From afa40266fde79ca2119b271a34ed14d1862fc138 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= Date: Mon, 1 Aug 2022 15:09:37 +0200 Subject: [PATCH 01/16] Rebuilt for ICU 71.1 --- qt6-qtbase.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index 3ed8430..89202e1 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -39,7 +39,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt6-qtbase Summary: Qt6 - QtBase components Version: 6.3.1 -Release: 3%{?dist} +Release: 4%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -836,6 +836,9 @@ make check -k ||: %changelog +* Mon Aug 01 2022 Frantisek Zatloukal - 6.3.1-4 +- Rebuilt for ICU 71.1 + * Fri Jul 29 2022 Jan Grulich - 6.3.1-3 - Fix moc location in pkgconfig file Resolves: bz#2112029 From 752eade0a7834e0a540db39152d301e7a505c7a3 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Mon, 31 Oct 2022 11:09:07 +0100 Subject: [PATCH 02/16] 6.4.0 --- .gitignore | 1 + qt6-qtbase.spec | 14 ++++++++------ sources | 2 +- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index ef57410..e413ae6 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ /qtbase-everywhere-src-6.2.3.tar.xz /qtbase-everywhere-src-6.3.0.tar.xz /qtbase-everywhere-src-6.3.1.tar.xz +/qtbase-everywhere-src-6.4.0.tar.xz diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index 89202e1..9f911b9 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -38,8 +38,8 @@ BuildRequires: pkgconfig(libsystemd) Name: qt6-qtbase Summary: Qt6 - QtBase components -Version: 6.3.1 -Release: 4%{?dist} +Version: 6.4.0 +Release: 1%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -423,7 +423,7 @@ translationdir=%{_qt6_translationdir} Name: Qt6 Description: Qt6 Configuration -Version: 6.3.1 +Version: 6.4.0 EOF # rpm macros @@ -508,9 +508,8 @@ make check -k ||: %ldconfig_scriptlets %files -%license LICENSE.FDL -%license LICENSE.GPL* -%license LICENSE.LGPL* +%license LICENSES/GPL* +%license LICENSES/LGPL* %dir %{_sysconfdir}/xdg/QtProject/ %{_qt6_libdir}/libQt6Concurrent.so.6* %{_qt6_libdir}/libQt6Core.so.6* @@ -836,6 +835,9 @@ make check -k ||: %changelog +* Mon Oct 31 2022 Jan Grulich - 6.4.0-1 +- 6.4.0 + * Mon Aug 01 2022 Frantisek Zatloukal - 6.3.1-4 - Rebuilt for ICU 71.1 diff --git a/sources b/sources index 75caf03..370cfd4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (qtbase-everywhere-src-6.3.1.tar.xz) = 5c4304dc1f5fa80201b61c9c8dbf4c3449506a243ea1f87e336dc3641a37b9d40c2aa4a93190cc69ddde0f349c74e327c35de5f46de888ddfd49616903e8a7b5 +SHA512 (qtbase-everywhere-src-6.4.0.tar.xz) = 7c9430da115529fa5697d134bf53d185259de23529d6db17398d91d48a0b7a95acd1fbe55189a2d2b3a2ecdafb27065ea99f29f7022110c95a45d6c04ebf46a3 From 9ef11a90cc3264ad8218d2192e6c89595ec1b2cc Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Wed, 23 Nov 2022 11:10:51 +0100 Subject: [PATCH 03/16] 6.4.1 --- .gitignore | 1 + qt6-qtbase.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index e413ae6..3ee3f7e 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ /qtbase-everywhere-src-6.3.0.tar.xz /qtbase-everywhere-src-6.3.1.tar.xz /qtbase-everywhere-src-6.4.0.tar.xz +/qtbase-everywhere-src-6.4.1.tar.xz diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index 9f911b9..c303bdf 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -38,7 +38,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt6-qtbase Summary: Qt6 - QtBase components -Version: 6.4.0 +Version: 6.4.1 Release: 1%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details @@ -423,7 +423,7 @@ translationdir=%{_qt6_translationdir} Name: Qt6 Description: Qt6 Configuration -Version: 6.4.0 +Version: 6.4.1 EOF # rpm macros @@ -835,6 +835,9 @@ make check -k ||: %changelog +* Wed Nov 23 2022 Jan Grulich - 6.4.1-1 +- 6.4.1 + * Mon Oct 31 2022 Jan Grulich - 6.4.0-1 - 6.4.0 diff --git a/sources b/sources index 370cfd4..36f96af 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (qtbase-everywhere-src-6.4.0.tar.xz) = 7c9430da115529fa5697d134bf53d185259de23529d6db17398d91d48a0b7a95acd1fbe55189a2d2b3a2ecdafb27065ea99f29f7022110c95a45d6c04ebf46a3 +SHA512 (qtbase-everywhere-src-6.4.1.tar.xz) = d5c85a8b05dd32912e213b1c51c928e6bde0ac64cdef1649419f02522604988add9d8e45baa770f53790b5477e6e43e4e66e69db7f2e0c1081a48cfa4052b4af From 3614026fd3fdab94994a7767be7da65027f4cd42 Mon Sep 17 00:00:00 2001 From: Pavel Raiskup Date: Wed, 30 Nov 2022 15:21:46 +0100 Subject: [PATCH 04/16] Rebuild for PostgreSQL 15, without "server" dependency This drops the generated dependancy on "private" libpq library: can't install qt6-qtbase-postgresql: - nothing provides libpq.so.private14-5()(64bit) needed by qt6-qtbase-postgresql-6.4.1-1.fc38.x86_64 Resolves: rhbz#2149924 --- qt6-qtbase.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index c303bdf..c16e3f9 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -39,7 +39,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt6-qtbase Summary: Qt6 - QtBase components Version: 6.4.1 -Release: 1%{?dist} +Release: 2%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -285,7 +285,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release} %package postgresql Summary: PostgreSQL driver for Qt6's SQL classes -BuildRequires: postgresql-server-devel +BuildRequires: libpq-devel Requires: %{name}%{?_isa} = %{version}-%{release} %description postgresql %{summary}. @@ -835,6 +835,9 @@ make check -k ||: %changelog +* Wed Nov 30 2022 Pavel Raiskup - 6.4.1-2 +- rebuild for the new PostgreSQL 15 + * Wed Nov 23 2022 Jan Grulich - 6.4.1-1 - 6.4.1 From a6edf5db6b3dad9717b4d8e9abdbf7ef5104b03a Mon Sep 17 00:00:00 2001 From: Pete Walter Date: Sat, 31 Dec 2022 03:17:39 +0000 Subject: [PATCH 05/16] Rebuild for ICU 72 --- qt6-qtbase.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index c16e3f9..92ed15f 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -39,7 +39,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt6-qtbase Summary: Qt6 - QtBase components Version: 6.4.1 -Release: 2%{?dist} +Release: 3%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -835,6 +835,9 @@ make check -k ||: %changelog +* Sat Dec 31 2022 Pete Walter - 6.4.1-3 +- Rebuild for ICU 72 + * Wed Nov 30 2022 Pavel Raiskup - 6.4.1-2 - rebuild for the new PostgreSQL 15 From 2dae87e6867d365bf5c58c35f1df2f74d92f70ab Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Mon, 2 Jan 2023 11:17:22 +0100 Subject: [PATCH 06/16] Make -devel package to require database plugins --- qt6-qtbase.spec | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index 92ed15f..81a8253 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -39,7 +39,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt6-qtbase Summary: Qt6 - QtBase components Version: 6.4.1 -Release: 3%{?dist} +Release: 4%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -226,6 +226,15 @@ Requires: qt6-rpm-macros %if 0%{?use_clang} Requires: clang >= 3.7.0 %endif +%if 0%{?no_ibase} == 0 +Requires: %{name}-ibase%{?_isa} = %{version}-%{release} +%endif +Requires: %{name}-mysql%{?_isa} = %{version}-%{release} +Requires: %{name}-odbc%{?_isa} = %{version}-%{release} +Requires: %{name}-postgresql%{?_isa} = %{version}-%{release} +%if 0%{?no_tds} == 0 +Requires: %{name}-tds%{?_isa} = %{version}-%{release} +%endif %description devel %{summary}. @@ -835,6 +844,9 @@ make check -k ||: %changelog +* Mon Jan 02 2023 Jan Grulich - 6.4.1-4 +- Make -devel package to require database plugins + * Sat Dec 31 2022 Pete Walter - 6.4.1-3 - Rebuild for ICU 72 From 84d07983480145cf062b6b2430ec65285fe102cb Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Mon, 16 Jan 2023 13:26:16 +0100 Subject: [PATCH 07/16] 6.4.2 --- qt6-qtbase.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index 81a8253..5e02b0c 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -38,8 +38,8 @@ BuildRequires: pkgconfig(libsystemd) Name: qt6-qtbase Summary: Qt6 - QtBase components -Version: 6.4.1 -Release: 4%{?dist} +Version: 6.4.2 +Release: 1%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -432,7 +432,7 @@ translationdir=%{_qt6_translationdir} Name: Qt6 Description: Qt6 Configuration -Version: 6.4.1 +Version: 6.4.2 EOF # rpm macros @@ -844,6 +844,9 @@ make check -k ||: %changelog +* Mon Jan 16 2023 Jan Grulich - 6.4.2-1 +- 6.4.2 + * Mon Jan 02 2023 Jan Grulich - 6.4.1-4 - Make -devel package to require database plugins From 8bec765f63a0d1d3c8cf1b2f29f76b8b06975521 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Mon, 16 Jan 2023 13:59:58 +0100 Subject: [PATCH 08/16] Update sources --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 3ee3f7e..4112483 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ /qtbase-everywhere-src-6.3.1.tar.xz /qtbase-everywhere-src-6.4.0.tar.xz /qtbase-everywhere-src-6.4.1.tar.xz +/qtbase-everywhere-src-6.4.2.tar.xz diff --git a/sources b/sources index 36f96af..d3cb64a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (qtbase-everywhere-src-6.4.1.tar.xz) = d5c85a8b05dd32912e213b1c51c928e6bde0ac64cdef1649419f02522604988add9d8e45baa770f53790b5477e6e43e4e66e69db7f2e0c1081a48cfa4052b4af +SHA512 (qtbase-everywhere-src-6.4.2.tar.xz) = b00cce7bfc29d3a34c9a2f08db147c4bfd962e178916d60033e1845b25eaeaa4fbd42f5c1d7e39453ddb412a4e91c22c8eae52745eda8a47e35a691054d5496e From f94edcc9d745d57c7d81acec7490cbe2dbd677be Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 20 Jan 2023 19:09:58 +0000 Subject: [PATCH 09/16] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- qt6-qtbase.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index 5e02b0c..0380e11 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -39,7 +39,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt6-qtbase Summary: Qt6 - QtBase components Version: 6.4.2 -Release: 1%{?dist} +Release: 2%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -844,6 +844,9 @@ make check -k ||: %changelog +* Fri Jan 20 2023 Fedora Release Engineering - 6.4.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Mon Jan 16 2023 Jan Grulich - 6.4.2-1 - 6.4.2 From 43952a81efdd45a2df0b0927d27a45d9dcafc629 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Tue, 31 Jan 2023 14:59:36 +0100 Subject: [PATCH 10/16] migrated to SPDX license --- qt6-qtbase.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index 0380e11..8eb9e78 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -39,10 +39,9 @@ BuildRequires: pkgconfig(libsystemd) Name: qt6-qtbase Summary: Qt6 - QtBase components Version: 6.4.2 -Release: 2%{?dist} +Release: 3%{?dist} -# See LGPL_EXCEPTIONS.txt, for exception details -License: LGPLv2 with exceptions or GPLv3 with exceptions +License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0 Url: http://qt-project.org/ %global majmin %(echo %{version} | cut -d. -f1-2) %global qt_version %(echo %{version} | cut -d~ -f1) @@ -844,6 +843,9 @@ make check -k ||: %changelog +* Tue Jan 31 2023 Jan Grulich - 6.4.2-3 +- migrated to SPDX license + * Fri Jan 20 2023 Fedora Release Engineering - 6.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From f30f363ff03e1ae8cb247b3996541e497b084100 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Wed, 8 Feb 2023 13:45:43 +0100 Subject: [PATCH 11/16] Fix possible DOS involving the Qt SQL ODBC driver plugin CVE-2023-24607 --- CVE-2023-24607-qtbase-6.4.patch | 334 ++++++++++++++++++++++++++++++++ qt6-qtbase.spec | 8 +- 2 files changed, 340 insertions(+), 2 deletions(-) create mode 100644 CVE-2023-24607-qtbase-6.4.patch diff --git a/CVE-2023-24607-qtbase-6.4.patch b/CVE-2023-24607-qtbase-6.4.patch new file mode 100644 index 0000000..cd9cdf2 --- /dev/null +++ b/CVE-2023-24607-qtbase-6.4.patch @@ -0,0 +1,334 @@ +--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp ++++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +@@ -58,23 +58,39 @@ inline static QString fromSQLTCHAR(const QVarLengthArray& input, qsize + return result; + } + ++template ++void toSQLTCHARImpl(QVarLengthArray &result, const QString &input); // primary template undefined ++ ++template ++void do_append(QVarLengthArray &result, const Container &c) ++{ ++ result.append(reinterpret_cast(c.data()), c.size()); ++} ++ ++template <> ++void toSQLTCHARImpl<1>(QVarLengthArray &result, const QString &input) ++{ ++ const auto u8 = input.toUtf8(); ++ do_append(result, u8); ++} ++ ++template <> ++void toSQLTCHARImpl<2>(QVarLengthArray &result, const QString &input) ++{ ++ do_append(result, input); ++} ++ ++template <> ++void toSQLTCHARImpl<4>(QVarLengthArray &result, const QString &input) ++{ ++ const auto u32 = input.toUcs4(); ++ do_append(result, u32); ++} ++ + inline static QVarLengthArray toSQLTCHAR(const QString &input) + { + QVarLengthArray result; +- result.resize(input.size()); +- switch(sizeof(SQLTCHAR)) { +- case 1: +- memcpy(result.data(), input.toUtf8().data(), input.size()); +- break; +- case 2: +- memcpy(result.data(), input.unicode(), input.size() * 2); +- break; +- case 4: +- memcpy(result.data(), input.toUcs4().data(), input.size() * 4); +- break; +- default: +- qCritical("sizeof(SQLTCHAR) is %d. Don't know how to handle this.", int(sizeof(SQLTCHAR))); +- } ++ toSQLTCHARImpl(result, input); + result.append(0); // make sure it's null terminated, doesn't matter if it already is, it does if it isn't. + return result; + } + +--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp ++++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +@@ -1740,10 +1740,11 @@ bool QODBCResult::exec() + case QMetaType::QString: + if (d->unicode) { + if (bindValueType(i) & QSql::Out) { +- const QByteArray &first = tmpStorage.at(i); +- QVarLengthArray array; +- array.append((const SQLTCHAR *)first.constData(), first.size()); +- values[i] = fromSQLTCHAR(array, first.size()/sizeof(SQLTCHAR)); ++ const QByteArray &bytes = tmpStorage.at(i); ++ const auto strSize = bytes.size() / sizeof(SQLTCHAR); ++ QVarLengthArray string(strSize); ++ memcpy(string.data(), bytes.data(), strSize * sizeof(SQLTCHAR)); ++ values[i] = fromSQLTCHAR(string); + } + break; + } + + +--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp ++++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +@@ -745,6 +745,14 @@ QChar QODBCDriverPrivate::quoteChar() + return quote; + } + ++static SQLRETURN qt_string_SQLSetConnectAttr(SQLHDBC handle, SQLINTEGER attr, const QString &val) ++{ ++ auto encoded = toSQLTCHAR(val); ++ return SQLSetConnectAttr(handle, attr, ++ encoded.data(), ++ SQLINTEGER(encoded.size() * sizeof(SQLTCHAR))); // size in bytes ++} ++ + + bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) + { +@@ -780,10 +788,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) + v = val.toUInt(); + r = SQLSetConnectAttr(hDbc, SQL_ATTR_LOGIN_TIMEOUT, (SQLPOINTER) size_t(v), 0); + } else if (opt.toUpper() == "SQL_ATTR_CURRENT_CATALOG"_L1) { +- val.utf16(); // 0 terminate +- r = SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG, +- toSQLTCHAR(val).data(), +- SQLINTEGER(val.length() * sizeof(SQLTCHAR))); ++ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG, val); + } else if (opt.toUpper() == "SQL_ATTR_METADATA_ID"_L1) { + if (val.toUpper() == "SQL_TRUE"_L1) { + v = SQL_TRUE; +@@ -798,10 +803,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) + v = val.toUInt(); + r = SQLSetConnectAttr(hDbc, SQL_ATTR_PACKET_SIZE, (SQLPOINTER) size_t(v), 0); + } else if (opt.toUpper() == "SQL_ATTR_TRACEFILE"_L1) { +- val.utf16(); // 0 terminate +- r = SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, +- toSQLTCHAR(val).data(), +- SQLINTEGER(val.length() * sizeof(SQLTCHAR))); ++ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, val); + } else if (opt.toUpper() == "SQL_ATTR_TRACE"_L1) { + if (val.toUpper() == "SQL_OPT_TRACE_OFF"_L1) { + v = SQL_OPT_TRACE_OFF; +@@ -1004,9 +1006,12 @@ bool QODBCResult::reset (const QString& query) + return false; + } + +- r = SQLExecDirect(d->hStmt, +- toSQLTCHAR(query).data(), +- (SQLINTEGER) query.length()); ++ { ++ auto encoded = toSQLTCHAR(query); ++ r = SQLExecDirect(d->hStmt, ++ encoded.data(), ++ SQLINTEGER(encoded.size())); ++ } + if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO && r!= SQL_NO_DATA) { + setLastError(qMakeError(QCoreApplication::translate("QODBCResult", + "Unable to execute statement"), QSqlError::StatementError, d)); +@@ -1355,9 +1360,12 @@ bool QODBCResult::prepare(const QString& query) + return false; + } + +- r = SQLPrepare(d->hStmt, +- toSQLTCHAR(query).data(), +- (SQLINTEGER) query.length()); ++ { ++ auto encoded = toSQLTCHAR(query); ++ r = SQLPrepare(d->hStmt, ++ encoded.data(), ++ SQLINTEGER(encoded.size())); ++ } + + if (r != SQL_SUCCESS) { + setLastError(qMakeError(QCoreApplication::translate("QODBCResult", +@@ -1385,7 +1393,7 @@ bool QODBCResult::exec() + SQLCloseCursor(d->hStmt); + + QVariantList &values = boundValues(); +- QByteArrayList tmpStorage(values.count(), QByteArray()); // holds temporary buffers ++ QByteArrayList tmpStorage(values.count(), QByteArray()); // targets for SQLBindParameter() + QVarLengthArray indicators(values.count()); + memset(indicators.data(), 0, indicators.size() * sizeof(SQLLEN)); + +@@ -1600,36 +1608,36 @@ bool QODBCResult::exec() + case QMetaType::QString: + if (d->unicode) { + QByteArray &ba = tmpStorage[i]; +- QString str = val.toString(); ++ { ++ const auto encoded = toSQLTCHAR(val.toString()); ++ ba = QByteArray(reinterpret_cast(encoded.data()), ++ encoded.size() * sizeof(SQLTCHAR)); ++ } ++ + if (*ind != SQL_NULL_DATA) +- *ind = str.length() * sizeof(SQLTCHAR); +- const qsizetype strSize = str.length() * sizeof(SQLTCHAR); ++ *ind = ba.size(); + + if (bindValueType(i) & QSql::Out) { +- const QVarLengthArray a(toSQLTCHAR(str)); +- ba = QByteArray((const char *)a.constData(), int(a.size() * sizeof(SQLTCHAR))); + r = SQLBindParameter(d->hStmt, + i + 1, + qParamType[bindValueType(i) & QSql::InOut], + SQL_C_TCHAR, +- strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, ++ ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, + 0, // god knows... don't change this! + 0, +- ba.data(), ++ const_cast(ba.constData()), // don't detach + ba.size(), + ind); + break; + } +- ba = QByteArray(reinterpret_cast(toSQLTCHAR(str).constData()), +- int(strSize)); + r = SQLBindParameter(d->hStmt, + i + 1, + qParamType[bindValueType(i) & QSql::InOut], + SQL_C_TCHAR, +- strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, +- strSize, ++ ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, ++ ba.size(), + 0, +- const_cast(ba.constData()), ++ const_cast(ba.constData()), // don't detach + ba.size(), + ind); + break; +@@ -1991,14 +1999,16 @@ bool QODBCDriver::open(const QString & db, + SQLSMALLINT cb; + QVarLengthArray connOut(1024); + memset(connOut.data(), 0, connOut.size() * sizeof(SQLTCHAR)); +- r = SQLDriverConnect(d->hDbc, +- NULL, +- toSQLTCHAR(connQStr).data(), +- (SQLSMALLINT)connQStr.length(), +- connOut.data(), +- 1024, +- &cb, +- /*SQL_DRIVER_NOPROMPT*/0); ++ { ++ auto encoded = toSQLTCHAR(connQStr); ++ r = SQLDriverConnect(d->hDbc, ++ nullptr, ++ encoded.data(), SQLSMALLINT(encoded.size()), ++ connOut.data(), ++ 1024, ++ &cb, ++ /*SQL_DRIVER_NOPROMPT*/0); ++ } + + if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO) { + setLastError(qMakeError(tr("Unable to connect"), QSqlError::ConnectionError, d)); +@@ -2377,17 +2387,15 @@ QStringList QODBCDriver::tables(QSql::TableType type) const + if (tableType.isEmpty()) + return tl; + +- QString joinedTableTypeString = tableType.join(u','); ++ { ++ auto joinedTableTypeString = toSQLTCHAR(tableType.join(u',')); + +- r = SQLTables(hStmt, +- NULL, +- 0, +- NULL, +- 0, +- NULL, +- 0, +- toSQLTCHAR(joinedTableTypeString).data(), +- joinedTableTypeString.length() /* characters, not bytes */); ++ r = SQLTables(hStmt, ++ nullptr, 0, ++ nullptr, 0, ++ nullptr, 0, ++ joinedTableTypeString.data(), joinedTableTypeString.size()); ++ } + + if (r != SQL_SUCCESS) + qSqlWarning("QODBCDriver::tables Unable to execute table list"_L1, d); +@@ -2460,28 +2468,30 @@ QSqlIndex QODBCDriver::primaryIndex(const QString& tablename) const + SQL_ATTR_CURSOR_TYPE, + (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, + SQL_IS_UINTEGER); +- r = SQLPrimaryKeys(hStmt, +- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), +- catalog.length(), +- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), +- schema.length(), +- toSQLTCHAR(table).data(), +- table.length() /* in characters, not in bytes */); ++ { ++ auto c = toSQLTCHAR(catalog); ++ auto s = toSQLTCHAR(schema); ++ auto t = toSQLTCHAR(table); ++ r = SQLPrimaryKeys(hStmt, ++ catalog.isEmpty() ? nullptr : c.data(), c.size(), ++ schema.isEmpty() ? nullptr : s.data(), s.size(), ++ t.data(), t.size()); ++ } + + // if the SQLPrimaryKeys() call does not succeed (e.g the driver + // does not support it) - try an alternative method to get hold of + // the primary index (e.g MS Access and FoxPro) + if (r != SQL_SUCCESS) { +- r = SQLSpecialColumns(hStmt, +- SQL_BEST_ROWID, +- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), +- catalog.length(), +- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), +- schema.length(), +- toSQLTCHAR(table).data(), +- table.length(), +- SQL_SCOPE_CURROW, +- SQL_NULLABLE); ++ auto c = toSQLTCHAR(catalog); ++ auto s = toSQLTCHAR(schema); ++ auto t = toSQLTCHAR(table); ++ r = SQLSpecialColumns(hStmt, ++ SQL_BEST_ROWID, ++ catalog.isEmpty() ? nullptr : c.data(), c.size(), ++ schema.isEmpty() ? nullptr : s.data(), s.size(), ++ t.data(), t.size(), ++ SQL_SCOPE_CURROW, ++ SQL_NULLABLE); + + if (r != SQL_SUCCESS) { + qSqlWarning("QODBCDriver::primaryIndex: Unable to execute primary key list"_L1, d); +@@ -2562,15 +2572,17 @@ QSqlRecord QODBCDriver::record(const QString& tablename) const + SQL_ATTR_CURSOR_TYPE, + (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, + SQL_IS_UINTEGER); +- r = SQLColumns(hStmt, +- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), +- catalog.length(), +- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), +- schema.length(), +- toSQLTCHAR(table).data(), +- table.length(), +- NULL, +- 0); ++ { ++ auto c = toSQLTCHAR(catalog); ++ auto s = toSQLTCHAR(schema); ++ auto t = toSQLTCHAR(table); ++ r = SQLColumns(hStmt, ++ catalog.isEmpty() ? nullptr : c.data(), c.size(), ++ schema.isEmpty() ? nullptr : s.data(), s.size(), ++ t.data(), t.size(), ++ nullptr, ++ 0); ++ } + if (r != SQL_SUCCESS) + qSqlWarning("QODBCDriver::record: Unable to execute column list"_L1, d); + diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index 8eb9e78..62723a4 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -39,7 +39,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt6-qtbase Summary: Qt6 - QtBase components Version: 6.4.2 -Release: 3%{?dist} +Release: 4%{?dist} License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0 Url: http://qt-project.org/ @@ -98,7 +98,7 @@ Patch58: qtbase-libglvnd.patch Patch90: qtbase-gcc11.patch ## upstream patches - +Patch100: CVE-2023-24607-qtbase-6.4.patch # Do not check any files in %%{_qt6_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are @@ -843,6 +843,10 @@ make check -k ||: %changelog +* Wed Feb 08 2023 Jan Grulich - 6.4.2-4 +- Fix possible DOS involving the Qt SQL ODBC driver plugin + CVE-2023-24607 + * Tue Jan 31 2023 Jan Grulich - 6.4.2-3 - migrated to SPDX license From b5b7a896a364433f78f81e050ff1ffd503b3c8ec Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Sun, 5 Mar 2023 09:56:44 +0100 Subject: [PATCH 12/16] Use QGnomePlatform as default platform theme on GNOME Resolves: bz#2174905 --- qt6-qtbase.spec | 5 +++++ ...platform-as-default-platform-theme-on-gnome.patch | 12 ++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 qtbase-use-qgnomeplatform-as-default-platform-theme-on-gnome.patch diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index 62723a4..56b73c1 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -71,6 +71,7 @@ Source10: macros.qt6-qtbase # downside: binaries produced with these differently-versioned symbols are no longer # compatible with qt-project.org's Qt binary releases. Patch1: qtbase-tell-truth-about-private-api.patch +Patch2: qtbase-use-qgnomeplatform-as-default-platform-theme-on-gnome.patch # upstreamable patches # namespace QT_VERSION_CHECK to workaround major/minor being pre-defined (#1396755) @@ -843,6 +844,10 @@ make check -k ||: %changelog +* Sun Mar 05 2023 Jan grulich - 6.4.2-5 +- Use QGnomePlatform as default platform theme on GNOME + Resolves: bz#2174905 + * Wed Feb 08 2023 Jan Grulich - 6.4.2-4 - Fix possible DOS involving the Qt SQL ODBC driver plugin CVE-2023-24607 diff --git a/qtbase-use-qgnomeplatform-as-default-platform-theme-on-gnome.patch b/qtbase-use-qgnomeplatform-as-default-platform-theme-on-gnome.patch new file mode 100644 index 0000000..82461d5 --- /dev/null +++ b/qtbase-use-qgnomeplatform-as-default-platform-theme-on-gnome.patch @@ -0,0 +1,12 @@ +diff --git a/src/gui/platform/unix/qgenericunixthemes.cpp b/src/gui/platform/unix/qgenericunixthemes.cpp +index 1efd759b..d0129f73 100644 +--- a/src/gui/platform/unix/qgenericunixthemes.cpp ++++ b/src/gui/platform/unix/qgenericunixthemes.cpp +@@ -977,6 +977,7 @@ QStringList QGenericUnixTheme::themeNames() + result.push_back(QLatin1StringView(QKdeTheme::name)); + #endif + } else if (gtkBasedEnvironments.contains(desktopName)) { ++ result.push_back(QStringLiteral("qgnomeplatform")); + // prefer the GTK3 theme implementation with native dialogs etc. + result.push_back(QStringLiteral("gtk3")); + // fallback to the generic Gnome theme if loading the GTK3 theme fails From 7d3e08b1e7d1802ec521ad6efcbec2cbace8e7b5 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Sun, 5 Mar 2023 10:01:23 +0100 Subject: [PATCH 13/16] Bump build --- qt6-qtbase.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index 56b73c1..d9cbeff 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -39,7 +39,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt6-qtbase Summary: Qt6 - QtBase components Version: 6.4.2 -Release: 4%{?dist} +Release: 5%{?dist} License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0 Url: http://qt-project.org/ From 363b5428f271a8a20b3fbc52884cdccd8a7868f3 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Thu, 23 Mar 2023 09:13:06 +0100 Subject: [PATCH 14/16] 6.4.3 --- .gitignore | 1 + qt6-qtbase.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 4112483..b90940e 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ /qtbase-everywhere-src-6.4.0.tar.xz /qtbase-everywhere-src-6.4.1.tar.xz /qtbase-everywhere-src-6.4.2.tar.xz +/qtbase-everywhere-src-6.4.3.tar.xz diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index d9cbeff..ca48077 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -38,8 +38,8 @@ BuildRequires: pkgconfig(libsystemd) Name: qt6-qtbase Summary: Qt6 - QtBase components -Version: 6.4.2 -Release: 5%{?dist} +Version: 6.4.3 +Release: 1%{?dist} License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0 Url: http://qt-project.org/ @@ -432,7 +432,7 @@ translationdir=%{_qt6_translationdir} Name: Qt6 Description: Qt6 Configuration -Version: 6.4.2 +Version: 6.4.3 EOF # rpm macros @@ -844,6 +844,9 @@ make check -k ||: %changelog +* Thu Mar 23 2023 Jan Grulich - 6.4.3-1 +- 6.4.3 + * Sun Mar 05 2023 Jan grulich - 6.4.2-5 - Use QGnomePlatform as default platform theme on GNOME Resolves: bz#2174905 diff --git a/sources b/sources index d3cb64a..4888dc5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (qtbase-everywhere-src-6.4.2.tar.xz) = b00cce7bfc29d3a34c9a2f08db147c4bfd962e178916d60033e1845b25eaeaa4fbd42f5c1d7e39453ddb412a4e91c22c8eae52745eda8a47e35a691054d5496e +SHA512 (qtbase-everywhere-src-6.4.3.tar.xz) = a2d0779ba7ee8b8b78f5dc8db06177d04d50463fea7cad0b7785721acfc33dbbbaa1a7bfc052edb90ba1d11b488c30004daa43b6924a97126b9b8f82ad1a7f43 From 9b51c9bf9ccdbd2c82f228fc880d881e1886cb3b Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Thu, 23 Mar 2023 09:32:50 +0100 Subject: [PATCH 15/16] Drop already upstreamed patch --- CVE-2023-24607-qtbase-6.4.patch | 334 -------------------------------- qt6-qtbase.spec | 1 - 2 files changed, 335 deletions(-) delete mode 100644 CVE-2023-24607-qtbase-6.4.patch diff --git a/CVE-2023-24607-qtbase-6.4.patch b/CVE-2023-24607-qtbase-6.4.patch deleted file mode 100644 index cd9cdf2..0000000 --- a/CVE-2023-24607-qtbase-6.4.patch +++ /dev/null @@ -1,334 +0,0 @@ ---- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp -+++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp -@@ -58,23 +58,39 @@ inline static QString fromSQLTCHAR(const QVarLengthArray& input, qsize - return result; - } - -+template -+void toSQLTCHARImpl(QVarLengthArray &result, const QString &input); // primary template undefined -+ -+template -+void do_append(QVarLengthArray &result, const Container &c) -+{ -+ result.append(reinterpret_cast(c.data()), c.size()); -+} -+ -+template <> -+void toSQLTCHARImpl<1>(QVarLengthArray &result, const QString &input) -+{ -+ const auto u8 = input.toUtf8(); -+ do_append(result, u8); -+} -+ -+template <> -+void toSQLTCHARImpl<2>(QVarLengthArray &result, const QString &input) -+{ -+ do_append(result, input); -+} -+ -+template <> -+void toSQLTCHARImpl<4>(QVarLengthArray &result, const QString &input) -+{ -+ const auto u32 = input.toUcs4(); -+ do_append(result, u32); -+} -+ - inline static QVarLengthArray toSQLTCHAR(const QString &input) - { - QVarLengthArray result; -- result.resize(input.size()); -- switch(sizeof(SQLTCHAR)) { -- case 1: -- memcpy(result.data(), input.toUtf8().data(), input.size()); -- break; -- case 2: -- memcpy(result.data(), input.unicode(), input.size() * 2); -- break; -- case 4: -- memcpy(result.data(), input.toUcs4().data(), input.size() * 4); -- break; -- default: -- qCritical("sizeof(SQLTCHAR) is %d. Don't know how to handle this.", int(sizeof(SQLTCHAR))); -- } -+ toSQLTCHARImpl(result, input); - result.append(0); // make sure it's null terminated, doesn't matter if it already is, it does if it isn't. - return result; - } - ---- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp -+++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp -@@ -1740,10 +1740,11 @@ bool QODBCResult::exec() - case QMetaType::QString: - if (d->unicode) { - if (bindValueType(i) & QSql::Out) { -- const QByteArray &first = tmpStorage.at(i); -- QVarLengthArray array; -- array.append((const SQLTCHAR *)first.constData(), first.size()); -- values[i] = fromSQLTCHAR(array, first.size()/sizeof(SQLTCHAR)); -+ const QByteArray &bytes = tmpStorage.at(i); -+ const auto strSize = bytes.size() / sizeof(SQLTCHAR); -+ QVarLengthArray string(strSize); -+ memcpy(string.data(), bytes.data(), strSize * sizeof(SQLTCHAR)); -+ values[i] = fromSQLTCHAR(string); - } - break; - } - - ---- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp -+++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp -@@ -745,6 +745,14 @@ QChar QODBCDriverPrivate::quoteChar() - return quote; - } - -+static SQLRETURN qt_string_SQLSetConnectAttr(SQLHDBC handle, SQLINTEGER attr, const QString &val) -+{ -+ auto encoded = toSQLTCHAR(val); -+ return SQLSetConnectAttr(handle, attr, -+ encoded.data(), -+ SQLINTEGER(encoded.size() * sizeof(SQLTCHAR))); // size in bytes -+} -+ - - bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) - { -@@ -780,10 +788,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) - v = val.toUInt(); - r = SQLSetConnectAttr(hDbc, SQL_ATTR_LOGIN_TIMEOUT, (SQLPOINTER) size_t(v), 0); - } else if (opt.toUpper() == "SQL_ATTR_CURRENT_CATALOG"_L1) { -- val.utf16(); // 0 terminate -- r = SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG, -- toSQLTCHAR(val).data(), -- SQLINTEGER(val.length() * sizeof(SQLTCHAR))); -+ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG, val); - } else if (opt.toUpper() == "SQL_ATTR_METADATA_ID"_L1) { - if (val.toUpper() == "SQL_TRUE"_L1) { - v = SQL_TRUE; -@@ -798,10 +803,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) - v = val.toUInt(); - r = SQLSetConnectAttr(hDbc, SQL_ATTR_PACKET_SIZE, (SQLPOINTER) size_t(v), 0); - } else if (opt.toUpper() == "SQL_ATTR_TRACEFILE"_L1) { -- val.utf16(); // 0 terminate -- r = SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, -- toSQLTCHAR(val).data(), -- SQLINTEGER(val.length() * sizeof(SQLTCHAR))); -+ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, val); - } else if (opt.toUpper() == "SQL_ATTR_TRACE"_L1) { - if (val.toUpper() == "SQL_OPT_TRACE_OFF"_L1) { - v = SQL_OPT_TRACE_OFF; -@@ -1004,9 +1006,12 @@ bool QODBCResult::reset (const QString& query) - return false; - } - -- r = SQLExecDirect(d->hStmt, -- toSQLTCHAR(query).data(), -- (SQLINTEGER) query.length()); -+ { -+ auto encoded = toSQLTCHAR(query); -+ r = SQLExecDirect(d->hStmt, -+ encoded.data(), -+ SQLINTEGER(encoded.size())); -+ } - if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO && r!= SQL_NO_DATA) { - setLastError(qMakeError(QCoreApplication::translate("QODBCResult", - "Unable to execute statement"), QSqlError::StatementError, d)); -@@ -1355,9 +1360,12 @@ bool QODBCResult::prepare(const QString& query) - return false; - } - -- r = SQLPrepare(d->hStmt, -- toSQLTCHAR(query).data(), -- (SQLINTEGER) query.length()); -+ { -+ auto encoded = toSQLTCHAR(query); -+ r = SQLPrepare(d->hStmt, -+ encoded.data(), -+ SQLINTEGER(encoded.size())); -+ } - - if (r != SQL_SUCCESS) { - setLastError(qMakeError(QCoreApplication::translate("QODBCResult", -@@ -1385,7 +1393,7 @@ bool QODBCResult::exec() - SQLCloseCursor(d->hStmt); - - QVariantList &values = boundValues(); -- QByteArrayList tmpStorage(values.count(), QByteArray()); // holds temporary buffers -+ QByteArrayList tmpStorage(values.count(), QByteArray()); // targets for SQLBindParameter() - QVarLengthArray indicators(values.count()); - memset(indicators.data(), 0, indicators.size() * sizeof(SQLLEN)); - -@@ -1600,36 +1608,36 @@ bool QODBCResult::exec() - case QMetaType::QString: - if (d->unicode) { - QByteArray &ba = tmpStorage[i]; -- QString str = val.toString(); -+ { -+ const auto encoded = toSQLTCHAR(val.toString()); -+ ba = QByteArray(reinterpret_cast(encoded.data()), -+ encoded.size() * sizeof(SQLTCHAR)); -+ } -+ - if (*ind != SQL_NULL_DATA) -- *ind = str.length() * sizeof(SQLTCHAR); -- const qsizetype strSize = str.length() * sizeof(SQLTCHAR); -+ *ind = ba.size(); - - if (bindValueType(i) & QSql::Out) { -- const QVarLengthArray a(toSQLTCHAR(str)); -- ba = QByteArray((const char *)a.constData(), int(a.size() * sizeof(SQLTCHAR))); - r = SQLBindParameter(d->hStmt, - i + 1, - qParamType[bindValueType(i) & QSql::InOut], - SQL_C_TCHAR, -- strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, -+ ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, - 0, // god knows... don't change this! - 0, -- ba.data(), -+ const_cast(ba.constData()), // don't detach - ba.size(), - ind); - break; - } -- ba = QByteArray(reinterpret_cast(toSQLTCHAR(str).constData()), -- int(strSize)); - r = SQLBindParameter(d->hStmt, - i + 1, - qParamType[bindValueType(i) & QSql::InOut], - SQL_C_TCHAR, -- strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, -- strSize, -+ ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, -+ ba.size(), - 0, -- const_cast(ba.constData()), -+ const_cast(ba.constData()), // don't detach - ba.size(), - ind); - break; -@@ -1991,14 +1999,16 @@ bool QODBCDriver::open(const QString & db, - SQLSMALLINT cb; - QVarLengthArray connOut(1024); - memset(connOut.data(), 0, connOut.size() * sizeof(SQLTCHAR)); -- r = SQLDriverConnect(d->hDbc, -- NULL, -- toSQLTCHAR(connQStr).data(), -- (SQLSMALLINT)connQStr.length(), -- connOut.data(), -- 1024, -- &cb, -- /*SQL_DRIVER_NOPROMPT*/0); -+ { -+ auto encoded = toSQLTCHAR(connQStr); -+ r = SQLDriverConnect(d->hDbc, -+ nullptr, -+ encoded.data(), SQLSMALLINT(encoded.size()), -+ connOut.data(), -+ 1024, -+ &cb, -+ /*SQL_DRIVER_NOPROMPT*/0); -+ } - - if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO) { - setLastError(qMakeError(tr("Unable to connect"), QSqlError::ConnectionError, d)); -@@ -2377,17 +2387,15 @@ QStringList QODBCDriver::tables(QSql::TableType type) const - if (tableType.isEmpty()) - return tl; - -- QString joinedTableTypeString = tableType.join(u','); -+ { -+ auto joinedTableTypeString = toSQLTCHAR(tableType.join(u',')); - -- r = SQLTables(hStmt, -- NULL, -- 0, -- NULL, -- 0, -- NULL, -- 0, -- toSQLTCHAR(joinedTableTypeString).data(), -- joinedTableTypeString.length() /* characters, not bytes */); -+ r = SQLTables(hStmt, -+ nullptr, 0, -+ nullptr, 0, -+ nullptr, 0, -+ joinedTableTypeString.data(), joinedTableTypeString.size()); -+ } - - if (r != SQL_SUCCESS) - qSqlWarning("QODBCDriver::tables Unable to execute table list"_L1, d); -@@ -2460,28 +2468,30 @@ QSqlIndex QODBCDriver::primaryIndex(const QString& tablename) const - SQL_ATTR_CURSOR_TYPE, - (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, - SQL_IS_UINTEGER); -- r = SQLPrimaryKeys(hStmt, -- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), -- catalog.length(), -- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), -- schema.length(), -- toSQLTCHAR(table).data(), -- table.length() /* in characters, not in bytes */); -+ { -+ auto c = toSQLTCHAR(catalog); -+ auto s = toSQLTCHAR(schema); -+ auto t = toSQLTCHAR(table); -+ r = SQLPrimaryKeys(hStmt, -+ catalog.isEmpty() ? nullptr : c.data(), c.size(), -+ schema.isEmpty() ? nullptr : s.data(), s.size(), -+ t.data(), t.size()); -+ } - - // if the SQLPrimaryKeys() call does not succeed (e.g the driver - // does not support it) - try an alternative method to get hold of - // the primary index (e.g MS Access and FoxPro) - if (r != SQL_SUCCESS) { -- r = SQLSpecialColumns(hStmt, -- SQL_BEST_ROWID, -- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), -- catalog.length(), -- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), -- schema.length(), -- toSQLTCHAR(table).data(), -- table.length(), -- SQL_SCOPE_CURROW, -- SQL_NULLABLE); -+ auto c = toSQLTCHAR(catalog); -+ auto s = toSQLTCHAR(schema); -+ auto t = toSQLTCHAR(table); -+ r = SQLSpecialColumns(hStmt, -+ SQL_BEST_ROWID, -+ catalog.isEmpty() ? nullptr : c.data(), c.size(), -+ schema.isEmpty() ? nullptr : s.data(), s.size(), -+ t.data(), t.size(), -+ SQL_SCOPE_CURROW, -+ SQL_NULLABLE); - - if (r != SQL_SUCCESS) { - qSqlWarning("QODBCDriver::primaryIndex: Unable to execute primary key list"_L1, d); -@@ -2562,15 +2572,17 @@ QSqlRecord QODBCDriver::record(const QString& tablename) const - SQL_ATTR_CURSOR_TYPE, - (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, - SQL_IS_UINTEGER); -- r = SQLColumns(hStmt, -- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), -- catalog.length(), -- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), -- schema.length(), -- toSQLTCHAR(table).data(), -- table.length(), -- NULL, -- 0); -+ { -+ auto c = toSQLTCHAR(catalog); -+ auto s = toSQLTCHAR(schema); -+ auto t = toSQLTCHAR(table); -+ r = SQLColumns(hStmt, -+ catalog.isEmpty() ? nullptr : c.data(), c.size(), -+ schema.isEmpty() ? nullptr : s.data(), s.size(), -+ t.data(), t.size(), -+ nullptr, -+ 0); -+ } - if (r != SQL_SUCCESS) - qSqlWarning("QODBCDriver::record: Unable to execute column list"_L1, d); - diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index ca48077..49a5d12 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -99,7 +99,6 @@ Patch58: qtbase-libglvnd.patch Patch90: qtbase-gcc11.patch ## upstream patches -Patch100: CVE-2023-24607-qtbase-6.4.patch # Do not check any files in %%{_qt6_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are From 4dccb8dee5da1a0982fe024362ebc0c36e0680cf Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Mon, 3 Apr 2023 07:07:42 +0200 Subject: [PATCH 16/16] Enable zstd support --- qt6-qtbase.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/qt6-qtbase.spec b/qt6-qtbase.spec index 49a5d12..51ac929 100644 --- a/qt6-qtbase.spec +++ b/qt6-qtbase.spec @@ -39,7 +39,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt6-qtbase Summary: Qt6 - QtBase components Version: 6.4.3 -Release: 1%{?dist} +Release: 2%{?dist} License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0 Url: http://qt-project.org/ @@ -124,6 +124,7 @@ BuildRequires: libb2-devel BuildRequires: libjpeg-devel BuildRequires: libmng-devel BuildRequires: libtiff-devel +BuildRequires: libzstd-devel BuildRequires: tslib-devel BuildRequires: pkgconfig(alsa) # required for -accessibility @@ -386,6 +387,7 @@ export MAKEFLAGS="%{?_smp_mflags}" -DQT_FEATURE_sql_psql=ON \ -DQT_FEATURE_sql_sqlite=ON \ -DQT_FEATURE_rpath=OFF \ + -DQT_FEATURE_zstd=ON \ %{?dbus_linked:-DQT_FEATURE_dbus_linked=ON} \ %{?pcre:-DQT_FEATURE_system_pcre2=ON} \ %{?sqlite:-DQT_FEATURE_system_sqlite=ON} \ @@ -843,6 +845,9 @@ make check -k ||: %changelog +* Mon Apr 03 2023 Jan Grulich - 6.4.3-2 +- Enable zstd support + * Thu Mar 23 2023 Jan Grulich - 6.4.3-1 - 6.4.3