This commit is contained in:
Rex Dieter 2018-01-24 10:56:17 -06:00
parent ad01462fdc
commit ef0f887e51
4 changed files with 8 additions and 60 deletions

3
.gitignore vendored
View File

@ -1,2 +1 @@
/qtbase-opensource-src-5.9.2.tar.xz
/qtbase-opensource-src-5.9.3.tar.xz
/qtbase-opensource-src-5.9.4.tar.xz

View File

@ -54,8 +54,8 @@ BuildRequires: pkgconfig(libsystemd)
Name: qt5-qtbase
Summary: Qt5 - QtBase components
Version: 5.9.3
Release: 2%{?dist}
Version: 5.9.4
Release: 1%{?dist}
# See LGPL_EXCEPTIONS.txt, for exception details
License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -116,7 +116,6 @@ Patch66: qtbase-mariadb.patch
Patch67: https://bugreports.qt.io/secure/attachment/66353/xcberror_filter.patch
## upstream patches (5.9 branch)
Patch100: qtbase-opensource-src-5.9.3-QTBUG-64742-out-of-bounds-in-qdnslookup_unix.patch
# Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
# Those themes are there for platform integration. If the required libraries are
@ -131,8 +130,6 @@ BuildRequires: cups-devel
BuildRequires: desktop-file-utils
BuildRequires: findutils
BuildRequires: libjpeg-devel
BuildRequires: libmng-devel
BuildRequires: libtiff-devel
BuildRequires: pkgconfig(alsa)
# required for -accessibility
BuildRequires: pkgconfig(atspi-2)
@ -363,7 +360,6 @@ Qt5 libraries used for drawing widgets and OpenGL items.
%endif
%patch66 -p1 -b .mariadb
%patch67 -p1 -b .xcberror_filter
%patch100 -p1 -b .QTBUG-64742-out-of-bounds-in-qdnslookup_unix
%if 0%{?inject_optflags}
## adjust $RPM_OPT_FLAGS
@ -523,7 +519,7 @@ translationdir=%{_qt5_translationdir}
Name: Qt5
Description: Qt5 Configuration
Version: 5.9.2
Version: 5.9.4
EOF
# rpm macros
@ -981,6 +977,9 @@ fi
%changelog
* Tue Jan 23 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.9.4-1
- 5.9.4
* Thu Nov 30 2017 Than Ngo <than@redhat.com> - 5.9.3-2
- bz#1518958, backport to fix out of bounds reads in qdnslookup_unix

View File

@ -1,50 +0,0 @@
diff -up qtbase-opensource-src-5.9.3/src/network/kernel/qdnslookup_unix.cpp.orig qtbase-opensource-src-5.9.3/src/network/kernel/qdnslookup_unix.cpp
--- qtbase-opensource-src-5.9.3/src/network/kernel/qdnslookup_unix.cpp.orig 2017-11-16 06:15:28.000000000 +0100
+++ qtbase-opensource-src-5.9.3/src/network/kernel/qdnslookup_unix.cpp 2017-11-30 09:22:47.525741040 +0100
@@ -42,6 +42,7 @@
#if QT_CONFIG(library)
#include <qlibrary.h>
#endif
+#include <qvarlengtharray.h>
#include <qscopedpointer.h>
#include <qurl.h>
#include <private/qnativesocketengine_p.h>
@@ -58,6 +59,8 @@
# include <gnu/lib-names.h>
#endif
+#include <cstring>
+
QT_BEGIN_NAMESPACE
#if QT_CONFIG(library)
@@ -189,11 +192,25 @@ void QDnsLookupRunnable::query(const int
QScopedPointer<struct __res_state, QDnsLookupStateDeleter> state_ptr(&state);
// Perform DNS query.
- unsigned char response[PACKETSZ];
- memset(response, 0, sizeof(response));
- const int responseLength = local_res_nquery(&state, requestName, C_IN, requestType, response, sizeof(response));
+ QVarLengthArray<unsigned char, PACKETSZ> buffer(PACKETSZ);
+ memset(buffer.data(), 0, buffer.size());
+ int responseLength = local_res_nquery(&state, requestName, C_IN, requestType, buffer.data(), buffer.size());
+ if (Q_UNLIKELY(responseLength > PACKETSZ)) {
+ buffer.resize(responseLength);
+ memset(buffer.data(), 0, buffer.size());
+ responseLength = local_res_nquery(&state, requestName, C_IN, requestType, buffer.data(), buffer.size());
+ if (Q_UNLIKELY(responseLength > buffer.size())) {
+ // Ok, we give up.
+ reply->error = QDnsLookup::ResolverError;
+ reply->errorString.clear(); // We cannot be more specific, alas.
+ return;
+ }
+ }
- // Check the response header.
+ unsigned char *response = buffer.data();
+ // Check the response header. Though res_nquery returns -1 as a
+ // responseLength in case of error, we still can extract the
+ // exact error code from the response.
HEADER *header = (HEADER*)response;
const int answerCount = ntohs(header->ancount);
switch (header->rcode) {

View File

@ -1 +1 @@
SHA512 (qtbase-opensource-src-5.9.3.tar.xz) = 256ffb8760e94c0f87790ed35e210d0c9613e14314ff442dd763cc93fbd5caa6c11c95f5d44b12a7687fb93c9f857878132cf6d76e5933f647ca7beb54b18c7c
SHA512 (qtbase-opensource-src-5.9.4.tar.xz) = 82be3af6cbe83458a17a5dc53b9f57e56d9c1dbc1bae11e36c5a44e11b1f4cf62ef609cb775f55bfad7be38fbfeffc9cf12dd557bf7c64cbd26634c024a394dd