[packages/qt6] up to 6.5.2
atler
atler at pld-linux.org
Thu Jul 20 12:14:23 CEST 2023
commit 3be0448dddf9190ba38742ffc2804b83ed4dbecc
Author: Jan Palus <atler at pld-linux.org>
Date: Thu Jul 20 11:10:29 2023 +0200
up to 6.5.2
CVE-2023-34410-qtbase-6.5.diff | 52 ------------------------
QTBUG-113579.patch | 92 ------------------------------------------
no-implicit-sse2.patch | 10 ++---
qt6.spec | 19 +++------
4 files changed, 10 insertions(+), 163 deletions(-)
---
diff --git a/qt6.spec b/qt6.spec
index 74210ec..1c59439 100644
--- a/qt6.spec
+++ b/qt6.spec
@@ -106,20 +106,18 @@
Summary: Qt6 Library
Summary(pl.UTF-8): Biblioteka Qt6
Name: qt6
-Version: 6.5.1
-Release: 4
+Version: 6.5.2
+Release: 1
License: LGPL v3 or GPL v2 or GPL v3 or commercial
Group: X11/Libraries
Source0: https://download.qt.io/official_releases/qt/6.5/%{version}/single/qt-everywhere-src-%{version}.tar.xz
-# Source0-md5: 4c1ec00f50833bc3c74d372d2ca6b556
+# Source0-md5: 87f56fd8aedd2e429047c40397e9be48
Patch0: system-cacerts.patch
Patch1: ninja-program.patch
Patch2: %{name}-gn.patch
Patch3: no-implicit-sse2.patch
Patch4: x32.patch
Patch5: qtwebengine-cmake-build-type.patch
-Patch6: QTBUG-113579.patch
-Patch7: CVE-2023-34410-qtbase-6.5.diff
URL: https://www.qt.io/
%{?with_directfb:BuildRequires: DirectFB-devel}
BuildRequires: EGL-devel
@@ -767,7 +765,7 @@ Summary: Qt6 Core library - development files
Summary(pl.UTF-8): Biblioteka Qt6 Core - pliki programistyczne
Group: Development/Libraries
Requires: Qt6Core = %{version}
-Requires: libicu-devel
+%requires_ge libicu-devel
Requires: libstdc++-devel >= 6:4.7
Requires: pcre2-16-devel >= 10.20
Requires: qt6-build = %{version}
@@ -3253,7 +3251,7 @@ Requires: alsa-lib >= 1.0.10
Requires: freetype >= 1:2.4.2
Requires: harfbuzz >= 3.0.0
Requires: harfbuzz-subset >= 3.0.0
-Requires: libicu >= 65
+%requires_ge_to libicu libicu-devel
Requires: libpng >= 2:1.6.0
Requires: libvpx >= 1.10.0
Requires: nss >= 3.26
@@ -3576,12 +3574,6 @@ narzędzia.
%patch3 -p1
%patch4 -p1
%patch5 -p1
-cd qtwebengine
-%patch6 -p1
-cd ..
-cd qtbase
-%patch7 -p1
-cd ..
%{__sed} -i -e 's,usr/X11R6/,usr/,g' qtbase/mkspecs/linux-g++-64/qmake.conf
@@ -6494,7 +6486,6 @@ rm -rf $RPM_BUILD_ROOT
%attr(755,root,root) %{_libdir}/libQt6SensorsQuick.so.*.*.*
%attr(755,root,root) %ghost %{_libdir}/libQt6SensorsQuick.so.6
%dir %{qt6dir}/plugins/sensors
-%attr(755,root,root) %{qt6dir}/plugins/sensors/libqtsensors_dummy.so
%attr(755,root,root) %{qt6dir}/plugins/sensors/libqtsensors_generic.so
%attr(755,root,root) %{qt6dir}/plugins/sensors/libqtsensors_iio-sensor-proxy.so
%dir %{qt6dir}/qml/QtSensors
diff --git a/CVE-2023-34410-qtbase-6.5.diff b/CVE-2023-34410-qtbase-6.5.diff
deleted file mode 100644
index 0c72c91..0000000
--- a/CVE-2023-34410-qtbase-6.5.diff
+++ /dev/null
@@ -1,52 +0,0 @@
---- a/src/plugins/tls/schannel/qtls_schannel.cpp
-+++ b/src/plugins/tls/schannel/qtls_schannel.cpp
-@@ -2106,6 +2106,27 @@ bool TlsCryptographSchannel::verifyCertContext(CERT_CONTEXT *certContext)
- verifyDepth = DWORD(q->peerVerifyDepth());
-
- const auto &caCertificates = q->sslConfiguration().caCertificates();
-+
-+ if (!rootCertOnDemandLoadingAllowed()
-+ && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN)
-+ && (q->peerVerifyMode() == QSslSocket::VerifyPeer
-+ || (isClient && q->peerVerifyMode() == QSslSocket::AutoVerifyPeer))) {
-+ // When verifying a peer Windows "helpfully" builds a chain that
-+ // may include roots from the system store. But we don't want that if
-+ // the user has set their own CA certificates.
-+ // Since Windows claims this is not a partial chain the root is included
-+ // and we have to check that it is one of our configured CAs.
-+ CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1];
-+ QSslCertificate certificate = getCertificateFromChainElement(element);
-+ if (!caCertificates.contains(certificate)) {
-+ auto error = QSslError(QSslError::CertificateUntrusted, certificate);
-+ sslErrors += error;
-+ emit q->peerVerifyError(error);
-+ if (q->state() != QAbstractSocket::ConnectedState)
-+ return false;
-+ }
-+ }
-+
- QList<QSslCertificate> peerCertificateChain;
- for (DWORD i = 0; i < verifyDepth; i++) {
- CERT_CHAIN_ELEMENT *element = chain->rgpElement[i];
-
---- a/src/network/ssl/qsslsocket.cpp
-+++ b/src/network/ssl/qsslsocket.cpp
-@@ -1973,6 +1973,10 @@ QSslSocketPrivate::QSslSocketPrivate()
- , flushTriggered(false)
- {
- QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
-+ // If the global configuration doesn't allow root certificates to be loaded
-+ // on demand then we have to disable it for this socket as well.
-+ if (!configuration.allowRootCertOnDemandLoading)
-+ allowRootCertOnDemandLoading = false;
-
- const auto *tlsBackend = tlsBackendInUse();
- if (!tlsBackend) {
-@@ -2281,6 +2285,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
- ptr->sessionProtocol = global->sessionProtocol;
- ptr->ciphers = global->ciphers;
- ptr->caCertificates = global->caCertificates;
-+ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
- ptr->protocol = global->protocol;
- ptr->peerVerifyMode = global->peerVerifyMode;
- ptr->peerVerifyDepth = global->peerVerifyDepth;
diff --git a/QTBUG-113579.patch b/QTBUG-113579.patch
deleted file mode 100644
index 97d3dc8..0000000
--- a/QTBUG-113579.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 281174f5e010d819a49562b48b2c2067255a41c6 Mon Sep 17 00:00:00 2001
-From: Szabolcs David <davidsz at inf.u-szeged.hu>
-Date: Fri, 19 May 2023 01:00:41 +0200
-Subject: [PATCH] Normalize clipboard permissions
-
-Handle clipboard read and write permissions the same way everywhere.
-
-Fixes: QTBUG-113579
-Change-Id: If1f271e8591c54f4ee2f935486502df19d5f6b3e
-Reviewed-by: Allan Sandfeld Jensen <allan.jensen at qt.io>
-(cherry picked from commit 79e4a37668a9176373e81fe4fc8dfe29f6c8c37b)
-Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot at qt-project.org>
----
-
-diff --git a/src/core/permission_manager_qt.cpp b/src/core/permission_manager_qt.cpp
-index 9d98c05..28e1c98 100644
---- a/src/core/permission_manager_qt.cpp
-+++ b/src/core/permission_manager_qt.cpp
-@@ -84,6 +84,22 @@
- }
- }
-
-+static blink::mojom::PermissionStatus getStatusFromSettings(blink::PermissionType type, WebEngineSettings *settings)
-+{
-+ switch (type) {
-+ case blink::PermissionType::CLIPBOARD_READ_WRITE:
-+ if (!settings->testAttribute(QWebEngineSettings::JavascriptCanPaste))
-+ return blink::mojom::PermissionStatus::DENIED;
-+ Q_FALLTHROUGH();
-+ case blink::PermissionType::CLIPBOARD_SANITIZED_WRITE:
-+ if (!settings->testAttribute(QWebEngineSettings::JavascriptCanAccessClipboard))
-+ return blink::mojom::PermissionStatus::DENIED;
-+ return blink::mojom::PermissionStatus::GRANTED;
-+ default:
-+ return blink::mojom::PermissionStatus::ASK;
-+ }
-+}
-+
- PermissionManagerQt::PermissionManagerQt()
- : m_requestIdCount(0)
- {
-@@ -179,13 +195,8 @@
- Q_ASSERT(contentsDelegate);
-
- ProfileAdapter::PermissionType permissionType = toQt(permission);
-- if (permissionType == ProfileAdapter::ClipboardRead) {
-- WebEngineSettings *settings = contentsDelegate->webEngineSettings();
-- if (settings->testAttribute(QWebEngineSettings::JavascriptCanAccessClipboard)
-- && settings->testAttribute(QWebEngineSettings::JavascriptCanPaste))
-- std::move(callback).Run(blink::mojom::PermissionStatus::GRANTED);
-- else
-- std::move(callback).Run(blink::mojom::PermissionStatus::DENIED);
-+ if (permissionType == ProfileAdapter::ClipboardRead || permissionType == ProfileAdapter::ClipboardWrite) {
-+ std::move(callback).Run(getStatusFromSettings(permission, contentsDelegate->webEngineSettings()));
- return;
- } else if (!canRequestPermissionFor(permissionType)) {
- std::move(callback).Run(blink::mojom::PermissionStatus::DENIED);
-@@ -220,14 +231,9 @@
- const ProfileAdapter::PermissionType permissionType = toQt(permission);
- if (permissionType == ProfileAdapter::UnsupportedPermission)
- result.push_back(blink::mojom::PermissionStatus::DENIED);
-- else if (permissionType == ProfileAdapter::ClipboardRead) {
-- WebEngineSettings *settings = contentsDelegate->webEngineSettings();
-- if (settings->testAttribute(QWebEngineSettings::JavascriptCanAccessClipboard)
-- && settings->testAttribute(QWebEngineSettings::JavascriptCanPaste))
-- result.push_back(blink::mojom::PermissionStatus::GRANTED);
-- else
-- result.push_back(blink::mojom::PermissionStatus::DENIED);
-- } else {
-+ else if (permissionType == ProfileAdapter::ClipboardRead || permissionType == ProfileAdapter::ClipboardWrite)
-+ result.push_back(getStatusFromSettings(permission, contentsDelegate->webEngineSettings()));
-+ else {
- answerable = false;
- break;
- }
-@@ -280,14 +286,8 @@
- permission == blink::PermissionType::CLIPBOARD_SANITIZED_WRITE) {
- WebContentsDelegateQt *delegate = static_cast<WebContentsDelegateQt *>(
- content::WebContents::FromRenderFrameHost(render_frame_host)->GetDelegate());
-- if (!delegate->webEngineSettings()->testAttribute(
-- QWebEngineSettings::JavascriptCanAccessClipboard))
-- return blink::mojom::PermissionStatus::DENIED;
-- if (permission == blink::PermissionType::CLIPBOARD_READ_WRITE
-- && !delegate->webEngineSettings()->testAttribute(
-- QWebEngineSettings::JavascriptCanPaste))
-- return blink::mojom::PermissionStatus::DENIED;
-- return blink::mojom::PermissionStatus::GRANTED;
-+ Q_ASSERT(delegate);
-+ return getStatusFromSettings(permission, delegate->webEngineSettings());
- }
-
- return GetPermissionStatus(
diff --git a/no-implicit-sse2.patch b/no-implicit-sse2.patch
index 81e8398..4294362 100644
--- a/no-implicit-sse2.patch
+++ b/no-implicit-sse2.patch
@@ -1,6 +1,6 @@
---- qt-everywhere-src-6.3.1/qtbase/cmake/QtInternalTargets.cmake~ 2022-05-25 10:58:52.000000000 +0200
-+++ qt-everywhere-src-6.3.1/qtbase/cmake/QtInternalTargets.cmake 2022-08-01 09:55:49.012682536 +0200
-@@ -315,47 +315,6 @@
+--- qt-everywhere-src-6.5.2/qtbase/cmake/QtInternalTargets.cmake.orig 2023-07-19 17:30:07.482041879 +0200
++++ qt-everywhere-src-6.5.2/qtbase/cmake/QtInternalTargets.cmake 2023-07-19 17:36:34.820978372 +0200
+@@ -348,47 +348,6 @@
target_link_options(PlatformCommonInternal INTERFACE "-Wl,--enable-new-dtags")
endif()
@@ -8,8 +8,8 @@
- set(is_shared_lib "$<STREQUAL:$<TARGET_PROPERTY:TYPE>,SHARED_LIBRARY>")
- set(is_static_lib "$<STREQUAL:$<TARGET_PROPERTY:TYPE>,STATIC_LIBRARY>")
- set(is_static_qt_build "$<NOT:$<BOOL:${QT_BUILD_SHARED_LIBS}>>")
-- set(is_staitc_lib_during_static_qt_build "$<AND:${is_static_qt_build},${is_static_lib}>")
-- set(enable_sse2_condition "$<OR:${is_shared_lib},${is_staitc_lib_during_static_qt_build}>")
+- set(is_static_lib_during_static_qt_build "$<AND:${is_static_qt_build},${is_static_lib}>")
+- set(enable_sse2_condition "$<OR:${is_shared_lib},${is_static_lib_during_static_qt_build}>")
- set(${out_var} "${enable_sse2_condition}" PARENT_SCOPE)
-endfunction()
-
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/qt6.git/commitdiff/3be0448dddf9190ba38742ffc2804b83ed4dbecc
More information about the pld-cvs-commit
mailing list