Merge remote-tracking branch 'up/master' into master-riscv64
Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
This commit is contained in:
commit
4facfab57b
1
.gitignore
vendored
1
.gitignore
vendored
@ -3,3 +3,4 @@
|
|||||||
/qtbase-everywhere-src-5.12.4.tar.xz
|
/qtbase-everywhere-src-5.12.4.tar.xz
|
||||||
/qtbase-everywhere-src-5.12.5.tar.xz
|
/qtbase-everywhere-src-5.12.5.tar.xz
|
||||||
/qtbase-everywhere-src-5.13.2.tar.xz
|
/qtbase-everywhere-src-5.13.2.tar.xz
|
||||||
|
/qtbase-everywhere-src-5.14.2.tar.xz
|
||||||
|
@ -1,33 +0,0 @@
|
|||||||
From 2e02b383e03c30f53ff613e431e8fe1d063d5502 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Olivier Goffart <ogoffart@woboq.com>
|
|
||||||
Date: Fri, 8 Nov 2019 11:30:40 +0100
|
|
||||||
Subject: [PATCH] Do not load plugin from the $PWD
|
|
||||||
|
|
||||||
I see no reason why this would make sense to look for plugins in the current
|
|
||||||
directory. And when there are plugins there, it may actually be wrong
|
|
||||||
|
|
||||||
Change-Id: I5f5aa168021fedddafce90effde0d5762cd0c4c5
|
|
||||||
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
|
||||||
(cherry picked from commit bf131e8d2181b3404f5293546ed390999f760404)
|
|
||||||
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
|
||||||
(cherry picked from commit 52b739776daecf80a8276b49c9e4337e018d8e8b)
|
|
||||||
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
|
|
||||||
---
|
|
||||||
src/corelib/plugin/qpluginloader.cpp | 1 -
|
|
||||||
1 file changed, 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/corelib/plugin/qpluginloader.cpp b/src/corelib/plugin/qpluginloader.cpp
|
|
||||||
index aab00cc7eb..15b8654391 100644
|
|
||||||
--- a/src/corelib/plugin/qpluginloader.cpp
|
|
||||||
+++ b/src/corelib/plugin/qpluginloader.cpp
|
|
||||||
@@ -304,7 +304,6 @@ static QString locatePlugin(const QString& fileName)
|
|
||||||
paths.append(fileName.left(slash)); // don't include the '/'
|
|
||||||
} else {
|
|
||||||
paths = QCoreApplication::libraryPaths();
|
|
||||||
- paths.prepend(QStringLiteral(".")); // search in current dir first
|
|
||||||
}
|
|
||||||
|
|
||||||
for (const QString &path : qAsConst(paths)) {
|
|
||||||
--
|
|
||||||
2.24.1
|
|
||||||
|
|
@ -1,21 +0,0 @@
|
|||||||
diff -up qtbase-everywhere-src-5.13.2/src/corelib/plugin/qlibrary_unix.cpp.QLibrary-Unix-do-not-attempt-to-load-a-library-relat qtbase-everywhere-src-5.13.2/src/corelib/plugin/qlibrary_unix.cpp
|
|
||||||
--- qtbase-everywhere-src-5.13.2/src/corelib/plugin/qlibrary_unix.cpp.QLibrary-Unix-do-not-attempt-to-load-a-library-relat 2019-10-25 09:16:48.000000000 +0200
|
|
||||||
+++ qtbase-everywhere-src-5.13.2/src/corelib/plugin/qlibrary_unix.cpp 2020-01-20 10:49:23.619299927 +0100
|
|
||||||
@@ -1,7 +1,7 @@
|
|
||||||
/****************************************************************************
|
|
||||||
**
|
|
||||||
** Copyright (C) 2016 The Qt Company Ltd.
|
|
||||||
-** Copyright (C) 2018 Intel Corporation
|
|
||||||
+** Copyright (C) 2020 Intel Corporation
|
|
||||||
** Contact: https://www.qt.io/licensing/
|
|
||||||
**
|
|
||||||
** This file is part of the QtCore module of the Qt Toolkit.
|
|
||||||
@@ -208,6 +208,8 @@ bool QLibraryPrivate::load_sys()
|
|
||||||
for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) {
|
|
||||||
if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix)))
|
|
||||||
continue;
|
|
||||||
+ if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/')))
|
|
||||||
+ continue;
|
|
||||||
if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix)))
|
|
||||||
continue;
|
|
||||||
if (loadHints & QLibrary::LoadArchiveMemberHint) {
|
|
@ -1,98 +0,0 @@
|
|||||||
From 14b61d48e8bad6223a08843cf363ef48f09c479b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Christian Ehrlicher <ch.ehrlicher@gmx.de>
|
|
||||||
Date: Fri, 11 Oct 2019 20:53:49 +0200
|
|
||||||
Subject: QPSQL: Add support for PostgreSQL 12
|
|
||||||
|
|
||||||
Add proper version check and replace long deprecated and now removed
|
|
||||||
access to pg_attrdef.adsrc.
|
|
||||||
|
|
||||||
[ChangeLog][QtSql][QPSQL] added support for PostgreSQL 12
|
|
||||||
|
|
||||||
Fixes: QTBUG-79033
|
|
||||||
Fixes: QTBUG-79064
|
|
||||||
Change-Id: Iec1b13945c34ea017139ad1c5539ab5b7f1e03aa
|
|
||||||
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
||||||
---
|
|
||||||
src/plugins/sqldrivers/psql/qsql_psql.cpp | 43 +++++++++++++++++--------------
|
|
||||||
src/plugins/sqldrivers/psql/qsql_psql_p.h | 1 +
|
|
||||||
2 files changed, 25 insertions(+), 19 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/plugins/sqldrivers/psql/qsql_psql.cpp b/src/plugins/sqldrivers/psql/qsql_psql.cpp
|
|
||||||
index 3803f05b9f..760685f64b 100644
|
|
||||||
--- a/src/plugins/sqldrivers/psql/qsql_psql.cpp
|
|
||||||
+++ b/src/plugins/sqldrivers/psql/qsql_psql.cpp
|
|
||||||
@@ -1078,8 +1078,10 @@ static QPSQLDriver::Protocol qMakePSQLVersion(int vMaj, int vMin)
|
|
||||||
return QPSQLDriver::Version10;
|
|
||||||
case 11:
|
|
||||||
return QPSQLDriver::Version11;
|
|
||||||
+ case 12:
|
|
||||||
+ return QPSQLDriver::Version12;
|
|
||||||
default:
|
|
||||||
- if (vMaj > 11)
|
|
||||||
+ if (vMaj > 12)
|
|
||||||
return QPSQLDriver::UnknownLaterVersion;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
@@ -1439,26 +1441,29 @@ QSqlRecord QPSQLDriver::record(const QString &tablename) const
|
|
||||||
schema = stripDelimiters(schema, QSqlDriver::TableName);
|
|
||||||
tbl = stripDelimiters(tbl, QSqlDriver::TableName);
|
|
||||||
|
|
||||||
- QString stmt = QStringLiteral("SELECT pg_attribute.attname, pg_attribute.atttypid::int, "
|
|
||||||
- "pg_attribute.attnotnull, pg_attribute.attlen, pg_attribute.atttypmod, "
|
|
||||||
- "pg_attrdef.adsrc "
|
|
||||||
- "FROM pg_class, pg_attribute "
|
|
||||||
- "LEFT JOIN pg_attrdef ON (pg_attrdef.adrelid = "
|
|
||||||
- "pg_attribute.attrelid AND pg_attrdef.adnum = pg_attribute.attnum) "
|
|
||||||
- "WHERE %1 "
|
|
||||||
- "AND pg_class.relname = '%2' "
|
|
||||||
- "AND pg_attribute.attnum > 0 "
|
|
||||||
- "AND pg_attribute.attrelid = pg_class.oid "
|
|
||||||
- "AND pg_attribute.attisdropped = false "
|
|
||||||
- "ORDER BY pg_attribute.attnum");
|
|
||||||
- if (schema.isEmpty())
|
|
||||||
- stmt = stmt.arg(QStringLiteral("pg_table_is_visible(pg_class.oid)"));
|
|
||||||
- else
|
|
||||||
- stmt = stmt.arg(QStringLiteral("pg_class.relnamespace = (SELECT oid FROM "
|
|
||||||
- "pg_namespace WHERE pg_namespace.nspname = '%1')").arg(schema));
|
|
||||||
+ const QString adsrc = protocol() < Version8
|
|
||||||
+ ? QStringLiteral("pg_attrdef.adsrc")
|
|
||||||
+ : QStringLiteral("pg_get_expr(pg_attrdef.adbin, pg_attrdef.adrelid)");
|
|
||||||
+ const QString nspname = schema.isEmpty()
|
|
||||||
+ ? QStringLiteral("pg_table_is_visible(pg_class.oid)")
|
|
||||||
+ : QStringLiteral("pg_class.relnamespace = (SELECT oid FROM "
|
|
||||||
+ "pg_namespace WHERE pg_namespace.nspname = '%1')").arg(schema);
|
|
||||||
+ const QString stmt =
|
|
||||||
+ QStringLiteral("SELECT pg_attribute.attname, pg_attribute.atttypid::int, "
|
|
||||||
+ "pg_attribute.attnotnull, pg_attribute.attlen, pg_attribute.atttypmod, "
|
|
||||||
+ "%1 "
|
|
||||||
+ "FROM pg_class, pg_attribute "
|
|
||||||
+ "LEFT JOIN pg_attrdef ON (pg_attrdef.adrelid = "
|
|
||||||
+ "pg_attribute.attrelid AND pg_attrdef.adnum = pg_attribute.attnum) "
|
|
||||||
+ "WHERE %2 "
|
|
||||||
+ "AND pg_class.relname = '%3' "
|
|
||||||
+ "AND pg_attribute.attnum > 0 "
|
|
||||||
+ "AND pg_attribute.attrelid = pg_class.oid "
|
|
||||||
+ "AND pg_attribute.attisdropped = false "
|
|
||||||
+ "ORDER BY pg_attribute.attnum").arg(adsrc, nspname, tbl);
|
|
||||||
|
|
||||||
QSqlQuery query(createResult());
|
|
||||||
- query.exec(stmt.arg(tbl));
|
|
||||||
+ query.exec(stmt);
|
|
||||||
while (query.next()) {
|
|
||||||
int len = query.value(3).toInt();
|
|
||||||
int precision = query.value(4).toInt();
|
|
||||||
diff --git a/src/plugins/sqldrivers/psql/qsql_psql_p.h b/src/plugins/sqldrivers/psql/qsql_psql_p.h
|
|
||||||
index 99e0b5f60f..9ac1fb50d7 100644
|
|
||||||
--- a/src/plugins/sqldrivers/psql/qsql_psql_p.h
|
|
||||||
+++ b/src/plugins/sqldrivers/psql/qsql_psql_p.h
|
|
||||||
@@ -93,6 +93,7 @@ public:
|
|
||||||
Version9_6 = 22,
|
|
||||||
Version10 = 23,
|
|
||||||
Version11 = 24,
|
|
||||||
+ Version12 = 25,
|
|
||||||
UnknownLaterVersion = 100000
|
|
||||||
};
|
|
||||||
|
|
||||||
--
|
|
||||||
cgit v1.2.1
|
|
||||||
|
|
53
fbf3488.diff
53
fbf3488.diff
@ -1,53 +0,0 @@
|
|||||||
From fbf34883dfc23c109aa03d0df04a07bfd3be59e6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Erik Kurzinger <ekurzinger@nvidia.com>
|
|
||||||
Date: Mon, 10 Jun 2019 14:50:40 -0700
|
|
||||||
Subject: [PATCH] Remove m_swapInterval from QGLXContext
|
|
||||||
|
|
||||||
As per GLX_EXT_swap_control, the GLX swap interval is specified on a
|
|
||||||
per-drawable basis. However, QGLXContext only tracks it per-context
|
|
||||||
using the m_swapInterval member. If a new drawable is made current to a
|
|
||||||
context, it is still necessary to call glXSwapIntervalEXT to change the
|
|
||||||
swap interval, even if it has been previously called for the same
|
|
||||||
context with a different drawable. However, currently,
|
|
||||||
QGLXContext::makeCurrent doesn't do this if m_swapInterval matches the
|
|
||||||
new swap interval. This change removes m_swapInterval, forcing the swap
|
|
||||||
interval to be set every time and relying on the OpenGL implementation
|
|
||||||
to optimize away unnecessary calls.
|
|
||||||
|
|
||||||
Change-Id: Idc34101476c6af618059f6f3d8925dee743994a3
|
|
||||||
---
|
|
||||||
|
|
||||||
diff --git a/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp b/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp
|
|
||||||
index 4adf662..01517eb 100644
|
|
||||||
--- a/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp
|
|
||||||
+++ b/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp
|
|
||||||
@@ -204,7 +204,6 @@
|
|
||||||
, m_shareContext(0)
|
|
||||||
, m_format(format)
|
|
||||||
, m_isPBufferCurrent(false)
|
|
||||||
- , m_swapInterval(-1)
|
|
||||||
, m_ownsContext(nativeHandle.isNull())
|
|
||||||
, m_getGraphicsResetStatus(0)
|
|
||||||
, m_lost(false)
|
|
||||||
@@ -568,8 +567,7 @@
|
|
||||||
if (success && surfaceClass == QSurface::Window) {
|
|
||||||
int interval = surface->format().swapInterval();
|
|
||||||
QXcbScreen *screen = screenForPlatformSurface(surface);
|
|
||||||
- if (interval >= 0 && m_swapInterval != interval && screen) {
|
|
||||||
- m_swapInterval = interval;
|
|
||||||
+ if (interval >= 0 && screen) {
|
|
||||||
typedef void (*qt_glXSwapIntervalEXT)(Display *, GLXDrawable, int);
|
|
||||||
typedef void (*qt_glXSwapIntervalMESA)(unsigned int);
|
|
||||||
static qt_glXSwapIntervalEXT glXSwapIntervalEXT = 0;
|
|
||||||
diff --git a/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.h b/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.h
|
|
||||||
index be9d3f5..2a88fd6 100644
|
|
||||||
--- a/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.h
|
|
||||||
+++ b/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.h
|
|
||||||
@@ -87,7 +87,6 @@
|
|
||||||
GLXContext m_shareContext;
|
|
||||||
QSurfaceFormat m_format;
|
|
||||||
bool m_isPBufferCurrent;
|
|
||||||
- int m_swapInterval;
|
|
||||||
bool m_ownsContext;
|
|
||||||
GLenum (APIENTRY * m_getGraphicsResetStatus)();
|
|
||||||
bool m_lost;
|
|
146
qt5-qtbase-CVE-2015-9541.patch
Normal file
146
qt5-qtbase-CVE-2015-9541.patch
Normal file
@ -0,0 +1,146 @@
|
|||||||
|
From f432c08882ffebe5074ea28de871559a98a4d094 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lars Knoll <lars.knoll@qt.io>
|
||||||
|
Date: Wed, 26 Feb 2020 10:42:10 +0100
|
||||||
|
Subject: Add an expansion limit for entities
|
||||||
|
|
||||||
|
Recursively defined entities can easily exhaust all available
|
||||||
|
memory. Limit entity expansion to a default of 4096 characters to
|
||||||
|
avoid DoS attacks when a user loads untrusted content.
|
||||||
|
|
||||||
|
[ChangeLog][QtCore][QXmlStream] QXmlStreamReader does now
|
||||||
|
limit the expansion of entities to 4096 characters. Documents where
|
||||||
|
a single entity expands to more characters than the limit are not
|
||||||
|
considered well formed. The limit is there to avoid DoS attacks through
|
||||||
|
recursively expanding entities when loading untrusted content. Qt 5.15
|
||||||
|
will add methods that allow changing that limit.
|
||||||
|
|
||||||
|
Fixes: QTBUG-47417
|
||||||
|
Change-Id: I94387815d74fcf34783e136387ee57fac5ded0c9
|
||||||
|
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
|
||||||
|
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
|
||||||
|
(cherry picked from commit fd4be84d23a0db4186cb42e736a9de3af722c7f7)
|
||||||
|
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
|
||||||
|
---
|
||||||
|
src/corelib/serialization/qxmlstream.g | 14 ++++++++++++-
|
||||||
|
src/corelib/serialization/qxmlstream_p.h | 14 ++++++++++++-
|
||||||
|
.../serialization/qxmlstream/tst_qxmlstream.cpp | 23 ++++++++++++++++++++--
|
||||||
|
3 files changed, 47 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g
|
||||||
|
index 10bfcd491c..5726bafb26 100644
|
||||||
|
--- a/src/corelib/serialization/qxmlstream.g
|
||||||
|
+++ b/src/corelib/serialization/qxmlstream.g
|
||||||
|
@@ -277,9 +277,19 @@ public:
|
||||||
|
QHash<QStringView, Entity> entityHash;
|
||||||
|
QHash<QStringView, Entity> parameterEntityHash;
|
||||||
|
QXmlStreamSimpleStack<Entity *>entityReferenceStack;
|
||||||
|
+ int entityExpansionLimit = 4096;
|
||||||
|
+ int entityLength = 0;
|
||||||
|
inline bool referenceEntity(Entity &entity) {
|
||||||
|
if (entity.isCurrentlyReferenced) {
|
||||||
|
- raiseWellFormedError(QXmlStream::tr("Recursive entity detected."));
|
||||||
|
+ raiseWellFormedError(QXmlStream::tr("Self-referencing entity detected."));
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+ // entityLength represents the amount of additional characters the
|
||||||
|
+ // entity expands into (can be negative for e.g. &). It's used to
|
||||||
|
+ // avoid DoS attacks through recursive entity expansions
|
||||||
|
+ entityLength += entity.value.size() - entity.name.size() - 2;
|
||||||
|
+ if (entityLength > entityExpansionLimit) {
|
||||||
|
+ raiseWellFormedError(QXmlStream::tr("Entity expands to more characters than the entity expansion limit."));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
entity.isCurrentlyReferenced = true;
|
||||||
|
@@ -830,6 +840,8 @@ entity_done ::= ENTITY_DONE;
|
||||||
|
/.
|
||||||
|
case $rule_number:
|
||||||
|
entityReferenceStack.pop()->isCurrentlyReferenced = false;
|
||||||
|
+ if (entityReferenceStack.isEmpty())
|
||||||
|
+ entityLength = 0;
|
||||||
|
clearSym();
|
||||||
|
break;
|
||||||
|
./
|
||||||
|
diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
|
||||||
|
index 61f501f81b..31053f8e0b 100644
|
||||||
|
--- a/src/corelib/serialization/qxmlstream_p.h
|
||||||
|
+++ b/src/corelib/serialization/qxmlstream_p.h
|
||||||
|
@@ -774,9 +774,19 @@ public:
|
||||||
|
QHash<QStringView, Entity> entityHash;
|
||||||
|
QHash<QStringView, Entity> parameterEntityHash;
|
||||||
|
QXmlStreamSimpleStack<Entity *>entityReferenceStack;
|
||||||
|
+ int entityExpansionLimit = 4096;
|
||||||
|
+ int entityLength = 0;
|
||||||
|
inline bool referenceEntity(Entity &entity) {
|
||||||
|
if (entity.isCurrentlyReferenced) {
|
||||||
|
- raiseWellFormedError(QXmlStream::tr("Recursive entity detected."));
|
||||||
|
+ raiseWellFormedError(QXmlStream::tr("Self-referencing entity detected."));
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+ // entityLength represents the amount of additional characters the
|
||||||
|
+ // entity expands into (can be negative for e.g. &). It's used to
|
||||||
|
+ // avoid DoS attacks through recursive entity expansions
|
||||||
|
+ entityLength += entity.value.size() - entity.name.size() - 2;
|
||||||
|
+ if (entityLength > entityExpansionLimit) {
|
||||||
|
+ raiseWellFormedError(QXmlStream::tr("Entity expands to more characters than the entity expansion limit."));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
entity.isCurrentlyReferenced = true;
|
||||||
|
@@ -1308,6 +1318,8 @@ bool QXmlStreamReaderPrivate::parse()
|
||||||
|
|
||||||
|
case 10:
|
||||||
|
entityReferenceStack.pop()->isCurrentlyReferenced = false;
|
||||||
|
+ if (entityReferenceStack.isEmpty())
|
||||||
|
+ entityLength = 0;
|
||||||
|
clearSym();
|
||||||
|
break;
|
||||||
|
|
||||||
|
diff --git a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp
|
||||||
|
index 8fdf91b090..1f9a0d575d 100644
|
||||||
|
--- a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp
|
||||||
|
+++ b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp
|
||||||
|
@@ -393,8 +393,6 @@ public:
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
- QXmlStreamReader reader(&inputFile);
|
||||||
|
-
|
||||||
|
/* See testcases.dtd which reads: 'Nonvalidating parsers
|
||||||
|
* must also accept "invalid" testcases, but validating ones must reject them.' */
|
||||||
|
if(type == QLatin1String("invalid") || type == QLatin1String("valid"))
|
||||||
|
@@ -580,6 +578,8 @@ private slots:
|
||||||
|
void roundTrip() const;
|
||||||
|
void roundTrip_data() const;
|
||||||
|
|
||||||
|
+ void entityExpansionLimit() const;
|
||||||
|
+
|
||||||
|
private:
|
||||||
|
static QByteArray readFile(const QString &filename);
|
||||||
|
|
||||||
|
@@ -1756,6 +1756,25 @@ void tst_QXmlStream::roundTrip_data() const
|
||||||
|
"</root>\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
+void tst_QXmlStream::entityExpansionLimit() const
|
||||||
|
+{
|
||||||
|
+ QString xml = QStringLiteral("<?xml version=\"1.0\"?>"
|
||||||
|
+ "<!DOCTYPE foo ["
|
||||||
|
+ "<!ENTITY a \"0123456789\" >"
|
||||||
|
+ "<!ENTITY b \"&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;\" >"
|
||||||
|
+ "<!ENTITY c \"&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;\" >"
|
||||||
|
+ "<!ENTITY d \"&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;\" >"
|
||||||
|
+ "]>"
|
||||||
|
+ "<foo>&d;&d;&d;</foo>");
|
||||||
|
+ {
|
||||||
|
+ QXmlStreamReader reader(xml);
|
||||||
|
+ do {
|
||||||
|
+ reader.readNext();
|
||||||
|
+ } while (!reader.atEnd());
|
||||||
|
+ QCOMPARE(reader.error(), QXmlStreamReader::NotWellFormedError);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
void tst_QXmlStream::roundTrip() const
|
||||||
|
{
|
||||||
|
QFETCH(QString, in);
|
||||||
|
--
|
||||||
|
cgit v0.2.1
|
@ -52,8 +52,8 @@ BuildRequires: pkgconfig(libsystemd)
|
|||||||
|
|
||||||
Name: qt5-qtbase
|
Name: qt5-qtbase
|
||||||
Summary: Qt5 - QtBase components
|
Summary: Qt5 - QtBase components
|
||||||
Version: 5.13.2
|
Version: 5.14.2
|
||||||
Release: 4.0.riscv64%{?dist}
|
Release: 2.0.riscv64%{?dist}
|
||||||
|
|
||||||
# See LGPL_EXCEPTIONS.txt, for exception details
|
# See LGPL_EXCEPTIONS.txt, for exception details
|
||||||
License: LGPLv2 with exceptions or GPLv3 with exceptions
|
License: LGPLv2 with exceptions or GPLv3 with exceptions
|
||||||
@ -78,9 +78,6 @@ Source10: macros.qt5-qtbase
|
|||||||
# support multilib optflags
|
# support multilib optflags
|
||||||
Patch2: qtbase-multilib_optflags.patch
|
Patch2: qtbase-multilib_optflags.patch
|
||||||
|
|
||||||
# fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549)
|
|
||||||
Patch4: qtbase-opensource-src-5.3.2-QTBUG-35459.patch
|
|
||||||
|
|
||||||
# borrowed from opensuse
|
# borrowed from opensuse
|
||||||
# track private api via properly versioned symbols
|
# track private api via properly versioned symbols
|
||||||
# downside: binaries produced with these differently-versioned symbols are no longer
|
# downside: binaries produced with these differently-versioned symbols are no longer
|
||||||
@ -118,11 +115,6 @@ Patch64: qt5-qtbase-5.12.1-firebird.patch
|
|||||||
# fix for new mariadb
|
# fix for new mariadb
|
||||||
Patch65: qtbase-opensource-src-5.9.0-mysql.patch
|
Patch65: qtbase-opensource-src-5.9.0-mysql.patch
|
||||||
|
|
||||||
# use categorized logging for xcb log entries
|
|
||||||
# https://bugreports.qt.io/browse/QTBUG-55167
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1497564
|
|
||||||
Patch67: https://bugreports.qt.io/secure/attachment/66353/xcberror_filter.patch
|
|
||||||
|
|
||||||
# python3
|
# python3
|
||||||
Patch68: qtbase-everywhere-src-5.11.1-python3.patch
|
Patch68: qtbase-everywhere-src-5.11.1-python3.patch
|
||||||
|
|
||||||
@ -133,10 +125,7 @@ Patch80: qtbase-use-wayland-on-gnome.patch
|
|||||||
# glibc stat
|
# glibc stat
|
||||||
|
|
||||||
## upstream patches
|
## upstream patches
|
||||||
Patch100: 0001-Do-not-load-plugin-from-the-PWD.patch
|
Patch100: qt5-qtbase-CVE-2015-9541.patch
|
||||||
Patch101: 0001-QLibrary-Unix-do-not-attempt-to-load-a-library-relat.patch
|
|
||||||
# Add support for PostgreSQL 12
|
|
||||||
Patch102: https://code.qt.io/cgit/qt/qtbase.git/patch/?id=14b61d48#/0001-QPSQL-Add-support-for-PostgreSQL-12.patch
|
|
||||||
|
|
||||||
|
|
||||||
# RISC-V: must use -pthread to link libatomic
|
# RISC-V: must use -pthread to link libatomic
|
||||||
@ -390,12 +379,12 @@ Qt5 libraries used for drawing widgets and OpenGL items.
|
|||||||
|
|
||||||
## upstream fixes
|
## upstream fixes
|
||||||
|
|
||||||
%patch4 -p1 -b .QTBUG-35459
|
|
||||||
# omit '-b .tell-the-truth-about-private-api' so it doesn't end up in installed files -- rdieter
|
# omit '-b .tell-the-truth-about-private-api' so it doesn't end up in installed files -- rdieter
|
||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
|
|
||||||
%patch50 -p1 -b .QT_VERSION_CHECK
|
%patch50 -p1 -b .QT_VERSION_CHECK
|
||||||
%patch51 -p1 -b .hidpi_scale_at_192
|
# FIXME/TODO : rebase or drop -- rdieter
|
||||||
|
#patch51 -p1 -b .hidpi_scale_at_192
|
||||||
%patch52 -p1 -b .moc_macros
|
%patch52 -p1 -b .moc_macros
|
||||||
%patch53 -p1 -b .qt5gui_cmake_isystem_includes
|
%patch53 -p1 -b .qt5gui_cmake_isystem_includes
|
||||||
%patch54 -p1 -b .qmake_LFLAGS
|
%patch54 -p1 -b .qmake_LFLAGS
|
||||||
@ -404,8 +393,6 @@ Qt5 libraries used for drawing widgets and OpenGL items.
|
|||||||
%if 0%{?fedora} > 27
|
%if 0%{?fedora} > 27
|
||||||
%patch65 -p1 -b .mysql
|
%patch65 -p1 -b .mysql
|
||||||
%endif
|
%endif
|
||||||
# FIXME/REBASE
|
|
||||||
#patch67 -p1 -b .xcberror_filter
|
|
||||||
%patch68 -p1
|
%patch68 -p1
|
||||||
|
|
||||||
%if 0%{?fedora} > 30
|
%if 0%{?fedora} > 30
|
||||||
@ -413,9 +400,7 @@ Qt5 libraries used for drawing widgets and OpenGL items.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
## upstream patches
|
## upstream patches
|
||||||
%patch100 -p1 -b .Do-not-load-plugin-from-the-PWD.patch
|
%patch100 -p1 -b .CVE-2015-9541
|
||||||
%patch101 -p1 -b .QLibrary-Unix-do-not-attempt-to-load-a-library-relat
|
|
||||||
%patch102 -p1 -b .QPSQL-Add-support-for-PostgreSQL-12
|
|
||||||
|
|
||||||
# riscv
|
# riscv
|
||||||
%ifarch riscv64
|
%ifarch riscv64
|
||||||
@ -557,7 +542,7 @@ translationdir=%{_qt5_translationdir}
|
|||||||
|
|
||||||
Name: Qt5
|
Name: Qt5
|
||||||
Description: Qt5 Configuration
|
Description: Qt5 Configuration
|
||||||
Version: 5.13.2
|
Version: %{version}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# rpm macros
|
# rpm macros
|
||||||
@ -1065,9 +1050,15 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Sun Mar 29 2020 David Abdurachmanov <david.abdurachmanov@sifive.com> - 5.13.2-4.0.riscv64
|
* Thu Apr 09 2020 David Abdurachmanov <david.abdurachmanov@sifive.com> - 5.14.2-2.0.riscv64
|
||||||
- Replace -lpthread with -pthread
|
- Replace -lpthread with -pthread
|
||||||
|
|
||||||
|
* Wed Apr 08 2020 Than Ngo <than@redhat.com> - 5.14.2-2
|
||||||
|
- Fixed bz#1801370 - CVE-2015-9541 XML entity expansion vulnerability via a crafted SVG document
|
||||||
|
|
||||||
|
* Sat Apr 04 2020 Rex Dieter <rdieter@fedoraproject.org> - 5.14.2-1
|
||||||
|
- 5.14.2
|
||||||
|
|
||||||
* Sun Mar 22 2020 Robert-André Mauchin <zebob.m@gmail.com> - 5.13.2-4
|
* Sun Mar 22 2020 Robert-André Mauchin <zebob.m@gmail.com> - 5.13.2-4
|
||||||
- Upstream patch to add support for PostgreSQL 12 (#1815921)
|
- Upstream patch to add support for PostgreSQL 12 (#1815921)
|
||||||
|
|
||||||
|
@ -1,13 +0,0 @@
|
|||||||
diff -up qtbase-opensource-src-5.3.2/src/xml/sax/qxml.cpp.QTBUG-35459 qtbase-opensource-src-5.3.2/src/xml/sax/qxml.cpp
|
|
||||||
diff -up qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h.QTBUG-35459 qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h
|
|
||||||
--- qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h.QTBUG-35459 2014-09-11 05:48:05.000000000 -0500
|
|
||||||
+++ qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h 2014-09-16 09:35:01.189255615 -0500
|
|
||||||
@@ -223,7 +223,7 @@ private:
|
|
||||||
// for the DTD currently being parsed.
|
|
||||||
static const int dtdRecursionLimit = 2;
|
|
||||||
// The maximum amount of characters an entity value may contain, after expansion.
|
|
||||||
- static const int entityCharacterLimit = 1024;
|
|
||||||
+ static const int entityCharacterLimit = 4096;
|
|
||||||
|
|
||||||
const QString &string();
|
|
||||||
void stringClear();
|
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (qtbase-everywhere-src-5.13.2.tar.xz) = b00ad017cc95876698615fd6e41c6ade366146c1f7057e1925bc1b72918f091aa39aa6bf0ea450fc6cd4d8f9810b228770d981dcb6cbe8ad30abb2c42804a204
|
SHA512 (qtbase-everywhere-src-5.14.2.tar.xz) = 8c83e06d58b56e9f288e83d6c3dd4ad6cc9f1eb1a32c7b44fb912fda34ed7255766fd9fa60cd740ee001df7d6172f25df05f1f95e986c3e793fbcd9bf4f18de9
|
||||||
|
1
sources.basename
Normal file
1
sources.basename
Normal file
@ -0,0 +1 @@
|
|||||||
|
qtbase-everywhere-src
|
@ -1,41 +0,0 @@
|
|||||||
From 911762e077c8b2f9795171c1e628942a0a979801 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jan Grulich <jgrulich@redhat.com>
|
|
||||||
Date: Fri, 15 Dec 2017 11:56:12 +0100
|
|
||||||
Subject: foo
|
|
||||||
|
|
||||||
|
|
||||||
diff --git a/src/plugins/platforms/xcb/qxcbconnection.cpp b/src/plugins/platforms/xcb/qxcbconnection.cpp
|
|
||||||
index 536c709..c6eb1b1 100644
|
|
||||||
--- a/src/plugins/platforms/xcb/qxcbconnection.cpp
|
|
||||||
+++ b/src/plugins/platforms/xcb/qxcbconnection.cpp
|
|
||||||
@@ -111,6 +111,8 @@ Q_LOGGING_CATEGORY(lcQpaXInputEvents, "qt.qpa.input.events")
|
|
||||||
Q_LOGGING_CATEGORY(lcQpaScreen, "qt.qpa.screen")
|
|
||||||
Q_LOGGING_CATEGORY(lcQpaEvents, "qt.qpa.events")
|
|
||||||
Q_LOGGING_CATEGORY(lcQpaXcb, "qt.qpa.xcb") // for general (uncategorized) XCB logging
|
|
||||||
+Q_LOGGING_CATEGORY(lcQpaXcbError, "qt.qpa.xcb.xcberror")
|
|
||||||
+// TODO: How to categorize by xcberror type? (e.g. only BadWindow)
|
|
||||||
Q_LOGGING_CATEGORY(lcQpaPeeker, "qt.qpa.peeker")
|
|
||||||
|
|
||||||
// this event type was added in libxcb 1.10,
|
|
||||||
@@ -964,7 +966,8 @@ void QXcbConnection::handleXcbError(xcb_generic_error_t *error)
|
|
||||||
uint clamped_error_code = qMin<uint>(error->error_code, (sizeof(xcb_errors) / sizeof(xcb_errors[0])) - 1);
|
|
||||||
uint clamped_major_code = qMin<uint>(error->major_code, (sizeof(xcb_protocol_request_codes) / sizeof(xcb_protocol_request_codes[0])) - 1);
|
|
||||||
|
|
||||||
- qWarning("QXcbConnection: XCB error: %d (%s), sequence: %d, resource id: %d, major code: %d (%s), minor code: %d",
|
|
||||||
+ qCWarning(lcQpaXcbError,
|
|
||||||
+ "QXcbConnection: XCB error: %d (%s), sequence: %d, resource id: %d, major code: %d (%s), minor code: %d",
|
|
||||||
int(error->error_code), xcb_errors[clamped_error_code],
|
|
||||||
int(error->sequence), int(error->resource_id),
|
|
||||||
int(error->major_code), xcb_protocol_request_codes[clamped_major_code],
|
|
||||||
diff --git a/src/plugins/platforms/xcb/qxcbconnection.h b/src/plugins/platforms/xcb/qxcbconnection.h
|
|
||||||
index 999dc06..554611c 100644
|
|
||||||
--- a/src/plugins/platforms/xcb/qxcbconnection.h
|
|
||||||
+++ b/src/plugins/platforms/xcb/qxcbconnection.h
|
|
||||||
@@ -91,6 +91,7 @@ Q_DECLARE_LOGGING_CATEGORY(lcQpaXInputEvents)
|
|
||||||
Q_DECLARE_LOGGING_CATEGORY(lcQpaScreen)
|
|
||||||
Q_DECLARE_LOGGING_CATEGORY(lcQpaEvents)
|
|
||||||
Q_DECLARE_LOGGING_CATEGORY(lcQpaXcb)
|
|
||||||
+Q_DECLARE_LOGGING_CATEGORY(lcQpaXcbError)
|
|
||||||
Q_DECLARE_LOGGING_CATEGORY(lcQpaPeeker)
|
|
||||||
|
|
||||||
class QXcbVirtualDesktop;
|
|
Loading…
Reference in New Issue
Block a user