QProcess: ensure we don't accidentally execute something from CWD

Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2022-25255-qprocess5-15.diff
Last-Update: 2022-02-21

Unless "." (or the empty string) is in $PATH, we're not supposed to find
executables in the current directory. This is how the Unix shells behave
and we match their behavior. It's also the behavior Qt had prior to 5.9
(commit 28666d167aa8e602c0bea25ebc4d51b55005db13). On Windows, searching
the current directory is the norm, so we keep that behavior.

This commit does not add an explicit check for an empty return from
QStandardPaths::findExecutable(). Instead, we allow that empty string to
go all the way to execve(2), which will fail with ENOENT. We could catch
it early, before fork(2), but why add code for the error case?

See https://kde.org/info/security/advisory-20220131-1.txt

Gbp-Pq: Name CVE-2022-25255.diff

fix buffer overflow in Qt SVG

Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff
Last-Update: 2023-05-22

Adds qAddOverflow and qMulOverflow definitions to QFixed.

Gbp-Pq: Name CVE-2023-32763.diff

CVE-2024-25580

Gbp-Pq: Name CVE-2024-25580.diff

[PATCH] Fix invalid pointer return with QGridLayout::itemAt(-1)

QGridLayout::takeAt() and QLayoutItem *itemAt() only check the upper bound.
If the index < 0, these function will return invalid pointer.

Fixes: QTBUG-91261
Pick-to: 5.15 6.0 6.1
Change-Id: Idfb9fb6228b9707f817353b04974da16205a835c
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Gbp-Pq: Name fix-invalid-pointer-return-with-QGridLayout.diff

adjust QMimeDatabase implementation

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=0cbbba2aa5b47224
Last-Update: 2021-06-12

When multiple globs match, and the result from magic sniffing is
unrelated to any of those globs, globs have priority and one of them
should be picked up.

Gbp-Pq: Name mime_globs.diff

fix allocated memory of QByteArray returned by QIODevice::readLine

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=6485b6d45ad165cf
Last-Update: 2021-02-20

Gbp-Pq: Name qiodevice_readline_memory.diff

include <limits> to fix some GCC 11 build issues

Origin: upstream, commits:
 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=813a928c7c3cf986
 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=9c56d4da2ff631a8
Last-Update: 2021-01-26

Gbp-Pq: Name gcc_11_limits.diff

QNAM: work around QObject finicky orphan cleanup details

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=0807f16eb407eaf8
Last-Update: 2021-01-26

Gbp-Pq: Name qnam_connect_memory_leak.diff

Avoid use-after-free in QXcbConnection::initializeScreens()

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=86b8c5c3f32c2457
Last-Update: 2020-11-23

Gbp-Pq: Name xcb_screens_uaf.patch

qtbase-opensource-src (5.15.2+dfsg-9+deb11u2) bullseye-security; urgency=high

  * Non-maintainer upload by the LTS Security Team.
  * CVE-2024-39936: issue in HTTP2. Code to make security-relevant
    decisions about an established connection may execute too early,
    because the encrypted() signal has not yet been emitted and
    processed.
  * Add Salsa-CI configuration
  * Add git-buildpackage configuration
  * Add lintian overrides for test binary data

[dgit import unpatched qtbase-opensource-src 5.15.2+dfsg-9+deb11u2]

Import qtbase-opensource-src_5.15.2+dfsg-9+deb11u2.debian.tar.xz

[dgit import tarball qtbase-opensource-src 5.15.2+dfsg-9+deb11u2 qtbase-opensource-src_5.15.2+dfsg-9+deb11u2.debian.tar.xz]

Import qtbase-opensource-src_5.15.2+dfsg.orig.tar.xz

[dgit import orig qtbase-opensource-src_5.15.2+dfsg.orig.tar.xz]