Your message dated Sun, 28 May 2023 09:37:30 +0200 with message-id <CAM8zJQtvdzvmV7DC0D+sYB=B=Wj6HaVsz_i76XcMsx1m-fkSiA@mail.gmail.com> and subject line Re: Bug#1036745: unblock: qtbase-opensource-src-gles/5.15.8+dfsg-3 has caused the Debian Bug report #1036745, regarding unblock: qtbase-opensource-src-gles/5.15.8+dfsg-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1036745: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036745 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: unblock: qtbase-opensource-src-gles/5.15.8+dfsg-3
- From: Dmitry Shachnev <mitya57@debian.org>
- Date: Thu, 25 May 2023 11:56:36 +0300
- Message-id: <[🔎] ZG8ixLzogBtp0HCA@mitya57.me>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock X-Debbugs-Cc: qtbase-opensource-src-gles@packages.debian.org Control: affects -1 + src:qtbase-opensource-src-gles Please unblock package qtbase-opensource-src-gles. [ Reason ] * Fixes for two CVEs (CVE-2023-24607 and CVE-2023-32763). * Updated image_deletion_order.diff to fix dangling or incorrect device pointers during handler destruction. * Fix for cross-building (#1029082). * Minor update for debian/libqt5gui5-gles.symbols. [ Impact ] Of these fixes, CVE-2023-32763 is the most important. It is possible to trigger a buffer overflow when rendering SVG files. [ Tests ] No automated tests are run for this package. But patches that come from upstream are covered by upstream tests. [ Risks ] I think the risk is low. Most of these fixes are already present in the non-gles variant of the package in testing (5.15.8+dfsg-10) and have been tested by many users. Except for the cross-build fix which is specific to the -gles variant, but that fix is only applied when cross-building and does not affect regular builds. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] (Anything else the release team should know.) unblock qtbase-opensource-src-gles/5.15.8+dfsg-3 -- Dmitry Shachnev--- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,28 @@ +qtbase-opensource-src-gles (5.15.8+dfsg-3) unstable; urgency=medium + + * Add a patch to fix CVE-2023-32763: buffer overflow in Qt SVG + (closes: #1036702). + + -- Dmitry Shachnev <mitya57@debian.org> Wed, 24 May 2023 20:52:26 +0300 + +qtbase-opensource-src-gles (5.15.8+dfsg-2) unstable; urgency=medium + + * Merge qtbase-opensource-src 5.15.8+dfsg-3 upload. + * Compare only upstream version of qt5-qmake-bin when cross-building + (closes: #1029082). + + -- Dmitry Shachnev <mitya57@debian.org> Sat, 04 Mar 2023 14:39:27 +0300 + +qtbase-opensource-src (5.15.8+dfsg-3) unstable; urgency=medium + + * Use ${DEB_HOST_GNU_TYPE} substitution in debian/qt5-qmake.install. + * Add upstream patch to fix denial-of-service in Qt SQL ODBC plugin + (CVE-2023-24607, closes: #1031872). + * Update debian/libqt5gui5.symbols from s390x build log. + * Amend image_deletion_order.diff from one more upstream commit. + + -- Dmitry Shachnev <mitya57@debian.org> Mon, 27 Feb 2023 11:28:53 +0300 + qtbase-opensource-src-gles (5.15.8+dfsg-1) unstable; urgency=medium * Merge qtbase-opensource-src 5.15.8+dfsg-2 upload. --- a/debian/libqt5gui5-gles.symbols +++ b/debian/libqt5gui5-gles.symbols @@ -1,4 +1,4 @@ -# SymbolsHelper-Confirmed: 5.15.4 amd64 hppa powerpc ppc64 s390x sparc64 +# SymbolsHelper-Confirmed: 5.15.8 s390x libQt5Gui.so.5 libqt5gui5 #MINVER# | libqt5gui5-gles #MINVER# | libqt5gui5 #MINVER# | libqt5gui5-gles #MINVER#, qtbase-abi-5-15-8 | libqt5gui5 #MINVER# @@ -1563,7 +1563,7 @@ libQt5Gui.so.5 libqt5gui5 #MINVER# | libqt5gui5-gles #MINVER# _ZN16QDoubleValidatorD0Ev@Qt_5 5.0.2 _ZN16QDoubleValidatorD1Ev@Qt_5 5.0.2 _ZN16QDoubleValidatorD2Ev@Qt_5 5.0.2 - (optional=inline|arch=!hppa !ia64 !s390x)_ZN16QOpenGLFunctions17glBindFramebufferEjj@Qt_5 5.15.2 + (optional=inline|arch=!hppa !ia64)_ZN16QOpenGLFunctions17glBindFramebufferEjj@Qt_5 5.15.2 _ZN16QOpenGLFunctions25initializeOpenGLFunctionsEv@Qt_5 5.0.2 _ZN16QOpenGLFunctionsC1EP14QOpenGLContext@Qt_5 5.0.2 _ZN16QOpenGLFunctionsC1Ev@Qt_5 5.0.2 --- /dev/null +++ b/debian/patches/CVE-2023-24607.diff @@ -0,0 +1,330 @@ +Description: Fix denial-of-service in Qt SQL ODBC driver plugin +Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff +Last-Update: 2023-02-26 + +--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp ++++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +@@ -92,23 +92,39 @@ inline static QString fromSQLTCHAR(const + return result; + } + ++template <size_t SizeOfChar = sizeof(SQLTCHAR)> ++void toSQLTCHARImpl(QVarLengthArray<SQLTCHAR> &result, const QString &input); // primary template undefined ++ ++template <typename Container> ++void do_append(QVarLengthArray<SQLTCHAR> &result, const Container &c) ++{ ++ result.append(reinterpret_cast<const SQLTCHAR *>(c.data()), c.size()); ++} ++ ++template <> ++void toSQLTCHARImpl<1>(QVarLengthArray<SQLTCHAR> &result, const QString &input) ++{ ++ const auto u8 = input.toUtf8(); ++ do_append(result, u8); ++} ++ ++template <> ++void toSQLTCHARImpl<2>(QVarLengthArray<SQLTCHAR> &result, const QString &input) ++{ ++ do_append(result, input); ++} ++ ++template <> ++void toSQLTCHARImpl<4>(QVarLengthArray<SQLTCHAR> &result, const QString &input) ++{ ++ const auto u32 = input.toUcs4(); ++ do_append(result, u32); ++} ++ + inline static QVarLengthArray<SQLTCHAR> toSQLTCHAR(const QString &input) + { + QVarLengthArray<SQLTCHAR> result; +- result.resize(input.size()); +- switch(sizeof(SQLTCHAR)) { +- case 1: +- memcpy(result.data(), input.toUtf8().data(), input.size()); +- break; +- case 2: +- memcpy(result.data(), input.unicode(), input.size() * 2); +- break; +- case 4: +- memcpy(result.data(), input.toUcs4().data(), input.size() * 4); +- break; +- default: +- qCritical("sizeof(SQLTCHAR) is %d. Don't know how to handle this.", int(sizeof(SQLTCHAR))); +- } ++ toSQLTCHARImpl(result, input); + result.append(0); // make sure it's null terminated, doesn't matter if it already is, it does if it isn't. + return result; + } +@@ -763,6 +779,14 @@ QChar QODBCDriverPrivate::quoteChar() + return quote; + } + ++static SQLRETURN qt_string_SQLSetConnectAttr(SQLHDBC handle, SQLINTEGER attr, const QString &val) ++{ ++ auto encoded = toSQLTCHAR(val); ++ return SQLSetConnectAttr(handle, attr, ++ encoded.data(), ++ SQLINTEGER(encoded.size() * sizeof(SQLTCHAR))); // size in bytes ++} ++ + + bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) + { +@@ -798,10 +822,7 @@ bool QODBCDriverPrivate::setConnectionOp + v = val.toUInt(); + r = SQLSetConnectAttr(hDbc, SQL_ATTR_LOGIN_TIMEOUT, (SQLPOINTER) size_t(v), 0); + } else if (opt.toUpper() == QLatin1String("SQL_ATTR_CURRENT_CATALOG")) { +- val.utf16(); // 0 terminate +- r = SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG, +- toSQLTCHAR(val).data(), +- val.length()*sizeof(SQLTCHAR)); ++ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG, val); + } else if (opt.toUpper() == QLatin1String("SQL_ATTR_METADATA_ID")) { + if (val.toUpper() == QLatin1String("SQL_TRUE")) { + v = SQL_TRUE; +@@ -816,10 +837,7 @@ bool QODBCDriverPrivate::setConnectionOp + v = val.toUInt(); + r = SQLSetConnectAttr(hDbc, SQL_ATTR_PACKET_SIZE, (SQLPOINTER) size_t(v), 0); + } else if (opt.toUpper() == QLatin1String("SQL_ATTR_TRACEFILE")) { +- val.utf16(); // 0 terminate +- r = SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, +- toSQLTCHAR(val).data(), +- val.length()*sizeof(SQLTCHAR)); ++ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, val); + } else if (opt.toUpper() == QLatin1String("SQL_ATTR_TRACE")) { + if (val.toUpper() == QLatin1String("SQL_OPT_TRACE_OFF")) { + v = SQL_OPT_TRACE_OFF; +@@ -1022,9 +1040,12 @@ bool QODBCResult::reset (const QString& + return false; + } + +- r = SQLExecDirect(d->hStmt, +- toSQLTCHAR(query).data(), +- (SQLINTEGER) query.length()); ++ { ++ auto encoded = toSQLTCHAR(query); ++ r = SQLExecDirect(d->hStmt, ++ encoded.data(), ++ SQLINTEGER(encoded.size())); ++ } + if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO && r!= SQL_NO_DATA) { + setLastError(qMakeError(QCoreApplication::translate("QODBCResult", + "Unable to execute statement"), QSqlError::StatementError, d)); +@@ -1371,9 +1392,12 @@ bool QODBCResult::prepare(const QString& + return false; + } + +- r = SQLPrepare(d->hStmt, +- toSQLTCHAR(query).data(), +- (SQLINTEGER) query.length()); ++ { ++ auto encoded = toSQLTCHAR(query); ++ r = SQLPrepare(d->hStmt, ++ encoded.data(), ++ SQLINTEGER(encoded.size())); ++ } + + if (r != SQL_SUCCESS) { + setLastError(qMakeError(QCoreApplication::translate("QODBCResult", +@@ -1401,7 +1425,7 @@ bool QODBCResult::exec() + SQLCloseCursor(d->hStmt); + + QVector<QVariant>& values = boundValues(); +- QVector<QByteArray> tmpStorage(values.count(), QByteArray()); // holds temporary buffers ++ QVector<QByteArray> tmpStorage(values.count(), QByteArray()); // targets for SQLBindParameter() + QVarLengthArray<SQLLEN, 32> indicators(values.count()); + memset(indicators.data(), 0, indicators.size() * sizeof(SQLLEN)); + +@@ -1580,35 +1604,36 @@ bool QODBCResult::exec() + case QVariant::String: + if (d->unicode) { + QByteArray &ba = tmpStorage[i]; +- QString str = val.toString(); ++ { ++ const auto encoded = toSQLTCHAR(val.toString()); ++ ba = QByteArray(reinterpret_cast<const char *>(encoded.data()), ++ encoded.size() * sizeof(SQLTCHAR)); ++ } ++ + if (*ind != SQL_NULL_DATA) +- *ind = str.length() * sizeof(SQLTCHAR); +- int strSize = str.length() * sizeof(SQLTCHAR); ++ *ind = ba.size(); + + if (bindValueType(i) & QSql::Out) { +- const QVarLengthArray<SQLTCHAR> a(toSQLTCHAR(str)); +- ba = QByteArray((const char *)a.constData(), a.size() * sizeof(SQLTCHAR)); + r = SQLBindParameter(d->hStmt, + i + 1, + qParamType[bindValueType(i) & QSql::InOut], + SQL_C_TCHAR, +- strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, ++ ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, + 0, // god knows... don't change this! + 0, +- ba.data(), ++ const_cast<char *>(ba.constData()), // don't detach + ba.size(), + ind); + break; + } +- ba = QByteArray ((const char *)toSQLTCHAR(str).constData(), str.size()*sizeof(SQLTCHAR)); + r = SQLBindParameter(d->hStmt, + i + 1, + qParamType[bindValueType(i) & QSql::InOut], + SQL_C_TCHAR, +- strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, +- strSize, ++ ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, ++ ba.size(), + 0, +- const_cast<char *>(ba.constData()), ++ const_cast<char *>(ba.constData()), // don't detach + ba.size(), + ind); + break; +@@ -1716,10 +1741,11 @@ bool QODBCResult::exec() + case QVariant::String: + if (d->unicode) { + if (bindValueType(i) & QSql::Out) { +- const QByteArray &first = tmpStorage.at(i); +- QVarLengthArray<SQLTCHAR> array; +- array.append((const SQLTCHAR *)first.constData(), first.size()); +- values[i] = fromSQLTCHAR(array, first.size()/sizeof(SQLTCHAR)); ++ const QByteArray &bytes = tmpStorage.at(i); ++ const auto strSize = bytes.size() / int(sizeof(SQLTCHAR)); ++ QVarLengthArray<SQLTCHAR> string(strSize); ++ memcpy(string.data(), bytes.data(), strSize * sizeof(SQLTCHAR)); ++ values[i] = fromSQLTCHAR(string); + } + break; + } +@@ -1966,14 +1992,16 @@ bool QODBCDriver::open(const QString & d + SQLSMALLINT cb; + QVarLengthArray<SQLTCHAR> connOut(1024); + memset(connOut.data(), 0, connOut.size() * sizeof(SQLTCHAR)); +- r = SQLDriverConnect(d->hDbc, +- NULL, +- toSQLTCHAR(connQStr).data(), +- (SQLSMALLINT)connQStr.length(), +- connOut.data(), +- 1024, +- &cb, +- /*SQL_DRIVER_NOPROMPT*/0); ++ { ++ auto encoded = toSQLTCHAR(connQStr); ++ r = SQLDriverConnect(d->hDbc, ++ nullptr, ++ encoded.data(), SQLSMALLINT(encoded.size()), ++ connOut.data(), ++ 1024, ++ &cb, ++ /*SQL_DRIVER_NOPROMPT*/0); ++ } + + if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO) { + setLastError(qMakeError(tr("Unable to connect"), QSqlError::ConnectionError, d)); +@@ -2352,17 +2380,15 @@ QStringList QODBCDriver::tables(QSql::Ta + if (tableType.isEmpty()) + return tl; + +- QString joinedTableTypeString = tableType.join(QLatin1Char(',')); ++ { ++ auto joinedTableTypeString = toSQLTCHAR(tableType.join(u',')); + +- r = SQLTables(hStmt, +- NULL, +- 0, +- NULL, +- 0, +- NULL, +- 0, +- toSQLTCHAR(joinedTableTypeString).data(), +- joinedTableTypeString.length() /* characters, not bytes */); ++ r = SQLTables(hStmt, ++ nullptr, 0, ++ nullptr, 0, ++ nullptr, 0, ++ joinedTableTypeString.data(), joinedTableTypeString.size()); ++ } + + if (r != SQL_SUCCESS) + qSqlWarning(QLatin1String("QODBCDriver::tables Unable to execute table list"), d); +@@ -2436,28 +2462,30 @@ QSqlIndex QODBCDriver::primaryIndex(cons + SQL_ATTR_CURSOR_TYPE, + (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, + SQL_IS_UINTEGER); +- r = SQLPrimaryKeys(hStmt, +- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), +- catalog.length(), +- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), +- schema.length(), +- toSQLTCHAR(table).data(), +- table.length() /* in characters, not in bytes */); ++ { ++ auto c = toSQLTCHAR(catalog); ++ auto s = toSQLTCHAR(schema); ++ auto t = toSQLTCHAR(table); ++ r = SQLPrimaryKeys(hStmt, ++ catalog.isEmpty() ? nullptr : c.data(), c.size(), ++ schema.isEmpty() ? nullptr : s.data(), s.size(), ++ t.data(), t.size()); ++ } + + // if the SQLPrimaryKeys() call does not succeed (e.g the driver + // does not support it) - try an alternative method to get hold of + // the primary index (e.g MS Access and FoxPro) + if (r != SQL_SUCCESS) { +- r = SQLSpecialColumns(hStmt, +- SQL_BEST_ROWID, +- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), +- catalog.length(), +- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), +- schema.length(), +- toSQLTCHAR(table).data(), +- table.length(), +- SQL_SCOPE_CURROW, +- SQL_NULLABLE); ++ auto c = toSQLTCHAR(catalog); ++ auto s = toSQLTCHAR(schema); ++ auto t = toSQLTCHAR(table); ++ r = SQLSpecialColumns(hStmt, ++ SQL_BEST_ROWID, ++ catalog.isEmpty() ? nullptr : c.data(), c.size(), ++ schema.isEmpty() ? nullptr : s.data(), s.size(), ++ t.data(), t.size(), ++ SQL_SCOPE_CURROW, ++ SQL_NULLABLE); + + if (r != SQL_SUCCESS) { + qSqlWarning(QLatin1String("QODBCDriver::primaryIndex: Unable to execute primary key list"), d); +@@ -2538,15 +2566,17 @@ QSqlRecord QODBCDriver::record(const QSt + SQL_ATTR_CURSOR_TYPE, + (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, + SQL_IS_UINTEGER); +- r = SQLColumns(hStmt, +- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), +- catalog.length(), +- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), +- schema.length(), +- toSQLTCHAR(table).data(), +- table.length(), +- NULL, +- 0); ++ { ++ auto c = toSQLTCHAR(catalog); ++ auto s = toSQLTCHAR(schema); ++ auto t = toSQLTCHAR(table); ++ r = SQLColumns(hStmt, ++ catalog.isEmpty() ? nullptr : c.data(), c.size(), ++ schema.isEmpty() ? nullptr : s.data(), s.size(), ++ t.data(), t.size(), ++ nullptr, ++ 0); ++ } + if (r != SQL_SUCCESS) + qSqlWarning(QLatin1String("QODBCDriver::record: Unable to execute column list"), d); + --- /dev/null +++ b/debian/patches/CVE-2023-32763.diff @@ -0,0 +1,50 @@ +Description: fix buffer overflow in Qt SVG + Adds qAddOverflow and qMulOverflow definitions to QFixed. +Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff +Last-Update: 2023-05-22 + +--- a/src/gui/painting/qfixed_p.h ++++ b/src/gui/painting/qfixed_p.h +@@ -54,6 +54,7 @@ + #include <QtGui/private/qtguiglobal_p.h> + #include "QtCore/qdebug.h" + #include "QtCore/qpoint.h" ++#include <QtCore/private/qnumeric_p.h> + #include "QtCore/qsize.h" + + QT_BEGIN_NAMESPACE +@@ -182,6 +183,14 @@ Q_DECL_CONSTEXPR inline bool operator<(i + Q_DECL_CONSTEXPR inline bool operator>(const QFixed &f, int i) { return f.value() > i * 64; } + Q_DECL_CONSTEXPR inline bool operator>(int i, const QFixed &f) { return i * 64 > f.value(); } + ++inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r) ++{ ++ int val; ++ bool result = add_overflow(v1.value(), v2.value(), &val); ++ r->setValue(val); ++ return result; ++} ++ + #ifndef QT_NO_DEBUG_STREAM + inline QDebug &operator<<(QDebug &dbg, const QFixed &f) + { return dbg << f.toReal(); } +--- a/src/gui/text/qtextlayout.cpp ++++ b/src/gui/text/qtextlayout.cpp +@@ -2150,11 +2150,14 @@ found: + eng->maxWidth = qMax(eng->maxWidth, line.textWidth); + } else { + eng->minWidth = qMax(eng->minWidth, lbh.minw); +- eng->maxWidth += line.textWidth; ++ if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth)) ++ eng->maxWidth = QFIXED_MAX; + } + +- if (line.textWidth > 0 && item < eng->layoutData->items.size()) +- eng->maxWidth += lbh.spaceData.textWidth; ++ if (line.textWidth > 0 && item < eng->layoutData->items.size()) { ++ if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, &eng->maxWidth)) ++ eng->maxWidth = QFIXED_MAX; ++ } + + line.textWidth += trailingSpace; + if (lbh.spaceData.length) { --- a/debian/patches/image_deletion_order.diff +++ b/debian/patches/image_deletion_order.diff @@ -2,8 +2,10 @@ Description: fix deletion order in QImageReader/Writer destructors The device would be deleted before the image format handler, and hence be a dangling pointer that could easily cause a crash if the handler or codec would access it on destruction, e.g. for cleanup. -Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f091026be1deb4b4 -Last-Update: 2023-01-12 +Origin: upstream, commits + https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f091026be1deb4b4 + https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5633cb69f68ca3d3 +Last-Update: 2023-02-26 --- a/src/gui/image/qimagereader.cpp +++ b/src/gui/image/qimagereader.cpp @@ -18,6 +20,21 @@ Last-Update: 2023-01-12 } /*! +@@ -774,12 +774,12 @@ bool QImageReader::decideFormatFromConte + */ + void QImageReader::setDevice(QIODevice *device) + { ++ delete d->handler; ++ d->handler = nullptr; + if (d->device && d->deleteDevice) + delete d->device; + d->device = device; + d->deleteDevice = false; +- delete d->handler; +- d->handler = nullptr; + d->text.clear(); + } + --- a/src/gui/image/qimagewriter.cpp +++ b/src/gui/image/qimagewriter.cpp @@ -349,9 +349,9 @@ QImageWriter::QImageWriter(const QString @@ -31,3 +48,19 @@ Last-Update: 2023-01-12 delete d; } +@@ -396,13 +396,13 @@ QByteArray QImageWriter::format() const + */ + void QImageWriter::setDevice(QIODevice *device) + { ++ delete d->handler; ++ d->handler = nullptr; + if (d->device && d->deleteDevice) + delete d->device; + + d->device = device; + d->deleteDevice = false; +- delete d->handler; +- d->handler = nullptr; + } + + /*! --- a/debian/patches/series +++ b/debian/patches/series @@ -13,6 +13,8 @@ recreate_xcb_window.diff fix_alt_backtick.diff image_deletion_order.diff qxcbwindow_set_geometry.diff +CVE-2023-24607.diff +CVE-2023-32763.diff # Debian specific. gnukfreebsd.diff --- a/debian/rules +++ b/debian/rules @@ -70,7 +70,7 @@ endif override_dh_auto_configure: ifneq (,$(filter cross,$(DEB_BUILD_PROFILES))) - test "`dpkg-query -f '$${Version}' -W qt5-qmake-bin`" = "$(DEB_VERSION)" + test "`dpkg-query -f '$${source:Upstream-Version}' -W qt5-qmake-bin`" = "$(DEB_VERSION_UPSTREAM)" endif MAKEFLAGS="-j$(NUMJOBS) ${CXXFLAGS:%=EXTRA_CXXFLAGS+=%} ${LDFLAGS:%=EXTRA_LFLAGS+=%}" \ ./configure \Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: Dmitry Shachnev <mitya57@debian.org>, 1036745-done@bugs.debian.org
- Subject: Re: Bug#1036745: unblock: qtbase-opensource-src-gles/5.15.8+dfsg-3
- From: Graham Inggs <ginggs@debian.org>
- Date: Sun, 28 May 2023 09:37:30 +0200
- Message-id: <CAM8zJQtvdzvmV7DC0D+sYB=B=Wj6HaVsz_i76XcMsx1m-fkSiA@mail.gmail.com>
- In-reply-to: <[🔎] ZG8ixLzogBtp0HCA@mitya57.me>
- References: <[🔎] ZG8ixLzogBtp0HCA@mitya57.me>
On Thu, 25 May 2023 at 11:00, Dmitry Shachnev <mitya57@debian.org> wrote: > unblock qtbase-opensource-src-gles/5.15.8+dfsg-3 Unblocked, thanks.
--- End Message ---