Bug#970296: Attach patch
Hi! I'm now attaching the debdiff patch.
--
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/
diff -Nru qtbase-opensource-src-5.11.3+dfsg1/debian/changelog qtbase-opensource-src-5.11.3+dfsg1/debian/changelog
--- qtbase-opensource-src-5.11.3+dfsg1/debian/changelog 2020-01-30 10:42:01.000000000 -0300
+++ qtbase-opensource-src-5.11.3+dfsg1/debian/changelog 2020-09-14 09:15:20.000000000 -0300
@@ -1,3 +1,15 @@
+qtbase-opensource-src (5.11.3+dfsg1-1+deb10u4) buster; urgency=medium
+
+ [ Dmitry Shachnev ]
+ * Backport upstream patch to fix buffer overflow in XBM parser
+ (CVE-2020-17507, closes: #968444).
+
+ [ Lisandro Damián Nicanor Pérez Meyer ]
+ * Backport XCB_Fix_clipboard_breaking_when_timer_wraps_after_50_days.patch
+ (Closes: #961293). Thanks Nicolás for pointing us to the bug fix.
+
+ -- Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org> Mon, 14 Sep 2020 09:15:20 -0300
+
qtbase-opensource-src (5.11.3+dfsg1-1+deb10u3) buster-security; urgency=high
[ Dmitry Shachnev ]
diff -Nru qtbase-opensource-src-5.11.3+dfsg1/debian/patches/CVE-2020-17507.diff qtbase-opensource-src-5.11.3+dfsg1/debian/patches/CVE-2020-17507.diff
--- qtbase-opensource-src-5.11.3+dfsg1/debian/patches/CVE-2020-17507.diff 1969-12-31 21:00:00.000000000 -0300
+++ qtbase-opensource-src-5.11.3+dfsg1/debian/patches/CVE-2020-17507.diff 2020-09-04 18:08:50.000000000 -0300
@@ -0,0 +1,21 @@
+Description: fix buffer overflow in XBM parser
+Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=1616c71921b73b22
+Last-Update: 2020-08-18
+
+---
+ src/gui/image/qxbmhandler.cpp | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/src/gui/image/qxbmhandler.cpp
++++ b/src/gui/image/qxbmhandler.cpp
+@@ -154,7 +154,9 @@ static bool read_xbm_body(QIODevice *dev
+ w = (w+7)/8; // byte width
+
+ while (y < h) { // for all encoded bytes...
+- if (p) { // p = "0x.."
++ if (p && p < (buf + readBytes - 3)) { // p = "0x.."
++ if (!isxdigit(p[2]) || !isxdigit(p[3]))
++ return false;
+ *b++ = hex2byte(p+2);
+ p += 2;
+ if (++x == w && ++y < h) {
diff -Nru qtbase-opensource-src-5.11.3+dfsg1/debian/patches/series qtbase-opensource-src-5.11.3+dfsg1/debian/patches/series
--- qtbase-opensource-src-5.11.3+dfsg1/debian/patches/series 2020-01-30 10:42:01.000000000 -0300
+++ qtbase-opensource-src-5.11.3+dfsg1/debian/patches/series 2020-09-04 18:08:50.000000000 -0300
@@ -10,6 +10,8 @@
repolish_run_on_direct_children.diff
CVE-2020-0569.diff
CVE-2020-0570.diff
+XCB_Fix_clipboard_breaking_when_timer_wraps_after_50_days.patch
+CVE-2020-17507.diff
# Debian specific.
gnukfreebsd.diff
diff -Nru qtbase-opensource-src-5.11.3+dfsg1/debian/patches/XCB_Fix_clipboard_breaking_when_timer_wraps_after_50_days.patch qtbase-opensource-src-5.11.3+dfsg1/debian/patches/XCB_Fix_clipboard_breaking_when_timer_wraps_after_50_days.patch
--- qtbase-opensource-src-5.11.3+dfsg1/debian/patches/XCB_Fix_clipboard_breaking_when_timer_wraps_after_50_days.patch 1969-12-31 21:00:00.000000000 -0300
+++ qtbase-opensource-src-5.11.3+dfsg1/debian/patches/XCB_Fix_clipboard_breaking_when_timer_wraps_after_50_days.patch 2020-09-04 18:08:50.000000000 -0300
@@ -0,0 +1,47 @@
+From 036fe49580d7470eeaa4c168845bdf2483946f22 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Turek?= <lukas@turek.eu>
+Date: Fri, 22 Feb 2019 19:26:37 +0100
+Subject: [PATCH] XCB: Fix clipboard breaking when timer wraps after 50 days
+Reviewed-By: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
+Bug-Debian: #961293
+
+xcb_timestamp_t is a 32-bit unsigned value in milliseconds, so it
+wraps after 49.7 days. When it happens, QXcbConnection::m_time stops
+updating and copy & paste in an application would not work until the
+application is restarted. This patch detects the timer wrap and
+allows m_time to wrap too. The fix was verified in KDE desktop with
+applications running for 51 days.
+
+Fixes: QTBUG-65145
+Change-Id: I328c4179c1b1f71914adda6f9a0ca3991a7e808e
+Reviewed-by: Uli Schlachter <psychon@znc.in>
+Reviewed-by: Milian Wolff <milian.wolff@kdab.com>
+Reviewed-by: Gatis Paeglis <gatis.paeglis@qt.io>
+---
+ src/plugins/platforms/xcb/qxcbconnection.h | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/src/plugins/platforms/xcb/qxcbconnection.h
++++ b/src/plugins/platforms/xcb/qxcbconnection.h
+@@ -470,10 +470,10 @@ public:
+ PeekOptions option = PeekDefault, qint32 peekerId = -1);
+
+ inline xcb_timestamp_t time() const { return m_time; }
+- inline void setTime(xcb_timestamp_t t) { if (t > m_time) m_time = t; }
++ inline void setTime(xcb_timestamp_t t) { if (timeGreaterThan(t, m_time)) m_time = t; }
+
+ inline xcb_timestamp_t netWmUserTime() const { return m_netWmUserTime; }
+- inline void setNetWmUserTime(xcb_timestamp_t t) { if (t > m_netWmUserTime) m_netWmUserTime = t; }
++ inline void setNetWmUserTime(xcb_timestamp_t t) { if (timeGreaterThan(t, m_netWmUserTime)) m_netWmUserTime = t; }
+
+ bool hasXFixes() const { return has_xfixes; }
+ bool hasXShape() const { return has_shape_extension; }
+@@ -581,6 +581,8 @@ private:
+ void destroyScreen(QXcbScreen *screen);
+ void initializeScreens();
+ bool compressEvent(xcb_generic_event_t *event, int currentIndex, QXcbEventArray *eventqueue) const;
++ inline bool timeGreaterThan(xcb_timestamp_t a, xcb_timestamp_t b) const
++ { return static_cast<int32_t>(a - b) > 0 || b == XCB_CURRENT_TIME; }
+
+ bool m_xi2Enabled = false;
+ #if QT_CONFIG(xinput2)
Reply to: