| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| xcb_screens_uaf.patch | Avoid use-after-free in QXcbConnection::initializeScreens() | no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=86b8c5c3f32c2457 | 2020-11-23 | ||
| qnam_connect_memory_leak.diff | QNAM: work around QObject finicky orphan cleanup details | no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=0807f16eb407eaf8 | 2021-01-26 | ||
| gcc_11_limits.diff | include <limits> to fix some GCC 11 build issues https://code.qt.io/cgit/qt/qtbase.git/commit/?id=813a928c7c3cf986 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=9c56d4da2ff631a8 |
no | upstream, commits: | 2021-01-26 | ||
| qiodevice_readline_memory.diff | fix allocated memory of QByteArray returned by QIODevice::readLine | no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=6485b6d45ad165cf | 2021-02-20 | ||
| mime_globs.diff | adjust QMimeDatabase implementation When multiple globs match, and the result from magic sniffing is unrelated to any of those globs, globs have priority and one of them should be picked up. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=0cbbba2aa5b47224 | 2021-06-12 | ||
| fix-invalid-pointer-return-with-QGridLayout.diff | [PATCH] Fix invalid pointer return with QGridLayout::itemAt(-1) QGridLayout::takeAt() and QLayoutItem *itemAt() only check the upper bound. If the index < 0, these function will return invalid pointer. |
Zhang Yu <zhangyub@uniontech.com> | no | 2021-02-22 | ||
| CVE-2024-25580.diff | diff --git a/src/gui/util/qktxhandler.cpp b/src/gui/util/qktxhandler.cpp index 0d98e97453..6a79e55109 100644 |
no | ||||
| CVE-2023-32763.diff | fix buffer overflow in Qt SVG Adds qAddOverflow and qMulOverflow definitions to QFixed. =================================================================== |
no | upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff | 2023-05-22 | ||
| CVE-2022-25255.diff | QProcess: ensure we don't accidentally execute something from CWD Unless "." (or the empty string) is in $PATH, we're not supposed to find executables in the current directory. This is how the Unix shells behave and we match their behavior. It's also the behavior Qt had prior to 5.9 (commit 28666d167aa8e602c0bea25ebc4d51b55005db13). On Windows, searching the current directory is the norm, so we keep that behavior. . This commit does not add an explicit check for an empty return from QStandardPaths::findExecutable(). Instead, we allow that empty string to go all the way to execve(2), which will fail with ENOENT. We could catch it early, before fork(2), but why add code for the error case? . See https://kde.org/info/security/advisory-20220131-1.txt =================================================================== |
no | upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2022-25255-qprocess5-15.diff | 2022-02-21 | ||
| CVE-2023-24607.diff | Fix denial-of-service in Qt SQL ODBC driver plugin =================================================================== |
no | upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff | 2023-02-26 | ||
| sql_odbc_fix_unicode_check.diff | QSQL/ODBC: fix regression (trailing NUL) When we fixed the callers of toSQLTCHAR() to use the result's size() instead of the input's (which differ, if sizeof(SQLTCHAR) != 2), we exposed callers to the append(0), which changes the size() of the result QVLA. Callers that don't rely on NUL-termination (all?) now saw an additional training NUL. . Fix by not NUL-terminating, and changing the only user of SQL_NTS to use an explicit length. =================================================================== |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=9020034b3b6a3a81 | 2023-06-30 | ||
| sql_odbc_more_unicode_checks.diff | SQL/ODBC: add another check to detect unicode availability in driver Since ODBC does not have a direct way finding out if unicode is supported by the underlying driver the ODBC plugin does some checks. As a last resort a sql statement is executed which returns a string. But even this may fail because the select statement has no FROM part which is rejected by at least Oracle does not allow. Therefore add another query which is correct for Oracle & DB2 as a workaround. The question why the first three statements to check for unicode availability fail is still open but can't be checked since I've no access to an oracle database. =================================================================== |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f19320748d282b1e | 2023-06-30 | ||
| CVE-2023-32762.diff | commit 1b736a815be0222f4b24289cf17575fc15707305 Hsts: match header names case insensitively Header field names are always considered to be case-insensitive. Pick-to: 6.5 6.5.1 6.2 5.15 Fixes: QTBUG-113392 Change-Id: Ifb4def4bb7f2ac070416cdc76581a769f1e52b43 Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> =================================================================== |
Mårten Nordheim <marten.nordheim@qt.io> | no | 2023-05-05 | ||
| CVE-2023-51714.diff | [PATCH] HPack: fix incorrect integer overflow check This code never worked: For the comparison with max() - 32 to trigger, on 32-bit platforms (or Qt 5) signed interger overflow would have had to happen in the addition of the two sizes. The compiler can therefore remove the overflow check as dead code. On Qt 6 and 64-bit platforms, the signed integer addition would be very unlikely to overflow, but the following truncation to uint32 would yield the correct result only in a narrow 32-value window just below UINT_MAX, if even that. Fix by using the proper tool, qAddOverflow. Manual conflict resolutions: - qAddOverflow doesn't exist in Qt 5, use private add_overflow predecessor API instead (cherry picked from commit ee5da1f2eaf8932aeca02ffea6e4c618585e29e3) (cherry picked from commit debeb8878da2dc706ead04b6072ecbe7e5313860) (cherry picked from commit 811b9eef6d08d929af8708adbf2a5effb0eb62d7) (cherry picked from commit f931facd077ce945f1e42eaa3bead208822d3e00) (cherry picked from commit 9ef4ca5ecfed771dab890856130e93ef5ceabef5) |
Marc Mutz <marc.mutz@qt.io> | no | 2023-12-12 | ||
| CVE-2023-37369.diff | =================================================================== | no | ||||
| CVE-2023-38197.diff | =================================================================== | no | ||||
| CVE-2023-34410.diff | =================================================================== | no | ||||
| CVE-2023-33285.diff | QDnsLookup/Unix: make sure we don't overflow the buffer The DNS Records are variable length and encode their size in 16 bits before the Record Data (RDATA). Ensure that both the RDATA and the Record header fields before it fall inside the buffer we have. . Additionally reject any replies containing more than one query records. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7dba2c87619d558a | 2023-05-25 | ||
| gnukfreebsd.diff | Initial GNU/kFreeBSD support - add a gnukfreebsd-g++ qmake mkspec, mostly copied from the hurd-g++ one - properly use LD_LIBRARY_PATH on GNU/* systems |
Pino Toscano <toscano.pino@tiscali.it> | no | 2015-06-03 | ||
| no_htmlinfo_example.diff | disable htmlinfo example which contains non-free files | Dmitry Shachnev <mitya57@debian.org> | not-needed | 2014-12-17 | ||
| remove_privacy_breaches.diff | remove non-used privacy-breach code This code makes Lintian unhappy. But we are really not using it, it only gets inserted when building the online doc. Anyways the best way to calm down Lintian is to simply remove it. |
Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org> | not-needed | 2015-02-18 | ||
| link_fbclient.diff | build ibase sql plugin against firebird | Dmitry Shachnev <mitya57@debian.org> | no | 2017-06-30 | ||
| gnukfreebsd_linker_warnings.diff | catch linker warnings in some config tests Without this, qmake wrongly thinks that the tests succeed, for example: . ./config.tests/unix/futimens/futimens.cpp:44: warning: futimens is not implemented and will always fail test config.corelib.tests.futimens succeeded |
Dmitry Shachnev <mitya57@debian.org> | yes | upstream | 2019-03-02 | |
| armv4.diff | support ARMv4 architecture, needed for armel builds | Dmitry Shachnev <mitya57@debian.org> | no | 2016-07-01 | ||
| nonlinux_utime.diff | guard UTIME_NOW/UTIME_OMIT usages | Pino Toscano <pino@debian.org> | no | 2018-02-22 | ||
| qdoc_default_incdirs.diff | pass default include directories to qdoc | Martin Smith <martin.smith@qt.io> | no | upstream | 2020-01-28 | |
| path_max.diff | Avoid unconditional PATH_MAX usage Use a "safe" size in case PATH_MAX is not defined; in the end, this should not be used, as a allocating realpath() will be used instead. |
Pino Toscano <toscano.pino@tiscali.it> | no | 2020-04-19 | ||
| qstorageinfo_linux.diff | Limit Linux-only code with Q_OS_LINUX The QStorageInfo/QStorageIterator implementation used for Linux is used also on Hurd, as it uses an interface provided by GNU libc. QStorageIterator::device() tries to use PATH_MAX (unavailable on the Hurd) to lookup a /dev/block/ path, which exists on Linux only; hence, perform that check within a Q_OS_LINUX block. |
Pino Toscano <toscano.pino@tiscali.it> | no | 2020-04-19 | ||
| cross_build_mysql.diff | call pkgconfig in order to be able to cross build qtbase with MySql. Qt's build system calls mysql_config... which won't work in a cross build environment like Debian's, as it will throw an exec format error. . In order to solve this call pkgconfig and use mysqlclient.pc. |
Helmut Grohne <helmut@subdivi.de> | not-needed | debian |