Package: qtbase-opensource-src / 5.7.1+dfsg-3+deb9u1

Metadata

Package Version Patches format
qtbase-opensource-src 5.7.1+dfsg-3+deb9u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
qsettings_simplify_logic.diff | (download)

src/corelib/io/qsettings.cpp | 174 80 + 94 - 0 !
src/corelib/io/qsettings_p.h | 18 2 + 16 - 0 !
2 files changed, 82 insertions(+), 110 deletions(-)

 qsettings: simplify conffiles logic
 Use a QVector to hold the QConfFile(s) to allow more configuration
 files than the statically defined number -> this will allow considering
 multiple system-wide configuration files if needed.
 .
 To use a dynamic container we get rid of use QScopedSharedPointer, which
 actually wasn't needed anyway, as the "deref" logic was/is done manually
 in the QConfFileSettingsPrivate destructor.
qsettings_XDG_CONFIG_DIRS.diff | (download)

src/corelib/io/qsettings.cpp | 94 72 + 22 - 0 !
1 file changed, 72 insertions(+), 22 deletions(-)

 qsettings: add proper support for xdg_config_dirs
 Update fallback mechanism for Q_XDG_PLATFORM based systems to follow the
 Xdg specification.
fix_build_on_x32.diff | (download)

src/platformsupport/eglconvenience/qt_egl_p.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix egl break on debian x32
gcc_6.3.diff | (download)

src/corelib/tools/qalgorithms.h | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 fix build with gcc 6.3 and newer versions
 The builtins clzs and ctzs have been removed. Additionally they were
 never proper internal GCC builtins and shouldn't have been used in a
 constexpr function in the first place. This patch removes the assumption
 that they exist when BMI is available, and let GCC fall back to using
 __builtin_clz and __builtin_ctz.
fix_accessibility_crash.diff | (download)

src/widgets/accessible/itemviews.cpp | 42 7 + 35 - 0 !
src/widgets/accessible/itemviews_p.h | 2 1 + 1 - 0 !
2 files changed, 8 insertions(+), 36 deletions(-)

 use qpersistentmodelindex for storing a model index
 QModelIndex is not safe to be used to store an index as it is designed
 to be discarded right after use as the index information can change.
 .
 Therefore a QPersistentModelIndex should be used instead to store the
 index. Subsequently the m_index does not need to be updated whenever
 the model changes anymore as this is already done for us.
gtkdialogs_wayland.diff | (download)

src/plugins/platformthemes/gtk3/qgtk3dialoghelpers.cpp | 10 6 + 4 - 0 !
1 file changed, 6 insertions(+), 4 deletions(-)

 qgtk3dialog: don't crash on wayland
 Check if it's an X11 window before calling XSetTransientForHint().
 No transient parent will be set for GTK+ dialogs on Wayland. That
 has to be implemented separately.
stop_unloading_plugins.diff | (download)

src/corelib/plugin/qfactoryloader.cpp | 6 4 + 2 - 0 !
src/corelib/plugin/qpluginloader.cpp | 5 3 + 2 - 0 !
2 files changed, 7 insertions(+), 4 deletions(-)

 stop unloading plugins in qpluginloader and qfactoryloader
 QPluginLoader hasn't unloaded in its destructor since Qt 5.0, but we
 missed the equivalent code in QFactoryLoader (which bypasses
 QPluginLoader). Besides, QPluginLoader::unload() was still doing
 unloading, which it won't anymore.
 .
 Not unloading plugins is Qt's policy, as decided during the 5.0
 development process and reaffirmed now in 5.6. This is due to static
 data in plugins leaking out and remaining in use past the unloading of
 the plugin, causing crashes.
 .
 This does not affect QLibrary and QLibrary::unload(). Those are meant
 for non-Qt loadable modules, so unloading them may be safe.
CVE 2018 15518.patch | (download)

src/corelib/xml/qxmlstream_p.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] fix possible heap corruption in qxmlstream

The value of 'tos' at the check might already be on the last element,
so triggering stack expansion on the second last element is too late.

CVE 2018 19870.patch | (download)

src/gui/image/qgifhandler.cpp | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 check for qimage allocation failure in qgifhandler

Since image files easily can be (or corrupt files claim to be) huge,
it is worth checking for out of memory situations.

CVE 2018 19873.patch | (download)

src/gui/image/qbmphandler.cpp | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch] bmp image handler: check for out of range image size

Make the decoder fail early to avoid spending time and memory on
attempting to decode a corrupt image file.

ensure_pixel_density_of_at_least_1.patch | (download)

src/plugins/platforms/windows/qwindowsscreen.cpp | 2 1 + 1 - 0 !
src/plugins/platforms/winrt/qwinrtscreen.cpp | 2 1 + 1 - 0 !
src/plugins/platforms/xcb/qxcbscreen.cpp | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 3 deletions(-)

 ensure a pixel density of at least 1 for qt::aa_enablehighdpiscaling
 Backport needed due to VLC being updated in stable. Not the full original patch,
 as the Qt version in stable does not has the Egl plugin.
 .
 Very large 1080p TVs or any display which is running at an abnormally
 low resolution can have a DPI lower than 48, which means that
 qRound(dpi/96) will result in a 0 pixel density, causing critical
 issues for applications using Qt::AA_EnableHighDpiScaling.
 .
 Make sure that we always have a pixel density of at least 1 to allow
 applications not having to worry about such displays.
no_dbus_dependency.diff | (download)

tests/auto/auto.pro | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 do not fail when d-bus is not available on configure time
 According to comments in https://codereview.qt-project.org/125499, this check
 will be dropped before the final Qt 5.6 release.
 .
 According to comments in https://codereview.qt-project.org/174643, upstream
 have changed their mind since then.
gnukfreebsd.diff | (download)

mkspecs/features/qt_functions.prf | 2 2 + 0 - 0 !
mkspecs/gnukfreebsd-g++/qmake.conf | 54 54 + 0 - 0 !
mkspecs/gnukfreebsd-g++/qplatformdefs.h | 84 84 + 0 - 0 !
3 files changed, 140 insertions(+)

 initial gnu/kfreebsd support
 - add a gnukfreebsd-g++ qmake mkspec, mostly copied from the hurd-g++ one
 - properly use LD_LIBRARY_PATH on GNU/* systems
no_htmlinfo_example.diff | (download)

examples/xml/xml.pro | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 disable htmlinfo example which contains non-free files
remove_privacy_breachs.diff | (download)

doc/global/template/scripts/main.js | 5 0 + 5 - 0 !
1 file changed, 5 deletions(-)

 remove non-used privacy-breach code
 This code makes Lintian unhappy. But we are really not using it, it only
 gets inserted when building the online doc.
 Anyways the best way to calm down Lintian is to simply remove it.
link_fbclient.diff | (download)

config.tests/unix/ibase/ibase.pro | 2 1 + 1 - 0 !
src/sql/drivers/ibase/qsql_ibase.pri | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 build ibase sql plugin against firebird
gnukfreebsd_cloexec.diff | (download)

config.tests/unix/cloexec/cloexec.pro | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 catch linker warnings in cloexec test
armv4.diff | (download)

src/corelib/global/qprocessordetection.h | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 support armv4 architecture, needed for armel builds