commit f20d311cca4dfca1e551b06286edb3e95183a070
Author: Jan Palus <at...@pld-linux.org>
Date: Sun May 26 11:05:02 2024 +0200
up to 5.15.14
CVE-2023-32762-qtbase-5.15.diff | 13 --------
CVE-2023-33285-qtbase-5.15.diff | 68 -----------------------------------------
qt5-qtbase.spec | 10 ++----
3 files changed, 3 insertions(+), 88 deletions(-)
---
diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index b3b1fd8..9f34fa1 100644
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -70,20 +70,18 @@
Summary: Qt5 - base components
Summary(pl.UTF-8): Biblioteka Qt5 - podstawowe komponenty
Name: qt5-%{orgname}
-Version: 5.15.13
+Version: 5.15.14
Release: 1
License: LGPL v3 or GPL v2 or GPL v3 or commercial
Group: X11/Libraries
Source0:
https://download.qt.io/official_releases/qt/5.15/%{version}/submodules/%{orgname}-everywhere-opensource-src-%{version}.tar.xz
-# Source0-md5: 119446a119bea7640314067775f27802
+# Source0-md5: 2e207979cea96dac37bdd784db31b51b
Source1:
https://download.qt.io/official_releases/qt/5.15/%{version}/submodules/qttranslations-everywhere-opensource-src-%{version}.tar.xz
-# Source1-md5: a7fe34c317fbba74a9f97c36679fec47
+# Source1-md5: 6f4f2fdf3466f8bc97a074258f124c13
Patch0: %{name}-system_cacerts.patch
Patch1: parallel-install.patch
Patch2: egl-x11.patch
Patch3: CVE-2023-32763-qtbase-5.15.diff
-Patch4: CVE-2023-32762-qtbase-5.15.diff
-Patch5: CVE-2023-33285-qtbase-5.15.diff
Patch6: CVE-2023-34410-qtbase-5.15.diff
Patch7: CVE-2023-37369-qtbase-5.15.diff
Patch8: CVE-2023-38197-qtbase-5.15.diff
@@ -1185,8 +1183,6 @@ Generator plików makefile dla aplikacji Qt5.
%patch1 -p1
%patch2 -p1
%patch3 -p1
-%patch4 -p1
-%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
diff --git a/CVE-2023-32762-qtbase-5.15.diff b/CVE-2023-32762-qtbase-5.15.diff
deleted file mode 100644
index f0bc00f..0000000
--- a/CVE-2023-32762-qtbase-5.15.diff
+++ /dev/null
@@ -1,13 +0,0 @@
---- a/src/network/access/qhsts.cpp
-+++ b/src/network/access/qhsts.cpp
-@@ -364,8 +364,8 @@ quoted-pair = "\" CHAR
- bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>>
&headers)
- {
- for (const auto &h : headers) {
-- // We use '==' since header name was already 'trimmed' for us:
-- if (h.first == "Strict-Transport-Security") {
-+ // We compare directly because header name was already 'trimmed' for
us:
-+ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive)
== 0) {
- header = h.second;
- // RFC6797, 8.1:
- //
diff --git a/CVE-2023-33285-qtbase-5.15.diff b/CVE-2023-33285-qtbase-5.15.diff
deleted file mode 100644
index ec33777..0000000
--- a/CVE-2023-33285-qtbase-5.15.diff
+++ /dev/null
@@ -1,68 +0,0 @@
---- a/src/network/kernel/qdnslookup_unix.cpp
-+++ b/src/network/kernel/qdnslookup_unix.cpp
-@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType,
const QByteArray &requestN
- // responseLength in case of error, we still can extract the
- // exact error code from the response.
- HEADER *header = (HEADER*)response;
-- const int answerCount = ntohs(header->ancount);
- switch (header->rcode) {
- case NOERROR:
- break;
-@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType,
const QByteArray &requestN
- return;
- }
-
-- // Skip the query host, type (2 bytes) and class (2 bytes).
- char host[PACKETSZ], answer[PACKETSZ];
- unsigned char *p = response + sizeof(HEADER);
-- int status = local_dn_expand(response, response + responseLength, p,
host, sizeof(host));
-- if (status < 0) {
-+ int status;
-+
-+ if (ntohs(header->qdcount) == 1) {
-+ // Skip the query host, type (2 bytes) and class (2 bytes).
-+ status = local_dn_expand(response, response + responseLength, p,
host, sizeof(host));
-+ if (status < 0) {
-+ reply->error = QDnsLookup::InvalidReplyError;
-+ reply->errorString = tr("Could not expand domain name");
-+ return;
-+ }
-+ if ((p - response) + status + 4 >= responseLength)
-+ header->qdcount = 0xffff; // invalid reply below
-+ else
-+ p += status + 4;
-+ }
-+ if (ntohs(header->qdcount) > 1) {
- reply->error = QDnsLookup::InvalidReplyError;
-- reply->errorString = tr("Could not expand domain name");
-+ reply->errorString = tr("Invalid reply received");
- return;
- }
-- p += status + 4;
-
- // Extract results.
-+ const int answerCount = ntohs(header->ancount);
- int answerIndex = 0;
- while ((p < response + responseLength) && (answerIndex < answerCount)) {
- status = local_dn_expand(response, response + responseLength, p,
host, sizeof(host));
-@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType,
const QByteArray &requestN
- const QString name = QUrl::fromAce(host);
-
- p += status;
-+
-+ if ((p - response) + 10 > responseLength) {
-+ // probably just a truncated reply, return what we have
-+ return;
-+ }
- const quint16 type = (p[0] << 8) | p[1];
- p += 2; // RR type
- p += 2; // RR class
-@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType,
const QByteArray &requestN
- p += 4;
- const quint16 size = (p[0] << 8) | p[1];
- p += 2;
-+ if ((p - response) + size > responseLength)
-+ return; // truncated
-
- if (type == QDnsLookup::A) {
- if (size != 4) {
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/qt5-qtbase.git/commitdiff/f20d311cca4dfca1e551b06286edb3e95183a070
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
