Package: qtbase-opensource-src / 5.14.2+dfsg-4

Metadata

Package Version Patches format
qtbase-opensource-src 5.14.2+dfsg-4 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2015 9541.diff | (download)

src/corelib/serialization/qxmlstream.cpp | 36 36 + 0 - 0 !
src/corelib/serialization/qxmlstream.g | 14 13 + 1 - 0 !
src/corelib/serialization/qxmlstream.h | 2 2 + 0 - 0 !
src/corelib/serialization/qxmlstream_p.h | 14 13 + 1 - 0 !
4 files changed, 64 insertions(+), 2 deletions(-)

 add an expansion limit for entities
 Recursively defined entities can easily exhaust all available
 memory. Limit entity expansion to a default of 4096 characters to
 avoid DoS attacks when a user loads untrusted content.
 .
 Added a setter and getter to allow modifying the expansion limit.
 .
 QXmlStreamReader does now by default limit the expansion of entities
 to 4096 characters. Documents where a single entity expands to more
 characters than the limit are not considered well formed. The limit
 is there to avoid DoS attacks through recursively expanding entities
 when loading untrusted content. The limit can be changed through the
 QXmlStreamReader::setEntityExpansionLimit() method.
enable_a11y_on_linux.diff | (download)

src/platformsupport/linuxaccessibility/dbusconnection.cpp | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 enable accessibility on linux when org.a11y.status isenabled is true
 Otherwise accessibility would only work when Orca is set to be started
 in the session preference, and it would not work when running Orca or
 compiz' zoom by hand.
 .
 The existing comment said that it was always true since gnome 3.6, but at
 least in Debian 8's gnome 3.14, Debian 9's gnome 3.22, and Debian 10's
 3.30 it is not always true, it is Orca which sets it on startup. Compiz's
 focuspoll module also does so for people with low vision using zoom with
 focus tracking.
fix_qlibrary_deadlock.diff | (download)

src/corelib/plugin/qlibrary.cpp | 2 0 + 2 - 0 !
src/corelib/plugin/qlibrary_unix.cpp | 4 4 + 0 - 0 !
src/corelib/plugin/qlibrary_win.cpp | 3 3 + 0 - 0 !
3 files changed, 7 insertions(+), 2 deletions(-)

 qlibrary: fix deadlock caused by fix to qtbug-39642
 Commit ae6f73e8566fa76470937aca737141183929a5ec inserted a mutex around
 the entire load_sys(). We had reasoned that deadlocks would only occur if
 the object creation in instance() recursed into its own instance(),
 which was already a bug. But we had forgotten that dlopen()/
 LoadLibrary() executes initialization code from the module being loaded,
 which could cause a recursion back into the same QPluginLoader or
 QLibrary object. This recursion is benign because the module *is* loaded
 and dlopen()/LoadLibrary() returns the same handle.
gnukfreebsd.diff | (download)

mkspecs/features/qt_functions.prf | 2 2 + 0 - 0 !
mkspecs/gnukfreebsd-g++/qmake.conf | 54 54 + 0 - 0 !
mkspecs/gnukfreebsd-g++/qplatformdefs.h | 84 84 + 0 - 0 !
3 files changed, 140 insertions(+)

 initial gnu/kfreebsd support
 - add a gnukfreebsd-g++ qmake mkspec, mostly copied from the hurd-g++ one
 - properly use LD_LIBRARY_PATH on GNU/* systems
no_htmlinfo_example.diff | (download)

examples/xml/xml.pro | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 disable htmlinfo example which contains non-free files
remove_privacy_breaches.diff | (download)

doc/global/template/scripts/main.js | 5 0 + 5 - 0 !
1 file changed, 5 deletions(-)

 remove non-used privacy-breach code
 This code makes Lintian unhappy. But we are really not using it, it only
 gets inserted when building the online doc.
 Anyways the best way to calm down Lintian is to simply remove it.
link_fbclient.diff | (download)

src/plugins/sqldrivers/configure.json | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 build ibase sql plugin against firebird
gnukfreebsd_linker_warnings.diff | (download)

src/corelib/configure.json | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 catch linker warnings in some config tests
 Without this, qmake wrongly thinks that the tests succeed, for example:
 .
 ./config.tests/unix/futimens/futimens.cpp:44: warning: futimens is not implemented and will always fail
 test config.corelib.tests.futimens succeeded
armv4.diff | (download)

src/corelib/global/qprocessordetection.h | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 support armv4 architecture, needed for armel builds
nonlinux_utime.diff | (download)

qmake/library/ioutils.cpp | 2 1 + 1 - 0 !
src/corelib/io/qfilesystemengine_unix.cpp | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 guard utime_now/utime_omit usages
qdoc_default_incdirs.diff | (download)

mkspecs/features/qt_docs.prf | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 pass default include directories to qdoc
path_max.diff | (download)

src/corelib/io/qfilesystemengine_unix.cpp | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 avoid unconditional path_max usage
 Use a "safe" size in case PATH_MAX is not defined; in the end, this should not
 be used, as a allocating realpath() will be used instead.
qstorageinfo_linux.diff | (download)

src/corelib/io/qstorageinfo_unix.cpp | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 limit linux-only code with q_os_linux
 The QStorageInfo/QStorageIterator implementation used for Linux is used also
 on Hurd, as it uses an interface provided by GNU libc.
 QStorageIterator::device() tries to use PATH_MAX (unavailable on the Hurd)
 to lookup a /dev/block/ path, which exists on Linux only; hence, perform that
 check within a Q_OS_LINUX block.