Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: qtbase-opensource-src-g...@packages.debian.org
Control: affects -1 + src:qtbase-opensource-src-gles
Please unblock package qtbase-opensource-src-gles.
[ Reason ]
* Fixes for two CVEs (CVE-2023-24607 and CVE-2023-32763).
* Updated image_deletion_order.diff to fix dangling or incorrect
device pointers during handler destruction.
* Fix for cross-building (#1029082).
* Minor update for debian/libqt5gui5-gles.symbols.
[ Impact ]
Of these fixes, CVE-2023-32763 is the most important. It is possible to
trigger a buffer overflow when rendering SVG files.
[ Tests ]
No automated tests are run for this package. But patches that come from
upstream are covered by upstream tests.
[ Risks ]
I think the risk is low. Most of these fixes are already present in the
non-gles variant of the package in testing (5.15.8+dfsg-10) and have been
tested by many users. Except for the cross-build fix which is specific to
the -gles variant, but that fix is only applied when cross-building and
does not affect regular builds.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
(Anything else the release team should know.)
unblock qtbase-opensource-src-gles/5.15.8+dfsg-3
--
Dmitry Shachnev
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,28 @@
+qtbase-opensource-src-gles (5.15.8+dfsg-3) unstable; urgency=medium
+
+ * Add a patch to fix CVE-2023-32763: buffer overflow in Qt SVG
+(closes: #1036702).
+
+ -- Dmitry Shachnev Wed, 24 May 2023 20:52:26 +0300
+
+qtbase-opensource-src-gles (5.15.8+dfsg-2) unstable; urgency=medium
+
+ * Merge qtbase-opensource-src 5.15.8+dfsg-3 upload.
+ * Compare only upstream version of qt5-qmake-bin when cross-building
+(closes: #1029082).
+
+ -- Dmitry Shachnev Sat, 04 Mar 2023 14:39:27 +0300
+
+qtbase-opensource-src (5.15.8+dfsg-3) unstable; urgency=medium
+
+ * Use ${DEB_HOST_GNU_TYPE} substitution in debian/qt5-qmake.install.
+ * Add upstream patch to fix denial-of-service in Qt SQL ODBC plugin
+(CVE-2023-24607, closes: #1031872).
+ * Update debian/libqt5gui5.symbols from s390x build log.
+ * Amend image_deletion_order.diff from one more upstream commit.
+
+ -- Dmitry Shachnev Mon, 27 Feb 2023 11:28:53 +0300
+
qtbase-opensource-src-gles (5.15.8+dfsg-1) unstable; urgency=medium
* Merge qtbase-opensource-src 5.15.8+dfsg-2 upload.
--- a/debian/libqt5gui5-gles.symbols
+++ b/debian/libqt5gui5-gles.symbols
@@ -1,4 +1,4 @@
-# SymbolsHelper-Confirmed: 5.15.4 amd64 hppa powerpc ppc64 s390x sparc64
+# SymbolsHelper-Confirmed: 5.15.8 s390x
libQt5Gui.so.5 libqt5gui5 #MINVER# | libqt5gui5-gles #MINVER#
| libqt5gui5 #MINVER# | libqt5gui5-gles #MINVER#, qtbase-abi-5-15-8
| libqt5gui5 #MINVER#
@@ -1563,7 +1563,7 @@ libQt5Gui.so.5 libqt5gui5 #MINVER# | libqt5gui5-gles #MINVER#
_ZN16QDoubleValidatorD0Ev@Qt_5 5.0.2
_ZN16QDoubleValidatorD1Ev@Qt_5 5.0.2
_ZN16QDoubleValidatorD2Ev@Qt_5 5.0.2
- (optional=inline|arch=!hppa !ia64 !s390x)_ZN16QOpenGLFunctions17glBindFramebufferEjj@Qt_5 5.15.2
+ (optional=inline|arch=!hppa !ia64)_ZN16QOpenGLFunctions17glBindFramebufferEjj@Qt_5 5.15.2
_ZN16QOpenGLFunctions25initializeOpenGLFunctionsEv@Qt_5 5.0.2
_ZN16QOpenGLFunctionsC1EP14QOpenGLContext@Qt_5 5.0.2
_ZN16QOpenGLFunctionsC1Ev@Qt_5 5.0.2
--- /dev/null
+++ b/debian/patches/CVE-2023-24607.diff
@@ -0,0 +1,330 @@
+Description: Fix denial-of-service in Qt SQL ODBC driver plugin
+Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
+Last-Update: 2023-02-26
+
+--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
+@@ -92,23 +92,39 @@ inline static QString fromSQLTCHAR(const
+ return result;
+ }
+
++template
++void toSQLTCHARImpl(QVarLengthArray , const QString ); // primary template undefined
++
++template
++void do_append(QVarLengthArray , const Container )
++{
++result.append(reinterpret_cast(c.data()), c.size());
++}
++
++template <>
++void toSQLTCHARImpl<1>(QVarLengthArray , const QString )
++{
++const auto u8 = input.toUtf8();
++do_append(result, u8);
++}
++
++template <>
++void toSQLTCHARImpl<2>(QVarLengthArray , const QString )
++{
++do_append(result, input);
++}
++
++template <>
++void toSQLTCHARImpl<4>(QVarLengthArray , const QString )
++{
++const auto u32 = input.toUcs4();
++do_append(result, u32);
++}
++
+ inline static QVarLengthArray toSQLTCHAR(const QString )
+ {
+ QVarLengthArray result;
+-result.resize(input.size());
+-switch(sizeof(SQLTCHAR)) {
+-case 1:
+-memcpy(result.data(), input.toUtf8().data(), input.size());
+-break;
+-case 2:
+-memcpy(result.data(), input.unicode(), input.size() * 2);
+-break;
+-case 4:
+-