up to 5.15.14

diff --git a/CVE-2023-32762-qtbase-5.15.diff b/CVE-2023-32762-qtbase-5.15.diff
deleted file mode 100644 (file)
index f0bc00f..0000000
--- a/CVE-2023-32762-qtbase-5.15.diff
+++ /dev/null
@@ -1,13 +0,0 @@
---- a/src/network/access/qhsts.cpp
-+++ b/src/network/access/qhsts.cpp
-@@ -364,8 +364,8 @@ quoted-pair    = "\" CHAR
- bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers)
- {
-     for (const auto &h : headers) {
--        // We use '==' since header name was already 'trimmed' for us:
--        if (h.first == "Strict-Transport-Security") {
-+        // We compare directly because header name was already 'trimmed' for us:
-+        if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
-             header = h.second;
-             // RFC6797, 8.1:
-             //

diff --git a/CVE-2023-33285-qtbase-5.15.diff b/CVE-2023-33285-qtbase-5.15.diff
deleted file mode 100644 (file)
index ec33777..0000000
--- a/CVE-2023-33285-qtbase-5.15.diff
+++ /dev/null
@@ -1,68 +0,0 @@
---- a/src/network/kernel/qdnslookup_unix.cpp
-+++ b/src/network/kernel/qdnslookup_unix.cpp
-@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
-     // responseLength in case of error, we still can extract the
-     // exact error code from the response.
-     HEADER *header = (HEADER*)response;
--    const int answerCount = ntohs(header->ancount);
-     switch (header->rcode) {
-     case NOERROR:
-         break;
-@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
-         return;
-     }
-
--    // Skip the query host, type (2 bytes) and class (2 bytes).
-     char host[PACKETSZ], answer[PACKETSZ];
-     unsigned char *p = response + sizeof(HEADER);
--    int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
--    if (status < 0) {
-+    int status;
-+
-+    if (ntohs(header->qdcount) == 1) {
-+        // Skip the query host, type (2 bytes) and class (2 bytes).
-+        status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
-+        if (status < 0) {
-+            reply->error = QDnsLookup::InvalidReplyError;
-+            reply->errorString = tr("Could not expand domain name");
-+            return;
-+        }
-+        if ((p - response) + status + 4 >= responseLength)
-+            header->qdcount = 0xffff;   // invalid reply below
-+        else
-+            p += status + 4;
-+    }
-+    if (ntohs(header->qdcount) > 1) {
-         reply->error = QDnsLookup::InvalidReplyError;
--        reply->errorString = tr("Could not expand domain name");
-+        reply->errorString = tr("Invalid reply received");
-         return;
-     }
--    p += status + 4;
-
-     // Extract results.
-+    const int answerCount = ntohs(header->ancount);
-     int answerIndex = 0;
-     while ((p < response + responseLength) && (answerIndex < answerCount)) {
-         status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
-@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
-         const QString name = QUrl::fromAce(host);
-
-         p += status;
-+
-+        if ((p - response) + 10 > responseLength) {
-+            // probably just a truncated reply, return what we have
-+            return;
-+        }
-         const quint16 type = (p[0] << 8) | p[1];
-         p += 2; // RR type
-         p += 2; // RR class
-@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
-         p += 4;
-         const quint16 size = (p[0] << 8) | p[1];
-         p += 2;
-+        if ((p - response) + size > responseLength)
-+            return;             // truncated
-
-         if (type == QDnsLookup::A) {
-             if (size != 4) {

diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index b3b1fd8a922d82e7c7a0ac32640c40317f82ef91..9f34fa12e5fe27737f6a9e5239d49d94d7a08b8f 100644 (file)
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -70,20 +70,18 @@
 Summary:       Qt5 - base components
 Summary(pl.UTF-8):     Biblioteka Qt5 - podstawowe komponenty
 Name:          qt5-%{orgname}
-Version:       5.15.13
+Version:       5.15.14
 Release:       1
 License:       LGPL v3 or GPL v2 or GPL v3 or commercial
 Group:         X11/Libraries
 Source0:       https://download.qt.io/official_releases/qt/5.15/%{version}/submodules/%{orgname}-everywhere-opensource-src-%{version}.tar.xz
-# Source0-md5: 119446a119bea7640314067775f27802
+# Source0-md5: 2e207979cea96dac37bdd784db31b51b
 Source1:       https://download.qt.io/official_releases/qt/5.15/%{version}/submodules/qttranslations-everywhere-opensource-src-%{version}.tar.xz
-# Source1-md5: a7fe34c317fbba74a9f97c36679fec47
+# Source1-md5: 6f4f2fdf3466f8bc97a074258f124c13
 Patch0:                %{name}-system_cacerts.patch
 Patch1:                parallel-install.patch
 Patch2:                egl-x11.patch
 Patch3:                CVE-2023-32763-qtbase-5.15.diff
-Patch4:                CVE-2023-32762-qtbase-5.15.diff
-Patch5:                CVE-2023-33285-qtbase-5.15.diff
 Patch6:                CVE-2023-34410-qtbase-5.15.diff
 Patch7:                CVE-2023-37369-qtbase-5.15.diff
 Patch8:                CVE-2023-38197-qtbase-5.15.diff
@@ -1185,8 +1183,6 @@ Generator plików makefile dla aplikacji Qt5.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
-%patch4 -p1
-%patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1