[packages/qt6] upstream fix for CVE-2024-33861; rel 3

Thu, 02 May 2024 15:15:34 -0700 

commit 41f2cc3f17edef6a14c5113508aa6f90a84d33f9
Author: Jan Palus <[email protected]>
Date:   Fri May 3 00:13:21 2024 +0200

    upstream fix for CVE-2024-33861; rel 3
    
    as advised in:
    https://lists.qt-project.org/pipermail/announce/2024-May/000489.html

 CVE-2024-33861.patch | 22 ++++++++++++++++++++++
 qt6.spec             |  4 +++-
 2 files changed, 25 insertions(+), 1 deletion(-)
---
diff --git a/qt6.spec b/qt6.spec
index 50359c5..e5d49e7 100644
--- a/qt6.spec
+++ b/qt6.spec
@@ -109,7 +109,7 @@ Summary:    Qt6 Library
 Summary(pl.UTF-8):     Biblioteka Qt6
 Name:          qt6
 Version:       6.6.3
-Release:       2
+Release:       3
 License:       LGPL v3 or GPL v2 or GPL v3 or commercial
 Group:         X11/Libraries
 Source0:       
https://download.qt.io/official_releases/qt/6.6/%{version}/single/qt-everywhere-src-%{version}.tar.xz
@@ -120,6 +120,7 @@ Patch2:             %{name}-gn.patch
 Patch3:                no-implicit-sse2.patch
 Patch4:                x32.patch
 Patch5:                qtwebengine-cmake-build-type.patch
+Patch6:                CVE-2024-33861.patch
 URL:           https://www.qt.io/
 %{?with_directfb:BuildRequires:        DirectFB-devel}
 BuildRequires: EGL-devel
@@ -3676,6 +3677,7 @@ narzędzia.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1 -d qtbase
 
 %{__sed} -i -e 's,usr/X11R6/,usr/,g' qtbase/mkspecs/linux-g++-64/qmake.conf
 
diff --git a/CVE-2024-33861.patch b/CVE-2024-33861.patch
new file mode 100644
index 0000000..0364942
--- /dev/null
+++ b/CVE-2024-33861.patch
@@ -0,0 +1,22 @@
+diff --git a/src/corelib/text/qstringconverter.cpp 
b/src/corelib/text/qstringconverter.cpp
+index 4a60d60ae35..66fedcf3325 100644
+--- a/src/corelib/text/qstringconverter.cpp
++++ b/src/corelib/text/qstringconverter.cpp
+@@ -1951,7 +1951,7 @@ struct QStringConverterICU : QStringConverter
+         const void *context;
+         ucnv_getToUCallBack(icu_conv, &action, &context);
+         if (context != state)
+-             ucnv_setToUCallBack(icu_conv, action, &state, nullptr, nullptr, 
&err);
++             ucnv_setToUCallBack(icu_conv, action, state, nullptr, nullptr, 
&err);
+
+         ucnv_toUnicode(icu_conv, &target, targetLimit, &source, sourceLimit, 
nullptr, flush, &err);
+         // We did reserve enough space:
+@@ -1984,7 +1984,7 @@ struct QStringConverterICU : QStringConverter
+         const void *context;
+         ucnv_getFromUCallBack(icu_conv, &action, &context);
+         if (context != state)
+-             ucnv_setFromUCallBack(icu_conv, action, &state, nullptr, 
nullptr, &err);
++             ucnv_setFromUCallBack(icu_conv, action, state, nullptr, nullptr, 
&err);
+
+         ucnv_fromUnicode(icu_conv, &target, targetLimit, &source, 
sourceLimit, nullptr, flush, &err);
+         // We did reserve enough space:
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/qt6.git/commitdiff/41f2cc3f17edef6a14c5113508aa6f90a84d33f9

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to