packages/qt5-qtbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:a2385c0b862bfd363a2934d9e4c210b30a3ce748
Branches Tags
packages:main
...
compare: packages:16ed2cb73d16c9eaaaa5db558c29f4059f018c07
Branches Tags
packages:main

10 Commits
a2385c0b86 ... 16ed2cb73d

Author SHA1 Message Date
openeuler-ci-bot
16ed2cb73d
!165 [sync] PR-160: fix CVE-2025-30348 
From: @openeuler-sync-bot 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl
 2025-04-08 00:54:26 +00:00
Funda Wang
cfd3d27347 fix CVE-2025-30348 
(cherry picked from commit 4e4aba6ff1d9d5ad8343c4c4fc7d5b3d4a7cafd6)
 2025-04-07 16:26:18 +08:00
openeuler-ci-bot
3dbd0a52a1
!157 [sync] PR-154: add sw_64 support for syscall_fork 
From: @openeuler-sync-bot 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl
 2025-03-07 08:52:52 +00:00
Hailiang
a4a317e5e0 add sw_64 support for syscall_fork 
(cherry picked from commit 528433041960e2fef107816b22039953886e5607)
 2025-03-07 16:32:39 +08:00
openeuler-ci-bot
03f83b283c
!137 [sync] PR-136: Fix CVE-2023-45935 
From: @openeuler-sync-bot 
Reviewed-by: @peijiankang 
Signed-off-by: @peijiankang
 2024-04-28 01:37:34 +00:00
lvfei
a1c51e17a4 Fix CVE-2023-45935 
(cherry picked from commit dca3aa7b7f3d94dfe28c7ee3c701c6876ad3246c)
 2024-04-26 17:09:47 +08:00
openeuler-ci-bot
dd8823051c
!127 fix CVE-2024-25580 
From: @hou-hongxun 
Reviewed-by: @peijiankang 
Signed-off-by: @peijiankang
 2024-04-25 05:34:13 +00:00
peijiankang
9c1a96338f CVE-2024-25580 2024-04-17 09:33:56 +08:00
openeuler-ci-bot
f166bc423f
!117 CVE-2023-51714 
From: @dou33 
Reviewed-by: @peijiankang 
Signed-off-by: @peijiankang
 2024-02-01 05:27:59 +00:00
peijiankang
e40830cbfe qtbase5.15-CVE-2023-51714 2024-02-01 12:18:11 +08:00
9 changed files with 474 additions and 36 deletions
Show Stats Expand all files Collapse all files

1
.gitattributes vendored Normal file
View File

@ -0,0 +1 @@
*.xz filter=lfs diff=lfs merge=lfs -text

2
.lfsconfig Normal file
View File

@ -0,0 +1,2 @@
[lfs]
url = https://artlfs.openeuler.openatom.cn/src-openEuler/qt5-qtbase

31
CVE-2023-45935.patch Normal file
View File

@ -0,0 +1,31 @@
From 33f905df885041e97a465c3706046fa4378ea27f Mon Sep 17 00:00:00 2001
From: Liang Qi <liang.qi@qt.io>
Date: 2023-07-31 05:35:11 +0200
Subject: [PATCH] CVE-2023-45935
port invokeMethodImpl() from QScopeGuard to SlotObjUniquePtr
---
src/plugins/platforms/xcb/qxcbatom.cpp | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/plugins/platforms/xcb/qxcbatom.cpp b/src/plugins/platforms/xcb/qxcbatom.cpp
index a769ddad..a33b1b44 100644
--- a/src/plugins/platforms/xcb/qxcbatom.cpp
+++ b/src/plugins/platforms/xcb/qxcbatom.cpp
@@ -270,8 +270,10 @@ void QXcbAtom::initializeAllAtoms(xcb_connection_t *connection) {
for (i = 0; i < QXcbAtom::NAtoms; ++i) {
xcb_intern_atom_reply_t *reply = xcb_intern_atom_reply(connection, cookies[i], nullptr);
- m_allAtoms[i] = reply->atom;
- free(reply);
+ if (reply) {
+ m_allAtoms[i] = reply->atom;
+ free(reply);
+ }
}
}
--
2.27.0

197
CVE-2024-25580-qtbase-5.15.diff Normal file
View File

@ -0,0 +1,197 @@
diff --git a/src/gui/util/qktxhandler.cpp b/src/gui/util/qktxhandler.cpp
index 0d98e97453..6a79e55109 100644
--- a/src/gui/util/qktxhandler.cpp
+++ b/src/gui/util/qktxhandler.cpp
@@ -73,7 +73,7 @@ struct KTXHeader {
quint32 bytesOfKeyValueData;
};
-static const quint32 headerSize = sizeof(KTXHeader);
+static constexpr quint32 qktxh_headerSize = sizeof(KTXHeader);
// Currently unused, declared for future reference
struct KTXKeyValuePairItem {
@@ -103,11 +103,36 @@ struct KTXMipmapLevel {
*/
};
-bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block)
+static bool qAddOverflow(quint32 v1, quint32 v2, quint32 *r) {
+ // unsigned additions are well-defined
+ *r = v1 + v2;
+ return v1 > quint32(v1 + v2);
+}
+
+// Returns the nearest multiple of 4 greater than or equal to 'value'
+static bool nearestMultipleOf4(quint32 value, quint32 *result)
+{
+ constexpr quint32 rounding = 4;
+ *result = 0;
+ if (qAddOverflow(value, rounding - 1, result))
+ return true;
+ *result &= ~(rounding - 1);
+ return false;
+}
+
+// Returns a slice with prechecked bounds
+static QByteArray safeSlice(const QByteArray& array, quint32 start, quint32 length)
{
- Q_UNUSED(suffix)
+ quint32 end = 0;
+ if (qAddOverflow(start, length, &end) || end > quint32(array.length()))
+ return {};
+ return QByteArray(array.data() + start, length);
+}
- return (qstrncmp(block.constData(), ktxIdentifier, KTX_IDENTIFIER_LENGTH) == 0);
+bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block)
+{
+ Q_UNUSED(suffix);
+ return block.startsWith(QByteArray::fromRawData(ktxIdentifier, KTX_IDENTIFIER_LENGTH));
}
QTextureFileData QKtxHandler::read()
@@ -115,42 +140,97 @@ QTextureFileData QKtxHandler::read()
if (!device())
return QTextureFileData();
- QByteArray buf = device()->readAll();
- const quint32 dataSize = quint32(buf.size());
- if (dataSize < headerSize || !canRead(QByteArray(), buf)) {
- qCDebug(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData());
+ const QByteArray buf = device()->readAll();
+ if (size_t(buf.size()) > std::numeric_limits<quint32>::max()) {
+ qWarning(lcQtGuiTextureIO, "Too big KTX file %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ if (!canRead(QByteArray(), buf)) {
+ qWarning(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ if (buf.size() < qsizetype(qktxh_headerSize)) {
+ qWarning(lcQtGuiTextureIO, "Invalid KTX header size in %s", logName().constData());
return QTextureFileData();
}
- const KTXHeader *header = reinterpret_cast<const KTXHeader *>(buf.constData());
- if (!checkHeader(*header)) {
- qCDebug(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData());
+ KTXHeader header;
+ memcpy(&header, buf.data(), qktxh_headerSize);
+ if (!checkHeader(header)) {
+ qWarning(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData());
return QTextureFileData();
}
QTextureFileData texData;
texData.setData(buf);
- texData.setSize(QSize(decode(header->pixelWidth), decode(header->pixelHeight)));
- texData.setGLFormat(decode(header->glFormat));
- texData.setGLInternalFormat(decode(header->glInternalFormat));
- texData.setGLBaseInternalFormat(decode(header->glBaseInternalFormat));
-
- texData.setNumLevels(decode(header->numberOfMipmapLevels));
- quint32 offset = headerSize + decode(header->bytesOfKeyValueData);
- const int maxLevels = qMin(texData.numLevels(), 32); // Cap iterations in case of corrupt file.
- for (int i = 0; i < maxLevels; i++) {
- if (offset + sizeof(KTXMipmapLevel) > dataSize) // Corrupt file; avoid oob read
- break;
- const KTXMipmapLevel *level = reinterpret_cast<const KTXMipmapLevel *>(buf.constData() + offset);
- quint32 levelLen = decode(level->imageSize);
- texData.setDataOffset(offset + sizeof(KTXMipmapLevel::imageSize), i);
- texData.setDataLength(levelLen, i);
- offset += sizeof(KTXMipmapLevel::imageSize) + levelLen + (3 - ((levelLen + 3) % 4));
+ texData.setSize(QSize(decode(header.pixelWidth), decode(header.pixelHeight)));
+ texData.setGLFormat(decode(header.glFormat));
+ texData.setGLInternalFormat(decode(header.glInternalFormat));
+ texData.setGLBaseInternalFormat(decode(header.glBaseInternalFormat));
+
+ texData.setNumLevels(decode(header.numberOfMipmapLevels));
+
+ const quint32 bytesOfKeyValueData = decode(header.bytesOfKeyValueData);
+ quint32 headerKeyValueSize;
+ if (qAddOverflow(qktxh_headerSize, bytesOfKeyValueData, &headerKeyValueSize)) {
+ qWarning(lcQtGuiTextureIO, "Overflow in size of key value data in header of KTX file %s",
+ logName().constData());
+ return QTextureFileData();
+ }
+
+ if (headerKeyValueSize >= quint32(buf.size())) {
+ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ // Technically, any number of levels is allowed but if the value is bigger than
+ // what is possible in KTX V2 (and what makes sense) we return an error.
+ // maxLevels = log2(max(width, height, depth))
+ const int maxLevels = (sizeof(quint32) * 8)
+ - qCountLeadingZeroBits(std::max(
+ { header.pixelWidth, header.pixelHeight, header.pixelDepth }));
+
+ if (texData.numLevels() > maxLevels) {
+ qWarning(lcQtGuiTextureIO, "Too many levels in KTX file %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ quint32 offset = headerKeyValueSize;
+ for (int level = 0; level < texData.numLevels(); level++) {
+ const auto imageSizeSlice = safeSlice(buf, offset, sizeof(quint32));
+ if (imageSizeSlice.isEmpty()) {
+ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ const quint32 imageSize = decode(qFromUnaligned<quint32>(imageSizeSlice.data()));
+ offset += sizeof(quint32); // overflow checked indirectly above
+
+ texData.setDataOffset(offset, level);
+ texData.setDataLength(imageSize, level);
+
+ // Add image data and padding to offset
+ quint32 padded = 0;
+ if (nearestMultipleOf4(imageSize, &padded)) {
+ qWarning(lcQtGuiTextureIO, "Overflow in KTX file %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ quint32 offsetNext;
+ if (qAddOverflow(offset, padded, &offsetNext)) {
+ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ offset = offsetNext;
}
if (!texData.isValid()) {
- qCDebug(lcQtGuiTextureIO, "Invalid values in header of KTX file %s", logName().constData());
+ qWarning(lcQtGuiTextureIO, "Invalid values in header of KTX file %s",
+ logName().constData());
return QTextureFileData();
}
@@ -191,7 +271,7 @@ bool QKtxHandler::checkHeader(const KTXHeader &header)
(decode(header.numberOfFaces) == 1));
}
-quint32 QKtxHandler::decode(quint32 val)
+quint32 QKtxHandler::decode(quint32 val) const
{
return inverseEndian ? qbswap<quint32>(val) : val;
}
diff --git a/src/gui/util/qktxhandler_p.h b/src/gui/util/qktxhandler_p.h
index f831e59d95..cdf1b2eaf8 100644
--- a/src/gui/util/qktxhandler_p.h
+++ b/src/gui/util/qktxhandler_p.h
@@ -68,7 +68,7 @@ public:
private:
bool checkHeader(const KTXHeader &header);
- quint32 decode(quint32 val);
+ quint32 decode(quint32 val) const;
bool inverseEndian = false;
};

156
CVE-2025-30348.patch Normal file
View File

@ -0,0 +1,156 @@
From 16918c1df3e709df2a97281e3825d94c84edb668 Mon Sep 17 00:00:00 2001
From: Christian Ehrlicher <ch.ehrlicher@gmx.de>
Date: Tue, 06 Aug 2024 22:39:44 +0200
Subject: [PATCH] XML/QDom: speedup encodeText()
The code copied the whole string, then replaced parts inline, at
the cost of relocating everything beyond, at each replacement.
Instead, copy character by character (in chunks where possible)
and append replacements as we skip what they replace.
Manual conflict resolution for 6.5:
- This is a manual cherry-pick. The original change was only
picked to 6.8, but the quadratic behavior is present in Qt 5, too.
- Changed Task-number to Fixes: because this is the real fix;
the QString change, 315210de916d060c044c01e53ff249d676122b1b,
was unrelated to the original QTBUG-127549.
Manual conflcit resolution for 5.15:
- Kept/re-added QTextCodec::canEncode() check
- Ported from Qt 6 to 5, to wit:
- qsizetype -> int
- QStringView::first/sliced(n) -> left/mid(n)
(these functions are clearly called in-range, so the widened
contract of the Qt 5 functions doesn't matter)
- Ported from C++17- and C++14-isms to C++11:
- replaced polymorphic lambda with a normal one (this requires
rewriting the !canEncode() branch to use QByteArray/QLatin1String
instead of QString)
- As a drive-by, corrected the indentation of the case labels to
horizontally align existing code (and follow Qt style)
Fixes: QTBUG-127549
Change-Id: I368482859ed0c4127f1eec2919183711b5488ada
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 2ce08e3671b8d18b0284447e5908ce15e6e8f80f)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 225e235cf966a44af23dbe9aaaa2fd20ab6430ee)
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
(cherry picked from commit 905a5bd421efff6a1d90b6140500d134d32ca745)
---
diff --git a/src/xml/dom/qdom.cpp b/src/xml/dom/qdom.cpp
index 872221c..bf70477 100644
--- a/src/xml/dom/qdom.cpp
+++ b/src/xml/dom/qdom.cpp
@@ -3676,59 +3676,67 @@
const QTextCodec *const codec = s.codec();
Q_ASSERT(codec);
#endif
- QString retval(str);
- int len = retval.length();
- int i = 0;
+ QString retval;
+ int start = 0;
+ auto appendToOutput = [&](int cur, QLatin1String replacement)
+ {
+ if (start < cur) {
+ retval.reserve(str.size() + replacement.size());
+ retval.append(QStringView(str).left(cur).mid(start));
+ }
+ // Skip over str[cur], replaced by replacement
+ start = cur + 1;
+ retval.append(replacement);
+ };
- while (i < len) {
- const QChar ati(retval.at(i));
-
- if (ati == QLatin1Char('<')) {
- retval.replace(i, 1, QLatin1String("&lt;"));
- len += 3;
- i += 4;
- } else if (encodeQuotes && (ati == QLatin1Char('"'))) {
- retval.replace(i, 1, QLatin1String("&quot;"));
- len += 5;
- i += 6;
- } else if (ati == QLatin1Char('&')) {
- retval.replace(i, 1, QLatin1String("&amp;"));
- len += 4;
- i += 5;
- } else if (ati == QLatin1Char('>') && i >= 2 && retval[i - 1] == QLatin1Char(']') && retval[i - 2] == QLatin1Char(']')) {
- retval.replace(i, 1, QLatin1String("&gt;"));
- len += 3;
- i += 4;
- } else if (performAVN &&
- (ati == QChar(0xA) ||
- ati == QChar(0xD) ||
- ati == QChar(0x9))) {
- const QString replacement(QLatin1String("&#x") + QString::number(ati.unicode(), 16) + QLatin1Char(';'));
- retval.replace(i, 1, replacement);
- i += replacement.length();
- len += replacement.length() - 1;
- } else if (encodeEOLs && ati == QChar(0xD)) {
- retval.replace(i, 1, QLatin1String("&#xd;")); // Replace a single 0xD with a ref for 0xD
- len += 4;
- i += 5;
- } else {
+ const int len = str.size();
+ for (int cur = 0; cur < len; ++cur) {
+ switch (const char16_t ati = str[cur].unicode()) {
+ case u'<':
+ appendToOutput(cur, QLatin1String("&lt;"));
+ break;
+ case u'"':
+ if (encodeQuotes)
+ appendToOutput(cur, QLatin1String("&quot;"));
+ break;
+ case u'&':
+ appendToOutput(cur, QLatin1String("&amp;"));
+ break;
+ case u'>':
+ if (cur >= 2 && str[cur - 1] == u']' && str[cur - 2] == u']')
+ appendToOutput(cur, QLatin1String("&gt;"));
+ break;
+ case u'\r':
+ if (performAVN || encodeEOLs)
+ appendToOutput(cur, QLatin1String("&#xd;")); // \r == 0x0d
+ break;
+ case u'\n':
+ if (performAVN)
+ appendToOutput(cur, QLatin1String("&#xa;")); // \n == 0x0a
+ break;
+ case u'\t':
+ if (performAVN)
+ appendToOutput(cur, QLatin1String("&#x9;")); // \t == 0x09
+ break;
+ default:
#if QT_CONFIG(textcodec)
if(codec->canEncode(ati))
- ++i;
+ ; // continue
else
#endif
{
// We have to use a character reference to get it through.
- const ushort codepoint(ati.unicode());
- const QString replacement(QLatin1String("&#x") + QString::number(codepoint, 16) + QLatin1Char(';'));
- retval.replace(i, 1, replacement);
- i += replacement.length();
- len += replacement.length() - 1;
+ const QByteArray replacement = "&#x" + QByteArray::number(uint{ati}, 16) + ';';
+ appendToOutput(cur, QLatin1String{replacement});
}
+ break;
}
}
-
- return retval;
+ if (start > 0) {
+ retval.append(QStringView(str).left(len).mid(start));
+ return retval;
+ }
+ return str;
}
void QDomAttrPrivate::save(QTextStream& s, int, int) const

25
add-sw_64-support-for-syscall_fork.patch Normal file
View File

@ -0,0 +1,25 @@
From d6ee5ecb7bb9225787490268e887fc42f75092de Mon Sep 17 00:00:00 2001
From: mahailiang <mahailiang@uniontech.com>
Date: Thu, 31 Oct 2024 22:06:16 +0800
Subject: [PATCH] add-sw_64-support-for-syscall_fork
---
src/3rdparty/forkfd/forkfd_linux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/3rdparty/forkfd/forkfd_linux.c b/src/3rdparty/forkfd/forkfd_linux.c
index b1f5408d..642c007b 100644
--- a/src/3rdparty/forkfd/forkfd_linux.c
+++ b/src/3rdparty/forkfd/forkfd_linux.c
@@ -83,7 +83,7 @@ static int sys_clone(unsigned long cloneflags, int *ptid)
#elif defined(__arc__) || defined(__arm__) || defined(__aarch64__) || defined(__mips__) || \
defined(__nds32__) || defined(__hppa__) || defined(__powerpc__) || defined(__i386__) || \
defined(__x86_64__) || defined(__xtensa__) || defined(__alpha__) || defined(__riscv) || \
- defined(__loongarch__)
+ defined(__loongarch__) || defined(__sw_64__)
/* ctid and newtls are inverted on CONFIG_CLONE_BACKWARDS architectures,
* but since both values are 0, there's no harm. */
return syscall(__NR_clone, cloneflags, child_stack, ptid, ctid, newtls);
--
2.20.1

61
qt5-qtbase.spec
View File

@ -36,7 +36,7 @@
Name: qt5-qtbase Name: qt5-qtbase
Summary: Qt5 - QtBase components Summary: Qt5 - QtBase components
Version: 5.15.10 Version: 5.15.10
Release: 6 Release: 11
# See LGPL_EXCEPTIONS.txt, for exception details # See LGPL_EXCEPTIONS.txt, for exception details
License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0 License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0
@ -132,6 +132,12 @@ Patch0026: qtbase5.15.10-CVE-2023-38197.patch
# https://codereview.qt-project.org/c/qt/qtbase/+/503026 # https://codereview.qt-project.org/c/qt/qtbase/+/503026
Patch0027: qtbase5.15.10-CVE-2023-43114.patch Patch0027: qtbase5.15.10-CVE-2023-43114.patch
Patch0028: fix-build-error-of-libxkbcommon-1.6.0.patch Patch0028: fix-build-error-of-libxkbcommon-1.6.0.patch
Patch0029: qtbase5.15-CVE-2023-51714.patch
Patch0030: CVE-2024-25580-qtbase-5.15.diff
Patch0031: CVE-2023-45935.patch
Patch0032: add-sw_64-support-for-syscall_fork.patch
Patch0033: CVE-2025-30348.patch
# Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
# Those themes are there for platform integration. If the required libraries are # Those themes are there for platform integration. If the required libraries are
# not there, the platform to integrate with isn't either. Then Qt will just # not there, the platform to integrate with isn't either. Then Qt will just
@ -366,40 +372,8 @@ Qt5 libraries used for drawing widgets and OpenGL items.
%prep %prep
%setup -q -n %{qt_module}-everywhere-src-%{version} %autosetup -p1 -n %{qt_module}-everywhere-src-%{version}
## dowstream patches
%patch -P0000 -p1
%patch -P0001 -p1 -b .private_api_warning
## upstream fixes
%patch -P0002 -p1 -b .QT_VERSION_CHECK
%patch -P0004 -p1 -b .moc_macros
%patch -P0005 -p1 -b .qt5gui_cmake_isystem_includes
%patch -P0006 -p1 -b .qmake_LFLAGS
%patch -P0007 -p1 -b .no_relocatable
%patch -P0008 -p1 -b .qt5-qtbase-cxxflag
%patch -P0011 -p1 -b .libglvnd
%patch -P0009 -p1 -b .firebird
%patch -P0010 -p1 -b .mysql
%patch -P0012 -p1 -b .use-wayland-on-gnome.patch
%patch -P0013 -p1 -b .gcc11
### upstream patches
%patch -P100 -p1
%patch -P101 -p1
%patch -P102 -p1
%patch -P103 -p1
%patch -P104 -p1
%patch -P0021 -p1
%patch -P0022 -p1
%patch -P0024 -p1
%patch -P0025 -p1
%patch -P0026 -p1
%patch -P0027 -p1
%patch -P0028 -p1
# move some bundled libs to ensure they're not accidentally used # move some bundled libs to ensure they're not accidentally used
pushd src/3rdparty pushd src/3rdparty
mkdir UNUSED mkdir UNUSED
@ -1057,13 +1031,28 @@ fi
%changelog %changelog
* Wed Apr 02 2025 Funda Wang <fundawang@yeah.net> - 5.15.10-11
- fix CVE-2025-30348
* Thu Mar 06 2025 mahailiang <mahailiang@uniontech.com> - 5.15.10-10
- add sw_64 support for syscall_fork
* Wed Apr 24 2024 lvfei <lvfei@kylinos.cn> - 5.15.10-9
- add CVE-2023-45935.patch
* Wed Apr 17 2024 peijiankang <peijiankang@kylinos.cn> - 5.15.10-8
- add CVE-2024-25580-qtbase-5.15.diff
* Wed Jan 31 2024 douyan <douyan@kylinos.cn> - 5.15.10-7
- add qtbase5.15-CVE-2023-51714.patch
* Wed Jan 31 2024 douyan <douyan@kylinos.cn> - 5.15.10-6 * Wed Jan 31 2024 douyan <douyan@kylinos.cn> - 5.15.10-6
- fix build error of libxkbcommon-1.6.0 - fix build error of libxkbcommon-1.6.0
* Fri Nov 24 2023 hua_yadong <huayadong@kylinos.cn> - 5.15.10-5 * Sat Nov 25 2023 hua_yadong <huayadong@kylinos.cn> - 5.15.10-5
- fix qtbase5.15.10-CVE-2023-43114.patch - fix qtbase5.15.10-CVE-2023-43114.patch
* Sat Nov 25 2023 hua_yadong <huayadong@kylinos.cn> - 5.15.10-4 * Fri Nov 24 2023 hua_yadong <huayadong@kylinos.cn> - 5.15.10-4
- fix qtbase5.15.10-CVE-2023-38197.patch - fix qtbase5.15.10-CVE-2023-38197.patch
* Wed Sep 13 2023 yoo <sunyuechi@iscas.ac.cn> - 5.15.10-3 * Wed Sep 13 2023 yoo <sunyuechi@iscas.ac.cn> - 5.15.10-3

BIN
qtbase-everywhere-opensource-src-5.15.10.tar.xz
View File

Binary file not shown.

37
qtbase5.15-CVE-2023-51714.patch Normal file
View File

@ -0,0 +1,37 @@
From 061cbe5796a9ff1e998bd5753bb5b44e4481df11 Mon Sep 17 00:00:00 2001
From: peijiankang <peijiankang@kylinos.cn>
Date: Wed, 31 Jan 2024 13:38:10 +0800
Subject: [PATCH] qtbase5.15-CVE-2023-51714
---
src/network/access/http2/hpacktable.cpp | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
index fddb5fec..315f3e23 100644
--- a/src/network/access/http2/hpacktable.cpp
+++ b/src/network/access/http2/hpacktable.cpp
@@ -40,6 +40,7 @@
#include "hpacktable_p.h"
#include <QtCore/qdebug.h>
+#include <QtCore/private/qnumeric_p.h>
#include <algorithm>
#include <cstddef>
@@ -62,8 +63,10 @@ HeaderSize entry_size(const QByteArray &name, const QByteArray &value)
// for counting the number of references to the name and value would have
// 32 octets of overhead."
- const unsigned sum = unsigned(name.size() + value.size());
- if (std::numeric_limits<unsigned>::max() - 32 < sum)
+ size_t sum;
+ if (add_overflow(size_t(name.size()), size_t(value.size()), &sum))
+ return HeaderSize();
+ if (sum > (std::numeric_limits<unsigned>::max() - 32))
return HeaderSize();
return HeaderSize(true, quint32(sum + 32));
}
--
2.41.0