diff options
Diffstat (limited to 'recipes-qt/qt5/qtbase')
32 files changed, 1428 insertions, 149 deletions
diff --git a/recipes-qt/qt5/qtbase/0001-Add-linux-oe-g-platform.patch b/recipes-qt/qt5/qtbase/0001-Add-linux-oe-g-platform.patch index f8eea812..85789f0d 100644 --- a/recipes-qt/qt5/qtbase/0001-Add-linux-oe-g-platform.patch +++ b/recipes-qt/qt5/qtbase/0001-Add-linux-oe-g-platform.patch @@ -1,4 +1,4 @@ -From 168e5332f1f0dd4000f19b0ced0b1d68a1d65f16 Mon Sep 17 00:00:00 2001 +From 8f7ac021d483eca1b181fd9f0551f317aa7c5965 Mon Sep 17 00:00:00 2001 From: Martin Jansa <Martin.Jansa@gmail.com> Date: Mon, 15 Apr 2013 04:29:32 +0200 Subject: [PATCH] Add linux-oe-g++ platform @@ -19,14 +19,15 @@ Upstream-Status: Inappropriate [embedded specific] Change-Id: I0591ed5da0d61d7cf1509d420e6b293582f1863c Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> + --- configure | 2 +- mkspecs/features/configure.prf | 4 +-- mkspecs/features/qt.prf | 6 ++--- mkspecs/features/qt_functions.prf | 2 +- - mkspecs/linux-oe-g++/qmake.conf | 39 ++++++++++++++++++++++++++++ + mkspecs/linux-oe-g++/qmake.conf | 40 ++++++++++++++++++++++++++++ mkspecs/linux-oe-g++/qplatformdefs.h | 1 + - 6 files changed, 47 insertions(+), 7 deletions(-) + 6 files changed, 48 insertions(+), 7 deletions(-) create mode 100644 mkspecs/linux-oe-g++/qmake.conf create mode 100644 mkspecs/linux-oe-g++/qplatformdefs.h @@ -103,10 +104,10 @@ index 7777e615bd..8d792fa70a 100644 cmd = perl -w $$system_path($${cmd}.pl) diff --git a/mkspecs/linux-oe-g++/qmake.conf b/mkspecs/linux-oe-g++/qmake.conf new file mode 100644 -index 0000000000..c202c47fa1 +index 0000000000..087e13bb91 --- /dev/null +++ b/mkspecs/linux-oe-g++/qmake.conf -@@ -0,0 +1,39 @@ +@@ -0,0 +1,40 @@ +# +# qmake configuration for linux-g++ with modifications for building with OpenEmbedded +# @@ -117,8 +118,9 @@ index 0000000000..c202c47fa1 + +include(../common/linux.conf) + -+# QMAKE_<TOOL> (moc, uic, rcc) are gone, overwrite only ar and strip ++# QMAKE_<TOOL> (moc, uic, rcc) are gone, overwrite only ar, objcopy and strip +QMAKE_AR = $$(OE_QMAKE_AR) cqs ++QMAKE_OBJCOPY = $$(OE_QMAKE_OBJCOPY) +QMAKE_STRIP = $$(OE_QMAKE_STRIP) + +include(../common/gcc-base-unix.conf) diff --git a/recipes-qt/qt5/qtbase/0001-CVE-2023-51714-qtbase-5.15.diff b/recipes-qt/qt5/qtbase/0001-CVE-2023-51714-qtbase-5.15.diff new file mode 100644 index 00000000..c4bafb24 --- /dev/null +++ b/recipes-qt/qt5/qtbase/0001-CVE-2023-51714-qtbase-5.15.diff @@ -0,0 +1,39 @@ +From ea63c28efc1d2ecb467b83a34923d12462efa96f Mon Sep 17 00:00:00 2001 +From: Marc Mutz <marc.mutz@qt.io> +Date: Tue, 12 Dec 2023 20:51:56 +0100 +Subject: [PATCH] HPack: fix a Yoda Condition + +Putting the variable on the LHS of a relational operation makes the +expression easier to read. In this case, we find that the whole +expression is nonsensical as an overflow protection, because if +name.size() + value.size() overflows, the result will exactly _not_ +be > max() - 32, because UB will have happened. + +To be fixed in a follow-up commit. + +As a drive-by, add parentheses around the RHS. + +Change-Id: I35ce598884c37c51b74756b3bd2734b9aad63c09 +Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> +(cherry picked from commit 658607a34ead214fbacbc2cca44915655c318ea9) +Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> +(cherry picked from commit 4f7efd41740107f90960116700e3134f5e433867) +(cherry picked from commit 13c16b756900fe524f6d9534e8a07aa003c05e0c) +(cherry picked from commit 1d4788a39668fb2dc5912a8d9c4272dc40e99f92) +(cherry picked from commit 87de75b5cc946d196decaa6aef4792a6cac0b6db) +--- +Upstream-Status: Backport [658607a34ead214fbacbc2cca44915655c318ea9] + +diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp +index 834214f..ab166a6 100644 +--- a/src/network/access/http2/hpacktable.cpp ++++ b/src/network/access/http2/hpacktable.cpp +@@ -63,7 +63,7 @@ + // 32 octets of overhead." + + const unsigned sum = unsigned(name.size() + value.size()); +- if (std::numeric_limits<unsigned>::max() - 32 < sum) ++ if (sum > (std::numeric_limits<unsigned>::max() - 32)) + return HeaderSize(); + return HeaderSize(true, quint32(sum + 32)); + } diff --git a/recipes-qt/qt5/qtbase/0002-CVE-2023-51714-qtbase-5.15.diff b/recipes-qt/qt5/qtbase/0002-CVE-2023-51714-qtbase-5.15.diff new file mode 100644 index 00000000..78c72536 --- /dev/null +++ b/recipes-qt/qt5/qtbase/0002-CVE-2023-51714-qtbase-5.15.diff @@ -0,0 +1,60 @@ +From 23c3fc483e8b6e21012a61f0bea884446f727776 Mon Sep 17 00:00:00 2001 +From: Marc Mutz <marc.mutz@qt.io> +Date: Tue, 12 Dec 2023 22:08:07 +0100 +Subject: [PATCH] HPack: fix incorrect integer overflow check + +This code never worked: + +For the comparison with max() - 32 to trigger, on 32-bit platforms (or +Qt 5) signed interger overflow would have had to happen in the +addition of the two sizes. The compiler can therefore remove the +overflow check as dead code. + +On Qt 6 and 64-bit platforms, the signed integer addition would be +very unlikely to overflow, but the following truncation to uint32 +would yield the correct result only in a narrow 32-value window just +below UINT_MAX, if even that. + +Fix by using the proper tool, qAddOverflow. + +Manual conflict resolutions: + - qAddOverflow doesn't exist in Qt 5, use private add_overflow + predecessor API instead + +Change-Id: I7599f2e75ff7f488077b0c60b81022591005661c +Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> +(cherry picked from commit ee5da1f2eaf8932aeca02ffea6e4c618585e29e3) +Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> +(cherry picked from commit debeb8878da2dc706ead04b6072ecbe7e5313860) +Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> +Reviewed-by: Marc Mutz <marc.mutz@qt.io> +(cherry picked from commit 811b9eef6d08d929af8708adbf2a5effb0eb62d7) +(cherry picked from commit f931facd077ce945f1e42eaa3bead208822d3e00) +(cherry picked from commit 9ef4ca5ecfed771dab890856130e93ef5ceabef5) +Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> +--- +Upstream-Status: Backport [ee5da1f2eaf8932aeca02ffea6e4c618585e29e3] + +diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp +index ab166a6..de91fc0 100644 +--- a/src/network/access/http2/hpacktable.cpp ++++ b/src/network/access/http2/hpacktable.cpp +@@ -40,6 +40,7 @@ + #include "hpacktable_p.h" + + #include <QtCore/qdebug.h> ++#include <QtCore/private/qnumeric_p.h> + + #include <algorithm> + #include <cstddef> +@@ -62,7 +63,9 @@ + // for counting the number of references to the name and value would have + // 32 octets of overhead." + +- const unsigned sum = unsigned(name.size() + value.size()); ++ size_t sum; ++ if (add_overflow(size_t(name.size()), size_t(value.size()), &sum)) ++ return HeaderSize(); + if (sum > (std::numeric_limits<unsigned>::max() - 32)) + return HeaderSize(); + return HeaderSize(true, quint32(sum + 32)); diff --git a/recipes-qt/qt5/qtbase/0004-configure-bump-path-length-from-256-to-512-character.patch b/recipes-qt/qt5/qtbase/0004-configure-bump-path-length-from-256-to-512-character.patch index c88e7ddd..ccac9b69 100644 --- a/recipes-qt/qt5/qtbase/0004-configure-bump-path-length-from-256-to-512-character.patch +++ b/recipes-qt/qt5/qtbase/0004-configure-bump-path-length-from-256-to-512-character.patch @@ -10,6 +10,7 @@ Also update length of EXT_PREFIX and HOST_PREFIX now. Change-Id: If98dd57160efe9c98c36148cdf872f50b3d38118 Signed-off-by: Denys Dmytriyenko <denys@ti.com> +Upstream-Status: Pending --- configure.pri | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/recipes-qt/qt5/qtbase/0005-Disable-all-unknown-features-instead-of-erroring-out.patch b/recipes-qt/qt5/qtbase/0005-Disable-all-unknown-features-instead-of-erroring-out.patch index 4be2e746..136b4ce1 100644 --- a/recipes-qt/qt5/qtbase/0005-Disable-all-unknown-features-instead-of-erroring-out.patch +++ b/recipes-qt/qt5/qtbase/0005-Disable-all-unknown-features-instead-of-erroring-out.patch @@ -5,6 +5,8 @@ Subject: [PATCH] Disable all unknown features instead of erroring out Task-number: QTBUG-56656 Change-Id: Ib884fe33cac74439f9592b145937f6b75ced8447 +Upstream-Status: Pending +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> --- mkspecs/features/qt_configure.prf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/recipes-qt/qt5/qtbase/0005-testlib-don-t-track-the-build-or-source-directories.patch b/recipes-qt/qt5/qtbase/0005-testlib-don-t-track-the-build-or-source-directories.patch deleted file mode 100644 index ec8bd4aa..00000000 --- a/recipes-qt/qt5/qtbase/0005-testlib-don-t-track-the-build-or-source-directories.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 07f7e1ae76b24ba64cd87726c438638a8fa3eba0 Mon Sep 17 00:00:00 2001 -From: Samuli Piippo <samuli.piippo@qt.io> -Date: Mon, 22 Aug 2022 15:01:28 +0300 -Subject: [PATCH] testlib: don't track the build or source directories - -Build tests without location of the build and sources directories. - -Upstream-Status: Inappropriate [embedded specific] -Change-Id: I8d5add473623a3d9f481097649819c9fb906e4b2 ---- - src/testlib/CMakeLists.txt | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/testlib/CMakeLists.txt b/src/testlib/CMakeLists.txt -index 03deb2edc9..972b366532 100644 ---- a/src/testlib/CMakeLists.txt -+++ b/src/testlib/CMakeLists.txt -@@ -125,8 +125,8 @@ set(qt_tc_build_dir_def - "$<IF:${qt_bool_tc_build_dir},${qt_tc_build_dir},$<TARGET_PROPERTY:BINARY_DIR>>" - ) - set_property(TARGET Test APPEND PROPERTY INTERFACE_COMPILE_DEFINITIONS -- QT_TESTCASE_BUILDDIR="${qt_tc_build_dir_def}" -- QT_TESTCASE_SOURCEDIR="$<TARGET_PROPERTY:SOURCE_DIR>" -+ QT_TESTCASE_BUILDDIR="" -+ QT_TESTCASE_SOURCEDIR="" - ) - - # special case begin diff --git a/recipes-qt/qt5/qtbase/0007-Delete-qlonglong-and-qulonglong.patch b/recipes-qt/qt5/qtbase/0007-Delete-qlonglong-and-qulonglong.patch index c057d03f..3210f2c8 100644 --- a/recipes-qt/qt5/qtbase/0007-Delete-qlonglong-and-qulonglong.patch +++ b/recipes-qt/qt5/qtbase/0007-Delete-qlonglong-and-qulonglong.patch @@ -4,6 +4,7 @@ Date: Wed, 7 Jun 2017 21:00:49 +0900 Subject: [PATCH] Delete qlonglong and qulonglong Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> +Upstream-Status: Pending --- tests/auto/corelib/thread/qatomicinteger/qatomicinteger.pro | 2 -- 1 file changed, 2 deletions(-) diff --git a/recipes-qt/qt5/qtbase/0008-Replace-pthread_yield-with-sched_yield.patch b/recipes-qt/qt5/qtbase/0008-Replace-pthread_yield-with-sched_yield.patch deleted file mode 100644 index b338170e..00000000 --- a/recipes-qt/qt5/qtbase/0008-Replace-pthread_yield-with-sched_yield.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 2bb8b79b41eed87b843eb0159d6fa21a92c4c152 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Thu, 27 Jul 2017 08:02:51 -0700 -Subject: [PATCH] Replace pthread_yield with sched_yield - -On Linux pthead_yield is same as sched_yield implementation wise -and sched_yield is available on all libc -implementations on Linux - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - tests/auto/corelib/kernel/qmetatype/tst_qmetatype.cpp | 4 ++-- - tests/auto/network/socket/qtcpsocket/tst_qtcpsocket.cpp | 5 +++-- - 2 files changed, 5 insertions(+), 4 deletions(-) - -diff --git a/tests/auto/corelib/kernel/qmetatype/tst_qmetatype.cpp b/tests/auto/corelib/kernel/qmetatype/tst_qmetatype.cpp -index 19b3289390..4d0cdf8b5f 100644 ---- a/tests/auto/corelib/kernel/qmetatype/tst_qmetatype.cpp -+++ b/tests/auto/corelib/kernel/qmetatype/tst_qmetatype.cpp -@@ -35,7 +35,7 @@ - #include "tst_qvariant_common.h" - - #ifdef Q_OS_LINUX --# include <pthread.h> -+# include <sched.h> - #endif - - #include <algorithm> -@@ -369,7 +369,7 @@ protected: - const char *nm = name.constData(); - int tp = qRegisterMetaType<Bar>(nm); - #if defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID) -- pthread_yield(); -+ sched_yield(); - #endif - QMetaType info(tp); - if (!info.isValid()) { -diff --git a/tests/auto/network/socket/qtcpsocket/tst_qtcpsocket.cpp b/tests/auto/network/socket/qtcpsocket/tst_qtcpsocket.cpp -index e397e80fe0..cdb7893e56 100644 ---- a/tests/auto/network/socket/qtcpsocket/tst_qtcpsocket.cpp -+++ b/tests/auto/network/socket/qtcpsocket/tst_qtcpsocket.cpp -@@ -78,6 +78,7 @@ - #include <stdlib.h> - #include <sys/stat.h> - #include <unistd.h> -+#include <sched.h> - #endif - - #include <memory> -@@ -2200,8 +2201,8 @@ public slots: - - #if defined(Q_OS_MAC) - pthread_yield_np(); --#elif defined Q_OS_LINUX && !defined Q_OS_ANDROID -- pthread_yield(); -+#elif defined Q_OS_LINUX -+ sched_yield(); - #endif - if (!sock->waitForConnected()) { - networkTimeout = true; diff --git a/recipes-qt/qt5/qtbase/0009-Add-OE-specific-specs-for-clang-compiler.patch b/recipes-qt/qt5/qtbase/0009-Add-OE-specific-specs-for-clang-compiler.patch index 3457c53f..3cebfc11 100644 --- a/recipes-qt/qt5/qtbase/0009-Add-OE-specific-specs-for-clang-compiler.patch +++ b/recipes-qt/qt5/qtbase/0009-Add-OE-specific-specs-for-clang-compiler.patch @@ -1,22 +1,23 @@ -From d47ae4638bf698c39225ff94dfb9f03ba4261b42 Mon Sep 17 00:00:00 2001 +From 9bf5632187b8f17cc0d626926df2784c38059875 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Sun, 3 Sep 2017 09:11:44 -0700 Subject: [PATCH] Add OE specific specs for clang compiler Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Pending --- - mkspecs/linux-oe-clang/qmake.conf | 39 ++++++++++++++++++++++++++ + mkspecs/linux-oe-clang/qmake.conf | 40 ++++++++++++++++++++++++++ mkspecs/linux-oe-clang/qplatformdefs.h | 1 + - 2 files changed, 40 insertions(+) + 2 files changed, 41 insertions(+) create mode 100644 mkspecs/linux-oe-clang/qmake.conf create mode 100644 mkspecs/linux-oe-clang/qplatformdefs.h diff --git a/mkspecs/linux-oe-clang/qmake.conf b/mkspecs/linux-oe-clang/qmake.conf new file mode 100644 -index 0000000000..db02ab5215 +index 0000000000..c09b132ac8 --- /dev/null +++ b/mkspecs/linux-oe-clang/qmake.conf -@@ -0,0 +1,39 @@ +@@ -0,0 +1,40 @@ +# +# qmake configuration for linux-g++ with modifications for building with OpenEmbedded +# @@ -27,8 +28,9 @@ index 0000000000..db02ab5215 + +include(../common/linux.conf) + -+# QMAKE_<TOOL> (moc, uic, rcc) are gone, overwrite only ar and strip ++# QMAKE_<TOOL> (moc, uic, rcc) are gone, overwrite only ar, objcopy and strip +QMAKE_AR = $$(OE_QMAKE_AR) cqs ++QMAKE_OBJCOPY = $$(OE_QMAKE_OBJCOPY) +QMAKE_STRIP = $$(OE_QMAKE_STRIP) + +include(../common/gcc-base-unix.conf) diff --git a/recipes-qt/qt5/qtbase/0010-linux-clang-Invert-conditional-for-defining-QT_SOCKL.patch b/recipes-qt/qt5/qtbase/0010-linux-clang-Invert-conditional-for-defining-QT_SOCKL.patch index 9907952c..6279dc57 100644 --- a/recipes-qt/qt5/qtbase/0010-linux-clang-Invert-conditional-for-defining-QT_SOCKL.patch +++ b/recipes-qt/qt5/qtbase/0010-linux-clang-Invert-conditional-for-defining-QT_SOCKL.patch @@ -8,6 +8,7 @@ only when its glibc < 2 and not for other libcswhich may define it as per standards but are not glibc, e.g. musl Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Pending --- mkspecs/linux-clang/qplatformdefs.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/recipes-qt/qt5/qtbase/0011-tst_qlocale-Enable-QT_USE_FENV-only-on-glibc.patch b/recipes-qt/qt5/qtbase/0011-tst_qlocale-Enable-QT_USE_FENV-only-on-glibc.patch index 704265ca..561cda05 100644 --- a/recipes-qt/qt5/qtbase/0011-tst_qlocale-Enable-QT_USE_FENV-only-on-glibc.patch +++ b/recipes-qt/qt5/qtbase/0011-tst_qlocale-Enable-QT_USE_FENV-only-on-glibc.patch @@ -6,6 +6,7 @@ Subject: [PATCH] tst_qlocale: Enable QT_USE_FENV only on glibc musl does not have feenableexcept function Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Pending --- tests/auto/corelib/text/qlocale/tst_qlocale.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-qt/qt5/qtbase/0012-Disable-ltcg-for-host_build.patch b/recipes-qt/qt5/qtbase/0012-Disable-ltcg-for-host_build.patch index 8ecfa4f1..66945d21 100644 --- a/recipes-qt/qt5/qtbase/0012-Disable-ltcg-for-host_build.patch +++ b/recipes-qt/qt5/qtbase/0012-Disable-ltcg-for-host_build.patch @@ -10,6 +10,7 @@ into debug packages. Task-number: QTBUG-71230 Upstream-Status: Inappropriate [embedded specific] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> --- mkspecs/features/ltcg.prf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-qt/qt5/qtbase/0016-tst_qpainter-FE_-macros-are-not-defined-for-every-pl.patch b/recipes-qt/qt5/qtbase/0016-tst_qpainter-FE_-macros-are-not-defined-for-every-pl.patch index 06ee7c78..aa11a4be 100644 --- a/recipes-qt/qt5/qtbase/0016-tst_qpainter-FE_-macros-are-not-defined-for-every-pl.patch +++ b/recipes-qt/qt5/qtbase/0016-tst_qpainter-FE_-macros-are-not-defined-for-every-pl.patch @@ -7,7 +7,7 @@ the FE_INEXACT, FE_UNDERFLOW, FE_OVERFLOW, FE_DIVBYZERO, FE_INVALID are defined only for platforms with fp engine. Signed-off-by: Nicola Lunghi <nick83ola@gmail.com> -Upstream-Status: submitted [https://codereview.qt-project.org/c/qt/qtbase/+/289447] +Upstream-Status: Submitted [https://codereview.qt-project.org/c/qt/qtbase/+/289447] --- .../gui/painting/qpainter/tst_qpainter.cpp | 50 ++++++++++++++----- 1 file changed, 37 insertions(+), 13 deletions(-) diff --git a/recipes-qt/qt5/qtbase/0018-Revert-Fix-workaround-in-pthread-destructor.patch b/recipes-qt/qt5/qtbase/0018-Revert-Fix-workaround-in-pthread-destructor.patch index 63dbbaf0..93a4a6ba 100644 --- a/recipes-qt/qt5/qtbase/0018-Revert-Fix-workaround-in-pthread-destructor.patch +++ b/recipes-qt/qt5/qtbase/0018-Revert-Fix-workaround-in-pthread-destructor.patch @@ -16,6 +16,9 @@ causing build failures in configurations which use this | /home/jenkins/workspace/luneos-unstable/webos-ports/tmp-glibc/work/cortexa8t2hf-neon-halium-webos-linux-gnueabi/qtbase/5.15.2+gitAUTOINC+40143c189b-r0/git/src/corelib/thread/qthread_unix.cpp:121:5: error: 'currentThreadData' was not declared in this scope | 121 | currentThreadData = data; | | ^~~~~~~~~~~~~~~~~ + +Upstream-Status: Pending +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> --- src/corelib/thread/qthread_unix.cpp | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/recipes-qt/qt5/qtbase/0020-qbytearraymatcher-Include-limits-header.patch b/recipes-qt/qt5/qtbase/0020-qbytearraymatcher-Include-limits-header.patch deleted file mode 100644 index 4054f841..00000000 --- a/recipes-qt/qt5/qtbase/0020-qbytearraymatcher-Include-limits-header.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 36691306941c8835a5c77d8a7170f04c3e432a08 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 2 Mar 2021 13:18:47 -0800 -Subject: [PATCH] qbytearraymatcher: Include <limits> header - -gcc11 complains - error: 'numeric_limits' is not a class template - | 344 | template<> class numeric_limits<const QT_PREPEND_NAMESPACE(qfloat16)> - -This is because its missing right header which perhaps is included -implicitly in older compilers - -Change-Id: Ic4e697c8a4c1b6b5448ba56f1749ae7293125ccd -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> ---- - src/corelib/text/qbytearraymatcher.h | 1 + - src/corelib/tools/qoffsetstringarray_p.h | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/src/corelib/text/qbytearraymatcher.h b/src/corelib/text/qbytearraymatcher.h -index 0eedfc1d20..7b80e2becd 100644 ---- a/src/corelib/text/qbytearraymatcher.h -+++ b/src/corelib/text/qbytearraymatcher.h -@@ -40,6 +40,7 @@ - #ifndef QBYTEARRAYMATCHER_H - #define QBYTEARRAYMATCHER_H - -+#include <limits> - #include <QtCore/qbytearray.h> - - QT_BEGIN_NAMESPACE -diff --git a/src/corelib/tools/qoffsetstringarray_p.h b/src/corelib/tools/qoffsetstringarray_p.h -index 4dd9e9603b..e26a57ff43 100644 ---- a/src/corelib/tools/qoffsetstringarray_p.h -+++ b/src/corelib/tools/qoffsetstringarray_p.h -@@ -55,6 +55,7 @@ - - #include <tuple> - #include <array> -+#include <limits> - - QT_BEGIN_NAMESPACE - diff --git a/recipes-qt/qt5/qtbase/0021-rcc-Just-dcument-file-name-without-full-path-to-redu.patch b/recipes-qt/qt5/qtbase/0021-rcc-Just-dcument-file-name-without-full-path-to-redu.patch new file mode 100644 index 00000000..521e6cc3 --- /dev/null +++ b/recipes-qt/qt5/qtbase/0021-rcc-Just-dcument-file-name-without-full-path-to-redu.patch @@ -0,0 +1,29 @@ +From a2b11501812e0e34bd49b1950bac52dadd4e3cff Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@gmail.com> +Date: Sat, 15 Oct 2022 15:50:34 +0200 +Subject: [PATCH] rcc: Just dcument file name without full path to reduce qa + warnings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Upstream-Status: Inappropriate [OE specific] + +Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> +--- + src/tools/rcc/rcc.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tools/rcc/rcc.cpp b/src/tools/rcc/rcc.cpp +index c5e3d2ae4c..2d76cfd081 100644 +--- a/src/tools/rcc/rcc.cpp ++++ b/src/tools/rcc/rcc.cpp +@@ -344,7 +344,7 @@ qint64 RCCFileInfo::writeDataBlob(RCCResourceLibrary &lib, qint64 offset, + // some info + if (text || pass1) { + lib.writeString(" // "); +- lib.writeByteArray(m_fileInfo.absoluteFilePath().toLocal8Bit()); ++ lib.writeByteArray(m_fileInfo.baseName().toLocal8Bit()); + lib.writeString("\n "); + } + diff --git a/recipes-qt/qt5/qtbase/0022-testlib-don-t-track-the-build-or-source-directories.patch b/recipes-qt/qt5/qtbase/0022-testlib-don-t-track-the-build-or-source-directories.patch new file mode 100644 index 00000000..f16afed5 --- /dev/null +++ b/recipes-qt/qt5/qtbase/0022-testlib-don-t-track-the-build-or-source-directories.patch @@ -0,0 +1,32 @@ +From 7d4da27df6ab641390de75dd7c04b755295a653b Mon Sep 17 00:00:00 2001 +From: Samuli Piippo <samuli.piippo@qt.io> +Date: Mon, 22 Aug 2022 15:01:28 +0300 +Subject: [PATCH] testlib: don't track the build or source directories + +Build tests without location of the build and sources directories. + +Upstream-Status: Inappropriate [embedded specific] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +Change-Id: I8d5add473623a3d9f481097649819c9fb906e4b2 +--- + mkspecs/features/testlib_defines.prf | 2 -- + src/testlib/Qt5TestConfigExtras.cmake.in | 5 ----- + 2 files changed, 7 deletions(-) + +diff --git a/mkspecs/features/testlib_defines.prf b/mkspecs/features/testlib_defines.prf +index 901e03a91d..e69de29bb2 100644 +--- a/mkspecs/features/testlib_defines.prf ++++ b/mkspecs/features/testlib_defines.prf +@@ -1,2 +0,0 @@ +-contains(TEMPLATE, vc.*): DEFINES += QT_TESTCASE_BUILDDIR=\"$$OUT_PWD\" +-else: DEFINES += QT_TESTCASE_BUILDDIR=$$shell_quote(\"$$OUT_PWD\") +diff --git a/src/testlib/Qt5TestConfigExtras.cmake.in b/src/testlib/Qt5TestConfigExtras.cmake.in +index 2a575958ae..e69de29bb2 100644 +--- a/src/testlib/Qt5TestConfigExtras.cmake.in ++++ b/src/testlib/Qt5TestConfigExtras.cmake.in +@@ -1,5 +0,0 @@ +- +-set_property(TARGET Qt5::Test +- APPEND PROPERTY +- INTERFACE_COMPILE_DEFINITIONS QT_TESTCASE_BUILDDIR=\\\"\${CMAKE_BINARY_DIR}\\\" +-) diff --git a/recipes-qt/qt5/qtbase/0021-Always-build-uic-and-qvkgen.patch b/recipes-qt/qt5/qtbase/0023-Always-build-uic-and-qvkgen.patch index 5c878d72..7a100a69 100644 --- a/recipes-qt/qt5/qtbase/0021-Always-build-uic-and-qvkgen.patch +++ b/recipes-qt/qt5/qtbase/0023-Always-build-uic-and-qvkgen.patch @@ -1,4 +1,4 @@ -From 418c46b025edadc142ac60a6eb4c553dad19efed Mon Sep 17 00:00:00 2001 +From 5f415fb09ea64765e60d1d52721064f53545a413 Mon Sep 17 00:00:00 2001 From: Martin Jansa <Martin.Jansa@gmail.com> Date: Sat, 16 Nov 2013 00:32:30 +0100 Subject: [PATCH] Always build uic and qvkgen @@ -9,6 +9,7 @@ as a native tool when compiling the target. Change-Id: I257668ac28c22b192e7ec7736e6c23fa3be6bab6 Signed-off-by: Mikko Levonmaa <mikko.levonmaa@palm.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +Upstream-Status: Pending --- src/src.pro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-qt/qt5/qtbase/0023-Remove-unsetting-_FILE_OFFSET_BITS.patch b/recipes-qt/qt5/qtbase/0023-Remove-unsetting-_FILE_OFFSET_BITS.patch new file mode 100644 index 00000000..423db6e4 --- /dev/null +++ b/recipes-qt/qt5/qtbase/0023-Remove-unsetting-_FILE_OFFSET_BITS.patch @@ -0,0 +1,26 @@ +Remove unsetting _FILE_OFFSET_BITS +This does not work when enabling 64bit time_t with glibc which is +enabled with -D_TIME_BITS=64, since it also needs +_FILE_OFFSET_BITS=64 and this does not work when its undefined +explicitly + +Upstream-Status: Submitted [https://github.com/madler/zlib/pull/764] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- a/src/3rdparty/zlib/src/gzguts.h ++++ b/src/3rdparty/zlib/src/gzguts.h +@@ -22,15 +22,6 @@ + #define HAVE_HIDDEN + #endif + +-#ifdef _LARGEFILE64_SOURCE +-# ifndef _LARGEFILE_SOURCE +-# define _LARGEFILE_SOURCE 1 +-# endif +-# ifdef _FILE_OFFSET_BITS +-# undef _FILE_OFFSET_BITS +-# endif +-#endif +- + #ifdef HAVE_HIDDEN + # define ZLIB_INTERNAL __attribute__((visibility ("hidden"))) + #else diff --git a/recipes-qt/qt5/qtbase/0022-Avoid-renameeat2-for-native-sdk-builds.patch b/recipes-qt/qt5/qtbase/0024-Avoid-renameeat2-for-native-sdk-builds.patch index fab399a2..97e4ff6c 100644 --- a/recipes-qt/qt5/qtbase/0022-Avoid-renameeat2-for-native-sdk-builds.patch +++ b/recipes-qt/qt5/qtbase/0024-Avoid-renameeat2-for-native-sdk-builds.patch @@ -1,4 +1,4 @@ -From 9ff02d5ebc1d0969306c57cbf77df861ec3924fc Mon Sep 17 00:00:00 2001 +From 77196464454a1c66e57ad5aac237a55de211a107 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@gmail.com> Date: Sun, 14 Apr 2019 13:27:58 +0200 Subject: [PATCH] Avoid renameeat2 for native(sdk) builds diff --git a/recipes-qt/qt5/qtbase/0023-Bootstrap-without-linkat-feature.patch b/recipes-qt/qt5/qtbase/0025-Bootstrap-without-linkat-feature.patch index f5e5268b..b759214b 100644 --- a/recipes-qt/qt5/qtbase/0023-Bootstrap-without-linkat-feature.patch +++ b/recipes-qt/qt5/qtbase/0025-Bootstrap-without-linkat-feature.patch @@ -1,4 +1,4 @@ -From f992d0551cd14c11fdb61511ac1d36ecf853089a Mon Sep 17 00:00:00 2001 +From a052a876d0639db2f919aada2ae0afe1718928af Mon Sep 17 00:00:00 2001 From: Samuli Piippo <samuli.piippo@qt.io> Date: Fri, 24 Nov 2017 15:16:31 +0200 Subject: [PATCH] Bootstrap without linkat feature @@ -7,6 +7,7 @@ qmake does not work together with pseudo when unnamed temporary files are used with linkat. Upstream-Status: Inappropriate [OE specific] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> [YOCTO #11996] --- src/corelib/global/qconfig-bootstrapped.h | 2 +- diff --git a/recipes-qt/qt5/qtbase/0027-xkb-fix-build-with-libxkbcommon-1.6.0-and-later.patch b/recipes-qt/qt5/qtbase/0027-xkb-fix-build-with-libxkbcommon-1.6.0-and-later.patch new file mode 100644 index 00000000..e6a96530 --- /dev/null +++ b/recipes-qt/qt5/qtbase/0027-xkb-fix-build-with-libxkbcommon-1.6.0-and-later.patch @@ -0,0 +1,55 @@ +From 8946e4874d0e071b182ba5ac438fb4d52d2a44d0 Mon Sep 17 00:00:00 2001 +From: Mark Hatle <mark.hatle@amd.com> +Date: Fri, 1 Dec 2023 08:17:51 -0700 +Subject: [PATCH] xkb: fix build with libxkbcommon 1.6.0 and later +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Disable the 4 XKB_KEY_dead functions to support libxkbcommon 1.6.0. See: + +https://gitlab.freedesktop.org/xorg/proto/xorgproto/-/merge_requests/70 + +The above URL points to a commit in qt which was used as a basis for the fix. + +Upstream-Status: Backport +[https://github.com/qt/qtbase/commit/8af35d27e8f02bbb99aef4ac495ed406e50e3cca] + + xkb: fix build with libxkbcommon 1.6.0 and later + + A few XKB_KEY_dead_* defines got removed from 1.6.0. See also + https://github.com/xkbcommon/libxkbcommon/blob/6073565903488cb5b9a8d37fdc4a7c2f9d7ad04d/NEWS#L9-L14 + https://gitlab.freedesktop.org/xorg/proto/xorgproto/-/merge_requests/70/diffs?commit_id=cb44799b72f611eb4c9d7cc185bc3b09e070be08 + + Pick-to: 6.6 6.5 6.2 5.15 + Fixes: QTBUG-117950 + Change-Id: I55861868f2bb29c553d68365fa9b9b6ed01c9aea + Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io> + +Signed-off-by: Mark Hatle <mark.hatle@amd.com> +--- + src/platformsupport/input/xkbcommon/qxkbcommon.cpp | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/platformsupport/input/xkbcommon/qxkbcommon.cpp b/src/platformsupport/input/xkbcommon/qxkbcommon.cpp +index b713c19447..ecf02de6db 100644 +--- a/src/platformsupport/input/xkbcommon/qxkbcommon.cpp ++++ b/src/platformsupport/input/xkbcommon/qxkbcommon.cpp +@@ -273,10 +273,14 @@ static constexpr const auto KeyTbl = qMakeArray( + Xkb2Qt<XKB_KEY_dead_small_schwa, Qt::Key_Dead_Small_Schwa>, + Xkb2Qt<XKB_KEY_dead_capital_schwa, Qt::Key_Dead_Capital_Schwa>, + Xkb2Qt<XKB_KEY_dead_greek, Qt::Key_Dead_Greek>, ++/* The following four XKB_KEY_dead keys got removed in libxkbcommon 1.6.0 ++ The define check is kind of version check here. */ ++#ifdef XKB_KEY_dead_lowline + Xkb2Qt<XKB_KEY_dead_lowline, Qt::Key_Dead_Lowline>, + Xkb2Qt<XKB_KEY_dead_aboveverticalline, Qt::Key_Dead_Aboveverticalline>, + Xkb2Qt<XKB_KEY_dead_belowverticalline, Qt::Key_Dead_Belowverticalline>, + Xkb2Qt<XKB_KEY_dead_longsolidusoverlay, Qt::Key_Dead_Longsolidusoverlay>, ++#endif + + // Special keys from X.org - This include multimedia keys, + // wireless/bluetooth/uwb keys, special launcher keys, etc. +-- +2.34.1 + diff --git a/recipes-qt/qt5/qtbase/0028-Remove-host-paths-from-qmake.patch b/recipes-qt/qt5/qtbase/0028-Remove-host-paths-from-qmake.patch new file mode 100644 index 00000000..bb20a0ef --- /dev/null +++ b/recipes-qt/qt5/qtbase/0028-Remove-host-paths-from-qmake.patch @@ -0,0 +1,43 @@ +Remove host paths from qmake +The host paths are not useful on the target and may cause security concerns. + +Instead set them to extprefix or just plain "/" to at least remove host paths. + +Upstream-Status: Inappropriate [embedded specific] +Signed-off-by: James Minor <james.minor@ni.com> +--- a/configure.pri ++++ b/configure.pri +@@ -854,7 +854,7 @@ defineTest(qtConfOutput_preparePaths) { + export(config.qtbase.features.shared.available) + + hostbindir_absolute_path = $$absolute_path($$config.rel_input.hostbindir, $$config.input.hostprefix) +- config.input.hostbindir_to_hostprefix = $$relative_path($$config.input.hostprefix, $$hostbindir_absolute_path) ++ config.input.hostbindir_to_hostprefix = $$relative_path($$config.input.extprefix, $$hostbindir_absolute_path) + config.input.hostbindir_to_extprefix = $$relative_path($$config.input.extprefix, $$hostbindir_absolute_path) + + !isEmpty(PREFIX_COMPLAINTS) { +@@ -889,11 +889,11 @@ defineTest(qtConfOutput_preparePaths) { + QT_CONFIGURE_STR_OFFSETS = + QT_CONFIGURE_STRS = + +- addConfStr($$config.input.sysroot) ++ addConfStr("/") + addConfStr($$qmake_sysrootify) +- addConfStr($$config.rel_input.hostbindir) +- addConfStr($$config.rel_input.hostlibdir) +- addConfStr($$config.rel_input.hostdatadir) ++ addConfStr($$config.rel_input.bindir) ++ addConfStr($$config.rel_input.libdir) ++ addConfStr($$config.rel_input.datadir) + addConfStr($$XSPEC) + addConfStr($$[QMAKE_SPEC]) + +@@ -902,7 +902,7 @@ defineTest(qtConfOutput_preparePaths) { + "static const char qt_configure_prefix_path_str [12+512] = \"qt_prfxpath=$$config.input.prefix\";" \ + "$${LITERAL_HASH}ifdef QT_BUILD_QMAKE" \ + "static const char qt_configure_ext_prefix_path_str [12+512] = \"qt_epfxpath=$$config.input.extprefix\";" \ +- "static const char qt_configure_host_prefix_path_str [12+512] = \"qt_hpfxpath=$$config.input.hostprefix\";" \ ++ "static const char qt_configure_host_prefix_path_str [12+512] = \"qt_hpfxpath=$$config.input.extprefix\";" \ + "$${LITERAL_HASH}endif" \ + "" \ + "static const short qt_configure_str_offsets[] = {" \ diff --git a/recipes-qt/qt5/qtbase/0029-Remove-ptests-with-SRCDIR.patch b/recipes-qt/qt5/qtbase/0029-Remove-ptests-with-SRCDIR.patch new file mode 100644 index 00000000..690d491c --- /dev/null +++ b/recipes-qt/qt5/qtbase/0029-Remove-ptests-with-SRCDIR.patch @@ -0,0 +1,57 @@ +Remove ptests that leak host paths via SRCDIR +The host paths are not useful on the target and may cause security concerns. +Some auto tests run as ptests include references to external resources via +SRCDIR and fail today. + +Remove the problematic tests since they won't pass completely anyway. + +Upstream-Status: Inappropriate [embedded specific] +Signed-off-by: James Minor <james.minor@ni.com> +Index: git/tests/auto/corelib/tools/tools.pro +=================================================================== +--- git.orig/tests/auto/corelib/tools/tools.pro ++++ git/tests/auto/corelib/tools/tools.pro +@@ -36,7 +36,6 @@ SUBDIRS=\ + qscopedvaluerollback \ + qscopeguard \ + qset \ +- qsharedpointer \ + qsize \ + qsizef \ + qstl \ +Index: git/tests/auto/other/other.pro +=================================================================== +--- git.orig/tests/auto/other/other.pro ++++ git/tests/auto/other/other.pro +@@ -4,7 +4,6 @@ QT_FOR_CONFIG += gui-private + SUBDIRS=\ + compiler \ + gestures \ +- lancelot \ + languagechange \ + macgui \ + #macnativeevents \ +Index: git/tests/auto/widgets/dialogs/dialogs.pro +=================================================================== +--- git.orig/tests/auto/widgets/dialogs/dialogs.pro ++++ git/tests/auto/widgets/dialogs/dialogs.pro +@@ -3,7 +3,6 @@ SUBDIRS=\ + qcolordialog \ + qdialog \ + qerrormessage \ +- qfiledialog \ + qfiledialog2 \ + qfilesystemmodel \ + qfontdialog \ +Index: git/tests/auto/widgets/itemviews/itemviews.pro +=================================================================== +--- git.orig/tests/auto/widgets/itemviews/itemviews.pro ++++ git/tests/auto/widgets/itemviews/itemviews.pro +@@ -3,7 +3,6 @@ SUBDIRS=\ + qabstractitemview \ + qcolumnview \ + qdatawidgetmapper \ +- qdirmodel \ + qfileiconprovider \ + qheaderview \ + qitemdelegate \ diff --git a/recipes-qt/qt5/qtbase/CVE-2023-32762.patch b/recipes-qt/qt5/qtbase/CVE-2023-32762.patch new file mode 100644 index 00000000..866187f7 --- /dev/null +++ b/recipes-qt/qt5/qtbase/CVE-2023-32762.patch @@ -0,0 +1,56 @@ +From 1b736a815be0222f4b24289cf17575fc15707305 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io> +Date: Fri, 5 May 2023 11:07:26 +0200 +Subject: [PATCH] Hsts: match header names case insensitively + +Header field names are always considered to be case-insensitive. + +Pick-to: 6.5 6.5.1 6.2 5.15 +Fixes: QTBUG-113392 +Change-Id: Ifb4def4bb7f2ac070416cdc76581a769f1e52b43 +Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> +Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> +Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> + +Upstream-Status: Backport [https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305] +CVE: CVE-2023-32762 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + src/network/access/qhsts.cpp | 4 ++-- + tests/auto/network/access/hsts/tst_qhsts.cpp | 6 ++++++ + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp +index 0cef0ad3dc..be7ef7ff58 100644 +--- a/src/network/access/qhsts.cpp ++++ b/src/network/access/qhsts.cpp +@@ -364,8 +364,8 @@ quoted-pair = "\" CHAR + bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers) + { + for (const auto &h : headers) { +- // We use '==' since header name was already 'trimmed' for us: +- if (h.first == "Strict-Transport-Security") { ++ // We compare directly because header name was already 'trimmed' for us: ++ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) { + header = h.second; + // RFC6797, 8.1: + // +diff --git a/tests/auto/network/access/hsts/tst_qhsts.cpp b/tests/auto/network/access/hsts/tst_qhsts.cpp +index d72991a2eb..c3c5f58c22 100644 +--- a/tests/auto/network/access/hsts/tst_qhsts.cpp ++++ b/tests/auto/network/access/hsts/tst_qhsts.cpp +@@ -241,6 +241,12 @@ void tst_QHsts::testSTSHeaderParser() + QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc()); + QVERIFY(parser.includeSubDomains()); + ++ list.pop_back(); ++ list << Header("strict-transport-security", "includeSubDomains;max-age=1000"); ++ QVERIFY(parser.parse(list)); ++ QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc()); ++ QVERIFY(parser.includeSubDomains()); ++ + list.pop_back(); + // Invalid (includeSubDomains twice): + list << Header("Strict-Transport-Security", "max-age = 1000 ; includeSubDomains;includeSubDomains"); +-- +2.35.7 diff --git a/recipes-qt/qt5/qtbase/CVE-2023-32763-qtbase-5.15.diff b/recipes-qt/qt5/qtbase/CVE-2023-32763-qtbase-5.15.diff new file mode 100644 index 00000000..52056325 --- /dev/null +++ b/recipes-qt/qt5/qtbase/CVE-2023-32763-qtbase-5.15.diff @@ -0,0 +1,61 @@ +From 4964af998a1788eba15e0b4ab3382e1ebb709daf Mon Sep 17 00:00:00 2001 +From: Marek Vasut <marex@denx.de> +Date: Tue, 10 Oct 2023 16:06:27 +0200 +Subject: [PATCH] qtbase: Pick CVE-2023-32763 fix + +CVE: CVE-2023-32763 +Upstream-Status: Backport [https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff] +--- + src/gui/painting/qfixed_p.h | 9 +++++++++ + src/gui/text/qtextlayout.cpp | 9 ++++++--- + 2 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/src/gui/painting/qfixed_p.h b/src/gui/painting/qfixed_p.h +index 846592881c..57d750a4b3 100644 +--- a/src/gui/painting/qfixed_p.h ++++ b/src/gui/painting/qfixed_p.h +@@ -54,6 +54,7 @@ + #include <QtGui/private/qtguiglobal_p.h> + #include "QtCore/qdebug.h" + #include "QtCore/qpoint.h" ++#include <QtCore/private/qnumeric_p.h> + #include "QtCore/qsize.h" + + QT_BEGIN_NAMESPACE +@@ -182,6 +183,14 @@ Q_DECL_CONSTEXPR inline bool operator<(int i, const QFixed &f) { return i * 64 < + Q_DECL_CONSTEXPR inline bool operator>(const QFixed &f, int i) { return f.value() > i * 64; } + Q_DECL_CONSTEXPR inline bool operator>(int i, const QFixed &f) { return i * 64 > f.value(); } + ++inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r) ++{ ++ int val; ++ bool result = add_overflow(v1.value(), v2.value(), &val); ++ r->setValue(val); ++ return result; ++} ++ + #ifndef QT_NO_DEBUG_STREAM + inline QDebug &operator<<(QDebug &dbg, const QFixed &f) + { return dbg << f.toReal(); } +diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp +index 26ac37b016..f6c69ff4a2 100644 +--- a/src/gui/text/qtextlayout.cpp ++++ b/src/gui/text/qtextlayout.cpp +@@ -2150,11 +2150,14 @@ found: + eng->maxWidth = qMax(eng->maxWidth, line.textWidth); + } else { + eng->minWidth = qMax(eng->minWidth, lbh.minw); +- eng->maxWidth += line.textWidth; ++ if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth)) ++ eng->maxWidth = QFIXED_MAX; + } + +- if (line.textWidth > 0 && item < eng->layoutData->items.size()) +- eng->maxWidth += lbh.spaceData.textWidth; ++ if (line.textWidth > 0 && item < eng->layoutData->items.size()) { ++ if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, &eng->maxWidth)) ++ eng->maxWidth = QFIXED_MAX; ++ } + + line.textWidth += trailingSpace; + if (lbh.spaceData.length) { diff --git a/recipes-qt/qt5/qtbase/CVE-2023-33285-qtbase-5.15.diff b/recipes-qt/qt5/qtbase/CVE-2023-33285-qtbase-5.15.diff new file mode 100644 index 00000000..0e545296 --- /dev/null +++ b/recipes-qt/qt5/qtbase/CVE-2023-33285-qtbase-5.15.diff @@ -0,0 +1,81 @@ +From 70be54588f7227e0100d511530170b5cdb46ee5a Mon Sep 17 00:00:00 2001 +From: Marek Vasut <marex@denx.de> +Date: Tue, 10 Oct 2023 16:08:05 +0200 +Subject: [PATCH] qtbase: Pick CVE-2023-33285 fix + +CVE: CVE-2023-33285 +Upstream-Status: Backport [https://download.qt.io/official_releases/qt/5.15/CVE-2023-33285-qtbase-5.15.diff] +--- + src/network/kernel/qdnslookup_unix.cpp | 31 +++++++++++++++++++++----- + 1 file changed, 25 insertions(+), 6 deletions(-) + +diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp +index 12b40fc35d..99e999d436 100644 +--- a/src/network/kernel/qdnslookup_unix.cpp ++++ b/src/network/kernel/qdnslookup_unix.cpp +@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN + // responseLength in case of error, we still can extract the + // exact error code from the response. + HEADER *header = (HEADER*)response; +- const int answerCount = ntohs(header->ancount); + switch (header->rcode) { + case NOERROR: + break; +@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN + return; + } + +- // Skip the query host, type (2 bytes) and class (2 bytes). + char host[PACKETSZ], answer[PACKETSZ]; + unsigned char *p = response + sizeof(HEADER); +- int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host)); +- if (status < 0) { ++ int status; ++ ++ if (ntohs(header->qdcount) == 1) { ++ // Skip the query host, type (2 bytes) and class (2 bytes). ++ status = local_dn_expand(response, response + responseLength, p, host, sizeof(host)); ++ if (status < 0) { ++ reply->error = QDnsLookup::InvalidReplyError; ++ reply->errorString = tr("Could not expand domain name"); ++ return; ++ } ++ if ((p - response) + status + 4 >= responseLength) ++ header->qdcount = 0xffff; // invalid reply below ++ else ++ p += status + 4; ++ } ++ if (ntohs(header->qdcount) > 1) { + reply->error = QDnsLookup::InvalidReplyError; +- reply->errorString = tr("Could not expand domain name"); ++ reply->errorString = tr("Invalid reply received"); + return; + } +- p += status + 4; + + // Extract results. ++ const int answerCount = ntohs(header->ancount); + int answerIndex = 0; + while ((p < response + responseLength) && (answerIndex < answerCount)) { + status = local_dn_expand(response, response + responseLength, p, host, sizeof(host)); +@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN + const QString name = QUrl::fromAce(host); + + p += status; ++ ++ if ((p - response) + 10 > responseLength) { ++ // probably just a truncated reply, return what we have ++ return; ++ } + const quint16 type = (p[0] << 8) | p[1]; + p += 2; // RR type + p += 2; // RR class +@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN + p += 4; + const quint16 size = (p[0] << 8) | p[1]; + p += 2; ++ if ((p - response) + size > responseLength) ++ return; // truncated + + if (type == QDnsLookup::A) { + if (size != 4) { diff --git a/recipes-qt/qt5/qtbase/CVE-2023-34410-qtbase-5.15.diff b/recipes-qt/qt5/qtbase/CVE-2023-34410-qtbase-5.15.diff new file mode 100644 index 00000000..0f3e288b --- /dev/null +++ b/recipes-qt/qt5/qtbase/CVE-2023-34410-qtbase-5.15.diff @@ -0,0 +1,68 @@ +From ec348cf21e3cecfda0e1d7db6f2ecf423509f55a Mon Sep 17 00:00:00 2001 +From: Marek Vasut <marex@denx.de> +Date: Tue, 10 Oct 2023 16:09:29 +0200 +Subject: [PATCH] qtbase: Pick CVE-2023-34410 fix + +CVE: CVE-2023-34410 +Upstream-Status: Backport [https://download.qt.io/official_releases/qt/5.15/CVE-2023-34410-qtbase-5.15.diff] +--- + src/network/ssl/qsslsocket.cpp | 5 +++++ + src/network/ssl/qsslsocket_schannel.cpp | 22 ++++++++++++++++++++++ + 2 files changed, 27 insertions(+) + +diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp +index 5bb6e7ee4a..2a0b3a4f1d 100644 +--- a/src/network/ssl/qsslsocket.cpp ++++ b/src/network/ssl/qsslsocket.cpp +@@ -2221,6 +2221,10 @@ QSslSocketPrivate::QSslSocketPrivate() + , flushTriggered(false) + { + QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration); ++ // If the global configuration doesn't allow root certificates to be loaded ++ // on demand then we have to disable it for this socket as well. ++ if (!configuration.allowRootCertOnDemandLoading) ++ allowRootCertOnDemandLoading = false; + } + + /*! +@@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri + ptr->sessionProtocol = global->sessionProtocol; + ptr->ciphers = global->ciphers; + ptr->caCertificates = global->caCertificates; ++ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading; + ptr->protocol = global->protocol; + ptr->peerVerifyMode = global->peerVerifyMode; + ptr->peerVerifyDepth = global->peerVerifyDepth; +diff --git a/src/network/ssl/qsslsocket_schannel.cpp b/src/network/ssl/qsslsocket_schannel.cpp +index c956ce3c2b..d1b23af29b 100644 +--- a/src/network/ssl/qsslsocket_schannel.cpp ++++ b/src/network/ssl/qsslsocket_schannel.cpp +@@ -1880,6 +1880,28 @@ bool QSslSocketBackendPrivate::verifyCertContext(CERT_CONTEXT *certContext) + if (configuration.peerVerifyDepth > 0 && DWORD(configuration.peerVerifyDepth) < verifyDepth) + verifyDepth = DWORD(configuration.peerVerifyDepth); + ++ const auto &caCertificates = q->sslConfiguration().caCertificates(); ++ ++ if (!rootCertOnDemandLoadingAllowed() ++ && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN) ++ && (q->peerVerifyMode() == QSslSocket::VerifyPeer ++ || (isClient && q->peerVerifyMode() == QSslSocket::AutoVerifyPeer))) { ++ // When verifying a peer Windows "helpfully" builds a chain that ++ // may include roots from the system store. But we don't want that if ++ // the user has set their own CA certificates. ++ // Since Windows claims this is not a partial chain the root is included ++ // and we have to check that it is one of our configured CAs. ++ CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1]; ++ QSslCertificate certificate = getCertificateFromChainElement(element); ++ if (!caCertificates.contains(certificate)) { ++ auto error = QSslError(QSslError::CertificateUntrusted, certificate); ++ sslErrors += error; ++ emit q->peerVerifyError(error); ++ if (q->state() != QAbstractSocket::ConnectedState) ++ return false; ++ } ++ } ++ + for (DWORD i = 0; i < verifyDepth; i++) { + CERT_CHAIN_ELEMENT *element = chain->rgpElement[i]; + QSslCertificate certificate = getCertificateFromChainElement(element); diff --git a/recipes-qt/qt5/qtbase/CVE-2023-37369-qtbase-5.15.diff b/recipes-qt/qt5/qtbase/CVE-2023-37369-qtbase-5.15.diff new file mode 100644 index 00000000..4fde5493 --- /dev/null +++ b/recipes-qt/qt5/qtbase/CVE-2023-37369-qtbase-5.15.diff @@ -0,0 +1,216 @@ +From 8b7ecba1bab3a02af1c5d5b2278b88e931e612e6 Mon Sep 17 00:00:00 2001 +From: Marek Vasut <marex@denx.de> +Date: Tue, 10 Oct 2023 16:10:40 +0200 +Subject: [PATCH] qtbase: Pick CVE-2023-37369 fix + +CVE: CVE-2023-37369 +Upstream-Status: Backport [https://download.qt.io/official_releases/qt/5.15/CVE-2023-37369-qtbase-5.15.diff] +--- + src/corelib/serialization/qxmlstream.cpp | 39 +++++++++++++++--------- + src/corelib/serialization/qxmlstream.g | 25 +++++++++++++-- + src/corelib/serialization/qxmlstream_p.h | 25 +++++++++++++-- + 3 files changed, 69 insertions(+), 20 deletions(-) + +diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp +index b2f846544d..6c98e7c013 100644 +--- a/src/corelib/serialization/qxmlstream.cpp ++++ b/src/corelib/serialization/qxmlstream.cpp +@@ -1302,15 +1302,18 @@ inline int QXmlStreamReaderPrivate::fastScanContentCharList() + return n; + } + +-inline int QXmlStreamReaderPrivate::fastScanName(int *prefix) ++// Fast scan an XML attribute name (e.g. "xml:lang"). ++inline QXmlStreamReaderPrivate::FastScanNameResult ++QXmlStreamReaderPrivate::fastScanName(Value *val) + { + int n = 0; + uint c; + while ((c = getChar()) != StreamEOF) { + if (n >= 4096) { + // This is too long to be a sensible name, and +- // can exhaust memory +- return 0; ++ // can exhaust memory, or the range of decltype(*prefix) ++ raiseNamePrefixTooLongError(); ++ return {}; + } + switch (c) { + case '\n': +@@ -1339,23 +1342,23 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix) + case '+': + case '*': + putChar(c); +- if (prefix && *prefix == n+1) { +- *prefix = 0; ++ if (val && val->prefix == n + 1) { ++ val->prefix = 0; + putChar(':'); + --n; + } +- return n; ++ return FastScanNameResult(n); + case ':': +- if (prefix) { +- if (*prefix == 0) { +- *prefix = n+2; ++ if (val) { ++ if (val->prefix == 0) { ++ val->prefix = n + 2; + } else { // only one colon allowed according to the namespace spec. + putChar(c); +- return n; ++ return FastScanNameResult(n); + } + } else { + putChar(c); +- return n; ++ return FastScanNameResult(n); + } + Q_FALLTHROUGH(); + default: +@@ -1364,12 +1367,12 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix) + } + } + +- if (prefix) +- *prefix = 0; ++ if (val) ++ val->prefix = 0; + int pos = textBuffer.size() - n; + putString(textBuffer, pos); + textBuffer.resize(pos); +- return 0; ++ return FastScanNameResult(0); + } + + enum NameChar { NameBeginning, NameNotBeginning, NotName }; +@@ -1878,6 +1881,14 @@ void QXmlStreamReaderPrivate::raiseWellFormedError(const QString &message) + raiseError(QXmlStreamReader::NotWellFormedError, message); + } + ++void QXmlStreamReaderPrivate::raiseNamePrefixTooLongError() ++{ ++ // TODO: add a ImplementationLimitsExceededError and use it instead ++ raiseError(QXmlStreamReader::NotWellFormedError, ++ QXmlStream::tr("Length of XML attribute name exceeds implemnetation limits (4KiB " ++ "characters).")); ++} ++ + void QXmlStreamReaderPrivate::parseError() + { + +diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g +index b623de9505..e431028506 100644 +--- a/src/corelib/serialization/qxmlstream.g ++++ b/src/corelib/serialization/qxmlstream.g +@@ -516,7 +516,16 @@ public: + int fastScanLiteralContent(); + int fastScanSpace(); + int fastScanContentCharList(); +- int fastScanName(int *prefix = nullptr); ++ ++ struct FastScanNameResult { ++ FastScanNameResult() : ok(false) {} ++ explicit FastScanNameResult(int len) : addToLen(len), ok(true) { } ++ operator bool() { return ok; } ++ int operator*() { Q_ASSERT(ok); return addToLen; } ++ int addToLen; ++ bool ok; ++ }; ++ FastScanNameResult fastScanName(Value *val = nullptr); + inline int fastScanNMTOKEN(); + + +@@ -525,6 +534,7 @@ public: + + void raiseError(QXmlStreamReader::Error error, const QString& message = QString()); + void raiseWellFormedError(const QString &message); ++ void raiseNamePrefixTooLongError(); + + QXmlStreamEntityResolver *entityResolver; + +@@ -1809,7 +1819,12 @@ space_opt ::= space; + qname ::= LETTER; + /. + case $rule_number: { +- sym(1).len += fastScanName(&sym(1).prefix); ++ Value &val = sym(1); ++ if (auto res = fastScanName(&val)) ++ val.len += *res; ++ else ++ return false; ++ + if (atEnd) { + resume($rule_number); + return false; +@@ -1820,7 +1835,11 @@ qname ::= LETTER; + name ::= LETTER; + /. + case $rule_number: +- sym(1).len += fastScanName(); ++ if (auto res = fastScanName()) ++ sym(1).len += *res; ++ else ++ return false; ++ + if (atEnd) { + resume($rule_number); + return false; +diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h +index 103b123b10..80e7f74080 100644 +--- a/src/corelib/serialization/qxmlstream_p.h ++++ b/src/corelib/serialization/qxmlstream_p.h +@@ -1005,7 +1005,16 @@ public: + int fastScanLiteralContent(); + int fastScanSpace(); + int fastScanContentCharList(); +- int fastScanName(int *prefix = nullptr); ++ ++ struct FastScanNameResult { ++ FastScanNameResult() : ok(false) {} ++ explicit FastScanNameResult(int len) : addToLen(len), ok(true) { } ++ operator bool() { return ok; } ++ int operator*() { Q_ASSERT(ok); return addToLen; } ++ int addToLen; ++ bool ok; ++ }; ++ FastScanNameResult fastScanName(Value *val = nullptr); + inline int fastScanNMTOKEN(); + + +@@ -1014,6 +1023,7 @@ public: + + void raiseError(QXmlStreamReader::Error error, const QString& message = QString()); + void raiseWellFormedError(const QString &message); ++ void raiseNamePrefixTooLongError(); + + QXmlStreamEntityResolver *entityResolver; + +@@ -1937,7 +1947,12 @@ bool QXmlStreamReaderPrivate::parse() + break; + + case 262: { +- sym(1).len += fastScanName(&sym(1).prefix); ++ Value &val = sym(1); ++ if (auto res = fastScanName(&val)) ++ val.len += *res; ++ else ++ return false; ++ + if (atEnd) { + resume(262); + return false; +@@ -1945,7 +1960,11 @@ bool QXmlStreamReaderPrivate::parse() + } break; + + case 263: +- sym(1).len += fastScanName(); ++ if (auto res = fastScanName()) ++ sym(1).len += *res; ++ else ++ return false; ++ + if (atEnd) { + resume(263); + return false; diff --git a/recipes-qt/qt5/qtbase/CVE-2023-38197-qtbase-5.15.diff b/recipes-qt/qt5/qtbase/CVE-2023-38197-qtbase-5.15.diff new file mode 100644 index 00000000..cb631519 --- /dev/null +++ b/recipes-qt/qt5/qtbase/CVE-2023-38197-qtbase-5.15.diff @@ -0,0 +1,231 @@ +From ae3946f38904b626a73a64f2829f60c911e2943b Mon Sep 17 00:00:00 2001 +From: Marek Vasut <marex@denx.de> +Date: Tue, 10 Oct 2023 16:11:57 +0200 +Subject: [PATCH] qtbase: Pick CVE-2023-38197 fix + +CVE: CVE-2023-38197 +Upstream-Status: Backport [https://download.qt.io/official_releases/qt/5.15/CVE-2023-38197-qtbase-5.15.diff] +--- + src/corelib/serialization/qxmlstream.cpp | 144 +++++++++++++++++++++-- + src/corelib/serialization/qxmlstream_p.h | 11 ++ + 2 files changed, 147 insertions(+), 8 deletions(-) + +diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp +index 6c98e7c013..2553d3e09a 100644 +--- a/src/corelib/serialization/qxmlstream.cpp ++++ b/src/corelib/serialization/qxmlstream.cpp +@@ -160,7 +160,7 @@ enum { StreamEOF = ~0U }; + addData() or by waiting for it to arrive on the device(). + + \value UnexpectedElementError The parser encountered an element +- that was different to those it expected. ++ or token that was different to those it expected. + + */ + +@@ -295,13 +295,34 @@ QXmlStreamEntityResolver *QXmlStreamReader::entityResolver() const + + QXmlStreamReader is a well-formed XML 1.0 parser that does \e not + include external parsed entities. As long as no error occurs, the +- application code can thus be assured that the data provided by the +- stream reader satisfies the W3C's criteria for well-formed XML. For +- example, you can be certain that all tags are indeed nested and +- closed properly, that references to internal entities have been +- replaced with the correct replacement text, and that attributes have +- been normalized or added according to the internal subset of the +- DTD. ++ application code can thus be assured, that ++ \list ++ \li the data provided by the stream reader satisfies the W3C's ++ criteria for well-formed XML, ++ \li tokens are provided in a valid order. ++ \endlist ++ ++ Unless QXmlStreamReader raises an error, it guarantees the following: ++ \list ++ \li All tags are nested and closed properly. ++ \li References to internal entities have been replaced with the ++ correct replacement text. ++ \li Attributes have been normalized or added according to the ++ internal subset of the \l DTD. ++ \li Tokens of type \l StartDocument happen before all others, ++ aside from comments and processing instructions. ++ \li At most one DOCTYPE element (a token of type \l DTD) is present. ++ \li If present, the DOCTYPE appears before all other elements, ++ aside from StartDocument, comments and processing instructions. ++ \endlist ++ ++ In particular, once any token of type \l StartElement, \l EndElement, ++ \l Characters, \l EntityReference or \l EndDocument is seen, no ++ tokens of type StartDocument or DTD will be seen. If one is present in ++ the input stream, out of order, an error is raised. ++ ++ \note The token types \l Comment and \l ProcessingInstruction may appear ++ anywhere in the stream. + + If an error occurs while parsing, atEnd() and hasError() return + true, and error() returns the error that occurred. The functions +@@ -620,6 +641,7 @@ QXmlStreamReader::TokenType QXmlStreamReader::readNext() + d->token = -1; + return readNext(); + } ++ d->checkToken(); + return d->type; + } + +@@ -740,6 +762,14 @@ static const short QXmlStreamReader_tokenTypeString_indices[] = { + }; + + ++static const char QXmlStreamReader_XmlContextString[] = ++ "Prolog\0" ++ "Body\0"; ++ ++static const short QXmlStreamReader_XmlContextString_indices[] = { ++ 0, 7 ++}; ++ + /*! + \property QXmlStreamReader::namespaceProcessing + The namespace-processing flag of the stream reader +@@ -775,6 +805,16 @@ QString QXmlStreamReader::tokenString() const + QXmlStreamReader_tokenTypeString_indices[d->type]); + } + ++/*! ++ \internal ++ \return \param ctxt (Prolog/Body) as a string. ++ */ ++QString contextString(QXmlStreamReaderPrivate::XmlContext ctxt) ++{ ++ return QLatin1String(QXmlStreamReader_XmlContextString + ++ QXmlStreamReader_XmlContextString_indices[static_cast<int>(ctxt)]); ++} ++ + #endif // QT_NO_XMLSTREAMREADER + + QXmlStreamPrivateTagStack::QXmlStreamPrivateTagStack() +@@ -866,6 +906,8 @@ void QXmlStreamReaderPrivate::init() + + type = QXmlStreamReader::NoToken; + error = QXmlStreamReader::NoError; ++ currentContext = XmlContext::Prolog; ++ foundDTD = false; + } + + /* +@@ -4061,6 +4103,92 @@ void QXmlStreamWriter::writeCurrentToken(const QXmlStreamReader &reader) + } + } + ++static bool isTokenAllowedInContext(QXmlStreamReader::TokenType type, ++ QXmlStreamReaderPrivate::XmlContext loc) ++{ ++ switch (type) { ++ case QXmlStreamReader::StartDocument: ++ case QXmlStreamReader::DTD: ++ return loc == QXmlStreamReaderPrivate::XmlContext::Prolog; ++ ++ case QXmlStreamReader::StartElement: ++ case QXmlStreamReader::EndElement: ++ case QXmlStreamReader::Characters: ++ case QXmlStreamReader::EntityReference: ++ case QXmlStreamReader::EndDocument: ++ return loc == QXmlStreamReaderPrivate::XmlContext::Body; ++ ++ case QXmlStreamReader::Comment: ++ case QXmlStreamReader::ProcessingInstruction: ++ return true; ++ ++ case QXmlStreamReader::NoToken: ++ case QXmlStreamReader::Invalid: ++ return false; ++ default: ++ return false; ++ } ++} ++ ++/*! ++ \internal ++ \brief QXmlStreamReader::isValidToken ++ \return \c true if \param type is a valid token type. ++ \return \c false if \param type is an unexpected token, ++ which indicates a non-well-formed or invalid XML stream. ++ */ ++bool QXmlStreamReaderPrivate::isValidToken(QXmlStreamReader::TokenType type) ++{ ++ // Don't change currentContext, if Invalid or NoToken occur in the prolog ++ if (type == QXmlStreamReader::Invalid || type == QXmlStreamReader::NoToken) ++ return false; ++ ++ // If a token type gets rejected in the body, there is no recovery ++ const bool result = isTokenAllowedInContext(type, currentContext); ++ if (result || currentContext == XmlContext::Body) ++ return result; ++ ++ // First non-Prolog token observed => switch context to body and check again. ++ currentContext = XmlContext::Body; ++ return isTokenAllowedInContext(type, currentContext); ++} ++ ++/*! ++ \internal ++ Checks token type and raises an error, if it is invalid ++ in the current context (prolog/body). ++ */ ++void QXmlStreamReaderPrivate::checkToken() ++{ ++ Q_Q(QXmlStreamReader); ++ ++ // The token type must be consumed, to keep track if the body has been reached. ++ const XmlContext context = currentContext; ++ const bool ok = isValidToken(type); ++ ++ // Do nothing if an error has been raised already (going along with an unexpected token) ++ if (error != QXmlStreamReader::Error::NoError) ++ return; ++ ++ if (!ok) { ++ raiseError(QXmlStreamReader::UnexpectedElementError, ++ QLatin1String("Unexpected token type %1 in %2.") ++ .arg(q->tokenString(), contextString(context))); ++ return; ++ } ++ ++ if (type != QXmlStreamReader::DTD) ++ return; ++ ++ // Raise error on multiple DTD tokens ++ if (foundDTD) { ++ raiseError(QXmlStreamReader::UnexpectedElementError, ++ QLatin1String("Found second DTD token in %1.").arg(contextString(context))); ++ } else { ++ foundDTD = true; ++ } ++} ++ + /*! + \fn bool QXmlStreamAttributes::hasAttribute(const QString &qualifiedName) const + \since 4.5 +diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h +index 80e7f74080..6db58386db 100644 +--- a/src/corelib/serialization/qxmlstream_p.h ++++ b/src/corelib/serialization/qxmlstream_p.h +@@ -804,6 +804,17 @@ public: + #endif + bool atEnd; + ++ enum class XmlContext ++ { ++ Prolog, ++ Body, ++ }; ++ ++ XmlContext currentContext = XmlContext::Prolog; ++ bool foundDTD = false; ++ bool isValidToken(QXmlStreamReader::TokenType type); ++ void checkToken(); ++ + /*! + \sa setType() + */ diff --git a/recipes-qt/qt5/qtbase/CVE-2023-43114-5.15.patch b/recipes-qt/qt5/qtbase/CVE-2023-43114-5.15.patch new file mode 100644 index 00000000..4b75db3a --- /dev/null +++ b/recipes-qt/qt5/qtbase/CVE-2023-43114-5.15.patch @@ -0,0 +1,128 @@ +From 7ec5e6dff1d6f6b2f3abcb1a2802f174ac189d9e Mon Sep 17 00:00:00 2001 +From: Marek Vasut <marex@denx.de> +Date: Tue, 10 Oct 2023 16:13:57 +0200 +Subject: [PATCH] qtbase: Pick CVE-2023-43114 fix + +CVE: CVE-2023-43114 +Upstream-Status: Backport [https://download.qt.io/official_releases/qt/5.15/CVE-2023-43114-5.15.patch] +--- + .../windows/qwindowsfontdatabase.cpp | 67 ++++++++++++++----- + 1 file changed, 51 insertions(+), 16 deletions(-) + +diff --git a/src/platformsupport/fontdatabases/windows/qwindowsfontdatabase.cpp b/src/platformsupport/fontdatabases/windows/qwindowsfontdatabase.cpp +index 09d2d916fe..0e6fe5eb84 100644 +--- a/src/platformsupport/fontdatabases/windows/qwindowsfontdatabase.cpp ++++ b/src/platformsupport/fontdatabases/windows/qwindowsfontdatabase.cpp +@@ -1471,36 +1471,70 @@ QT_WARNING_POP + return fontEngine; + } + +-static QList<quint32> getTrueTypeFontOffsets(const uchar *fontData) ++static QList<quint32> getTrueTypeFontOffsets(const uchar *fontData, const uchar *fileEndSentinel) + { + QList<quint32> offsets; +- const quint32 headerTag = *reinterpret_cast<const quint32 *>(fontData); ++ if (fileEndSentinel - fontData < 12) { ++ qCWarning(lcQpaFonts) << "Corrupted font data detected"; ++ return offsets; ++ } ++ ++ const quint32 headerTag = qFromUnaligned<quint32>(fontData); + if (headerTag != MAKE_TAG('t', 't', 'c', 'f')) { + if (headerTag != MAKE_TAG(0, 1, 0, 0) + && headerTag != MAKE_TAG('O', 'T', 'T', 'O') + && headerTag != MAKE_TAG('t', 'r', 'u', 'e') +- && headerTag != MAKE_TAG('t', 'y', 'p', '1')) ++ && headerTag != MAKE_TAG('t', 'y', 'p', '1')) { + return offsets; ++ } + offsets << 0; + return offsets; + } ++ ++ const quint32 maximumNumFonts = 0xffff; + const quint32 numFonts = qFromBigEndian<quint32>(fontData + 8); +- for (uint i = 0; i < numFonts; ++i) { +- offsets << qFromBigEndian<quint32>(fontData + 12 + i * 4); ++ if (numFonts > maximumNumFonts) { ++ qCWarning(lcQpaFonts) << "Font collection of" << numFonts << "fonts is too large. Aborting."; ++ return offsets; + } ++ ++ if (quintptr(fileEndSentinel - fontData) > 12 + (numFonts - 1) * 4) { ++ for (quint32 i = 0; i < numFonts; ++i) ++ offsets << qFromBigEndian<quint32>(fontData + 12 + i * 4); ++ } else { ++ qCWarning(lcQpaFonts) << "Corrupted font data detected"; ++ } ++ + return offsets; + } + +-static void getFontTable(const uchar *fileBegin, const uchar *data, quint32 tag, const uchar **table, quint32 *length) ++static void getFontTable(const uchar *fileBegin, const uchar *fileEndSentinel, const uchar *data, quint32 tag, const uchar **table, quint32 *length) + { +- const quint16 numTables = qFromBigEndian<quint16>(data + 4); +- for (uint i = 0; i < numTables; ++i) { +- const quint32 offset = 12 + 16 * i; +- if (*reinterpret_cast<const quint32 *>(data + offset) == tag) { +- *table = fileBegin + qFromBigEndian<quint32>(data + offset + 8); +- *length = qFromBigEndian<quint32>(data + offset + 12); +- return; ++ if (fileEndSentinel - data >= 6) { ++ const quint16 numTables = qFromBigEndian<quint16>(data + 4); ++ if (fileEndSentinel - data >= 28 + 16 * (numTables - 1)) { ++ for (quint32 i = 0; i < numTables; ++i) { ++ const quint32 offset = 12 + 16 * i; ++ if (qFromUnaligned<quint32>(data + offset) == tag) { ++ const quint32 tableOffset = qFromBigEndian<quint32>(data + offset + 8); ++ if (quintptr(fileEndSentinel - fileBegin) <= tableOffset) { ++ qCWarning(lcQpaFonts) << "Corrupted font data detected"; ++ break; ++ } ++ *table = fileBegin + tableOffset; ++ *length = qFromBigEndian<quint32>(data + offset + 12); ++ if (quintptr(fileEndSentinel - *table) < *length) { ++ qCWarning(lcQpaFonts) << "Corrupted font data detected"; ++ break; ++ } ++ return; ++ } ++ } ++ } else { ++ qCWarning(lcQpaFonts) << "Corrupted font data detected"; + } ++ } else { ++ qCWarning(lcQpaFonts) << "Corrupted font data detected"; + } + *table = 0; + *length = 0; +@@ -1513,8 +1547,9 @@ static void getFamiliesAndSignatures(const QByteArray &fontData, + QVector<QFontValues> *values) + { + const uchar *data = reinterpret_cast<const uchar *>(fontData.constData()); ++ const uchar *dataEndSentinel = data + fontData.size(); + +- QList<quint32> offsets = getTrueTypeFontOffsets(data); ++ QList<quint32> offsets = getTrueTypeFontOffsets(data, dataEndSentinel); + if (offsets.isEmpty()) + return; + +@@ -1522,7 +1557,7 @@ static void getFamiliesAndSignatures(const QByteArray &fontData, + const uchar *font = data + offsets.at(i); + const uchar *table; + quint32 length; +- getFontTable(data, font, MAKE_TAG('n', 'a', 'm', 'e'), &table, &length); ++ getFontTable(data, dataEndSentinel, font, MAKE_TAG('n', 'a', 'm', 'e'), &table, &length); + if (!table) + continue; + QFontNames names = qt_getCanonicalFontNames(table, length); +@@ -1532,7 +1567,7 @@ static void getFamiliesAndSignatures(const QByteArray &fontData, + families->append(std::move(names)); + + if (values || signatures) +- getFontTable(data, font, MAKE_TAG('O', 'S', '/', '2'), &table, &length); ++ getFontTable(data, dataEndSentinel, font, MAKE_TAG('O', 'S', '/', '2'), &table, &length); + + if (values) { + QFontValues fontValues; diff --git a/recipes-qt/qt5/qtbase/CVE-2024-25580.patch b/recipes-qt/qt5/qtbase/CVE-2024-25580.patch new file mode 100644 index 00000000..0d9c1b7e --- /dev/null +++ b/recipes-qt/qt5/qtbase/CVE-2024-25580.patch @@ -0,0 +1,214 @@ +From 28ecb523ce8490bff38b251b3df703c72e057519 Mon Sep 17 00:00:00 2001 +From: Jonas Karlsson <jonas.karlsson@qt.io> +Date: Thu, 8 Feb 2024 17:01:05 +0100 +Subject: [PATCH] CVE-2024-25580: qtbase: Improve KTX file reading memory safety + +Upstream-Status: Backport from https://download.qt.io/official_releases/qt/5.15/CVE-2024-25580-qtbase-5.15.diff +CVE: CVE-2024-25580 + +Signed-off-by: Rohini Sangam <rsangam@mvista.com> +--- + src/gui/util/qktxhandler.cpp | 138 +++++++++++++++++++++++++++-------- + src/gui/util/qktxhandler_p.h | 2 +- + 2 files changed, 110 insertions(+), 30 deletions(-) + +diff --git a/src/gui/util/qktxhandler.cpp b/src/gui/util/qktxhandler.cpp +index 7eda4c46fb..2853e46c3d 100644 +--- a/src/gui/util/qktxhandler.cpp ++++ b/src/gui/util/qktxhandler.cpp +@@ -73,7 +73,7 @@ struct KTXHeader { + quint32 bytesOfKeyValueData; + }; + +-static const quint32 headerSize = sizeof(KTXHeader); ++static constexpr quint32 qktxh_headerSize = sizeof(KTXHeader); + + // Currently unused, declared for future reference + struct KTXKeyValuePairItem { +@@ -103,11 +103,36 @@ struct KTXMipmapLevel { + */ + }; + +-bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block) ++static bool qAddOverflow(quint32 v1, quint32 v2, quint32 *r) { ++ // unsigned additions are well-defined ++ *r = v1 + v2; ++ return v1 > quint32(v1 + v2); ++} ++ ++// Returns the nearest multiple of 4 greater than or equal to 'value' ++static bool nearestMultipleOf4(quint32 value, quint32 *result) ++{ ++ constexpr quint32 rounding = 4; ++ *result = 0; ++ if (qAddOverflow(value, rounding - 1, result)) ++ return true; ++ *result &= ~(rounding - 1); ++ return false; ++} ++ ++// Returns a slice with prechecked bounds ++static QByteArray safeSlice(const QByteArray& array, quint32 start, quint32 length) + { +- Q_UNUSED(suffix) ++ quint32 end = 0; ++ if (qAddOverflow(start, length, &end) || end > quint32(array.length())) ++ return {}; ++ return QByteArray(array.data() + start, length); ++} + +- return (qstrncmp(block.constData(), ktxIdentifier, KTX_IDENTIFIER_LENGTH) == 0); ++bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block) ++{ ++ Q_UNUSED(suffix); ++ return block.startsWith(QByteArray::fromRawData(ktxIdentifier, KTX_IDENTIFIER_LENGTH)); + } + + QTextureFileData QKtxHandler::read() +@@ -115,42 +140,97 @@ QTextureFileData QKtxHandler::read() + if (!device()) + return QTextureFileData(); + +- QByteArray buf = device()->readAll(); +- const quint32 dataSize = quint32(buf.size()); +- if (dataSize < headerSize || !canRead(QByteArray(), buf)) { +- qCDebug(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData()); ++ const QByteArray buf = device()->readAll(); ++ if (size_t(buf.size()) > std::numeric_limits<quint32>::max()) { ++ qWarning(lcQtGuiTextureIO, "Too big KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ if (!canRead(QByteArray(), buf)) { ++ qWarning(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ if (buf.size() < qsizetype(qktxh_headerSize)) { ++ qWarning(lcQtGuiTextureIO, "Invalid KTX header size in %s", logName().constData()); + return QTextureFileData(); + } + +- const KTXHeader *header = reinterpret_cast<const KTXHeader *>(buf.constData()); +- if (!checkHeader(*header)) { +- qCDebug(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData()); ++ KTXHeader header; ++ memcpy(&header, buf.data(), qktxh_headerSize); ++ if (!checkHeader(header)) { ++ qWarning(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData()); + return QTextureFileData(); + } + + QTextureFileData texData; + texData.setData(buf); + +- texData.setSize(QSize(decode(header->pixelWidth), decode(header->pixelHeight))); +- texData.setGLFormat(decode(header->glFormat)); +- texData.setGLInternalFormat(decode(header->glInternalFormat)); +- texData.setGLBaseInternalFormat(decode(header->glBaseInternalFormat)); +- +- texData.setNumLevels(decode(header->numberOfMipmapLevels)); +- quint32 offset = headerSize + decode(header->bytesOfKeyValueData); +- const int maxLevels = qMin(texData.numLevels(), 32); // Cap iterations in case of corrupt file. +- for (int i = 0; i < maxLevels; i++) { +- if (offset + sizeof(KTXMipmapLevel) > dataSize) // Corrupt file; avoid oob read +- break; +- const KTXMipmapLevel *level = reinterpret_cast<const KTXMipmapLevel *>(buf.constData() + offset); +- quint32 levelLen = decode(level->imageSize); +- texData.setDataOffset(offset + sizeof(KTXMipmapLevel::imageSize), i); +- texData.setDataLength(levelLen, i); +- offset += sizeof(KTXMipmapLevel::imageSize) + levelLen + (3 - ((levelLen + 3) % 4)); ++ texData.setSize(QSize(decode(header.pixelWidth), decode(header.pixelHeight))); ++ texData.setGLFormat(decode(header.glFormat)); ++ texData.setGLInternalFormat(decode(header.glInternalFormat)); ++ texData.setGLBaseInternalFormat(decode(header.glBaseInternalFormat)); ++ ++ texData.setNumLevels(decode(header.numberOfMipmapLevels)); ++ ++ const quint32 bytesOfKeyValueData = decode(header.bytesOfKeyValueData); ++ quint32 headerKeyValueSize; ++ if (qAddOverflow(qktxh_headerSize, bytesOfKeyValueData, &headerKeyValueSize)) { ++ qWarning(lcQtGuiTextureIO, "Overflow in size of key value data in header of KTX file %s", ++ logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ if (headerKeyValueSize >= quint32(buf.size())) { ++ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ // Technically, any number of levels is allowed but if the value is bigger than ++ // what is possible in KTX V2 (and what makes sense) we return an error. ++ // maxLevels = log2(max(width, height, depth)) ++ const int maxLevels = (sizeof(quint32) * 8) ++ - qCountLeadingZeroBits(std::max( ++ { header.pixelWidth, header.pixelHeight, header.pixelDepth })); ++ ++ if (texData.numLevels() > maxLevels) { ++ qWarning(lcQtGuiTextureIO, "Too many levels in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ quint32 offset = headerKeyValueSize; ++ for (int level = 0; level < texData.numLevels(); level++) { ++ const auto imageSizeSlice = safeSlice(buf, offset, sizeof(quint32)); ++ if (imageSizeSlice.isEmpty()) { ++ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ const quint32 imageSize = decode(qFromUnaligned<quint32>(imageSizeSlice.data())); ++ offset += sizeof(quint32); // overflow checked indirectly above ++ ++ texData.setDataOffset(offset, level); ++ texData.setDataLength(imageSize, level); ++ ++ // Add image data and padding to offset ++ quint32 padded = 0; ++ if (nearestMultipleOf4(imageSize, &padded)) { ++ qWarning(lcQtGuiTextureIO, "Overflow in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ quint32 offsetNext; ++ if (qAddOverflow(offset, padded, &offsetNext)) { ++ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData()); ++ return QTextureFileData(); ++ } ++ ++ offset = offsetNext; + } + + if (!texData.isValid()) { +- qCDebug(lcQtGuiTextureIO, "Invalid values in header of KTX file %s", logName().constData()); ++ qWarning(lcQtGuiTextureIO, "Invalid values in header of KTX file %s", ++ logName().constData()); + return QTextureFileData(); + } + +@@ -191,7 +271,7 @@ bool QKtxHandler::checkHeader(const KTXHeader &header) + (decode(header.numberOfFaces) == 1)); + } + +-quint32 QKtxHandler::decode(quint32 val) ++quint32 QKtxHandler::decode(quint32 val) const + { + return inverseEndian ? qbswap<quint32>(val) : val; + } +diff --git a/src/gui/util/qktxhandler_p.h b/src/gui/util/qktxhandler_p.h +index 19f7b0e79a..8da990aaac 100644 +--- a/src/gui/util/qktxhandler_p.h ++++ b/src/gui/util/qktxhandler_p.h +@@ -68,7 +68,7 @@ public: + + private: + bool checkHeader(const KTXHeader &header); +- quint32 decode(quint32 val); ++ quint32 decode(quint32 val) const; + + bool inverseEndian = false; + }; +-- +2.35.7 + |