From 7fdc5ef06261e10abe7ac6a831b5ad0d8deac0bb Mon Sep 17 00:00:00 2001 From: Funda Wang Date: Wed, 19 Mar 2025 14:22:09 +0800 Subject: [PATCH] 6.8.2 --- fix-build-error-of-libxkbcommon-1.6.0.patch | 31 -- qt6-qtbase-add-sw64-support.patch | 8 +- qt6-qtbase.spec | 277 ++++++++----- ...r.xz => qtbase-everywhere-src-6.8.2.tar.xz | 4 +- qtbase-gcc11.patch | 20 +- qtbase-tell-truth-about-private-api.patch | 27 -- qtbase6.5.1-CVE-2023-43114.patch | 129 ------ qtbase6.5.2-CVE-2023-38197.patch | 371 ------------------ qtbase6.5.2-CVE-2023-45935.patch | 38 -- qtbase6.5.2-CVE-2023-51714.patch | 29 -- qtbase6.5.2-CVE-2024-25580.patch | 325 --------------- qtbase6.5.2-CVE-2024-33861.patch | 22 -- qtbase6.5.2-CVE-2024-39936.patch | 138 ------- 13 files changed, 178 insertions(+), 1241 deletions(-) delete mode 100644 fix-build-error-of-libxkbcommon-1.6.0.patch rename qtbase-everywhere-src-6.5.2.tar.xz => qtbase-everywhere-src-6.8.2.tar.xz (32%) delete mode 100644 qtbase-tell-truth-about-private-api.patch delete mode 100644 qtbase6.5.1-CVE-2023-43114.patch delete mode 100644 qtbase6.5.2-CVE-2023-38197.patch delete mode 100644 qtbase6.5.2-CVE-2023-45935.patch delete mode 100644 qtbase6.5.2-CVE-2023-51714.patch delete mode 100644 qtbase6.5.2-CVE-2024-25580.patch delete mode 100644 qtbase6.5.2-CVE-2024-33861.patch delete mode 100644 qtbase6.5.2-CVE-2024-39936.patch diff --git a/fix-build-error-of-libxkbcommon-1.6.0.patch b/fix-build-error-of-libxkbcommon-1.6.0.patch deleted file mode 100644 index b2d6ffe..0000000 --- a/fix-build-error-of-libxkbcommon-1.6.0.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 00b748a08fd27277e4bd8f86b431a1e71423d7ff Mon Sep 17 00:00:00 2001 -From: peijiankang -Date: Mon, 29 Jan 2024 11:04:27 +0800 -Subject: [PATCH] fix build error of libxkbcommon 1.6.0 - ---- - src/gui/platform/unix/qxkbcommon.cpp | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/gui/platform/unix/qxkbcommon.cpp b/src/gui/platform/unix/qxkbcommon.cpp -index fc014b38..0de9e98f 100644 ---- a/src/gui/platform/unix/qxkbcommon.cpp -+++ b/src/gui/platform/unix/qxkbcommon.cpp -@@ -239,10 +239,14 @@ static constexpr const auto KeyTbl = qMakeArray( - Xkb2Qt, - Xkb2Qt, - Xkb2Qt, -+/* The following four XKB_KEY_dead keys got removed in libxkbcommon 1.6.0 -+ The define check is kind of version check here. */ -+#ifdef XKB_KEY_dead_lowline - Xkb2Qt, - Xkb2Qt, - Xkb2Qt, - Xkb2Qt, -+#endif - - // Special keys from X.org - This include multimedia keys, - // wireless/bluetooth/uwb keys, special launcher keys, etc. --- -2.41.0 - diff --git a/qt6-qtbase-add-sw64-support.patch b/qt6-qtbase-add-sw64-support.patch index ebba418..92011ee 100644 --- a/qt6-qtbase-add-sw64-support.patch +++ b/qt6-qtbase-add-sw64-support.patch @@ -12,7 +12,7 @@ Subject: [PATCH] add sw64 support src/corelib/io/qfilesystemwatcher_inotify.cpp | 4 +++ src/corelib/plugin/qelfparser_p.cpp | 3 ++ src/gui/image/qimage.cpp | 4 +++ - src/testlib/3rdparty/cycle_p.h | 35 +++++++++++++++++++ + src/testlib/3rdparty/cycle/cycle_p.h | 35 +++++++++++++++++++ 9 files changed, 53 insertions(+), 2 deletions(-) diff --git a/src/3rdparty/double-conversion/double-conversion/utils.h b/src/3rdparty/double-conversion/double-conversion/utils.h @@ -130,10 +130,10 @@ index 71367f6d..bc8c84df 100644 #if defined(Q_CC_DEC) && defined(__alpha) && (__DECCXX_VER-0 >= 50190001) #pragma message disable narrowptr #endif -diff --git a/src/testlib/3rdparty/cycle_p.h b/src/testlib/3rdparty/cycle_p.h +diff --git a/src/testlib/3rdparty/cycle/cycle_p.h b/src/testlib/3rdparty/cycle/cycle_p.h index 95e741a8..4d933e10 100644 ---- a/src/testlib/3rdparty/cycle_p.h -+++ b/src/testlib/3rdparty/cycle_p.h +--- a/src/testlib/3rdparty/cycle/cycle_p.h ++++ b/src/testlib/3rdparty/cycle/cycle_p.h @@ -405,6 +405,26 @@ INLINE_ELAPSED(__inline__) #define HAVE_TICK_COUNTER diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index 965ade7..079e2b4 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -1,9 +1,8 @@ - # See http://bugzilla.redhat.com/223663 %global multilib_archs x86_64 %{ix86} %{?mips} ppc64 ppc s390x s390 sparc64 sparcv9 riscv64 loongarch64 %global multilib_basearchs x86_64 %{?mips64} ppc64 s390x sparc64 riscv64 loongarch64 -%define short_version 6.5 +%bcond_with doc %ifarch s390x ppc64le aarch64 armv7hl riscv64 loongarch64 %global no_sse2 1 @@ -17,22 +16,19 @@ %global qt_module qtbase -%global journald 1 -BuildRequires: pkgconfig(libsystemd) - %global examples 1 ## skip for now, until we're better at it --rex #global tests 1 Name: qt6-qtbase Summary: Qt6 - QtBase components -Version: 6.5.2 -Release: 9 +Version: 6.8.2 +Release: 1 License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0 -Url: http://qt-project.org/ - -Source0: https://download.qt.io/official_releases/qt/%{short_version}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz +Url: https://www.qt.io +%global majmin %(echo %{version} | cut -d. -f1-2) +Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz # https://bugzilla.redhat.com/show_bug.cgi?id=1227295 Source1: qtlogging.ini @@ -52,7 +48,6 @@ Source10: macros.qt6-qtbase # track private api via properly versioned symbols # downside: binaries produced with these differently-versioned symbols are no longer # compatible with qt-project.org's Qt binary releases. -Patch1: qtbase-tell-truth-about-private-api.patch Patch2: qtbase-CMake-Install-objects-files-into-ARCHDATADIR.patch # upstreamable patches @@ -79,18 +74,8 @@ Patch90: qtbase-gcc11.patch # fix riscv test Patch100: fix-riscv-configure-tests.patch - -Patch102: fix-build-error-of-libxkbcommon-1.6.0.patch Patch103: qt6-qtbase-add-sw64-support.patch -#fix CVE -Patch6001:qtbase6.5.2-CVE-2023-38197.patch -Patch6003:qtbase6.5.1-CVE-2023-43114.patch -Patch6004:qtbase6.5.2-CVE-2023-51714.patch -Patch6005:qtbase6.5.2-CVE-2024-33861.patch -Patch6006:qtbase6.5.2-CVE-2024-39936.patch -Patch6007:qtbase6.5.2-CVE-2023-45935.patch -Patch6008:qtbase6.5.2-CVE-2024-25580.patch # Do not check any files in %%{_qt6_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are # not there, the platform to integrate with isn't either. Then Qt will just @@ -121,8 +106,6 @@ BuildRequires: tslib-devel BuildRequires: pkgconfig(alsa) # required for -accessibility BuildRequires: pkgconfig(atspi-2) -# http://bugzilla.redhat.com/1196359 -%global dbus_linked 1 BuildRequires: pkgconfig(dbus-1) BuildRequires: pkgconfig(libdrm) BuildRequires: pkgconfig(fontconfig) @@ -152,19 +135,18 @@ BuildRequires: pkgconfig(gbm) BuildRequires: pkgconfig(libglvnd) BuildRequires: pkgconfig(x11) -%global sqlite 1 BuildRequires: pkgconfig(sqlite3) >= 3.7 BuildRequires: pkgconfig(harfbuzz) >= 0.9.42 BuildRequires: pkgconfig(icu-i18n) BuildRequires: pkgconfig(libpcre2-16) >= 10.20 -%global pcre 1 +BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(xcb-xkb) BuildRequires: pkgconfig(xcb) pkgconfig(xcb-glx) pkgconfig(xcb-icccm) pkgconfig(xcb-image) pkgconfig(xcb-keysyms) pkgconfig(xcb-renderutil) pkgconfig(xcb-cursor) BuildRequires: pkgconfig(zlib) BuildRequires: perl BuildRequires: perl-generators BuildRequires: python3 -BuildRequires: qt6-rpm-macros +BuildRequires: qt6-rpm-macros >= %{version} %if 0%{?tests} BuildRequires: dbus-x11 @@ -172,8 +154,13 @@ BuildRequires: mesa-dri-drivers BuildRequires: time BuildRequires: xorg-x11-server-Xvfb %endif +%if %{with doc} +BuildRequires: /usr/bin/qdoc-qt6 +%endif +Requires: qt6-filesystem >= 6.8.0 Requires: %{name}-common = %{version}-%{release} +Conflicts: %{name}-devel < 6.8.2 ## Sql drivers %global ibase 1 @@ -194,7 +181,7 @@ BuildArch: noarch %package devel Summary: Development files for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} -Requires: %{name}-gui%{?_isa} +Requires: %{name}-gui%{?_isa} = %{version}-%{release} %if 0%{?egl} Requires: libEGL-devel %endif @@ -202,7 +189,7 @@ Requires: pkgconfig(gl) %if 0%{?vulkan} Requires: pkgconfig(vulkan) %endif -Requires: qt6-rpm-macros +Requires: qt6-rpm-macros >= %{version} %if 0%{?use_clang} Requires: clang >= 3.7.0 %endif @@ -220,6 +207,8 @@ Summary: Development files for %{name} private APIs Requires: %{name}-devel%{?_isa} = %{version}-%{release} # QtPrintSupport/private requires cups/ppd.h Requires: cups-devel +Conflicts: %{name}-devel < 6.8.2 + %description private-devel %{summary}. @@ -238,6 +227,7 @@ Requires: pkgconfig(glib-2.0) Requires: pkgconfig(libinput) Requires: pkgconfig(xkbcommon) Requires: pkgconfig(zlib) +Conflicts: %{name}-devel < 6.8.2 %description static %{summary}. @@ -283,35 +273,27 @@ Requires: glx-utils %description gui Qt6 libraries used for drawing widgets and OpenGL items. +%package doc +Summary: Documentation for %{qt_module} +Buildarch: noarch + +%description doc +Documentation for %{qt_module}. %prep -%setup -n %{qt_module}-everywhere-src-%{version} +%setup -qn %{qt_module}-everywhere-src-%{version} %autopatch -M99 -p1 %ifarch riscv64 %patch -P 100 -p1 %endif %autopatch -m101 -p1 -# move some bundled libs to ensure they're not accidentally used -pushd src/3rdparty -mkdir UNUSED -mv harfbuzz-ng freetype libjpeg libpng sqlite zlib UNUSED/ -popd - # builds failing mysteriously on f20 # ./configure: Permission denied # check to ensure that can't happen -- rex test -x configure || chmod +x configure - %build -# QT is known not to work properly with LTO at this point. Some of the issues -# are being worked on upstream and disabling LTO should be re-evaluated as -# we update this change. Until such time... -# Disable LTO -# https://bugzilla.redhat.com/1900527 -%define _lto_cflags %{nil} - ## FIXME/TODO: # * for %%ix86, add sse2 enabled builds for Qt6Gui, Qt6Core, QtNetwork, see also: # http://anonscm.debian.org/cgit/pkg-kde/qt/qtbase.git/tree/debian/rules (234-249) @@ -330,16 +312,16 @@ export CXX=clang++ export CFLAGS="$CFLAGS $RPM_OPT_FLAGS" export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS" export LDFLAGS="$LDFLAGS $RPM_LD_FLAGS" -export MAKEFLAGS="%{?_smp_mflags}" %cmake_qt6 \ -DQT_FEATURE_accessibility=ON \ -DQT_FEATURE_fontconfig=ON \ -DQT_FEATURE_glib=ON \ -DQT_FEATURE_sse2=%{?no_sse2:OFF}%{!?no_sse2:ON} \ + -DQT_FEATURE_system_doubleconversion=ON \ -DQT_FEATURE_icu=ON \ -DQT_FEATURE_enable_new_dtags=ON \ - -DQT_FEATURE_journald=%{?journald:ON}%{!?journald:OFF} \ + -DQT_FEATURE_journald=ON \ -DQT_FEATURE_openssl_linked=ON \ -DQT_FEATURE_libproxy=ON \ -DQT_FEATURE_sctp=ON \ @@ -349,6 +331,8 @@ export MAKEFLAGS="%{?_smp_mflags}" -DQT_FEATURE_system_jpeg=ON \ -DQT_FEATURE_system_png=ON \ -DQT_FEATURE_system_zlib=ON \ + -DQT_FEATURE_system_freetype=ON \ + -DQT_FEATURE_system_harfbuzz=ON \ %{?ibase:-DQT_FEATURE_sql_ibase=ON} \ -DQT_FEATURE_sql_odbc=ON \ -DQT_FEATURE_sql_mysql=ON \ @@ -356,9 +340,9 @@ export MAKEFLAGS="%{?_smp_mflags}" -DQT_FEATURE_sql_sqlite=ON \ -DQT_FEATURE_rpath=OFF \ -DQT_FEATURE_zstd=ON \ - %{?dbus_linked:-DQT_FEATURE_dbus_linked=ON} \ - %{?pcre:-DQT_FEATURE_system_pcre2=ON} \ - %{?sqlite:-DQT_FEATURE_system_sqlite=ON} \ + -DQT_FEATURE_dbus_linked=ON \ + -DQT_FEATURE_system_pcre2=ON \ + -DQT_FEATURE_system_sqlite=ON \ -DBUILD_SHARED_LIBS=ON \ -DQT_BUILD_EXAMPLES=%{?examples:ON}%{!?examples:OFF} \ -DQT_BUILD_TESTS=%{?tests:ON}%{!?tests:OFF} \ @@ -368,8 +352,15 @@ export MAKEFLAGS="%{?_smp_mflags}" # -DQT_FEATURE_directfb=ON \ %cmake_build +%if %{with doc} +%cmake_build --target docs +%endif + %install %cmake_install +%if %{with doc} +DESTDIR="%{buildroot}" %{__cmake} --build %{__cmake_builddir} --target install_docs +%endif install -m644 -p -D %{SOURCE1} %{buildroot}%{_qt6_datadir}/qtlogging.ini @@ -396,7 +387,7 @@ translationdir=%{_qt6_translationdir} Name: Qt6 Description: Qt6 Configuration -Version: 6.5.2 +Version: %{version} EOF # rpm macros @@ -454,10 +445,21 @@ install -p -m755 -D %{SOURCE6} %{buildroot}%{_sysconfdir}/X11/xinit/xinitrc.d/10 mkdir -p %{buildroot}%{_qt6_headerdir}/QtXcb install -m 644 src/plugins/platforms/xcb/*.h %{buildroot}%{_qt6_headerdir}/QtXcb/ -rm %{buildroot}/%{_qt6_libexecdir}/qt-cmake-private-install.cmake +# These files are only useful for the Qt continuous integration +rm %{buildroot}%{_qt6_libexecdir}/ensure_pro_file.cmake +rm %{buildroot}%{_qt6_libexecdir}/qt-android-runner.py +rm %{buildroot}%{_qt6_libexecdir}/qt-testrunner.py +rm %{buildroot}%{_qt6_libexecdir}/sanitizer-testrunner.py + +# Not useful for desktop installs +rm -r %{buildroot}%{_qt6_libdir}/cmake/Qt6ExamplesAssetDownloaderPrivate +rm -r %{buildroot}%{_qt6_headerdir}/QtExamplesAssetDownloader +rm %{buildroot}%{_qt6_descriptionsdir}/ExamplesAssetDownloaderPrivate.json +rm %{buildroot}%{_qt6_libdir}/libQt6ExamplesAssetDownloader.* +rm %{buildroot}%{_qt6_libdir}/qt6/metatypes/qt6examplesassetdownloaderprivate_*_metatypes.json -# Use better location for some new scripts in qtbase-6.0.1 -mv %{buildroot}/%{_qt6_libexecdir}/ensure_pro_file.cmake %{buildroot}/%{_qt6_libdir}/cmake/Qt6/ensure_pro_file.cmake +# This is only for Apple platforms and has a python2 dep +rm -r %{buildroot}%{_qt6_mkspecsdir}/features/uikit %check # verify Qt6.pc @@ -482,6 +484,7 @@ make check -k ||: %license LICENSES/GPL* %license LICENSES/LGPL* %dir %{_sysconfdir}/xdg/QtProject/ +%{_qt6_archdatadir}/sbom/qtbase-%{version}.spdx %{_qt6_libdir}/libQt6Concurrent.so.6* %{_qt6_libdir}/libQt6Core.so.6* %{_qt6_libdir}/libQt6DBus.so.6* @@ -489,23 +492,14 @@ make check -k ||: %{_qt6_libdir}/libQt6Sql.so.6* %{_qt6_libdir}/libQt6Test.so.6* %{_qt6_libdir}/libQt6Xml.so.6* -%dir %{_qt6_docdir}/ %{_qt6_docdir}/global/ %{_qt6_docdir}/config/ -%{_qt6_importdir}/ -%{_qt6_translationdir}/ -%if "%{_qt6_prefix}" != "%{_prefix}" -%dir %{_qt6_prefix}/ -%endif -%dir %{_qt6_archdatadir}/ -%dir %{_qt6_datadir}/ %{_qt6_datadir}/qtlogging.ini -%dir %{_qt6_libexecdir}/ -%dir %{_qt6_plugindir}/ %dir %{_qt6_plugindir}/designer/ %dir %{_qt6_plugindir}/generic/ %dir %{_qt6_plugindir}/iconengines/ %dir %{_qt6_plugindir}/imageformats/ +%dir %{_qt6_plugindir}/networkinformation/ %dir %{_qt6_plugindir}/platforminputcontexts/ %dir %{_qt6_plugindir}/platforms/ %dir %{_qt6_plugindir}/platformthemes/ @@ -513,42 +507,43 @@ make check -k ||: %dir %{_qt6_plugindir}/script/ %dir %{_qt6_plugindir}/sqldrivers/ %dir %{_qt6_plugindir}/styles/ +%dir %{_qt6_plugindir}/tls/ %{_qt6_plugindir}/networkinformation/libqglib.so %{_qt6_plugindir}/networkinformation/libqnetworkmanager.so %{_qt6_plugindir}/sqldrivers/libqsqlite.so %{_qt6_plugindir}/tls/libqcertonlybackend.so %{_qt6_plugindir}/tls/libqopensslbackend.so +%{_bindir}/qtpaths* +%{_qt6_bindir}/qtpaths* %files common # mostly empty for now, consider: filesystem/dir ownership, licenses %{_rpmmacrodir}/macros.qt6-qtbase %files devel -%dir %{_qt6_libdir}/qt6/modules -%dir %{_qt6_libdir}/qt6/metatypes +%dir %{_qt6_descriptionsdir} +%dir %{_qt6_metatypesdir} %dir %{_qt6_libdir}/cmake/Qt6 +%dir %{_qt6_libdir}/cmake/Qt6/libexec %dir %{_qt6_libdir}/cmake/Qt6/platforms %dir %{_qt6_libdir}/cmake/Qt6/platforms/Platform %dir %{_qt6_libdir}/cmake/Qt6/config.tests +%dir %{_qt6_libdir}/cmake/Qt6/3rdparty %dir %{_qt6_libdir}/cmake/Qt6/3rdparty/extra-cmake-modules +%dir %{_qt6_libdir}/cmake/Qt6/3rdparty/extra-cmake-modules/find-modules +%dir %{_qt6_libdir}/cmake/Qt6/3rdparty/extra-cmake-modules/modules %dir %{_qt6_libdir}/cmake/Qt6/3rdparty/kwin %dir %{_qt6_libdir}/cmake/Qt6BuildInternals %dir %{_qt6_libdir}/cmake/Qt6BuildInternals/StandaloneTests +%dir %{_qt6_libdir}/cmake/Qt6BuildInternals/QtStandaloneTestTemplateProject %dir %{_qt6_libdir}/cmake/Qt6Concurrent %dir %{_qt6_libdir}/cmake/Qt6Core %dir %{_qt6_libdir}/cmake/Qt6CoreTools %dir %{_qt6_libdir}/cmake/Qt6DBus %dir %{_qt6_libdir}/cmake/Qt6DBusTools -%dir %{_qt6_libdir}/cmake/Qt6DeviceDiscoverySupportPrivate -%dir %{_qt6_libdir}/cmake/Qt6EglFSDeviceIntegrationPrivate -%dir %{_qt6_libdir}/cmake/Qt6EglFsKmsGbmSupportPrivate -%dir %{_qt6_libdir}/cmake/Qt6EglFsKmsSupportPrivate -%dir %{_qt6_libdir}/cmake/Qt6ExampleIconsPrivate -%dir %{_qt6_libdir}/cmake/Qt6FbSupportPrivate %dir %{_qt6_libdir}/cmake/Qt6Gui %dir %{_qt6_libdir}/cmake/Qt6GuiTools %dir %{_qt6_libdir}/cmake/Qt6HostInfo -%dir %{_qt6_libdir}/cmake/Qt6KmsSupportPrivate %dir %{_qt6_libdir}/cmake/Qt6Network %dir %{_qt6_libdir}/cmake/Qt6OpenGL %dir %{_qt6_libdir}/cmake/Qt6OpenGLWidgets @@ -558,17 +553,14 @@ make check -k ||: %dir %{_qt6_libdir}/cmake/Qt6Widgets %dir %{_qt6_libdir}/cmake/Qt6WidgetsTools %dir %{_qt6_libdir}/cmake/Qt6Xml -%if "%{_qt6_bindir}" != "%{_bindir}" -%dir %{_qt6_bindir} -%endif %{_bindir}/androiddeployqt %{_bindir}/androiddeployqt6 %{_bindir}/androidtestrunner %{_bindir}/qdbuscpp2xml* %{_bindir}/qdbusxml2cpp* %{_bindir}/qmake* -%{_bindir}/qtpaths* %{_bindir}/qt-cmake +%{_bindir}/qt-cmake-create %{_bindir}/qt-configure-module %{_libdir}/qt6/bin/qmake6 %{_qt6_bindir}/androiddeployqt @@ -577,16 +569,16 @@ make check -k ||: %{_qt6_bindir}/qdbuscpp2xml %{_qt6_bindir}/qdbusxml2cpp %{_qt6_bindir}/qmake -%{_qt6_bindir}/qtpaths* %{_qt6_bindir}/qt-cmake +%{_qt6_bindir}/qt-cmake-create %{_qt6_bindir}/qt-configure-module %{_qt6_libexecdir}/qt-cmake-private +%{_qt6_libexecdir}/qt-cmake-private-install.cmake %{_qt6_libexecdir}/qt-cmake-standalone-test %{_qt6_libexecdir}/cmake_automoc_parser +%{_qt6_libexecdir}/qt-internal-configure-examples %{_qt6_libexecdir}/qt-internal-configure-tests -%{_qt6_libexecdir}/sanitizer-testrunner.py %{_qt6_libexecdir}/syncqt -%{_qt6_libexecdir}/android_emulator_launcher.sh %{_qt6_libexecdir}/moc %{_qt6_libexecdir}/tracegen %{_qt6_libexecdir}/tracepointgen @@ -594,16 +586,24 @@ make check -k ||: %{_qt6_libexecdir}/qvkgen %{_qt6_libexecdir}/rcc %{_qt6_libexecdir}/uic -%{_qt6_libexecdir}/qt-testrunner.py -%{_qt6_libdir}/qt6/modules/*.json +%{_qt6_descriptionsdir}/Concurrent.json +%{_qt6_descriptionsdir}/Core.json +%{_qt6_descriptionsdir}/DBus.json +%{_qt6_descriptionsdir}/Gui.json +%{_qt6_descriptionsdir}/Network.json +%{_qt6_descriptionsdir}/OpenGL.json +%{_qt6_descriptionsdir}/OpenGLWidgets.json +%{_qt6_descriptionsdir}/PrintSupport.json +%{_qt6_descriptionsdir}/Sql.json +%{_qt6_descriptionsdir}/Test.json +%{_qt6_descriptionsdir}/Widgets.json +%{_qt6_descriptionsdir}/Xml.json %if "%{_qt6_headerdir}" != "%{_includedir}" %dir %{_qt6_headerdir} %endif %{_qt6_headerdir}/QtConcurrent/ %{_qt6_headerdir}/QtCore/ %{_qt6_headerdir}/QtDBus/ -%{_qt6_headerdir}/QtInputSupport -%{_qt6_headerdir}/QtExampleIcons %{_qt6_headerdir}/QtGui/ %{_qt6_headerdir}/QtNetwork/ %{_qt6_headerdir}/QtOpenGL/ @@ -614,10 +614,6 @@ make check -k ||: %{_qt6_headerdir}/QtWidgets/ %{_qt6_headerdir}/QtXcb/ %{_qt6_headerdir}/QtXml/ -%{_qt6_headerdir}/QtEglFSDeviceIntegration -%{_qt6_headerdir}/QtEglFsKmsGbmSupport -%{_qt6_headerdir}/QtEglFsKmsSupport -%{_qt6_mkspecsdir}/ %{_qt6_libdir}/libQt6Concurrent.prl %{_qt6_libdir}/libQt6Concurrent.so %{_qt6_libdir}/libQt6Core.prl @@ -644,10 +640,8 @@ make check -k ||: %{_qt6_libdir}/libQt6XcbQpa.so %{_qt6_libdir}/libQt6Xml.prl %{_qt6_libdir}/libQt6Xml.so -%{_qt6_libdir}/libQt6EglFSDeviceIntegration.prl -%{_qt6_libdir}/libQt6EglFSDeviceIntegration.so -%{_qt6_libdir}/libQt6EglFsKmsGbmSupport.prl -%{_qt6_libdir}/libQt6EglFsKmsGbmSupport.so +%{_qt6_libdir}/cmake/Qt6/3rdparty/extra-cmake-modules/REUSE.toml +%{_qt6_libdir}/cmake/Qt6/3rdparty/kwin/REUSE.toml %{_qt6_libdir}/cmake/Qt6/*.h.in %{_qt6_libdir}/cmake/Qt6/*.cmake %{_qt6_libdir}/cmake/Qt6/*.cmake.in @@ -674,21 +668,14 @@ make check -k ||: %{_qt6_libdir}/cmake/Qt6BuildInternals/QtStandaloneTestTemplateProject/Main.cmake %{_qt6_libdir}/cmake/Qt6Concurrent/*.cmake %{_qt6_libdir}/cmake/Qt6Core/*.cmake +%{_qt6_libdir}/cmake/Qt6Core/Qt6CoreResourceInit.in.cpp %{_qt6_libdir}/cmake/Qt6Core/Qt6CoreConfigureFileTemplate.in %{_qt6_libdir}/cmake/Qt6CoreTools/*.cmake %{_qt6_libdir}/cmake/Qt6DBus/*.cmake %{_qt6_libdir}/cmake/Qt6DBusTools/*.cmake -%{_qt6_libdir}/cmake/Qt6DeviceDiscoverySupportPrivate/*.cmake -%{_qt6_libdir}/cmake/Qt6EglFSDeviceIntegrationPrivate/*.cmake -%{_qt6_libdir}/cmake/Qt6EglFsKmsGbmSupportPrivate/*.cmake -%{_qt6_libdir}/cmake/Qt6EglFsKmsSupportPrivate/*.cmake -%{_qt6_libdir}/cmake/Qt6ExampleIconsPrivate/*.cmake -%{_qt6_libdir}/cmake/Qt6FbSupportPrivate/*.cmake %{_qt6_libdir}/cmake/Qt6Gui/*.cmake %{_qt6_libdir}/cmake/Qt6GuiTools/*.cmake %{_qt6_libdir}/cmake/Qt6HostInfo/*.cmake -%{_qt6_libdir}/cmake/Qt6InputSupportPrivate/*.cmake -%{_qt6_libdir}/cmake/Qt6KmsSupportPrivate/*.cmake %{_qt6_libdir}/cmake/Qt6Network/*.cmake %{_qt6_libdir}/cmake/Qt6OpenGL/*.cmake %{_qt6_libdir}/cmake/Qt6OpenGLWidgets/*.cmake @@ -698,36 +685,102 @@ make check -k ||: %{_qt6_libdir}/cmake/Qt6Test/*.cmake %{_qt6_libdir}/cmake/Qt6Widgets/*.cmake %{_qt6_libdir}/cmake/Qt6WidgetsTools/*.cmake -%{_qt6_libdir}/cmake/Qt6XcbQpaPrivate/*.cmake %{_qt6_libdir}/cmake/Qt6Xml/*.cmake -%{_qt6_libdir}/qt6/metatypes/*.json -%{_qt6_libdir}/qt6/objects-RelWithDebInfo/ExampleIconsPrivate_resources_1/.rcc/qrc_example_icons.cpp.o +%{_qt6_metatypesdir}/qt6concurrent_*_metatypes.json +%{_qt6_metatypesdir}/qt6core_*_metatypes.json +%{_qt6_metatypesdir}/qt6dbus_*_metatypes.json +%{_qt6_metatypesdir}/qt6gui_*_metatypes.json +%{_qt6_metatypesdir}/qt6network_*_metatypes.json +%{_qt6_metatypesdir}/qt6opengl_*_metatypes.json +%{_qt6_metatypesdir}/qt6openglwidgets_*_metatypes.json +%{_qt6_metatypesdir}/qt6printsupport_*_metatypes.json +%{_qt6_metatypesdir}/qt6sql_*_metatypes.json +%{_qt6_metatypesdir}/qt6test_*_metatypes.json +%{_qt6_metatypesdir}/qt6widgets_*_metatypes.json +%{_qt6_metatypesdir}/qt6xml_*_metatypes.json %{_qt6_libdir}/pkgconfig/*.pc +%{_qt6_mkspecsdir}/* +## private-devel globs +%exclude %{_qt6_headerdir}/*/%{version} +%files private-devel +%{_qt6_headerdir}/QtCore/%{version} +%{_qt6_headerdir}/QtDBus/%{version} +%{_qt6_headerdir}/QtGui/%{version} +%{_qt6_headerdir}/QtNetwork/%{version} +%{_qt6_headerdir}/QtOpenGL/%{version} +%{_qt6_headerdir}/QtPrintSupport/%{version} +%{_qt6_headerdir}/QtSql/%{version} +%{_qt6_headerdir}/QtTest/%{version} +%{_qt6_headerdir}/QtWidgets/%{version} +%{_qt6_headerdir}/QtXml/%{version} +%{_qt6_headerdir}/QtEglFSDeviceIntegration +%{_qt6_headerdir}/QtEglFsKmsGbmSupport +%{_qt6_headerdir}/QtEglFsKmsSupport +%dir %{_qt6_libdir}/cmake/Qt6EglFSDeviceIntegrationPrivate +%dir %{_qt6_libdir}/cmake/Qt6EglFsKmsGbmSupportPrivate +%dir %{_qt6_libdir}/cmake/Qt6EglFsKmsSupportPrivate +%dir %{_qt6_libdir}/cmake/Qt6XcbQpaPrivate +%{_qt6_libdir}/cmake/Qt6EglFSDeviceIntegrationPrivate/*.cmake +%{_qt6_libdir}/cmake/Qt6EglFsKmsGbmSupportPrivate/*.cmake +%{_qt6_libdir}/cmake/Qt6EglFsKmsSupportPrivate/*.cmake +%{_qt6_libdir}/cmake/Qt6XcbQpaPrivate/*.cmake %if 0%{?egl} %{_qt6_libdir}/libQt6EglFsKmsSupport.prl %{_qt6_libdir}/libQt6EglFsKmsSupport.so %endif -## private-devel globs -%exclude %{_qt6_headerdir}/*/%{version}/ - -%files private-devel -%{_qt6_headerdir}/*/%{version}/ +%{_qt6_libdir}/libQt6EglFSDeviceIntegration.prl +%{_qt6_libdir}/libQt6EglFSDeviceIntegration.so +%{_qt6_libdir}/libQt6EglFsKmsGbmSupport.prl +%{_qt6_libdir}/libQt6EglFsKmsGbmSupport.so +%{_qt6_descriptionsdir}/EglFSDeviceIntegrationPrivate.json +%{_qt6_descriptionsdir}/EglFsKmsGbmSupportPrivate.json +%{_qt6_descriptionsdir}/EglFsKmsSupportPrivate.json +%{_qt6_descriptionsdir}/XcbQpaPrivate.json +%{_qt6_metatypesdir}/qt6eglfsdeviceintegrationprivate_*_metatypes.json +%{_qt6_metatypesdir}/qt6eglfskmsgbmsupportprivate_*_metatypes.json +%{_qt6_metatypesdir}/qt6eglfskmssupportprivate_*_metatypes.json +%{_qt6_metatypesdir}/qt6xcbqpaprivate_*_metatypes.json %files static +%dir %{_qt6_libdir}/cmake/Qt6ExampleIconsPrivate +%{_qt6_libdir}/cmake/Qt6ExampleIconsPrivate/*.cmake +%{_qt6_headerdir}/QtExampleIcons +%{_qt6_libdir}/libQt6ExampleIcons.a +%{_qt6_libdir}/libQt6ExampleIcons.prl +%{_qt6_descriptionsdir}/ExampleIconsPrivate.json +%dir %{_qt6_archdatadir}/objects-* +%{_qt6_archdatadir}/objects-*/ExampleIconsPrivate_resources_1/ +%{_qt6_metatypesdir}/qt6exampleiconsprivate_*_metatypes.json +%dir %{_qt6_libdir}/cmake/Qt6DeviceDiscoverySupportPrivate +%{_qt6_libdir}/cmake/Qt6DeviceDiscoverySupportPrivate/*.cmake %{_qt6_headerdir}/QtDeviceDiscoverySupport %{_qt6_libdir}/libQt6DeviceDiscoverySupport.*a %{_qt6_libdir}/libQt6DeviceDiscoverySupport.prl -%{_qt6_libdir}/libQt6ExampleIcons.a -%{_qt6_libdir}/libQt6ExampleIcons.prl +%{_qt6_descriptionsdir}/DeviceDiscoverySupportPrivate.json +%{_qt6_metatypesdir}/qt6devicediscoverysupportprivate_*_metatypes.json +%dir %{_qt6_libdir}/cmake/Qt6FbSupportPrivate +%{_qt6_libdir}/cmake/Qt6FbSupportPrivate/*.cmake %{_qt6_headerdir}/QtFbSupport %{_qt6_libdir}/libQt6FbSupport.*a %{_qt6_libdir}/libQt6FbSupport.prl +%{_qt6_descriptionsdir}/FbSupportPrivate.json +%{_qt6_metatypesdir}/qt6fbsupportprivate_*_metatypes.json +%dir %{_qt6_libdir}/cmake/Qt6InputSupportPrivate +%{_qt6_libdir}/cmake/Qt6InputSupportPrivate/*.cmake +%{_qt6_headerdir}/QtInputSupport %{_qt6_libdir}/libQt6InputSupport.*a %{_qt6_libdir}/libQt6InputSupport.prl +%{_qt6_descriptionsdir}/InputSupportPrivate.json +%{_qt6_metatypesdir}/qt6inputsupportprivate_*_metatypes.json +%dir %{_qt6_libdir}/cmake/Qt6KmsSupportPrivate +%{_qt6_libdir}/cmake/Qt6KmsSupportPrivate/*.cmake %{_qt6_headerdir}/QtKmsSupport %{_qt6_libdir}/libQt6KmsSupport.*a %{_qt6_libdir}/libQt6KmsSupport.prl +%{_qt6_descriptionsdir}/KmsSupportPrivate.json +%{_qt6_metatypesdir}/qt6kmssupportprivate_*_metatypes.json + %if 0%{?examples} %files examples %{_qt6_examplesdir}/ @@ -788,6 +841,7 @@ make check -k ||: %{_qt6_plugindir}/egldeviceintegrations/libqeglfs-x11-integration.so %{_qt6_plugindir}/egldeviceintegrations/libqeglfs-kms-egldevice-integration.so %{_qt6_plugindir}/egldeviceintegrations/libqeglfs-emu-integration.so +%dir %{_qt6_plugindir}/xcbglintegrations/ %{_qt6_plugindir}/xcbglintegrations/libqxcb-egl-integration.so %endif # Platforms @@ -798,13 +852,18 @@ make check -k ||: %{_qt6_plugindir}/platforms/libqvnc.so %{_qt6_plugindir}/platforms/libqvkkhrdisplay.so %{_qt6_plugindir}/xcbglintegrations/libqxcb-glx-integration.so +%{_qt6_plugindir}/printsupport/libcupsprintersupport.so # Platformthemes %{_qt6_plugindir}/platformthemes/libqxdgdesktopportal.so %{_qt6_plugindir}/platformthemes/libqgtk3.so -%{_qt6_plugindir}/printsupport/libcupsprintersupport.so +%files doc +%{_docdir}/qt6/* %changelog +* Wed Mar 19 2025 Funda Wang - 6.8.2-1 +- update to 6.8.2 + * Tue Mar 11 2025 mahailiang - 6.5.2-9 - add sw_64 support diff --git a/qtbase-everywhere-src-6.5.2.tar.xz b/qtbase-everywhere-src-6.8.2.tar.xz similarity index 32% rename from qtbase-everywhere-src-6.5.2.tar.xz rename to qtbase-everywhere-src-6.8.2.tar.xz index 02172be..5b8ba1c 100644 --- a/qtbase-everywhere-src-6.5.2.tar.xz +++ b/qtbase-everywhere-src-6.8.2.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3db4c729b4d80a9d8fda8dd77128406353baff4755ca619177eda4cddae71269 -size 48410716 +oid sha256:012043ce6d411e6e8a91fdc4e05e6bedcfa10fcb1347d3c33908f7fdd10dfe05 +size 48264736 diff --git a/qtbase-gcc11.patch b/qtbase-gcc11.patch index dfbd08f..60fee4e 100644 --- a/qtbase-gcc11.patch +++ b/qtbase-gcc11.patch @@ -1,8 +1,8 @@ diff --git a/examples/corelib/tools/contiguouscache/randomlistmodel.h b/examples/corelib/tools/contiguouscache/randomlistmodel.h -index 1fabb0d9..393ebaa3 100644 +index b95acdf3..eb765dcd 100644 --- a/examples/corelib/tools/contiguouscache/randomlistmodel.h +++ b/examples/corelib/tools/contiguouscache/randomlistmodel.h -@@ -50,6 +50,7 @@ +@@ -3,6 +3,7 @@ #ifndef RANDOMLISTMODEL_H #define RANDOMLISTMODEL_H @@ -10,23 +10,11 @@ index 1fabb0d9..393ebaa3 100644 #include #include -diff --git a/src/corelib/text/qanystringview.h b/src/corelib/text/qanystringview.h -index a7606253..60747cf0 100644 ---- a/src/corelib/text/qanystringview.h -+++ b/src/corelib/text/qanystringview.h -@@ -39,6 +39,7 @@ - #ifndef QANYSTRINGVIEW_H - #define QANYSTRINGVIEW_H - -+#include - #include - #include - diff --git a/src/corelib/text/qbytearray.h b/src/corelib/text/qbytearray.h -index 9f646aaa..a5af793c 100644 +index 5c9855d3..8a0ef377 100644 --- a/src/corelib/text/qbytearray.h +++ b/src/corelib/text/qbytearray.h -@@ -41,6 +41,7 @@ +@@ -5,6 +5,7 @@ #ifndef QBYTEARRAY_H #define QBYTEARRAY_H diff --git a/qtbase-tell-truth-about-private-api.patch b/qtbase-tell-truth-about-private-api.patch deleted file mode 100644 index c17e6f6..0000000 --- a/qtbase-tell-truth-about-private-api.patch +++ /dev/null @@ -1,27 +0,0 @@ -From c92143a6c6621f680208cd47d91877fd670b1e8f Mon Sep 17 00:00:00 2001 -From: Christophe Marin -Date: Sun, 20 Sep 2020 09:57:22 +0200 -Subject: [PATCH] Tell the truth about private API - -Mark private API with symbols only for the current patch release - -This change is a port of the libqt5-qtbase patch which was -added during the Qt 5.6 cycle. ---- - cmake/QtFlagHandlingHelpers.cmake | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cmake/QtFlagHandlingHelpers.cmake b/cmake/QtFlagHandlingHelpers.cmake -index d8597326cc..f9da7b2171 100644 ---- a/cmake/QtFlagHandlingHelpers.cmake -+++ b/cmake/QtFlagHandlingHelpers.cmake -@@ -23,7 +23,7 @@ function(qt_internal_add_linker_version_script target) - endif() - - if(TEST_ld_version_script) -- set(contents "Qt_${PROJECT_VERSION_MAJOR}_PRIVATE_API {\n qt_private_api_tag*;\n") -+ set(contents "Qt_${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}_PRIVATE_API {\n qt_private_api_tag*;\n") - if(arg_PRIVATE_HEADERS) - foreach(ph ${arg_PRIVATE_HEADERS}) - string(APPEND contents " @FILE:${ph}@\n") --- \ No newline at end of file diff --git a/qtbase6.5.1-CVE-2023-43114.patch b/qtbase6.5.1-CVE-2023-43114.patch deleted file mode 100644 index f5cbe01..0000000 --- a/qtbase6.5.1-CVE-2023-43114.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 8d7c452d55d55d6d60f3f0112a704968945fdab8 Mon Sep 17 00:00:00 2001 -From: hua_yadong -Date: Thu, 23 Nov 2023 17:55:06 +0800 -Subject: [PATCH] qtbase6.5.1-CVE-2023-43114 - ---- - src/gui/text/windows/qwindowsfontdatabase.cpp | 67 ++++++++++++++----- - 1 file changed, 51 insertions(+), 16 deletions(-) - -diff --git a/src/gui/text/windows/qwindowsfontdatabase.cpp b/src/gui/text/windows/qwindowsfontdatabase.cpp -index 2de53be6..3f27466d 100644 ---- a/src/gui/text/windows/qwindowsfontdatabase.cpp -+++ b/src/gui/text/windows/qwindowsfontdatabase.cpp -@@ -868,36 +868,70 @@ QT_WARNING_POP - return fontEngine; - } - --static QList getTrueTypeFontOffsets(const uchar *fontData) -+static QList getTrueTypeFontOffsets(const uchar *fontData, const uchar *fileEndSentinel) - { - QList offsets; -- const quint32 headerTag = *reinterpret_cast(fontData); -+ if (fileEndSentinel - fontData < 12) { -+ qCWarning(lcQpaFonts) << "Corrupted font data detected"; -+ return offsets; -+ } -+ -+ const quint32 headerTag = qFromUnaligned(fontData); - if (headerTag != MAKE_TAG('t', 't', 'c', 'f')) { - if (headerTag != MAKE_TAG(0, 1, 0, 0) - && headerTag != MAKE_TAG('O', 'T', 'T', 'O') - && headerTag != MAKE_TAG('t', 'r', 'u', 'e') -- && headerTag != MAKE_TAG('t', 'y', 'p', '1')) -+ && headerTag != MAKE_TAG('t', 'y', 'p', '1')) { - return offsets; -+ } - offsets << 0; - return offsets; - } -+ -+ const quint32 maximumNumFonts = 0xffff; - const quint32 numFonts = qFromBigEndian(fontData + 8); -- for (uint i = 0; i < numFonts; ++i) { -- offsets << qFromBigEndian(fontData + 12 + i * 4); -+ if (numFonts > maximumNumFonts) { -+ qCWarning(lcQpaFonts) << "Font collection of" << numFonts << "fonts is too large. Aborting."; -+ return offsets; -+ } -+ -+ if (quintptr(fileEndSentinel - fontData) > 12 + (numFonts - 1) * 4) { -+ for (quint32 i = 0; i < numFonts; ++i) -+ offsets << qFromBigEndian(fontData + 12 + i * 4); -+ } else { -+ qCWarning(lcQpaFonts) << "Corrupted font data detected"; - } -+ - return offsets; - } - --static void getFontTable(const uchar *fileBegin, const uchar *data, quint32 tag, const uchar **table, quint32 *length) -+static void getFontTable(const uchar *fileBegin, const uchar *fileEndSentinel, const uchar *data, quint32 tag, const uchar **table, quint32 *length) - { -- const quint16 numTables = qFromBigEndian(data + 4); -- for (uint i = 0; i < numTables; ++i) { -- const quint32 offset = 12 + 16 * i; -- if (*reinterpret_cast(data + offset) == tag) { -- *table = fileBegin + qFromBigEndian(data + offset + 8); -- *length = qFromBigEndian(data + offset + 12); -- return; -+ if (fileEndSentinel - data >= 6) { -+ const quint16 numTables = qFromBigEndian(data + 4); -+ if (fileEndSentinel - data >= 28 + 16 * (numTables - 1)) { -+ for (quint32 i = 0; i < numTables; ++i) { -+ const quint32 offset = 12 + 16 * i; -+ if (qFromUnaligned(data + offset) == tag) { -+ const quint32 tableOffset = qFromBigEndian(data + offset + 8); -+ if (quintptr(fileEndSentinel - fileBegin) <= tableOffset) { -+ qCWarning(lcQpaFonts) << "Corrupted font data detected"; -+ break; -+ } -+ *table = fileBegin + tableOffset; -+ *length = qFromBigEndian(data + offset + 12); -+ if (quintptr(fileEndSentinel - *table) < *length) { -+ qCWarning(lcQpaFonts) << "Corrupted font data detected"; -+ break; -+ } -+ return; -+ } -+ } -+ } else { -+ qCWarning(lcQpaFonts) << "Corrupted font data detected"; - } -+ } else { -+ qCWarning(lcQpaFonts) << "Corrupted font data detected"; - } - *table = 0; - *length = 0; -@@ -910,8 +944,9 @@ static void getFamiliesAndSignatures(const QByteArray &fontData, - QList *values) - { - const uchar *data = reinterpret_cast(fontData.constData()); -+ const uchar *dataEndSentinel = data + fontData.size(); - -- QList offsets = getTrueTypeFontOffsets(data); -+ QList offsets = getTrueTypeFontOffsets(data, dataEndSentinel); - if (offsets.isEmpty()) - return; - -@@ -919,7 +954,7 @@ static void getFamiliesAndSignatures(const QByteArray &fontData, - const uchar *font = data + offsets.at(i); - const uchar *table; - quint32 length; -- getFontTable(data, font, MAKE_TAG('n', 'a', 'm', 'e'), &table, &length); -+ getFontTable(data, dataEndSentinel, font, MAKE_TAG('n', 'a', 'm', 'e'), &table, &length); - if (!table) - continue; - QFontNames names = qt_getCanonicalFontNames(table, length); -@@ -929,7 +964,7 @@ static void getFamiliesAndSignatures(const QByteArray &fontData, - families->append(std::move(names)); - - if (values || signatures) -- getFontTable(data, font, MAKE_TAG('O', 'S', '/', '2'), &table, &length); -+ getFontTable(data, dataEndSentinel, font, MAKE_TAG('O', 'S', '/', '2'), &table, &length); - - if (values) { - QFontValues fontValues; --- -2.41.0 - diff --git a/qtbase6.5.2-CVE-2023-38197.patch b/qtbase6.5.2-CVE-2023-38197.patch deleted file mode 100644 index e213cf2..0000000 --- a/qtbase6.5.2-CVE-2023-38197.patch +++ /dev/null @@ -1,371 +0,0 @@ -From 49a4cf8133eb8d76115fb7827bd76764e1b30d12 Mon Sep 17 00:00:00 2001 -From: peijiankang -Date: Wed, 29 Nov 2023 20:51:35 +0800 -Subject: [PATCH] CVE-2023-38197 - ---- - src/corelib/serialization/qxmlstream.cpp | 144 +++++++++++++++++- - src/corelib/serialization/qxmlstream_p.h | 11 ++ - .../qxmlstream/tokenError/dtdInBody.xml | 21 +++ - .../qxmlstream/tokenError/multipleDtd.xml | 21 +++ - .../qxmlstream/tokenError/wellFormed.xml | 16 ++ - .../qxmlstream/tst_qxmlstream.cpp | 38 +++++ - 6 files changed, 243 insertions(+), 8 deletions(-) - create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml - create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml - create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml - -diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp -index 3175517a..7dcf80c3 100644 ---- a/src/corelib/serialization/qxmlstream.cpp -+++ b/src/corelib/serialization/qxmlstream.cpp -@@ -185,7 +185,7 @@ WRAP(indexOf, QLatin1StringView) - addData() or by waiting for it to arrive on the device(). - - \value UnexpectedElementError The parser encountered an element -- that was different to those it expected. -+ or token that was different to those it expected. - - */ - -@@ -322,13 +322,34 @@ QXmlStreamEntityResolver *QXmlStreamReader::entityResolver() const - - QXmlStreamReader is a well-formed XML 1.0 parser that does \e not - include external parsed entities. As long as no error occurs, the -- application code can thus be assured that the data provided by the -- stream reader satisfies the W3C's criteria for well-formed XML. For -- example, you can be certain that all tags are indeed nested and -- closed properly, that references to internal entities have been -- replaced with the correct replacement text, and that attributes have -- been normalized or added according to the internal subset of the -- DTD. -+ application code can thus be assured, that -+ \list -+ \li the data provided by the stream reader satisfies the W3C's -+ criteria for well-formed XML, -+ \li tokens are provided in a valid order. -+ \endlist -+ -+ Unless QXmlStreamReader raises an error, it guarantees the following: -+ \list -+ \li All tags are nested and closed properly. -+ \li References to internal entities have been replaced with the -+ correct replacement text. -+ \li Attributes have been normalized or added according to the -+ internal subset of the \l DTD. -+ \li Tokens of type \l StartDocument happen before all others, -+ aside from comments and processing instructions. -+ \li At most one DOCTYPE element (a token of type \l DTD) is present. -+ \li If present, the DOCTYPE appears before all other elements, -+ aside from StartDocument, comments and processing instructions. -+ \endlist -+ -+ In particular, once any token of type \l StartElement, \l EndElement, -+ \l Characters, \l EntityReference or \l EndDocument is seen, no -+ tokens of type StartDocument or DTD will be seen. If one is present in -+ the input stream, out of order, an error is raised. -+ -+ \note The token types \l Comment and \l ProcessingInstruction may appear -+ anywhere in the stream. - - If an error occurs while parsing, atEnd() and hasError() return - true, and error() returns the error that occurred. The functions -@@ -659,6 +680,7 @@ QXmlStreamReader::TokenType QXmlStreamReader::readNext() - d->token = -1; - return readNext(); - } -+ d->checkToken(); - return d->type; - } - -@@ -743,6 +765,11 @@ static constexpr auto QXmlStreamReader_tokenTypeString = qOffsetStringArray( - "ProcessingInstruction" - ); - -+static constexpr auto QXmlStreamReader_XmlContextString = qOffsetStringArray( -+ "Prolog", -+ "Body" -+); -+ - /*! - \property QXmlStreamReader::namespaceProcessing - \brief the namespace-processing flag of the stream reader. -@@ -777,6 +804,15 @@ QString QXmlStreamReader::tokenString() const - return QLatin1StringView(QXmlStreamReader_tokenTypeString.at(d->type)); - } - -+/*! -+ \internal -+ \return \param loc (Prolog/Body) as a string. -+ */ -+static constexpr QLatin1StringView contextString(QXmlStreamReaderPrivate::XmlContext ctxt) -+{ -+ return QLatin1StringView(QXmlStreamReader_XmlContextString.at(static_cast(ctxt))); -+} -+ - #endif // QT_NO_XMLSTREAMREADER - - QXmlStreamPrivateTagStack::QXmlStreamPrivateTagStack() -@@ -864,6 +900,8 @@ void QXmlStreamReaderPrivate::init() - - type = QXmlStreamReader::NoToken; - error = QXmlStreamReader::NoError; -+ currentContext = XmlContext::Prolog; -+ foundDTD = false; - } - - /* -@@ -3838,6 +3876,96 @@ void QXmlStreamWriter::writeCurrentToken(const QXmlStreamReader &reader) - break; - } - } -+static constexpr bool isTokenAllowedInContext(QXmlStreamReader::TokenType type, -+ QXmlStreamReaderPrivate::XmlContext loc) -+{ -+ switch (type) { -+ case QXmlStreamReader::StartDocument: -+ case QXmlStreamReader::DTD: -+ return loc == QXmlStreamReaderPrivate::XmlContext::Prolog; -+ -+ case QXmlStreamReader::StartElement: -+ case QXmlStreamReader::EndElement: -+ case QXmlStreamReader::Characters: -+ case QXmlStreamReader::EntityReference: -+ case QXmlStreamReader::EndDocument: -+ return loc == QXmlStreamReaderPrivate::XmlContext::Body; -+ -+ case QXmlStreamReader::Comment: -+ case QXmlStreamReader::ProcessingInstruction: -+ return true; -+ -+ case QXmlStreamReader::NoToken: -+ case QXmlStreamReader::Invalid: -+ return false; -+ } -+ -+ // GCC 8.x does not treat __builtin_unreachable() as constexpr -+#if !defined(Q_CC_GNU_ONLY) || (Q_CC_GNU >= 900) -+ Q_UNREACHABLE_RETURN(false); -+#else -+ return false; -+#endif -+} -+ -+/*! -+ \internal -+ \brief QXmlStreamReader::isValidToken -+ \return \c true if \param type is a valid token type. -+ \return \c false if \param type is an unexpected token, -+ which indicates a non-well-formed or invalid XML stream. -+ */ -+bool QXmlStreamReaderPrivate::isValidToken(QXmlStreamReader::TokenType type) -+{ -+ // Don't change currentContext, if Invalid or NoToken occur in the prolog -+ if (type == QXmlStreamReader::Invalid || type == QXmlStreamReader::NoToken) -+ return false; -+ -+ // If a token type gets rejected in the body, there is no recovery -+ const bool result = isTokenAllowedInContext(type, currentContext); -+ if (result || currentContext == XmlContext::Body) -+ return result; -+ -+ // First non-Prolog token observed => switch context to body and check again. -+ currentContext = XmlContext::Body; -+ return isTokenAllowedInContext(type, currentContext); -+} -+ -+/*! -+ \internal -+ Checks token type and raises an error, if it is invalid -+ in the current context (prolog/body). -+ */ -+void QXmlStreamReaderPrivate::checkToken() -+{ -+ Q_Q(QXmlStreamReader); -+ -+ // The token type must be consumed, to keep track if the body has been reached. -+ const XmlContext context = currentContext; -+ const bool ok = isValidToken(type); -+ -+ // Do nothing if an error has been raised already (going along with an unexpected token) -+ if (error != QXmlStreamReader::Error::NoError) -+ return; -+ -+ if (!ok) { -+ raiseError(QXmlStreamReader::UnexpectedElementError, -+ QObject::tr("Unexpected token type %1 in %2.") -+ .arg(q->tokenString(), contextString(context))); -+ return; -+ } -+ -+ if (type != QXmlStreamReader::DTD) -+ return; -+ -+ // Raise error on multiple DTD tokens -+ if (foundDTD) { -+ raiseError(QXmlStreamReader::UnexpectedElementError, -+ QObject::tr("Found second DTD token in %1.").arg(contextString(context))); -+ } else { -+ foundDTD = true; -+ } -+} - - /*! - \fn bool QXmlStreamAttributes::hasAttribute(QAnyStringView qualifiedName) const -diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h -index 7c46d187..f805cedb 100644 ---- a/src/corelib/serialization/qxmlstream_p.h -+++ b/src/corelib/serialization/qxmlstream_p.h -@@ -296,6 +296,17 @@ public: - QStringDecoder decoder; - bool atEnd; - -+ enum class XmlContext -+ { -+ Prolog, -+ Body, -+ }; -+ -+ XmlContext currentContext = XmlContext::Prolog; -+ bool foundDTD = false; -+ bool isValidToken(QXmlStreamReader::TokenType type); -+ void checkToken(); -+ - /*! - \sa setType() - */ -diff --git a/tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml b/tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml -new file mode 100644 -index 00000000..68ef2962 ---- /dev/null -+++ b/tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml -@@ -0,0 +1,21 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+]> -+ -+ -+ tst_QXmlStream -+ -+ -+ -+ -+ ]> -+ -+ -diff --git a/tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml b/tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml -new file mode 100644 -index 00000000..1dbe75c4 ---- /dev/null -+++ b/tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml -@@ -0,0 +1,21 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+]> -+ -+ -+ -+]> -+ -+ -+ tst_QXmlStream -+ -+ -+ -diff --git a/tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml b/tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml -new file mode 100644 -index 00000000..9dfbc0f9 ---- /dev/null -+++ b/tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml -@@ -0,0 +1,16 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+]> -+ -+ -+ tst_QXmlStream -+ -+ -+ -diff --git a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp -index b7f603c7..839d9edc 100644 ---- a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp -+++ b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp -@@ -590,6 +590,8 @@ private slots: - - void entityExpansionLimit() const; - -+ void tokenErrorHandling_data() const; -+ void tokenErrorHandling() const; - private: - static QByteArray readFile(const QString &filename); - -@@ -1818,6 +1820,42 @@ void tst_QXmlStream::roundTrip() const - QCOMPARE(out, in); - } - -+void tst_QXmlStream::tokenErrorHandling_data() const -+{ -+ QTest::addColumn("fileName"); -+ QTest::addColumn("expectedError"); -+ QTest::addColumn("errorKeyWord"); -+ -+ constexpr auto invalid = QXmlStreamReader::Error::UnexpectedElementError; -+ constexpr auto valid = QXmlStreamReader::Error::NoError; -+ QTest::newRow("DtdInBody") << "dtdInBody.xml" << invalid << "DTD"; -+ QTest::newRow("multipleDTD") << "multipleDtd.xml" << invalid << "second DTD"; -+ QTest::newRow("wellFormed") << "wellFormed.xml" << valid << ""; -+} -+ -+void tst_QXmlStream::tokenErrorHandling() const -+{ -+ QFETCH(const QString, fileName); -+ QFETCH(const QXmlStreamReader::Error, expectedError); -+ QFETCH(const QString, errorKeyWord); -+ -+ const QDir dir(QFINDTESTDATA("tokenError")); -+ QFile file(dir.absoluteFilePath(fileName)); -+ -+ // Cross-compiling: File will be on host only -+ if (!file.exists()) -+ QSKIP("Testfile not found."); -+ -+ file.open(QIODevice::ReadOnly); -+ QXmlStreamReader reader(&file); -+ while (!reader.atEnd()) -+ reader.readNext(); -+ -+ QCOMPARE(reader.error(), expectedError); -+ if (expectedError != QXmlStreamReader::Error::NoError) -+ QVERIFY(reader.errorString().contains(errorKeyWord)); -+} -+ - void tst_QXmlStream::test_fastScanName_data() const - { - QTest::addColumn("data"); --- -2.41.0 - diff --git a/qtbase6.5.2-CVE-2023-45935.patch b/qtbase6.5.2-CVE-2023-45935.patch deleted file mode 100644 index 7e620cc..0000000 --- a/qtbase6.5.2-CVE-2023-45935.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 552e3b9b78c136aebedf0a591af04661f0dedbbf Mon Sep 17 00:00:00 2001 -From: Liang Qi -Date: Mon, 31 Jul 2023 05:35:11 +0200 -Subject: xcb: guard a pointer before usage - -in QXcbAtom::initializeAllAtoms(). - -See also the example in -https://manpages.debian.org/testing/libxcb-doc/xcb_intern_atom_reply.3.en.html - -Fixes: QTBUG-115599 -Pick-to: 6.6 6.5 6.2 -Change-Id: I6590fe1aa11deec7fef7ce6d8f5c49a71d636648 -Reviewed-by: Axel Spoerl ---- - src/plugins/platforms/xcb/qxcbatom.cpp | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/plugins/platforms/xcb/qxcbatom.cpp b/src/plugins/platforms/xcb/qxcbatom.cpp -index 09b1fe8a9d..a456c19490 100644 ---- a/src/plugins/platforms/xcb/qxcbatom.cpp -+++ b/src/plugins/platforms/xcb/qxcbatom.cpp -@@ -230,8 +230,10 @@ void QXcbAtom::initializeAllAtoms(xcb_connection_t *connection) { - - for (i = 0; i < QXcbAtom::NAtoms; ++i) { - xcb_intern_atom_reply_t *reply = xcb_intern_atom_reply(connection, cookies[i], nullptr); -- m_allAtoms[i] = reply->atom; -- free(reply); -+ if (reply) { -+ m_allAtoms[i] = reply->atom; -+ free(reply); -+ } - } - } - --- -cgit v1.2.3 - diff --git a/qtbase6.5.2-CVE-2023-51714.patch b/qtbase6.5.2-CVE-2023-51714.patch deleted file mode 100644 index 0efee5e..0000000 --- a/qtbase6.5.2-CVE-2023-51714.patch +++ /dev/null @@ -1,29 +0,0 @@ -From c1d9a2e1eb0bf78cc33b558a2f78ca49fcb3cb1d Mon Sep 17 00:00:00 2001 -From: peijiankang -Date: Wed, 31 Jan 2024 11:31:35 +0800 -Subject: [PATCH] qtbase-6.5.2-CVE-2023-51714 - ---- - src/network/access/http2/hpacktable.cpp | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp -index 74a09a20..2c728b37 100644 ---- a/src/network/access/http2/hpacktable.cpp -+++ b/src/network/access/http2/hpacktable.cpp -@@ -26,8 +26,10 @@ HeaderSize entry_size(QByteArrayView name, QByteArrayView value) - // for counting the number of references to the name and value would have - // 32 octets of overhead." - -- const unsigned sum = unsigned(name.size() + value.size()); -- if (std::numeric_limits::max() - 32 < sum) -+ size_t sum; -+ if (qAddOverflow(size_t(name.size()), size_t(value.size()), &sum)) -+ return HeaderSize(); -+ if (sum > (std::numeric_limits::max() - 32)) - return HeaderSize(); - return HeaderSize(true, quint32(sum + 32)); - } --- -2.41.0 - diff --git a/qtbase6.5.2-CVE-2024-25580.patch b/qtbase6.5.2-CVE-2024-25580.patch deleted file mode 100644 index 13238af..0000000 --- a/qtbase6.5.2-CVE-2024-25580.patch +++ /dev/null @@ -1,325 +0,0 @@ -diff --git a/src/gui/util/qktxhandler.cpp b/src/gui/util/qktxhandler.cpp -index ee5e879516..d52d6a8a3c 100644 ---- a/src/gui/util/qktxhandler.cpp -+++ b/src/gui/util/qktxhandler.cpp -@@ -41,7 +41,7 @@ struct KTXHeader { - quint32 bytesOfKeyValueData; - }; - --static const quint32 qktxh_headerSize = sizeof(KTXHeader); -+static constexpr quint32 qktxh_headerSize = sizeof(KTXHeader); - - // Currently unused, declared for future reference - struct KTXKeyValuePairItem { -@@ -71,11 +71,24 @@ struct KTXMipmapLevel { - */ - }; - --// Returns the nearest multiple of 'rounding' greater than or equal to 'value' --constexpr quint32 withPadding(quint32 value, quint32 rounding) -+// Returns the nearest multiple of 4 greater than or equal to 'value' -+static const std::optional nearestMultipleOf4(quint32 value) - { -- Q_ASSERT(rounding > 1); -- return value + (rounding - 1) - ((value + (rounding - 1)) % rounding); -+ constexpr quint32 rounding = 4; -+ quint32 result = 0; -+ if (qAddOverflow(value, rounding - 1, &result)) -+ return std::nullopt; -+ result &= ~(rounding - 1); -+ return result; -+} -+ -+// Returns a view with prechecked bounds -+static QByteArrayView safeView(QByteArrayView view, quint32 start, quint32 length) -+{ -+ quint32 end = 0; -+ if (qAddOverflow(start, length, &end) || end > quint32(view.length())) -+ return {}; -+ return view.sliced(start, length); - } - - QKtxHandler::~QKtxHandler() = default; -@@ -83,8 +96,7 @@ QKtxHandler::~QKtxHandler() = default; - bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block) - { - Q_UNUSED(suffix); -- -- return (qstrncmp(block.constData(), ktxIdentifier, KTX_IDENTIFIER_LENGTH) == 0); -+ return block.startsWith(ktxIdentifier); - } - - QTextureFileData QKtxHandler::read() -@@ -93,55 +105,122 @@ QTextureFileData QKtxHandler::read() - return QTextureFileData(); - - const QByteArray buf = device()->readAll(); -- const quint32 dataSize = quint32(buf.size()); -- if (dataSize < qktxh_headerSize || !canRead(QByteArray(), buf)) { -- qCDebug(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData()); -+ if (buf.size() > std::numeric_limits::max()) { -+ qWarning(lcQtGuiTextureIO, "Too big KTX file %s", logName().constData()); -+ return QTextureFileData(); -+ } -+ -+ if (!canRead(QByteArray(), buf)) { -+ qWarning(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData()); - return QTextureFileData(); - } - -- const KTXHeader *header = reinterpret_cast(buf.data()); -- if (!checkHeader(*header)) { -- qCDebug(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData()); -+ if (buf.size() < qsizetype(qktxh_headerSize)) { -+ qWarning(lcQtGuiTextureIO, "Invalid KTX header size in %s", logName().constData()); -+ return QTextureFileData(); -+ } -+ -+ KTXHeader header; -+ memcpy(&header, buf.data(), qktxh_headerSize); -+ if (!checkHeader(header)) { -+ qWarning(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData()); - return QTextureFileData(); - } - - QTextureFileData texData; - texData.setData(buf); - -- texData.setSize(QSize(decode(header->pixelWidth), decode(header->pixelHeight))); -- texData.setGLFormat(decode(header->glFormat)); -- texData.setGLInternalFormat(decode(header->glInternalFormat)); -- texData.setGLBaseInternalFormat(decode(header->glBaseInternalFormat)); -+ texData.setSize(QSize(decode(header.pixelWidth), decode(header.pixelHeight))); -+ texData.setGLFormat(decode(header.glFormat)); -+ texData.setGLInternalFormat(decode(header.glInternalFormat)); -+ texData.setGLBaseInternalFormat(decode(header.glBaseInternalFormat)); - -- texData.setNumLevels(decode(header->numberOfMipmapLevels)); -- texData.setNumFaces(decode(header->numberOfFaces)); -+ texData.setNumLevels(decode(header.numberOfMipmapLevels)); -+ texData.setNumFaces(decode(header.numberOfFaces)); -+ -+ const quint32 bytesOfKeyValueData = decode(header.bytesOfKeyValueData); -+ quint32 headerKeyValueSize; -+ if (qAddOverflow(qktxh_headerSize, bytesOfKeyValueData, &headerKeyValueSize)) { -+ qWarning(lcQtGuiTextureIO, "Overflow in size of key value data in header of KTX file %s", -+ logName().constData()); -+ return QTextureFileData(); -+ } - -- const quint32 bytesOfKeyValueData = decode(header->bytesOfKeyValueData); -- if (qktxh_headerSize + bytesOfKeyValueData < quint64(buf.size())) // oob check -- texData.setKeyValueMetadata(decodeKeyValues( -- QByteArrayView(buf.data() + qktxh_headerSize, bytesOfKeyValueData))); -- quint32 offset = qktxh_headerSize + bytesOfKeyValueData; -+ if (headerKeyValueSize >= quint32(buf.size())) { -+ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData()); -+ return QTextureFileData(); -+ } -+ -+ // File contains key/values -+ if (bytesOfKeyValueData > 0) { -+ auto keyValueDataView = safeView(buf, qktxh_headerSize, bytesOfKeyValueData); -+ if (keyValueDataView.isEmpty()) { -+ qWarning(lcQtGuiTextureIO, "Invalid view in KTX file %s", logName().constData()); -+ return QTextureFileData(); -+ } -+ -+ auto keyValues = decodeKeyValues(keyValueDataView); -+ if (!keyValues) { -+ qWarning(lcQtGuiTextureIO, "Could not parse key values in KTX file %s", -+ logName().constData()); -+ return QTextureFileData(); -+ } -+ -+ texData.setKeyValueMetadata(*keyValues); -+ } -+ -+ // Technically, any number of levels is allowed but if the value is bigger than -+ // what is possible in KTX V2 (and what makes sense) we return an error. -+ // maxLevels = log2(max(width, height, depth)) -+ const int maxLevels = (sizeof(quint32) * 8) -+ - qCountLeadingZeroBits(std::max( -+ { header.pixelWidth, header.pixelHeight, header.pixelDepth })); -+ -+ if (texData.numLevels() > maxLevels) { -+ qWarning(lcQtGuiTextureIO, "Too many levels in KTX file %s", logName().constData()); -+ return QTextureFileData(); -+ } - -- constexpr int MAX_ITERATIONS = 32; // cap iterations in case of corrupt data -+ if (texData.numFaces() != 1 && texData.numFaces() != 6) { -+ qWarning(lcQtGuiTextureIO, "Invalid number of faces in KTX file %s", logName().constData()); -+ return QTextureFileData(); -+ } - -- for (int level = 0; level < qMin(texData.numLevels(), MAX_ITERATIONS); level++) { -- if (offset + sizeof(quint32) > dataSize) // Corrupt file; avoid oob read -- break; -+ quint32 offset = headerKeyValueSize; -+ for (int level = 0; level < texData.numLevels(); level++) { -+ const auto imageSizeView = safeView(buf, offset, sizeof(quint32)); -+ if (imageSizeView.isEmpty()) { -+ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData()); -+ return QTextureFileData(); -+ } - -- const quint32 imageSize = decode(qFromUnaligned(buf.data() + offset)); -- offset += sizeof(quint32); -+ const quint32 imageSize = decode(qFromUnaligned(imageSizeView.data())); -+ offset += sizeof(quint32); // overflow checked indirectly above - -- for (int face = 0; face < qMin(texData.numFaces(), MAX_ITERATIONS); face++) { -+ for (int face = 0; face < texData.numFaces(); face++) { - texData.setDataOffset(offset, level, face); - texData.setDataLength(imageSize, level, face); - - // Add image data and padding to offset -- offset += withPadding(imageSize, 4); -+ const auto padded = nearestMultipleOf4(imageSize); -+ if (!padded) { -+ qWarning(lcQtGuiTextureIO, "Overflow in KTX file %s", logName().constData()); -+ return QTextureFileData(); -+ } -+ -+ quint32 offsetNext; -+ if (qAddOverflow(offset, *padded, &offsetNext)) { -+ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData()); -+ return QTextureFileData(); -+ } -+ -+ offset = offsetNext; - } - } - - if (!texData.isValid()) { -- qCDebug(lcQtGuiTextureIO, "Invalid values in header of KTX file %s", logName().constData()); -+ qWarning(lcQtGuiTextureIO, "Invalid values in header of KTX file %s", -+ logName().constData()); - return QTextureFileData(); - } - -@@ -187,33 +266,83 @@ bool QKtxHandler::checkHeader(const KTXHeader &header) - return is2D && (isCubeMap || isCompressedImage); - } - --QMap QKtxHandler::decodeKeyValues(QByteArrayView view) const -+std::optional> QKtxHandler::decodeKeyValues(QByteArrayView view) const - { - QMap output; - quint32 offset = 0; -- while (offset < view.size() + sizeof(quint32)) { -+ while (offset < quint32(view.size())) { -+ const auto keyAndValueByteSizeView = safeView(view, offset, sizeof(quint32)); -+ if (keyAndValueByteSizeView.isEmpty()) { -+ qWarning(lcQtGuiTextureIO, "Invalid view in KTX key-value"); -+ return std::nullopt; -+ } -+ - const quint32 keyAndValueByteSize = -- decode(qFromUnaligned(view.constData() + offset)); -- offset += sizeof(quint32); -+ decode(qFromUnaligned(keyAndValueByteSizeView.data())); - -- if (offset + keyAndValueByteSize > quint64(view.size())) -- break; // oob read -+ quint32 offsetKeyAndValueStart; -+ if (qAddOverflow(offset, quint32(sizeof(quint32)), &offsetKeyAndValueStart)) { -+ qWarning(lcQtGuiTextureIO, "Overflow in KTX key-value"); -+ return std::nullopt; -+ } -+ -+ quint32 offsetKeyAndValueEnd; -+ if (qAddOverflow(offsetKeyAndValueStart, keyAndValueByteSize, &offsetKeyAndValueEnd)) { -+ qWarning(lcQtGuiTextureIO, "Overflow in KTX key-value"); -+ return std::nullopt; -+ } -+ -+ const auto keyValueView = safeView(view, offsetKeyAndValueStart, keyAndValueByteSize); -+ if (keyValueView.isEmpty()) { -+ qWarning(lcQtGuiTextureIO, "Invalid view in KTX key-value"); -+ return std::nullopt; -+ } - - // 'key' is a UTF-8 string ending with a null terminator, 'value' is the rest. - // To separate the key and value we convert the complete data to utf-8 and find the first - // null terminator from the left, here we split the data into two. -- const auto str = QString::fromUtf8(view.constData() + offset, keyAndValueByteSize); -- const int idx = str.indexOf('\0'_L1); -- if (idx == -1) -- continue; -- -- const QByteArray key = str.left(idx).toUtf8(); -- const size_t keySize = key.size() + 1; // Actual data size -- const QByteArray value = QByteArray::fromRawData(view.constData() + offset + keySize, -- keyAndValueByteSize - keySize); -- -- offset = withPadding(offset + keyAndValueByteSize, 4); -- output.insert(key, value); -+ -+ const int idx = keyValueView.indexOf('\0'); -+ if (idx == -1) { -+ qWarning(lcQtGuiTextureIO, "Invalid key in KTX key-value"); -+ return std::nullopt; -+ } -+ -+ const QByteArrayView keyView = safeView(view, offsetKeyAndValueStart, idx); -+ if (keyView.isEmpty()) { -+ qWarning(lcQtGuiTextureIO, "Overflow in KTX key-value"); -+ return std::nullopt; -+ } -+ -+ const quint32 keySize = idx + 1; // Actual data size -+ -+ quint32 offsetValueStart; -+ if (qAddOverflow(offsetKeyAndValueStart, keySize, &offsetValueStart)) { -+ qWarning(lcQtGuiTextureIO, "Overflow in KTX key-value"); -+ return std::nullopt; -+ } -+ -+ quint32 valueSize; -+ if (qSubOverflow(keyAndValueByteSize, keySize, &valueSize)) { -+ qWarning(lcQtGuiTextureIO, "Underflow in KTX key-value"); -+ return std::nullopt; -+ } -+ -+ const QByteArrayView valueView = safeView(view, offsetValueStart, valueSize); -+ if (valueView.isEmpty()) { -+ qWarning(lcQtGuiTextureIO, "Invalid view in KTX key-value"); -+ return std::nullopt; -+ } -+ -+ output.insert(keyView.toByteArray(), valueView.toByteArray()); -+ -+ const auto offsetNext = nearestMultipleOf4(offsetKeyAndValueEnd); -+ if (!offsetNext) { -+ qWarning(lcQtGuiTextureIO, "Overflow in KTX key-value"); -+ return std::nullopt; -+ } -+ -+ offset = *offsetNext; - } - - return output; -diff --git a/src/gui/util/qktxhandler_p.h b/src/gui/util/qktxhandler_p.h -index 0fd2487393..1142aa8dc0 100644 ---- a/src/gui/util/qktxhandler_p.h -+++ b/src/gui/util/qktxhandler_p.h -@@ -17,6 +17,8 @@ - - #include "qtexturefilehandler_p.h" - -+#include -+ - QT_BEGIN_NAMESPACE - - struct KTXHeader; -@@ -33,7 +35,7 @@ public: - - private: - bool checkHeader(const KTXHeader &header); -- QMap decodeKeyValues(QByteArrayView view) const; -+ std::optional> decodeKeyValues(QByteArrayView view) const; - quint32 decode(quint32 val) const; - - bool inverseEndian = false; diff --git a/qtbase6.5.2-CVE-2024-33861.patch b/qtbase6.5.2-CVE-2024-33861.patch deleted file mode 100644 index b70ba76..0000000 --- a/qtbase6.5.2-CVE-2024-33861.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/src/corelib/text/qstringconverter.cpp b/src/corelib/text/qstringconverter.cpp -index 6ca65ba6ad8..043b8f54151 100644 ---- a/src/corelib/text/qstringconverter.cpp -+++ b/src/corelib/text/qstringconverter.cpp -@@ -1966,7 +1966,7 @@ struct QStringConverterICU : QStringConverter - const void *context; - ucnv_getToUCallBack(icu_conv, &action, &context); - if (context != state) -- ucnv_setToUCallBack(icu_conv, action, &state, nullptr, nullptr, &err); -+ ucnv_setToUCallBack(icu_conv, action, state, nullptr, nullptr, &err); - - ucnv_toUnicode(icu_conv, &target, targetLimit, &source, sourceLimit, nullptr, flush, &err); - // We did reserve enough space: -@@ -1999,7 +1999,7 @@ struct QStringConverterICU : QStringConverter - const void *context; - ucnv_getFromUCallBack(icu_conv, &action, &context); - if (context != state) -- ucnv_setFromUCallBack(icu_conv, action, &state, nullptr, nullptr, &err); -+ ucnv_setFromUCallBack(icu_conv, action, state, nullptr, nullptr, &err); - - ucnv_fromUnicode(icu_conv, &target, targetLimit, &source, sourceLimit, nullptr, flush, &err); - // We did reserve enough space: diff --git a/qtbase6.5.2-CVE-2024-39936.patch b/qtbase6.5.2-CVE-2024-39936.patch deleted file mode 100644 index 8dcf842..0000000 --- a/qtbase6.5.2-CVE-2024-39936.patch +++ /dev/null @@ -1,138 +0,0 @@ -diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp -index ec100708600..80819105201 100644 ---- a/src/network/access/qhttp2protocolhandler.cpp -+++ b/src/network/access/qhttp2protocolhandler.cpp -@@ -339,12 +339,12 @@ bool QHttp2ProtocolHandler::sendRequest() - } - } - -- if (!prefaceSent && !sendClientPreface()) -- return false; -- - if (!requests.size()) - return true; - -+ if (!prefaceSent && !sendClientPreface()) -+ return false; -+ - m_channel->state = QHttpNetworkConnectionChannel::WritingState; - // Check what was promised/pushed, maybe we do not have to send a request - // and have a response already? -diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp -index b9e1ae403cd..3cbe1b16f9e 100644 ---- a/src/network/access/qhttpnetworkconnectionchannel.cpp -+++ b/src/network/access/qhttpnetworkconnectionchannel.cpp -@@ -209,6 +209,10 @@ - bool QHttpNetworkConnectionChannel::sendRequest() - { - Q_ASSERT(protocolHandler); -+ if (waitingForPotentialAbort) { -+ needInvokeSendRequest = true; -+ return false; // this return value is unused -+ } - return protocolHandler->sendRequest(); - } - -@@ -221,21 +225,28 @@ - void QHttpNetworkConnectionChannel::sendRequestDelayed() - { - QMetaObject::invokeMethod(this, [this] { -- Q_ASSERT(protocolHandler); - if (reply) -- protocolHandler->sendRequest(); -+ sendRequest(); - }, Qt::ConnectionType::QueuedConnection); - } - - void QHttpNetworkConnectionChannel::_q_receiveReply() - { - Q_ASSERT(protocolHandler); -+ if (waitingForPotentialAbort) { -+ needInvokeReceiveReply = true; -+ return; -+ } - protocolHandler->_q_receiveReply(); - } - - void QHttpNetworkConnectionChannel::_q_readyRead() - { - Q_ASSERT(protocolHandler); -+ if (waitingForPotentialAbort) { -+ needInvokeReadyRead = true; -+ return; -+ } - protocolHandler->_q_readyRead(); - } - -@@ -1232,7 +1243,18 @@ - // Similar to HTTP/1.1 counterpart below: - const auto &h2Pairs = h2RequestsToSend.values(); // (request, reply) - const auto &pair = h2Pairs.first(); -+ waitingForPotentialAbort = true; - emit pair.second->encrypted(); -+ -+ // We don't send or handle any received data until any effects from -+ // emitting encrypted() have been processed. This is necessary -+ // because the user may have called abort(). We may also abort the -+ // whole connection if the request has been aborted and there is -+ // no more requests to send. -+ QMetaObject::invokeMethod(this, -+ &QHttpNetworkConnectionChannel::checkAndResumeCommunication, -+ Qt::QueuedConnection); -+ - // In case our peer has sent us its settings (window size, max concurrent streams etc.) - // let's give _q_receiveReply a chance to read them first ('invokeMethod', QueuedConnection). - QMetaObject::invokeMethod(connection, "_q_startNextRequest", Qt::QueuedConnection); -@@ -1250,6 +1272,28 @@ - } - } - -+ -+void QHttpNetworkConnectionChannel::checkAndResumeCommunication() -+{ -+ Q_ASSERT(connection->connectionType() == QHttpNetworkConnection::ConnectionTypeHTTP2 -+ || connection->connectionType() == QHttpNetworkConnection::ConnectionTypeHTTP2Direct); -+ -+ // Because HTTP/2 requires that we send a SETTINGS frame as the first thing we do, and respond -+ // to a SETTINGS frame with an ACK, we need to delay any handling until we can ensure that any -+ // effects from emitting encrypted() have been processed. -+ // This function is called after encrypted() was emitted, so check for changes. -+ -+ if (!reply && h2RequestsToSend.isEmpty()) -+ abort(); -+ waitingForPotentialAbort = false; -+ if (needInvokeReadyRead) -+ _q_readyRead(); -+ if (needInvokeReceiveReply) -+ _q_receiveReply(); -+ if (needInvokeSendRequest) -+ sendRequest(); -+} -+ - void QHttpNetworkConnectionChannel::requeueHttp2Requests() - { - QList h2Pairs = h2RequestsToSend.values(); -diff --git a/src/network/access/qhttpnetworkconnectionchannel_p.h b/src/network/access/qhttpnetworkconnectionchannel_p.h -index e38e56df160..76d5baef2e3 100644 ---- a/src/network/access/qhttpnetworkconnectionchannel_p.h -+++ b/src/network/access/qhttpnetworkconnectionchannel_p.h -@@ -73,6 +73,10 @@ public: - QAbstractSocket *socket; - bool ssl; - bool isInitialized; -+ bool waitingForPotentialAbort = false; -+ bool needInvokeReceiveReply = false; -+ bool needInvokeReadyRead = false; -+ bool needInvokeSendRequest = false; - ChannelState state; - QHttpNetworkRequest request; // current request, only used for HTTP - QHttpNetworkReply *reply; // current reply for this request, only used for HTTP -@@ -145,6 +149,8 @@ public: - void closeAndResendCurrentRequest(); - void resendCurrentRequest(); - -+ void checkAndResumeCommunication(); -+ - bool isSocketBusy() const; - bool isSocketWriting() const; - bool isSocketWaiting() const; -- Gitee