[packages/qt6] upstream fix for CVE-2024-33861; rel 3

[atler]

commit 41f2cc3f17edef6a14c5113508aa6f90a84d33f9
Author: Jan Palus <atler at pld-linux.org>
Date:   Fri May 3 00:13:21 2024 +0200

    upstream fix for CVE-2024-33861; rel 3
    
    as advised in:
    https://lists.qt-project.org/pipermail/announce/2024-May/000489.html

 CVE-2024-33861.patch | 22 ++++++++++++++++++++++
 qt6.spec             |  4 +++-
 2 files changed, 25 insertions(+), 1 deletion(-)
---
diff --git a/qt6.spec b/qt6.spec
index 50359c5..e5d49e7 100644
--- a/qt6.spec
+++ b/qt6.spec
@@ -109,7 +109,7 @@ Summary:	Qt6 Library
 Summary(pl.UTF-8):	Biblioteka Qt6
 Name:		qt6
 Version:	6.6.3
-Release:	2
+Release:	3
 License:	LGPL v3 or GPL v2 or GPL v3 or commercial
 Group:		X11/Libraries
 Source0:	https://download.qt.io/official_releases/qt/6.6/%{version}/single/qt-everywhere-src-%{version}.tar.xz
@@ -120,6 +120,7 @@ Patch2:		%{name}-gn.patch
 Patch3:		no-implicit-sse2.patch
 Patch4:		x32.patch
 Patch5:		qtwebengine-cmake-build-type.patch
+Patch6:		CVE-2024-33861.patch
 URL:		https://www.qt.io/
 %{?with_directfb:BuildRequires:	DirectFB-devel}
 BuildRequires:	EGL-devel
@@ -3676,6 +3677,7 @@ narzędzia.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1 -d qtbase
 
 %{__sed} -i -e 's,usr/X11R6/,usr/,g' qtbase/mkspecs/linux-g++-64/qmake.conf
 
diff --git a/CVE-2024-33861.patch b/CVE-2024-33861.patch
new file mode 100644
index 0000000..0364942
--- /dev/null
+++ b/CVE-2024-33861.patch
@@ -0,0 +1,22 @@
+diff --git a/src/corelib/text/qstringconverter.cpp b/src/corelib/text/qstringconverter.cpp
+index 4a60d60ae35..66fedcf3325 100644
+--- a/src/corelib/text/qstringconverter.cpp
++++ b/src/corelib/text/qstringconverter.cpp
+@@ -1951,7 +1951,7 @@ struct QStringConverterICU : QStringConverter
+         const void *context;
+         ucnv_getToUCallBack(icu_conv, &action, &context);
+         if (context != state)
+-             ucnv_setToUCallBack(icu_conv, action, &state, nullptr, nullptr, &err);
++             ucnv_setToUCallBack(icu_conv, action, state, nullptr, nullptr, &err);
+
+         ucnv_toUnicode(icu_conv, &target, targetLimit, &source, sourceLimit, nullptr, flush, &err);
+         // We did reserve enough space:
+@@ -1984,7 +1984,7 @@ struct QStringConverterICU : QStringConverter
+         const void *context;
+         ucnv_getFromUCallBack(icu_conv, &action, &context);
+         if (context != state)
+-             ucnv_setFromUCallBack(icu_conv, action, &state, nullptr, nullptr, &err);
++             ucnv_setFromUCallBack(icu_conv, action, state, nullptr, nullptr, &err);
+
+         ucnv_fromUnicode(icu_conv, &target, targetLimit, &source, sourceLimit, nullptr, flush, &err);
+         // We did reserve enough space:
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/qt6.git/commitdiff/41f2cc3f17edef6a14c5113508aa6f90a84d33f9