dgit.raspbian.org Git - qtbase-opensource-src.git/log

Merge version 5.15.2+dfsg-9+rpi1+deb11u1 and 5.15.2+dfsg-9+deb11u2 to produce 5.15.2+dfsg-9+rpi1+deb11u2

Merge qtbase-opensource-src (5.15.2+dfsg-9+deb11u2) import into refs/heads/workingbranch

call pkgconfig in order to be able to cross build qtbase with MySql.

Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971604
Forwarded: not-needed
Reviewed-by: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Qt's build system calls mysql_config... which won't work in a cross build
environment like Debian's, as it will throw an exec format error.

In order to solve this call pkgconfig and use mysqlclient.pc.

Gbp-Pq: Name cross_build_mysql.diff

Limit Linux-only code with Q_OS_LINUX

Forwarded: no
Last-Update: 2020-04-19

The QStorageInfo/QStorageIterator implementation used for Linux is used also
on Hurd, as it uses an interface provided by GNU libc.
QStorageIterator::device() tries to use PATH_MAX (unavailable on the Hurd)
to lookup a /dev/block/ path, which exists on Linux only; hence, perform that
check within a Q_OS_LINUX block.

Gbp-Pq: Name qstorageinfo_linux.diff

Avoid unconditional PATH_MAX usage

Forwarded: no
Last-Update: 2020-04-19

Use a "safe" size in case PATH_MAX is not defined; in the end, this should not
be used, as a allocating realpath() will be used instead.

Gbp-Pq: Name path_max.diff

pass default include directories to qdoc

Bug: https://bugs.debian.org/908328
Forwarded: no
Last-Update: 2020-01-28

Gbp-Pq: Name qdoc_default_incdirs.diff

guard UTIME_NOW/UTIME_OMIT usages

Forwarded: no
Last-Update: 2018-02-22

Gbp-Pq: Name nonlinux_utime.diff

support ARMv4 architecture, needed for armel builds

Forwarded: no
Last-Update: 2016-07-01

Gbp-Pq: Name armv4.diff

catch linker warnings in some config tests

Forwarded: https://codereview.qt-project.org/163214 (rejected)
Bug: https://bugs.debian.org/827935
Last-Update: 2019-03-02

Without this, qmake wrongly thinks that the tests succeed, for example:

./config.tests/unix/futimens/futimens.cpp:44: warning: futimens is not implemented and will always fail
test config.corelib.tests.futimens succeeded

Gbp-Pq: Name gnukfreebsd_linker_warnings.diff

build ibase sql plugin against firebird

Forwarded: no
Last-Update: 2017-06-30

Gbp-Pq: Name link_fbclient.diff

remove non-used privacy-breach code

Forwarded: not-needed
Last-Update: 2015-02-18

This code makes Lintian unhappy. But we are really not using it, it only
gets inserted when building the online doc.
Anyways the best way to calm down Lintian is to simply remove it.

Gbp-Pq: Name remove_privacy_breaches.diff

disable htmlinfo example which contains non-free files

Forwarded: not-needed
Last-Update: 2014-12-17

Gbp-Pq: Name no_htmlinfo_example.diff

Initial GNU/kFreeBSD support

Last-Update: 2015-06-03
Forwarded: no

- add a gnukfreebsd-g++ qmake mkspec, mostly copied from the hurd-g++ one
- properly use LD_LIBRARY_PATH on GNU/* systems

Gbp-Pq: Name gnukfreebsd.diff

CVE-2024-39936

Origin: https://github.com/qt/qtbase/commit/bb1006b789f4ed0183b6ca668a45f75243879cb6
Reviewed-by: Sylvain Beucler <beuc@debian.org>
Last-Update: 2025-11-26

From bb1006b789f4ed0183b6ca668a45f75243879cb6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
Date: Tue, 25 Jun 2024 17:09:35 +0200
Subject: [PATCH] HTTP2: Delay any communication until encrypted() can be
responded to

We have the encrypted() signal that lets users do extra checks on the
established connection. It is emitted as BlockingQueued, so the HTTP
thread stalls until it is done emitting. Users can potentially call
abort() on the QNetworkReply at that point, which is passed as a Queued
call back to the HTTP thread. That means that any currently queued
signal emission will be processed before the abort() call is processed.

In the case of HTTP2 it is a little special since it is multiplexed and
the code is built to start requests as they are available. This means
that, while the code worked fine for HTTP1, since one connection only
has one request, it is not working for HTTP2, since we try to send more
requests in-between the encrypted() signal and the abort() call.

This patch changes the code to delay any communication until the
encrypted() signal has been emitted and processed, for HTTP2 only.
It's done by adding a few booleans, both to know that we have to return
early and so we can keep track of what events arose and what we need to
resume once enough time has passed that any abort() call must have been
processed.

Conflict resolution: adapt to Qt 5 code supporting SPDY as well.

Fixes: QTBUG-126610
Pick-to: 5.12
Change-Id: Ic25a600c278203256e35f541026f34a8783235ae
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit b1e75376cc3adfc7da5502a277dfe9711f3e0536)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 0fb43e4395da34d561814242a0186999e4956e28)
(cherry picked from commit 2b1e36e183ce75c224305c7a94457b92f7a5cf58)
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit 2b3048b35c4b37bfbfe38b8bde999715806bd7b8)
(cherry picked from commit db8bd4ea27e53753875ec71feed9c5b562b713eb)

Gbp-Pq: Name CVE-2024-39936.diff

CVE-2024-39936-prereq

Origin: https://github.com/qt/qtbase/commit/95064c35826793c5d6a4edff9fa08ad308b047bb
Reviewed-by: Sylvain Beucler <beuc@debian.org>
Last-Update: 2025-11-26

From 95064c35826793c5d6a4edff9fa08ad308b047bb Mon Sep 17 00:00:00 2001
From: Timur Pocheptsov <timur.pocheptsov@qt.io>
Date: Tue, 20 Jul 2021 08:16:28 +0200
Subject: [PATCH] H2: emit encrypted for at least the first reply, similar to
H1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: QTBUG-95277
Change-Id: I1fe01503376c0d6278e366d7bd31b412b7cc3a69
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit c23b7886348dc313ccec1a131850a7cce1b429de)

Gbp-Pq: Name CVE-2024-39936-prereq.diff

QDnsLookup/Unix: make sure we don't overflow the buffer

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7dba2c87619d558a
Last-Update: 2023-05-25

The DNS Records are variable length and encode their size in 16 bits
before the Record Data (RDATA). Ensure that both the RDATA and the
Record header fields before it fall inside the buffer we have.

Additionally reject any replies containing more than one query records.

Gbp-Pq: Name CVE-2023-33285.diff

CVE-2023-34410

===================================================================

Gbp-Pq: Name CVE-2023-34410.diff

CVE-2023-38197

===================================================================

Gbp-Pq: Name CVE-2023-38197.diff

CVE-2023-37369

===================================================================

Gbp-Pq: Name CVE-2023-37369.diff

[PATCH] HPack: fix incorrect integer overflow check

This code never worked:

For the comparison with max() - 32 to trigger, on 32-bit platforms (or
Qt 5) signed interger overflow would have had to happen in the
addition of the two sizes. The compiler can therefore remove the
overflow check as dead code.

On Qt 6 and 64-bit platforms, the signed integer addition would be
very unlikely to overflow, but the following truncation to uint32
would yield the correct result only in a narrow 32-value window just
below UINT_MAX, if even that.

Fix by using the proper tool, qAddOverflow.

Manual conflict resolutions:
- qAddOverflow doesn't exist in Qt 5, use private add_overflow
predecessor API instead

Change-Id: I7599f2e75ff7f488077b0c60b81022591005661c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit ee5da1f2eaf8932aeca02ffea6e4c618585e29e3)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit debeb8878da2dc706ead04b6072ecbe7e5313860)
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
(cherry picked from commit 811b9eef6d08d929af8708adbf2a5effb0eb62d7)
(cherry picked from commit f931facd077ce945f1e42eaa3bead208822d3e00)
(cherry picked from commit 9ef4ca5ecfed771dab890856130e93ef5ceabef5)
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Gbp-Pq: Name CVE-2023-51714.diff

CVE-2023-32762

commit 1b736a815be0222f4b24289cf17575fc15707305
Author: Mårten Nordheim <marten.nordheim@qt.io>
Date:   Fri May 5 11:07:26 2023 +0200

    Hsts: match header names case insensitively

    Header field names are always considered to be case-insensitive.

Pick-to: 6.5 6.5.1 6.2 5.15
Fixes: QTBUG-113392
    Change-Id: Ifb4def4bb7f2ac070416cdc76581a769f1e52b43
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
Gbp-Pq: Name CVE-2023-32762.diff

SQL/ODBC: add another check to detect unicode availability in driver

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f19320748d282b1e
Last-Update: 2023-06-30

Since ODBC does not have a direct way finding out if unicode is
supported by the underlying driver the ODBC plugin does some checks. As
a last resort a sql statement is executed which returns a string. But
even this may fail because the select statement has no FROM part which
is rejected by at least Oracle does not allow. Therefore add another
query which is correct for Oracle & DB2 as a workaround. The question
why the first three statements to check for unicode availability fail
is still open but can't be checked since I've no access to an oracle
database.

Gbp-Pq: Name sql_odbc_more_unicode_checks.diff

QSQL/ODBC: fix regression (trailing NUL)

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=9020034b3b6a3a81
Last-Update: 2023-06-30

When we fixed the callers of toSQLTCHAR() to use the result's size()
instead of the input's (which differ, if sizeof(SQLTCHAR) != 2), we
exposed callers to the append(0), which changes the size() of the
result QVLA. Callers that don't rely on NUL-termination (all?) now saw
an additional training NUL.

Fix by not NUL-terminating, and changing the only user of SQL_NTS to
use an explicit length.

Gbp-Pq: Name sql_odbc_fix_unicode_check.diff

Fix denial-of-service in Qt SQL ODBC driver plugin

Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
Last-Update: 2023-02-26

Gbp-Pq: Name CVE-2023-24607.diff

QProcess: ensure we don't accidentally execute something from CWD

Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2022-25255-qprocess5-15.diff
Last-Update: 2022-02-21

Unless "." (or the empty string) is in $PATH, we're not supposed to find
executables in the current directory. This is how the Unix shells behave
and we match their behavior. It's also the behavior Qt had prior to 5.9
(commit 28666d167aa8e602c0bea25ebc4d51b55005db13). On Windows, searching
the current directory is the norm, so we keep that behavior.

This commit does not add an explicit check for an empty return from
QStandardPaths::findExecutable(). Instead, we allow that empty string to
go all the way to execve(2), which will fail with ENOENT. We could catch
it early, before fork(2), but why add code for the error case?

See https://kde.org/info/security/advisory-20220131-1.txt

Gbp-Pq: Name CVE-2022-25255.diff

fix buffer overflow in Qt SVG

Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff
Last-Update: 2023-05-22

Adds qAddOverflow and qMulOverflow definitions to QFixed.

Gbp-Pq: Name CVE-2023-32763.diff

CVE-2024-25580

Gbp-Pq: Name CVE-2024-25580.diff

[PATCH] Fix invalid pointer return with QGridLayout::itemAt(-1)

QGridLayout::takeAt() and QLayoutItem *itemAt() only check the upper bound.
If the index < 0, these function will return invalid pointer.

Fixes: QTBUG-91261
Pick-to: 5.15 6.0 6.1
Change-Id: Idfb9fb6228b9707f817353b04974da16205a835c
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Gbp-Pq: Name fix-invalid-pointer-return-with-QGridLayout.diff

adjust QMimeDatabase implementation

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=0cbbba2aa5b47224
Last-Update: 2021-06-12

When multiple globs match, and the result from magic sniffing is
unrelated to any of those globs, globs have priority and one of them
should be picked up.

Gbp-Pq: Name mime_globs.diff

fix allocated memory of QByteArray returned by QIODevice::readLine

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=6485b6d45ad165cf
Last-Update: 2021-02-20

Gbp-Pq: Name qiodevice_readline_memory.diff

include <limits> to fix some GCC 11 build issues

Origin: upstream, commits:
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=813a928c7c3cf986
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=9c56d4da2ff631a8
Last-Update: 2021-01-26

Gbp-Pq: Name gcc_11_limits.diff

QNAM: work around QObject finicky orphan cleanup details

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=0807f16eb407eaf8
Last-Update: 2021-01-26

Gbp-Pq: Name qnam_connect_memory_leak.diff

Avoid use-after-free in QXcbConnection::initializeScreens()

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=86b8c5c3f32c2457
Last-Update: 2020-11-23

Gbp-Pq: Name xcb_screens_uaf.patch

qtbase-opensource-src (5.15.2+dfsg-9+deb11u2) bullseye-security; urgency=high

  * Non-maintainer upload by the LTS Security Team.
  * CVE-2024-39936: issue in HTTP2. Code to make security-relevant
    decisions about an established connection may execute too early,
    because the encrypted() signal has not yet been emitted and
    processed.
  * Add Salsa-CI configuration
  * Add git-buildpackage configuration
  * Add lintian overrides for test binary data

[dgit import unpatched qtbase-opensource-src 5.15.2+dfsg-9+deb11u2]

Import qtbase-opensource-src_5.15.2+dfsg-9+deb11u2.debian.tar.xz

[dgit import tarball qtbase-opensource-src 5.15.2+dfsg-9+deb11u2 qtbase-opensource-src_5.15.2+dfsg-9+deb11u2.debian.tar.xz]

Merge version 5.15.2+dfsg-9+rpi1 and 5.15.2+dfsg-9+deb11u1 to produce 5.15.2+dfsg-9+rpi1+deb11u1

Merge qtbase-opensource-src (5.15.2+dfsg-9+deb11u1) import into refs/heads/workingbranch