From 0424a8b5b03bedf8d44c5e16f564c6bc66ea0272 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Sat, 4 Apr 2020 16:36:32 -0500 Subject: [PATCH 1/5] 5.14.2 --- 0001-Do-not-load-plugin-from-the-PWD.patch | 33 ------- ...-not-attempt-to-load-a-library-relat.patch | 21 ---- ...-QPSQL-Add-support-for-PostgreSQL-12.patch | 98 ------------------- fbf3488.diff | 53 ---------- qt5-qtbase.spec | 30 ++---- qtbase-opensource-src-5.3.2-QTBUG-35459.patch | 13 --- sources | 1 - 7 files changed, 8 insertions(+), 241 deletions(-) delete mode 100644 0001-Do-not-load-plugin-from-the-PWD.patch delete mode 100644 0001-QLibrary-Unix-do-not-attempt-to-load-a-library-relat.patch delete mode 100644 0001-QPSQL-Add-support-for-PostgreSQL-12.patch delete mode 100644 fbf3488.diff delete mode 100644 qtbase-opensource-src-5.3.2-QTBUG-35459.patch diff --git a/0001-Do-not-load-plugin-from-the-PWD.patch b/0001-Do-not-load-plugin-from-the-PWD.patch deleted file mode 100644 index 3533d5a..0000000 --- a/0001-Do-not-load-plugin-from-the-PWD.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 2e02b383e03c30f53ff613e431e8fe1d063d5502 Mon Sep 17 00:00:00 2001 -From: Olivier Goffart -Date: Fri, 8 Nov 2019 11:30:40 +0100 -Subject: [PATCH] Do not load plugin from the $PWD - -I see no reason why this would make sense to look for plugins in the current -directory. And when there are plugins there, it may actually be wrong - -Change-Id: I5f5aa168021fedddafce90effde0d5762cd0c4c5 -Reviewed-by: Thiago Macieira -(cherry picked from commit bf131e8d2181b3404f5293546ed390999f760404) -Reviewed-by: Volker Hilsheimer -(cherry picked from commit 52b739776daecf80a8276b49c9e4337e018d8e8b) -Reviewed-by: Olivier Goffart (Woboq GmbH) ---- - src/corelib/plugin/qpluginloader.cpp | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/corelib/plugin/qpluginloader.cpp b/src/corelib/plugin/qpluginloader.cpp -index aab00cc7eb..15b8654391 100644 ---- a/src/corelib/plugin/qpluginloader.cpp -+++ b/src/corelib/plugin/qpluginloader.cpp -@@ -304,7 +304,6 @@ static QString locatePlugin(const QString& fileName) - paths.append(fileName.left(slash)); // don't include the '/' - } else { - paths = QCoreApplication::libraryPaths(); -- paths.prepend(QStringLiteral(".")); // search in current dir first - } - - for (const QString &path : qAsConst(paths)) { --- -2.24.1 - diff --git a/0001-QLibrary-Unix-do-not-attempt-to-load-a-library-relat.patch b/0001-QLibrary-Unix-do-not-attempt-to-load-a-library-relat.patch deleted file mode 100644 index 541f038..0000000 --- a/0001-QLibrary-Unix-do-not-attempt-to-load-a-library-relat.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up qtbase-everywhere-src-5.13.2/src/corelib/plugin/qlibrary_unix.cpp.QLibrary-Unix-do-not-attempt-to-load-a-library-relat qtbase-everywhere-src-5.13.2/src/corelib/plugin/qlibrary_unix.cpp ---- qtbase-everywhere-src-5.13.2/src/corelib/plugin/qlibrary_unix.cpp.QLibrary-Unix-do-not-attempt-to-load-a-library-relat 2019-10-25 09:16:48.000000000 +0200 -+++ qtbase-everywhere-src-5.13.2/src/corelib/plugin/qlibrary_unix.cpp 2020-01-20 10:49:23.619299927 +0100 -@@ -1,7 +1,7 @@ - /**************************************************************************** - ** - ** Copyright (C) 2016 The Qt Company Ltd. --** Copyright (C) 2018 Intel Corporation -+** Copyright (C) 2020 Intel Corporation - ** Contact: https://www.qt.io/licensing/ - ** - ** This file is part of the QtCore module of the Qt Toolkit. -@@ -208,6 +208,8 @@ bool QLibraryPrivate::load_sys() - for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) { - if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix))) - continue; -+ if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/'))) -+ continue; - if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix))) - continue; - if (loadHints & QLibrary::LoadArchiveMemberHint) { diff --git a/0001-QPSQL-Add-support-for-PostgreSQL-12.patch b/0001-QPSQL-Add-support-for-PostgreSQL-12.patch deleted file mode 100644 index aea385f..0000000 --- a/0001-QPSQL-Add-support-for-PostgreSQL-12.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 14b61d48e8bad6223a08843cf363ef48f09c479b Mon Sep 17 00:00:00 2001 -From: Christian Ehrlicher -Date: Fri, 11 Oct 2019 20:53:49 +0200 -Subject: QPSQL: Add support for PostgreSQL 12 - -Add proper version check and replace long deprecated and now removed -access to pg_attrdef.adsrc. - -[ChangeLog][QtSql][QPSQL] added support for PostgreSQL 12 - -Fixes: QTBUG-79033 -Fixes: QTBUG-79064 -Change-Id: Iec1b13945c34ea017139ad1c5539ab5b7f1e03aa -Reviewed-by: Edward Welbourne ---- - src/plugins/sqldrivers/psql/qsql_psql.cpp | 43 +++++++++++++++++-------------- - src/plugins/sqldrivers/psql/qsql_psql_p.h | 1 + - 2 files changed, 25 insertions(+), 19 deletions(-) - -diff --git a/src/plugins/sqldrivers/psql/qsql_psql.cpp b/src/plugins/sqldrivers/psql/qsql_psql.cpp -index 3803f05b9f..760685f64b 100644 ---- a/src/plugins/sqldrivers/psql/qsql_psql.cpp -+++ b/src/plugins/sqldrivers/psql/qsql_psql.cpp -@@ -1078,8 +1078,10 @@ static QPSQLDriver::Protocol qMakePSQLVersion(int vMaj, int vMin) - return QPSQLDriver::Version10; - case 11: - return QPSQLDriver::Version11; -+ case 12: -+ return QPSQLDriver::Version12; - default: -- if (vMaj > 11) -+ if (vMaj > 12) - return QPSQLDriver::UnknownLaterVersion; - break; - } -@@ -1439,26 +1441,29 @@ QSqlRecord QPSQLDriver::record(const QString &tablename) const - schema = stripDelimiters(schema, QSqlDriver::TableName); - tbl = stripDelimiters(tbl, QSqlDriver::TableName); - -- QString stmt = QStringLiteral("SELECT pg_attribute.attname, pg_attribute.atttypid::int, " -- "pg_attribute.attnotnull, pg_attribute.attlen, pg_attribute.atttypmod, " -- "pg_attrdef.adsrc " -- "FROM pg_class, pg_attribute " -- "LEFT JOIN pg_attrdef ON (pg_attrdef.adrelid = " -- "pg_attribute.attrelid AND pg_attrdef.adnum = pg_attribute.attnum) " -- "WHERE %1 " -- "AND pg_class.relname = '%2' " -- "AND pg_attribute.attnum > 0 " -- "AND pg_attribute.attrelid = pg_class.oid " -- "AND pg_attribute.attisdropped = false " -- "ORDER BY pg_attribute.attnum"); -- if (schema.isEmpty()) -- stmt = stmt.arg(QStringLiteral("pg_table_is_visible(pg_class.oid)")); -- else -- stmt = stmt.arg(QStringLiteral("pg_class.relnamespace = (SELECT oid FROM " -- "pg_namespace WHERE pg_namespace.nspname = '%1')").arg(schema)); -+ const QString adsrc = protocol() < Version8 -+ ? QStringLiteral("pg_attrdef.adsrc") -+ : QStringLiteral("pg_get_expr(pg_attrdef.adbin, pg_attrdef.adrelid)"); -+ const QString nspname = schema.isEmpty() -+ ? QStringLiteral("pg_table_is_visible(pg_class.oid)") -+ : QStringLiteral("pg_class.relnamespace = (SELECT oid FROM " -+ "pg_namespace WHERE pg_namespace.nspname = '%1')").arg(schema); -+ const QString stmt = -+ QStringLiteral("SELECT pg_attribute.attname, pg_attribute.atttypid::int, " -+ "pg_attribute.attnotnull, pg_attribute.attlen, pg_attribute.atttypmod, " -+ "%1 " -+ "FROM pg_class, pg_attribute " -+ "LEFT JOIN pg_attrdef ON (pg_attrdef.adrelid = " -+ "pg_attribute.attrelid AND pg_attrdef.adnum = pg_attribute.attnum) " -+ "WHERE %2 " -+ "AND pg_class.relname = '%3' " -+ "AND pg_attribute.attnum > 0 " -+ "AND pg_attribute.attrelid = pg_class.oid " -+ "AND pg_attribute.attisdropped = false " -+ "ORDER BY pg_attribute.attnum").arg(adsrc, nspname, tbl); - - QSqlQuery query(createResult()); -- query.exec(stmt.arg(tbl)); -+ query.exec(stmt); - while (query.next()) { - int len = query.value(3).toInt(); - int precision = query.value(4).toInt(); -diff --git a/src/plugins/sqldrivers/psql/qsql_psql_p.h b/src/plugins/sqldrivers/psql/qsql_psql_p.h -index 99e0b5f60f..9ac1fb50d7 100644 ---- a/src/plugins/sqldrivers/psql/qsql_psql_p.h -+++ b/src/plugins/sqldrivers/psql/qsql_psql_p.h -@@ -93,6 +93,7 @@ public: - Version9_6 = 22, - Version10 = 23, - Version11 = 24, -+ Version12 = 25, - UnknownLaterVersion = 100000 - }; - --- -cgit v1.2.1 - diff --git a/fbf3488.diff b/fbf3488.diff deleted file mode 100644 index 311ff74..0000000 --- a/fbf3488.diff +++ /dev/null @@ -1,53 +0,0 @@ -From fbf34883dfc23c109aa03d0df04a07bfd3be59e6 Mon Sep 17 00:00:00 2001 -From: Erik Kurzinger -Date: Mon, 10 Jun 2019 14:50:40 -0700 -Subject: [PATCH] Remove m_swapInterval from QGLXContext - -As per GLX_EXT_swap_control, the GLX swap interval is specified on a -per-drawable basis. However, QGLXContext only tracks it per-context -using the m_swapInterval member. If a new drawable is made current to a -context, it is still necessary to call glXSwapIntervalEXT to change the -swap interval, even if it has been previously called for the same -context with a different drawable. However, currently, -QGLXContext::makeCurrent doesn't do this if m_swapInterval matches the -new swap interval. This change removes m_swapInterval, forcing the swap -interval to be set every time and relying on the OpenGL implementation -to optimize away unnecessary calls. - -Change-Id: Idc34101476c6af618059f6f3d8925dee743994a3 ---- - -diff --git a/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp b/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp -index 4adf662..01517eb 100644 ---- a/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp -+++ b/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp -@@ -204,7 +204,6 @@ - , m_shareContext(0) - , m_format(format) - , m_isPBufferCurrent(false) -- , m_swapInterval(-1) - , m_ownsContext(nativeHandle.isNull()) - , m_getGraphicsResetStatus(0) - , m_lost(false) -@@ -568,8 +567,7 @@ - if (success && surfaceClass == QSurface::Window) { - int interval = surface->format().swapInterval(); - QXcbScreen *screen = screenForPlatformSurface(surface); -- if (interval >= 0 && m_swapInterval != interval && screen) { -- m_swapInterval = interval; -+ if (interval >= 0 && screen) { - typedef void (*qt_glXSwapIntervalEXT)(Display *, GLXDrawable, int); - typedef void (*qt_glXSwapIntervalMESA)(unsigned int); - static qt_glXSwapIntervalEXT glXSwapIntervalEXT = 0; -diff --git a/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.h b/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.h -index be9d3f5..2a88fd6 100644 ---- a/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.h -+++ b/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.h -@@ -87,7 +87,6 @@ - GLXContext m_shareContext; - QSurfaceFormat m_format; - bool m_isPBufferCurrent; -- int m_swapInterval; - bool m_ownsContext; - GLenum (APIENTRY * m_getGraphicsResetStatus)(); - bool m_lost; diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 203099f..5cad61a 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -52,8 +52,8 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components -Version: 5.13.2 -Release: 4%{?dist} +Version: 5.14.2 +Release: 1%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -78,9 +78,6 @@ Source10: macros.qt5-qtbase # support multilib optflags Patch2: qtbase-multilib_optflags.patch -# fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549) -Patch4: qtbase-opensource-src-5.3.2-QTBUG-35459.patch - # borrowed from opensuse # track private api via properly versioned symbols # downside: binaries produced with these differently-versioned symbols are no longer @@ -118,11 +115,6 @@ Patch64: qt5-qtbase-5.12.1-firebird.patch # fix for new mariadb Patch65: qtbase-opensource-src-5.9.0-mysql.patch -# use categorized logging for xcb log entries -# https://bugreports.qt.io/browse/QTBUG-55167 -# https://bugzilla.redhat.com/show_bug.cgi?id=1497564 -Patch67: https://bugreports.qt.io/secure/attachment/66353/xcberror_filter.patch - # python3 Patch68: qtbase-everywhere-src-5.11.1-python3.patch @@ -133,10 +125,6 @@ Patch80: qtbase-use-wayland-on-gnome.patch # glibc stat ## upstream patches -Patch100: 0001-Do-not-load-plugin-from-the-PWD.patch -Patch101: 0001-QLibrary-Unix-do-not-attempt-to-load-a-library-relat.patch -# Add support for PostgreSQL 12 -Patch102: https://code.qt.io/cgit/qt/qtbase.git/patch/?id=14b61d48#/0001-QPSQL-Add-support-for-PostgreSQL-12.patch # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are @@ -386,12 +374,12 @@ Qt5 libraries used for drawing widgets and OpenGL items. ## upstream fixes -%patch4 -p1 -b .QTBUG-35459 # omit '-b .tell-the-truth-about-private-api' so it doesn't end up in installed files -- rdieter %patch8 -p1 %patch50 -p1 -b .QT_VERSION_CHECK -%patch51 -p1 -b .hidpi_scale_at_192 +# FIXME/TODO : rebase or drop -- rdieter +#patch51 -p1 -b .hidpi_scale_at_192 %patch52 -p1 -b .moc_macros %patch53 -p1 -b .qt5gui_cmake_isystem_includes %patch54 -p1 -b .qmake_LFLAGS @@ -400,8 +388,6 @@ Qt5 libraries used for drawing widgets and OpenGL items. %if 0%{?fedora} > 27 %patch65 -p1 -b .mysql %endif -# FIXME/REBASE -#patch67 -p1 -b .xcberror_filter %patch68 -p1 %if 0%{?fedora} > 30 @@ -409,9 +395,6 @@ Qt5 libraries used for drawing widgets and OpenGL items. %endif ## upstream patches -%patch100 -p1 -b .Do-not-load-plugin-from-the-PWD.patch -%patch101 -p1 -b .QLibrary-Unix-do-not-attempt-to-load-a-library-relat -%patch102 -p1 -b .QPSQL-Add-support-for-PostgreSQL-12 # move some bundled libs to ensure they're not accidentally used pushd src/3rdparty @@ -548,7 +531,7 @@ translationdir=%{_qt5_translationdir} Name: Qt5 Description: Qt5 Configuration -Version: 5.13.2 +Version: %{version} EOF # rpm macros @@ -1056,6 +1039,9 @@ fi %changelog +* Sat Apr 04 2020 Rex Dieter - 5.14.2-1 +- 5.14.2 + * Sun Mar 22 2020 Robert-André Mauchin - 5.13.2-4 - Upstream patch to add support for PostgreSQL 12 (#1815921) diff --git a/qtbase-opensource-src-5.3.2-QTBUG-35459.patch b/qtbase-opensource-src-5.3.2-QTBUG-35459.patch deleted file mode 100644 index e156250..0000000 --- a/qtbase-opensource-src-5.3.2-QTBUG-35459.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up qtbase-opensource-src-5.3.2/src/xml/sax/qxml.cpp.QTBUG-35459 qtbase-opensource-src-5.3.2/src/xml/sax/qxml.cpp -diff -up qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h.QTBUG-35459 qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h ---- qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h.QTBUG-35459 2014-09-11 05:48:05.000000000 -0500 -+++ qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h 2014-09-16 09:35:01.189255615 -0500 -@@ -223,7 +223,7 @@ private: - // for the DTD currently being parsed. - static const int dtdRecursionLimit = 2; - // The maximum amount of characters an entity value may contain, after expansion. -- static const int entityCharacterLimit = 1024; -+ static const int entityCharacterLimit = 4096; - - const QString &string(); - void stringClear(); diff --git a/sources b/sources index 23ba8b9..e69de29 100644 --- a/sources +++ b/sources @@ -1 +0,0 @@ -SHA512 (qtbase-everywhere-src-5.13.2.tar.xz) = b00ad017cc95876698615fd6e41c6ade366146c1f7057e1925bc1b72918f091aa39aa6bf0ea450fc6cd4d8f9810b228770d981dcb6cbe8ad30abb2c42804a204 From a5e651007c65e31a3c992c4996f0a97227e37a90 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Sat, 4 Apr 2020 17:22:00 -0500 Subject: [PATCH 2/5] +sources.basename --- sources.basename | 1 + 1 file changed, 1 insertion(+) create mode 100644 sources.basename diff --git a/sources.basename b/sources.basename new file mode 100644 index 0000000..8e2fb88 --- /dev/null +++ b/sources.basename @@ -0,0 +1 @@ +qtbase-everywhere-src From 87d970c5d5043f4cc42c5641402b77645c6143b0 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Sat, 4 Apr 2020 17:50:37 -0500 Subject: [PATCH 3/5] new-sources --- .gitignore | 1 + sources | 1 + 2 files changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index d13b731..6856a54 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ /qtbase-everywhere-src-5.12.4.tar.xz /qtbase-everywhere-src-5.12.5.tar.xz /qtbase-everywhere-src-5.13.2.tar.xz +/qtbase-everywhere-src-5.14.2.tar.xz diff --git a/sources b/sources index e69de29..0d2628f 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +SHA512 (qtbase-everywhere-src-5.14.2.tar.xz) = 8c83e06d58b56e9f288e83d6c3dd4ad6cc9f1eb1a32c7b44fb912fda34ed7255766fd9fa60cd740ee001df7d6172f25df05f1f95e986c3e793fbcd9bf4f18de9 From 99a7b7e10d56152249424a93d73ae5436c0f6e66 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Sun, 5 Apr 2020 18:44:13 -0500 Subject: [PATCH 4/5] unused patch --- xcberror_filter.patch | 41 ----------------------------------------- 1 file changed, 41 deletions(-) delete mode 100644 xcberror_filter.patch diff --git a/xcberror_filter.patch b/xcberror_filter.patch deleted file mode 100644 index 76ee7e8..0000000 --- a/xcberror_filter.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 911762e077c8b2f9795171c1e628942a0a979801 Mon Sep 17 00:00:00 2001 -From: Jan Grulich -Date: Fri, 15 Dec 2017 11:56:12 +0100 -Subject: foo - - -diff --git a/src/plugins/platforms/xcb/qxcbconnection.cpp b/src/plugins/platforms/xcb/qxcbconnection.cpp -index 536c709..c6eb1b1 100644 ---- a/src/plugins/platforms/xcb/qxcbconnection.cpp -+++ b/src/plugins/platforms/xcb/qxcbconnection.cpp -@@ -111,6 +111,8 @@ Q_LOGGING_CATEGORY(lcQpaXInputEvents, "qt.qpa.input.events") - Q_LOGGING_CATEGORY(lcQpaScreen, "qt.qpa.screen") - Q_LOGGING_CATEGORY(lcQpaEvents, "qt.qpa.events") - Q_LOGGING_CATEGORY(lcQpaXcb, "qt.qpa.xcb") // for general (uncategorized) XCB logging -+Q_LOGGING_CATEGORY(lcQpaXcbError, "qt.qpa.xcb.xcberror") -+// TODO: How to categorize by xcberror type? (e.g. only BadWindow) - Q_LOGGING_CATEGORY(lcQpaPeeker, "qt.qpa.peeker") - - // this event type was added in libxcb 1.10, -@@ -964,7 +966,8 @@ void QXcbConnection::handleXcbError(xcb_generic_error_t *error) - uint clamped_error_code = qMin(error->error_code, (sizeof(xcb_errors) / sizeof(xcb_errors[0])) - 1); - uint clamped_major_code = qMin(error->major_code, (sizeof(xcb_protocol_request_codes) / sizeof(xcb_protocol_request_codes[0])) - 1); - -- qWarning("QXcbConnection: XCB error: %d (%s), sequence: %d, resource id: %d, major code: %d (%s), minor code: %d", -+ qCWarning(lcQpaXcbError, -+ "QXcbConnection: XCB error: %d (%s), sequence: %d, resource id: %d, major code: %d (%s), minor code: %d", - int(error->error_code), xcb_errors[clamped_error_code], - int(error->sequence), int(error->resource_id), - int(error->major_code), xcb_protocol_request_codes[clamped_major_code], -diff --git a/src/plugins/platforms/xcb/qxcbconnection.h b/src/plugins/platforms/xcb/qxcbconnection.h -index 999dc06..554611c 100644 ---- a/src/plugins/platforms/xcb/qxcbconnection.h -+++ b/src/plugins/platforms/xcb/qxcbconnection.h -@@ -91,6 +91,7 @@ Q_DECLARE_LOGGING_CATEGORY(lcQpaXInputEvents) - Q_DECLARE_LOGGING_CATEGORY(lcQpaScreen) - Q_DECLARE_LOGGING_CATEGORY(lcQpaEvents) - Q_DECLARE_LOGGING_CATEGORY(lcQpaXcb) -+Q_DECLARE_LOGGING_CATEGORY(lcQpaXcbError) - Q_DECLARE_LOGGING_CATEGORY(lcQpaPeeker) - - class QXcbVirtualDesktop; From 6cce1b1233436cd7919a4dc04de6693327eba01f Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Wed, 8 Apr 2020 12:20:38 +0200 Subject: [PATCH 5/5] Fixed bz#1801370 - CVE-2015-9541 XML entity expansion vulnerability via a crafted SVG document --- qt5-qtbase-CVE-2015-9541.patch | 146 +++++++++++++++++++++++++++++++++ qt5-qtbase.spec | 7 +- 2 files changed, 152 insertions(+), 1 deletion(-) create mode 100644 qt5-qtbase-CVE-2015-9541.patch diff --git a/qt5-qtbase-CVE-2015-9541.patch b/qt5-qtbase-CVE-2015-9541.patch new file mode 100644 index 0000000..14f6bd8 --- /dev/null +++ b/qt5-qtbase-CVE-2015-9541.patch @@ -0,0 +1,146 @@ +From f432c08882ffebe5074ea28de871559a98a4d094 Mon Sep 17 00:00:00 2001 +From: Lars Knoll +Date: Wed, 26 Feb 2020 10:42:10 +0100 +Subject: Add an expansion limit for entities + +Recursively defined entities can easily exhaust all available +memory. Limit entity expansion to a default of 4096 characters to +avoid DoS attacks when a user loads untrusted content. + +[ChangeLog][QtCore][QXmlStream] QXmlStreamReader does now +limit the expansion of entities to 4096 characters. Documents where +a single entity expands to more characters than the limit are not +considered well formed. The limit is there to avoid DoS attacks through +recursively expanding entities when loading untrusted content. Qt 5.15 +will add methods that allow changing that limit. + +Fixes: QTBUG-47417 +Change-Id: I94387815d74fcf34783e136387ee57fac5ded0c9 +Reviewed-by: Oswald Buddenhagen +Reviewed-by: Volker Hilsheimer +(cherry picked from commit fd4be84d23a0db4186cb42e736a9de3af722c7f7) +Reviewed-by: Eirik Aavitsland +--- + src/corelib/serialization/qxmlstream.g | 14 ++++++++++++- + src/corelib/serialization/qxmlstream_p.h | 14 ++++++++++++- + .../serialization/qxmlstream/tst_qxmlstream.cpp | 23 ++++++++++++++++++++-- + 3 files changed, 47 insertions(+), 4 deletions(-) + +diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g +index 10bfcd491c..5726bafb26 100644 +--- a/src/corelib/serialization/qxmlstream.g ++++ b/src/corelib/serialization/qxmlstream.g +@@ -277,9 +277,19 @@ public: + QHash entityHash; + QHash parameterEntityHash; + QXmlStreamSimpleStackentityReferenceStack; ++ int entityExpansionLimit = 4096; ++ int entityLength = 0; + inline bool referenceEntity(Entity &entity) { + if (entity.isCurrentlyReferenced) { +- raiseWellFormedError(QXmlStream::tr("Recursive entity detected.")); ++ raiseWellFormedError(QXmlStream::tr("Self-referencing entity detected.")); ++ return false; ++ } ++ // entityLength represents the amount of additional characters the ++ // entity expands into (can be negative for e.g. &). It's used to ++ // avoid DoS attacks through recursive entity expansions ++ entityLength += entity.value.size() - entity.name.size() - 2; ++ if (entityLength > entityExpansionLimit) { ++ raiseWellFormedError(QXmlStream::tr("Entity expands to more characters than the entity expansion limit.")); + return false; + } + entity.isCurrentlyReferenced = true; +@@ -830,6 +840,8 @@ entity_done ::= ENTITY_DONE; + /. + case $rule_number: + entityReferenceStack.pop()->isCurrentlyReferenced = false; ++ if (entityReferenceStack.isEmpty()) ++ entityLength = 0; + clearSym(); + break; + ./ +diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h +index 61f501f81b..31053f8e0b 100644 +--- a/src/corelib/serialization/qxmlstream_p.h ++++ b/src/corelib/serialization/qxmlstream_p.h +@@ -774,9 +774,19 @@ public: + QHash entityHash; + QHash parameterEntityHash; + QXmlStreamSimpleStackentityReferenceStack; ++ int entityExpansionLimit = 4096; ++ int entityLength = 0; + inline bool referenceEntity(Entity &entity) { + if (entity.isCurrentlyReferenced) { +- raiseWellFormedError(QXmlStream::tr("Recursive entity detected.")); ++ raiseWellFormedError(QXmlStream::tr("Self-referencing entity detected.")); ++ return false; ++ } ++ // entityLength represents the amount of additional characters the ++ // entity expands into (can be negative for e.g. &). It's used to ++ // avoid DoS attacks through recursive entity expansions ++ entityLength += entity.value.size() - entity.name.size() - 2; ++ if (entityLength > entityExpansionLimit) { ++ raiseWellFormedError(QXmlStream::tr("Entity expands to more characters than the entity expansion limit.")); + return false; + } + entity.isCurrentlyReferenced = true; +@@ -1308,6 +1318,8 @@ bool QXmlStreamReaderPrivate::parse() + + case 10: + entityReferenceStack.pop()->isCurrentlyReferenced = false; ++ if (entityReferenceStack.isEmpty()) ++ entityLength = 0; + clearSym(); + break; + +diff --git a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp +index 8fdf91b090..1f9a0d575d 100644 +--- a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp ++++ b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp +@@ -393,8 +393,6 @@ public: + return true; + } + +- QXmlStreamReader reader(&inputFile); +- + /* See testcases.dtd which reads: 'Nonvalidating parsers + * must also accept "invalid" testcases, but validating ones must reject them.' */ + if(type == QLatin1String("invalid") || type == QLatin1String("valid")) +@@ -580,6 +578,8 @@ private slots: + void roundTrip() const; + void roundTrip_data() const; + ++ void entityExpansionLimit() const; ++ + private: + static QByteArray readFile(const QString &filename); + +@@ -1756,6 +1756,25 @@ void tst_QXmlStream::roundTrip_data() const + "\n"; + } + ++void tst_QXmlStream::entityExpansionLimit() const ++{ ++ QString xml = QStringLiteral("" ++ "" ++ "" ++ "" ++ "" ++ "]>" ++ "&d;&d;&d;"); ++ { ++ QXmlStreamReader reader(xml); ++ do { ++ reader.readNext(); ++ } while (!reader.atEnd()); ++ QCOMPARE(reader.error(), QXmlStreamReader::NotWellFormedError); ++ } ++} ++ + void tst_QXmlStream::roundTrip() const + { + QFETCH(QString, in); +-- +cgit v0.2.1 diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 5cad61a..1f8aae9 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -53,7 +53,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.14.2 -Release: 1%{?dist} +Release: 2%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -125,6 +125,7 @@ Patch80: qtbase-use-wayland-on-gnome.patch # glibc stat ## upstream patches +Patch100: qt5-qtbase-CVE-2015-9541.patch # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are @@ -395,6 +396,7 @@ Qt5 libraries used for drawing widgets and OpenGL items. %endif ## upstream patches +%patch100 -p1 -b .CVE-2015-9541 # move some bundled libs to ensure they're not accidentally used pushd src/3rdparty @@ -1039,6 +1041,9 @@ fi %changelog +* Wed Apr 08 2020 Than Ngo - 5.14.2-2 +- Fixed bz#1801370 - CVE-2015-9541 XML entity expansion vulnerability via a crafted SVG document + * Sat Apr 04 2020 Rex Dieter - 5.14.2-1 - 5.14.2