packages/qt5-qtbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2025-30348

Browse Source 
(cherry picked from commit 4e4aba6ff1d9d5ad8343c4c4fc7d5b3d4a7cafd6)
This commit is contained in:
Funda Wang 2025-04-02 18:56:22 +08:00 committed by openeuler-sync-bot
parent 3dbd0a52a1
commit cfd3d27347
5 changed files with 165 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored Normal file
View File

@ -0,0 +1 @@
*.xz filter=lfs diff=lfs merge=lfs -text

2
.lfsconfig Normal file
View File

@ -0,0 +1,2 @@
[lfs]
url = https://artlfs.openeuler.openatom.cn/src-openEuler/qt5-qtbase

156
CVE-2025-30348.patch Normal file
View File

@ -0,0 +1,156 @@
From 16918c1df3e709df2a97281e3825d94c84edb668 Mon Sep 17 00:00:00 2001
From: Christian Ehrlicher <ch.ehrlicher@gmx.de>
Date: Tue, 06 Aug 2024 22:39:44 +0200
Subject: [PATCH] XML/QDom: speedup encodeText()
The code copied the whole string, then replaced parts inline, at
the cost of relocating everything beyond, at each replacement.
Instead, copy character by character (in chunks where possible)
and append replacements as we skip what they replace.
Manual conflict resolution for 6.5:
- This is a manual cherry-pick. The original change was only
picked to 6.8, but the quadratic behavior is present in Qt 5, too.
- Changed Task-number to Fixes: because this is the real fix;
the QString change, 315210de916d060c044c01e53ff249d676122b1b,
was unrelated to the original QTBUG-127549.
Manual conflcit resolution for 5.15:
- Kept/re-added QTextCodec::canEncode() check
- Ported from Qt 6 to 5, to wit:
- qsizetype -> int
- QStringView::first/sliced(n) -> left/mid(n)
(these functions are clearly called in-range, so the widened
contract of the Qt 5 functions doesn't matter)
- Ported from C++17- and C++14-isms to C++11:
- replaced polymorphic lambda with a normal one (this requires
rewriting the !canEncode() branch to use QByteArray/QLatin1String
instead of QString)
- As a drive-by, corrected the indentation of the case labels to
horizontally align existing code (and follow Qt style)
Fixes: QTBUG-127549
Change-Id: I368482859ed0c4127f1eec2919183711b5488ada
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 2ce08e3671b8d18b0284447e5908ce15e6e8f80f)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 225e235cf966a44af23dbe9aaaa2fd20ab6430ee)
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
(cherry picked from commit 905a5bd421efff6a1d90b6140500d134d32ca745)
---
diff --git a/src/xml/dom/qdom.cpp b/src/xml/dom/qdom.cpp
index 872221c..bf70477 100644
--- a/src/xml/dom/qdom.cpp
+++ b/src/xml/dom/qdom.cpp
@@ -3676,59 +3676,67 @@
const QTextCodec *const codec = s.codec();
Q_ASSERT(codec);
#endif
- QString retval(str);
- int len = retval.length();
- int i = 0;
+ QString retval;
+ int start = 0;
+ auto appendToOutput = [&](int cur, QLatin1String replacement)
+ {
+ if (start < cur) {
+ retval.reserve(str.size() + replacement.size());
+ retval.append(QStringView(str).left(cur).mid(start));
+ }
+ // Skip over str[cur], replaced by replacement
+ start = cur + 1;
+ retval.append(replacement);
+ };
- while (i < len) {
- const QChar ati(retval.at(i));
-
- if (ati == QLatin1Char('<')) {
- retval.replace(i, 1, QLatin1String("&lt;"));
- len += 3;
- i += 4;
- } else if (encodeQuotes && (ati == QLatin1Char('"'))) {
- retval.replace(i, 1, QLatin1String("&quot;"));
- len += 5;
- i += 6;
- } else if (ati == QLatin1Char('&')) {
- retval.replace(i, 1, QLatin1String("&amp;"));
- len += 4;
- i += 5;
- } else if (ati == QLatin1Char('>') && i >= 2 && retval[i - 1] == QLatin1Char(']') && retval[i - 2] == QLatin1Char(']')) {
- retval.replace(i, 1, QLatin1String("&gt;"));
- len += 3;
- i += 4;
- } else if (performAVN &&
- (ati == QChar(0xA) ||
- ati == QChar(0xD) ||
- ati == QChar(0x9))) {
- const QString replacement(QLatin1String("&#x") + QString::number(ati.unicode(), 16) + QLatin1Char(';'));
- retval.replace(i, 1, replacement);
- i += replacement.length();
- len += replacement.length() - 1;
- } else if (encodeEOLs && ati == QChar(0xD)) {
- retval.replace(i, 1, QLatin1String("&#xd;")); // Replace a single 0xD with a ref for 0xD
- len += 4;
- i += 5;
- } else {
+ const int len = str.size();
+ for (int cur = 0; cur < len; ++cur) {
+ switch (const char16_t ati = str[cur].unicode()) {
+ case u'<':
+ appendToOutput(cur, QLatin1String("&lt;"));
+ break;
+ case u'"':
+ if (encodeQuotes)
+ appendToOutput(cur, QLatin1String("&quot;"));
+ break;
+ case u'&':
+ appendToOutput(cur, QLatin1String("&amp;"));
+ break;
+ case u'>':
+ if (cur >= 2 && str[cur - 1] == u']' && str[cur - 2] == u']')
+ appendToOutput(cur, QLatin1String("&gt;"));
+ break;
+ case u'\r':
+ if (performAVN || encodeEOLs)
+ appendToOutput(cur, QLatin1String("&#xd;")); // \r == 0x0d
+ break;
+ case u'\n':
+ if (performAVN)
+ appendToOutput(cur, QLatin1String("&#xa;")); // \n == 0x0a
+ break;
+ case u'\t':
+ if (performAVN)
+ appendToOutput(cur, QLatin1String("&#x9;")); // \t == 0x09
+ break;
+ default:
#if QT_CONFIG(textcodec)
if(codec->canEncode(ati))
- ++i;
+ ; // continue
else
#endif
{
// We have to use a character reference to get it through.
- const ushort codepoint(ati.unicode());
- const QString replacement(QLatin1String("&#x") + QString::number(codepoint, 16) + QLatin1Char(';'));
- retval.replace(i, 1, replacement);
- i += replacement.length();
- len += replacement.length() - 1;
+ const QByteArray replacement = "&#x" + QByteArray::number(uint{ati}, 16) + ';';
+ appendToOutput(cur, QLatin1String{replacement});
}
+ break;
}
}
-
- return retval;
+ if (start > 0) {
+ retval.append(QStringView(str).left(len).mid(start));
+ return retval;
+ }
+ return str;
}
void QDomAttrPrivate::save(QTextStream& s, int, int) const

45
qt5-qtbase.spec
View File

@ -36,7 +36,7 @@
Name: qt5-qtbase
Summary: Qt5 - QtBase components
Version: 5.15.10
Release: 10
Release: 11
# See LGPL_EXCEPTIONS.txt, for exception details
License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0
@ -136,6 +136,7 @@ Patch0029: qtbase5.15-CVE-2023-51714.patch
Patch0030: CVE-2024-25580-qtbase-5.15.diff
Patch0031: CVE-2023-45935.patch
Patch0032: add-sw_64-support-for-syscall_fork.patch
Patch0033: CVE-2025-30348.patch
# Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
# Those themes are there for platform integration. If the required libraries are
@ -371,44 +372,7 @@ Qt5 libraries used for drawing widgets and OpenGL items.
%prep
%setup -q -n %{qt_module}-everywhere-src-%{version}
## dowstream patches
%patch -P0000 -p1
%patch -P0001 -p1 -b .private_api_warning
## upstream fixes
%patch -P0002 -p1 -b .QT_VERSION_CHECK
%patch -P0004 -p1 -b .moc_macros
%patch -P0005 -p1 -b .qt5gui_cmake_isystem_includes
%patch -P0006 -p1 -b .qmake_LFLAGS
%patch -P0007 -p1 -b .no_relocatable
%patch -P0008 -p1 -b .qt5-qtbase-cxxflag
%patch -P0011 -p1 -b .libglvnd
%patch -P0009 -p1 -b .firebird
%patch -P0010 -p1 -b .mysql
%patch -P0012 -p1 -b .use-wayland-on-gnome.patch
%patch -P0013 -p1 -b .gcc11
### upstream patches
%patch -P100 -p1
%patch -P101 -p1
%patch -P102 -p1
%patch -P103 -p1
%patch -P104 -p1
%patch -P0021 -p1
%patch -P0022 -p1
%patch -P0024 -p1
%patch -P0025 -p1
%patch -P0026 -p1
%patch -P0027 -p1
%patch -P0028 -p1
%patch -P0029 -p1
%patch -P0030 -p1
%patch -P0031 -p1
%patch -P0032 -p1
%autosetup -p1 -n %{qt_module}-everywhere-src-%{version}
# move some bundled libs to ensure they're not accidentally used
pushd src/3rdparty
@ -1067,6 +1031,9 @@ fi
%changelog
* Wed Apr 02 2025 Funda Wang <fundawang@yeah.net> - 5.15.10-11
- fix CVE-2025-30348
* Thu Mar 06 2025 mahailiang <mahailiang@uniontech.com> - 5.15.10-10
- add sw_64 support for syscall_fork

BIN
qtbase-everywhere-opensource-src-5.15.10.tar.xz
View File

Binary file not shown.