commit a50b3e331289aff44497f5052e2d38e153b1bc1c Author: Jiayi Yin Date: Sun May 18 18:04:03 2025 +0000 转换LFS仓库为普通仓库 diff --git a/0001-modify-kwin_5.18-complier-error.patch b/0001-modify-kwin_5.18-complier-error.patch new file mode 100644 index 0000000..e55592c --- /dev/null +++ b/0001-modify-kwin_5.18-complier-error.patch @@ -0,0 +1,233 @@ +From bc16340b2eee8b7f7c7a8fd4cf7ba0c288bfc6bc Mon Sep 17 00:00:00 2001 +From: pei-jiankang +Date: Wed, 10 Nov 2021 22:09:24 +0800 +Subject: [PATCH] modify-kwin_5.18-complier-error + +--- + examples/corelib/serialization/cbordump/main.cpp | 8 ++++---- + .../src_corelib_serialization_qcborstream.cpp | 2 +- + src/corelib/serialization/qcborcommon.h | 4 ++-- + src/corelib/serialization/qcborstreamreader.h | 6 +++--- + src/corelib/serialization/qcborstreamwriter.h | 2 +- + src/corelib/serialization/qcborvalue.cpp | 4 ++-- + src/corelib/serialization/qcborvalue.h | 4 ++-- + .../corelib/kernel/qmetatype/tst_qmetatype.h | 2 +- + .../qcborstreamreader/tst_qcborstreamreader.cpp | 8 ++++---- + .../serialization/qcborvalue/tst_qcborvalue.cpp | 16 ++++++++-------- + 10 files changed, 28 insertions(+), 28 deletions(-) + +diff --git a/examples/corelib/serialization/cbordump/main.cpp b/examples/corelib/serialization/cbordump/main.cpp +index 222bd436..b43650eb 100644 +--- a/examples/corelib/serialization/cbordump/main.cpp ++++ b/examples/corelib/serialization/cbordump/main.cpp +@@ -385,10 +385,10 @@ void CborDumper::dumpOne(int nestingLevel) + + case QCborStreamReader::SimpleType: + switch (reader.toSimpleType()) { +- case QCborSimpleType::False: ++ case QCborSimpleType::False_QCb: + printf("false"); + break; +- case QCborSimpleType::True: ++ case QCborSimpleType::True_QCb: + printf("true"); + break; + case QCborSimpleType::Null: +@@ -620,10 +620,10 @@ void CborDumper::dumpOneDetailed(int nestingLevel) + QCborSimpleType st = reader.toSimpleType(); + reader.next(); + switch (st) { +- case QCborSimpleType::False: ++ case QCborSimpleType::False_QCb: + print("Simple Type", "false"); + break; +- case QCborSimpleType::True: ++ case QCborSimpleType::True_QCb: + print("Simple Type", "true"); + break; + case QCborSimpleType::Null: +diff --git a/src/corelib/doc/snippets/code/src_corelib_serialization_qcborstream.cpp b/src/corelib/doc/snippets/code/src_corelib_serialization_qcborstream.cpp +index 6ddb5a93..993a0a03 100644 +--- a/src/corelib/doc/snippets/code/src_corelib_serialization_qcborstream.cpp ++++ b/src/corelib/doc/snippets/code/src_corelib_serialization_qcborstream.cpp +@@ -192,7 +192,7 @@ + //! [15] + + //! [16] +- writer.append(b ? QCborSimpleType::True : QCborSimpleType::False); ++ writer.append(b ? QCborSimpleType::True_QCb : QCborSimpleType::False_QCb); + //! [16] + + //! [17] +diff --git a/src/corelib/serialization/qcborcommon.h b/src/corelib/serialization/qcborcommon.h +index bec46399..1d80e076 100644 +--- a/src/corelib/serialization/qcborcommon.h ++++ b/src/corelib/serialization/qcborcommon.h +@@ -58,8 +58,8 @@ + QT_BEGIN_NAMESPACE + + enum class QCborSimpleType : quint8 { +- False = 20, +- True = 21, ++ False_QCb = 20, ++ True_QCb = 21, + Null = 22, + Undefined = 23 + }; +diff --git a/src/corelib/serialization/qcborstreamreader.h b/src/corelib/serialization/qcborstreamreader.h +index 6d5feccf..1fd22b79 100644 +--- a/src/corelib/serialization/qcborstreamreader.h ++++ b/src/corelib/serialization/qcborstreamreader.h +@@ -140,8 +140,8 @@ public: + bool isInvalid() const { return type() == Invalid; } + + bool isSimpleType(QCborSimpleType st) const { return isSimpleType() && toSimpleType() == st; } +- bool isFalse() const { return isSimpleType(QCborSimpleType::False); } +- bool isTrue() const { return isSimpleType(QCborSimpleType::True); } ++ bool isFalse() const { return isSimpleType(QCborSimpleType::False_QCb); } ++ bool isTrue() const { return isSimpleType(QCborSimpleType::True_QCb); } + bool isBool() const { return isFalse() || isTrue(); } + bool isNull() const { return isSimpleType(QCborSimpleType::Null); } + bool isUndefined() const { return isSimpleType(QCborSimpleType::Undefined); } +@@ -158,7 +158,7 @@ public: + qsizetype currentStringChunkSize() const{ Q_ASSERT(isString() || isByteArray()); return _currentStringChunkSize(); } + StringResult readStringChunk(char *ptr, qsizetype maxlen); + +- bool toBool() const { Q_ASSERT(isBool()); return value64 - int(QCborSimpleType::False); } ++ bool toBool() const { Q_ASSERT(isBool()); return value64 - int(QCborSimpleType::False_QCb); } + QCborTag toTag() const { Q_ASSERT(isTag()); return QCborTag(value64); } + quint64 toUnsignedInteger() const { Q_ASSERT(isUnsignedInteger()); return value64; } + QCborNegativeInteger toNegativeInteger() const { Q_ASSERT(isNegativeInteger()); return QCborNegativeInteger(value64 + 1); } +diff --git a/src/corelib/serialization/qcborstreamwriter.h b/src/corelib/serialization/qcborstreamwriter.h +index f8c94ceb..befea659 100644 +--- a/src/corelib/serialization/qcborstreamwriter.h ++++ b/src/corelib/serialization/qcborstreamwriter.h +@@ -93,7 +93,7 @@ public: + void appendTextString(const char *utf8, qsizetype len); + + // convenience +- void append(bool b) { append(b ? QCborSimpleType::True : QCborSimpleType::False); } ++ void append(bool b) { append(b ? QCborSimpleType::True_QCb : QCborSimpleType::False_QCb); } + void appendNull() { append(QCborSimpleType::Null); } + void appendUndefined() { append(QCborSimpleType::Undefined); } + +diff --git a/src/corelib/serialization/qcborvalue.cpp b/src/corelib/serialization/qcborvalue.cpp +index 89a928d3..465b8d20 100644 +--- a/src/corelib/serialization/qcborvalue.cpp ++++ b/src/corelib/serialization/qcborvalue.cpp +@@ -3060,9 +3060,9 @@ QDebug operator<<(QDebug dbg, const QCborValue &v) + Q_CORE_EXPORT const char *qt_cbor_simpletype_id(QCborSimpleType st) + { + switch (st) { +- case QCborSimpleType::False: ++ case QCborSimpleType::False_QCb: + return "False"; +- case QCborSimpleType::True: ++ case QCborSimpleType::True_QCb: + return "True"; + case QCborSimpleType::Null: + return "Null"; +diff --git a/src/corelib/serialization/qcborvalue.h b/src/corelib/serialization/qcborvalue.h +index aa51e5da..b96d500d 100644 +--- a/src/corelib/serialization/qcborvalue.h ++++ b/src/corelib/serialization/qcborvalue.h +@@ -117,8 +117,8 @@ public: + + // range 0x100 - 0x1ff for Simple Types + SimpleType = 0x100, +- False = SimpleType + int(QCborSimpleType::False), +- True = SimpleType + int(QCborSimpleType::True), ++ False = SimpleType + int(QCborSimpleType::False_QCb), ++ True = SimpleType + int(QCborSimpleType::True_QCb), + Null = SimpleType + int(QCborSimpleType::Null), + Undefined = SimpleType + int(QCborSimpleType::Undefined), + +diff --git a/tests/auto/corelib/kernel/qmetatype/tst_qmetatype.h b/tests/auto/corelib/kernel/qmetatype/tst_qmetatype.h +index 22bcb69a..4d5bdc1a 100644 +--- a/tests/auto/corelib/kernel/qmetatype/tst_qmetatype.h ++++ b/tests/auto/corelib/kernel/qmetatype/tst_qmetatype.h +@@ -275,7 +275,7 @@ template<> struct TestValueFactory { + }; + + template<> struct TestValueFactory { +- static QCborSimpleType *create() { return new QCborSimpleType(QCborSimpleType::True); } ++ static QCborSimpleType *create() { return new QCborSimpleType(QCborSimpleType::True_QCb); } + }; + template<> struct TestValueFactory { + static QCborValue *create() { return new QCborValue(123.); } +diff --git a/tests/auto/corelib/serialization/qcborstreamreader/tst_qcborstreamreader.cpp b/tests/auto/corelib/serialization/qcborstreamreader/tst_qcborstreamreader.cpp +index f969bb90..a4d75422 100644 +--- a/tests/auto/corelib/serialization/qcborstreamreader/tst_qcborstreamreader.cpp ++++ b/tests/auto/corelib/serialization/qcborstreamreader/tst_qcborstreamreader.cpp +@@ -454,10 +454,10 @@ static QString parseOne(QCborStreamReader &reader) + } + case QCborStreamReader::SimpleType: + switch (reader.toSimpleType()) { +- case QCborSimpleType::False: ++ case QCborSimpleType::False_QCb: + result = QStringLiteral("false"); + break; +- case QCborSimpleType::True: ++ case QCborSimpleType::True_QCb: + result = QStringLiteral("true"); + break; + case QCborSimpleType::Null: +@@ -577,10 +577,10 @@ bool parseNonRecursive(QString &result, bool &printingStringChunks, QCborStreamR + continue; // skip the comma + case QCborStreamReader::SimpleType: + switch (reader.toSimpleType()) { +- case QCborSimpleType::False: ++ case QCborSimpleType::False_QCb: + result += QStringLiteral("false"); + break; +- case QCborSimpleType::True: ++ case QCborSimpleType::True_QCb: + result += QStringLiteral("true"); + break; + case QCborSimpleType::Null: +diff --git a/tests/auto/corelib/serialization/qcborvalue/tst_qcborvalue.cpp b/tests/auto/corelib/serialization/qcborvalue/tst_qcborvalue.cpp +index 0a780d3e..cf3f9df3 100644 +--- a/tests/auto/corelib/serialization/qcborvalue/tst_qcborvalue.cpp ++++ b/tests/auto/corelib/serialization/qcborvalue/tst_qcborvalue.cpp +@@ -240,12 +240,12 @@ void tst_QCborValue::basics_data() + add(QCborValue::Null, QCborValue::Null, st(QCborSimpleType::Null)); + QTest::newRow("nullptr") << QCborValue::Null << QCborValue(nullptr) + << st(QCborSimpleType::Null); +- add(QCborValue::False, false, st(QCborSimpleType::False)); ++ add(QCborValue::False, false, st(QCborSimpleType::False_QCb)); + QTest::newRow("false") << QCborValue::False << QCborValue(QCborValue::False) +- << st(QCborSimpleType::False); +- add(QCborValue::True, true, st(QCborSimpleType::True)); ++ << st(QCborSimpleType::False_QCb); ++ add(QCborValue::True, true, st(QCborSimpleType::True_QCb)); + QTest::newRow("true") << QCborValue::True << QCborValue(QCborValue::True) +- << st(QCborSimpleType::True); ++ << st(QCborSimpleType::True_QCb); + QTest::newRow("simpletype") << QCborValue::Type(QCborValue::SimpleType + 255) + << QCborValue(QCborSimpleType(255)) + << st(QCborSimpleType(255)); +@@ -297,8 +297,8 @@ static void basicTypeCheck(QCborValue::Type type, const QCborValue &v, const QVa + QCOMPARE(v.isInvalid(), type == QCborValue::Invalid); + QCOMPARE(v.isContainer(), type == QCborValue::Array || type == QCborValue::Map); + QCOMPARE(v.isSimpleType(), isSimpleType); +- QCOMPARE(v.isSimpleType(QCborSimpleType::False), st == QCborSimpleType::False); +- QCOMPARE(v.isSimpleType(QCborSimpleType::True), st == QCborSimpleType::True); ++ QCOMPARE(v.isSimpleType(QCborSimpleType::False_QCb), st == QCborSimpleType::False_QCb); ++ QCOMPARE(v.isSimpleType(QCborSimpleType::True_QCb), st == QCborSimpleType::True_QCb); + QCOMPARE(v.isSimpleType(QCborSimpleType::Null), st == QCborSimpleType::Null); + QCOMPARE(v.isSimpleType(QCborSimpleType::Undefined), st == QCborSimpleType::Undefined); + QCOMPARE(v.isSimpleType(QCborSimpleType(255)), st == QCborSimpleType(255)); +@@ -310,8 +310,8 @@ static void basicTypeCheck(QCborValue::Type type, const QCborValue &v, const QVa + QCOMPARE(v.toInteger(), qint64(expectedValue.toDouble())); + QCOMPARE(v.toDouble(), expectedValue.toDouble()); + } +- QCOMPARE(v.toBool(true), st != QCborSimpleType::False); +- QCOMPARE(v.toBool(), st == QCborSimpleType::True); ++ QCOMPARE(v.toBool(true), st != QCborSimpleType::False_QCb); ++ QCOMPARE(v.toBool(), st == QCborSimpleType::True_QCb); + if (st == QCborSimpleType::Undefined) + QCOMPARE(v.toSimpleType(QCborSimpleType::Null), QCborSimpleType::Undefined); + else if (isSimpleType) +-- +2.27.0 + diff --git a/10-qt5-check-opengl2.sh b/10-qt5-check-opengl2.sh new file mode 100644 index 0000000..57071d4 --- /dev/null +++ b/10-qt5-check-opengl2.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +if [ -z "$QT_XCB_FORCE_SOFTWARE_OPENGL" ]; then + +QT5_CHECK_OPENGL_VERSION=`LANG=C glxinfo 2> /dev/null | grep '^OpenGL version string: ' | head -n 1 | sed -e 's/^OpenGL version string: \([0-9]\).*$/\1/g'` ||: + +if [ "$QT5_CHECK_OPENGL_VERSION" == "1" ]; then + QT_XCB_FORCE_SOFTWARE_OPENGL=1 + export QT_XCB_FORCE_SOFTWARE_OPENGL +fi + +unset QT5_CHECK_OPENGL_VERSION + +fi diff --git a/1000-add-loongarch64-support-for-syscall_fork.patch b/1000-add-loongarch64-support-for-syscall_fork.patch new file mode 100644 index 0000000..3788b4a --- /dev/null +++ b/1000-add-loongarch64-support-for-syscall_fork.patch @@ -0,0 +1,13 @@ +diff --git a/src/3rdparty/forkfd/forkfd_linux.c b/src/3rdparty/forkfd/forkfd_linux.c +index ffe0e9a5..1ec9fea4 100644 +--- a/src/3rdparty/forkfd/forkfd_linux.c ++++ b/src/3rdparty/forkfd/forkfd_linux.c +@@ -82,7 +82,7 @@ static int sys_clone(unsigned long cloneflags, int *ptid) + return syscall(__NR_clone, cloneflags, child_stack, stack_size, ptid, newtls, ctid); + #elif defined(__arc__) || defined(__arm__) || defined(__aarch64__) || defined(__mips__) || \ + defined(__nds32__) || defined(__hppa__) || defined(__powerpc__) || defined(__i386__) || \ +- defined(__x86_64__) || defined(__xtensa__) || defined(__alpha__) || defined(__riscv) ++ defined(__x86_64__) || defined(__xtensa__) || defined(__alpha__) || defined(__riscv) || defined(__loongarch64) + /* ctid and newtls are inverted on CONFIG_CLONE_BACKWARDS architectures, + * but since both values are 0, there's no harm. */ + return syscall(__NR_clone, cloneflags, child_stack, ptid, ctid, newtls); diff --git a/1001-add-sw_64-support-for-syscall_fork.patch b/1001-add-sw_64-support-for-syscall_fork.patch new file mode 100644 index 0000000..aad6165 --- /dev/null +++ b/1001-add-sw_64-support-for-syscall_fork.patch @@ -0,0 +1,14 @@ +diff --git a/src/3rdparty/forkfd/forkfd_linux.c b/src/3rdparty/forkfd/forkfd_linux.c +index 1ec9fea4..2e9a7b68 100644 +--- a/src/3rdparty/forkfd/forkfd_linux.c ++++ b/src/3rdparty/forkfd/forkfd_linux.c +@@ -82,7 +82,8 @@ static int sys_clone(unsigned long cloneflags, int *ptid) + return syscall(__NR_clone, cloneflags, child_stack, stack_size, ptid, newtls, ctid); + #elif defined(__arc__) || defined(__arm__) || defined(__aarch64__) || defined(__mips__) || \ + defined(__nds32__) || defined(__hppa__) || defined(__powerpc__) || defined(__i386__) || \ +- defined(__x86_64__) || defined(__xtensa__) || defined(__alpha__) || defined(__riscv) || defined(__loongarch64) ++ defined(__x86_64__) || defined(__xtensa__) || defined(__alpha__) || defined(__riscv) || \ ++ defined(__loongarch64) ||defined(__sw_64__) + /* ctid and newtls are inverted on CONFIG_CLONE_BACKWARDS architectures, + * but since both values are 0, there's no harm. */ + return syscall(__NR_clone, cloneflags, child_stack, ptid, ctid, newtls); diff --git a/CVE-2021-38593.patch b/CVE-2021-38593.patch new file mode 100644 index 0000000..6f5d939 --- /dev/null +++ b/CVE-2021-38593.patch @@ -0,0 +1,84 @@ +Description: avoid processing-intensive painting of high number of tiny dashes + When stroking a dashed path, an unnecessary amount of processing would + be spent if there is a huge number of dashes visible, e.g. because of + scaling. Since the dashes are too small to be individually visible + anyway, just replace with a semi-transparent solid line for such + cases. +Origin: upstream, commits: + https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f4d791b330d02777 + https://code.qt.io/cgit/qt/qtbase.git/commit/?id=6b400e3147dcfd8c + https://code.qt.io/cgit/qt/qtbase.git/commit/?id=84aba80944a2e1c3 + https://code.qt.io/cgit/qt/qtbase.git/commit/?id=cca8ed0547405b1c +Last-Update: 2021-11-27 + +--- a/src/gui/painting/qpaintengineex.cpp ++++ b/src/gui/painting/qpaintengineex.cpp +@@ -385,10 +385,10 @@ QPainterState *QPaintEngineEx::createSta + + Q_GUI_EXPORT extern bool qt_scaleForTransform(const QTransform &transform, qreal *scale); // qtransform.cpp + +-void QPaintEngineEx::stroke(const QVectorPath &path, const QPen &pen) ++void QPaintEngineEx::stroke(const QVectorPath &path, const QPen &inPen) + { + #ifdef QT_DEBUG_DRAW +- qDebug() << "QPaintEngineEx::stroke()" << pen; ++ qDebug() << "QPaintEngineEx::stroke()" << inPen; + #endif + + Q_D(QPaintEngineEx); +@@ -403,6 +403,38 @@ void QPaintEngineEx::stroke(const QVecto + d->stroker.setCubicToHook(qpaintengineex_cubicTo); + } + ++ QRectF clipRect; ++ QPen pen = inPen; ++ if (pen.style() > Qt::SolidLine) { ++ QRectF cpRect = path.controlPointRect(); ++ const QTransform &xf = state()->matrix; ++ if (qt_pen_is_cosmetic(pen, state()->renderHints)) { ++ clipRect = d->exDeviceRect; ++ cpRect.translate(xf.dx(), xf.dy()); ++ } else { ++ clipRect = xf.inverted().mapRect(QRectF(d->exDeviceRect)); ++ } ++ // Check to avoid generating unwieldy amount of dashes that will not be visible anyway ++ qreal pw = pen.widthF() ? pen.widthF() : 1; ++ QRectF extentRect = cpRect.adjusted(-pw, -pw, pw, pw) & clipRect; ++ qreal extent = qMax(extentRect.width(), extentRect.height()); ++ qreal patternLength = 0; ++ const QVector pattern = pen.dashPattern(); ++ const int patternSize = qMin(pattern.size(), 32); ++ for (int i = 0; i < patternSize; i++) ++ patternLength += qMax(pattern.at(i), qreal(0)); ++ patternLength *= pw; ++ if (qFuzzyIsNull(patternLength)) { ++ pen.setStyle(Qt::NoPen); ++ } else if (extent / patternLength > 10000) { ++ // approximate stream of tiny dashes with semi-transparent solid line ++ pen.setStyle(Qt::SolidLine); ++ QColor color(pen.color()); ++ color.setAlpha(color.alpha() / 2); ++ pen.setColor(color); ++ } ++ } ++ + if (!qpen_fast_equals(pen, d->strokerPen)) { + d->strokerPen = pen; + d->stroker.setJoinStyle(pen.joinStyle()); +@@ -430,14 +462,8 @@ void QPaintEngineEx::stroke(const QVecto + return; + } + +- if (pen.style() > Qt::SolidLine) { +- if (qt_pen_is_cosmetic(pen, state()->renderHints)){ +- d->activeStroker->setClipRect(d->exDeviceRect); +- } else { +- QRectF clipRect = state()->matrix.inverted().mapRect(QRectF(d->exDeviceRect)); +- d->activeStroker->setClipRect(clipRect); +- } +- } ++ if (!clipRect.isNull()) ++ d->activeStroker->setClipRect(clipRect); + + if (d->activeStroker == &d->stroker) + d->stroker.setForceOpen(path.hasExplicitOpen()); diff --git a/CVE-2022-25255.patch b/CVE-2022-25255.patch new file mode 100644 index 0000000..764e939 --- /dev/null +++ b/CVE-2022-25255.patch @@ -0,0 +1,92 @@ +Description: QProcess: ensure we don't accidentally execute something from CWD + Unless "." (or the empty string) is in $PATH, we're not supposed to find + executables in the current directory. This is how the Unix shells behave + and we match their behavior. It's also the behavior Qt had prior to 5.9 + (commit 28666d167aa8e602c0bea25ebc4d51b55005db13). On Windows, searching + the current directory is the norm, so we keep that behavior. + . + This commit does not add an explicit check for an empty return from + QStandardPaths::findExecutable(). Instead, we allow that empty string to + go all the way to execve(2), which will fail with ENOENT. We could catch + it early, before fork(2), but why add code for the error case? + . + See https://kde.org/info/security/advisory-20220131-1.txt +Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2022-25255-qprocess5-15.diff +Last-Update: 2022-02-21 + +--- a/src/corelib/io/qprocess_unix.cpp ++++ b/src/corelib/io/qprocess_unix.cpp +@@ -1,7 +1,7 @@ + /**************************************************************************** + ** + ** Copyright (C) 2016 The Qt Company Ltd. +-** Copyright (C) 2016 Intel Corporation. ++** Copyright (C) 2022 Intel Corporation. + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtCore module of the Qt Toolkit. +@@ -422,14 +422,15 @@ void QProcessPrivate::startProcess() + // Add the program name to the argument list. + argv[0] = nullptr; + if (!program.contains(QLatin1Char('/'))) { ++ // findExecutable() returns its argument if it's an absolute path, ++ // otherwise it searches $PATH; returns empty if not found (we handle ++ // that case much later) + const QString &exeFilePath = QStandardPaths::findExecutable(program); +- if (!exeFilePath.isEmpty()) { +- const QByteArray &tmp = QFile::encodeName(exeFilePath); +- argv[0] = ::strdup(tmp.constData()); +- } +- } +- if (!argv[0]) ++ const QByteArray &tmp = QFile::encodeName(exeFilePath); ++ argv[0] = ::strdup(tmp.constData()); ++ } else { + argv[0] = ::strdup(encodedProgramName.constData()); ++ } + + // Add every argument to the list + for (int i = 0; i < arguments.count(); ++i) +@@ -983,15 +984,16 @@ bool QProcessPrivate::startDetached(qint + envp = _q_dupEnvironment(environment.d.constData()->vars, &envc); + } + +- QByteArray tmp; + if (!program.contains(QLatin1Char('/'))) { ++ // findExecutable() returns its argument if it's an absolute path, ++ // otherwise it searches $PATH; returns empty if not found (we handle ++ // that case much later) + const QString &exeFilePath = QStandardPaths::findExecutable(program); +- if (!exeFilePath.isEmpty()) +- tmp = QFile::encodeName(exeFilePath); ++ const QByteArray &tmp = QFile::encodeName(exeFilePath); ++ argv[0] = ::strdup(tmp.constData()); ++ } else { ++ argv[0] = ::strdup(QFile::encodeName(program)); + } +- if (tmp.isEmpty()) +- tmp = QFile::encodeName(program); +- argv[0] = tmp.data(); + + if (envp) + qt_safe_execve(argv[0], argv, envp); +--- a/tests/auto/widgets/kernel/qapplication/tst_qapplication.cpp ++++ b/tests/auto/widgets/kernel/qapplication/tst_qapplication.cpp +@@ -1449,7 +1449,7 @@ void tst_QApplication::desktopSettingsAw + { + #if QT_CONFIG(process) + QProcess testProcess; +- testProcess.start("desktopsettingsaware_helper"); ++ testProcess.start("./desktopsettingsaware_helper"); + QVERIFY2(testProcess.waitForStarted(), + qPrintable(QString::fromLatin1("Cannot start 'desktopsettingsaware_helper': %1").arg(testProcess.errorString()))); + QVERIFY(testProcess.waitForFinished(10000)); +@@ -2365,7 +2365,7 @@ void tst_QApplication::qtbug_12673() + #if QT_CONFIG(process) + QProcess testProcess; + QStringList arguments; +- testProcess.start("modal_helper", arguments); ++ testProcess.start("./modal_helper", arguments); + QVERIFY2(testProcess.waitForStarted(), + qPrintable(QString::fromLatin1("Cannot start 'modal_helper': %1").arg(testProcess.errorString()))); + QVERIFY(testProcess.waitForFinished(20000)); diff --git a/CVE-2023-24607.patch b/CVE-2023-24607.patch new file mode 100644 index 0000000..6d2069f --- /dev/null +++ b/CVE-2023-24607.patch @@ -0,0 +1,336 @@ + src/plugins/sqldrivers/odbc/qsql_odbc.cpp | 210 ++++++++++++---------- + 1 file changed, 120 insertions(+), 90 deletions(-) + +diff --git a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +index 547eb204..8d7ce3e3 100644 +--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp ++++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +@@ -91,23 +91,39 @@ inline static QString fromSQLTCHAR(const QVarLengthArray& input, int s + return result; + } + ++template ++void toSQLTCHARImpl(QVarLengthArray &result, const QString &input); // primary template undefined ++ ++template ++void do_append(QVarLengthArray &result, const Container &c) ++{ ++ result.append(reinterpret_cast(c.data()), c.size()); ++} ++ ++template <> ++void toSQLTCHARImpl<1>(QVarLengthArray &result, const QString &input) ++{ ++ const auto u8 = input.toUtf8(); ++ do_append(result, u8); ++} ++ ++template <> ++void toSQLTCHARImpl<2>(QVarLengthArray &result, const QString &input) ++{ ++ do_append(result, input); ++} ++ ++template <> ++void toSQLTCHARImpl<4>(QVarLengthArray &result, const QString &input) ++{ ++ const auto u32 = input.toUcs4(); ++ do_append(result, u32); ++} ++ + inline static QVarLengthArray toSQLTCHAR(const QString &input) + { + QVarLengthArray result; +- result.resize(input.size()); +- switch(sizeof(SQLTCHAR)) { +- case 1: +- memcpy(result.data(), input.toUtf8().data(), input.size()); +- break; +- case 2: +- memcpy(result.data(), input.unicode(), input.size() * 2); +- break; +- case 4: +- memcpy(result.data(), input.toUcs4().data(), input.size() * 4); +- break; +- default: +- qCritical("sizeof(SQLTCHAR) is %d. Don't know how to handle this.", int(sizeof(SQLTCHAR))); +- } ++ toSQLTCHARImpl(result, input); + result.append(0); // make sure it's null terminated, doesn't matter if it already is, it does if it isn't. + return result; + } +@@ -768,6 +784,14 @@ QChar QODBCDriverPrivate::quoteChar() + return quote; + } + ++static SQLRETURN qt_string_SQLSetConnectAttr(SQLHDBC handle, SQLINTEGER attr, const QString &val) ++{ ++ auto encoded = toSQLTCHAR(val); ++ return SQLSetConnectAttr(handle, attr, ++ encoded.data(), ++ SQLINTEGER(encoded.size() * sizeof(SQLTCHAR))); // size in bytes ++} ++ + + bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) + { +@@ -803,10 +826,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) + v = val.toUInt(); + r = SQLSetConnectAttr(hDbc, SQL_ATTR_LOGIN_TIMEOUT, (SQLPOINTER) size_t(v), 0); + } else if (opt.toUpper() == QLatin1String("SQL_ATTR_CURRENT_CATALOG")) { +- val.utf16(); // 0 terminate +- r = SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG, +- toSQLTCHAR(val).data(), +- val.length()*sizeof(SQLTCHAR)); ++ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG, val); + } else if (opt.toUpper() == QLatin1String("SQL_ATTR_METADATA_ID")) { + if (val.toUpper() == QLatin1String("SQL_TRUE")) { + v = SQL_TRUE; +@@ -821,10 +841,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) + v = val.toUInt(); + r = SQLSetConnectAttr(hDbc, SQL_ATTR_PACKET_SIZE, (SQLPOINTER) size_t(v), 0); + } else if (opt.toUpper() == QLatin1String("SQL_ATTR_TRACEFILE")) { +- val.utf16(); // 0 terminate +- r = SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, +- toSQLTCHAR(val).data(), +- val.length()*sizeof(SQLTCHAR)); ++ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, val); + } else if (opt.toUpper() == QLatin1String("SQL_ATTR_TRACE")) { + if (val.toUpper() == QLatin1String("SQL_OPT_TRACE_OFF")) { + v = SQL_OPT_TRACE_OFF; +@@ -1027,9 +1044,13 @@ bool QODBCResult::reset (const QString& query) + return false; + } + +- r = SQLExecDirect(d->hStmt, +- toSQLTCHAR(query).data(), +- (SQLINTEGER) query.length()); ++ { ++ auto encoded = toSQLTCHAR(query); ++ r = SQLExecDirect(d->hStmt, ++ encoded.data(), ++ SQLINTEGER(encoded.size())); ++ } ++ + if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO && r!= SQL_NO_DATA) { + setLastError(qMakeError(QCoreApplication::translate("QODBCResult", + "Unable to execute statement"), QSqlError::StatementError, d)); +@@ -1375,9 +1396,12 @@ bool QODBCResult::prepare(const QString& query) + return false; + } + +- r = SQLPrepare(d->hStmt, +- toSQLTCHAR(query).data(), +- (SQLINTEGER) query.length()); ++ { ++ auto encoded = toSQLTCHAR(query); ++ r = SQLPrepare(d->hStmt, ++ encoded.data(), ++ SQLINTEGER(encoded.size())); ++ } + + if (r != SQL_SUCCESS) { + setLastError(qMakeError(QCoreApplication::translate("QODBCResult", +@@ -1405,7 +1429,7 @@ bool QODBCResult::exec() + SQLCloseCursor(d->hStmt); + + QVector& values = boundValues(); +- QVector tmpStorage(values.count(), QByteArray()); // holds temporary buffers ++ QVector tmpStorage(values.count(), QByteArray()); // targets for SQLBindParameter() + QVarLengthArray indicators(values.count()); + memset(indicators.data(), 0, indicators.size() * sizeof(SQLLEN)); + +@@ -1582,35 +1606,36 @@ bool QODBCResult::exec() + case QVariant::String: + if (d->unicode) { + QByteArray &ba = tmpStorage[i]; +- QString str = val.toString(); ++ { ++ const auto encoded = toSQLTCHAR(val.toString()); ++ ba = QByteArray(reinterpret_cast(encoded.data()), ++ encoded.size() * sizeof(SQLTCHAR)); ++ } ++ + if (*ind != SQL_NULL_DATA) +- *ind = str.length() * sizeof(SQLTCHAR); +- int strSize = str.length() * sizeof(SQLTCHAR); ++ *ind = ba.size(); + + if (bindValueType(i) & QSql::Out) { +- const QVarLengthArray a(toSQLTCHAR(str)); +- ba = QByteArray((const char *)a.constData(), a.size() * sizeof(SQLTCHAR)); + r = SQLBindParameter(d->hStmt, + i + 1, + qParamType[bindValueType(i) & QSql::InOut], + SQL_C_TCHAR, +- strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, ++ ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, + 0, // god knows... don't change this! + 0, +- ba.data(), ++ const_cast(ba.constData()), // don't detach + ba.size(), + ind); + break; + } +- ba = QByteArray ((const char *)toSQLTCHAR(str).constData(), str.size()*sizeof(SQLTCHAR)); + r = SQLBindParameter(d->hStmt, + i + 1, + qParamType[bindValueType(i) & QSql::InOut], + SQL_C_TCHAR, +- strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, +- strSize, ++ ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, ++ ba.size(), + 0, +- const_cast(ba.constData()), ++ const_cast(ba.constData()), // don't detach + ba.size(), + ind); + break; +@@ -1718,10 +1743,11 @@ bool QODBCResult::exec() + case QVariant::String: + if (d->unicode) { + if (bindValueType(i) & QSql::Out) { +- const QByteArray &first = tmpStorage.at(i); +- QVarLengthArray array; +- array.append((const SQLTCHAR *)first.constData(), first.size()); +- values[i] = fromSQLTCHAR(array, first.size()/sizeof(SQLTCHAR)); ++ const QByteArray &bytes = tmpStorage.at(i); ++ const auto strSize = bytes.size() / int(sizeof(SQLTCHAR)); ++ QVarLengthArray string(strSize); ++ memcpy(string.data(), bytes.data(), strSize * sizeof(SQLTCHAR)); ++ values[i] = fromSQLTCHAR(string); + } + break; + } +@@ -1968,14 +1993,16 @@ bool QODBCDriver::open(const QString & db, + SQLSMALLINT cb; + QVarLengthArray connOut(1024); + memset(connOut.data(), 0, connOut.size() * sizeof(SQLTCHAR)); +- r = SQLDriverConnect(d->hDbc, +- NULL, +- toSQLTCHAR(connQStr).data(), +- (SQLSMALLINT)connQStr.length(), +- connOut.data(), +- 1024, +- &cb, +- /*SQL_DRIVER_NOPROMPT*/0); ++ { ++ auto encoded = toSQLTCHAR(connQStr); ++ r = SQLDriverConnect(d->hDbc, ++ nullptr, ++ encoded.data(), SQLSMALLINT(encoded.size()), ++ connOut.data(), ++ 1024, ++ &cb, ++ /*SQL_DRIVER_NOPROMPT*/0); ++ } + + if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO) { + setLastError(qMakeError(tr("Unable to connect"), QSqlError::ConnectionError, d)); +@@ -2354,17 +2381,15 @@ QStringList QODBCDriver::tables(QSql::TableType type) const + if (tableType.isEmpty()) + return tl; + +- QString joinedTableTypeString = tableType.join(QLatin1Char(',')); ++ { ++ auto joinedTableTypeString = toSQLTCHAR(tableType.join(u',')); + +- r = SQLTables(hStmt, +- NULL, +- 0, +- NULL, +- 0, +- NULL, +- 0, +- toSQLTCHAR(joinedTableTypeString).data(), +- joinedTableTypeString.length() /* characters, not bytes */); ++ r = SQLTables(hStmt, ++ nullptr, 0, ++ nullptr, 0, ++ nullptr, 0, ++ joinedTableTypeString.data(), joinedTableTypeString.size()); ++ } + + if (r != SQL_SUCCESS) + qSqlWarning(QLatin1String("QODBCDriver::tables Unable to execute table list"), d); +@@ -2438,28 +2463,30 @@ QSqlIndex QODBCDriver::primaryIndex(const QString& tablename) const + SQL_ATTR_CURSOR_TYPE, + (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, + SQL_IS_UINTEGER); +- r = SQLPrimaryKeys(hStmt, +- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), +- catalog.length(), +- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), +- schema.length(), +- toSQLTCHAR(table).data(), +- table.length() /* in characters, not in bytes */); ++ { ++ auto c = toSQLTCHAR(catalog); ++ auto s = toSQLTCHAR(schema); ++ auto t = toSQLTCHAR(table); ++ r = SQLPrimaryKeys(hStmt, ++ catalog.isEmpty() ? nullptr : c.data(), c.size(), ++ schema.isEmpty() ? nullptr : s.data(), s.size(), ++ t.data(), t.size()); ++ } + + // if the SQLPrimaryKeys() call does not succeed (e.g the driver + // does not support it) - try an alternative method to get hold of + // the primary index (e.g MS Access and FoxPro) + if (r != SQL_SUCCESS) { +- r = SQLSpecialColumns(hStmt, +- SQL_BEST_ROWID, +- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), +- catalog.length(), +- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), +- schema.length(), +- toSQLTCHAR(table).data(), +- table.length(), +- SQL_SCOPE_CURROW, +- SQL_NULLABLE); ++ auto c = toSQLTCHAR(catalog); ++ auto s = toSQLTCHAR(schema); ++ auto t = toSQLTCHAR(table); ++ r = SQLSpecialColumns(hStmt, ++ SQL_BEST_ROWID, ++ catalog.isEmpty() ? nullptr : c.data(), c.size(), ++ schema.isEmpty() ? nullptr : s.data(), s.size(), ++ t.data(), t.size(), ++ SQL_SCOPE_CURROW, ++ SQL_NULLABLE); + + if (r != SQL_SUCCESS) { + qSqlWarning(QLatin1String("QODBCDriver::primaryIndex: Unable to execute primary key list"), d); +@@ -2540,15 +2567,18 @@ QSqlRecord QODBCDriver::record(const QString& tablename) const + SQL_ATTR_CURSOR_TYPE, + (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, + SQL_IS_UINTEGER); +- r = SQLColumns(hStmt, +- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), +- catalog.length(), +- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), +- schema.length(), +- toSQLTCHAR(table).data(), +- table.length(), +- NULL, +- 0); ++ { ++ auto c = toSQLTCHAR(catalog); ++ auto s = toSQLTCHAR(schema); ++ auto t = toSQLTCHAR(table); ++ r = SQLColumns(hStmt, ++ catalog.isEmpty() ? nullptr : c.data(), c.size(), ++ schema.isEmpty() ? nullptr : s.data(), s.size(), ++ t.data(), t.size(), ++ nullptr, ++ 0); ++ } ++ + if (r != SQL_SUCCESS) + qSqlWarning(QLatin1String("QODBCDriver::record: Unable to execute column list"), d); + +-- +2.39.1 + diff --git a/CVE-2023-32762.patch b/CVE-2023-32762.patch new file mode 100644 index 0000000..33686d9 --- /dev/null +++ b/CVE-2023-32762.patch @@ -0,0 +1,50 @@ +From 1b736a815be0222f4b24289cf17575fc15707305 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= +Date: Fri, 5 May 2023 11:07:26 +0200 +Subject: [PATCH] Hsts: match header names case insensitively + +Header field names are always considered to be case-insensitive. + +Pick-to: 6.5 6.5.1 6.2 5.15 +Fixes: QTBUG-113392 +Change-Id: Ifb4def4bb7f2ac070416cdc76581a769f1e52b43 +Reviewed-by: Qt CI Bot +Reviewed-by: Edward Welbourne +Reviewed-by: Volker Hilsheimer +--- + src/network/access/qhsts.cpp | 4 ++-- + tests/auto/network/access/hsts/tst_qhsts.cpp | 6 ++++++ + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp +index 39905f354807..82deede17298 100644 +--- a/src/network/access/qhsts.cpp ++++ b/src/network/access/qhsts.cpp +@@ -327,8 +327,8 @@ quoted-pair = "\" CHAR + bool QHstsHeaderParser::parse(const QList> &headers) + { + for (const auto &h : headers) { +- // We use '==' since header name was already 'trimmed' for us: +- if (h.first == "Strict-Transport-Security") { ++ // We compare directly because header name was already 'trimmed' for us: ++ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) { + header = h.second; + // RFC6797, 8.1: + // +diff --git a/tests/auto/network/access/hsts/tst_qhsts.cpp b/tests/auto/network/access/hsts/tst_qhsts.cpp +index 252f5e8f5792..97a2d2889e57 100644 +--- a/tests/auto/network/access/hsts/tst_qhsts.cpp ++++ b/tests/auto/network/access/hsts/tst_qhsts.cpp +@@ -216,6 +216,12 @@ void tst_QHsts::testSTSHeaderParser() + QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc()); + QVERIFY(parser.includeSubDomains()); + ++ list.pop_back(); ++ list << Header("strict-transport-security", "includeSubDomains;max-age=1000"); ++ QVERIFY(parser.parse(list)); ++ QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc()); ++ QVERIFY(parser.includeSubDomains()); ++ + list.pop_back(); + // Invalid (includeSubDomains twice): + list << Header("Strict-Transport-Security", "max-age = 1000 ; includeSubDomains;includeSubDomains"); diff --git a/CVE-2023-32763.patch b/CVE-2023-32763.patch new file mode 100644 index 0000000..a3c9836 --- /dev/null +++ b/CVE-2023-32763.patch @@ -0,0 +1,64 @@ +From 9e92024a183e93c63cb96a0a48cca07c20c7a243 Mon Sep 17 00:00:00 2001 +From: starlet-dx <15929766099@163.com> +Date: Wed, 28 Jun 2023 11:47:13 +0800 +Subject: [PATCH 1/1] Fix CVE-2023-32763 + +Origin: https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff + +--- + src/gui/painting/qfixed_p.h | 9 +++++++++ + src/gui/text/qtextlayout.cpp | 9 ++++++--- + 2 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/src/gui/painting/qfixed_p.h b/src/gui/painting/qfixed_p.h +index 84659288..57d750a4 100644 +--- a/src/gui/painting/qfixed_p.h ++++ b/src/gui/painting/qfixed_p.h +@@ -54,6 +54,7 @@ + #include + #include "QtCore/qdebug.h" + #include "QtCore/qpoint.h" ++#include + #include "QtCore/qsize.h" + + QT_BEGIN_NAMESPACE +@@ -182,6 +183,14 @@ Q_DECL_CONSTEXPR inline bool operator<(int i, const QFixed &f) { return i * 64 < + Q_DECL_CONSTEXPR inline bool operator>(const QFixed &f, int i) { return f.value() > i * 64; } + Q_DECL_CONSTEXPR inline bool operator>(int i, const QFixed &f) { return i * 64 > f.value(); } + ++inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r) ++{ ++ int val; ++ bool result = add_overflow(v1.value(), v2.value(), &val); ++ r->setValue(val); ++ return result; ++} ++ + #ifndef QT_NO_DEBUG_STREAM + inline QDebug &operator<<(QDebug &dbg, const QFixed &f) + { return dbg << f.toReal(); } +diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp +index b2f12ef1..897a1bc9 100644 +--- a/src/gui/text/qtextlayout.cpp ++++ b/src/gui/text/qtextlayout.cpp +@@ -2138,11 +2138,14 @@ found: + eng->maxWidth = qMax(eng->maxWidth, line.textWidth); + } else { + eng->minWidth = qMax(eng->minWidth, lbh.minw); +- eng->maxWidth += line.textWidth; ++ if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth)) ++ eng->maxWidth = QFIXED_MAX; + } + +- if (line.textWidth > 0 && item < eng->layoutData->items.size()) +- eng->maxWidth += lbh.spaceData.textWidth; ++ if (line.textWidth > 0 && item < eng->layoutData->items.size()) { ++ if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, &eng->maxWidth)) ++ eng->maxWidth = QFIXED_MAX; ++ } + + line.textWidth += trailingSpace; + if (lbh.spaceData.length) { +-- +2.30.0 + diff --git a/CVE-2023-33285.patch b/CVE-2023-33285.patch new file mode 100644 index 0000000..8346573 --- /dev/null +++ b/CVE-2023-33285.patch @@ -0,0 +1,73 @@ +diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp +index 12b40fc3..99e999d4 100644 +--- a/src/network/kernel/qdnslookup_unix.cpp ++++ b/src/network/kernel/qdnslookup_unix.cpp +@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN + // responseLength in case of error, we still can extract the + // exact error code from the response. + HEADER *header = (HEADER*)response; +- const int answerCount = ntohs(header->ancount); + switch (header->rcode) { + case NOERROR: + break; +@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN + return; + } + +- // Skip the query host, type (2 bytes) and class (2 bytes). + char host[PACKETSZ], answer[PACKETSZ]; + unsigned char *p = response + sizeof(HEADER); +- int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host)); +- if (status < 0) { ++ int status; ++ ++ if (ntohs(header->qdcount) == 1) { ++ // Skip the query host, type (2 bytes) and class (2 bytes). ++ status = local_dn_expand(response, response + responseLength, p, host, sizeof(host)); ++ if (status < 0) { ++ reply->error = QDnsLookup::InvalidReplyError; ++ reply->errorString = tr("Could not expand domain name"); ++ return; ++ } ++ if ((p - response) + status + 4 >= responseLength) ++ header->qdcount = 0xffff; // invalid reply below ++ else ++ p += status + 4; ++ } ++ if (ntohs(header->qdcount) > 1) { + reply->error = QDnsLookup::InvalidReplyError; +- reply->errorString = tr("Could not expand domain name"); ++ reply->errorString = tr("Invalid reply received"); + return; + } +- p += status + 4; + + // Extract results. ++ const int answerCount = ntohs(header->ancount); + int answerIndex = 0; + while ((p < response + responseLength) && (answerIndex < answerCount)) { + status = local_dn_expand(response, response + responseLength, p, host, sizeof(host)); +@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN + const QString name = QUrl::fromAce(host); + + p += status; ++ ++ if ((p - response) + 10 > responseLength) { ++ // probably just a truncated reply, return what we have ++ return; ++ } + const quint16 type = (p[0] << 8) | p[1]; + p += 2; // RR type + p += 2; // RR class +@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN + p += 4; + const quint16 size = (p[0] << 8) | p[1]; + p += 2; ++ if ((p - response) + size > responseLength) ++ return; // truncated + + if (type == QDnsLookup::A) { + if (size != 4) { +-- +2.27.0 + diff --git a/CVE-2023-37369-pre.patch b/CVE-2023-37369-pre.patch new file mode 100644 index 0000000..c806d4d --- /dev/null +++ b/CVE-2023-37369-pre.patch @@ -0,0 +1,32 @@ +From d76b11a0d55f40e964686564bac512e5895147b6 Mon Sep 17 00:00:00 2001 +From: Allan Sandfeld Jensen +Date: Wed, 14 Apr 2021 22:13:32 +0200 +Subject: [PATCH] Don't parse XML symbols longer than 4096 characters + +It is slow and will use too much memory. + +Fixes: QTBUG-91889 +Change-Id: I45c5e6038357c87bbb85b1ace17ef39a2a814ea0 +Reviewed-by: Thiago Macieira +(cherry picked from commit 38e111158a38507c63fd70f9ee18b9116b537976) +Reviewed-by: Qt Cherry-pick Bot +--- + src/corelib/serialization/qxmlstream.cpp | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp +index 9a3e306f424..a38720b370f 100644 +--- a/src/corelib/serialization/qxmlstream.cpp ++++ b/src/corelib/serialization/qxmlstream.cpp +@@ -1307,6 +1307,11 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix) + int n = 0; + uint c; + while ((c = getChar()) != StreamEOF) { ++ if (n >= 4096) { ++ // This is too long to be a sensible name, and ++ // can exhaust memory ++ return 0; ++ } + switch (c) { + case '\n': + case ' ': diff --git a/CVE-2023-37369.patch b/CVE-2023-37369.patch new file mode 100644 index 0000000..ad2984f --- /dev/null +++ b/CVE-2023-37369.patch @@ -0,0 +1,203 @@ +diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp +index 7cd457ba3a..11d162cb79 100644 +--- a/src/corelib/serialization/qxmlstream.cpp ++++ b/src/corelib/serialization/qxmlstream.cpp +@@ -1302,15 +1302,18 @@ inline int QXmlStreamReaderPrivate::fastScanContentCharList() + return n; + } + +-inline int QXmlStreamReaderPrivate::fastScanName(int *prefix) ++// Fast scan an XML attribute name (e.g. "xml:lang"). ++inline QXmlStreamReaderPrivate::FastScanNameResult ++QXmlStreamReaderPrivate::fastScanName(Value *val) + { + int n = 0; + uint c; + while ((c = getChar()) != StreamEOF) { + if (n >= 4096) { + // This is too long to be a sensible name, and +- // can exhaust memory +- return 0; ++ // can exhaust memory, or the range of decltype(*prefix) ++ raiseNamePrefixTooLongError(); ++ return {}; + } + switch (c) { + case '\n': +@@ -1339,23 +1342,23 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix) + case '+': + case '*': + putChar(c); +- if (prefix && *prefix == n+1) { +- *prefix = 0; ++ if (val && val->prefix == n + 1) { ++ val->prefix = 0; + putChar(':'); + --n; + } +- return n; ++ return FastScanNameResult(n); + case ':': +- if (prefix) { +- if (*prefix == 0) { +- *prefix = n+2; ++ if (val) { ++ if (val->prefix == 0) { ++ val->prefix = n + 2; + } else { // only one colon allowed according to the namespace spec. + putChar(c); +- return n; ++ return FastScanNameResult(n); + } + } else { + putChar(c); +- return n; ++ return FastScanNameResult(n); + } + Q_FALLTHROUGH(); + default: +@@ -1364,12 +1367,12 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix) + } + } + +- if (prefix) +- *prefix = 0; ++ if (val) ++ val->prefix = 0; + int pos = textBuffer.size() - n; + putString(textBuffer, pos); + textBuffer.resize(pos); +- return 0; ++ return FastScanNameResult(0); + } + + enum NameChar { NameBeginning, NameNotBeginning, NotName }; +@@ -1878,6 +1881,14 @@ void QXmlStreamReaderPrivate::raiseWellFormedError(const QString &message) + raiseError(QXmlStreamReader::NotWellFormedError, message); + } + ++void QXmlStreamReaderPrivate::raiseNamePrefixTooLongError() ++{ ++ // TODO: add a ImplementationLimitsExceededError and use it instead ++ raiseError(QXmlStreamReader::NotWellFormedError, ++ QXmlStream::tr("Length of XML attribute name exceeds implemnetation limits (4KiB " ++ "characters).")); ++} ++ + void QXmlStreamReaderPrivate::parseError() + { + +diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g +index 4321fed68a..8c6a1a5887 100644 +--- a/src/corelib/serialization/qxmlstream.g ++++ b/src/corelib/serialization/qxmlstream.g +@@ -516,7 +516,16 @@ public: + int fastScanLiteralContent(); + int fastScanSpace(); + int fastScanContentCharList(); +- int fastScanName(int *prefix = nullptr); ++ ++ struct FastScanNameResult { ++ FastScanNameResult() : ok(false) {} ++ explicit FastScanNameResult(int len) : addToLen(len), ok(true) { } ++ operator bool() { return ok; } ++ int operator*() { Q_ASSERT(ok); return addToLen; } ++ int addToLen; ++ bool ok; ++ }; ++ FastScanNameResult fastScanName(Value *val = nullptr); + inline int fastScanNMTOKEN(); + + +@@ -525,6 +534,7 @@ public: + + void raiseError(QXmlStreamReader::Error error, const QString& message = QString()); + void raiseWellFormedError(const QString &message); ++ void raiseNamePrefixTooLongError(); + + QXmlStreamEntityResolver *entityResolver; + +@@ -1811,7 +1821,12 @@ space_opt ::= space; + qname ::= LETTER; + /. + case $rule_number: { +- sym(1).len += fastScanName(&sym(1).prefix); ++ Value &val = sym(1); ++ if (auto res = fastScanName(&val)) ++ val.len += *res; ++ else ++ return false; ++ + if (atEnd) { + resume($rule_number); + return false; +@@ -1822,7 +1837,11 @@ qname ::= LETTER; + name ::= LETTER; + /. + case $rule_number: +- sym(1).len += fastScanName(); ++ if (auto res = fastScanName()) ++ sym(1).len += *res; ++ else ++ return false; ++ + if (atEnd) { + resume($rule_number); + return false; +diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h +index e5bde7b98e..b01484cac3 100644 +--- a/src/corelib/serialization/qxmlstream_p.h ++++ b/src/corelib/serialization/qxmlstream_p.h +@@ -1005,7 +1005,16 @@ public: + int fastScanLiteralContent(); + int fastScanSpace(); + int fastScanContentCharList(); +- int fastScanName(int *prefix = nullptr); ++ ++ struct FastScanNameResult { ++ FastScanNameResult() : ok(false) {} ++ explicit FastScanNameResult(int len) : addToLen(len), ok(true) { } ++ operator bool() { return ok; } ++ int operator*() { Q_ASSERT(ok); return addToLen; } ++ int addToLen; ++ bool ok; ++ }; ++ FastScanNameResult fastScanName(Value *val = nullptr); + inline int fastScanNMTOKEN(); + + +@@ -1014,6 +1023,7 @@ public: + + void raiseError(QXmlStreamReader::Error error, const QString& message = QString()); + void raiseWellFormedError(const QString &message); ++ void raiseNamePrefixTooLongError(); + + QXmlStreamEntityResolver *entityResolver; + +@@ -1939,7 +1949,12 @@ bool QXmlStreamReaderPrivate::parse() + break; + + case 262: { +- sym(1).len += fastScanName(&sym(1).prefix); ++ Value &val = sym(1); ++ if (auto res = fastScanName(&val)) ++ val.len += *res; ++ else ++ return false; ++ + if (atEnd) { + resume(262); + return false; +@@ -1947,7 +1962,11 @@ bool QXmlStreamReaderPrivate::parse() + } break; + + case 263: +- sym(1).len += fastScanName(); ++ if (auto res = fastScanName()) ++ sym(1).len += *res; ++ else ++ return false; ++ + if (atEnd) { + resume(263); + return false; diff --git a/CVE-2023-45935.patch b/CVE-2023-45935.patch new file mode 100644 index 0000000..89e6fd4 --- /dev/null +++ b/CVE-2023-45935.patch @@ -0,0 +1,31 @@ +From b349ef7d08deb9d7ee64cf161fdf3a92b0f3f706 Mon Sep 17 00:00:00 2001 +From: Liang Qi +Date: 2023-07-31 05:35:11 +0200 +Subject: [PATCH] CVE-2023-45935 + +port invokeMethodImpl() from QScopeGuard to SlotObjUniquePtr + +--- + src/plugins/platforms/xcb/qxcbatom.cpp | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/plugins/platforms/xcb/qxcbatom.cpp b/src/plugins/platforms/xcb/qxcbatom.cpp +index 78081660..11d356dd 100644 +--- a/src/plugins/platforms/xcb/qxcbatom.cpp ++++ b/src/plugins/platforms/xcb/qxcbatom.cpp +@@ -268,8 +268,10 @@ void QXcbAtom::initializeAllAtoms(xcb_connection_t *connection) { + + for (i = 0; i < QXcbAtom::NAtoms; ++i) { + xcb_intern_atom_reply_t *reply = xcb_intern_atom_reply(connection, cookies[i], nullptr); +- m_allAtoms[i] = reply->atom; +- free(reply); ++ if (reply) { ++ m_allAtoms[i] = reply->atom; ++ free(reply); ++ } + } + } + +-- +2.27.0 + diff --git a/CVE-2024-25580-qtbase-5.15.diff b/CVE-2024-25580-qtbase-5.15.diff new file mode 100644 index 0000000..1628961 --- /dev/null +++ b/CVE-2024-25580-qtbase-5.15.diff @@ -0,0 +1,197 @@ +diff --git a/src/gui/util/qktxhandler.cpp b/src/gui/util/qktxhandler.cpp +index 0d98e97453..6a79e55109 100644 +--- a/src/gui/util/qktxhandler.cpp ++++ b/src/gui/util/qktxhandler.cpp +@@ -73,7 +73,7 @@ struct KTXHeader { + quint32 bytesOfKeyValueData; + }; + +-static const quint32 headerSize = sizeof(KTXHeader); ++static constexpr quint32 qktxh_headerSize = sizeof(KTXHeader); + + // Currently unused, declared for future reference + struct KTXKeyValuePairItem { +@@ -103,11 +103,36 @@ struct KTXMipmapLevel { + */ + }; + +-bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block) ++static bool qAddOverflow(quint32 v1, quint32 v2, quint32 *r) { ++ // unsigned additions are well-defined ++ *r = v1 + v2; ++ return v1 > quint32(v1 + v2); ++} ++ ++// Returns the nearest multiple of 4 greater than or equal to 'value' ++static bool nearestMultipleOf4(quint32 value, quint32 *result) ++{ ++ constexpr quint32 rounding = 4; ++ *result = 0; ++ if (qAddOverflow(value, rounding - 1, result)) ++ return true; ++ *result &= ~(rounding - 1); ++ return false; ++} ++ ++// Returns a slice with prechecked bounds ++static QByteArray safeSlice(const QByteArray& array, quint32 start, quint32 length) + { +- Q_UNUSED(suffix) ++ quint32 end = 0; ++ if (qAddOverflow(start, length, &end) || end > quint32(array.length())) ++ return {}; ++ return QByteArray(array.data() + start, length); ++} + +- return (qstrncmp(block.constData(), ktxIdentifier, KTX_IDENTIFIER_LENGTH) == 0); ++bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block) ++{ ++ Q_UNUSED(suffix); ++ return block.startsWith(QByteArray::fromRawData(ktxIdentifier, KTX_IDENTIFIER_LENGTH)); + } + + QTextureFileData QKtxHandler::read() +@@ -115,42 +140,97 @@ QTextureFileData QKtxHandler::read() + if (!device()) + return QTextureFileData(); + +- QByteArray buf = device()->readAll(); +- const quint32 dataSize = quint32(buf.size()); +- if (dataSize < headerSize || !canRead(QByteArray(), buf)) { +- qCDebug(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData()); ++ const QByteArray buf = device()->readAll(); ++ if (size_t(buf.size()) > std::numeric_limits::max()) { ++ qWarning(lcQtGuiTextureIO, "Too big KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ if (!canRead(QByteArray(), buf)) { ++ qWarning(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ if (buf.size() < qsizetype(qktxh_headerSize)) { ++ qWarning(lcQtGuiTextureIO, "Invalid KTX header size in %s", logName().constData()); + return QTextureFileData(); + } + +- const KTXHeader *header = reinterpret_cast(buf.constData()); +- if (!checkHeader(*header)) { +- qCDebug(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData()); ++ KTXHeader header; ++ memcpy(&header, buf.data(), qktxh_headerSize); ++ if (!checkHeader(header)) { ++ qWarning(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData()); + return QTextureFileData(); + } + + QTextureFileData texData; + texData.setData(buf); + +- texData.setSize(QSize(decode(header->pixelWidth), decode(header->pixelHeight))); +- texData.setGLFormat(decode(header->glFormat)); +- texData.setGLInternalFormat(decode(header->glInternalFormat)); +- texData.setGLBaseInternalFormat(decode(header->glBaseInternalFormat)); +- +- texData.setNumLevels(decode(header->numberOfMipmapLevels)); +- quint32 offset = headerSize + decode(header->bytesOfKeyValueData); +- const int maxLevels = qMin(texData.numLevels(), 32); // Cap iterations in case of corrupt file. +- for (int i = 0; i < maxLevels; i++) { +- if (offset + sizeof(KTXMipmapLevel) > dataSize) // Corrupt file; avoid oob read +- break; +- const KTXMipmapLevel *level = reinterpret_cast(buf.constData() + offset); +- quint32 levelLen = decode(level->imageSize); +- texData.setDataOffset(offset + sizeof(KTXMipmapLevel::imageSize), i); +- texData.setDataLength(levelLen, i); +- offset += sizeof(KTXMipmapLevel::imageSize) + levelLen + (3 - ((levelLen + 3) % 4)); ++ texData.setSize(QSize(decode(header.pixelWidth), decode(header.pixelHeight))); ++ texData.setGLFormat(decode(header.glFormat)); ++ texData.setGLInternalFormat(decode(header.glInternalFormat)); ++ texData.setGLBaseInternalFormat(decode(header.glBaseInternalFormat)); ++ ++ texData.setNumLevels(decode(header.numberOfMipmapLevels)); ++ ++ const quint32 bytesOfKeyValueData = decode(header.bytesOfKeyValueData); ++ quint32 headerKeyValueSize; ++ if (qAddOverflow(qktxh_headerSize, bytesOfKeyValueData, &headerKeyValueSize)) { ++ qWarning(lcQtGuiTextureIO, "Overflow in size of key value data in header of KTX file %s", ++ logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ if (headerKeyValueSize >= quint32(buf.size())) { ++ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ // Technically, any number of levels is allowed but if the value is bigger than ++ // what is possible in KTX V2 (and what makes sense) we return an error. ++ // maxLevels = log2(max(width, height, depth)) ++ const int maxLevels = (sizeof(quint32) * 8) ++ - qCountLeadingZeroBits(std::max( ++ { header.pixelWidth, header.pixelHeight, header.pixelDepth })); ++ ++ if (texData.numLevels() > maxLevels) { ++ qWarning(lcQtGuiTextureIO, "Too many levels in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ quint32 offset = headerKeyValueSize; ++ for (int level = 0; level < texData.numLevels(); level++) { ++ const auto imageSizeSlice = safeSlice(buf, offset, sizeof(quint32)); ++ if (imageSizeSlice.isEmpty()) { ++ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ const quint32 imageSize = decode(qFromUnaligned(imageSizeSlice.data())); ++ offset += sizeof(quint32); // overflow checked indirectly above ++ ++ texData.setDataOffset(offset, level); ++ texData.setDataLength(imageSize, level); ++ ++ // Add image data and padding to offset ++ quint32 padded = 0; ++ if (nearestMultipleOf4(imageSize, &padded)) { ++ qWarning(lcQtGuiTextureIO, "Overflow in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ quint32 offsetNext; ++ if (qAddOverflow(offset, padded, &offsetNext)) { ++ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ offset = offsetNext; + } + + if (!texData.isValid()) { +- qCDebug(lcQtGuiTextureIO, "Invalid values in header of KTX file %s", logName().constData()); ++ qWarning(lcQtGuiTextureIO, "Invalid values in header of KTX file %s", ++ logName().constData()); + return QTextureFileData(); + } + +@@ -191,7 +271,7 @@ bool QKtxHandler::checkHeader(const KTXHeader &header) + (decode(header.numberOfFaces) == 1)); + } + +-quint32 QKtxHandler::decode(quint32 val) ++quint32 QKtxHandler::decode(quint32 val) const + { + return inverseEndian ? qbswap(val) : val; + } +diff --git a/src/gui/util/qktxhandler_p.h b/src/gui/util/qktxhandler_p.h +index f831e59d95..cdf1b2eaf8 100644 +--- a/src/gui/util/qktxhandler_p.h ++++ b/src/gui/util/qktxhandler_p.h +@@ -68,7 +68,7 @@ public: + + private: + bool checkHeader(const KTXHeader &header); +- quint32 decode(quint32 val); ++ quint32 decode(quint32 val) const; + + bool inverseEndian = false; + }; diff --git a/CVE-2025-30348.patch b/CVE-2025-30348.patch new file mode 100644 index 0000000..bbc001a --- /dev/null +++ b/CVE-2025-30348.patch @@ -0,0 +1,156 @@ +From 16918c1df3e709df2a97281e3825d94c84edb668 Mon Sep 17 00:00:00 2001 +From: Christian Ehrlicher +Date: Tue, 06 Aug 2024 22:39:44 +0200 +Subject: [PATCH] XML/QDom: speedup encodeText() + +The code copied the whole string, then replaced parts inline, at +the cost of relocating everything beyond, at each replacement. +Instead, copy character by character (in chunks where possible) +and append replacements as we skip what they replace. + +Manual conflict resolution for 6.5: +- This is a manual cherry-pick. The original change was only + picked to 6.8, but the quadratic behavior is present in Qt 5, too. +- Changed Task-number to Fixes: because this is the real fix; + the QString change, 315210de916d060c044c01e53ff249d676122b1b, + was unrelated to the original QTBUG-127549. + +Manual conflcit resolution for 5.15: +- Kept/re-added QTextCodec::canEncode() check +- Ported from Qt 6 to 5, to wit: + - qsizetype -> int + - QStringView::first/sliced(n) -> left/mid(n) + (these functions are clearly called in-range, so the widened + contract of the Qt 5 functions doesn't matter) +- Ported from C++17- and C++14-isms to C++11: + - replaced polymorphic lambda with a normal one (this requires + rewriting the !canEncode() branch to use QByteArray/QLatin1String + instead of QString) +- As a drive-by, corrected the indentation of the case labels to + horizontally align existing code (and follow Qt style) + +Fixes: QTBUG-127549 +Change-Id: I368482859ed0c4127f1eec2919183711b5488ada +Reviewed-by: Edward Welbourne +(cherry picked from commit 2ce08e3671b8d18b0284447e5908ce15e6e8f80f) +Reviewed-by: Qt Cherry-pick Bot +(cherry picked from commit 225e235cf966a44af23dbe9aaaa2fd20ab6430ee) +Reviewed-by: Fabian Kosmale +(cherry picked from commit 905a5bd421efff6a1d90b6140500d134d32ca745) +--- + +diff --git a/src/xml/dom/qdom.cpp b/src/xml/dom/qdom.cpp +index 872221c..bf70477 100644 +--- a/src/xml/dom/qdom.cpp ++++ b/src/xml/dom/qdom.cpp +@@ -3676,59 +3676,67 @@ + const QTextCodec *const codec = s.codec(); + Q_ASSERT(codec); + #endif +- QString retval(str); +- int len = retval.length(); +- int i = 0; ++ QString retval; ++ int start = 0; ++ auto appendToOutput = [&](int cur, QLatin1String replacement) ++ { ++ if (start < cur) { ++ retval.reserve(str.size() + replacement.size()); ++ retval.append(QStringView(str).left(cur).mid(start)); ++ } ++ // Skip over str[cur], replaced by replacement ++ start = cur + 1; ++ retval.append(replacement); ++ }; + +- while (i < len) { +- const QChar ati(retval.at(i)); +- +- if (ati == QLatin1Char('<')) { +- retval.replace(i, 1, QLatin1String("<")); +- len += 3; +- i += 4; +- } else if (encodeQuotes && (ati == QLatin1Char('"'))) { +- retval.replace(i, 1, QLatin1String(""")); +- len += 5; +- i += 6; +- } else if (ati == QLatin1Char('&')) { +- retval.replace(i, 1, QLatin1String("&")); +- len += 4; +- i += 5; +- } else if (ati == QLatin1Char('>') && i >= 2 && retval[i - 1] == QLatin1Char(']') && retval[i - 2] == QLatin1Char(']')) { +- retval.replace(i, 1, QLatin1String(">")); +- len += 3; +- i += 4; +- } else if (performAVN && +- (ati == QChar(0xA) || +- ati == QChar(0xD) || +- ati == QChar(0x9))) { +- const QString replacement(QLatin1String("&#x") + QString::number(ati.unicode(), 16) + QLatin1Char(';')); +- retval.replace(i, 1, replacement); +- i += replacement.length(); +- len += replacement.length() - 1; +- } else if (encodeEOLs && ati == QChar(0xD)) { +- retval.replace(i, 1, QLatin1String(" ")); // Replace a single 0xD with a ref for 0xD +- len += 4; +- i += 5; +- } else { ++ const int len = str.size(); ++ for (int cur = 0; cur < len; ++cur) { ++ switch (const char16_t ati = str[cur].unicode()) { ++ case u'<': ++ appendToOutput(cur, QLatin1String("<")); ++ break; ++ case u'"': ++ if (encodeQuotes) ++ appendToOutput(cur, QLatin1String(""")); ++ break; ++ case u'&': ++ appendToOutput(cur, QLatin1String("&")); ++ break; ++ case u'>': ++ if (cur >= 2 && str[cur - 1] == u']' && str[cur - 2] == u']') ++ appendToOutput(cur, QLatin1String(">")); ++ break; ++ case u'\r': ++ if (performAVN || encodeEOLs) ++ appendToOutput(cur, QLatin1String(" ")); // \r == 0x0d ++ break; ++ case u'\n': ++ if (performAVN) ++ appendToOutput(cur, QLatin1String(" ")); // \n == 0x0a ++ break; ++ case u'\t': ++ if (performAVN) ++ appendToOutput(cur, QLatin1String(" ")); // \t == 0x09 ++ break; ++ default: + #if QT_CONFIG(textcodec) + if(codec->canEncode(ati)) +- ++i; ++ ; // continue + else + #endif + { + // We have to use a character reference to get it through. +- const ushort codepoint(ati.unicode()); +- const QString replacement(QLatin1String("&#x") + QString::number(codepoint, 16) + QLatin1Char(';')); +- retval.replace(i, 1, replacement); +- i += replacement.length(); +- len += replacement.length() - 1; ++ const QByteArray replacement = "&#x" + QByteArray::number(uint{ati}, 16) + ';'; ++ appendToOutput(cur, QLatin1String{replacement}); + } ++ break; + } + } +- +- return retval; ++ if (start > 0) { ++ retval.append(QStringView(str).left(len).mid(start)); ++ return retval; ++ } ++ return str; + } + + void QDomAttrPrivate::save(QTextStream& s, int, int) const diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch new file mode 100644 index 0000000..7f5bef0 --- /dev/null +++ b/add-loongarch64-support.patch @@ -0,0 +1,40 @@ +diff --git a/src/3rdparty/double-conversion/include/double-conversion/utils.h b/src/3rdparty/double-conversion/include/double-conversion/utils.h +index 70e697ca..9be294a2 100644 +--- a/src/3rdparty/double-conversion/include/double-conversion/utils.h ++++ b/src/3rdparty/double-conversion/include/double-conversion/utils.h +@@ -102,6 +102,7 @@ int main(int argc, char** argv) { + defined(__AARCH64EL__) || defined(__aarch64__) || defined(__AARCH64EB__) || \ + defined(__riscv) || \ + defined(__or1k__) || defined(__arc__) || \ ++ defined(__loongarch64) || \ + defined(__EMSCRIPTEN__) + #define DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS 1 + #elif defined(__mc68000__) || \ +diff --git a/src/corelib/global/archdetect.cpp b/src/corelib/global/archdetect.cpp +index 1d00b7f5..74f3c8fc 100644 +--- a/src/corelib/global/archdetect.cpp ++++ b/src/corelib/global/archdetect.cpp +@@ -59,6 +59,8 @@ + # define ARCH_PROCESSOR "x86_64" + #elif defined(Q_PROCESSOR_IA64) + # define ARCH_PROCESSOR "ia64" ++#elif defined(Q_PROCESSOR_LOONGARCH_64) ++# define ARCH_PROCESSOR "loongarch64" + #elif defined(Q_PROCESSOR_MIPS_64) + # define ARCH_PROCESSOR "mips64" + #elif defined(Q_PROCESSOR_MIPS) +diff --git a/src/corelib/global/qprocessordetection.h b/src/corelib/global/qprocessordetection.h +index 8d657208..69f84a15 100644 +--- a/src/corelib/global/qprocessordetection.h ++++ b/src/corelib/global/qprocessordetection.h +@@ -223,6 +223,10 @@ + # define Q_PROCESSOR_WORDSIZE 8 + // Q_BYTE_ORDER not defined, use endianness auto-detection + ++#elif defined(__loongarch64) ++# define Q_PROCESSOR_LOONGARCH_64 ++# define Q_PROCESSOR_WORDSIZE 8 ++ + /* + MIPS family, known revisions: I, II, III, IV, 32, 64 + diff --git a/macros.qt5-qtbase b/macros.qt5-qtbase new file mode 100644 index 0000000..836471f --- /dev/null +++ b/macros.qt5-qtbase @@ -0,0 +1,4 @@ +%_qt5 @@NAME@@ +%_qt5_epoch @@EPOCH@@ +%_qt5_version @@VERSION@@ +%_qt5_evr @@EVR@@ diff --git a/qconfig-multilib.h b/qconfig-multilib.h new file mode 100644 index 0000000..a104c37 --- /dev/null +++ b/qconfig-multilib.h @@ -0,0 +1,23 @@ +/* qconfig.h */ +/* This file is here to prevent a file conflict on multiarch systems. A + * conflict will occur because qconfig.h has arch-specific definitions. + * + * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */ + +#ifndef QCONFIG_MULTILIB_H +#define QCONFIG_MULTILIB_H + +#ifndef __WORDSIZE +#include +#endif + +#if __WORDSIZE == 32 +#include "QtCore/qconfig-32.h" +#elif __WORDSIZE == 64 +#include "QtCore/qconfig-64.h" +#else +#error "unexpected value for __WORDSIZE macro" +#endif + +#endif + diff --git a/qt5-qtbase-5.12.1-firebird.patch b/qt5-qtbase-5.12.1-firebird.patch new file mode 100644 index 0000000..674a5b5 --- /dev/null +++ b/qt5-qtbase-5.12.1-firebird.patch @@ -0,0 +1,29 @@ +diff -up qtbase-everywhere-src-5.12.1/src/plugins/sqldrivers/configure.json.firebird qtbase-everywhere-src-5.12.1/src/plugins/sqldrivers/configure.json +--- qtbase-everywhere-src-5.12.1/src/plugins/sqldrivers/configure.json.firebird 2019-01-28 11:11:52.000000000 -0600 ++++ qtbase-everywhere-src-5.12.1/src/plugins/sqldrivers/configure.json 2019-02-03 13:41:27.392305128 -0600 +@@ -49,10 +49,11 @@ + "ibase": { + "label": "InterBase", + "test": {}, +- "headers": "ibase.h", ++ "headers": "firebird/ibase.h", + "sources": [ + { "libs": "-lgds32_ms", "condition": "config.win32" }, +- { "libs": "-lgds", "condition": "!config.win32" } ++ { "libs": "-lgds", "condition": "!config.win32" }, ++ { "libs": "-lfbclient", "condition": "!config.win32" } + ] + }, + "mysql": { +diff -up qtbase-everywhere-src-5.12.1/src/plugins/sqldrivers/ibase/qsql_ibase_p.h.firebird qtbase-everywhere-src-5.12.1/src/plugins/sqldrivers/ibase/qsql_ibase_p.h +--- qtbase-everywhere-src-5.12.1/src/plugins/sqldrivers/ibase/qsql_ibase_p.h.firebird 2019-01-28 11:11:52.000000000 -0600 ++++ qtbase-everywhere-src-5.12.1/src/plugins/sqldrivers/ibase/qsql_ibase_p.h 2019-02-03 13:27:30.683142996 -0600 +@@ -52,7 +52,7 @@ + // + + #include +-#include ++#include + + #ifdef QT_PLUGIN + #define Q_EXPORT_SQLDRIVER_IBASE diff --git a/qt5-qtbase-Add-sw64-architecture.patch b/qt5-qtbase-Add-sw64-architecture.patch new file mode 100644 index 0000000..7bbe54c --- /dev/null +++ b/qt5-qtbase-Add-sw64-architecture.patch @@ -0,0 +1,141 @@ +From 2d5384cdea1303e20c3c7f69b24703b4a2ad91b0 Mon Sep 17 00:00:00 2001 +From: wuzx +Date: Fri, 18 Nov 2022 01:17:49 +0800 +Subject: [PATCH] Add sw64 architecture + +Signed-off-by: wuzx +--- + .../include/double-conversion/utils.h | 2 +- + src/3rdparty/sha3/brg_endian.h | 1 + + src/corelib/global/qprocessordetection.h | 3 +- + src/corelib/io/qfilesystemwatcher_inotify.cpp | 4 +++ + src/gui/image/qimage.cpp | 4 +++ + src/testlib/3rdparty/cycle_p.h | 36 +++++++++++++++++++ + 6 files changed, 48 insertions(+), 2 deletions(-) + +diff --git a/src/3rdparty/double-conversion/include/double-conversion/utils.h b/src/3rdparty/double-conversion/include/double-conversion/utils.h +index 70e697ca..1524e931 100644 +--- a/src/3rdparty/double-conversion/include/double-conversion/utils.h ++++ b/src/3rdparty/double-conversion/include/double-conversion/utils.h +@@ -97,7 +97,7 @@ int main(int argc, char** argv) { + defined(__powerpc__) || defined(__ppc__) || defined(__ppc64__) || \ + defined(_POWER) || defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ + defined(__sparc__) || defined(__sparc) || defined(__s390__) || \ +- defined(__SH4__) || defined(__alpha__) || \ ++ defined(__SH4__) || defined(__alpha__) || defined(__sw_64__) || \ + defined(_MIPS_ARCH_MIPS32R2) || defined(__ARMEB__) ||\ + defined(__AARCH64EL__) || defined(__aarch64__) || defined(__AARCH64EB__) || \ + defined(__riscv) || \ +diff --git a/src/3rdparty/sha3/brg_endian.h b/src/3rdparty/sha3/brg_endian.h +index 9bb306e6..e3907596 100644 +--- a/src/3rdparty/sha3/brg_endian.h ++++ b/src/3rdparty/sha3/brg_endian.h +@@ -105,6 +105,7 @@ Changes for ARM 9/9/2010 [Downstream relative to Gladman's GitHub, upstream to Q + #if !defined(PLATFORM_BYTE_ORDER) + + #if defined( __alpha__ ) || defined( __alpha ) || defined( i386 ) || \ ++#if defined( __sw_64__ ) || defined( __sw_64 ) || \ + defined( __i386__ ) || defined( _M_I86 ) || defined( _M_IX86 ) || \ + defined( __OS2__ ) || defined( sun386 ) || defined( __TURBOC__ ) || \ + defined( vax ) || defined( vms ) || defined( VMS ) || \ +diff --git a/src/corelib/global/qprocessordetection.h b/src/corelib/global/qprocessordetection.h +index 8d657208..20c9650d 100644 +--- a/src/corelib/global/qprocessordetection.h ++++ b/src/corelib/global/qprocessordetection.h +@@ -87,7 +87,8 @@ + // #elif defined(__alpha__) || defined(_M_ALPHA) + // # define Q_PROCESSOR_ALPHA + // Q_BYTE_ORDER not defined, use endianness auto-detection +- ++//#elif defined(__sw_64__) || defined(_M_SW_64) ++//# define Q_PROCESSOR_SW_64 + /* + ARM family, known revisions: V5, V6, V7, V8 + +diff --git a/src/corelib/io/qfilesystemwatcher_inotify.cpp b/src/corelib/io/qfilesystemwatcher_inotify.cpp +index 94d9d06b..38b1e7e4 100644 +--- a/src/corelib/io/qfilesystemwatcher_inotify.cpp ++++ b/src/corelib/io/qfilesystemwatcher_inotify.cpp +@@ -91,6 +91,10 @@ + # define __NR_inotify_add_watch 285 + # define __NR_inotify_rm_watch 286 + # define __NR_inotify_init1 324 ++#elif defined (__sw_64__) ++# define __NR_inotify_init 444 ++# define __NR_inotify_add_watch 445 ++# define __NR_inotify_rm_watch 446 + #elif defined (__alpha__) + # define __NR_inotify_init 444 + # define __NR_inotify_add_watch 445 +diff --git a/src/gui/image/qimage.cpp b/src/gui/image/qimage.cpp +index ced5a505..c1096f45 100644 +--- a/src/gui/image/qimage.cpp ++++ b/src/gui/image/qimage.cpp +@@ -83,6 +83,10 @@ static inline bool isLocked(QImageData *data) + return data != nullptr && data->is_locked; + } + ++#if defined(Q_CC_DEC) && defined(__sw_64) && (__DECCXX_VER-0 >= 50190001) ++#pragma message disable narrowptr ++#endif ++ + #if defined(Q_CC_DEC) && defined(__alpha) && (__DECCXX_VER-0 >= 50190001) + #pragma message disable narrowptr + #endif +diff --git a/src/testlib/3rdparty/cycle_p.h b/src/testlib/3rdparty/cycle_p.h +index 95e741a8..5577b873 100644 +--- a/src/testlib/3rdparty/cycle_p.h ++++ b/src/testlib/3rdparty/cycle_p.h +@@ -405,6 +405,26 @@ INLINE_ELAPSED(__inline__) + + #define HAVE_TICK_COUNTER + #endif ++/*----------------------------------------------------------------*/ ++#if defined(__GNUC__) && defined(__sw_64__) && !defined(HAVE_TICK_COUNTER) ++/* ++ * The 32-bit cycle counter on sw_64 overflows pretty quickly, ++ * unfortunately. A 1GHz machine overflows in 4 seconds. ++ */ ++typedef unsigned int CycleCounterTicks; ++ ++static __inline__ CycleCounterTicks getticks(void) ++{ ++ unsigned long cc; ++ __asm__ __volatile__ ("rtc %0" : "=r"(cc)); ++ return (cc & 0xFFFFFFFF); ++} ++ ++INLINE_ELAPSED(__inline__) ++ ++#define HAVE_TICK_COUNTER ++#endif ++ + /*----------------------------------------------------------------*/ + #if defined(__GNUC__) && defined(__alpha__) && !defined(HAVE_TICK_COUNTER) + /* +@@ -441,6 +461,22 @@ INLINE_ELAPSED(__inline__) + #define HAVE_TICK_COUNTER + #endif + ++/*----------------------------------------------------------------*/ ++#if (defined(__DECC) || defined(__DECCXX)) && defined(__sw_64) && defined(HAVE_C_ASM_H) && !defined(HAVE_TICK_COUNTER) ++# include ++typedef unsigned int CycleCounterTicks; ++ ++static __inline CycleCounterTicks getticks(void) ++{ ++ unsigned long cc; ++ cc = asm("rtc %v0"); ++ return (cc & 0xFFFFFFFF); ++} ++ ++INLINE_ELAPSED(__inline) ++ ++#define HAVE_TICK_COUNTER ++#endif + /*----------------------------------------------------------------*/ + #if (defined(__DECC) || defined(__DECCXX)) && defined(__alpha) && defined(HAVE_C_ASM_H) && !defined(HAVE_TICK_COUNTER) + # include +-- +2.33.0 + diff --git a/qt5-qtbase-cxxflag.patch b/qt5-qtbase-cxxflag.patch new file mode 100644 index 0000000..321f051 --- /dev/null +++ b/qt5-qtbase-cxxflag.patch @@ -0,0 +1,13 @@ +diff --git a/mkspecs/common/gcc-base.conf b/mkspecs/common/gcc-base.conf +index e7e6ee1..ff2a939 100644 +--- a/mkspecs/common/gcc-base.conf ++++ b/mkspecs/common/gcc-base.conf +@@ -32,7 +32,7 @@ + # + + QMAKE_CFLAGS_OPTIMIZE = -O2 +-QMAKE_CFLAGS_OPTIMIZE_FULL = -O3 ++QMAKE_CFLAGS_OPTIMIZE_FULL = -O2 + QMAKE_CFLAGS_OPTIMIZE_DEBUG = -Og + QMAKE_CFLAGS_OPTIMIZE_SIZE = -Os + diff --git a/qt5-qtbase-gcc11.patch b/qt5-qtbase-gcc11.patch new file mode 100644 index 0000000..c956712 --- /dev/null +++ b/qt5-qtbase-gcc11.patch @@ -0,0 +1,171 @@ +diff --git a/src/corelib/codecs/qtextcodec.cpp b/src/corelib/codecs/qtextcodec.cpp +index 06fd88da..dbff3239 100644 +--- a/src/corelib/codecs/qtextcodec.cpp ++++ b/src/corelib/codecs/qtextcodec.cpp +@@ -38,6 +38,7 @@ + ** + ****************************************************************************/ + ++#include + #include "qplatformdefs.h" + + #include "qtextcodec.h" +diff --git a/src/corelib/codecs/qutfcodec.cpp b/src/corelib/codecs/qutfcodec.cpp +index 8561f908..8128d3cf 100644 +--- a/src/corelib/codecs/qutfcodec.cpp ++++ b/src/corelib/codecs/qutfcodec.cpp +@@ -38,6 +38,8 @@ + ** + ****************************************************************************/ + ++#include ++ + #include "qutfcodec_p.h" + #include "qlist.h" + #include "qendian.h" +diff --git a/src/corelib/global/qendian.cpp b/src/corelib/global/qendian.cpp +index eb08b2f8..6b41b3dd 100644 +--- a/src/corelib/global/qendian.cpp ++++ b/src/corelib/global/qendian.cpp +@@ -38,6 +38,7 @@ + ** + ****************************************************************************/ + ++#include + #include "qendian.h" + + #include "qalgorithms.h" +diff --git a/src/corelib/global/qfloat16.cpp b/src/corelib/global/qfloat16.cpp +index c9733174..c62a1972 100644 +--- a/src/corelib/global/qfloat16.cpp ++++ b/src/corelib/global/qfloat16.cpp +@@ -38,6 +38,7 @@ + ** + ****************************************************************************/ + ++#include + #include "qfloat16.h" + #include "private/qsimd_p.h" + #include // for fpclassify()'s return values +diff --git a/src/corelib/global/qrandom.cpp b/src/corelib/global/qrandom.cpp +index 10672c1f..6d5fd63e 100644 +--- a/src/corelib/global/qrandom.cpp ++++ b/src/corelib/global/qrandom.cpp +@@ -40,6 +40,7 @@ + // for rand_s + #define _CRT_RAND_S + ++#include + #include "qrandom.h" + #include "qrandom_p.h" + #include +diff --git a/src/corelib/plugin/qelfparser_p.cpp b/src/corelib/plugin/qelfparser_p.cpp +index 13eee353..9e7a7a41 100644 +--- a/src/corelib/plugin/qelfparser_p.cpp ++++ b/src/corelib/plugin/qelfparser_p.cpp +@@ -37,6 +37,7 @@ + ** + ****************************************************************************/ + ++#include + #include "qelfparser_p.h" + + #if defined (Q_OF_ELF) && defined(Q_CC_GNU) +diff --git a/src/corelib/plugin/qmachparser.cpp b/src/corelib/plugin/qmachparser.cpp +index 11670caf..39f5596b 100644 +--- a/src/corelib/plugin/qmachparser.cpp ++++ b/src/corelib/plugin/qmachparser.cpp +@@ -37,6 +37,8 @@ + ** + ****************************************************************************/ + ++#include ++ + #include "qmachparser_p.h" + + #if defined(Q_OF_MACH_O) +diff --git a/src/corelib/plugin/quuid.cpp b/src/corelib/plugin/quuid.cpp +index 83873edf..5aafb4e5 100644 +--- a/src/corelib/plugin/quuid.cpp ++++ b/src/corelib/plugin/quuid.cpp +@@ -38,6 +38,7 @@ + ** + ****************************************************************************/ + ++#include + #include "quuid.h" + + #include "qcryptographichash.h" +diff --git a/src/corelib/serialization/qdatastream.cpp b/src/corelib/serialization/qdatastream.cpp +index 5082a8cb..7eecfcca 100644 +--- a/src/corelib/serialization/qdatastream.cpp ++++ b/src/corelib/serialization/qdatastream.cpp +@@ -40,6 +40,8 @@ + #include "qdatastream.h" + #include "qdatastream_p.h" + ++#include ++ + #if !defined(QT_NO_DATASTREAM) || defined(QT_BOOTSTRAPPED) + #include "qbuffer.h" + #include "qfloat16.h" +diff --git a/src/corelib/text/qbytearray.cpp b/src/corelib/text/qbytearray.cpp +index 9a72df58..6651ee98 100644 +--- a/src/corelib/text/qbytearray.cpp ++++ b/src/corelib/text/qbytearray.cpp +@@ -39,6 +39,7 @@ + ** + ****************************************************************************/ + ++#include + #include "qbytearray.h" + #include "qbytearraymatcher.h" + #include "private/qtools_p.h" +diff --git a/src/corelib/text/qbytearraymatcher.cpp b/src/corelib/text/qbytearraymatcher.cpp +index 72e09226..80511cb5 100644 +--- a/src/corelib/text/qbytearraymatcher.cpp ++++ b/src/corelib/text/qbytearraymatcher.cpp +@@ -37,6 +37,7 @@ + ** + ****************************************************************************/ + ++#include + #include "qbytearraymatcher.h" + + #include +diff --git a/src/corelib/tools/qbitarray.cpp b/src/corelib/tools/qbitarray.cpp +index ab3054d5..22efb3a0 100644 +--- a/src/corelib/tools/qbitarray.cpp ++++ b/src/corelib/tools/qbitarray.cpp +@@ -38,6 +38,7 @@ + ** + ****************************************************************************/ + ++#include + #include "qbitarray.h" + #include + #include +diff --git a/src/corelib/tools/qcryptographichash.cpp b/src/corelib/tools/qcryptographichash.cpp +index fa8d21e0..cd85956d 100644 +--- a/src/corelib/tools/qcryptographichash.cpp ++++ b/src/corelib/tools/qcryptographichash.cpp +@@ -38,6 +38,7 @@ + ** + ****************************************************************************/ + ++#include + #include + #include + +diff --git a/src/gui/text/qfontengine_qpf2.cpp b/src/gui/text/qfontengine_qpf2.cpp +index e00f9d05..917ab5f9 100644 +--- a/src/gui/text/qfontengine_qpf2.cpp ++++ b/src/gui/text/qfontengine_qpf2.cpp +@@ -37,6 +37,7 @@ + ** + ****************************************************************************/ + ++#include + #include "qfontengine_qpf2_p.h" + + #include diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec new file mode 100644 index 0000000..c8473ac --- /dev/null +++ b/qt5-qtbase.spec @@ -0,0 +1,1082 @@ +# See http://bugzilla.redhat.com/223663 +%global multilib_archs x86_64 %{ix86} %{?mips} ppc64 ppc s390x s390 sparc64 sparcv9 +%global multilib_basearchs x86_64 %{?mips64} ppc64 s390x sparc64 + +%global openssl -openssl-linked + +# support qtchooser (adds qtchooser .conf file) +%global qtchooser 1 +%if 0%{?qtchooser} +%global priority 10 +%ifarch %{multilib_basearchs} +%global priority 15 +%endif +%endif + +%global platform linux-g++ + +%if 0%{?use_clang} +%global platform linux-clang +%endif + +%global qt_module qtbase + +%global rpm_macros_dir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d) + +%global journald -journald +BuildRequires: make +BuildRequires: pkgconfig(libsystemd) + +%global examples 1 +## skip for now, until we're better at it --rex +#global tests 1 + +Name: qt5-qtbase +Summary: Qt5 - QtBase components +Version: 5.15.2 +Release: 17 + + +# See LGPL_EXCEPTIONS.txt, for exception details +License: LGPLv2 with exceptions or GPLv3 with exceptions +Url: http://qt-project.org/ +%global majmin %(echo %{version} | cut -d. -f1-2) +Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz + +# https://bugzilla.redhat.com/show_bug.cgi?id=1227295 +Source1: qtlogging.ini + +# header file to workaround multilib issue +# https://bugzilla.redhat.com/show_bug.cgi?id=1036956 +Source2: qconfig-multilib.h + +# xinitrc script to check for OpenGL 1 only drivers and automatically set +# QT_XCB_FORCE_SOFTWARE_OPENGL for them +Source3: 10-qt5-check-opengl2.sh + +# macros +Source4: macros.qt5-qtbase + +# borrowed from opensuse +# track private api via properly versioned symbols +# downside: binaries produced with these differently-versioned symbols are no longer +# compatible with qt-project.org's Qt binary releases. +Patch0001: tell-the-truth-about-private-api.patch + +# upstreamable patches +# namespace QT_VERSION_CHECK to workaround major/minor being pre-defined (#1396755) +Patch0002: qtbase-opensource-src-5.8.0-QT_VERSION_CHECK.patch + +# 1. Workaround moc/multilib issues +# https://bugzilla.redhat.com/show_bug.cgi?id=1290020 +# https://bugreports.qt.io/browse/QTBUG-49972 +# 2. Workaround sysmacros.h (pre)defining major/minor a breaking stuff +Patch0004: qtbase-opensource-src-5.7.1-moc_macros.patch + +# CMake generates wrong -isystem /usr/include compilations flags with Qt5::Gui +# https://bugzilla.redhat.com/1704474 +Patch0005: qtbase-everywhere-src-5.12.1-qt5gui_cmake_isystem_includes.patch + +# respect QMAKE_LFLAGS_RELEASE when building qmake +Patch0006: qtbase-qmake_LFLAGS.patch + +# don't use relocatable heuristics to guess prefix when using -no-feature-relocatable +Patch0007: qtbase-everywhere-src-5.14.2-no_relocatable.patch + +# drop -O3 and make -O2 by default +Patch0008: qt5-qtbase-cxxflag.patch + +# support firebird version 3.x +Patch0009: qt5-qtbase-5.12.1-firebird.patch + +# fix for new mariadb +Patch0010: qtbase-opensource-src-5.9.0-mysql.patch + +# python3 +Patch0011: qtbase-everywhere-src-5.11.1-python3.patch + +# https://bugzilla.redhat.com/show_bug.cgi?id=1732129 +Patch0012: qtbase-use-wayland-on-gnome.patch + +# gcc-11 +Patch0013: %{name}-gcc11.patch + +# glibc stat + +## upstream patches +# see also patch90 +Patch0014: qtbase-QTBUG-90395.patch +Patch0015: qtbase-QTBUG-89977.patch +Patch0017: qtbase-QTBUG-91909.patch +Patch0018: 0001-modify-kwin_5.18-complier-error.patch +# https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.15.2+dfsg-15 +Patch0019: CVE-2021-38593.patch +Patch0020: CVE-2022-25255.patch +Patch0021: qt5-qtbase-Add-sw64-architecture.patch +Patch0022: add-loongarch64-support.patch +# https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff +Patch0023: CVE-2023-24607.patch +Patch0024: CVE-2023-32762.patch +Patch0025: CVE-2023-32763.patch +# https://github.com/qt/qtbase/commit/d76b11a +# https://download.qt.io/official_releases/qt/5.15/CVE-2023-37369-qtbase-5.15.diff +Patch0026: CVE-2023-37369-pre.patch +Patch0027: CVE-2023-37369.patch +Patch0028: CVE-2023-33285.patch +Patch0029: qtbase5.15-CVE-2023-34410.patch +##https://codereview.qt-project.org/c/qt/qtbase/+/488960 +Patch0030: qtbase5.15.2-CVE-2023-38197.patch +#https://codereview.qt-project.org/c/qt/qtbase/+/503026 +Patch0031: qtbase5.15.2-CVE-2023-43114.patch +Patch0032: CVE-2024-25580-qtbase-5.15.diff + +Patch1000: 1000-add-loongarch64-support-for-syscall_fork.patch +Patch1001: 1001-add-sw_64-support-for-syscall_fork.patch +Patch1002: qtbase5.15-CVE-2023-51714.patch +Patch1003: CVE-2023-45935.patch +Patch1004: CVE-2025-30348.patch + +# Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. +# Those themes are there for platform integration. If the required libraries are +# not there, the platform to integrate with isn't either. Then Qt will just +# silently ignore the plugin that fails to load. Thus, there is no need to let +# RPM drag in gtk3 as a dependency for the GTK+3 dialog support. +%global __requires_exclude_from ^%{_qt5_plugindir}/platformthemes/.*$ +# filter plugin provides +%global __provides_exclude_from ^%{_qt5_plugindir}/.*\\.so$ + +BuildRequires: cups-devel +BuildRequires: desktop-file-utils +BuildRequires: findutils +BuildRequires: libjpeg-devel +BuildRequires: libmng-devel +BuildRequires: libtiff-devel +BuildRequires: pkgconfig(alsa) +# required for -accessibility +BuildRequires: pkgconfig(atspi-2) +%if 0%{?use_clang} +BuildRequires: clang >= 3.7.0 +%else +BuildRequires: gcc-c++ +%endif +# http://bugzilla.redhat.com/1196359 + +%global dbus -dbus-linked +BuildRequires: pkgconfig(dbus-1) + +BuildRequires: pkgconfig(libdrm) +BuildRequires: pkgconfig(fontconfig) +BuildRequires: pkgconfig(gl) +BuildRequires: pkgconfig(glib-2.0) +BuildRequires: pkgconfig(gtk+-3.0) +BuildRequires: pkgconfig(libproxy-1.0) +# xcb-sm +BuildRequires: pkgconfig(ice) pkgconfig(sm) +BuildRequires: pkgconfig(libpng) +BuildRequires: pkgconfig(libudev) +BuildRequires: openssl-devel +BuildRequires: pkgconfig(libpulse) pkgconfig(libpulse-mainloop-glib) +BuildRequires: pkgconfig(libinput) +BuildRequires: pkgconfig(xcb-xkb) >= 1.10 +BuildRequires: pkgconfig(xcb-util) +BuildRequires: pkgconfig(xkbcommon) >= 0.4.1 +BuildRequires: pkgconfig(xkbcommon-x11) >= 0.4.1 +BuildRequires: pkgconfig(xkeyboard-config) +%global vulkan 1 +BuildRequires: pkgconfig(vulkan) + +%global egl 1 +BuildRequires: libEGL-devel +BuildRequires: pkgconfig(gbm) +## TODO: apparently only needed if building opengl_es2 support, do we actually use it? -- rex +BuildRequires: pkgconfig(glesv2) +%global sqlite -system-sqlite +BuildRequires: pkgconfig(sqlite3) >= 3.7 + +%global harfbuzz -system-harfbuzz +BuildRequires: pkgconfig(harfbuzz) >= 0.9.42 + +BuildRequires: pkgconfig(icu-i18n) +BuildRequires: pkgconfig(libpcre2-posix) >= 10.20 +BuildRequires: pkgconfig(libpcre) >= 8.0 +%global pcre -system-pcre +BuildRequires: pkgconfig(xcb-xkb) + +BuildRequires: libicu-devel +%global pcre -qt-pcre + +BuildRequires: pkgconfig(xcb) pkgconfig(xcb-glx) pkgconfig(xcb-icccm) pkgconfig(xcb-image) pkgconfig(xcb-keysyms) pkgconfig(xcb-renderutil) +BuildRequires: pkgconfig(zlib) +BuildRequires: perl-generators +# see patch68 +BuildRequires: python3 +BuildRequires: qt5-rpm-macros + +%if 0%{?tests} +BuildRequires: dbus-x11 +BuildRequires: mesa-dri-drivers +BuildRequires: time +BuildRequires: xorg-x11-server-Xvfb +%endif + +%if 0%{?qtchooser} + +Conflicts: qt < 1:4.8.6-10 + +Requires(post): %{_sbindir}/update-alternatives +Requires(postun): %{_sbindir}/update-alternatives +%endif +Requires: qt-settings +Requires: %{name}-common = %{version}-%{release} + +## Sql drivers + +%global ibase -no-sql-ibase +%global tds -no-sql-tds + + +# workaround gold linker bug(s) by not using it +# https://bugzilla.redhat.com/1458003 +# https://sourceware.org/bugzilla/show_bug.cgi?id=21074 +# reportedly fixed or worked-around, re-enable if there's evidence of problems -- rex +# https://bugzilla.redhat.com/show_bug.cgi?id=1635973 +%global use_gold_linker -no-use-gold-linker + +%description +Qt is a software toolkit for developing applications. + +This package contains base tools, like string, xml, and network +handling. + +%package common +Summary: Common files for Qt5 +# offer upgrade path for qtquick1 somewhere... may as well be here -- rex +Obsoletes: qt5-qtquick1 < 5.9.0 +Obsoletes: qt5-qtquick1-devel < 5.9.0 +Requires: %{name} = %{version}-%{release} +BuildArch: noarch +%description common +%{summary}. + +%package devel +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-gui%{?_isa} +%if 0%{?egl} +Requires: libEGL-devel +%endif +Requires: pkgconfig(gl) +%if 0%{?vulkan} +Requires: pkgconfig(vulkan) +%endif +Requires: qt5-rpm-macros +%if 0%{?use_clang} +Requires: clang >= 3.7.0 +%endif +%description devel +%{summary}. + +%package private-devel +Summary: Development files for %{name} private APIs +# upgrade path, when private-devel was introduced +Obsoletes: %{name}-devel < 5.12.1-3 +Requires: %{name}-devel%{?_isa} = %{version}-%{release} +# QtPrintSupport/private requires cups/ppd.h +Requires: cups-devel +%description private-devel +%{summary}. + +%package examples +Summary: Programming examples for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description examples +%{summary}. + +%package static +Summary: Static library files for %{name} +Requires: %{name}-devel%{?_isa} = %{version}-%{release} +Requires: pkgconfig(fontconfig) +Requires: pkgconfig(glib-2.0) +Requires: pkgconfig(libinput) +Requires: pkgconfig(xkbcommon) +Requires: pkgconfig(zlib) + +%description static +%{summary}. + +%if "%{?ibase}" != "-no-sql-ibase" +%package ibase +Summary: IBase driver for Qt5's SQL classes +BuildRequires: firebird-devel +Requires: %{name}%{?_isa} = %{version}-%{release} +%description ibase +%{summary}. +%endif + +%package mysql +Summary: MySQL driver for Qt5's SQL classes + +BuildRequires: mariadb-connector-c-devel + +#BuildRequires: mysql-devel + +Requires: %{name}%{?_isa} = %{version}-%{release} +%description mysql +%{summary}. + +%package odbc +Summary: ODBC driver for Qt5's SQL classes +BuildRequires: unixODBC-devel +Requires: %{name}%{?_isa} = %{version}-%{release} +%description odbc +%{summary}. + +%package postgresql +Summary: PostgreSQL driver for Qt5's SQL classes +BuildRequires: libpq-devel +Requires: %{name}%{?_isa} = %{version}-%{release} +%description postgresql +%{summary}. + +%if "%{?tds}" != "-no-sql-tds" +%package tds +Summary: TDS driver for Qt5's SQL classes +BuildRequires: freetds-devel +Requires: %{name}%{?_isa} = %{version}-%{release} +%description tds +%{summary}. +%endif + +# debating whether to do 1 subpkg per library or not -- rex +%package gui +Summary: Qt5 GUI-related libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Recommends: mesa-dri-drivers +Obsoletes: qt5-qtbase-x11 < 5.2.0 +Provides: qt5-qtbase-x11 = %{version}-%{release} +# for Source3: 10-qt5-check-opengl2.sh: +# glxinfo +Requires: glx-utils +%description gui +Qt5 libraries used for drawing widgets and OpenGL items. + + +%prep +%autosetup -p1 -n %{qt_module}-everywhere-src-%{version} + +# move some bundled libs to ensure they're not accidentally used +pushd src/3rdparty +mkdir UNUSED +mv freetype libjpeg libpng zlib UNUSED/ +%if "%{?sqlite}" == "-system-sqlite" +mv sqlite UNUSED/ +%endif +%if "%{?xcb}" != "-qt-xcb" +mv xcb UNUSED/ +%endif +popd + +# builds failing mysteriously on f20 +# ./configure: Permission denied +# check to ensure that can't happen -- rex +test -x configure || chmod +x configure + +# use proper perl interpretter so autodeps work as expected +sed -i -e "s|^#!/usr/bin/env perl$|#!%{__perl}|" \ + bin/fixqt4headers.pl \ + bin/syncqt.pl \ + mkspecs/features/data/unix/findclasslist.pl + + +%build +# QT is known not to work properly with LTO at this point. Some of the issues +# are being worked on upstream and disabling LTO should be re-evaluated as +# we update this change. Until such time... +# Disable LTO +# https://bugzilla.redhat.com/1900527 +%define _lto_cflags %{nil} + +## FIXME/TODO: +# * for %%ix86, add sse2 enabled builds for Qt5Gui, Qt5Core, QtNetwork, see also: +# http://anonscm.debian.org/cgit/pkg-kde/qt/qtbase.git/tree/debian/rules (234-249) + +## adjust $RPM_OPT_FLAGS +# remove -fexceptions +RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fexceptions||g'` +RPM_OPT_FLAGS="$RPM_OPT_FLAGS %{?qt5_arm_flag} %{?qt5_deprecated_flag} %{?qt5_null_flag}" + +%if 0%{?use_clang} +RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fno-delete-null-pointer-checks||g'` +%endif + +export CFLAGS="$CFLAGS $RPM_OPT_FLAGS" +export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS" +export LDFLAGS="$LDFLAGS $RPM_LD_FLAGS" +export MAKEFLAGS="%{?_smp_mflags}" + +./configure \ + -verbose \ + -confirm-license \ + -opensource \ + -prefix %{_qt5_prefix} \ + -archdatadir %{_qt5_archdatadir} \ + -bindir %{_qt5_bindir} \ + -libdir %{_qt5_libdir} \ + -libexecdir %{_qt5_libexecdir} \ + -datadir %{_qt5_datadir} \ + -docdir %{_qt5_docdir} \ + -examplesdir %{_qt5_examplesdir} \ + -headerdir %{_qt5_headerdir} \ + -importdir %{_qt5_importdir} \ + -plugindir %{_qt5_plugindir} \ + -sysconfdir %{_qt5_sysconfdir} \ + -translationdir %{_qt5_translationdir} \ + -platform %{platform} \ + -release \ + -shared \ + -accessibility \ + %{?dbus}%{!?dbus:-dbus-runtime} \ + %{?egl:-egl} \ + -fontconfig \ + -glib \ + -gtk \ + %{?ibase} \ + -icu \ + %{?journald} \ + -optimized-qmake \ + %{?openssl} \ + %{!?examples:-nomake examples} \ + %{!?tests:-nomake tests} \ + -no-pch \ + -no-reduce-relocations \ + -no-rpath \ + -no-separate-debug-info \ + -no-strip \ + -system-libjpeg \ + -system-libpng \ + %{?harfbuzz} \ + %{?pcre} \ + %{?sqlite} \ + %{?tds} \ + %{?xcb} \ + %{?xkbcommon} \ + -system-zlib \ + %{?use_gold_linker} \ + -no-directfb \ + -no-feature-relocatable \ + QMAKE_CFLAGS_RELEASE="${CFLAGS:-$RPM_OPT_FLAGS}" \ + QMAKE_CXXFLAGS_RELEASE="${CXXFLAGS:-$RPM_OPT_FLAGS}" \ + QMAKE_LFLAGS_RELEASE="${LDFLAGS:-$RPM_LD_FLAGS}" + +# ensure qmake build using optflags (which can happen if not munging qmake.conf defaults) +make clean -C qmake +%make_build -C qmake all binary \ + QMAKE_CFLAGS_RELEASE="${CFLAGS:-$RPM_OPT_FLAGS}" \ + QMAKE_CXXFLAGS_RELEASE="${CXXFLAGS:-$RPM_OPT_FLAGS}" \ + QMAKE_LFLAGS_RELEASE="${LDFLAGS:-$RPM_LD_FLAGS}" \ + QMAKE_STRIP= + +%make_build + + +%install +make install INSTALL_ROOT=%{buildroot} + +install -m644 -p -D %{SOURCE1} %{buildroot}%{_qt5_datadir}/qtlogging.ini + +# Qt5.pc +cat >%{buildroot}%{_libdir}/pkgconfig/Qt5.pc< 5-%{__isa_bits}.conf +## FIXME/TODO: verify qtchooser (still) happy if _qt5_prefix uses %%_prefix instead of %%_libdir/qt5 + echo "%{_qt5_prefix}" >> 5-%{__isa_bits}.conf + # alternatives targets + touch default.conf 5.conf + popd +%endif + +## .prl/.la file love +# nuke .prl reference(s) to %%buildroot, excessive (.la-like) libs +pushd %{buildroot}%{_qt5_libdir} +for prl_file in libQt5*.prl ; do + sed -i -e "/^QMAKE_PRL_BUILD_DIR/d" ${prl_file} + if [ -f "$(basename ${prl_file} .prl).so" ]; then + rm -fv "$(basename ${prl_file} .prl).la" + sed -i -e "/^QMAKE_PRL_LIBS/d" ${prl_file} + fi +done +popd + +install -p -m755 -D %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xinit/xinitrc.d/10-qt5-check-opengl2.sh + +# install privat headers for qtxcb +mkdir -p %{buildroot}%{_qt5_headerdir}/QtXcb +install -m 644 src/plugins/platforms/xcb/*.h %{buildroot}%{_qt5_headerdir}/QtXcb/ + + +%check +# verify Qt5.pc +export PKG_CONFIG_PATH=%{buildroot}%{_libdir}/pkgconfig +test "$(pkg-config --modversion Qt5)" = "%{version}" +%if 0%{?tests} +## see tests/README for expected environment (running a plasma session essentially) +## we are not quite there yet +export CTEST_OUTPUT_ON_FAILURE=1 +export PATH=%{buildroot}%{_qt5_bindir}:$PATH +export LD_LIBRARY_PATH=%{buildroot}%{_qt5_libdir} +# dbus tests error out when building if session bus is not available +dbus-launch --exit-with-session \ +%make_build sub-tests -k ||: +xvfb-run -a --server-args="-screen 0 1280x1024x32" \ +dbus-launch --exit-with-session \ +time \ +make check -k ||: +%endif + + +%if 0%{?qtchooser} +%pre +if [ $1 -gt 1 ] ; then +# remove short-lived qt5.conf alternatives +%{_sbindir}/update-alternatives \ + --remove qtchooser-qt5 \ + %{_sysconfdir}/xdg/qtchooser/qt5-%{__isa_bits}.conf >& /dev/null ||: + +%{_sbindir}/update-alternatives \ + --remove qtchooser-default \ + %{_sysconfdir}/xdg/qtchooser/qt5.conf >& /dev/null ||: +fi +%endif + +%post +%{?ldconfig} +%if 0%{?qtchooser} +%{_sbindir}/update-alternatives \ + --install %{_sysconfdir}/xdg/qtchooser/5.conf \ + qtchooser-5 \ + %{_sysconfdir}/xdg/qtchooser/5-%{__isa_bits}.conf \ + %{priority} + +%{_sbindir}/update-alternatives \ + --install %{_sysconfdir}/xdg/qtchooser/default.conf \ + qtchooser-default \ + %{_sysconfdir}/xdg/qtchooser/5.conf \ + %{priority} +%endif + +%postun +%{?ldconfig} +%if 0%{?qtchooser} +if [ $1 -eq 0 ]; then +%{_sbindir}/update-alternatives \ + --remove qtchooser-5 \ + %{_sysconfdir}/xdg/qtchooser/5-%{__isa_bits}.conf + +%{_sbindir}/update-alternatives \ + --remove qtchooser-default \ + %{_sysconfdir}/xdg/qtchooser/5.conf +fi +%endif + +%files +%license LICENSE.FDL +%license LICENSE.GPL* +%license LICENSE.LGPL* +%if 0%{?qtchooser} +%dir %{_sysconfdir}/xdg/qtchooser +# not editable config files, so not using %%config here +%ghost %{_sysconfdir}/xdg/qtchooser/default.conf +%ghost %{_sysconfdir}/xdg/qtchooser/5.conf +%{_sysconfdir}/xdg/qtchooser/5-%{__isa_bits}.conf +%endif +%dir %{_sysconfdir}/xdg/QtProject/ +%{_qt5_libdir}/libQt5Concurrent.so.5* +%{_qt5_libdir}/libQt5Core.so.5* +%{_qt5_libdir}/libQt5DBus.so.5* +%{_qt5_libdir}/libQt5Network.so.5* +%{_qt5_libdir}/libQt5Sql.so.5* +%{_qt5_libdir}/libQt5Test.so.5* +%{_qt5_libdir}/libQt5Xml.so.5* +%dir %{_qt5_libdir}/cmake/ +%dir %{_qt5_libdir}/cmake/Qt5/ +%dir %{_qt5_libdir}/cmake/Qt5Concurrent/ +%dir %{_qt5_libdir}/cmake/Qt5Core/ +%dir %{_qt5_libdir}/cmake/Qt5DBus/ +%dir %{_qt5_libdir}/cmake/Qt5Gui/ +%dir %{_qt5_libdir}/cmake/Qt5Network/ +%dir %{_qt5_libdir}/cmake/Qt5OpenGL/ +%dir %{_qt5_libdir}/cmake/Qt5PrintSupport/ +%dir %{_qt5_libdir}/cmake/Qt5Sql/ +%dir %{_qt5_libdir}/cmake/Qt5Test/ +%dir %{_qt5_libdir}/cmake/Qt5Widgets/ +%dir %{_qt5_libdir}/cmake/Qt5Xml/ +%dir %{_qt5_docdir}/ +%{_qt5_docdir}/global/ +%{_qt5_docdir}/config/ +%{_qt5_importdir}/ +%{_qt5_translationdir}/ +%if "%{_qt5_prefix}" != "%{_prefix}" +%dir %{_qt5_prefix}/ +%endif +%dir %{_qt5_archdatadir}/ +%dir %{_qt5_datadir}/ +%{_qt5_datadir}/qtlogging.ini +%dir %{_qt5_libexecdir}/ +%dir %{_qt5_plugindir}/ +%dir %{_qt5_plugindir}/bearer/ +%{_qt5_plugindir}/bearer/libqconnmanbearer.so +%{_qt5_plugindir}/bearer/libqgenericbearer.so +%{_qt5_plugindir}/bearer/libqnmbearer.so +%{_qt5_libdir}/cmake/Qt5Network/Qt5Network_QConnmanEnginePlugin.cmake +%{_qt5_libdir}/cmake/Qt5Network/Qt5Network_QGenericEnginePlugin.cmake +%{_qt5_libdir}/cmake/Qt5Network/Qt5Network_QNetworkManagerEnginePlugin.cmake +%dir %{_qt5_plugindir}/designer/ +%dir %{_qt5_plugindir}/generic/ +%dir %{_qt5_plugindir}/iconengines/ +%dir %{_qt5_plugindir}/imageformats/ +%dir %{_qt5_plugindir}/platforminputcontexts/ +%dir %{_qt5_plugindir}/platforms/ +%dir %{_qt5_plugindir}/platformthemes/ +%dir %{_qt5_plugindir}/printsupport/ +%dir %{_qt5_plugindir}/script/ +%dir %{_qt5_plugindir}/sqldrivers/ +%dir %{_qt5_plugindir}/styles/ +%{_qt5_plugindir}/sqldrivers/libqsqlite.so +%{_qt5_libdir}/cmake/Qt5Sql/Qt5Sql_QSQLiteDriverPlugin.cmake + +%files common +# mostly empty for now, consider: filesystem/dir ownership, licenses +%{rpm_macros_dir}/macros.qt5-qtbase + +%files devel +%if "%{_qt5_bindir}" != "%{_bindir}" +%dir %{_qt5_bindir} +%endif +%{_bindir}/moc* +%{_bindir}/qdbuscpp2xml* +%{_bindir}/qdbusxml2cpp* +%{_bindir}/qmake* +%{_bindir}/rcc* +%{_bindir}/syncqt* +%{_bindir}/uic* +%{_bindir}/qlalr +%{_bindir}/fixqt4headers.pl +%{_bindir}/qvkgen +%{_bindir}/tracegen +%{_qt5_bindir}/moc* +%{_qt5_bindir}/qdbuscpp2xml* +%{_qt5_bindir}/qdbusxml2cpp* +%{_qt5_bindir}/qmake* +%{_qt5_bindir}/rcc* +%{_qt5_bindir}/syncqt* +%{_qt5_bindir}/uic* +%{_qt5_bindir}/qlalr +%{_qt5_bindir}/fixqt4headers.pl +%{_qt5_bindir}/qvkgen +%if "%{_qt5_headerdir}" != "%{_includedir}" +%dir %{_qt5_headerdir} +%endif +%{_qt5_headerdir}/QtConcurrent/ +%{_qt5_headerdir}/QtCore/ +%{_qt5_headerdir}/QtDBus/ +%{_qt5_headerdir}/QtGui/ +%{_qt5_headerdir}/QtNetwork/ +%{_qt5_headerdir}/QtOpenGL/ +%{_qt5_headerdir}/QtPlatformHeaders/ +%{_qt5_headerdir}/QtPrintSupport/ +%{_qt5_headerdir}/QtSql/ +%{_qt5_headerdir}/QtTest/ +%{_qt5_headerdir}/QtWidgets/ +%{_qt5_headerdir}/QtXcb/ +%{_qt5_headerdir}/QtXml/ +%{_qt5_headerdir}/QtEglFSDeviceIntegration +%{_qt5_headerdir}/QtInputSupport +%{_qt5_headerdir}/QtEdidSupport +%{_qt5_headerdir}/QtXkbCommonSupport +%{_qt5_archdatadir}/mkspecs/ +%{_qt5_libdir}/libQt5Concurrent.prl +%{_qt5_libdir}/libQt5Concurrent.so +%{_qt5_libdir}/libQt5Core.prl +%{_qt5_libdir}/libQt5Core.so +%{_qt5_libdir}/libQt5DBus.prl +%{_qt5_libdir}/libQt5DBus.so +%{_qt5_libdir}/libQt5Gui.prl +%{_qt5_libdir}/libQt5Gui.so +%{_qt5_libdir}/libQt5Network.prl +%{_qt5_libdir}/libQt5Network.so +%{_qt5_libdir}/libQt5OpenGL.prl +%{_qt5_libdir}/libQt5OpenGL.so +%{_qt5_libdir}/libQt5PrintSupport.prl +%{_qt5_libdir}/libQt5PrintSupport.so +%{_qt5_libdir}/libQt5Sql.prl +%{_qt5_libdir}/libQt5Sql.so +%{_qt5_libdir}/libQt5Test.prl +%{_qt5_libdir}/libQt5Test.so +%{_qt5_libdir}/libQt5Widgets.prl +%{_qt5_libdir}/libQt5Widgets.so +%{_qt5_libdir}/libQt5XcbQpa.prl +%{_qt5_libdir}/libQt5XcbQpa.so +%{_qt5_libdir}/libQt5Xml.prl +%{_qt5_libdir}/libQt5Xml.so +%{_qt5_libdir}/libQt5EglFSDeviceIntegration.prl +%{_qt5_libdir}/libQt5EglFSDeviceIntegration.so +%{_qt5_libdir}/cmake/Qt5/Qt5Config*.cmake +%{_qt5_libdir}/cmake/Qt5Concurrent/Qt5ConcurrentConfig*.cmake +%{_qt5_libdir}/cmake/Qt5Core/Qt5CoreConfig*.cmake +%{_qt5_libdir}/cmake/Qt5Core/Qt5CoreMacros.cmake +%{_qt5_libdir}/cmake/Qt5Core/Qt5CTestMacros.cmake +%{_qt5_libdir}/cmake/Qt5DBus/Qt5DBusConfig*.cmake +%{_qt5_libdir}/cmake/Qt5DBus/Qt5DBusMacros.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5GuiConfig*.cmake +%{_qt5_libdir}/cmake/Qt5Network/Qt5NetworkConfig*.cmake +%{_qt5_libdir}/cmake/Qt5OpenGL/Qt5OpenGLConfig*.cmake +%{_qt5_libdir}/cmake/Qt5PrintSupport/Qt5PrintSupportConfig*.cmake +%{_qt5_libdir}/cmake/Qt5Sql/Qt5SqlConfig*.cmake +%{_qt5_libdir}/cmake/Qt5Test/Qt5TestConfig*.cmake +%{_qt5_libdir}/cmake/Qt5Widgets/Qt5WidgetsConfig*.cmake +%{_qt5_libdir}/cmake/Qt5Widgets/Qt5WidgetsMacros.cmake +%{_qt5_libdir}/cmake/Qt5Xml/Qt5XmlConfig*.cmake +%{_qt5_libdir}/cmake/Qt5/Qt5ModuleLocation.cmake +%{_qt5_libdir}/cmake/Qt5AccessibilitySupport/ +%{_qt5_libdir}/cmake/Qt5DeviceDiscoverySupport/ +%{_qt5_libdir}/cmake/Qt5EdidSupport/ +%{_qt5_libdir}/cmake/Qt5EglFSDeviceIntegration/ +%{_qt5_libdir}/cmake/Qt5EglFsKmsSupport/ +%{_qt5_libdir}/cmake/Qt5EglSupport/ +%{_qt5_libdir}/cmake/Qt5EventDispatcherSupport/ +%{_qt5_libdir}/cmake/Qt5FbSupport/ +%{_qt5_libdir}/cmake/Qt5FontDatabaseSupport/ +%{_qt5_libdir}/cmake/Qt5GlxSupport/ +%{_qt5_libdir}/cmake/Qt5InputSupport/ +%{_qt5_libdir}/cmake/Qt5KmsSupport/ +%{_qt5_libdir}/cmake/Qt5LinuxAccessibilitySupport/ +%{_qt5_libdir}/cmake/Qt5PlatformCompositorSupport/ +%{_qt5_libdir}/cmake/Qt5ServiceSupport/ +%{_qt5_libdir}/cmake/Qt5ThemeSupport/ +%{_qt5_libdir}/cmake/Qt5XcbQpa/ +%{_qt5_libdir}/cmake/Qt5XkbCommonSupport/ +%{_qt5_libdir}/metatypes/qt5core_metatypes.json +%{_qt5_libdir}/metatypes/qt5gui_metatypes.json +%{_qt5_libdir}/metatypes/qt5widgets_metatypes.json +%{_qt5_libdir}/pkgconfig/Qt5.pc +%{_qt5_libdir}/pkgconfig/Qt5Concurrent.pc +%{_qt5_libdir}/pkgconfig/Qt5Core.pc +%{_qt5_libdir}/pkgconfig/Qt5DBus.pc +%{_qt5_libdir}/pkgconfig/Qt5Gui.pc +%{_qt5_libdir}/pkgconfig/Qt5Network.pc +%{_qt5_libdir}/pkgconfig/Qt5OpenGL.pc +%{_qt5_libdir}/pkgconfig/Qt5PrintSupport.pc +%{_qt5_libdir}/pkgconfig/Qt5Sql.pc +%{_qt5_libdir}/pkgconfig/Qt5Test.pc +%{_qt5_libdir}/pkgconfig/Qt5Widgets.pc +%{_qt5_libdir}/pkgconfig/Qt5Xml.pc +%if 0%{?egl} +%{_qt5_libdir}/libQt5EglFsKmsSupport.prl +%{_qt5_libdir}/libQt5EglFsKmsSupport.so +%endif +%{_qt5_libdir}/qt5/bin/tracegen +## private-devel globs +# keep mkspecs/modules stuff in -devel for now, https://bugzilla.redhat.com/show_bug.cgi?id=1705280 +%{_qt5_archdatadir}/mkspecs/modules/qt_lib_*_private.pri +%exclude %{_qt5_headerdir}/*/%{version}/ + +%files private-devel +%{_qt5_headerdir}/*/%{version}/ +#{_qt5_archdatadir}/mkspecs/modules/qt_lib_*_private.pri + +%files static +%{_qt5_libdir}/libQt5Bootstrap.*a +%{_qt5_libdir}/libQt5Bootstrap.prl +%{_qt5_headerdir}/QtOpenGLExtensions/ +%{_qt5_libdir}/libQt5OpenGLExtensions.*a +%{_qt5_libdir}/libQt5OpenGLExtensions.prl +%{_qt5_libdir}/cmake/Qt5OpenGLExtensions/ +%{_qt5_libdir}/pkgconfig/Qt5OpenGLExtensions.pc +%{_qt5_libdir}/libQt5AccessibilitySupport.*a +%{_qt5_libdir}/libQt5AccessibilitySupport.prl +%{_qt5_headerdir}/QtAccessibilitySupport +%{_qt5_libdir}/libQt5DeviceDiscoverySupport.*a +%{_qt5_libdir}/libQt5DeviceDiscoverySupport.prl +%{_qt5_headerdir}/QtDeviceDiscoverySupport +%{_qt5_libdir}/libQt5EglSupport.*a +%{_qt5_libdir}/libQt5EglSupport.prl +%{_qt5_headerdir}/QtEglSupport +%{_qt5_libdir}/libQt5EventDispatcherSupport.*a +%{_qt5_libdir}/libQt5EventDispatcherSupport.prl +%{_qt5_headerdir}/QtEventDispatcherSupport +%{_qt5_libdir}/libQt5FbSupport.*a +%{_qt5_libdir}/libQt5FbSupport.prl +%{_qt5_headerdir}/QtFbSupport +%{_qt5_libdir}/libQt5FontDatabaseSupport.*a +%{_qt5_libdir}/libQt5FontDatabaseSupport.prl +%{_qt5_headerdir}/QtFontDatabaseSupport +%{_qt5_libdir}/libQt5GlxSupport.*a +%{_qt5_libdir}/libQt5GlxSupport.prl +%{_qt5_headerdir}/QtGlxSupport +%{_qt5_libdir}/libQt5InputSupport.*a +%{_qt5_libdir}/libQt5InputSupport.prl +%{_qt5_libdir}/libQt5LinuxAccessibilitySupport.*a +%{_qt5_libdir}/libQt5LinuxAccessibilitySupport.prl +%{_qt5_headerdir}/QtLinuxAccessibilitySupport +%{_qt5_libdir}/libQt5PlatformCompositorSupport.*a +%{_qt5_libdir}/libQt5PlatformCompositorSupport.prl +%{_qt5_headerdir}/QtPlatformCompositorSupport +%{_qt5_libdir}/libQt5ServiceSupport.*a +%{_qt5_libdir}/libQt5ServiceSupport.prl +%{_qt5_headerdir}/QtServiceSupport +%{_qt5_libdir}/libQt5ThemeSupport.*a +%{_qt5_libdir}/libQt5ThemeSupport.prl +%{_qt5_headerdir}/QtThemeSupport +%{_qt5_libdir}/libQt5KmsSupport.*a +%{_qt5_libdir}/libQt5KmsSupport.prl +%{_qt5_headerdir}/QtKmsSupport +%{_qt5_libdir}/libQt5EdidSupport.*a +%{_qt5_libdir}/libQt5EdidSupport.prl +%{_qt5_libdir}/libQt5XkbCommonSupport.*a +%{_qt5_libdir}/libQt5XkbCommonSupport.prl +%if 0%{?vulkan} +%{_qt5_headerdir}/QtVulkanSupport/ +%{_qt5_libdir}/cmake/Qt5VulkanSupport/ +%{_qt5_libdir}/libQt5VulkanSupport.*a +%{_qt5_libdir}/libQt5VulkanSupport.prl +%endif + +%if 0%{?examples} +%files examples +%{_qt5_examplesdir}/ +%endif + +%if "%{?ibase}" != "-no-sql-ibase" +%files ibase +%{_qt5_plugindir}/sqldrivers/libqsqlibase.so +%{_qt5_libdir}/cmake/Qt5Sql/Qt5Sql_QIBaseDriverPlugin.cmake +%endif + +%files mysql +%{_qt5_plugindir}/sqldrivers/libqsqlmysql.so +%{_qt5_libdir}/cmake/Qt5Sql/Qt5Sql_QMYSQLDriverPlugin.cmake + +%files odbc +%{_qt5_plugindir}/sqldrivers/libqsqlodbc.so +%{_qt5_libdir}/cmake/Qt5Sql/Qt5Sql_QODBCDriverPlugin.cmake + +%files postgresql +%{_qt5_plugindir}/sqldrivers/libqsqlpsql.so +%{_qt5_libdir}/cmake/Qt5Sql/Qt5Sql_QPSQLDriverPlugin.cmake + +%if "%{?tds}" != "-no-sql-tds" +%files tds +%{_qt5_plugindir}/sqldrivers/libqsqltds.so +%{_qt5_libdir}/cmake/Qt5Sql/Qt5Sql_QTDSDriverPlugin.cmake +%endif + +%ldconfig_scriptlets gui + +%files gui +%dir %{_sysconfdir}/X11/xinit +%dir %{_sysconfdir}/X11/xinit/xinitrc.d/ +%{_sysconfdir}/X11/xinit/xinitrc.d/10-qt5-check-opengl2.sh +%{_qt5_libdir}/libQt5Gui.so.5* +%{_qt5_libdir}/libQt5OpenGL.so.5* +%{_qt5_libdir}/libQt5PrintSupport.so.5* +%{_qt5_libdir}/libQt5Widgets.so.5* +%{_qt5_libdir}/libQt5XcbQpa.so.5* +%{_qt5_plugindir}/generic/libqevdevkeyboardplugin.so +%{_qt5_plugindir}/generic/libqevdevmouseplugin.so +%{_qt5_plugindir}/generic/libqevdevtabletplugin.so +%{_qt5_plugindir}/generic/libqevdevtouchplugin.so +%{_qt5_plugindir}/generic/libqlibinputplugin.so +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QLibInputPlugin.cmake +%{_qt5_plugindir}/generic/libqtuiotouchplugin.so +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEvdevKeyboardPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEvdevMousePlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEvdevTabletPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEvdevTouchScreenPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QTuioTouchPlugin.cmake +%{_qt5_plugindir}/imageformats/libqgif.so +%{_qt5_plugindir}/imageformats/libqico.so +%{_qt5_plugindir}/imageformats/libqjpeg.so +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QGifPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QICOPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QJpegPlugin.cmake +%{_qt5_plugindir}/platforminputcontexts/libcomposeplatforminputcontextplugin.so +%{_qt5_plugindir}/platforminputcontexts/libibusplatforminputcontextplugin.so +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QComposePlatformInputContextPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QIbusPlatformInputContextPlugin.cmake +%if 0%{?egl} +%{_qt5_libdir}/libQt5EglFSDeviceIntegration.so.5* +%{_qt5_libdir}/libQt5EglFsKmsSupport.so.5* +%{_qt5_plugindir}/platforms/libqeglfs.so +%{_qt5_plugindir}/platforms/libqminimalegl.so +%dir %{_qt5_plugindir}/egldeviceintegrations/ +%{_qt5_plugindir}/egldeviceintegrations/libqeglfs-kms-integration.so +#%%{_qt5_plugindir}/egldeviceintegrations/libqeglfs-x11-integration.so +#%%{_qt5_plugindir}/xcbglintegrations/libqxcb-egl-integration.so +%{_qt5_plugindir}/egldeviceintegrations/libqeglfs-kms-egldevice-integration.so +%{_qt5_plugindir}/egldeviceintegrations/libqeglfs-emu-integration.so +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QMinimalEglIntegrationPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSIntegrationPlugin.cmake +#%%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSX11IntegrationPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSKmsGbmIntegrationPlugin.cmake +#%%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QXcbEglIntegrationPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSKmsEglDeviceIntegrationPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSEmulatorIntegrationPlugin.cmake +%endif +%{_qt5_plugindir}/platforms/libqlinuxfb.so +%{_qt5_plugindir}/platforms/libqminimal.so +%{_qt5_plugindir}/platforms/libqoffscreen.so +%{_qt5_plugindir}/platforms/libqxcb.so +%{_qt5_plugindir}/platforms/libqvnc.so +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QLinuxFbIntegrationPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QMinimalIntegrationPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QOffscreenIntegrationPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QVncIntegrationPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QXcbIntegrationPlugin.cmake +%{_qt5_plugindir}/xcbglintegrations/libqxcb-glx-integration.so +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QXcbGlxIntegrationPlugin.cmake +%{_qt5_plugindir}/platformthemes/libqxdgdesktopportal.so +%{_qt5_plugindir}/platformthemes/libqgtk3.so +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QXdgDesktopPortalThemePlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QGtk3ThemePlugin.cmake +%{_qt5_plugindir}/printsupport/libcupsprintersupport.so +%{_qt5_libdir}/cmake/Qt5PrintSupport/Qt5PrintSupport_QCupsPrinterSupportPlugin.cmake + + +%changelog +* Wed Apr 02 2025 Funda Wang - 5.15.2-17 +- fix CVE-2025-30348 + +* Wed Apr 24 2024 lvfei - 5.15.2-16 +- Fix CVE-2023-45935 + +* Wed Apr 17 2024 peijiankang - 5.15.2-15 +- add CVE-2024-25580-qtbase-5.15.diff + +* Wed Jan 31 2024 douyan - 5.15.2-14 +- add qtbase5.15-CVE-2023-51714.patch + +* Sat Nov 25 2023 hua_yadong - 5.15.2-13 +- fix qtbase5.15.2-CVE-2023-43114.patch + +* Fri Nov 24 2023 hua_yadong - 5.15.2-12 +- fix qtbase5.15.2-CVE-2023-38197.patch + +* Thu Nov 02 2023 peijiankang - 5.15.2-11 +- fix CVE-2023-34410 + +* Wed Nov 01 2023 peijiankang - 5.15.2-10 +- fix CVE-2023-33285 + +* Wed Sep 06 2023 panchenbo - 5.15.2-9 +- add loongarch64 and sw_64 syscall_fork support + +* Fri Sep 01 2023 wangkai <13474090681@163.com> - 5.15.2-8 +- Fix CVE-2023-37369 + +* Wed Jun 28 2023 yaoxin - 5.15.2-7 +- Fix CVE-2023-32762 and CVE-2023-32763 + +* Fri Apr 28 2023 douyan - 5.15.2-6 +- fix CVE-2023-24607 + +* Mon Dec 12 2022 huajingyun - 5.15.2-5 +- add loongarch64 support + +* Tue Oct 25 2022 wuzx - 5.15.2-4 +- Add sw64 architecture + +* Wed Jul 27 2022 peijiankang - 5.15.2-3 +- remove unnecessary file + +* Tue Jul 26 2022 wangkai - 5.15.2-2 +- Fix CVE-2021-38593 and CVE-2022-25255 + +* Sat Dec 11 2021 hua_yadong - 5.15.2-1 +- update to upstream version 5.15.2 + +* Wed Apr 21 2021 wangyue - 5.11.1-14 +- fix CVE-2019-18281 + +* Sat Nov 28 2020 liyuanrong - 5.11.1-13 +- add double conversion support riscv + +* Mon Sep 21 2020 wutao - 5.11.1-12 +- fix CVE-2015-9541 + +* Mon Sep 14 2020 liuweibo - 5.11.1-11 +- Fix Source0 + +* Mon May 25 2020 lizhenhua - 5.11.1-10 +- Fix compile issue with gcc 9 + +* Wed Dec 25 2019 fengbing - 5.11.1-9 +- Type:cves +- ID:CVE-2018-15518 +- SUG:restart +- DESC: fix CVE-2018-15518 + +* Thu Nov 07 2019 yanzhihua - 5.11.1-8 +- Package init diff --git a/qt5-qtbase.yaml b/qt5-qtbase.yaml new file mode 100644 index 0000000..2bea53e --- /dev/null +++ b/qt5-qtbase.yaml @@ -0,0 +1,4 @@ +version_control: git +src_repo: https://code.qt.io/qt/qtbase.git +tag_prefix: "^v" +seperator: "." diff --git a/qtbase-QTBUG-89977.patch b/qtbase-QTBUG-89977.patch new file mode 100644 index 0000000..cfaac11 --- /dev/null +++ b/qtbase-QTBUG-89977.patch @@ -0,0 +1,11 @@ +diff -up qtbase-everywhere-src-5.15.2/src/corelib/text/qbytearray.h.foo qtbase-everywhere-src-5.15.2/src/corelib/text/qbytearray.h +--- qtbase-everywhere-src-5.15.2/src/corelib/text/qbytearray.h.foo 2020-10-27 03:02:11.000000000 -0500 ++++ qtbase-everywhere-src-5.15.2/src/corelib/text/qbytearray.h 2021-02-06 17:05:04.879201352 -0600 +@@ -51,6 +49,7 @@ + + #include + #include ++#include + + #ifdef truncate + #error qbytearray.h must be included before any header file that defines truncate diff --git a/qtbase-QTBUG-90395.patch b/qtbase-QTBUG-90395.patch new file mode 100644 index 0000000..cc4bb6e --- /dev/null +++ b/qtbase-QTBUG-90395.patch @@ -0,0 +1,23 @@ +diff -up qtbase-everywhere-src-5.15.2/src/corelib/global/qendian.h.QTBUG-90395 qtbase-everywhere-src-5.15.2/src/corelib/global/qendian.h +--- qtbase-everywhere-src-5.15.2/src/corelib/global/qendian.h.QTBUG-90395 2020-10-27 03:02:11.000000000 -0500 ++++ qtbase-everywhere-src-5.15.2/src/corelib/global/qendian.h 2021-02-06 16:36:27.072105717 -0600 +@@ -44,6 +44,8 @@ + #include + #include + ++#include ++ + // include stdlib.h and hope that it defines __GLIBC__ for glibc-based systems + #include + #include +diff -up qtbase-everywhere-src-5.15.2/src/corelib/global/qfloat16.h.QTBUG-90395 qtbase-everywhere-src-5.15.2/src/corelib/global/qfloat16.h +--- qtbase-everywhere-src-5.15.2/src/corelib/global/qfloat16.h.QTBUG-90395 2021-02-06 16:36:27.074105730 -0600 ++++ qtbase-everywhere-src-5.15.2/src/corelib/global/qfloat16.h 2021-02-06 16:37:19.212440114 -0600 +@@ -43,6 +43,7 @@ + + #include + #include ++#include + #include + + #if defined(QT_COMPILER_SUPPORTS_F16C) && defined(__AVX2__) && !defined(__F16C__) diff --git a/qtbase-QTBUG-91909.patch b/qtbase-QTBUG-91909.patch new file mode 100644 index 0000000..32cd8a4 --- /dev/null +++ b/qtbase-QTBUG-91909.patch @@ -0,0 +1,31 @@ +From 659f7a06e91c04b239e3f4c0bcfccbe3581af1c3 Mon Sep 17 00:00:00 2001 +From: Sona Kurazyan +Date: Wed, 17 Mar 2021 16:04:00 +0100 +Subject: [PATCH] Remove the unnecessary template parameter from the class specialization + +This seems to cause errors when compiling with gcc-11. Although this is +most likely a compiler bug, specifiying the template parameter type in +this case isn't necessary. + +Fixes: QTBUG-91909 +Fixes: QTBUG-90568 +Pick-to: 6.0 6.1 5.15 +Change-Id: Ib231257ccb2e16cc533f23ca5840d31e26a66d53 +Reviewed-by: Mårten Nordheim +--- + +diff --git a/src/concurrent/qtconcurrentthreadengine.h b/src/concurrent/qtconcurrentthreadengine.h +index cbd8ad04..4cd5b85 100644 +--- a/src/concurrent/qtconcurrentthreadengine.h ++++ b/src/concurrent/qtconcurrentthreadengine.h +@@ -256,8 +256,8 @@ + class ThreadEngineStarter : public ThreadEngineStarterBase + { + public: +- ThreadEngineStarter(ThreadEngine *_threadEngine) +- :ThreadEngineStarterBase(_threadEngine) {} ++ ThreadEngineStarter(ThreadEngine *_threadEngine) ++ : ThreadEngineStarterBase(_threadEngine) {} + + void startBlocking() + { diff --git a/qtbase-everywhere-src-5.11.1-python3.patch b/qtbase-everywhere-src-5.11.1-python3.patch new file mode 100644 index 0000000..40dfd47 --- /dev/null +++ b/qtbase-everywhere-src-5.11.1-python3.patch @@ -0,0 +1,9 @@ +diff -up qtbase-everywhere-src-5.11.1/mkspecs/features/uikit/devices.py.me qtbase-everywhere-src-5.11.1/mkspecs/features/uikit/devices.py +--- qtbase-everywhere-src-5.11.1/mkspecs/features/uikit/devices.py.me 2018-06-23 11:29:21.750066271 +0200 ++++ qtbase-everywhere-src-5.11.1/mkspecs/features/uikit/devices.py 2018-06-23 11:30:07.457292033 +0200 +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/python3 + + ############################################################################# + ## diff --git a/qtbase-everywhere-src-5.12.1-qt5gui_cmake_isystem_includes.patch b/qtbase-everywhere-src-5.12.1-qt5gui_cmake_isystem_includes.patch new file mode 100644 index 0000000..ff00e63 --- /dev/null +++ b/qtbase-everywhere-src-5.12.1-qt5gui_cmake_isystem_includes.patch @@ -0,0 +1,14 @@ +diff -up qtbase-everywhere-src-5.12.1/src/gui/Qt5GuiConfigExtras.cmake.in.foo qtbase-everywhere-src-5.12.1/src/gui/Qt5GuiConfigExtras.cmake.in +--- qtbase-everywhere-src-5.12.1/src/gui/Qt5GuiConfigExtras.cmake.in.foo 2019-04-30 15:18:24.886346423 -0500 ++++ qtbase-everywhere-src-5.12.1/src/gui/Qt5GuiConfigExtras.cmake.in 2019-04-30 15:19:48.303873296 -0500 +@@ -66,8 +66,10 @@ unset(_GL_INCDIRS) + # Don\'t check for existence of the "_qt5gui_OPENGL_INCLUDE_DIR" because it is + # optional. + ++if (NOT ${_qt5gui_OPENGL_INCLUDE_DIR} STREQUAL "/usr/include") + list(APPEND Qt5Gui_INCLUDE_DIRS ${_qt5gui_OPENGL_INCLUDE_DIR}) + set_property(TARGET Qt5::Gui APPEND PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${_qt5gui_OPENGL_INCLUDE_DIR}) ++endif() + + unset(_qt5gui_OPENGL_INCLUDE_DIR CACHE) + diff --git a/qtbase-everywhere-src-5.14.2-no_relocatable.patch b/qtbase-everywhere-src-5.14.2-no_relocatable.patch new file mode 100644 index 0000000..56b9db8 --- /dev/null +++ b/qtbase-everywhere-src-5.14.2-no_relocatable.patch @@ -0,0 +1,16 @@ +diff -up qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp.no_relocatable qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp +--- qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp.no_relocatable 2020-03-27 04:49:31.000000000 -0500 ++++ qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp 2020-04-13 15:13:44.075705226 -0500 +@@ -671,8 +671,11 @@ static QString getPrefix( + # if QT_CONFIGURE_CROSSBUILD + if (group == QLibraryInfo::DevicePaths) + return QString::fromLocal8Bit(QT_CONFIGURE_PREFIX_PATH); +-# endif ++# elif 0 //QT_CONFIG(relocatable) + return getExtPrefixFromHostBinDir(); ++# else ++ return QString::fromLocal8Bit(QT_CONFIGURE_PREFIX_PATH); ++# endif + #elif QT_CONFIG(relocatable) + return getRelocatablePrefix(); + #else diff --git a/qtbase-everywhere-src-5.15.2.tar.xz b/qtbase-everywhere-src-5.15.2.tar.xz new file mode 100644 index 0000000..ce7477b Binary files /dev/null and b/qtbase-everywhere-src-5.15.2.tar.xz differ diff --git a/qtbase-opensource-src-5.7.1-moc_macros.patch b/qtbase-opensource-src-5.7.1-moc_macros.patch new file mode 100644 index 0000000..75dc9ff --- /dev/null +++ b/qtbase-opensource-src-5.7.1-moc_macros.patch @@ -0,0 +1,15 @@ +diff -up qtbase-opensource-src-5.7.1/src/tools/moc/main.cpp.moc_WORDSIZE qtbase-opensource-src-5.7.1/src/tools/moc/main.cpp +--- qtbase-opensource-src-5.7.1/src/tools/moc/main.cpp.moc_WORDSIZE 2016-12-01 02:17:04.000000000 -0600 ++++ qtbase-opensource-src-5.7.1/src/tools/moc/main.cpp 2016-12-08 12:37:28.931589338 -0600 +@@ -179,6 +179,11 @@ int runMoc(int argc, char **argv) + Moc moc; + pp.macros["Q_MOC_RUN"]; + pp.macros["__cplusplus"]; ++ pp.macros["_SYS_SYSMACROS_H_OUTER"]; ++ Macro macro; ++ macro.symbols = Preprocessor::tokenize(QByteArray::number(Q_PROCESSOR_WORDSIZE*8), 1, Preprocessor::TokenizeDefine); ++ macro.symbols.removeLast(); // remove the EOF symbol ++ pp.macros.insert("__WORDSIZE", macro); + + // Don't stumble over GCC extensions + Macro dummyVariadicFunctionMacro; diff --git a/qtbase-opensource-src-5.8.0-QT_VERSION_CHECK.patch b/qtbase-opensource-src-5.8.0-QT_VERSION_CHECK.patch new file mode 100644 index 0000000..d94caf4 --- /dev/null +++ b/qtbase-opensource-src-5.8.0-QT_VERSION_CHECK.patch @@ -0,0 +1,11 @@ +--- qtbase-opensource-src-5.8.0/src/corelib/global/qglobal.h.orig 2017-01-26 10:45:40.905010896 +0100 ++++ qtbase-opensource-src-5.8.0/src/corelib/global/qglobal.h 2017-01-26 10:46:50.299858887 +0100 +@@ -55,7 +55,7 @@ + /* + can be used like #if (QT_VERSION >= QT_VERSION_CHECK(4, 4, 0)) + */ +-#define QT_VERSION_CHECK(major, minor, patch) ((major<<16)|(minor<<8)|(patch)) ++#define QT_VERSION_CHECK(qt_version_check_major, qt_version_check_minor, qt_version_check_patch) ((qt_version_check_major<<16)|(qt_version_check_minor<<8)|(qt_version_check_patch)) + + #ifdef QT_BOOTSTRAPPED + #include diff --git a/qtbase-opensource-src-5.9.0-mysql.patch b/qtbase-opensource-src-5.9.0-mysql.patch new file mode 100644 index 0000000..c190ca6 --- /dev/null +++ b/qtbase-opensource-src-5.9.0-mysql.patch @@ -0,0 +1,12 @@ +diff -up qtbase-opensource-src-5.9.0/src/plugins/sqldrivers/mysql/qsql_mysql.cpp.than qtbase-opensource-src-5.9.0/src/plugins/sqldrivers/mysql/qsql_mysql.cpp +diff -up qtbase-opensource-src-5.9.0/src/plugins/sqldrivers/mysql/qsql_mysql_p.h.than qtbase-opensource-src-5.9.0/src/plugins/sqldrivers/mysql/qsql_mysql_p.h +--- qtbase-opensource-src-5.9.0/src/plugins/sqldrivers/mysql/qsql_mysql_p.h.than 2017-07-14 13:43:50.831203768 +0200 ++++ qtbase-opensource-src-5.9.0/src/plugins/sqldrivers/mysql/qsql_mysql_p.h 2017-07-14 13:44:24.364948006 +0200 +@@ -58,6 +58,7 @@ + #endif + + #include ++#include + + #ifdef QT_PLUGIN + #define Q_EXPORT_SQLDRIVER_MYSQL diff --git a/qtbase-qmake_LFLAGS.patch b/qtbase-qmake_LFLAGS.patch new file mode 100644 index 0000000..fbb37dd --- /dev/null +++ b/qtbase-qmake_LFLAGS.patch @@ -0,0 +1,12 @@ +diff -up qtbase-everywhere-src-5.10.1/qmake/Makefile.unix.qmake_LFLAGS qtbase-everywhere-src-5.10.1/qmake/Makefile.unix +--- qtbase-everywhere-src-5.10.1/qmake/Makefile.unix.qmake_LFLAGS 2018-02-08 12:24:48.000000000 -0600 ++++ qtbase-everywhere-src-5.10.1/qmake/Makefile.unix 2018-02-15 10:25:07.077763061 -0600 +@@ -142,7 +142,7 @@ CPPFLAGS = -g $(EXTRA_CPPFLAGS) \ + -DQT_NO_FOREACH + + CXXFLAGS = $(EXTRA_CXXFLAGS) $(CONFIG_CXXFLAGS) $(CPPFLAGS) +-LFLAGS = $(EXTRA_LFLAGS) $(CONFIG_LFLAGS) ++LFLAGS = $(EXTRA_LFLAGS) $(CONFIG_LFLAGS) $(QMAKE_LFLAGS_RELEASE) + + first all: $(BUILD_PATH)/bin/qmake$(EXEEXT) + qmake: $(BUILD_PATH)/bin/qmake$(EXEEXT) diff --git a/qtbase-use-wayland-on-gnome.patch b/qtbase-use-wayland-on-gnome.patch new file mode 100644 index 0000000..526963c --- /dev/null +++ b/qtbase-use-wayland-on-gnome.patch @@ -0,0 +1,20 @@ +diff --git a/src/gui/kernel/qguiapplication.cpp b/src/gui/kernel/qguiapplication.cpp +index b8bfad4f16..676fdfad5e 100644 +--- a/src/gui/kernel/qguiapplication.cpp ++++ b/src/gui/kernel/qguiapplication.cpp +@@ -1376,14 +1376,7 @@ void QGuiApplicationPrivate::createPlatformIntegration() + if (sessionType == QByteArrayLiteral("x11") && !platformName.contains(QByteArrayLiteral("xcb"))) { + platformName = QByteArrayLiteral("xcb"); + } else if (sessionType == QByteArrayLiteral("wayland") && !platformName.contains(QByteArrayLiteral("wayland"))) { +- QByteArray currentDesktop = qgetenv("XDG_CURRENT_DESKTOP").toLower(); +- QByteArray sessionDesktop = qgetenv("XDG_SESSION_DESKTOP").toLower(); +- if (currentDesktop.contains("gnome") || sessionDesktop.contains("gnome")) { +- qInfo() << "Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome." +- << "Use QT_QPA_PLATFORM=wayland to run on Wayland anyway."; +- } else { +- platformName = QByteArrayLiteral("wayland"); +- } ++ platformName = QByteArrayLiteral("wayland"); + } + } + #ifdef QT_QPA_DEFAULT_PLATFORM_NAME diff --git a/qtbase5.15-CVE-2023-34410.patch b/qtbase5.15-CVE-2023-34410.patch new file mode 100644 index 0000000..dd46bac --- /dev/null +++ b/qtbase5.15-CVE-2023-34410.patch @@ -0,0 +1,26 @@ +diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp +index fbeb9de1..6d1cdd1d 100644 +--- a/src/network/ssl/qsslsocket.cpp ++++ b/src/network/ssl/qsslsocket.cpp +@@ -2221,6 +2221,10 @@ QSslSocketPrivate::QSslSocketPrivate() + , flushTriggered(false) + { + QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration); ++ // If the global configuration doesn't allow root certificates to be loaded ++ // on demand then we have to disable it for this socket as well. ++ if (!configuration.allowRootCertOnDemandLoading) ++ allowRootCertOnDemandLoading = false; + } + + /*! +@@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri + ptr->sessionProtocol = global->sessionProtocol; + ptr->ciphers = global->ciphers; + ptr->caCertificates = global->caCertificates; ++ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading; + ptr->protocol = global->protocol; + ptr->peerVerifyMode = global->peerVerifyMode; + ptr->peerVerifyDepth = global->peerVerifyDepth; +-- +2.27.0 + diff --git a/qtbase5.15-CVE-2023-51714.patch b/qtbase5.15-CVE-2023-51714.patch new file mode 100644 index 0000000..142dfc2 --- /dev/null +++ b/qtbase5.15-CVE-2023-51714.patch @@ -0,0 +1,37 @@ +From 061cbe5796a9ff1e998bd5753bb5b44e4481df11 Mon Sep 17 00:00:00 2001 +From: peijiankang +Date: Wed, 31 Jan 2024 13:38:10 +0800 +Subject: [PATCH] qtbase5.15-CVE-2023-51714 + +--- + src/network/access/http2/hpacktable.cpp | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp +index fddb5fec..315f3e23 100644 +--- a/src/network/access/http2/hpacktable.cpp ++++ b/src/network/access/http2/hpacktable.cpp +@@ -40,6 +40,7 @@ + #include "hpacktable_p.h" + + #include ++#include + + #include + #include +@@ -62,8 +63,10 @@ HeaderSize entry_size(const QByteArray &name, const QByteArray &value) + // for counting the number of references to the name and value would have + // 32 octets of overhead." + +- const unsigned sum = unsigned(name.size() + value.size()); +- if (std::numeric_limits::max() - 32 < sum) ++ size_t sum; ++ if (add_overflow(size_t(name.size()), size_t(value.size()), &sum)) ++ return HeaderSize(); ++ if (sum > (std::numeric_limits::max() - 32)) + return HeaderSize(); + return HeaderSize(true, quint32(sum + 32)); + } +-- +2.41.0 + diff --git a/qtbase5.15.2-CVE-2023-38197.patch b/qtbase5.15.2-CVE-2023-38197.patch new file mode 100644 index 0000000..e52283e --- /dev/null +++ b/qtbase5.15.2-CVE-2023-38197.patch @@ -0,0 +1,374 @@ +From 4fb3cf1ad0efe261a7a6fb0b36224baccc407143 Mon Sep 17 00:00:00 2001 +From: hua_yadong +Date: Fri, 24 Nov 2023 14:23:58 +0800 +Subject: [PATCH] qtbase5.15.2-CVE-2023-38197 + +--- + src/corelib/serialization/qxmlstream.cpp | 140 +++++++++++++++++- + src/corelib/serialization/qxmlstream_p.h | 11 ++ + .../qxmlstream/tokenError/dtdInBody.xml | 21 +++ + .../qxmlstream/tokenError/multipleDtd.xml | 21 +++ + .../qxmlstream/tokenError/wellFormed.xml | 16 ++ + .../qxmlstream/tst_qxmlstream.cpp | 39 +++++ + 6 files changed, 240 insertions(+), 8 deletions(-) + create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml + create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml + create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml + +diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp +index 6c98e7c0..3172239e 100644 +--- a/src/corelib/serialization/qxmlstream.cpp ++++ b/src/corelib/serialization/qxmlstream.cpp +@@ -43,6 +43,7 @@ + + #include "qxmlutils_p.h" + #include ++#include + #include + #include + #if QT_CONFIG(textcodec) +@@ -160,7 +161,7 @@ enum { StreamEOF = ~0U }; + addData() or by waiting for it to arrive on the device(). + + \value UnexpectedElementError The parser encountered an element +- that was different to those it expected. ++ or token that was different to those it expected. + + */ + +@@ -295,13 +296,34 @@ QXmlStreamEntityResolver *QXmlStreamReader::entityResolver() const + + QXmlStreamReader is a well-formed XML 1.0 parser that does \e not + include external parsed entities. As long as no error occurs, the +- application code can thus be assured that the data provided by the +- stream reader satisfies the W3C's criteria for well-formed XML. For +- example, you can be certain that all tags are indeed nested and +- closed properly, that references to internal entities have been +- replaced with the correct replacement text, and that attributes have +- been normalized or added according to the internal subset of the +- DTD. ++ application code can thus be assured, that ++ \list ++ \li the data provided by the stream reader satisfies the W3C's ++ criteria for well-formed XML, ++ \li tokens are provided in a valid order. ++ \endlist ++ ++ Unless QXmlStreamReader raises an error, it guarantees the following: ++ \list ++ \li All tags are nested and closed properly. ++ \li References to internal entities have been replaced with the ++ correct replacement text. ++ \li Attributes have been normalized or added according to the ++ internal subset of the \l DTD. ++ \li Tokens of type \l StartDocument happen before all others, ++ aside from comments and processing instructions. ++ \li At most one DOCTYPE element (a token of type \l DTD) is present. ++ \li If present, the DOCTYPE appears before all other elements, ++ aside from StartDocument, comments and processing instructions. ++ \endlist ++ ++ In particular, once any token of type \l StartElement, \l EndElement, ++ \l Characters, \l EntityReference or \l EndDocument is seen, no ++ tokens of type StartDocument or DTD will be seen. If one is present in ++ the input stream, out of order, an error is raised. ++ ++ \note The token types \l Comment and \l ProcessingInstruction may appear ++ anywhere in the stream. + + If an error occurs while parsing, atEnd() and hasError() return + true, and error() returns the error that occurred. The functions +@@ -620,6 +642,7 @@ QXmlStreamReader::TokenType QXmlStreamReader::readNext() + d->token = -1; + return readNext(); + } ++ d->checkToken(); + return d->type; + } + +@@ -739,6 +762,10 @@ static const short QXmlStreamReader_tokenTypeString_indices[] = { + 0, 8, 16, 30, 42, 55, 66, 77, 85, 89, 105, 0 + }; + ++static constexpr auto QXmlStreamReader_XmlContextString = qOffsetStringArray( ++ "Prolog", ++ "Body" ++); + + /*! + \property QXmlStreamReader::namespaceProcessing +@@ -775,6 +802,15 @@ QString QXmlStreamReader::tokenString() const + QXmlStreamReader_tokenTypeString_indices[d->type]); + } + ++/*! ++ \internal ++ \return \param loc (Prolog/Body) as a string. ++ */ ++static constexpr QLatin1String contextString(QXmlStreamReaderPrivate::XmlContext ctxt) ++{ ++ return QLatin1String(QXmlStreamReader_XmlContextString.at(static_cast(ctxt))); ++} ++ + #endif // QT_NO_XMLSTREAMREADER + + QXmlStreamPrivateTagStack::QXmlStreamPrivateTagStack() +@@ -866,6 +902,8 @@ void QXmlStreamReaderPrivate::init() + + type = QXmlStreamReader::NoToken; + error = QXmlStreamReader::NoError; ++ currentContext = XmlContext::Prolog; ++ foundDTD = false; + } + + /* +@@ -4061,6 +4099,92 @@ void QXmlStreamWriter::writeCurrentToken(const QXmlStreamReader &reader) + } + } + ++static bool isTokenAllowedInContext(QXmlStreamReader::TokenType type, ++ QXmlStreamReaderPrivate::XmlContext loc) ++{ ++ switch (type) { ++ case QXmlStreamReader::StartDocument: ++ case QXmlStreamReader::DTD: ++ return loc == QXmlStreamReaderPrivate::XmlContext::Prolog; ++ ++ case QXmlStreamReader::StartElement: ++ case QXmlStreamReader::EndElement: ++ case QXmlStreamReader::Characters: ++ case QXmlStreamReader::EntityReference: ++ case QXmlStreamReader::EndDocument: ++ return loc == QXmlStreamReaderPrivate::XmlContext::Body; ++ ++ case QXmlStreamReader::Comment: ++ case QXmlStreamReader::ProcessingInstruction: ++ return true; ++ ++ case QXmlStreamReader::NoToken: ++ case QXmlStreamReader::Invalid: ++ return false; ++ } ++ ++ return false; ++} ++ ++/*! ++ \internal ++ \brief QXmlStreamReader::isValidToken ++ \return \c true if \param type is a valid token type. ++ \return \c false if \param type is an unexpected token, ++ which indicates a non-well-formed or invalid XML stream. ++ */ ++bool QXmlStreamReaderPrivate::isValidToken(QXmlStreamReader::TokenType type) ++{ ++ // Don't change currentContext, if Invalid or NoToken occur in the prolog ++ if (type == QXmlStreamReader::Invalid || type == QXmlStreamReader::NoToken) ++ return false; ++ ++ // If a token type gets rejected in the body, there is no recovery ++ const bool result = isTokenAllowedInContext(type, currentContext); ++ if (result || currentContext == XmlContext::Body) ++ return result; ++ ++ // First non-Prolog token observed => switch context to body and check again. ++ currentContext = XmlContext::Body; ++ return isTokenAllowedInContext(type, currentContext); ++} ++ ++/*! ++ \internal ++ Checks token type and raises an error, if it is invalid ++ in the current context (prolog/body). ++ */ ++void QXmlStreamReaderPrivate::checkToken() ++{ ++ Q_Q(QXmlStreamReader); ++ ++ // The token type must be consumed, to keep track if the body has been reached. ++ const XmlContext context = currentContext; ++ const bool ok = isValidToken(type); ++ ++ // Do nothing if an error has been raised already (going along with an unexpected token) ++ if (error != QXmlStreamReader::Error::NoError) ++ return; ++ ++ if (!ok) { ++ raiseError(QXmlStreamReader::UnexpectedElementError, ++ QStringLiteral("Unexpected token type %1 in %2.") ++ .arg(q->tokenString(), contextString(context))); ++ return; ++ } ++ ++ if (type != QXmlStreamReader::DTD) ++ return; ++ ++ // Raise error on multiple DTD tokens ++ if (foundDTD) { ++ raiseError(QXmlStreamReader::UnexpectedElementError, ++ QStringLiteral("Found second DTD token in %1.").arg(contextString(context))); ++ } else { ++ foundDTD = true; ++ } ++} ++ + /*! + \fn bool QXmlStreamAttributes::hasAttribute(const QString &qualifiedName) const + \since 4.5 +diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h +index 80e7f740..6db58386 100644 +--- a/src/corelib/serialization/qxmlstream_p.h ++++ b/src/corelib/serialization/qxmlstream_p.h +@@ -804,6 +804,17 @@ public: + #endif + bool atEnd; + ++ enum class XmlContext ++ { ++ Prolog, ++ Body, ++ }; ++ ++ XmlContext currentContext = XmlContext::Prolog; ++ bool foundDTD = false; ++ bool isValidToken(QXmlStreamReader::TokenType type); ++ void checkToken(); ++ + /*! + \sa setType() + */ +diff --git a/tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml b/tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml +new file mode 100644 +index 00000000..68ef2962 +--- /dev/null ++++ b/tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml +@@ -0,0 +1,21 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++]> ++ ++ ++ tst_QXmlStream ++ ++ ++ ++ ++ ]> ++ ++ +diff --git a/tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml b/tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml +new file mode 100644 +index 00000000..1dbe75c4 +--- /dev/null ++++ b/tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml +@@ -0,0 +1,21 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++]> ++ ++ ++ ++]> ++ ++ ++ tst_QXmlStream ++ ++ ++ +diff --git a/tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml b/tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml +new file mode 100644 +index 00000000..9dfbc0f9 +--- /dev/null ++++ b/tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml +@@ -0,0 +1,16 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++]> ++ ++ ++ tst_QXmlStream ++ ++ ++ +diff --git a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp +index 28922574..abbdc9fc 100644 +--- a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp ++++ b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp +@@ -583,6 +583,9 @@ private slots: + + void entityExpansionLimit() const; + ++ void tokenErrorHandling_data() const; ++ void tokenErrorHandling() const; ++ + private: + static QByteArray readFile(const QString &filename); + +@@ -1812,5 +1815,41 @@ void tst_QXmlStream::roundTrip() const + QCOMPARE(out, in); + } + ++void tst_QXmlStream::tokenErrorHandling_data() const ++{ ++ QTest::addColumn("fileName"); ++ QTest::addColumn("expectedError"); ++ QTest::addColumn("errorKeyWord"); ++ ++ constexpr auto invalid = QXmlStreamReader::Error::UnexpectedElementError; ++ constexpr auto valid = QXmlStreamReader::Error::NoError; ++ QTest::newRow("DtdInBody") << "dtdInBody.xml" << invalid << "DTD"; ++ QTest::newRow("multipleDTD") << "multipleDtd.xml" << invalid << "second DTD"; ++ QTest::newRow("wellFormed") << "wellFormed.xml" << valid << ""; ++} ++ ++void tst_QXmlStream::tokenErrorHandling() const ++{ ++ QFETCH(const QString, fileName); ++ QFETCH(const QXmlStreamReader::Error, expectedError); ++ QFETCH(const QString, errorKeyWord); ++ ++ const QDir dir(QFINDTESTDATA("tokenError")); ++ QFile file(dir.absoluteFilePath(fileName)); ++ ++ // Cross-compiling: File will be on host only ++ if (!file.exists()) ++ QSKIP("Testfile not found."); ++ ++ file.open(QIODevice::ReadOnly); ++ QXmlStreamReader reader(&file); ++ while (!reader.atEnd()) ++ reader.readNext(); ++ ++ QCOMPARE(reader.error(), expectedError); ++ if (expectedError != QXmlStreamReader::Error::NoError) ++ QVERIFY(reader.errorString().contains(errorKeyWord)); ++} ++ + #include "tst_qxmlstream.moc" + // vim: et:ts=4:sw=4:sts=4 +-- +2.41.0 + diff --git a/qtbase5.15.2-CVE-2023-43114.patch b/qtbase5.15.2-CVE-2023-43114.patch new file mode 100644 index 0000000..b03f731 --- /dev/null +++ b/qtbase5.15.2-CVE-2023-43114.patch @@ -0,0 +1,129 @@ +From 2cfb68acb1a3f6d9e5dcc14ec210f46208daa21b Mon Sep 17 00:00:00 2001 +From: hua_yadong +Date: Sat, 25 Nov 2023 11:22:22 +0800 +Subject: [PATCH] qtbase5.15.2-CVE-2023-43114 + +--- + .../windows/qwindowsfontdatabase.cpp | 67 ++++++++++++++----- + 1 file changed, 51 insertions(+), 16 deletions(-) + +diff --git a/src/platformsupport/fontdatabases/windows/qwindowsfontdatabase.cpp b/src/platformsupport/fontdatabases/windows/qwindowsfontdatabase.cpp +index a7345a13..8e7176b6 100644 +--- a/src/platformsupport/fontdatabases/windows/qwindowsfontdatabase.cpp ++++ b/src/platformsupport/fontdatabases/windows/qwindowsfontdatabase.cpp +@@ -1469,36 +1469,70 @@ QT_WARNING_POP + return fontEngine; + } + +-static QList getTrueTypeFontOffsets(const uchar *fontData) ++static QList getTrueTypeFontOffsets(const uchar *fontData, const uchar *fileEndSentinel) + { + QList offsets; +- const quint32 headerTag = *reinterpret_cast(fontData); ++ if (fileEndSentinel - fontData < 12) { ++ qCWarning(lcQpaFonts) << "Corrupted font data detected"; ++ return offsets; ++ } ++ ++ const quint32 headerTag = qFromUnaligned(fontData); + if (headerTag != MAKE_TAG('t', 't', 'c', 'f')) { + if (headerTag != MAKE_TAG(0, 1, 0, 0) + && headerTag != MAKE_TAG('O', 'T', 'T', 'O') + && headerTag != MAKE_TAG('t', 'r', 'u', 'e') +- && headerTag != MAKE_TAG('t', 'y', 'p', '1')) ++ && headerTag != MAKE_TAG('t', 'y', 'p', '1')) { + return offsets; ++ } + offsets << 0; + return offsets; + } ++ ++ const quint32 maximumNumFonts = 0xffff; + const quint32 numFonts = qFromBigEndian(fontData + 8); +- for (uint i = 0; i < numFonts; ++i) { +- offsets << qFromBigEndian(fontData + 12 + i * 4); ++ if (numFonts > maximumNumFonts) { ++ qCWarning(lcQpaFonts) << "Font collection of" << numFonts << "fonts is too large. Aborting."; ++ return offsets; + } ++ ++ if (quintptr(fileEndSentinel - fontData) > 12 + (numFonts - 1) * 4) { ++ for (quint32 i = 0; i < numFonts; ++i) ++ offsets << qFromBigEndian(fontData + 12 + i * 4); ++ } else { ++ qCWarning(lcQpaFonts) << "Corrupted font data detected"; ++ } ++ + return offsets; + } + +-static void getFontTable(const uchar *fileBegin, const uchar *data, quint32 tag, const uchar **table, quint32 *length) ++static void getFontTable(const uchar *fileBegin, const uchar *fileEndSentinel, const uchar *data, quint32 tag, const uchar **table, quint32 *length) + { +- const quint16 numTables = qFromBigEndian(data + 4); +- for (uint i = 0; i < numTables; ++i) { +- const quint32 offset = 12 + 16 * i; +- if (*reinterpret_cast(data + offset) == tag) { +- *table = fileBegin + qFromBigEndian(data + offset + 8); +- *length = qFromBigEndian(data + offset + 12); +- return; ++ if (fileEndSentinel - data >= 6) { ++ const quint16 numTables = qFromBigEndian(data + 4); ++ if (fileEndSentinel - data >= 28 + 16 * (numTables - 1)) { ++ for (quint32 i = 0; i < numTables; ++i) { ++ const quint32 offset = 12 + 16 * i; ++ if (qFromUnaligned(data + offset) == tag) { ++ const quint32 tableOffset = qFromBigEndian(data + offset + 8); ++ if (quintptr(fileEndSentinel - fileBegin) <= tableOffset) { ++ qCWarning(lcQpaFonts) << "Corrupted font data detected"; ++ break; ++ } ++ *table = fileBegin + tableOffset; ++ *length = qFromBigEndian(data + offset + 12); ++ if (quintptr(fileEndSentinel - *table) < *length) { ++ qCWarning(lcQpaFonts) << "Corrupted font data detected"; ++ break; ++ } ++ return; ++ } ++ } ++ } else { ++ qCWarning(lcQpaFonts) << "Corrupted font data detected"; + } ++ } else { ++ qCWarning(lcQpaFonts) << "Corrupted font data detected"; + } + *table = 0; + *length = 0; +@@ -1511,8 +1545,9 @@ static void getFamiliesAndSignatures(const QByteArray &fontData, + QVector *values) + { + const uchar *data = reinterpret_cast(fontData.constData()); ++ const uchar *dataEndSentinel = data + fontData.size(); + +- QList offsets = getTrueTypeFontOffsets(data); ++ QList offsets = getTrueTypeFontOffsets(data, dataEndSentinel); + if (offsets.isEmpty()) + return; + +@@ -1520,7 +1555,7 @@ static void getFamiliesAndSignatures(const QByteArray &fontData, + const uchar *font = data + offsets.at(i); + const uchar *table; + quint32 length; +- getFontTable(data, font, MAKE_TAG('n', 'a', 'm', 'e'), &table, &length); ++ getFontTable(data, dataEndSentinel, font, MAKE_TAG('n', 'a', 'm', 'e'), &table, &length); + if (!table) + continue; + QFontNames names = qt_getCanonicalFontNames(table, length); +@@ -1530,7 +1565,7 @@ static void getFamiliesAndSignatures(const QByteArray &fontData, + families->append(std::move(names)); + + if (values || signatures) +- getFontTable(data, font, MAKE_TAG('O', 'S', '/', '2'), &table, &length); ++ getFontTable(data, dataEndSentinel, font, MAKE_TAG('O', 'S', '/', '2'), &table, &length); + + if (values) { + QFontValues fontValues; +-- +2.41.0 + diff --git a/qtlogging.ini b/qtlogging.ini new file mode 100644 index 0000000..ead33b6 --- /dev/null +++ b/qtlogging.ini @@ -0,0 +1,3 @@ +[Rules] +*.debug=false +qt.qpa.xcb.xcberror.warning=false diff --git a/tell-the-truth-about-private-api.patch b/tell-the-truth-about-private-api.patch new file mode 100644 index 0000000..2dbced4 --- /dev/null +++ b/tell-the-truth-about-private-api.patch @@ -0,0 +1,16 @@ +diff --git a/mkspecs/features/qt_module.prf b/mkspecs/features/qt_module.prf +index e6a0d97..cf93041 100644 +--- a/mkspecs/features/qt_module.prf ++++ b/mkspecs/features/qt_module.prf +@@ -216,9 +216,9 @@ android: CONFIG += qt_android_deps no_linker_version_script + QMAKE_LFLAGS += $${QMAKE_LFLAGS_VERSION_SCRIPT}$$verscript + + internal_module { +- verscript_content = "Qt_$${QT_MAJOR_VERSION}_PRIVATE_API { *; };" ++ verscript_content = "Qt_$${QT_MAJOR_VERSION}.$${QT_MINOR_VERSION}.$${QT_PATCH_VERSION}_PRIVATE_API { *; };" + } else { +- verscript_content = "Qt_$${QT_MAJOR_VERSION}_PRIVATE_API {" \ ++ verscript_content = "Qt_$${QT_MAJOR_VERSION}.$${QT_MINOR_VERSION}.$${QT_PATCH_VERSION}_PRIVATE_API {" \ + " qt_private_api_tag*;" + + private_api_headers = $$SYNCQT.PRIVATE_HEADER_FILES $$SYNCQT.QPA_HEADER_FILES