projects / qt6-base.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
qt6-base.git
21 months ago[PATCH] QXmlStreamReader: make fastScanName() indicate parsing status to callers
commit | commitdiff | tree
Ahmad Samir [Thu, 22 Jun 2023 12:56:07 +0000 (15:56 +0300)]
[PATCH] QXmlStreamReader: make fastScanName() indicate parsing status to callers

This fixes a crash while parsing an XML file with garbage data, the file
starts with '<' then garbage data:
- The loop in the parse() keeps iterating until it hits "case 262:",
  which calls fastScanName()
- fastScanName() iterates over the text buffer scanning for the
  attribute name (e.g. "xml:lang"), until it finds ':'
- Consider a Value val, fastScanName() is called on it, it would set
  val.prefix to a number > val.len, then it would hit the 4096 condition
  and return (returned 0, now it returns the equivalent of
  std::null_opt), which means that val.len doesn't get modified, making
  it smaller than val.prefix
- The code would try constructing an XmlStringRef with negative length,
  which would hit an assert in one of QStringView's constructors

Add an assert to the XmlStringRef constructor.

Add unittest based on the file from the bug report.

Later on I will replace FastScanNameResult with std::optional<qsizetype>
(std::optional is C++17, which isn't required by Qt 5.15, and we want to
backport this fix).

Credit to OSS-Fuzz.

Fixes: QTBUG-109781
Fixes: QTBUG-114829
Pick-to: 6.6 6.5 6.2 5.15
Change-Id: I455a5eeb47870c2ac9ffd0cbcdcd99c1ae2dd374
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Gbp-Pq: Name cve-2023-37369.diff

21 months ago[PATCH] xkb: fix build with libxkbcommon 1.6.0 and later
commit | commitdiff | tree
Liang Qi [Tue, 10 Oct 2023 12:08:48 +0000 (14:08 +0200)]
[PATCH] xkb: fix build with libxkbcommon 1.6.0 and later

A few XKB_KEY_dead_* defines got removed from 1.6.0. See also
https://github.com/xkbcommon/libxkbcommon/blob/6073565903488cb5b9a8d37fdc4a7c2f9d7ad04d/NEWS#L9-L14
https://gitlab.freedesktop.org/xorg/proto/xorgproto/-/merge_requests/70/diffs?commit_id=cb44799b72f611eb4c9d7cc185bc3b09e070be08

Pick-to: 6.6 6.5 6.2 5.15
Fixes: QTBUG-117950
Change-Id: I55861868f2bb29c553d68365fa9b9b6ed01c9aea
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Gbp-Pq: Name libxkbcommon_1.6.0.diff

21 months agocve-2023-51714
commit | commitdiff | tree
Debian Qt/KDE Maintainers [Thu, 29 Feb 2024 21:45:27 +0000 (21:45 +0000)]
cve-2023-51714

Gbp-Pq: Name cve-2023-51714.diff

21 months agoqt6-base (6.4.2+dfsg-21.1) unstable; urgency=medium
commit | commitdiff | tree
Benjamin Drung [Thu, 29 Feb 2024 21:45:27 +0000 (21:45 +0000)]
qt6-base (6.4.2+dfsg-21.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Rename libraries for 64-bit time_t transition.  Closes: #1062725

[dgit import unpatched qt6-base 6.4.2+dfsg-21.1]

21 months agoImport qt6-base_6.4.2+dfsg-21.1.debian.tar.xz
commit | commitdiff | tree
Benjamin Drung [Thu, 29 Feb 2024 21:45:27 +0000 (21:45 +0000)]
Import qt6-base_6.4.2+dfsg-21.1.debian.tar.xz

[dgit import tarball qt6-base 6.4.2+dfsg-21.1 qt6-base_6.4.2+dfsg-21.1.debian.tar.xz]

2 years agoImport qt6-base_6.4.2+dfsg.orig.tar.xz
commit | commitdiff | tree
Patrick Franz [Tue, 31 Jan 2023 18:16:32 +0000 (19:16 +0100)]
Import qt6-base_6.4.2+dfsg.orig.tar.xz

[dgit import orig qt6-base_6.4.2+dfsg.orig.tar.xz]

Unnamed repository; edit this file 'description' to name the repository.