diff options
-rw-r--r-- | classes/qmake5_base.bbclass | 8 | ||||
-rw-r--r-- | compat/legacy/recipes-qt/packagegroups/nativesdk-packagegroup-qt5-toolchain-host.bbappend | 1 | ||||
-rw-r--r-- | compat/scarthgap/recipes-qt/packagegroups/nativesdk-packagegroup-qt5-toolchain-host.bbappend | 1 | ||||
-rw-r--r-- | conf/layer.conf | 5 | ||||
-rw-r--r-- | recipes-python/pyqt5/python3-pyqt5_5.15.10.bb | 9 | ||||
-rw-r--r-- | recipes-qt/demo-extrafiles/qt5-demo-extrafiles.bb | 60 | ||||
-rw-r--r-- | recipes-qt/maliit/maliit-framework-qt5_git.bb | 2 | ||||
-rw-r--r-- | recipes-qt/packagegroups/nativesdk-packagegroup-qt5-toolchain-host.bb | 1 | ||||
-rw-r--r-- | recipes-qt/qt-kiosk-browser/qt-kiosk-browser_git.bb | 2 | ||||
-rw-r--r-- | recipes-qt/qt5/nativesdk-qtbase_git.bb | 2 | ||||
-rw-r--r-- | recipes-qt/qt5/ptest/run-ptest | 2 | ||||
-rw-r--r-- | recipes-qt/qt5/qt5-ptest.inc | 4 | ||||
-rw-r--r-- | recipes-qt/qt5/qtbase/CVE-2024-25580.patch | 214 | ||||
-rw-r--r-- | recipes-qt/qt5/qtbase_git.bb | 1 | ||||
-rw-r--r-- | recipes-qt/qt5/qtdeclarative_git.bb | 22 |
15 files changed, 273 insertions, 61 deletions
diff --git a/classes/qmake5_base.bbclass b/classes/qmake5_base.bbclass index cf73f33e..12afd71f 100644 --- a/classes/qmake5_base.bbclass +++ b/classes/qmake5_base.bbclass @@ -50,7 +50,7 @@ inherit qmake5_paths generate_target_qt_config_file() { qtconf="$1" - cat > "${qtconf}" <<EOF + cat > "$qtconf" <<EOF [Paths] Prefix = ${OE_QMAKE_PATH_PREFIX} Headers = ${OE_QMAKE_PATH_HEADERS} @@ -220,9 +220,9 @@ qmake5_base_fix_install() { rm -rf ${D}${STAGING_PATH} # remove empty dirs TMP=`dirname ${D}${STAGING_PATH}` - while test ${TMP} != ${D}; do - rmdir ${TMP} - TMP=`dirname ${TMP}`; + while test $TMP != ${D}; do + rmdir $TMP + TMP=`dirname $TMP`; done fi } diff --git a/compat/legacy/recipes-qt/packagegroups/nativesdk-packagegroup-qt5-toolchain-host.bbappend b/compat/legacy/recipes-qt/packagegroups/nativesdk-packagegroup-qt5-toolchain-host.bbappend deleted file mode 100644 index 228194f4..00000000 --- a/compat/legacy/recipes-qt/packagegroups/nativesdk-packagegroup-qt5-toolchain-host.bbappend +++ /dev/null @@ -1 +0,0 @@ -inherit nativesdk diff --git a/compat/scarthgap/recipes-qt/packagegroups/nativesdk-packagegroup-qt5-toolchain-host.bbappend b/compat/scarthgap/recipes-qt/packagegroups/nativesdk-packagegroup-qt5-toolchain-host.bbappend deleted file mode 100644 index 7efe1aee..00000000 --- a/compat/scarthgap/recipes-qt/packagegroups/nativesdk-packagegroup-qt5-toolchain-host.bbappend +++ /dev/null @@ -1 +0,0 @@ -inherit_defer nativesdk diff --git a/conf/layer.conf b/conf/layer.conf index 08a01dc0..df553799 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -29,7 +29,7 @@ LAYERVERSION_qt5-layer = "1" LAYERDEPENDS_qt5-layer = "core openembedded-layer" -LAYERSERIES_COMPAT_qt5-layer = "scarthgap" +LAYERSERIES_COMPAT_qt5-layer = "styhead" LICENSE_PATH += "${LAYERDIR}/licenses" @@ -39,6 +39,3 @@ QT_GIT_PROJECT ?= "qt" QT_GIT ?= "git://code.qt.io/${QT_GIT_PROJECT}" QT_GIT_PROTOCOL ?= "git" QT_EDITION ?= "opensource" - -# Compatibility handling to support pre-Scarthgap OE releases. -BBFILES += "${LAYERDIR}/compat/${@'scarthgap' if 'scarthgap' in d.getVar('LAYERSERIES_CORENAMES').split() else 'legacy'}/*/*/*.bbappend" diff --git a/recipes-python/pyqt5/python3-pyqt5_5.15.10.bb b/recipes-python/pyqt5/python3-pyqt5_5.15.10.bb index 524acbfa..1d12738f 100644 --- a/recipes-python/pyqt5/python3-pyqt5_5.15.10.bb +++ b/recipes-python/pyqt5/python3-pyqt5_5.15.10.bb @@ -41,17 +41,16 @@ PYQT_MODULES = " \ " do_configure:prepend() { - local i - local extra_args + extra_args="" cd ${S} for i in ${DISABLED_FEATURES}; do - extra_args="${extra_args} --disabled-feature=${i}" + extra_args="$extra_args --disabled-feature=$i" done for i in ${PYQT_MODULES}; do - extra_args="${extra_args} --enable=${i}" + extra_args="$extra_args --enable=$i" done sip-build \ @@ -67,7 +66,7 @@ do_configure:prepend() { --enable=Qt \ --enable=QtCore \ --no-dbus-python \ - ${extra_args} + $extra_args QMAKE_PROFILES=${B}/PyQt5.pro } diff --git a/recipes-qt/demo-extrafiles/qt5-demo-extrafiles.bb b/recipes-qt/demo-extrafiles/qt5-demo-extrafiles.bb index 5986b21c..b67bd3e6 100644 --- a/recipes-qt/demo-extrafiles/qt5-demo-extrafiles.bb +++ b/recipes-qt/demo-extrafiles/qt5-demo-extrafiles.bb @@ -1,8 +1,10 @@ DESCRIPTION = "Extra files for qt5 demo" LICENSE = "LGPL-2.0-only" -S="${WORKDIR}" LIC_FILES_CHKSUM = "file://LICENSE;md5=88355dc91a186cc816d9f64757793895" +S = "${WORKDIR}/sources" +UNPACKDIR = "${S}" + SRC_URI += "file://cinematicexperience.desktop \ file://cinematicexperience.png \ file://hellogl_es2.desktop \ @@ -38,32 +40,32 @@ inherit allarch do_install () { install -d ${D}/${datadir}/pixmaps install -d ${D}/${datadir}/applications - install -m 0644 ${WORKDIR}/cinematicexperience.png ${D}/${datadir}/pixmaps - install -m 0644 ${WORKDIR}/cinematicexperience.desktop ${D}/${datadir}/applications - install -m 0644 ${WORKDIR}/hellogl_es2.png ${D}/${datadir}/pixmaps - install -m 0644 ${WORKDIR}/hellogl_es2.desktop ${D}/${datadir}/applications - install -m 0644 ${WORKDIR}/hellowindow.png ${D}/${datadir}/pixmaps - install -m 0644 ${WORKDIR}/hellowindow.desktop ${D}/${datadir}/applications - install -m 0644 ${WORKDIR}/qt5everywheredemo.png ${D}/${datadir}/pixmaps - install -m 0644 ${WORKDIR}/qt5everywheredemo.desktop ${D}/${datadir}/applications - install -m 0644 ${WORKDIR}/qt5nmapcarousedemo.png ${D}/${datadir}/pixmaps - install -m 0644 ${WORKDIR}/qt5nmapcarousedemo.desktop ${D}/${datadir}/applications - install -m 0644 ${WORKDIR}/qt5nmapper.png ${D}/${datadir}/pixmaps - install -m 0644 ${WORKDIR}/qt5nmapper.desktop ${D}/${datadir}/applications - install -m 0644 ${WORKDIR}/qtledbillboard.png ${D}/${datadir}/pixmaps - install -m 0644 ${WORKDIR}/qtledbillboard.desktop ${D}/${datadir}/applications - install -m 0644 ${WORKDIR}/qtledcombo.png ${D}/${datadir}/pixmaps - install -m 0644 ${WORKDIR}/qtledcombo.desktop ${D}/${datadir}/applications - install -m 0644 ${WORKDIR}/qtsmarthome.png ${D}/${datadir}/pixmaps - install -m 0644 ${WORKDIR}/qtsmarthome.desktop ${D}/${datadir}/applications - install -m 0644 ${WORKDIR}/quitbattery.png ${D}/${datadir}/pixmaps - install -m 0644 ${WORKDIR}/quitbattery.desktop ${D}/${datadir}/applications - install -m 0644 ${WORKDIR}/quitindicators.png ${D}/${datadir}/pixmaps - install -m 0644 ${WORKDIR}/quitindicators.desktop ${D}/${datadir}/applications - install -m 0644 ${WORKDIR}/qt5basket.png ${D}/${datadir}/pixmaps - install -m 0644 ${WORKDIR}/qt5basket.desktop ${D}/${datadir}/applications - install -m 0644 ${WORKDIR}/qt5nesting.png ${D}/${datadir}/pixmaps - install -m 0644 ${WORKDIR}/qt5nesting.desktop ${D}/${datadir}/applications - install -m 0644 ${WORKDIR}/qt5solarsystem.png ${D}/${datadir}/pixmaps - install -m 0644 ${WORKDIR}/qt5solarsystem.desktop ${D}/${datadir}/applications + install -m 0644 ${UNPACKDIR}/cinematicexperience.png ${D}/${datadir}/pixmaps + install -m 0644 ${UNPACKDIR}/cinematicexperience.desktop ${D}/${datadir}/applications + install -m 0644 ${UNPACKDIR}/hellogl_es2.png ${D}/${datadir}/pixmaps + install -m 0644 ${UNPACKDIR}/hellogl_es2.desktop ${D}/${datadir}/applications + install -m 0644 ${UNPACKDIR}/hellowindow.png ${D}/${datadir}/pixmaps + install -m 0644 ${UNPACKDIR}/hellowindow.desktop ${D}/${datadir}/applications + install -m 0644 ${UNPACKDIR}/qt5everywheredemo.png ${D}/${datadir}/pixmaps + install -m 0644 ${UNPACKDIR}/qt5everywheredemo.desktop ${D}/${datadir}/applications + install -m 0644 ${UNPACKDIR}/qt5nmapcarousedemo.png ${D}/${datadir}/pixmaps + install -m 0644 ${UNPACKDIR}/qt5nmapcarousedemo.desktop ${D}/${datadir}/applications + install -m 0644 ${UNPACKDIR}/qt5nmapper.png ${D}/${datadir}/pixmaps + install -m 0644 ${UNPACKDIR}/qt5nmapper.desktop ${D}/${datadir}/applications + install -m 0644 ${UNPACKDIR}/qtledbillboard.png ${D}/${datadir}/pixmaps + install -m 0644 ${UNPACKDIR}/qtledbillboard.desktop ${D}/${datadir}/applications + install -m 0644 ${UNPACKDIR}/qtledcombo.png ${D}/${datadir}/pixmaps + install -m 0644 ${UNPACKDIR}/qtledcombo.desktop ${D}/${datadir}/applications + install -m 0644 ${UNPACKDIR}/qtsmarthome.png ${D}/${datadir}/pixmaps + install -m 0644 ${UNPACKDIR}/qtsmarthome.desktop ${D}/${datadir}/applications + install -m 0644 ${UNPACKDIR}/quitbattery.png ${D}/${datadir}/pixmaps + install -m 0644 ${UNPACKDIR}/quitbattery.desktop ${D}/${datadir}/applications + install -m 0644 ${UNPACKDIR}/quitindicators.png ${D}/${datadir}/pixmaps + install -m 0644 ${UNPACKDIR}/quitindicators.desktop ${D}/${datadir}/applications + install -m 0644 ${UNPACKDIR}/qt5basket.png ${D}/${datadir}/pixmaps + install -m 0644 ${UNPACKDIR}/qt5basket.desktop ${D}/${datadir}/applications + install -m 0644 ${UNPACKDIR}/qt5nesting.png ${D}/${datadir}/pixmaps + install -m 0644 ${UNPACKDIR}/qt5nesting.desktop ${D}/${datadir}/applications + install -m 0644 ${UNPACKDIR}/qt5solarsystem.png ${D}/${datadir}/pixmaps + install -m 0644 ${UNPACKDIR}/qt5solarsystem.desktop ${D}/${datadir}/applications } diff --git a/recipes-qt/maliit/maliit-framework-qt5_git.bb b/recipes-qt/maliit/maliit-framework-qt5_git.bb index 1df83e7c..94676578 100644 --- a/recipes-qt/maliit/maliit-framework-qt5_git.bb +++ b/recipes-qt/maliit/maliit-framework-qt5_git.bb @@ -72,7 +72,7 @@ do_install:append() { sed -i -e "s|/usr|${STAGING_DIR_TARGET}${prefix}|" ${D}/${OE_QMAKE_PATH_QT_ARCHDATA}/mkspecs/features/maliit-plugins.prf install -d ${D}${datadir}/applications - install -m 644 ${WORKDIR}/maliit-server.desktop ${D}${datadir}/applications + install -m 644 ${UNPACKDIR}/maliit-server.desktop ${D}${datadir}/applications } pkg_postinst_ontarget:${PN} () { diff --git a/recipes-qt/packagegroups/nativesdk-packagegroup-qt5-toolchain-host.bb b/recipes-qt/packagegroups/nativesdk-packagegroup-qt5-toolchain-host.bb index 531bb14b..5ad0cedd 100644 --- a/recipes-qt/packagegroups/nativesdk-packagegroup-qt5-toolchain-host.bb +++ b/recipes-qt/packagegroups/nativesdk-packagegroup-qt5-toolchain-host.bb @@ -4,6 +4,7 @@ SUMMARY = "Host packages for the Qt5 standalone SDK or external toolchain" LICENSE = "MIT" inherit packagegroup +inherit_defer nativesdk PACKAGEGROUP_DISABLE_COMPLEMENTARY = "1" diff --git a/recipes-qt/qt-kiosk-browser/qt-kiosk-browser_git.bb b/recipes-qt/qt-kiosk-browser/qt-kiosk-browser_git.bb index 60b6e428..cf61eed8 100644 --- a/recipes-qt/qt-kiosk-browser/qt-kiosk-browser_git.bb +++ b/recipes-qt/qt-kiosk-browser/qt-kiosk-browser_git.bb @@ -24,7 +24,7 @@ inherit qmake5 EXTRA_QMAKEVARS_PRE += "PREFIX=${prefix}" do_install:append() { - install -Dm 0644 ${WORKDIR}/${PN}.conf ${D}${sysconfdir}/${PN}.conf + install -Dm 0644 ${UNPACKDIR}/${PN}.conf ${D}${sysconfdir}/${PN}.conf } RDEPENDS:${PN} += " \ diff --git a/recipes-qt/qt5/nativesdk-qtbase_git.bb b/recipes-qt/qt5/nativesdk-qtbase_git.bb index 1a5cfcc9..c7619db2 100644 --- a/recipes-qt/qt5/nativesdk-qtbase_git.bb +++ b/recipes-qt/qt5/nativesdk-qtbase_git.bb @@ -161,7 +161,7 @@ do_install() { # Install CMake's toolchain configuration mkdir -p ${D}${datadir}/cmake/OEToolchainConfig.cmake.d/ - install -m 644 ${WORKDIR}/OEQt5Toolchain.cmake ${D}${datadir}/cmake/OEToolchainConfig.cmake.d/ + install -m 644 ${UNPACKDIR}/OEQt5Toolchain.cmake ${D}${datadir}/cmake/OEToolchainConfig.cmake.d/ # Fix up absolute paths in scripts sed -i -e '1s,#!/usr/bin/python,#! ${USRBINPATH}/env python,' \ diff --git a/recipes-qt/qt5/ptest/run-ptest b/recipes-qt/qt5/ptest/run-ptest index 044f834d..46fb4464 100644 --- a/recipes-qt/qt5/ptest/run-ptest +++ b/recipes-qt/qt5/ptest/run-ptest @@ -1,6 +1,6 @@ #!/bin/sh for x in ` awk '{print $1}' tst_list `;do - ./${x}; + ./$x; done diff --git a/recipes-qt/qt5/qt5-ptest.inc b/recipes-qt/qt5/qt5-ptest.inc index 75d71ba9..40d2dce8 100644 --- a/recipes-qt/qt5/qt5-ptest.inc +++ b/recipes-qt/qt5/qt5-ptest.inc @@ -19,8 +19,8 @@ fakeroot do_install_ptest() { t=${D}${PTEST_PATH} for var in ` find ${B}/tests/auto/ -name tst_*`; do if [ -z ` echo ${var##*/} | grep '\.'` ]; then - echo ${var##*/} >> ${t}/tst_list - install -m 0744 ${var} ${t} + echo ${var##*/} >> $t/tst_list + install -m 0744 $var $t fi done } diff --git a/recipes-qt/qt5/qtbase/CVE-2024-25580.patch b/recipes-qt/qt5/qtbase/CVE-2024-25580.patch new file mode 100644 index 00000000..0d9c1b7e --- /dev/null +++ b/recipes-qt/qt5/qtbase/CVE-2024-25580.patch @@ -0,0 +1,214 @@ +From 28ecb523ce8490bff38b251b3df703c72e057519 Mon Sep 17 00:00:00 2001 +From: Jonas Karlsson <jonas.karlsson@qt.io> +Date: Thu, 8 Feb 2024 17:01:05 +0100 +Subject: [PATCH] CVE-2024-25580: qtbase: Improve KTX file reading memory safety + +Upstream-Status: Backport from https://download.qt.io/official_releases/qt/5.15/CVE-2024-25580-qtbase-5.15.diff +CVE: CVE-2024-25580 + +Signed-off-by: Rohini Sangam <rsangam@mvista.com> +--- + src/gui/util/qktxhandler.cpp | 138 +++++++++++++++++++++++++++-------- + src/gui/util/qktxhandler_p.h | 2 +- + 2 files changed, 110 insertions(+), 30 deletions(-) + +diff --git a/src/gui/util/qktxhandler.cpp b/src/gui/util/qktxhandler.cpp +index 7eda4c46fb..2853e46c3d 100644 +--- a/src/gui/util/qktxhandler.cpp ++++ b/src/gui/util/qktxhandler.cpp +@@ -73,7 +73,7 @@ struct KTXHeader { + quint32 bytesOfKeyValueData; + }; + +-static const quint32 headerSize = sizeof(KTXHeader); ++static constexpr quint32 qktxh_headerSize = sizeof(KTXHeader); + + // Currently unused, declared for future reference + struct KTXKeyValuePairItem { +@@ -103,11 +103,36 @@ struct KTXMipmapLevel { + */ + }; + +-bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block) ++static bool qAddOverflow(quint32 v1, quint32 v2, quint32 *r) { ++ // unsigned additions are well-defined ++ *r = v1 + v2; ++ return v1 > quint32(v1 + v2); ++} ++ ++// Returns the nearest multiple of 4 greater than or equal to 'value' ++static bool nearestMultipleOf4(quint32 value, quint32 *result) ++{ ++ constexpr quint32 rounding = 4; ++ *result = 0; ++ if (qAddOverflow(value, rounding - 1, result)) ++ return true; ++ *result &= ~(rounding - 1); ++ return false; ++} ++ ++// Returns a slice with prechecked bounds ++static QByteArray safeSlice(const QByteArray& array, quint32 start, quint32 length) + { +- Q_UNUSED(suffix) ++ quint32 end = 0; ++ if (qAddOverflow(start, length, &end) || end > quint32(array.length())) ++ return {}; ++ return QByteArray(array.data() + start, length); ++} + +- return (qstrncmp(block.constData(), ktxIdentifier, KTX_IDENTIFIER_LENGTH) == 0); ++bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block) ++{ ++ Q_UNUSED(suffix); ++ return block.startsWith(QByteArray::fromRawData(ktxIdentifier, KTX_IDENTIFIER_LENGTH)); + } + + QTextureFileData QKtxHandler::read() +@@ -115,42 +140,97 @@ QTextureFileData QKtxHandler::read() + if (!device()) + return QTextureFileData(); + +- QByteArray buf = device()->readAll(); +- const quint32 dataSize = quint32(buf.size()); +- if (dataSize < headerSize || !canRead(QByteArray(), buf)) { +- qCDebug(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData()); ++ const QByteArray buf = device()->readAll(); ++ if (size_t(buf.size()) > std::numeric_limits<quint32>::max()) { ++ qWarning(lcQtGuiTextureIO, "Too big KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ if (!canRead(QByteArray(), buf)) { ++ qWarning(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ if (buf.size() < qsizetype(qktxh_headerSize)) { ++ qWarning(lcQtGuiTextureIO, "Invalid KTX header size in %s", logName().constData()); + return QTextureFileData(); + } + +- const KTXHeader *header = reinterpret_cast<const KTXHeader *>(buf.constData()); +- if (!checkHeader(*header)) { +- qCDebug(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData()); ++ KTXHeader header; ++ memcpy(&header, buf.data(), qktxh_headerSize); ++ if (!checkHeader(header)) { ++ qWarning(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData()); + return QTextureFileData(); + } + + QTextureFileData texData; + texData.setData(buf); + +- texData.setSize(QSize(decode(header->pixelWidth), decode(header->pixelHeight))); +- texData.setGLFormat(decode(header->glFormat)); +- texData.setGLInternalFormat(decode(header->glInternalFormat)); +- texData.setGLBaseInternalFormat(decode(header->glBaseInternalFormat)); +- +- texData.setNumLevels(decode(header->numberOfMipmapLevels)); +- quint32 offset = headerSize + decode(header->bytesOfKeyValueData); +- const int maxLevels = qMin(texData.numLevels(), 32); // Cap iterations in case of corrupt file. +- for (int i = 0; i < maxLevels; i++) { +- if (offset + sizeof(KTXMipmapLevel) > dataSize) // Corrupt file; avoid oob read +- break; +- const KTXMipmapLevel *level = reinterpret_cast<const KTXMipmapLevel *>(buf.constData() + offset); +- quint32 levelLen = decode(level->imageSize); +- texData.setDataOffset(offset + sizeof(KTXMipmapLevel::imageSize), i); +- texData.setDataLength(levelLen, i); +- offset += sizeof(KTXMipmapLevel::imageSize) + levelLen + (3 - ((levelLen + 3) % 4)); ++ texData.setSize(QSize(decode(header.pixelWidth), decode(header.pixelHeight))); ++ texData.setGLFormat(decode(header.glFormat)); ++ texData.setGLInternalFormat(decode(header.glInternalFormat)); ++ texData.setGLBaseInternalFormat(decode(header.glBaseInternalFormat)); ++ ++ texData.setNumLevels(decode(header.numberOfMipmapLevels)); ++ ++ const quint32 bytesOfKeyValueData = decode(header.bytesOfKeyValueData); ++ quint32 headerKeyValueSize; ++ if (qAddOverflow(qktxh_headerSize, bytesOfKeyValueData, &headerKeyValueSize)) { ++ qWarning(lcQtGuiTextureIO, "Overflow in size of key value data in header of KTX file %s", ++ logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ if (headerKeyValueSize >= quint32(buf.size())) { ++ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ // Technically, any number of levels is allowed but if the value is bigger than ++ // what is possible in KTX V2 (and what makes sense) we return an error. ++ // maxLevels = log2(max(width, height, depth)) ++ const int maxLevels = (sizeof(quint32) * 8) ++ - qCountLeadingZeroBits(std::max( ++ { header.pixelWidth, header.pixelHeight, header.pixelDepth })); ++ ++ if (texData.numLevels() > maxLevels) { ++ qWarning(lcQtGuiTextureIO, "Too many levels in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ quint32 offset = headerKeyValueSize; ++ for (int level = 0; level < texData.numLevels(); level++) { ++ const auto imageSizeSlice = safeSlice(buf, offset, sizeof(quint32)); ++ if (imageSizeSlice.isEmpty()) { ++ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ const quint32 imageSize = decode(qFromUnaligned<quint32>(imageSizeSlice.data())); ++ offset += sizeof(quint32); // overflow checked indirectly above ++ ++ texData.setDataOffset(offset, level); ++ texData.setDataLength(imageSize, level); ++ ++ // Add image data and padding to offset ++ quint32 padded = 0; ++ if (nearestMultipleOf4(imageSize, &padded)) { ++ qWarning(lcQtGuiTextureIO, "Overflow in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ quint32 offsetNext; ++ if (qAddOverflow(offset, padded, &offsetNext)) { ++ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ offset = offsetNext; + } + + if (!texData.isValid()) { +- qCDebug(lcQtGuiTextureIO, "Invalid values in header of KTX file %s", logName().constData()); ++ qWarning(lcQtGuiTextureIO, "Invalid values in header of KTX file %s", ++ logName().constData()); + return QTextureFileData(); + } + +@@ -191,7 +271,7 @@ bool QKtxHandler::checkHeader(const KTXHeader &header) + (decode(header.numberOfFaces) == 1)); + } + +-quint32 QKtxHandler::decode(quint32 val) ++quint32 QKtxHandler::decode(quint32 val) const + { + return inverseEndian ? qbswap<quint32>(val) : val; + } +diff --git a/src/gui/util/qktxhandler_p.h b/src/gui/util/qktxhandler_p.h +index 19f7b0e79a..8da990aaac 100644 +--- a/src/gui/util/qktxhandler_p.h ++++ b/src/gui/util/qktxhandler_p.h +@@ -68,7 +68,7 @@ public: + + private: + bool checkHeader(const KTXHeader &header); +- quint32 decode(quint32 val); ++ quint32 decode(quint32 val) const; + + bool inverseEndian = false; + }; +-- +2.35.7 + diff --git a/recipes-qt/qt5/qtbase_git.bb b/recipes-qt/qt5/qtbase_git.bb index 5e830f0d..0d4114da 100644 --- a/recipes-qt/qt5/qtbase_git.bb +++ b/recipes-qt/qt5/qtbase_git.bb @@ -49,6 +49,7 @@ SRC_URI += "\ file://0002-CVE-2023-51714-qtbase-5.15.diff \ file://0028-Remove-host-paths-from-qmake.patch \ file://0029-Remove-ptests-with-SRCDIR.patch \ + file://CVE-2024-25580.patch \ " # usually pulled by one of the optional dependencies in PACKAGECONFIG, but with very limited PACKAGECONFIG fails with: diff --git a/recipes-qt/qt5/qtdeclarative_git.bb b/recipes-qt/qt5/qtdeclarative_git.bb index 48a4c697..72d48b5e 100644 --- a/recipes-qt/qt5/qtdeclarative_git.bb +++ b/recipes-qt/qt5/qtdeclarative_git.bb @@ -32,17 +32,17 @@ EXTRA_QMAKEVARS_CONFIGURE += "${PACKAGECONFIG_CONFARGS}" do_install_ptest() { mkdir -p ${D}${PTEST_PATH} for var in `find ${B}/tests/auto/ -name tst_*`; do - case=$(basename ${var}) - if [ -z `echo ${case} | grep '\.'` ]; then - dname=$(dirname ${var}) - pdir=$(basename ${dname}) - echo ${pdir}/${case} >> ${D}${PTEST_PATH}/tst_list - - mkdir ${D}${PTEST_PATH}/${pdir} - install -m 0744 ${var} ${D}${PTEST_PATH}/${pdir} - data_dir=${S}/${dname##${B}}/data - if [ -d ${data_dir} ]; then - cp -r ${data_dir} ${D}${PTEST_PATH}/${pdir} + case=$(basename $var) + if [ -z `echo $case | grep '\.'` ]; then + dname=$(dirname $var) + pdir=$(basename $dname) + echo $pdir/$case >> ${D}${PTEST_PATH}/tst_list + + mkdir ${D}${PTEST_PATH}/$pdir + install -m 0744 $var ${D}${PTEST_PATH}/$pdir + ddir=${S}/${dname##${B}}/data + if [ -d $ddir ]; then + cp -r $ddir ${D}${PTEST_PATH}/$pdir fi fi done |