[packages/qt5-qtbase] up to 5.15.18

Sat Nov 1 18:07:43 CET 2025

commit c8c4e546f6425b96951c1e2f29a46b3b51ca813b
Author: Jan Palus <atler at pld-linux.org>
Date:   Sat Nov 1 18:06:44 2025 +0100

    up to 5.15.18

 CVE-2024-39936-qtbase-5.15.patch | 136 ---------------------------------------
 qt5-qtbase.spec                  |  14 ++--
 2 files changed, 6 insertions(+), 144 deletions(-)
---

diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index 05cfa78..0abebb1 100644
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -70,18 +70,17 @@
 Summary:	Qt5 - base components
 Summary(pl.UTF-8):	Biblioteka Qt5 - podstawowe komponenty
 Name:		qt5-%{orgname}
-Version:	5.15.17
-Release:	2
+Version:	5.15.18
+Release:	1
 License:	LGPL v3 or GPL v2 or GPL v3 or commercial
 Group:		X11/Libraries
-Source0:	https://download.qt.io/official_releases/qt/5.15/%{version}/submodules/%{orgname}-everywhere-opensource-src-%{version}.tar.xz
-# Source0-md5:	20f841fb541ed2f1fe66ed9a938305eb
-Source1:	https://download.qt.io/official_releases/qt/5.15/%{version}/submodules/qttranslations-everywhere-opensource-src-%{version}.tar.xz
-# Source1-md5:	e20cfdef4f3088ca568f7e43ab5bba8c
+Source0:	https://download.qt.io/archive/qt/5.15/%{version}/submodules/%{orgname}-everywhere-opensource-src-%{version}.tar.xz
+# Source0-md5:	675cb05cc682a45fbd565485ccb6724f
+Source1:	https://download.qt.io/archive/qt/5.15/%{version}/submodules/qttranslations-everywhere-opensource-src-%{version}.tar.xz
+# Source1-md5:	7e72177d16e791c0cd428b0bb438fa9a
 Patch0:		%{name}-system_cacerts.patch
 Patch1:		parallel-install.patch
 Patch2:		egl-x11.patch
-Patch3:		CVE-2024-39936-qtbase-5.15.patch
 Patch4:		no-stdc-pollution.patch
 URL:		https://www.qt.io/
 %{?with_directfb:BuildRequires:	DirectFB-devel}
@@ -1170,7 +1169,6 @@ Generator plików makefile dla aplikacji Qt5.
 %patch -P 0 -p1
 %patch -P 1 -p1
 %patch -P 2 -p1
-%patch -P 3 -p1
 %patch -P 4 -p1
 
 %{__sed} -i -e 's,usr/X11R6/,usr/,g' mkspecs/linux-g++-64/qmake.conf
diff --git a/CVE-2024-39936-qtbase-5.15.patch b/CVE-2024-39936-qtbase-5.15.patch
deleted file mode 100644
index 94840f6..0000000
--- a/CVE-2024-39936-qtbase-5.15.patch
+++ /dev/null
@@ -1,136 +0,0 @@
-diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp
-index d1b5dfda2e2..ee04a1856c6 100644
---- a/src/network/access/qhttp2protocolhandler.cpp
-+++ b/src/network/access/qhttp2protocolhandler.cpp
-@@ -375,12 +375,12 @@ bool QHttp2ProtocolHandler::sendRequest()
-         }
-     }
- 
--    if (!prefaceSent && !sendClientPreface())
--        return false;
--
-     if (!requests.size())
-         return true;
- 
-+    if (!prefaceSent && !sendClientPreface())
-+        return false;
-+
-     m_channel->state = QHttpNetworkConnectionChannel::WritingState;
-     // Check what was promised/pushed, maybe we do not have to send a request
-     // and have a response already?
-diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp
-index bd2f32e3528..6f3bd807a09 100644
---- a/src/network/access/qhttpnetworkconnectionchannel.cpp
-+++ b/src/network/access/qhttpnetworkconnectionchannel.cpp
-@@ -255,6 +255,10 @@ void QHttpNetworkConnectionChannel::abort()
- bool QHttpNetworkConnectionChannel::sendRequest()
- {
-     Q_ASSERT(!protocolHandler.isNull());
-+    if (waitingForPotentialAbort) {
-+        needInvokeSendRequest = true;
-+        return false; // this return value is unused
-+    }
-     return protocolHandler->sendRequest();
- }
- 
-@@ -267,21 +271,28 @@ bool QHttpNetworkConnectionChannel::sendRequest()
- void QHttpNetworkConnectionChannel::sendRequestDelayed()
- {
-     QMetaObject::invokeMethod(this, [this] {
--        Q_ASSERT(!protocolHandler.isNull());
-         if (reply)
--            protocolHandler->sendRequest();
-+            sendRequest();
-     }, Qt::ConnectionType::QueuedConnection);
- }
- 
- void QHttpNetworkConnectionChannel::_q_receiveReply()
- {
-     Q_ASSERT(!protocolHandler.isNull());
-+    if (waitingForPotentialAbort) {
-+        needInvokeReceiveReply = true;
-+        return;
-+    }
-     protocolHandler->_q_receiveReply();
- }
- 
- void QHttpNetworkConnectionChannel::_q_readyRead()
- {
-     Q_ASSERT(!protocolHandler.isNull());
-+    if (waitingForPotentialAbort) {
-+        needInvokeReadyRead = true;
-+        return;
-+    }
-     protocolHandler->_q_readyRead();
- }
- 
-@@ -1289,7 +1300,18 @@ void QHttpNetworkConnectionChannel::_q_encrypted()
-             // Similar to HTTP/1.1 counterpart below:
-             const auto &pairs = spdyRequestsToSend.values(); // (request, reply)
-             const auto &pair = pairs.first();
-+            waitingForPotentialAbort = true;
-             emit pair.second->encrypted();
-+
-+            // We don't send or handle any received data until any effects from
-+            // emitting encrypted() have been processed. This is necessary
-+            // because the user may have called abort(). We may also abort the
-+            // whole connection if the request has been aborted and there is
-+            // no more requests to send.
-+            QMetaObject::invokeMethod(this,
-+                                      &QHttpNetworkConnectionChannel::checkAndResumeCommunication,
-+                                      Qt::QueuedConnection);
-+
-             // In case our peer has sent us its settings (window size, max concurrent streams etc.)
-             // let's give _q_receiveReply a chance to read them first ('invokeMethod', QueuedConnection).
-             QMetaObject::invokeMethod(connection, "_q_startNextRequest", Qt::QueuedConnection);
-@@ -1307,6 +1329,26 @@ void QHttpNetworkConnectionChannel::_q_encrypted()
-     }
- }
- 
-+void QHttpNetworkConnectionChannel::checkAndResumeCommunication()
-+{
-+    Q_ASSERT(connection->connectionType() > QHttpNetworkConnection::ConnectionTypeHTTP);
-+
-+    // Because HTTP/2 requires that we send a SETTINGS frame as the first thing we do, and respond
-+    // to a SETTINGS frame with an ACK, we need to delay any handling until we can ensure that any
-+    // effects from emitting encrypted() have been processed.
-+    // This function is called after encrypted() was emitted, so check for changes.
-+
-+    if (!reply && spdyRequestsToSend.isEmpty())
-+        abort();
-+    waitingForPotentialAbort = false;
-+    if (needInvokeReadyRead)
-+        _q_readyRead();
-+    if (needInvokeReceiveReply)
-+        _q_receiveReply();
-+    if (needInvokeSendRequest)
-+        sendRequest();
-+}
-+
- void QHttpNetworkConnectionChannel::requeueSpdyRequests()
- {
-     QList<HttpMessagePair> spdyPairs = spdyRequestsToSend.values();
-diff --git a/src/network/access/qhttpnetworkconnectionchannel_p.h b/src/network/access/qhttpnetworkconnectionchannel_p.h
-index 6be0c51f9fe..613fda7bc31 100644
---- a/src/network/access/qhttpnetworkconnectionchannel_p.h
-+++ b/src/network/access/qhttpnetworkconnectionchannel_p.h
-@@ -107,6 +107,10 @@ public:
-     QAbstractSocket *socket;
-     bool ssl;
-     bool isInitialized;
-+    bool waitingForPotentialAbort = false;
-+    bool needInvokeReceiveReply = false;
-+    bool needInvokeReadyRead = false;
-+    bool needInvokeSendRequest = false;
-     ChannelState state;
-     QHttpNetworkRequest request; // current request, only used for HTTP
-     QHttpNetworkReply *reply; // current reply for this request, only used for HTTP
-@@ -187,6 +191,8 @@ public:
-     void closeAndResendCurrentRequest();
-     void resendCurrentRequest();
- 
-+    void checkAndResumeCommunication();
-+
-     bool isSocketBusy() const;
-     bool isSocketWriting() const;
-     bool isSocketWaiting() const;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/qt5-qtbase.git/commitdiff/c8c4e546f6425b96951c1e2f29a46b3b51ca813b

