[packages/qt5-qtbase] up to 5.15.14

Sun May 26 11:05:31 CEST 2024

commit f20d311cca4dfca1e551b06286edb3e95183a070
Author: Jan Palus <atler at pld-linux.org>
Date:   Sun May 26 11:05:02 2024 +0200

    up to 5.15.14

 CVE-2023-32762-qtbase-5.15.diff | 13 --------
 CVE-2023-33285-qtbase-5.15.diff | 68 -----------------------------------------
 qt5-qtbase.spec                 | 10 ++----
 3 files changed, 3 insertions(+), 88 deletions(-)
---

diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index b3b1fd8..9f34fa1 100644
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -70,20 +70,18 @@
 Summary:	Qt5 - base components
 Summary(pl.UTF-8):	Biblioteka Qt5 - podstawowe komponenty
 Name:		qt5-%{orgname}
-Version:	5.15.13
+Version:	5.15.14
 Release:	1
 License:	LGPL v3 or GPL v2 or GPL v3 or commercial
 Group:		X11/Libraries
 Source0:	https://download.qt.io/official_releases/qt/5.15/%{version}/submodules/%{orgname}-everywhere-opensource-src-%{version}.tar.xz
-# Source0-md5:	119446a119bea7640314067775f27802
+# Source0-md5:	2e207979cea96dac37bdd784db31b51b
 Source1:	https://download.qt.io/official_releases/qt/5.15/%{version}/submodules/qttranslations-everywhere-opensource-src-%{version}.tar.xz
-# Source1-md5:	a7fe34c317fbba74a9f97c36679fec47
+# Source1-md5:	6f4f2fdf3466f8bc97a074258f124c13
 Patch0:		%{name}-system_cacerts.patch
 Patch1:		parallel-install.patch
 Patch2:		egl-x11.patch
 Patch3:		CVE-2023-32763-qtbase-5.15.diff
-Patch4:		CVE-2023-32762-qtbase-5.15.diff
-Patch5:		CVE-2023-33285-qtbase-5.15.diff
 Patch6:		CVE-2023-34410-qtbase-5.15.diff
 Patch7:		CVE-2023-37369-qtbase-5.15.diff
 Patch8:		CVE-2023-38197-qtbase-5.15.diff
@@ -1185,8 +1183,6 @@ Generator plików makefile dla aplikacji Qt5.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
-%patch4 -p1
-%patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
diff --git a/CVE-2023-32762-qtbase-5.15.diff b/CVE-2023-32762-qtbase-5.15.diff
deleted file mode 100644
index f0bc00f..0000000
--- a/CVE-2023-32762-qtbase-5.15.diff
+++ /dev/null
@@ -1,13 +0,0 @@
---- a/src/network/access/qhsts.cpp
-+++ b/src/network/access/qhsts.cpp
-@@ -364,8 +364,8 @@ quoted-pair    = "\" CHAR
- bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers)
- {
-     for (const auto &h : headers) {
--        // We use '==' since header name was already 'trimmed' for us:
--        if (h.first == "Strict-Transport-Security") {
-+        // We compare directly because header name was already 'trimmed' for us:
-+        if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
-             header = h.second;
-             // RFC6797, 8.1:
-             //
diff --git a/CVE-2023-33285-qtbase-5.15.diff b/CVE-2023-33285-qtbase-5.15.diff
deleted file mode 100644
index ec33777..0000000
--- a/CVE-2023-33285-qtbase-5.15.diff
+++ /dev/null
@@ -1,68 +0,0 @@
---- a/src/network/kernel/qdnslookup_unix.cpp
-+++ b/src/network/kernel/qdnslookup_unix.cpp
-@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
-     // responseLength in case of error, we still can extract the
-     // exact error code from the response.
-     HEADER *header = (HEADER*)response;
--    const int answerCount = ntohs(header->ancount);
-     switch (header->rcode) {
-     case NOERROR:
-         break;
-@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
-         return;
-     }
-
--    // Skip the query host, type (2 bytes) and class (2 bytes).
-     char host[PACKETSZ], answer[PACKETSZ];
-     unsigned char *p = response + sizeof(HEADER);
--    int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
--    if (status < 0) {
-+    int status;
-+
-+    if (ntohs(header->qdcount) == 1) {
-+        // Skip the query host, type (2 bytes) and class (2 bytes).
-+        status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
-+        if (status < 0) {
-+            reply->error = QDnsLookup::InvalidReplyError;
-+            reply->errorString = tr("Could not expand domain name");
-+            return;
-+        }
-+        if ((p - response) + status + 4 >= responseLength)
-+            header->qdcount = 0xffff;   // invalid reply below
-+        else
-+            p += status + 4;
-+    }
-+    if (ntohs(header->qdcount) > 1) {
-         reply->error = QDnsLookup::InvalidReplyError;
--        reply->errorString = tr("Could not expand domain name");
-+        reply->errorString = tr("Invalid reply received");
-         return;
-     }
--    p += status + 4;
-
-     // Extract results.
-+    const int answerCount = ntohs(header->ancount);
-     int answerIndex = 0;
-     while ((p < response + responseLength) && (answerIndex < answerCount)) {
-         status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
-@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
-         const QString name = QUrl::fromAce(host);
-
-         p += status;
-+
-+        if ((p - response) + 10 > responseLength) {
-+            // probably just a truncated reply, return what we have
-+            return;
-+        }
-         const quint16 type = (p[0] << 8) | p[1];
-         p += 2; // RR type
-         p += 2; // RR class
-@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
-         p += 4;
-         const quint16 size = (p[0] << 8) | p[1];
-         p += 2;
-+        if ((p - response) + size > responseLength)
-+            return;             // truncated
-
-         if (type == QDnsLookup::A) {
-             if (size != 4) {
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/qt5-qtbase.git/commitdiff/f20d311cca4dfca1e551b06286edb3e95183a070

