summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Debian Qt/KDE Maintainers [Thu, 27 Nov 2025 14:54:31 +0000 (15:54 +0100)]
QSQL/ODBC: fix regression (trailing NUL)
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
9020034b3b6a3a81
Last-Update: 2023-06-30
When we fixed the callers of toSQLTCHAR() to use the result's size()
instead of the input's (which differ, if sizeof(SQLTCHAR) != 2), we
exposed callers to the append(0), which changes the size() of the
result QVLA. Callers that don't rely on NUL-termination (all?) now saw
an additional training NUL.
Fix by not NUL-terminating, and changing the only user of SQL_NTS to
use an explicit length.
Gbp-Pq: Name sql_odbc_fix_unicode_check.diff
Debian Qt/KDE Maintainers [Thu, 27 Nov 2025 14:54:31 +0000 (15:54 +0100)]
Fix denial-of-service in Qt SQL ODBC driver plugin
Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
Last-Update: 2023-02-26
Gbp-Pq: Name CVE-2023-24607.diff
Debian Qt/KDE Maintainers [Thu, 27 Nov 2025 14:54:31 +0000 (15:54 +0100)]
QProcess: ensure we don't accidentally execute something from CWD
Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2022-25255-qprocess5-15.diff
Last-Update: 2022-02-21
Unless "." (or the empty string) is in $PATH, we're not supposed to find
executables in the current directory. This is how the Unix shells behave
and we match their behavior. It's also the behavior Qt had prior to 5.9
(commit
28666d167aa8e602c0bea25ebc4d51b55005db13). On Windows, searching
the current directory is the norm, so we keep that behavior.
This commit does not add an explicit check for an empty return from
QStandardPaths::findExecutable(). Instead, we allow that empty string to
go all the way to execve(2), which will fail with ENOENT. We could catch
it early, before fork(2), but why add code for the error case?
See https://kde.org/info/security/advisory-
20220131-1.txt
Gbp-Pq: Name CVE-2022-25255.diff
Debian Qt/KDE Maintainers [Thu, 27 Nov 2025 14:54:31 +0000 (15:54 +0100)]
fix buffer overflow in Qt SVG
Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff
Last-Update: 2023-05-22
Adds qAddOverflow and qMulOverflow definitions to QFixed.
Gbp-Pq: Name CVE-2023-32763.diff
Debian Qt/KDE Maintainers [Thu, 27 Nov 2025 14:54:31 +0000 (15:54 +0100)]
CVE-2024-25580
Gbp-Pq: Name CVE-2024-25580.diff
Zhang Yu [Mon, 22 Feb 2021 01:25:01 +0000 (09:25 +0800)]
[PATCH] Fix invalid pointer return with QGridLayout::itemAt(-1)
QGridLayout::takeAt() and QLayoutItem *itemAt() only check the upper bound.
If the index < 0, these function will return invalid pointer.
Fixes: QTBUG-91261
Pick-to: 5.15 6.0 6.1
Change-Id: Idfb9fb6228b9707f817353b04974da16205a835c
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Gbp-Pq: Name fix-invalid-pointer-return-with-QGridLayout.diff
Debian Qt/KDE Maintainers [Thu, 27 Nov 2025 14:54:31 +0000 (15:54 +0100)]
adjust QMimeDatabase implementation
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
0cbbba2aa5b47224
Last-Update: 2021-06-12
When multiple globs match, and the result from magic sniffing is
unrelated to any of those globs, globs have priority and one of them
should be picked up.
Gbp-Pq: Name mime_globs.diff
Debian Qt/KDE Maintainers [Thu, 27 Nov 2025 14:54:31 +0000 (15:54 +0100)]
fix allocated memory of QByteArray returned by QIODevice::readLine
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
6485b6d45ad165cf
Last-Update: 2021-02-20
Gbp-Pq: Name qiodevice_readline_memory.diff
Debian Qt/KDE Maintainers [Thu, 27 Nov 2025 14:54:31 +0000 (15:54 +0100)]
include <limits> to fix some GCC 11 build issues
Origin: upstream, commits:
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
813a928c7c3cf986
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
9c56d4da2ff631a8
Last-Update: 2021-01-26
Gbp-Pq: Name gcc_11_limits.diff
Debian Qt/KDE Maintainers [Thu, 27 Nov 2025 14:54:31 +0000 (15:54 +0100)]
QNAM: work around QObject finicky orphan cleanup details
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
0807f16eb407eaf8
Last-Update: 2021-01-26
Gbp-Pq: Name qnam_connect_memory_leak.diff
Debian Qt/KDE Maintainers [Thu, 27 Nov 2025 14:54:31 +0000 (15:54 +0100)]
Avoid use-after-free in QXcbConnection::initializeScreens()
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
86b8c5c3f32c2457
Last-Update: 2020-11-23
Gbp-Pq: Name xcb_screens_uaf.patch
Sylvain Beucler [Thu, 27 Nov 2025 14:54:31 +0000 (15:54 +0100)]
qtbase-opensource-src (5.15.2+dfsg-9+deb11u2) bullseye-security; urgency=high
* Non-maintainer upload by the LTS Security Team.
* CVE-2024-39936: issue in HTTP2. Code to make security-relevant
decisions about an established connection may execute too early,
because the encrypted() signal has not yet been emitted and
processed.
* Add Salsa-CI configuration
* Add git-buildpackage configuration
* Add lintian overrides for test binary data
[dgit import unpatched qtbase-opensource-src 5.15.2+dfsg-9+deb11u2]
Sylvain Beucler [Thu, 27 Nov 2025 14:54:31 +0000 (15:54 +0100)]
Import qtbase-opensource-src_5.15.2+dfsg-9+deb11u2.debian.tar.xz
[dgit import tarball qtbase-opensource-src 5.15.2+dfsg-9+deb11u2 qtbase-opensource-src_5.15.2+dfsg-9+deb11u2.debian.tar.xz]
Dmitry Shachnev [Fri, 20 Nov 2020 13:08:35 +0000 (16:08 +0300)]
Import qtbase-opensource-src_5.15.2+dfsg.orig.tar.xz
[dgit import orig qtbase-opensource-src_5.15.2+dfsg.orig.tar.xz]
projects / qtbase-opensource-src.git / log