summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
OpenFile portal: do not use O_PATH fds
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
03cbcba7b2b0e42a
Last-Update: 2023-05-13
Using O_PATH requires correctly specifying whether the fd is writable or
not. Stating that the fd is writable without it actually being writable
results into rejection on xdg-desktop-portal side. Other implementations
like xdg-open or gtk have also moved away from O_PATH fds so this will
make a matching implementation and avoid possible rejections from xdp.
Gbp-Pq: Name dont_use_O_PATH.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
fix accessibility on XCB when running as root
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
db346e711c9af505
Bug: https://bugs.debian.org/
1033995
Last-Update: 2023-04-15
Accessibility actually works when running applications as root, but we
would never properly connect, since the enabledChanged signal would be
emitted from the constructor in this case. So after connecting the
signal, check the value by hand to make sure not to miss the
notification.
Only applications running as root would be affected, because all other
applications would go through the asynchronous pattern of getting the
bus address from dbus instead.
Gbp-Pq: Name a11y_root.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
QSQL/ODBC: fix regression (trailing NUL)
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
9020034b3b6a3a81
Last-Update: 2023-06-30
When we fixed the callers of toSQLTCHAR() to use the result's size()
instead of the input's (which differ, if sizeof(SQLTCHAR) != 2), we
exposed callers to the append(0), which changes the size() of the
result QVLA. Callers that don't rely on NUL-termination (all?) now saw
an additional training NUL.
Fix by not NUL-terminating, and changing the only user of SQL_NTS to
use an explicit length.
Gbp-Pq: Name sql_odbc_fix_unicode_check.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
SQL/ODBC: add another check to detect unicode availability in driver
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
f19320748d282b1e
Last-Update: 2023-06-30
Since ODBC does not have a direct way finding out if unicode is
supported by the underlying driver the ODBC plugin does some checks. As
a last resort a sql statement is executed which returns a string. But
even this may fail because the select statement has no FROM part which
is rejected by at least Oracle does not allow. Therefore add another
query which is correct for Oracle & DB2 as a workaround. The question
why the first three statements to check for unicode availability fail
is still open but can't be checked since I've no access to an oracle
database.
Gbp-Pq: Name sql_odbc_more_unicode_checks.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
Ssl: Copy the on-demand cert loading bool from default config
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
57ba6260c0801055
Last-Update: 2023-06-08
Otherwise individual sockets will still load system certificates when
a chain doesn't match against the configured CA certificates.
That's not intended behavior, since specifically setting the CA
certificates means you don't want the system certificates to be used.
This is potentially a breaking change because now, if you ever add a
CA to the default config, it will disable loading system certificates
on demand for all sockets. And the only way to re-enable it is to
create a null-QSslConfiguration and set it as the new default.
Gbp-Pq: Name CVE-2023-34410.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
QDnsLookup/Unix: make sure we don't overflow the buffer
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
7dba2c87619d558a
Last-Update: 2023-05-25
The DNS Records are variable length and encode their size in 16 bits
before the Record Data (RDATA). Ensure that both the RDATA and the
Record header fields before it fall inside the buffer we have.
Additionally reject any replies containing more than one query records.
Gbp-Pq: Name CVE-2023-33285.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
hsts: match header names case insensitively
Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32762-qtbase-5.15.diff
Last-Update: 2023-05-22
Header field names are always considered to be case-insensitive.
Gbp-Pq: Name CVE-2023-32762.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
fix buffer overflow in Qt SVG
Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff
Last-Update: 2023-05-22
Adds qAddOverflow and qMulOverflow definitions to QFixed.
Gbp-Pq: Name CVE-2023-32763.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
do not set Qt::ToolTip flag for QShapedPixmapWindow
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
180b496b537089b8
Bug: https://bugreports.qt.io/browse/QTBUG-98048
Last-Update: 2023-05-20
This hint is not really needed in the first place and only causes
problems in some environments.
For example in KDE, the compositor animates changes in position and size
for all ToolTip windows. However, this is not wanted here because we use
this window as a thumbnail for a drag-and-drop operation.
Before this patch the dragged element would lag significantly behind the
cursor. Now it works as expected, i.e. the dragged element follows the
cursor immediately.
Gbp-Pq: Name qshapedpixmapwindow_no_tooltip.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
Fix denial-of-service in Qt SQL ODBC driver plugin
Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
Last-Update: 2023-02-26
Gbp-Pq: Name CVE-2023-24607.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
set geometry property in QXcbWindow after checking minimum size
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
6a3627b6c5aa5109
Last-Update: 2023-01-04
QXcbWindow::create() bound the window's size to windowMinimumSize(),
after its size had been inherited from parent().
QPlatformWindow::setGeometry() was called before that sanity check.
When a fullscreen window is re-mapped from a deactivated screen to the
remaining screen, the call to QPlatformWindow::setGeometry() assigns
an invalid QRect to QPlatformWindowPrivate::rect
The negative int values x2 and/or y2 cause
QXcbBackingStoreImage::flushPixmap to address unmapped memory and
crash.
This patch moves the call to QPlatformWindow::setGeometry() from
before to after bounding to a minimum value. That assures a valid
rectangle to be assigned in all cases.
Gbp-Pq: Name qxcbwindow_set_geometry.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
fix deletion order in QImageReader/Writer destructors
Origin: upstream, commits
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
f091026be1deb4b4
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
5633cb69f68ca3d3
Last-Update: 2023-02-26
The device would be deleted before the image format handler, and hence
be a dangling pointer that could easily cause a crash if the handler
or codec would access it on destruction, e.g. for cleanup.
Gbp-Pq: Name image_deletion_order.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
fix Alt+` shortcut on non-US layouts
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit?id=
62e697fd568f6acd
Last-Update: 2022-12-03
Make it possible for non-letter-keys with Latin 1 symbols (`, !, @ etc.)
to participate in shortcuts also, when the keys generate national
symbols on non-Latin layout.
For example, in Russian layout, "`" key generates cyrillic "ё" letter of
national alphabet, so shortcuts with the key should still work
regardless of the actual layout.
Gbp-Pq: Name fix_alt_backtick.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
use wayland platform plugin on GNOME wayland sessions by default
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
dda7dab8274991e4
Last-Update: 2022-10-16
Qt wayland platform plugin has improved quite a lot and it is now pretty
much usable on Gnome. It also improves user experience a lot on HiDPI
displays.
Gbp-Pq: Name gnome_wayland.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
widgets: setTransientParent() when a QMenu is a window
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
493a85a9e4688744
Last-Update: 2022-10-16
On some platforms, such as X11 and Wayland with some compositors,
QMenu could be a popup window, which should be set a transient parent
to get relative position, which is requested by Wayland.
Added transientParentWindow() for QMenuPrivate like QDialogPrivate.
Gbp-Pq: Name qmenu_set_transient_parent.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
update function argument of SSL_CTX_set_options
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
e995bfc0ea783c15
Backported for 5.15 by the patch author, Michael Saxl.
Last-Update: 2022-08-07
openssl3 uses uint64_t for the options argument in SSL_CTX_set_options,
older ones used long.
sizeof(long) is not the same on any platform as sizeof(uint64_t)
Gbp-Pq: Name openssl_set_options.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
upstream fixes to support OpenSSL 3.0
Origin: upstream, commits
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
3186ca3e3972cf46
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
408656c6f9de326c
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
ae6590e360fbb04d
and a small part of
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
4c0f81490ba0c4ec
Last-Update: 2021-12-09
Gbp-Pq: Name openssl3.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
QPushButton/fusion style: don't ignore QIcon::On icon
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
e9ccdf4d84157173
Last-Update: 2021-08-10
The fusion style did ignore the QIcon::On icon because it reset
State_On to avoid the visual shift of a pressed button.
But it's not needed to reset this flag - the shift does not happen
because the fusion style does return 0 as offset for
PM_ButtonShiftHorizontal/PM_ButtonShiftVertical so no shifting will
happen.
Gbp-Pq: Name fusion_checkable_qpushbutton.diff
Debian Qt/KDE Maintainers [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
adjust QMimeDatabase implementation
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=
0cbbba2aa5b47224
Last-Update: 2021-06-12
When multiple globs match, and the result from magic sniffing is
unrelated to any of those globs, globs have priority and one of them
should be picked up.
Gbp-Pq: Name mime_globs.diff
Steve Langasek [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
qtbase-opensource-src (5.15.10+dfsg-7.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix extraneous X-Time64-Compat declarations. Closes: #
1065154.
[dgit import unpatched qtbase-opensource-src 5.15.10+dfsg-7.2]
Steve Langasek [Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)]
Import qtbase-opensource-src_5.15.10+dfsg-7.2.debian.tar.xz
[dgit import tarball qtbase-opensource-src 5.15.10+dfsg-7.2 qtbase-opensource-src_5.15.10+dfsg-7.2.debian.tar.xz]
Dmitry Shachnev [Fri, 9 Jun 2023 08:08:39 +0000 (11:08 +0300)]
Import qtbase-opensource-src_5.15.10+dfsg.orig.tar.xz
[dgit import orig qtbase-opensource-src_5.15.10+dfsg.orig.tar.xz]
projects / qtbase-opensource-src.git / log