diff --git a/CVE-2024-36048-qtnetworkauth-6.5.diff b/CVE-2024-36048-qtnetworkauth-6.5.diff deleted file mode 100644 index f5579211607052715afbc24df16f560645861660..0000000000000000000000000000000000000000 --- a/CVE-2024-36048-qtnetworkauth-6.5.diff +++ /dev/null @@ -1,53 +0,0 @@ -diff --git a/src/oauth/qabstractoauth.cpp b/src/oauth/qabstractoauth.cpp -index 8e29d36..de6f4ab 100644 ---- a/src/oauth/qabstractoauth.cpp -+++ b/src/oauth/qabstractoauth.cpp -@@ -11,7 +11,6 @@ - #include - #include - #include --#include - #include - #include - #include -@@ -20,6 +19,9 @@ - #include - #include - -+#include -+#include -+ - #include - - QT_BEGIN_NAMESPACE -@@ -262,15 +264,19 @@ void QAbstractOAuthPrivate::setStatus(QAbstractOAuth::Status newStatus) - } - } - -+Q_CONSTINIT static QBasicMutex prngMutex; -+Q_GLOBAL_STATIC_WITH_ARGS(std::mt19937, prng, (*QRandomGenerator::system())) -+ - QByteArray QAbstractOAuthPrivate::generateRandomString(quint8 length) - { -- const char characters[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; -- static std::mt19937 randomEngine(QDateTime::currentDateTime().toMSecsSinceEpoch()); -+ constexpr char characters[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; - std::uniform_int_distribution distribution(0, sizeof(characters) - 2); - QByteArray data; - data.reserve(length); -+ auto lock = qt_unique_lock(prngMutex); - for (quint8 i = 0; i < length; ++i) -- data.append(characters[distribution(randomEngine)]); -+ data.append(characters[distribution(*prng)]); -+ lock.unlock(); - return data; - } - -@@ -580,6 +586,7 @@ void QAbstractOAuth::resourceOwnerAuthorization(const QUrl &url, const QMultiMap - } - - /*! -+ \threadsafe - Generates a random string which could be used as state or nonce. - The parameter \a length determines the size of the generated - string. diff --git a/qt6-qtnetworkauth.spec b/qt6-qtnetworkauth.spec index fc4b70e5dc0db601d47dcf624d8bd16cdd83d8b5..839e5ad10bee12c3f392f186f42d1c0295b452e5 100644 --- a/qt6-qtnetworkauth.spec +++ b/qt6-qtnetworkauth.spec @@ -1,21 +1,18 @@ - %global qt_module qtnetworkauth -%define short_version 6.5 +%bcond_without doc + +%global examples 1 Summary: Qt6 - NetworkAuth component Name: qt6-%{qt_module} -Version: 6.5.2 -Release: 3 - -# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details -License: LGPLv2 with exceptions or GPLv3 with exceptions -Url: http://www.qt.io +Version: 6.8.2 +Release: 1 +License: GPL-3.0-only WITH Qt-GPL-exception-1.0 +Url: https://www.qt.io %global majmin %(echo %{version} | cut -d. -f1-2) -%global qt_version %(echo %{version} | cut -d~ -f1) -Source0: https://download.qt.io/official_releases/qt/%{short_version}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz -Patch0: CVE-2024-36048-qtnetworkauth-6.5.diff +Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz # filter plugin/qml provides %global __provides_exclude_from ^(%{_qt6_archdatadir}/qml/.*\\.so|%{_qt6_plugindir}/.*\\.so)$ @@ -27,6 +24,9 @@ BuildRequires: qt6-qtbase-devel >= %{version} BuildRequires: qt6-qtbase-private-devel BuildRequires: pkgconfig(xkbcommon) >= 0.4.1 %{?_qt6:Requires: %{_qt6}%{?_isa} = %{_qt6_version}} +%if %{with doc} +BuildRequires: /usr/bin/qdoc-qt6 +%endif %description %{summary} @@ -34,7 +34,7 @@ BuildRequires: pkgconfig(xkbcommon) >= 0.4.1 %package devel Summary: Development files for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} -Requires: qt6-qtbase-devel%{?_isa} +Requires: qt6-qtbase-devel%{?_isa} >= %{version} %description devel %{summary}. @@ -44,19 +44,32 @@ Requires: %{name}%{?_isa} = %{version}-%{release} %description examples %{summary}. +%package doc +Summary: Documentation for %{qt_module} +Buildarch: noarch -%prep -%autosetup -n %{qt_module}-everywhere-src-%{qt_version} -p1 +%description doc +Documentation for %{qt_module}. +%prep +%autosetup -n %{qt_module}-everywhere-src-%{version} -p1 %build -%cmake_qt6 +%cmake_qt6 \ + -DQT_BUILD_EXAMPLES:BOOL=%{?examples:ON}%{!?examples:OFF} \ + -DQT_INSTALL_EXAMPLES_SOURCES=%{?examples:ON}%{!?examples:OFF} %cmake_build +%if %{with doc} +%cmake_build --target docs +%endif %install %cmake_install +%if %{with doc} +DESTDIR="%{buildroot}" %{__cmake} --build %{__cmake_builddir} --target install_docs +%endif ## .prl/.la file love # nuke .prl reference(s) to %%buildroot, excessive (.la-like) libs @@ -73,6 +86,7 @@ popd %files %license LICENSES/GPL* +%{_qt6_archdatadir}/sbom/%{qt_module}-%{version}.spdx %{_qt6_libdir}/libQt6NetworkAuth.so.6* %files devel @@ -82,16 +96,23 @@ popd %{_qt6_libdir}/cmake/Qt6BuildInternals/StandaloneTests/QtNetworkAuthTestsConfig.cmake %dir %{_qt6_libdir}/cmake/Qt6NetworkAuth/ %{_qt6_libdir}/cmake/Qt6NetworkAuth/*.cmake -%{_qt6_archdatadir}/mkspecs/modules/qt_lib_networkauth*.pri -%{_qt6_archdatadir}/modules/*.json -%{_qt6_archdatadir}/metatypes/qt6*_metatypes.json +%{_qt6_mkspecsdir}/modules/qt_lib_networkauth*.pri +%{_qt6_descriptionsdir}/*.json +%{_qt6_metatypesdir}/qt6*_metatypes.json %{_qt6_libdir}/pkgconfig/*.pc %files examples %{_qt6_examplesdir}/ +%if %{with doc} +%files doc +%{_docdir}/qt6/* +%endif %changelog +* Mon Mar 24 2025 Funda Wang - 6.8.2-1 +- update to 6.8.2 + * Sat Feb 01 2025 Funda Wang - 6.5.2-3 - fix CVE-2024-36048 diff --git a/qtnetworkauth-everywhere-src-6.5.2.tar.xz b/qtnetworkauth-everywhere-src-6.5.2.tar.xz deleted file mode 100644 index 61dc20a25e7a4a7b8e0e77d01543e95e2594e6c8..0000000000000000000000000000000000000000 Binary files a/qtnetworkauth-everywhere-src-6.5.2.tar.xz and /dev/null differ diff --git a/qtnetworkauth-everywhere-src-6.8.2.tar.xz b/qtnetworkauth-everywhere-src-6.8.2.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..d4a9f5e2ba64003df6ad5ee081a4566202316b6c Binary files /dev/null and b/qtnetworkauth-everywhere-src-6.8.2.tar.xz differ