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), +- catalog.length(), +- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), +- schema.length(), +- toSQLTCHAR(table).data(), +- table.length(), +- NULL, +- 0); ++ { ++ auto c = toSQLTCHAR(catalog); ++ auto s = toSQLTCHAR(schema); ++ auto t = toSQLTCHAR(table); ++ r = SQLColumns(hStmt, ++ catalog.isEmpty() ? nullptr : c.data(), c.size(), ++ schema.isEmpty() ? nullptr : s.data(), s.size(), ++ t.data(), t.size(), ++ nullptr, ++ 0); ++ } ++ + if (r != SQL_SUCCESS) + qSqlWarning(QLatin1String("QODBCDriver::record: Unable to execute column list"), d); + +-- +2.39.1 + diff --git a/qt5-qtbase-Add-sw64-architecture.patch b/qt5-qtbase-Add-sw64-architecture.patch new file mode 100644 index 0000000000000000000000000000000000000000..7bbe54c342c94b575566cfaca837e86f7d44d0fa --- /dev/null +++ b/qt5-qtbase-Add-sw64-architecture.patch @@ -0,0 +1,141 @@ +From 2d5384cdea1303e20c3c7f69b24703b4a2ad91b0 Mon Sep 17 00:00:00 2001 +From: wuzx +Date: Fri, 18 Nov 2022 01:17:49 +0800 +Subject: [PATCH] Add sw64 architecture + +Signed-off-by: wuzx +--- + .../include/double-conversion/utils.h | 2 +- + src/3rdparty/sha3/brg_endian.h | 1 + + src/corelib/global/qprocessordetection.h | 3 +- + src/corelib/io/qfilesystemwatcher_inotify.cpp | 4 +++ + src/gui/image/qimage.cpp | 4 +++ + src/testlib/3rdparty/cycle_p.h | 36 +++++++++++++++++++ + 6 files changed, 48 insertions(+), 2 deletions(-) + +diff --git a/src/3rdparty/double-conversion/include/double-conversion/utils.h b/src/3rdparty/double-conversion/include/double-conversion/utils.h +index 70e697ca..1524e931 100644 +--- a/src/3rdparty/double-conversion/include/double-conversion/utils.h ++++ b/src/3rdparty/double-conversion/include/double-conversion/utils.h +@@ -97,7 +97,7 @@ int main(int argc, char** argv) { + defined(__powerpc__) || defined(__ppc__) || defined(__ppc64__) || \ + defined(_POWER) || defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ + defined(__sparc__) || defined(__sparc) || defined(__s390__) || \ +- defined(__SH4__) || defined(__alpha__) || \ ++ defined(__SH4__) || defined(__alpha__) || defined(__sw_64__) || \ + defined(_MIPS_ARCH_MIPS32R2) || defined(__ARMEB__) ||\ + defined(__AARCH64EL__) || defined(__aarch64__) || defined(__AARCH64EB__) || \ + defined(__riscv) || \ +diff --git a/src/3rdparty/sha3/brg_endian.h b/src/3rdparty/sha3/brg_endian.h +index 9bb306e6..e3907596 100644 +--- a/src/3rdparty/sha3/brg_endian.h ++++ b/src/3rdparty/sha3/brg_endian.h +@@ -105,6 +105,7 @@ Changes for ARM 9/9/2010 [Downstream relative to Gladman's GitHub, upstream to Q + #if !defined(PLATFORM_BYTE_ORDER) + + #if defined( __alpha__ ) || defined( __alpha ) || defined( i386 ) || \ ++#if defined( __sw_64__ ) || defined( __sw_64 ) || \ + defined( __i386__ ) || defined( _M_I86 ) || defined( _M_IX86 ) || \ + defined( __OS2__ ) || defined( sun386 ) || defined( __TURBOC__ ) || \ + defined( vax ) || defined( vms ) || defined( VMS ) || \ +diff --git a/src/corelib/global/qprocessordetection.h b/src/corelib/global/qprocessordetection.h +index 8d657208..20c9650d 100644 +--- a/src/corelib/global/qprocessordetection.h ++++ b/src/corelib/global/qprocessordetection.h +@@ -87,7 +87,8 @@ + // #elif defined(__alpha__) || defined(_M_ALPHA) + // # define Q_PROCESSOR_ALPHA + // Q_BYTE_ORDER not defined, use endianness auto-detection +- ++//#elif defined(__sw_64__) || defined(_M_SW_64) ++//# define Q_PROCESSOR_SW_64 + /* + ARM family, known revisions: V5, V6, V7, V8 + +diff --git a/src/corelib/io/qfilesystemwatcher_inotify.cpp b/src/corelib/io/qfilesystemwatcher_inotify.cpp +index 94d9d06b..38b1e7e4 100644 +--- a/src/corelib/io/qfilesystemwatcher_inotify.cpp ++++ b/src/corelib/io/qfilesystemwatcher_inotify.cpp +@@ -91,6 +91,10 @@ + # define __NR_inotify_add_watch 285 + # define __NR_inotify_rm_watch 286 + # define __NR_inotify_init1 324 ++#elif defined (__sw_64__) ++# define __NR_inotify_init 444 ++# define __NR_inotify_add_watch 445 ++# define __NR_inotify_rm_watch 446 + #elif defined (__alpha__) + # define __NR_inotify_init 444 + # define __NR_inotify_add_watch 445 +diff --git a/src/gui/image/qimage.cpp b/src/gui/image/qimage.cpp +index ced5a505..c1096f45 100644 +--- a/src/gui/image/qimage.cpp ++++ b/src/gui/image/qimage.cpp +@@ -83,6 +83,10 @@ static inline bool isLocked(QImageData *data) + return data != nullptr && data->is_locked; + } + ++#if defined(Q_CC_DEC) && defined(__sw_64) && (__DECCXX_VER-0 >= 50190001) ++#pragma message disable narrowptr ++#endif ++ + #if defined(Q_CC_DEC) && defined(__alpha) && (__DECCXX_VER-0 >= 50190001) + #pragma message disable narrowptr + #endif +diff --git a/src/testlib/3rdparty/cycle_p.h b/src/testlib/3rdparty/cycle_p.h +index 95e741a8..5577b873 100644 +--- a/src/testlib/3rdparty/cycle_p.h ++++ b/src/testlib/3rdparty/cycle_p.h +@@ -405,6 +405,26 @@ INLINE_ELAPSED(__inline__) + + #define HAVE_TICK_COUNTER + #endif ++/*----------------------------------------------------------------*/ ++#if defined(__GNUC__) && defined(__sw_64__) && !defined(HAVE_TICK_COUNTER) ++/* ++ * The 32-bit cycle counter on sw_64 overflows pretty quickly, ++ * unfortunately. A 1GHz machine overflows in 4 seconds. ++ */ ++typedef unsigned int CycleCounterTicks; ++ ++static __inline__ CycleCounterTicks getticks(void) ++{ ++ unsigned long cc; ++ __asm__ __volatile__ ("rtc %0" : "=r"(cc)); ++ return (cc & 0xFFFFFFFF); ++} ++ ++INLINE_ELAPSED(__inline__) ++ ++#define HAVE_TICK_COUNTER ++#endif ++ + /*----------------------------------------------------------------*/ + #if defined(__GNUC__) && defined(__alpha__) && !defined(HAVE_TICK_COUNTER) + /* +@@ -441,6 +461,22 @@ INLINE_ELAPSED(__inline__) + #define HAVE_TICK_COUNTER + #endif + ++/*----------------------------------------------------------------*/ ++#if (defined(__DECC) || defined(__DECCXX)) && defined(__sw_64) && defined(HAVE_C_ASM_H) && !defined(HAVE_TICK_COUNTER) ++# include ++typedef unsigned int CycleCounterTicks; ++ ++static __inline CycleCounterTicks getticks(void) ++{ ++ unsigned long cc; ++ cc = asm("rtc %v0"); ++ return (cc & 0xFFFFFFFF); ++} ++ ++INLINE_ELAPSED(__inline) ++ ++#define HAVE_TICK_COUNTER ++#endif + /*----------------------------------------------------------------*/ + #if (defined(__DECC) || defined(__DECCXX)) && defined(__alpha) && defined(HAVE_C_ASM_H) && !defined(HAVE_TICK_COUNTER) + # include +-- +2.33.0 + diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 7f78b7128aa83c6c6f7cad89d0823a5c1813270f..77e710ae0f3c229c23b1979acf62d2c4467fb001 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -34,7 +34,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.15.2 -Release: 4 +Release: 6 # See LGPL_EXCEPTIONS.txt, for exception details @@ -112,7 +112,10 @@ Patch0018: 0001-modify-kwin_5.18-complier-error.patch # https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.15.2+dfsg-15 Patch0019: CVE-2021-38593.patch Patch0020: CVE-2022-25255.patch -Patch0021: add-loongarch64-support.patch +Patch0021: qt5-qtbase-Add-sw64-architecture.patch +Patch0022: add-loongarch64-support.patch +# https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff +Patch0023: CVE-2023-24607.patch # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are # not there, the platform to integrate with isn't either. Then Qt will just @@ -369,6 +372,8 @@ Qt5 libraries used for drawing widgets and OpenGL items. %patch0019 -p1 %patch0020 -p1 %patch0021 -p1 +%patch0022 -p1 +%patch0023 -p1 # move some bundled libs to ensure they're not accidentally used pushd src/3rdparty mkdir UNUSED @@ -1010,9 +1015,15 @@ fi %changelog -* Mon Dec 12 2022 huajingyun - 5.15.2-4 +* Fri Apr 28 2023 douyan - 5.15.2-6 +- fix CVE-2023-24607 + +* Mon Dec 12 2022 huajingyun - 5.15.2-5 - add loongarch64 support +* Tue Oct 25 2022 wuzx - 5.15.2-4 +- Add sw64 architecture + * Wed Jul 27 2022 peijiankang - 5.15.2-3 - remove unnecessary file