diff --git a/debian/patches/CVE-2023-24607.diff b/debian/patches/CVE-2023-24607.diff index a7977dcb..a46c7191 100644 --- a/debian/patches/CVE-2023-24607.diff +++ b/debian/patches/CVE-2023-24607.diff @@ -1,10 +1,18 @@ -Description: Fix denial-of-service in Qt SQL ODBC driver plugin +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:44 +0000 +Subject: Fix denial-of-service in Qt SQL ODBC driver plugin + Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff Last-Update: 2023-02-26 +--- + src/plugins/sqldrivers/odbc/qsql_odbc.cpp | 206 +++++++++++++++++------------- + 1 file changed, 118 insertions(+), 88 deletions(-) +diff --git a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +index 5f51de3..6cac60d 100644 --- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp -@@ -92,23 +92,39 @@ inline static QString fromSQLTCHAR(const +@@ -92,23 +92,39 @@ inline static QString fromSQLTCHAR(const QVarLengthArray& input, int s return result; } @@ -73,7 +81,7 @@ Last-Update: 2023-02-26 bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) { -@@ -798,10 +822,7 @@ bool QODBCDriverPrivate::setConnectionOp +@@ -798,10 +822,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) v = val.toUInt(); r = SQLSetConnectAttr(hDbc, SQL_ATTR_LOGIN_TIMEOUT, (SQLPOINTER) size_t(v), 0); } else if (opt.toUpper() == QLatin1String("SQL_ATTR_CURRENT_CATALOG")) { @@ -85,7 +93,7 @@ Last-Update: 2023-02-26 } else if (opt.toUpper() == QLatin1String("SQL_ATTR_METADATA_ID")) { if (val.toUpper() == QLatin1String("SQL_TRUE")) { v = SQL_TRUE; -@@ -816,10 +837,7 @@ bool QODBCDriverPrivate::setConnectionOp +@@ -816,10 +837,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) v = val.toUInt(); r = SQLSetConnectAttr(hDbc, SQL_ATTR_PACKET_SIZE, (SQLPOINTER) size_t(v), 0); } else if (opt.toUpper() == QLatin1String("SQL_ATTR_TRACEFILE")) { @@ -97,7 +105,7 @@ Last-Update: 2023-02-26 } else if (opt.toUpper() == QLatin1String("SQL_ATTR_TRACE")) { if (val.toUpper() == QLatin1String("SQL_OPT_TRACE_OFF")) { v = SQL_OPT_TRACE_OFF; -@@ -1022,9 +1040,12 @@ bool QODBCResult::reset (const QString& +@@ -1022,9 +1040,12 @@ bool QODBCResult::reset (const QString& query) return false; } @@ -113,7 +121,7 @@ Last-Update: 2023-02-26 if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO && r!= SQL_NO_DATA) { setLastError(qMakeError(QCoreApplication::translate("QODBCResult", "Unable to execute statement"), QSqlError::StatementError, d)); -@@ -1371,9 +1392,12 @@ bool QODBCResult::prepare(const QString& +@@ -1371,9 +1392,12 @@ bool QODBCResult::prepare(const QString& query) return false; } @@ -202,7 +210,7 @@ Last-Update: 2023-02-26 } break; } -@@ -1966,14 +1992,16 @@ bool QODBCDriver::open(const QString & d +@@ -1966,14 +1992,16 @@ bool QODBCDriver::open(const QString & db, SQLSMALLINT cb; QVarLengthArray connOut(1024); memset(connOut.data(), 0, connOut.size() * sizeof(SQLTCHAR)); @@ -227,7 +235,7 @@ Last-Update: 2023-02-26 if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO) { setLastError(qMakeError(tr("Unable to connect"), QSqlError::ConnectionError, d)); -@@ -2352,17 +2380,15 @@ QStringList QODBCDriver::tables(QSql::Ta +@@ -2352,17 +2380,15 @@ QStringList QODBCDriver::tables(QSql::TableType type) const if (tableType.isEmpty()) return tl; @@ -253,7 +261,7 @@ Last-Update: 2023-02-26 if (r != SQL_SUCCESS) qSqlWarning(QLatin1String("QODBCDriver::tables Unable to execute table list"), d); -@@ -2436,28 +2462,30 @@ QSqlIndex QODBCDriver::primaryIndex(cons +@@ -2436,28 +2462,30 @@ QSqlIndex QODBCDriver::primaryIndex(const QString& tablename) const SQL_ATTR_CURSOR_TYPE, (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, SQL_IS_UINTEGER); @@ -301,7 +309,7 @@ Last-Update: 2023-02-26 if (r != SQL_SUCCESS) { qSqlWarning(QLatin1String("QODBCDriver::primaryIndex: Unable to execute primary key list"), d); -@@ -2538,15 +2566,17 @@ QSqlRecord QODBCDriver::record(const QSt +@@ -2538,15 +2566,17 @@ QSqlRecord QODBCDriver::record(const QString& tablename) const SQL_ATTR_CURSOR_TYPE, (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, SQL_IS_UINTEGER); diff --git a/debian/patches/CVE-2023-32762.diff b/debian/patches/CVE-2023-32762.diff index ef4376da..3ce696cc 100644 --- a/debian/patches/CVE-2023-32762.diff +++ b/debian/patches/CVE-2023-32762.diff @@ -1,8 +1,17 @@ -Description: hsts: match header names case insensitively - Header field names are always considered to be case-insensitive. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:45 +0000 +Subject: hsts: match header names case insensitively + Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32762-qtbase-5.15.diff Last-Update: 2023-05-22 +Header field names are always considered to be case-insensitive. +--- + src/network/access/qhsts.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp +index 0cef0ad..be7ef7f 100644 --- a/src/network/access/qhsts.cpp +++ b/src/network/access/qhsts.cpp @@ -364,8 +364,8 @@ quoted-pair = "\" CHAR diff --git a/debian/patches/CVE-2023-32763.diff b/debian/patches/CVE-2023-32763.diff index 3de1b412..7f90da57 100644 --- a/debian/patches/CVE-2023-32763.diff +++ b/debian/patches/CVE-2023-32763.diff @@ -1,8 +1,18 @@ -Description: fix buffer overflow in Qt SVG - Adds qAddOverflow and qMulOverflow definitions to QFixed. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:44 +0000 +Subject: fix buffer overflow in Qt SVG + Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff Last-Update: 2023-05-22 +Adds qAddOverflow and qMulOverflow definitions to QFixed. +--- + src/gui/painting/qfixed_p.h | 9 +++++++++ + src/gui/text/qtextlayout.cpp | 9 ++++++--- + 2 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/src/gui/painting/qfixed_p.h b/src/gui/painting/qfixed_p.h +index 8465928..57d750a 100644 --- a/src/gui/painting/qfixed_p.h +++ b/src/gui/painting/qfixed_p.h @@ -54,6 +54,7 @@ @@ -13,7 +23,7 @@ Last-Update: 2023-05-22 #include "QtCore/qsize.h" QT_BEGIN_NAMESPACE -@@ -182,6 +183,14 @@ Q_DECL_CONSTEXPR inline bool operator<(i +@@ -182,6 +183,14 @@ Q_DECL_CONSTEXPR inline bool operator<(int i, const QFixed &f) { return i * 64 < Q_DECL_CONSTEXPR inline bool operator>(const QFixed &f, int i) { return f.value() > i * 64; } Q_DECL_CONSTEXPR inline bool operator>(int i, const QFixed &f) { return i * 64 > f.value(); } @@ -28,6 +38,8 @@ Last-Update: 2023-05-22 #ifndef QT_NO_DEBUG_STREAM inline QDebug &operator<<(QDebug &dbg, const QFixed &f) { return dbg << f.toReal(); } +diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp +index d4f0a5e..3cf4b3d 100644 --- a/src/gui/text/qtextlayout.cpp +++ b/src/gui/text/qtextlayout.cpp @@ -2150,11 +2150,14 @@ found: diff --git a/debian/patches/CVE-2023-33285.diff b/debian/patches/CVE-2023-33285.diff index 9eadaf64..88dc2949 100644 --- a/debian/patches/CVE-2023-33285.diff +++ b/debian/patches/CVE-2023-33285.diff @@ -1,15 +1,24 @@ -Description: QDnsLookup/Unix: make sure we don't overflow the buffer - The DNS Records are variable length and encode their size in 16 bits - before the Record Data (RDATA). Ensure that both the RDATA and the - Record header fields before it fall inside the buffer we have. - . - Additionally reject any replies containing more than one query records. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:45 +0000 +Subject: QDnsLookup/Unix: make sure we don't overflow the buffer + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7dba2c87619d558a Last-Update: 2023-05-25 +The DNS Records are variable length and encode their size in 16 bits +before the Record Data (RDATA). Ensure that both the RDATA and the +Record header fields before it fall inside the buffer we have. + +Additionally reject any replies containing more than one query records. +--- + src/network/kernel/qdnslookup_unix.cpp | 31 +++++++++++++++++++++++++------ + 1 file changed, 25 insertions(+), 6 deletions(-) + +diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp +index 12b40fc..99e999d 100644 --- a/src/network/kernel/qdnslookup_unix.cpp +++ b/src/network/kernel/qdnslookup_unix.cpp -@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int +@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN // responseLength in case of error, we still can extract the // exact error code from the response. HEADER *header = (HEADER*)response; @@ -17,7 +26,7 @@ Last-Update: 2023-05-25 switch (header->rcode) { case NOERROR: break; -@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int +@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN return; } @@ -54,7 +63,7 @@ Last-Update: 2023-05-25 int answerIndex = 0; while ((p < response + responseLength) && (answerIndex < answerCount)) { status = local_dn_expand(response, response + responseLength, p, host, sizeof(host)); -@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int +@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN const QString name = QUrl::fromAce(host); p += status; @@ -66,7 +75,7 @@ Last-Update: 2023-05-25 const quint16 type = (p[0] << 8) | p[1]; p += 2; // RR type p += 2; // RR class -@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int +@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN p += 4; const quint16 size = (p[0] << 8) | p[1]; p += 2; diff --git a/debian/patches/CVE-2023-34410.diff b/debian/patches/CVE-2023-34410.diff index bc5e30dd..3e7e9bda 100644 --- a/debian/patches/CVE-2023-34410.diff +++ b/debian/patches/CVE-2023-34410.diff @@ -1,16 +1,25 @@ -Description: Ssl: Copy the on-demand cert loading bool from default config - Otherwise individual sockets will still load system certificates when - a chain doesn't match against the configured CA certificates. - That's not intended behavior, since specifically setting the CA - certificates means you don't want the system certificates to be used. - . - This is potentially a breaking change because now, if you ever add a - CA to the default config, it will disable loading system certificates - on demand for all sockets. And the only way to re-enable it is to - create a null-QSslConfiguration and set it as the new default. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:45 +0000 +Subject: Ssl: Copy the on-demand cert loading bool from default config + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=57ba6260c0801055 Last-Update: 2023-06-08 +Otherwise individual sockets will still load system certificates when +a chain doesn't match against the configured CA certificates. +That's not intended behavior, since specifically setting the CA +certificates means you don't want the system certificates to be used. + +This is potentially a breaking change because now, if you ever add a +CA to the default config, it will disable loading system certificates +on demand for all sockets. And the only way to re-enable it is to +create a null-QSslConfiguration and set it as the new default. +--- + src/network/ssl/qsslsocket.cpp | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp +index 5bb6e7e..2a0b3a4 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -2221,6 +2221,10 @@ QSslSocketPrivate::QSslSocketPrivate() @@ -24,7 +33,7 @@ Last-Update: 2023-06-08 } /*! -@@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyD +@@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri ptr->sessionProtocol = global->sessionProtocol; ptr->ciphers = global->ciphers; ptr->caCertificates = global->caCertificates; diff --git a/debian/patches/CVE-2023-37369.diff b/debian/patches/CVE-2023-37369.diff index 6217c678..2beecf06 100644 --- a/debian/patches/CVE-2023-37369.diff +++ b/debian/patches/CVE-2023-37369.diff @@ -1,23 +1,8 @@ -Description: QXmlStreamReader: make fastScanName() indicate parsing status to callers - This fixes a crash while parsing an XML file with garbage data, the file - starts with '<' then garbage data: - - The loop in the parse() keeps iterating until it hits "case 262:", - which calls fastScanName() - - fastScanName() iterates over the text buffer scanning for the - attribute name (e.g. "xml:lang"), until it finds ':' - - Consider a Value val, fastScanName() is called on it, it would set - val.prefix to a number > val.len, then it would hit the 4096 condition - and return (returned 0, now it returns the equivalent of - std::null_opt), which means that val.len doesn't get modified, making - it smaller than val.prefix - - The code would try constructing an XmlStringRef with negative length, - which would hit an assert in one of QStringView's constructors - . - Add an assert to the XmlStringRef constructor. - . - Add unittest based on the file from the bug report. - . - Credit to OSS-Fuzz. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:45 +0000 +Subject: QXmlStreamReader: make fastScanName() indicate parsing status to + callers + Origin: upstream, commits https://code.qt.io/cgit/qt/qtbase.git/commit/?id=1a423ce4372d18a7 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=6326bec46a618c72 @@ -28,9 +13,37 @@ Origin: upstream, commits https://invent.kde.org/qt/qt/qtbase/-/merge_requests/263 Last-Update: 2023-07-15 +This fixes a crash while parsing an XML file with garbage data, the file +starts with '<' then garbage data: +- The loop in the parse() keeps iterating until it hits "case 262:", + which calls fastScanName() +- fastScanName() iterates over the text buffer scanning for the + attribute name (e.g. "xml:lang"), until it finds ':' +- Consider a Value val, fastScanName() is called on it, it would set + val.prefix to a number > val.len, then it would hit the 4096 condition + and return (returned 0, now it returns the equivalent of + std::null_opt), which means that val.len doesn't get modified, making + it smaller than val.prefix +- The code would try constructing an XmlStringRef with negative length, + which would hit an assert in one of QStringView's constructors + +Add an assert to the XmlStringRef constructor. + +Add unittest based on the file from the bug report. + +Credit to OSS-Fuzz. +--- + src/corelib/serialization/qxmlstream.cpp | 39 +++++++++++++-------- + src/corelib/serialization/qxmlstream.g | 25 ++++++++++++-- + src/corelib/serialization/qxmlstream_p.h | 25 ++++++++++++-- + .../serialization/qxmlstream/tst_qxmlstream.cpp | 40 ++++++++++++++++++++++ + 4 files changed, 109 insertions(+), 20 deletions(-) + +diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp +index 7cd457b..7b4b223 100644 --- a/src/corelib/serialization/qxmlstream.cpp +++ b/src/corelib/serialization/qxmlstream.cpp -@@ -1302,15 +1302,18 @@ inline int QXmlStreamReaderPrivate::fast +@@ -1302,15 +1302,18 @@ inline int QXmlStreamReaderPrivate::fastScanContentCharList() return n; } @@ -52,7 +65,7 @@ Last-Update: 2023-07-15 } switch (c) { case '\n': -@@ -1339,23 +1342,23 @@ inline int QXmlStreamReaderPrivate::fast +@@ -1339,23 +1342,23 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix) case '+': case '*': putChar(c); @@ -84,7 +97,7 @@ Last-Update: 2023-07-15 } Q_FALLTHROUGH(); default: -@@ -1364,12 +1367,12 @@ inline int QXmlStreamReaderPrivate::fast +@@ -1364,12 +1367,12 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix) } } @@ -100,7 +113,7 @@ Last-Update: 2023-07-15 } enum NameChar { NameBeginning, NameNotBeginning, NotName }; -@@ -1878,6 +1881,14 @@ void QXmlStreamReaderPrivate::raiseWellF +@@ -1878,6 +1881,14 @@ void QXmlStreamReaderPrivate::raiseWellFormedError(const QString &message) raiseError(QXmlStreamReader::NotWellFormedError, message); } @@ -115,6 +128,8 @@ Last-Update: 2023-07-15 void QXmlStreamReaderPrivate::parseError() { +diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g +index 4321fed..8c6a1a5 100644 --- a/src/corelib/serialization/qxmlstream.g +++ b/src/corelib/serialization/qxmlstream.g @@ -516,7 +516,16 @@ public: @@ -170,6 +185,8 @@ Last-Update: 2023-07-15 if (atEnd) { resume($rule_number); return false; +diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h +index e5bde7b..b01484c 100644 --- a/src/corelib/serialization/qxmlstream_p.h +++ b/src/corelib/serialization/qxmlstream_p.h @@ -1005,7 +1005,16 @@ public: @@ -225,6 +242,8 @@ Last-Update: 2023-07-15 if (atEnd) { resume(263); return false; +diff --git a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp +index 533fcd9..513ba9b 100644 --- a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp +++ b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp @@ -42,6 +42,7 @@ diff --git a/debian/patches/CVE-2023-38197.diff b/debian/patches/CVE-2023-38197.diff index cabe79a4..742233b5 100644 --- a/debian/patches/CVE-2023-38197.diff +++ b/debian/patches/CVE-2023-38197.diff @@ -1,33 +1,50 @@ -Description: QXmlStreamReader: Raise error on unexpected tokens - QXmlStreamReader accepted multiple DOCTYPE elements, containing DTD - fragments in the XML prolog, and in the XML body. - Well-formed but invalid XML files - with multiple DTD fragments in - prolog and body, combined with recursive entity expansions - have - caused infinite loops in QXmlStreamReader. - . - This patch implements a token check in QXmlStreamReader. - A stream is allowed to start with an XML prolog. StartDocument - and DOCTYPE elements are only allowed in this prolog, which - may also contain ProcessingInstruction and Comment elements. - As soon as anything else is seen, the prolog ends. - After that, the prolog-specific elements are treated as unexpected. - Furthermore, the prolog can contain at most one DOCTYPE element. - . - Update the documentation to reflect the new behavior. - Add an autotest that checks the new error cases are correctly detected, - and no error is raised for legitimate input. - . - The original OSS-Fuzz files (see bug reports) are not included in this - patch for file size reasons. They have been tested manually. Each of - them has more than one DOCTYPE element, causing infinite loops in - recursive entity expansions. The newly implemented functionality - detects those invalid DTD fragments. By raising an error, it aborts - stream reading before an infinite loop occurs. - . - Thanks to OSS-Fuzz for finding this. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:45 +0000 +Subject: QXmlStreamReader: Raise error on unexpected tokens + Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-38197-qtbase-5.15.diff Last-Update: 2023-07-15 +QXmlStreamReader accepted multiple DOCTYPE elements, containing DTD +fragments in the XML prolog, and in the XML body. +Well-formed but invalid XML files - with multiple DTD fragments in +prolog and body, combined with recursive entity expansions - have +caused infinite loops in QXmlStreamReader. + +This patch implements a token check in QXmlStreamReader. +A stream is allowed to start with an XML prolog. StartDocument +and DOCTYPE elements are only allowed in this prolog, which +may also contain ProcessingInstruction and Comment elements. +As soon as anything else is seen, the prolog ends. +After that, the prolog-specific elements are treated as unexpected. +Furthermore, the prolog can contain at most one DOCTYPE element. + +Update the documentation to reflect the new behavior. +Add an autotest that checks the new error cases are correctly detected, +and no error is raised for legitimate input. + +The original OSS-Fuzz files (see bug reports) are not included in this +patch for file size reasons. They have been tested manually. Each of +them has more than one DOCTYPE element, causing infinite loops in +recursive entity expansions. The newly implemented functionality +detects those invalid DTD fragments. By raising an error, it aborts +stream reading before an infinite loop occurs. + +Thanks to OSS-Fuzz for finding this. +--- + src/corelib/serialization/qxmlstream.cpp | 144 +++++++++++++++++++-- + src/corelib/serialization/qxmlstream_p.h | 11 ++ + .../qxmlstream/tokenError/dtdInBody.xml | 20 +++ + .../qxmlstream/tokenError/multipleDtd.xml | 20 +++ + .../qxmlstream/tokenError/wellFormed.xml | 15 +++ + .../serialization/qxmlstream/tst_qxmlstream.cpp | 40 ++++++ + 6 files changed, 242 insertions(+), 8 deletions(-) + create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml + create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml + create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml + +diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp +index 7b4b223..4967db5 100644 --- a/src/corelib/serialization/qxmlstream.cpp +++ b/src/corelib/serialization/qxmlstream.cpp @@ -160,7 +160,7 @@ enum { StreamEOF = ~0U }; @@ -39,7 +56,7 @@ Last-Update: 2023-07-15 */ -@@ -295,13 +295,34 @@ QXmlStreamEntityResolver *QXmlStreamRead +@@ -295,13 +295,34 @@ QXmlStreamEntityResolver *QXmlStreamReader::entityResolver() const QXmlStreamReader is a well-formed XML 1.0 parser that does \e not include external parsed entities. As long as no error occurs, the @@ -81,7 +98,7 @@ Last-Update: 2023-07-15 If an error occurs while parsing, atEnd() and hasError() return true, and error() returns the error that occurred. The functions -@@ -620,6 +641,7 @@ QXmlStreamReader::TokenType QXmlStreamRe +@@ -620,6 +641,7 @@ QXmlStreamReader::TokenType QXmlStreamReader::readNext() d->token = -1; return readNext(); } @@ -89,7 +106,7 @@ Last-Update: 2023-07-15 return d->type; } -@@ -740,6 +762,14 @@ static const short QXmlStreamReader_toke +@@ -740,6 +762,14 @@ static const short QXmlStreamReader_tokenTypeString_indices[] = { }; @@ -104,7 +121,7 @@ Last-Update: 2023-07-15 /*! \property QXmlStreamReader::namespaceProcessing The namespace-processing flag of the stream reader -@@ -775,6 +805,16 @@ QString QXmlStreamReader::tokenString() +@@ -775,6 +805,16 @@ QString QXmlStreamReader::tokenString() const QXmlStreamReader_tokenTypeString_indices[d->type]); } @@ -130,7 +147,7 @@ Last-Update: 2023-07-15 } /* -@@ -4061,6 +4103,92 @@ void QXmlStreamWriter::writeCurrentToken +@@ -4061,6 +4103,92 @@ void QXmlStreamWriter::writeCurrentToken(const QXmlStreamReader &reader) } } @@ -223,6 +240,8 @@ Last-Update: 2023-07-15 /*! \fn bool QXmlStreamAttributes::hasAttribute(const QString &qualifiedName) const \since 4.5 +diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h +index b01484c..be7b1fe 100644 --- a/src/corelib/serialization/qxmlstream_p.h +++ b/src/corelib/serialization/qxmlstream_p.h @@ -804,6 +804,17 @@ public: @@ -243,6 +262,9 @@ Last-Update: 2023-07-15 /*! \sa setType() */ +diff --git a/tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml b/tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml +new file mode 100644 +index 0000000..1c3ca4e --- /dev/null +++ b/tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml @@ -0,0 +1,20 @@ @@ -266,6 +288,9 @@ Last-Update: 2023-07-15 + + ]> + +diff --git a/tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml b/tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml +new file mode 100644 +index 0000000..cd398c0 --- /dev/null +++ b/tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml @@ -0,0 +1,20 @@ @@ -289,6 +314,9 @@ Last-Update: 2023-07-15 + tst_QXmlStream + + +diff --git a/tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml b/tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml +new file mode 100644 +index 0000000..1b61a3f --- /dev/null +++ b/tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml @@ -0,0 +1,15 @@ @@ -307,6 +335,8 @@ Last-Update: 2023-07-15 + tst_QXmlStream + + +diff --git a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp +index 513ba9b..321164f 100644 --- a/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp +++ b/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp @@ -593,6 +593,9 @@ private slots: @@ -319,7 +349,7 @@ Last-Update: 2023-07-15 private: static QByteArray readFile(const QString &filename); -@@ -1882,5 +1885,42 @@ void tst_QXmlStream::test_fastScanName() +@@ -1882,5 +1885,42 @@ void tst_QXmlStream::test_fastScanName() const QCOMPARE(reader.error(), errorType); } diff --git a/debian/patches/a11y_root.diff b/debian/patches/a11y_root.diff index 0a770c95..399ac9f9 100644 --- a/debian/patches/a11y_root.diff +++ b/debian/patches/a11y_root.diff @@ -1,20 +1,29 @@ -Description: fix accessibility on XCB when running as root - Accessibility actually works when running applications as root, but we - would never properly connect, since the enabledChanged signal would be - emitted from the constructor in this case. So after connecting the - signal, check the value by hand to make sure not to miss the - notification. - . - Only applications running as root would be affected, because all other - applications would go through the asynchronous pattern of getting the - bus address from dbus instead. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:45 +0000 +Subject: fix accessibility on XCB when running as root + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=db346e711c9af505 Bug: https://bugs.debian.org/1033995 Last-Update: 2023-04-15 +Accessibility actually works when running applications as root, but we +would never properly connect, since the enabledChanged signal would be +emitted from the constructor in this case. So after connecting the +signal, check the value by hand to make sure not to miss the +notification. + +Only applications running as root would be affected, because all other +applications would go through the asynchronous pattern of getting the +bus address from dbus instead. +--- + src/platformsupport/linuxaccessibility/bridge.cpp | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/platformsupport/linuxaccessibility/bridge.cpp b/src/platformsupport/linuxaccessibility/bridge.cpp +index fdc8cd3..dbddc96 100644 --- a/src/platformsupport/linuxaccessibility/bridge.cpp +++ b/src/platformsupport/linuxaccessibility/bridge.cpp -@@ -65,6 +65,14 @@ QSpiAccessibleBridge::QSpiAccessibleBrid +@@ -65,6 +65,14 @@ QSpiAccessibleBridge::QSpiAccessibleBridge() { dbusConnection = new DBusConnection(); connect(dbusConnection, SIGNAL(enabledChanged(bool)), this, SLOT(enabledChanged(bool))); diff --git a/debian/patches/armv4.diff b/debian/patches/armv4.diff index 531a29be..bc19de0b 100644 --- a/debian/patches/armv4.diff +++ b/debian/patches/armv4.diff @@ -1,8 +1,15 @@ -Description: support ARMv4 architecture, needed for armel builds -Author: Dmitry Shachnev +From: Dmitry Shachnev +Date: Mon, 20 Nov 2023 01:57:46 +0000 +Subject: support ARMv4 architecture, needed for armel builds + Forwarded: no Last-Update: 2016-07-01 +--- + src/corelib/global/qprocessordetection.h | 5 +++++ + 1 file changed, 5 insertions(+) +diff --git a/src/corelib/global/qprocessordetection.h b/src/corelib/global/qprocessordetection.h +index 8d65720..a6ead54 100644 --- a/src/corelib/global/qprocessordetection.h +++ b/src/corelib/global/qprocessordetection.h @@ -132,6 +132,8 @@ diff --git a/debian/patches/cast_types_for_egl_x11_test.diff b/debian/patches/cast_types_for_egl_x11_test.diff index b581ca05..e069cf18 100644 --- a/debian/patches/cast_types_for_egl_x11_test.diff +++ b/debian/patches/cast_types_for_egl_x11_test.diff @@ -1,7 +1,14 @@ -Description: properly cast types for libglvnd 1.3.4 -Origin: https://src.fedoraproject.org/rpms/qt5-qtbase/blob/rawhide/f/qtbase-everywhere-src-5.15.2-libglvnd.patch -Author: Rex Dieter +From: Rex Dieter +Date: Mon, 20 Nov 2023 01:57:46 +0000 +Subject: properly cast types for libglvnd 1.3.4 +Origin: https://src.fedoraproject.org/rpms/qt5-qtbase/blob/rawhide/f/qtbase-everywhere-src-5.15.2-libglvnd.patch +--- + src/gui/configure.json | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/gui/configure.json b/src/gui/configure.json +index 1f08795..f159568 100644 --- a/src/gui/configure.json +++ b/src/gui/configure.json @@ -838,9 +838,9 @@ diff --git a/debian/patches/cross_build_mysql.diff b/debian/patches/cross_build_mysql.diff index 169a12e7..7ac29b4f 100644 --- a/debian/patches/cross_build_mysql.diff +++ b/debian/patches/cross_build_mysql.diff @@ -1,13 +1,24 @@ -Description: call pkgconfig in order to be able to cross build qtbase with MySql. - Qt's build system calls mysql_config... which won't work in a cross build - environment like Debian's, as it will throw an exec format error. - . - In order to solve this call pkgconfig and use mysqlclient.pc. -Author: Helmut Grohne +From: Helmut Grohne +Date: Mon, 20 Nov 2023 01:57:46 +0000 +Subject: call pkgconfig in order to be able to cross build qtbase with MySql. +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971604 Forwarded: not-needed Reviewed-by: Lisandro Damián Nicanor Pérez Meyer +Qt's build system calls mysql_config... which won't work in a cross build +environment like Debian's, as it will throw an exec format error. + +In order to solve this call pkgconfig and use mysqlclient.pc. +--- + src/plugins/sqldrivers/configure.json | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/plugins/sqldrivers/configure.json b/src/plugins/sqldrivers/configure.json +index 9db93d6..5c35cd9 100644 --- a/src/plugins/sqldrivers/configure.json +++ b/src/plugins/sqldrivers/configure.json @@ -67,6 +67,7 @@ diff --git a/debian/patches/dont_use_O_PATH.diff b/debian/patches/dont_use_O_PATH.diff index 2a2a8caf..4113f177 100644 --- a/debian/patches/dont_use_O_PATH.diff +++ b/debian/patches/dont_use_O_PATH.diff @@ -1,15 +1,24 @@ -Description: OpenFile portal: do not use O_PATH fds - Using O_PATH requires correctly specifying whether the fd is writable or - not. Stating that the fd is writable without it actually being writable - results into rejection on xdg-desktop-portal side. Other implementations - like xdg-open or gtk have also moved away from O_PATH fds so this will - make a matching implementation and avoid possible rejections from xdp. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:45 +0000 +Subject: OpenFile portal: do not use O_PATH fds + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=03cbcba7b2b0e42a Last-Update: 2023-05-13 +Using O_PATH requires correctly specifying whether the fd is writable or +not. Stating that the fd is writable without it actually being writable +results into rejection on xdg-desktop-portal side. Other implementations +like xdg-open or gtk have also moved away from O_PATH fds so this will +make a matching implementation and avoid possible rejections from xdp. +--- + src/platformsupport/services/genericunix/qgenericunixservices.cpp | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/src/platformsupport/services/genericunix/qgenericunixservices.cpp b/src/platformsupport/services/genericunix/qgenericunixservices.cpp +index 1a3cab2..4cb2cf7 100644 --- a/src/platformsupport/services/genericunix/qgenericunixservices.cpp +++ b/src/platformsupport/services/genericunix/qgenericunixservices.cpp -@@ -203,8 +203,7 @@ static inline QDBusMessage xdgDesktopPor +@@ -203,8 +203,7 @@ static inline QDBusMessage xdgDesktopPortalOpenFile(const QUrl &url) // handle_token (s) - A string that will be used as the last element of the @handle. // writable (b) - Whether to allow the chosen application to write to the file. @@ -19,7 +28,7 @@ Last-Update: 2023-05-13 if (fd != -1) { QDBusMessage message = QDBusMessage::createMethodCall(QLatin1String("org.freedesktop.portal.Desktop"), QLatin1String("/org/freedesktop/portal/desktop"), -@@ -214,16 +213,13 @@ static inline QDBusMessage xdgDesktopPor +@@ -214,16 +213,13 @@ static inline QDBusMessage xdgDesktopPortalOpenFile(const QUrl &url) QDBusUnixFileDescriptor descriptor; descriptor.giveFileDescriptor(fd); diff --git a/debian/patches/fix_alt_backtick.diff b/debian/patches/fix_alt_backtick.diff index cd094c00..36777e59 100644 --- a/debian/patches/fix_alt_backtick.diff +++ b/debian/patches/fix_alt_backtick.diff @@ -1,17 +1,30 @@ -Description: fix Alt+` shortcut on non-US layouts - Make it possible for non-letter-keys with Latin 1 symbols (`, !, @ etc.) - to participate in shortcuts also, when the keys generate national - symbols on non-Latin layout. - . - For example, in Russian layout, "`" key generates cyrillic "ё" letter of - national alphabet, so shortcuts with the key should still work - regardless of the actual layout. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:44 +0000 +Subject: fix Alt+` shortcut on non-US layouts +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit?id=62e697fd568f6acd Last-Update: 2022-12-03 +Make it possible for non-letter-keys with Latin 1 symbols (`, !, @ etc.) +to participate in shortcuts also, when the keys generate national +symbols on non-Latin layout. + +For example, in Russian layout, "`" key generates cyrillic "ё" letter of +national alphabet, so shortcuts with the key should still work +regardless of the actual layout. +--- + src/platformsupport/input/xkbcommon/qxkbcommon.cpp | 12 ++++++------ + src/platformsupport/input/xkbcommon/qxkbcommon_p.h | 4 ++-- + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/src/platformsupport/input/xkbcommon/qxkbcommon.cpp b/src/platformsupport/input/xkbcommon/qxkbcommon.cpp +index b713c19..0c8545b 100644 --- a/src/platformsupport/input/xkbcommon/qxkbcommon.cpp +++ b/src/platformsupport/input/xkbcommon/qxkbcommon.cpp -@@ -471,7 +471,7 @@ QVector QXkbCommon::toKeys +@@ -471,7 +471,7 @@ QVector QXkbCommon::toKeysym(QKeyEvent *event) } else if (event->modifiers() & Qt::KeypadModifier) { if (qtKey >= Qt::Key_0 && qtKey <= Qt::Key_9) keysyms.append(XKB_KEY_KP_0 + (qtKey - Qt::Key_0)); @@ -20,7 +33,7 @@ Last-Update: 2022-12-03 keysyms.append(qtKey); } -@@ -523,7 +523,7 @@ int QXkbCommon::keysymToQtKey(xkb_keysym +@@ -523,7 +523,7 @@ int QXkbCommon::keysymToQtKey(xkb_keysym_t keysym, Qt::KeyboardModifiers modifie // With standard shortcuts we should prefer a latin character, this is // for checks like "some qkeyevent == QKeySequence::Copy" to work even // when using for example 'russian' keyboard layout. @@ -29,7 +42,7 @@ Last-Update: 2022-12-03 xkb_keysym_t latinKeysym = QXkbCommon::lookupLatinKeysym(state, code); if (latinKeysym != XKB_KEY_NoSymbol) keysym = latinKeysym; -@@ -546,7 +546,7 @@ static int keysymToQtKey_internal(xkb_ke +@@ -546,7 +546,7 @@ static int keysymToQtKey_internal(xkb_keysym_t keysym, Qt::KeyboardModifiers mod } else if (keysym >= XKB_KEY_KP_0 && keysym <= XKB_KEY_KP_9) { // numeric keypad keys qtKey = Qt::Key_0 + (keysym - XKB_KEY_KP_0); @@ -38,7 +51,7 @@ Last-Update: 2022-12-03 qtKey = QXkbCommon::qxkbcommon_xkb_keysym_to_upper(keysym); } else { // check if we have a direct mapping -@@ -678,7 +678,7 @@ QList QXkbCommon::possibleKeys(xkb_ +@@ -678,7 +678,7 @@ QList QXkbCommon::possibleKeys(xkb_state *state, const QKeyEvent *event, Qt::KeyboardModifiers neededMods = ModsTbl[i]; if ((modifiers & neededMods) == neededMods) { if (i == 8) { @@ -47,7 +60,7 @@ Last-Update: 2022-12-03 continue; // add a latin key as a fall back key sym = lookupLatinKeysym(state, keycode); -@@ -733,7 +733,7 @@ void QXkbCommon::verifyHasLatinLayout(xk +@@ -733,7 +733,7 @@ void QXkbCommon::verifyHasLatinLayout(xkb_keymap *keymap) for (xkb_layout_index_t layout = 0; layout < layoutCount; ++layout) { for (xkb_keycode_t code = minKeycode; code < maxKeycode; ++code) { xkb_keymap_key_get_syms_by_level(keymap, code, layout, 0, &keysyms); @@ -56,7 +69,7 @@ Last-Update: 2022-12-03 nrLatinKeys++; if (nrLatinKeys > 10) // arbitrarily chosen threshold return; -@@ -766,7 +766,7 @@ xkb_keysym_t QXkbCommon::lookupLatinKeys +@@ -766,7 +766,7 @@ xkb_keysym_t QXkbCommon::lookupLatinKeysym(xkb_state *state, xkb_keycode_t keyco xkb_level_index_t level = xkb_state_key_get_level(state, keycode, layout); if (xkb_keymap_key_get_syms_by_level(keymap, keycode, layout, level, &syms) != 1) continue; @@ -65,6 +78,8 @@ Last-Update: 2022-12-03 sym = syms[0]; break; } +diff --git a/src/platformsupport/input/xkbcommon/qxkbcommon_p.h b/src/platformsupport/input/xkbcommon/qxkbcommon_p.h +index 561eae0..8389bd8 100644 --- a/src/platformsupport/input/xkbcommon/qxkbcommon_p.h +++ b/src/platformsupport/input/xkbcommon/qxkbcommon_p.h @@ -94,8 +94,8 @@ public: diff --git a/debian/patches/fix_qdbusmacros_h.diff b/debian/patches/fix_qdbusmacros_h.diff index 563df7f2..1db34e6b 100644 --- a/debian/patches/fix_qdbusmacros_h.diff +++ b/debian/patches/fix_qdbusmacros_h.diff @@ -1,7 +1,16 @@ -Description: fix capitalization error in auto-generated qdbusmacros.h include +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:45 +0000 +Subject: fix capitalization error in auto-generated qdbusmacros.h include + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=dca0304c26012a57 Last-Update: 2023-05-13 +--- + include/QtDBus/qdbusmacros.h | 6 +++--- + sync.profile | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) +diff --git a/include/QtDBus/qdbusmacros.h b/include/QtDBus/qdbusmacros.h +index 247af0c..67477d0 100644 --- a/include/QtDBus/qdbusmacros.h +++ b/include/QtDBus/qdbusmacros.h @@ -1,11 +1,11 @@ @@ -19,6 +28,8 @@ Last-Update: 2023-05-13 #if 0 #pragma qt_no_master_include #endif +diff --git a/sync.profile b/sync.profile +index 0292bf0..7dd0177 100644 --- a/sync.profile +++ b/sync.profile @@ -77,7 +77,7 @@ diff --git a/debian/patches/fusion_checkable_qpushbutton.diff b/debian/patches/fusion_checkable_qpushbutton.diff index 239cc386..4e09a5e8 100644 --- a/debian/patches/fusion_checkable_qpushbutton.diff +++ b/debian/patches/fusion_checkable_qpushbutton.diff @@ -1,16 +1,25 @@ -Description: QPushButton/fusion style: don't ignore QIcon::On icon - The fusion style did ignore the QIcon::On icon because it reset - State_On to avoid the visual shift of a pressed button. - But it's not needed to reset this flag - the shift does not happen - because the fusion style does return 0 as offset for - PM_ButtonShiftHorizontal/PM_ButtonShiftVertical so no shifting will - happen. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:43 +0000 +Subject: QPushButton/fusion style: don't ignore QIcon::On icon + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e9ccdf4d84157173 Last-Update: 2021-08-10 +The fusion style did ignore the QIcon::On icon because it reset +State_On to avoid the visual shift of a pressed button. +But it's not needed to reset this flag - the shift does not happen +because the fusion style does return 0 as offset for +PM_ButtonShiftHorizontal/PM_ButtonShiftVertical so no shifting will +happen. +--- + src/widgets/styles/qfusionstyle.cpp | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/src/widgets/styles/qfusionstyle.cpp b/src/widgets/styles/qfusionstyle.cpp +index a225d4b..35e2769 100644 --- a/src/widgets/styles/qfusionstyle.cpp +++ b/src/widgets/styles/qfusionstyle.cpp -@@ -1772,14 +1772,6 @@ void QFusionStyle::drawControl(ControlEl +@@ -1772,14 +1772,6 @@ void QFusionStyle::drawControl(ControlElement element, const QStyleOption *optio proxy()->drawControl(CE_PushButtonLabel, &subopt, painter, widget); } break; diff --git a/debian/patches/gnome_wayland.diff b/debian/patches/gnome_wayland.diff index 9f7375c7..5626fe08 100644 --- a/debian/patches/gnome_wayland.diff +++ b/debian/patches/gnome_wayland.diff @@ -1,13 +1,22 @@ -Description: use wayland platform plugin on GNOME wayland sessions by default - Qt wayland platform plugin has improved quite a lot and it is now pretty - much usable on Gnome. It also improves user experience a lot on HiDPI - displays. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:44 +0000 +Subject: use wayland platform plugin on GNOME wayland sessions by default + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=dda7dab8274991e4 Last-Update: 2022-10-16 +Qt wayland platform plugin has improved quite a lot and it is now pretty +much usable on Gnome. It also improves user experience a lot on HiDPI +displays. +--- + src/gui/kernel/qguiapplication.cpp | 9 +-------- + 1 file changed, 1 insertion(+), 8 deletions(-) + +diff --git a/src/gui/kernel/qguiapplication.cpp b/src/gui/kernel/qguiapplication.cpp +index b39b3b4..a217719 100644 --- a/src/gui/kernel/qguiapplication.cpp +++ b/src/gui/kernel/qguiapplication.cpp -@@ -1412,14 +1412,7 @@ void QGuiApplicationPrivate::createPlatf +@@ -1412,14 +1412,7 @@ void QGuiApplicationPrivate::createPlatformIntegration() if (sessionType == QByteArrayLiteral("x11") && !platformName.contains(QByteArrayLiteral("xcb"))) { platformName = QByteArrayLiteral("xcb"); } else if (sessionType == QByteArrayLiteral("wayland") && !platformName.contains(QByteArrayLiteral("wayland"))) { diff --git a/debian/patches/gnukfreebsd_linker_warnings.diff b/debian/patches/gnukfreebsd_linker_warnings.diff index 9e30c4c1..c851712f 100644 --- a/debian/patches/gnukfreebsd_linker_warnings.diff +++ b/debian/patches/gnukfreebsd_linker_warnings.diff @@ -1,17 +1,21 @@ -Description: catch linker warnings in some config tests - Without this, qmake wrongly thinks that the tests succeed, for example: - . - ./config.tests/unix/futimens/futimens.cpp:44: warning: futimens is not implemented and will always fail - test config.corelib.tests.futimens succeeded -Author: Dmitry Shachnev +From: Dmitry Shachnev +Date: Mon, 20 Nov 2023 01:57:46 +0000 +Subject: catch linker warnings in some config tests + Forwarded: https://codereview.qt-project.org/163214 (rejected) Bug: https://bugs.debian.org/827935 Last-Update: 2019-03-02 +Without this, qmake wrongly thinks that the tests succeed, for example: + +./config.tests/unix/futimens/futimens.cpp:44: warning: futimens is not implemented and will always fail +test config.corelib.tests.futimens succeeded --- - src/corelib/configure.json | 3 +++ + src/corelib/configure.json | 3 +++ 1 file changed, 3 insertions(+) +diff --git a/src/corelib/configure.json b/src/corelib/configure.json +index a9025a2..06f4311 100644 --- a/src/corelib/configure.json +++ b/src/corelib/configure.json @@ -331,6 +331,7 @@ diff --git a/debian/patches/image_deletion_order.diff b/debian/patches/image_deletion_order.diff index b20f5cb0..073a70f4 100644 --- a/debian/patches/image_deletion_order.diff +++ b/debian/patches/image_deletion_order.diff @@ -1,15 +1,25 @@ -Description: fix deletion order in QImageReader/Writer destructors - The device would be deleted before the image format handler, and hence - be a dangling pointer that could easily cause a crash if the handler - or codec would access it on destruction, e.g. for cleanup. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:44 +0000 +Subject: fix deletion order in QImageReader/Writer destructors + Origin: upstream, commits https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f091026be1deb4b4 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5633cb69f68ca3d3 Last-Update: 2023-02-26 +The device would be deleted before the image format handler, and hence +be a dangling pointer that could easily cause a crash if the handler +or codec would access it on destruction, e.g. for cleanup. +--- + src/gui/image/qimagereader.cpp | 6 +++--- + src/gui/image/qimagewriter.cpp | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/gui/image/qimagereader.cpp b/src/gui/image/qimagereader.cpp +index 5cb7e13..1274622 100644 --- a/src/gui/image/qimagereader.cpp +++ b/src/gui/image/qimagereader.cpp -@@ -515,9 +515,9 @@ QImageReaderPrivate::QImageReaderPrivate +@@ -515,9 +515,9 @@ QImageReaderPrivate::QImageReaderPrivate(QImageReader *qq) */ QImageReaderPrivate::~QImageReaderPrivate() { @@ -20,7 +30,7 @@ Last-Update: 2023-02-26 } /*! -@@ -774,12 +774,12 @@ bool QImageReader::decideFormatFromConte +@@ -774,12 +774,12 @@ bool QImageReader::decideFormatFromContent() const */ void QImageReader::setDevice(QIODevice *device) { @@ -35,9 +45,11 @@ Last-Update: 2023-02-26 d->text.clear(); } +diff --git a/src/gui/image/qimagewriter.cpp b/src/gui/image/qimagewriter.cpp +index 33f5e49..a679f25 100644 --- a/src/gui/image/qimagewriter.cpp +++ b/src/gui/image/qimagewriter.cpp -@@ -349,9 +349,9 @@ QImageWriter::QImageWriter(const QString +@@ -349,9 +349,9 @@ QImageWriter::QImageWriter(const QString &fileName, const QByteArray &format) */ QImageWriter::~QImageWriter() { diff --git a/debian/patches/link_fbclient.diff b/debian/patches/link_fbclient.diff index e2fed427..d6048bfc 100644 --- a/debian/patches/link_fbclient.diff +++ b/debian/patches/link_fbclient.diff @@ -1,9 +1,15 @@ -Description: build ibase sql plugin against firebird -Author: Fathi Boudra -Author: Dmitry Shachnev +From: Fathi Boudra +Date: Mon, 20 Nov 2023 01:57:46 +0000 +Subject: build ibase sql plugin against firebird + Forwarded: no Last-Update: 2017-06-30 +--- + src/plugins/sqldrivers/configure.json | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) +diff --git a/src/plugins/sqldrivers/configure.json b/src/plugins/sqldrivers/configure.json +index 28ccbea..9db93d6 100644 --- a/src/plugins/sqldrivers/configure.json +++ b/src/plugins/sqldrivers/configure.json @@ -52,7 +52,7 @@ diff --git a/debian/patches/mime_globs.diff b/debian/patches/mime_globs.diff index 1c66eba3..3ff48cac 100644 --- a/debian/patches/mime_globs.diff +++ b/debian/patches/mime_globs.diff @@ -1,13 +1,23 @@ -Description: adjust QMimeDatabase implementation - When multiple globs match, and the result from magic sniffing is - unrelated to any of those globs, globs have priority and one of them - should be picked up. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:43 +0000 +Subject: adjust QMimeDatabase implementation + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=0cbbba2aa5b47224 Last-Update: 2021-06-12 +When multiple globs match, and the result from magic sniffing is +unrelated to any of those globs, globs have priority and one of them +should be picked up. +--- + src/corelib/mimetypes/qmimedatabase.cpp | 11 +++++++---- + src/corelib/mimetypes/qmimeglobpattern.cpp | 5 ++++- + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/src/corelib/mimetypes/qmimedatabase.cpp b/src/corelib/mimetypes/qmimedatabase.cpp +index 9de22ce..ff868a3 100644 --- a/src/corelib/mimetypes/qmimedatabase.cpp +++ b/src/corelib/mimetypes/qmimedatabase.cpp -@@ -389,20 +389,23 @@ QMimeType QMimeDatabasePrivate::mimeType +@@ -389,20 +389,23 @@ QMimeType QMimeDatabasePrivate::mimeTypeForFileNameAndData(const QString &fileNa // Disambiguate conflicting extensions (if magic matching found something) if (candidateByData.isValid() && magicAccuracy > 0) { const QString sniffedMime = candidateByData.name(); @@ -35,9 +45,11 @@ Last-Update: 2021-06-12 } } +diff --git a/src/corelib/mimetypes/qmimeglobpattern.cpp b/src/corelib/mimetypes/qmimeglobpattern.cpp +index b1de890..fa8f4c5 100644 --- a/src/corelib/mimetypes/qmimeglobpattern.cpp +++ b/src/corelib/mimetypes/qmimeglobpattern.cpp -@@ -83,7 +83,10 @@ void QMimeGlobMatchResult::addMatch(cons +@@ -83,7 +83,10 @@ void QMimeGlobMatchResult::addMatch(const QString &mimeType, int weight, const Q } if (!m_matchingMimeTypes.contains(mimeType)) { m_matchingMimeTypes.append(mimeType); diff --git a/debian/patches/no_htmlinfo_example.diff b/debian/patches/no_htmlinfo_example.diff index 8632c4a9..640c9e07 100644 --- a/debian/patches/no_htmlinfo_example.diff +++ b/debian/patches/no_htmlinfo_example.diff @@ -1,8 +1,15 @@ -Description: disable htmlinfo example which contains non-free files -Author: Dmitry Shachnev +From: Dmitry Shachnev +Date: Mon, 20 Nov 2023 01:57:46 +0000 +Subject: disable htmlinfo example which contains non-free files + Forwarded: not-needed Last-Update: 2014-12-17 +--- + examples/xml/xml.pro | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) +diff --git a/examples/xml/xml.pro b/examples/xml/xml.pro +index b075057..1c78e6b 100644 --- a/examples/xml/xml.pro +++ b/examples/xml/xml.pro @@ -1,6 +1,5 @@ diff --git a/debian/patches/openssl3.diff b/debian/patches/openssl3.diff index 4e85902e..e9526902 100644 --- a/debian/patches/openssl3.diff +++ b/debian/patches/openssl3.diff @@ -1,4 +1,7 @@ -Description: upstream fixes to support OpenSSL 3.0 +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:44 +0000 +Subject: upstream fixes to support OpenSSL 3.0 + Origin: upstream, commits https://code.qt.io/cgit/qt/qtbase.git/commit/?id=3186ca3e3972cf46 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=408656c6f9de326c @@ -6,7 +9,15 @@ Origin: upstream, commits and a small part of https://code.qt.io/cgit/qt/qtbase.git/commit/?id=4c0f81490ba0c4ec Last-Update: 2021-12-09 +--- + src/network/ssl/qsslcontext_openssl.cpp | 4 +- + .../ssl/qssldiffiehellmanparameters_openssl.cpp | 51 ---------------------- + src/network/ssl/qsslsocket_openssl_symbols.cpp | 22 +++++++--- + src/network/ssl/qsslsocket_openssl_symbols_p.h | 16 ++++--- + 4 files changed, 29 insertions(+), 64 deletions(-) +diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp +index c9f202f..d0a428c 100644 --- a/src/network/ssl/qsslcontext_openssl.cpp +++ b/src/network/ssl/qsslcontext_openssl.cpp @@ -409,7 +409,7 @@ init_context: @@ -27,6 +38,8 @@ Last-Update: 2021-12-09 break; case QSsl::TlsV1_3OrLater: #ifdef TLS1_3_VERSION +diff --git a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp b/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp +index aaf8741..b589353 100644 --- a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp +++ b/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp @@ -59,57 +59,6 @@ @@ -87,9 +100,11 @@ Last-Update: 2021-12-09 static bool isSafeDH(DH *dh) { int status = 0; +diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp +index e53fb27..68a766c 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp -@@ -148,7 +148,6 @@ DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKE +@@ -148,7 +148,6 @@ DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return) DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return) DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return) DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return) @@ -97,7 +112,7 @@ Last-Update: 2021-12-09 DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return) DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return) DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return) -@@ -371,7 +370,15 @@ DEFINEFUNC(const SSL_CIPHER *, SSL_get_c +@@ -371,7 +370,15 @@ DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return nullptr DEFINEFUNC(int, SSL_version, const SSL *a, a, return 0, return) DEFINEFUNC2(int, SSL_get_error, SSL *a, a, int b, b, return -1, return) DEFINEFUNC(STACK_OF(X509) *, SSL_get_peer_cert_chain, SSL *a, a, return nullptr, return) @@ -113,7 +128,7 @@ Last-Update: 2021-12-09 DEFINEFUNC(long, SSL_get_verify_result, const SSL *a, a, return -1, return) DEFINEFUNC(SSL *, SSL_new, SSL_CTX *a, a, return nullptr, return) DEFINEFUNC(SSL_CTX *, SSL_get_SSL_CTX, SSL *a, a, return nullptr, return) -@@ -492,9 +499,7 @@ DEFINEFUNC(DH *, DH_new, DUMMYARG, DUMMY +@@ -492,9 +499,7 @@ DEFINEFUNC(DH *, DH_new, DUMMYARG, DUMMYARG, return nullptr, return) DEFINEFUNC(void, DH_free, DH *dh, dh, return, DUMMYARG) DEFINEFUNC3(DH *, d2i_DHparams, DH**a, a, const unsigned char **pp, pp, long length, length, return nullptr, return) DEFINEFUNC2(int, i2d_DHparams, DH *a, a, unsigned char **p, p, return -1, return) @@ -157,9 +172,11 @@ Last-Update: 2021-12-09 RESOLVEFUNC(BN_bin2bn) #ifndef OPENSSL_NO_EC +diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h +index 95e8897..7196177 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols_p.h +++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h -@@ -237,7 +237,6 @@ Q_AUTOTEST_EXPORT int q_EVP_PKEY_up_ref( +@@ -237,7 +237,6 @@ Q_AUTOTEST_EXPORT int q_EVP_PKEY_up_ref(EVP_PKEY *a); EVP_PKEY_CTX *q_EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); void q_EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); int q_EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); @@ -167,7 +184,7 @@ Last-Update: 2021-12-09 int q_RSA_bits(RSA *a); Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a); Q_AUTOTEST_EXPORT void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); -@@ -510,7 +509,6 @@ const SSL_CIPHER *q_SSL_get_current_ciph +@@ -510,7 +509,6 @@ const SSL_CIPHER *q_SSL_get_current_cipher(SSL *a); int q_SSL_version(const SSL *a); int q_SSL_get_error(SSL *a, int b); STACK_OF(X509) *q_SSL_get_peer_cert_chain(SSL *a); @@ -186,7 +203,7 @@ Last-Update: 2021-12-09 BIGNUM *q_BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); #define q_SSL_CTX_set_tmp_dh(ctx, dh) q_SSL_CTX_ctrl((ctx), SSL_CTRL_SET_TMP_DH, 0, (char *)dh) -@@ -754,6 +749,17 @@ void q_CRYPTO_free(void *str, const char +@@ -754,6 +749,17 @@ void q_CRYPTO_free(void *str, const char *file, int line); int q_SSL_CTX_get_security_level(const SSL_CTX *ctx); void q_SSL_CTX_set_security_level(SSL_CTX *ctx, int level); diff --git a/debian/patches/openssl_set_options.diff b/debian/patches/openssl_set_options.diff index 62947914..504e1f9b 100644 --- a/debian/patches/openssl_set_options.diff +++ b/debian/patches/openssl_set_options.diff @@ -1,11 +1,24 @@ -Description: update function argument of SSL_CTX_set_options - openssl3 uses uint64_t for the options argument in SSL_CTX_set_options, - older ones used long. - sizeof(long) is not the same on any platform as sizeof(uint64_t) +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:44 +0000 +Subject: update function argument of SSL_CTX_set_options + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e995bfc0ea783c15 Backported for 5.15 by the patch author, Michael Saxl. Last-Update: 2022-08-07 +openssl3 uses uint64_t for the options argument in SSL_CTX_set_options, +older ones used long. +sizeof(long) is not the same on any platform as sizeof(uint64_t) +--- + src/network/ssl/qsslcontext_openssl.cpp | 2 +- + src/network/ssl/qsslsocket_openssl.cpp | 4 ++-- + src/network/ssl/qsslsocket_openssl_p.h | 8 +++++++- + src/network/ssl/qsslsocket_openssl_symbols.cpp | 2 +- + src/network/ssl/qsslsocket_openssl_symbols_p.h | 2 +- + 5 files changed, 12 insertions(+), 6 deletions(-) + +diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp +index d0a428c..c992da9 100644 --- a/src/network/ssl/qsslcontext_openssl.cpp +++ b/src/network/ssl/qsslcontext_openssl.cpp @@ -455,7 +455,7 @@ init_context: @@ -17,9 +30,11 @@ Last-Update: 2022-08-07 q_SSL_CTX_set_options(sslContext->ctx, options); // Tell OpenSSL to release memory early +diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +index 37fad2a..8f6858c 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp -@@ -550,9 +550,9 @@ static void q_loadCiphersForConnection(S +@@ -550,9 +550,9 @@ static void q_loadCiphersForConnection(SSL *connection, QList &ciphe // Defined in qsslsocket.cpp void q_setDefaultDtlsCiphers(const QList &ciphers); @@ -31,6 +46,8 @@ Last-Update: 2022-08-07 if (protocol == QSsl::TlsV1SslV3) options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3; else if (protocol == QSsl::SecureProtocols) +diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h +index 4103de2..5547589 100644 --- a/src/network/ssl/qsslsocket_openssl_p.h +++ b/src/network/ssl/qsslsocket_openssl_p.h @@ -107,6 +107,12 @@ @@ -55,9 +72,11 @@ Last-Update: 2022-08-07 static QSslCipher QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher); static QList STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509); static QList verify(const QList &certificateChain, const QString &hostName); +diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp +index 68a766c..459ccd0 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp -@@ -157,7 +157,7 @@ DEFINEFUNC2(void, OPENSSL_sk_push, OPENS +@@ -157,7 +157,7 @@ DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMM DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) @@ -66,9 +85,11 @@ Last-Update: 2022-08-07 DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return) DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return) #ifdef TLS1_3_VERSION +diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h +index 7196177..27aeffa 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols_p.h +++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h -@@ -245,7 +245,7 @@ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_push +@@ -245,7 +245,7 @@ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data); Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK *a); Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b); int q_SSL_session_reused(SSL *a); diff --git a/debian/patches/path_max.diff b/debian/patches/path_max.diff index b9014fac..8c66f080 100644 --- a/debian/patches/path_max.diff +++ b/debian/patches/path_max.diff @@ -1,13 +1,21 @@ -Author: Pino Toscano -Description: Avoid unconditional PATH_MAX usage - Use a "safe" size in case PATH_MAX is not defined; in the end, this should not - be used, as a allocating realpath() will be used instead. +From: Pino Toscano +Date: Mon, 20 Nov 2023 01:57:46 +0000 +Subject: Avoid unconditional PATH_MAX usage + Forwarded: no Last-Update: 2020-04-19 +Use a "safe" size in case PATH_MAX is not defined; in the end, this should not +be used, as a allocating realpath() will be used instead. +--- + src/corelib/io/qfilesystemengine_unix.cpp | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/corelib/io/qfilesystemengine_unix.cpp b/src/corelib/io/qfilesystemengine_unix.cpp +index 4273909..6833acf 100644 --- a/src/corelib/io/qfilesystemengine_unix.cpp +++ b/src/corelib/io/qfilesystemengine_unix.cpp -@@ -689,7 +689,11 @@ QFileSystemEntry QFileSystemEngine::cano +@@ -689,7 +689,11 @@ QFileSystemEntry QFileSystemEngine::canonicalName(const QFileSystemEntry &entry, Q_UNUSED(data); return QFileSystemEntry(slowCanonicalized(absoluteName(entry).filePath())); #else diff --git a/debian/patches/qdoc_default_incdirs.diff b/debian/patches/qdoc_default_incdirs.diff index 4c559a3e..4c0f1812 100644 --- a/debian/patches/qdoc_default_incdirs.diff +++ b/debian/patches/qdoc_default_incdirs.diff @@ -1,13 +1,16 @@ -Description: pass default include directories to qdoc -Author: Martin Smith +From: Martin Smith +Date: Mon, 20 Nov 2023 01:57:46 +0000 +Subject: pass default include directories to qdoc + Bug: https://bugs.debian.org/908328 Forwarded: no Last-Update: 2020-01-28 - --- - mkspecs/features/qt_docs.prf | 4 ++++ + mkspecs/features/qt_docs.prf | 4 ++++ 1 file changed, 4 insertions(+) +diff --git a/mkspecs/features/qt_docs.prf b/mkspecs/features/qt_docs.prf +index e19d06f..05cdb11 100644 --- a/mkspecs/features/qt_docs.prf +++ b/mkspecs/features/qt_docs.prf @@ -98,6 +98,10 @@ doc_command = $$QDOC $$QMAKE_DOCS diff --git a/debian/patches/qmenu_set_transient_parent.diff b/debian/patches/qmenu_set_transient_parent.diff index a2afbb28..79783307 100644 --- a/debian/patches/qmenu_set_transient_parent.diff +++ b/debian/patches/qmenu_set_transient_parent.diff @@ -1,12 +1,22 @@ -Description: widgets: setTransientParent() when a QMenu is a window - On some platforms, such as X11 and Wayland with some compositors, - QMenu could be a popup window, which should be set a transient parent - to get relative position, which is requested by Wayland. - . - Added transientParentWindow() for QMenuPrivate like QDialogPrivate. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:44 +0000 +Subject: widgets: setTransientParent() when a QMenu is a window + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=493a85a9e4688744 Last-Update: 2022-10-16 +On some platforms, such as X11 and Wayland with some compositors, +QMenu could be a popup window, which should be set a transient parent +to get relative position, which is requested by Wayland. + +Added transientParentWindow() for QMenuPrivate like QDialogPrivate. +--- + src/widgets/widgets/qmenu.cpp | 25 +++++++++++++++++++++++++ + src/widgets/widgets/qmenu_p.h | 1 + + 2 files changed, 26 insertions(+) + +diff --git a/src/widgets/widgets/qmenu.cpp b/src/widgets/widgets/qmenu.cpp +index 284c83b..bc2bf86 100644 --- a/src/widgets/widgets/qmenu.cpp +++ b/src/widgets/widgets/qmenu.cpp @@ -624,6 +624,29 @@ void QMenuPrivate::hideMenu(QMenu *menu) @@ -48,6 +58,8 @@ Last-Update: 2022-10-16 break; #ifndef QT_NO_TOOLTIP case QEvent::ToolTip: +diff --git a/src/widgets/widgets/qmenu_p.h b/src/widgets/widgets/qmenu_p.h +index 3871d67..fa3929e 100644 --- a/src/widgets/widgets/qmenu_p.h +++ b/src/widgets/widgets/qmenu_p.h @@ -440,6 +440,7 @@ public: diff --git a/debian/patches/qshapedpixmapwindow_no_tooltip.diff b/debian/patches/qshapedpixmapwindow_no_tooltip.diff index 7e4dabfb..201d44f2 100644 --- a/debian/patches/qshapedpixmapwindow_no_tooltip.diff +++ b/debian/patches/qshapedpixmapwindow_no_tooltip.diff @@ -1,20 +1,29 @@ -Description: do not set Qt::ToolTip flag for QShapedPixmapWindow - This hint is not really needed in the first place and only causes - problems in some environments. - . - For example in KDE, the compositor animates changes in position and size - for all ToolTip windows. However, this is not wanted here because we use - this window as a thumbnail for a drag-and-drop operation. - Before this patch the dragged element would lag significantly behind the - cursor. Now it works as expected, i.e. the dragged element follows the - cursor immediately. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:44 +0000 +Subject: do not set Qt::ToolTip flag for QShapedPixmapWindow + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=180b496b537089b8 Bug: https://bugreports.qt.io/browse/QTBUG-98048 Last-Update: 2023-05-20 +This hint is not really needed in the first place and only causes +problems in some environments. + +For example in KDE, the compositor animates changes in position and size +for all ToolTip windows. However, this is not wanted here because we use +this window as a thumbnail for a drag-and-drop operation. +Before this patch the dragged element would lag significantly behind the +cursor. Now it works as expected, i.e. the dragged element follows the +cursor immediately. +--- + src/gui/kernel/qshapedpixmapdndwindow.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/gui/kernel/qshapedpixmapdndwindow.cpp b/src/gui/kernel/qshapedpixmapdndwindow.cpp +index bb0d8e4..b98fcc6 100644 --- a/src/gui/kernel/qshapedpixmapdndwindow.cpp +++ b/src/gui/kernel/qshapedpixmapdndwindow.cpp -@@ -56,7 +56,7 @@ QShapedPixmapWindow::QShapedPixmapWindow +@@ -56,7 +56,7 @@ QShapedPixmapWindow::QShapedPixmapWindow(QScreen *screen) QSurfaceFormat format; format.setAlphaBufferSize(8); setFormat(format); diff --git a/debian/patches/qstorageinfo_linux.diff b/debian/patches/qstorageinfo_linux.diff index b1da1fc8..c9c229ce 100644 --- a/debian/patches/qstorageinfo_linux.diff +++ b/debian/patches/qstorageinfo_linux.diff @@ -1,16 +1,24 @@ -Author: Pino Toscano -Description: Limit Linux-only code with Q_OS_LINUX - The QStorageInfo/QStorageIterator implementation used for Linux is used also - on Hurd, as it uses an interface provided by GNU libc. - QStorageIterator::device() tries to use PATH_MAX (unavailable on the Hurd) - to lookup a /dev/block/ path, which exists on Linux only; hence, perform that - check within a Q_OS_LINUX block. +From: Pino Toscano +Date: Mon, 20 Nov 2023 01:57:46 +0000 +Subject: Limit Linux-only code with Q_OS_LINUX + Forwarded: no Last-Update: 2020-04-19 +The QStorageInfo/QStorageIterator implementation used for Linux is used also +on Hurd, as it uses an interface provided by GNU libc. +QStorageIterator::device() tries to use PATH_MAX (unavailable on the Hurd) +to lookup a /dev/block/ path, which exists on Linux only; hence, perform that +check within a Q_OS_LINUX block. +--- + src/corelib/io/qstorageinfo_unix.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/corelib/io/qstorageinfo_unix.cpp b/src/corelib/io/qstorageinfo_unix.cpp +index 698c4dd..45570ee 100644 --- a/src/corelib/io/qstorageinfo_unix.cpp +++ b/src/corelib/io/qstorageinfo_unix.cpp -@@ -566,6 +566,7 @@ inline QByteArray QStorageIterator::file +@@ -566,6 +566,7 @@ inline QByteArray QStorageIterator::fileSystemType() const inline QByteArray QStorageIterator::device() const { @@ -18,7 +26,7 @@ Last-Update: 2020-04-19 // check that the device exists if (mnt.mnt_fsname[0] == '/' && access(mnt.mnt_fsname, F_OK) != 0) { // It doesn't, so let's try to resolve the dev_t from /dev/block. -@@ -581,6 +582,7 @@ inline QByteArray QStorageIterator::devi +@@ -581,6 +582,7 @@ inline QByteArray QStorageIterator::device() const return dev; } } diff --git a/debian/patches/qxcbwindow_set_geometry.diff b/debian/patches/qxcbwindow_set_geometry.diff index 76ac96a9..13f24d86 100644 --- a/debian/patches/qxcbwindow_set_geometry.diff +++ b/debian/patches/qxcbwindow_set_geometry.diff @@ -1,21 +1,30 @@ -Description: set geometry property in QXcbWindow after checking minimum size - QXcbWindow::create() bound the window's size to windowMinimumSize(), - after its size had been inherited from parent(). - QPlatformWindow::setGeometry() was called before that sanity check. - . - When a fullscreen window is re-mapped from a deactivated screen to the - remaining screen, the call to QPlatformWindow::setGeometry() assigns - an invalid QRect to QPlatformWindowPrivate::rect - The negative int values x2 and/or y2 cause - QXcbBackingStoreImage::flushPixmap to address unmapped memory and - crash. - . - This patch moves the call to QPlatformWindow::setGeometry() from - before to after bounding to a minimum value. That assures a valid - rectangle to be assigned in all cases. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:44 +0000 +Subject: set geometry property in QXcbWindow after checking minimum size + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=6a3627b6c5aa5109 Last-Update: 2023-01-04 +QXcbWindow::create() bound the window's size to windowMinimumSize(), +after its size had been inherited from parent(). +QPlatformWindow::setGeometry() was called before that sanity check. + +When a fullscreen window is re-mapped from a deactivated screen to the +remaining screen, the call to QPlatformWindow::setGeometry() assigns +an invalid QRect to QPlatformWindowPrivate::rect +The negative int values x2 and/or y2 cause +QXcbBackingStoreImage::flushPixmap to address unmapped memory and +crash. + +This patch moves the call to QPlatformWindow::setGeometry() from +before to after bounding to a minimum value. That assures a valid +rectangle to be assigned in all cases. +--- + src/plugins/platforms/xcb/qxcbwindow.cpp | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/plugins/platforms/xcb/qxcbwindow.cpp b/src/plugins/platforms/xcb/qxcbwindow.cpp +index bffad0f..45bac8e 100644 --- a/src/plugins/platforms/xcb/qxcbwindow.cpp +++ b/src/plugins/platforms/xcb/qxcbwindow.cpp @@ -299,11 +299,6 @@ void QXcbWindow::create() diff --git a/debian/patches/remove_privacy_breaches.diff b/debian/patches/remove_privacy_breaches.diff index e9111497..ebf78210 100644 --- a/debian/patches/remove_privacy_breaches.diff +++ b/debian/patches/remove_privacy_breaches.diff @@ -1,15 +1,20 @@ -Description: remove non-used privacy-breach code - This code makes Lintian unhappy. But we are really not using it, it only - gets inserted when building the online doc. - Anyways the best way to calm down Lintian is to simply remove it. -Author: Lisandro Damián Nicanor Pérez Meyer +From: =?utf-8?q?Lisandro_Dami=C3=A1n_Nicanor_P=C3=A9rez_Meyer?= + +Date: Mon, 20 Nov 2023 01:57:46 +0000 +Subject: remove non-used privacy-breach code + Forwarded: not-needed Last-Update: 2015-02-18 +This code makes Lintian unhappy. But we are really not using it, it only +gets inserted when building the online doc. +Anyways the best way to calm down Lintian is to simply remove it. --- - doc/global/template/scripts/main.js | 5 ----- + doc/global/template/scripts/main.js | 5 ----- 1 file changed, 5 deletions(-) +diff --git a/doc/global/template/scripts/main.js b/doc/global/template/scripts/main.js +index 823cebe..7d99e00 100644 --- a/doc/global/template/scripts/main.js +++ b/doc/global/template/scripts/main.js @@ -94,11 +94,6 @@ $(document).ready(function($) { diff --git a/debian/patches/revert_startBlocking_removal.diff b/debian/patches/revert_startBlocking_removal.diff index 3537b759..2a162c24 100644 --- a/debian/patches/revert_startBlocking_removal.diff +++ b/debian/patches/revert_startBlocking_removal.diff @@ -1,13 +1,23 @@ -Description: revert "Remove the dead code for blocking methods from QtConcurrent" - It's a binary incompatible change. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:47 +0000 +Subject: revert "Remove the dead code for blocking methods from QtConcurrent" + Origin: KDE, https://invent.kde.org/qt/qt/qtbase/-/commit/eeadc036d77b75be Also submitted to upstream 5.15 branch according to https://lists.qt-project.org/pipermail/development/2022-September/042951.html. Last-Update: 2022-09-10 +It's a binary incompatible change. +--- + src/concurrent/qtconcurrentthreadengine.cpp | 33 +++++++++++++++++++++++++++++ + src/concurrent/qtconcurrentthreadengine.h | 23 ++++++++++++++++++++ + 2 files changed, 56 insertions(+) + +diff --git a/src/concurrent/qtconcurrentthreadengine.cpp b/src/concurrent/qtconcurrentthreadengine.cpp +index ea6ce3a..7f91a2b 100644 --- a/src/concurrent/qtconcurrentthreadengine.cpp +++ b/src/concurrent/qtconcurrentthreadengine.cpp -@@ -176,6 +176,39 @@ void ThreadEngineBase::startSingleThread +@@ -176,6 +176,39 @@ void ThreadEngineBase::startSingleThreaded() finish(); } @@ -47,6 +57,8 @@ Last-Update: 2022-09-10 void ThreadEngineBase::startThread() { startThreadInternal(); +diff --git a/src/concurrent/qtconcurrentthreadengine.h b/src/concurrent/qtconcurrentthreadengine.h +index 7c30ceb..a4c8548 100644 --- a/src/concurrent/qtconcurrentthreadengine.h +++ b/src/concurrent/qtconcurrentthreadengine.h @@ -91,6 +91,7 @@ public: @@ -57,10 +69,11 @@ Last-Update: 2022-09-10 void startThread(); bool isCanceled(); void waitForResume(); -@@ -144,6 +145,15 @@ public: +@@ -143,6 +144,15 @@ public: + return result(); } - // Runs the user algorithm using multiple threads. ++ // Runs the user algorithm using multiple threads. + // This function blocks until the algorithm is finished, + // and then returns the result. + T *startBlocking() @@ -69,11 +82,10 @@ Last-Update: 2022-09-10 + return result(); + } + -+ // Runs the user algorithm using multiple threads. + // Runs the user algorithm using multiple threads. // Does not block, returns a future. QFuture startAsynchronously() - { -@@ -223,6 +233,13 @@ class ThreadEngineStarter : public Threa +@@ -223,6 +233,13 @@ class ThreadEngineStarter : public ThreadEngineStarterBase public: ThreadEngineStarter(TypedThreadEngine *eng) : Base(eng) { } @@ -87,7 +99,7 @@ Last-Update: 2022-09-10 }; // Full template specialization where T is void. -@@ -232,6 +249,12 @@ class ThreadEngineStarter : public +@@ -232,6 +249,12 @@ class ThreadEngineStarter : public ThreadEngineStarterBase public: ThreadEngineStarter(ThreadEngine *_threadEngine) : ThreadEngineStarterBase(_threadEngine) {} diff --git a/debian/patches/series b/debian/patches/series index 5573abdf..43d2fe3e 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,4 +1,3 @@ -# Backported from upstream. mime_globs.diff fusion_checkable_qpushbutton.diff openssl3.diff @@ -21,8 +20,6 @@ dont_use_O_PATH.diff fix_qdbusmacros_h.diff CVE-2023-37369.diff CVE-2023-38197.diff - -# Debian specific. no_htmlinfo_example.diff remove_privacy_breaches.diff link_fbclient.diff diff --git a/debian/patches/sql_odbc_fix_unicode_check.diff b/debian/patches/sql_odbc_fix_unicode_check.diff index dd27b32e..e1a09675 100644 --- a/debian/patches/sql_odbc_fix_unicode_check.diff +++ b/debian/patches/sql_odbc_fix_unicode_check.diff @@ -1,18 +1,27 @@ -Description: QSQL/ODBC: fix regression (trailing NUL) - When we fixed the callers of toSQLTCHAR() to use the result's size() - instead of the input's (which differ, if sizeof(SQLTCHAR) != 2), we - exposed callers to the append(0), which changes the size() of the - result QVLA. Callers that don't rely on NUL-termination (all?) now saw - an additional training NUL. - . - Fix by not NUL-terminating, and changing the only user of SQL_NTS to - use an explicit length. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:45 +0000 +Subject: QSQL/ODBC: fix regression (trailing NUL) + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=9020034b3b6a3a81 Last-Update: 2023-06-30 +When we fixed the callers of toSQLTCHAR() to use the result's size() +instead of the input's (which differ, if sizeof(SQLTCHAR) != 2), we +exposed callers to the append(0), which changes the size() of the +result QVLA. Callers that don't rely on NUL-termination (all?) now saw +an additional training NUL. + +Fix by not NUL-terminating, and changing the only user of SQL_NTS to +use an explicit length. +--- + src/plugins/sqldrivers/odbc/qsql_odbc.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +index 5e1eefe..c713893 100644 --- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp -@@ -125,7 +125,6 @@ inline static QVarLengthArray +@@ -125,7 +125,6 @@ inline static QVarLengthArray toSQLTCHAR(const QString &input) { QVarLengthArray result; toSQLTCHARImpl(result, input); diff --git a/debian/patches/sql_odbc_more_unicode_checks.diff b/debian/patches/sql_odbc_more_unicode_checks.diff index de7d2d9a..a1fb149b 100644 --- a/debian/patches/sql_odbc_more_unicode_checks.diff +++ b/debian/patches/sql_odbc_more_unicode_checks.diff @@ -1,16 +1,25 @@ -Description: SQL/ODBC: add another check to detect unicode availability in driver - Since ODBC does not have a direct way finding out if unicode is - supported by the underlying driver the ODBC plugin does some checks. As - a last resort a sql statement is executed which returns a string. But - even this may fail because the select statement has no FROM part which - is rejected by at least Oracle does not allow. Therefore add another - query which is correct for Oracle & DB2 as a workaround. The question - why the first three statements to check for unicode availability fail - is still open but can't be checked since I've no access to an oracle - database. +From: Debian Qt/KDE Maintainers +Date: Mon, 20 Nov 2023 01:57:45 +0000 +Subject: SQL/ODBC: add another check to detect unicode availability in driver + Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f19320748d282b1e Last-Update: 2023-06-30 +Since ODBC does not have a direct way finding out if unicode is +supported by the underlying driver the ODBC plugin does some checks. As +a last resort a sql statement is executed which returns a string. But +even this may fail because the select statement has no FROM part which +is rejected by at least Oracle does not allow. Therefore add another +query which is correct for Oracle & DB2 as a workaround. The question +why the first three statements to check for unicode availability fail +is still open but can't be checked since I've no access to an oracle +database. +--- + src/plugins/sqldrivers/odbc/qsql_odbc.cpp | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +index 6cac60d..5e1eefe 100644 --- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp @@ -2111,7 +2111,18 @@ void QODBCDriverPrivate::checkUnicode()