| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| mime_globs.diff | adjust QMimeDatabase implementation When multiple globs match, and the result from magic sniffing is unrelated to any of those globs, globs have priority and one of them should be picked up. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=0cbbba2aa5b47224 | 2021-06-12 | ||
| fusion_checkable_qpushbutton.diff | QPushButton/fusion style: don't ignore QIcon::On icon The fusion style did ignore the QIcon::On icon because it reset State_On to avoid the visual shift of a pressed button. But it's not needed to reset this flag - the shift does not happen because the fusion style does return 0 as offset for PM_ButtonShiftHorizontal/PM_ButtonShiftVertical so no shifting will happen. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e9ccdf4d84157173 | 2021-08-10 | ||
| fix_recursion_crash.diff | fix recursion crash when calling setStyleSheet with qproperty-styleSheet When calling setStyleSheet with property qproperty-styleSheet, QStyleSheetStyle::polish will call QStyleSheetStyle::setProperties, and then QStyleSheetStyle::setProperties goes on to call setProperty. Because there is property qproperty-styleSheet, it will update stylesheet by calling QStyleSheetStyle::polish. This causes the recursive call to crash. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e9cdcc7cb314586a | 2021-11-13 | ||
| mysql_field_readonly.diff | treat the MYSQL_FIELD as read-only The MariaDB-connector-c version 3.2 and MariaDB server version 10.6 cooperate to avoid re-transferring the query metadata, so the fact that we were modifying it was causing it to improperly decode the DATETIME data types into string, as we had asked. We ended up with a 7-byte string that was actually the date binary-encoded. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=549ee216fd5bf2b3 | 2021-11-13 | ||
| openssl3.diff | upstream fixes to support OpenSSL 3.0 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=3186ca3e3972cf46 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=408656c6f9de326c https://code.qt.io/cgit/qt/qtbase.git/commit/?id=ae6590e360fbb04d and a small part of https://code.qt.io/cgit/qt/qtbase.git/commit/?id=4c0f81490ba0c4ec |
no | upstream, commits | 2021-12-09 | ||
| CVE-2022-25255.diff | QProcess: ensure we don't accidentally execute something from CWD Unless "." (or the empty string) is in $PATH, we're not supposed to find executables in the current directory. This is how the Unix shells behave and we match their behavior. It's also the behavior Qt had prior to 5.9 (commit 28666d167aa8e602c0bea25ebc4d51b55005db13). On Windows, searching the current directory is the norm, so we keep that behavior. . This commit does not add an explicit check for an empty return from QStandardPaths::findExecutable(). Instead, we allow that empty string to go all the way to execve(2), which will fail with ENOENT. We could catch it early, before fork(2), but why add code for the error case? . See https://kde.org/info/security/advisory-20220131-1.txt |
no | upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2022-25255-qprocess5-15.diff | 2022-02-21 | ||
| openssl_set_options.diff | update function argument of SSL_CTX_set_options openssl3 uses uint64_t for the options argument in SSL_CTX_set_options, older ones used long. sizeof(long) is not the same on any platform as sizeof(uint64_t) Backported for 5.15 by the patch author, Michael Saxl. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e995bfc0ea783c15 | 2022-08-07 | ||
| qmenu_set_transient_parent.diff | widgets: setTransientParent() when a QMenu is a window On some platforms, such as X11 and Wayland with some compositors, QMenu could be a popup window, which should be set a transient parent to get relative position, which is requested by Wayland. . Added transientParentWindow() for QMenuPrivate like QDialogPrivate. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=493a85a9e4688744 | 2022-10-16 | ||
| gnome_wayland.diff | use wayland platform plugin on GNOME wayland sessions by default Qt wayland platform plugin has improved quite a lot and it is now pretty much usable on Gnome. It also improves user experience a lot on HiDPI displays. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=dda7dab8274991e4 | 2022-10-16 | ||
| revert_wm_state.diff | revert "xcb: implement missing bits from ICCCM 4.1.4 WM_STATE handling" This reverts commit e946e6895a8517a887ac246905e0769edd766fcc. . It clears the duplicate show() and hide() too aggressive in handleDeferredTasks() and can cause visible states out of sync between qt and system(x11) when user switches visible on and off very frequently. . This change also reverts 28138aa80a14279a72af2818f5bbbaa670283964. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=d27a6235246764be | 2023-01-04 | ||
| recreate_xcb_window.diff | xcb: recreate xcb window under some conditions Some netWmState needs to be set during unmap/hide(), which is too difficult to follow, and causes m_mapped status out of sync very easily sometimes, which we had tried in e946e6895a8517a887ac246905e0769edd766fcc . . Destroy the xcb window and recreate new could make the thing much easier. This practice is also used in other platforms, such as cocoa plugin. . In Qt 4, the platform window was destroyed and re-created in this situation on all platforms, which was not ported into Qt5. . See also the code between setWinId(0) and createWinId() in QWidgetPrivate::setParent_sys() in qwidget_x11.cpp/qwidget_win.cpp/ qwidget_mac.mm. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f9e4402ffeef791e | 2022-11-24 | ||
| fix_alt_backtick.diff | fix Alt+` shortcut on non-US layouts Make it possible for non-letter-keys with Latin 1 symbols (`, !, @ etc.) to participate in shortcuts also, when the keys generate national symbols on non-Latin layout. . For example, in Russian layout, "`" key generates cyrillic "ё" letter of national alphabet, so shortcuts with the key should still work regardless of the actual layout. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit?id=62e697fd568f6acd | 2022-12-03 | ||
| image_deletion_order.diff | fix deletion order in QImageReader/Writer destructors The device would be deleted before the image format handler, and hence be a dangling pointer that could easily cause a crash if the handler or codec would access it on destruction, e.g. for cleanup. https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f091026be1deb4b4 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5633cb69f68ca3d3 |
no | upstream, commits | 2023-02-26 | ||
| qxcbwindow_set_geometry.diff | set geometry property in QXcbWindow after checking minimum size QXcbWindow::create() bound the window's size to windowMinimumSize(), after its size had been inherited from parent(). QPlatformWindow::setGeometry() was called before that sanity check. . When a fullscreen window is re-mapped from a deactivated screen to the remaining screen, the call to QPlatformWindow::setGeometry() assigns an invalid QRect to QPlatformWindowPrivate::rect The negative int values x2 and/or y2 cause QXcbBackingStoreImage::flushPixmap to address unmapped memory and crash. . This patch moves the call to QPlatformWindow::setGeometry() from before to after bounding to a minimum value. That assures a valid rectangle to be assigned in all cases. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=6a3627b6c5aa5109 | 2023-01-04 | ||
| CVE-2023-24607.diff | Fix denial-of-service in Qt SQL ODBC driver plugin | no | upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff | 2023-02-26 | ||
| qshapedpixmapwindow_no_tooltip.diff | do not set Qt::ToolTip flag for QShapedPixmapWindow This hint is not really needed in the first place and only causes problems in some environments. . For example in KDE, the compositor animates changes in position and size for all ToolTip windows. However, this is not wanted here because we use this window as a thumbnail for a drag-and-drop operation. Before this patch the dragged element would lag significantly behind the cursor. Now it works as expected, i.e. the dragged element follows the cursor immediately. |
yes | upstream | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=180b496b537089b8 | 2023-05-20 | |
| CVE-2023-32763.diff | fix buffer overflow in Qt SVG Adds qAddOverflow and qMulOverflow definitions to QFixed. | no | upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff | 2023-05-22 | ||
| CVE-2023-32762.diff | hsts: match header names case insensitively Header field names are always considered to be case-insensitive. | no | upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32762-qtbase-5.15.diff | 2023-05-22 | ||
| CVE-2023-33285.diff | QDnsLookup/Unix: make sure we don't overflow the buffer The DNS Records are variable length and encode their size in 16 bits before the Record Data (RDATA). Ensure that both the RDATA and the Record header fields before it fall inside the buffer we have. . Additionally reject any replies containing more than one query records. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7dba2c87619d558a | 2023-05-25 | ||
| sql_odbc_more_unicode_checks.diff | SQL/ODBC: add another check to detect unicode availability in driver Since ODBC does not have a direct way finding out if unicode is supported by the underlying driver the ODBC plugin does some checks. As a last resort a sql statement is executed which returns a string. But even this may fail because the select statement has no FROM part which is rejected by at least Oracle does not allow. Therefore add another query which is correct for Oracle & DB2 as a workaround. The question why the first three statements to check for unicode availability fail is still open but can't be checked since I've no access to an oracle database. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f19320748d282b1e | 2023-06-30 | ||
| sql_odbc_fix_unicode_check.diff | QSQL/ODBC: fix regression (trailing NUL) When we fixed the callers of toSQLTCHAR() to use the result's size() instead of the input's (which differ, if sizeof(SQLTCHAR) != 2), we exposed callers to the append(0), which changes the size() of the result QVLA. Callers that don't rely on NUL-termination (all?) now saw an additional training NUL. . Fix by not NUL-terminating, and changing the only user of SQL_NTS to use an explicit length. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=9020034b3b6a3a81 | 2023-06-30 | ||
| CVE-2023-34410.diff | Ssl: Copy the on-demand cert loading bool from default config Otherwise individual sockets will still load system certificates when a chain doesn't match against the configured CA certificates. That's not intended behavior, since specifically setting the CA certificates means you don't want the system certificates to be used. . This is potentially a breaking change because now, if you ever add a CA to the default config, it will disable loading system certificates on demand for all sockets. And the only way to re-enable it is to create a null-QSslConfiguration and set it as the new default. |
no | upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=57ba6260c0801055 | 2023-06-08 | ||
| CVE-2023-37369.diff | QXmlStreamReader: make fastScanName() indicate parsing status to callers This fixes a crash while parsing an XML file with garbage data, the file starts with '<' then garbage data: - The loop in the parse() keeps iterating until it hits "case 262:", which calls fastScanName() - fastScanName() iterates over the text buffer scanning for the attribute name (e.g. "xml:lang"), until it finds ':' - Consider a Value val, fastScanName() is called on it, it would set val.prefix to a number > val.len, then it would hit the 4096 condition and return (returned 0, now it returns the equivalent of std::null_opt), which means that val.len doesn't get modified, making it smaller than val.prefix - The code would try constructing an XmlStringRef with negative length, which would hit an assert in one of QStringView's constructors . Add an assert to the XmlStringRef constructor. . Add unittest based on the file from the bug report. . Credit to OSS-Fuzz. https://code.qt.io/cgit/qt/qtbase.git/commit/?id=1a423ce4372d18a7 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=6326bec46a618c72 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bdc8dc51380d2ce4 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=3bc3b8d69a291aa5 . Based on KDE's backport: https://invent.kde.org/qt/qt/qtbase/-/merge_requests/263 |
no | upstream, commits | 2023-07-15 | ||
| CVE-2023-38197.diff | QXmlStreamReader: Raise error on unexpected tokens QXmlStreamReader accepted multiple DOCTYPE elements, containing DTD fragments in the XML prolog, and in the XML body. Well-formed but invalid XML files - with multiple DTD fragments in prolog and body, combined with recursive entity expansions - have caused infinite loops in QXmlStreamReader. . This patch implements a token check in QXmlStreamReader. A stream is allowed to start with an XML prolog. StartDocument and DOCTYPE elements are only allowed in this prolog, which may also contain ProcessingInstruction and Comment elements. As soon as anything else is seen, the prolog ends. After that, the prolog-specific elements are treated as unexpected. Furthermore, the prolog can contain at most one DOCTYPE element. . Update the documentation to reflect the new behavior. Add an autotest that checks the new error cases are correctly detected, and no error is raised for legitimate input. . The original OSS-Fuzz files (see bug reports) are not included in this patch for file size reasons. They have been tested manually. Each of them has more than one DOCTYPE element, causing infinite loops in recursive entity expansions. The newly implemented functionality detects those invalid DTD fragments. By raising an error, it aborts stream reading before an infinite loop occurs. . Thanks to OSS-Fuzz for finding this. |
no | upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-38197-qtbase-5.15.diff | 2023-07-15 | ||
| CVE-2023-51714.diff | [PATCH] HPack: fix incorrect integer overflow check This code never worked: For the comparison with max() - 32 to trigger, on 32-bit platforms (or Qt 5) signed interger overflow would have had to happen in the addition of the two sizes. The compiler can therefore remove the overflow check as dead code. On Qt 6 and 64-bit platforms, the signed integer addition would be very unlikely to overflow, but the following truncation to uint32 would yield the correct result only in a narrow 32-value window just below UINT_MAX, if even that. Fix by using the proper tool, qAddOverflow. Manual conflict resolutions: - qAddOverflow doesn't exist in Qt 5, use private add_overflow predecessor API instead (cherry picked from commit ee5da1f2eaf8932aeca02ffea6e4c618585e29e3) (cherry picked from commit debeb8878da2dc706ead04b6072ecbe7e5313860) (cherry picked from commit 811b9eef6d08d929af8708adbf2a5effb0eb62d7) (cherry picked from commit f931facd077ce945f1e42eaa3bead208822d3e00) (cherry picked from commit 9ef4ca5ecfed771dab890856130e93ef5ceabef5) |
Marc Mutz <marc.mutz@qt.io> | no | 2023-12-12 | ||
| CVE-2024-25580.diff | diff --git a/src/gui/util/qktxhandler.cpp b/src/gui/util/qktxhandler.cpp index 0d98e97453..6a79e55109 100644 |
no | ||||
| gnukfreebsd.diff | Initial GNU/kFreeBSD support - add a gnukfreebsd-g++ qmake mkspec, mostly copied from the hurd-g++ one - properly use LD_LIBRARY_PATH on GNU/* systems |
Pino Toscano <toscano.pino@tiscali.it> | no | 2015-06-03 | ||
| no_htmlinfo_example.diff | disable htmlinfo example which contains non-free files | Dmitry Shachnev <mitya57@debian.org> | not-needed | 2014-12-17 | ||
| remove_privacy_breaches.diff | remove non-used privacy-breach code This code makes Lintian unhappy. But we are really not using it, it only gets inserted when building the online doc. Anyways the best way to calm down Lintian is to simply remove it. |
Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org> | not-needed | 2015-02-18 | ||
| link_fbclient.diff | build ibase sql plugin against firebird | Dmitry Shachnev <mitya57@debian.org> | no | 2017-06-30 | ||
| gnukfreebsd_linker_warnings.diff | catch linker warnings in some config tests Without this, qmake wrongly thinks that the tests succeed, for example: . ./config.tests/unix/futimens/futimens.cpp:44: warning: futimens is not implemented and will always fail test config.corelib.tests.futimens succeeded |
Dmitry Shachnev <mitya57@debian.org> | yes | upstream | 2019-03-02 | |
| armv4.diff | support ARMv4 architecture, needed for armel builds | Dmitry Shachnev <mitya57@debian.org> | no | 2016-07-01 | ||
| nonlinux_utime.diff | guard UTIME_NOW/UTIME_OMIT usages | Pino Toscano <pino@debian.org> | no | 2018-02-22 | ||
| qdoc_default_incdirs.diff | pass default include directories to qdoc | Martin Smith <martin.smith@qt.io> | no | upstream | 2020-01-28 | |
| path_max.diff | Avoid unconditional PATH_MAX usage Use a "safe" size in case PATH_MAX is not defined; in the end, this should not be used, as a allocating realpath() will be used instead. |
Pino Toscano <toscano.pino@tiscali.it> | no | 2020-04-19 | ||
| qstorageinfo_linux.diff | Limit Linux-only code with Q_OS_LINUX The QStorageInfo/QStorageIterator implementation used for Linux is used also on Hurd, as it uses an interface provided by GNU libc. QStorageIterator::device() tries to use PATH_MAX (unavailable on the Hurd) to lookup a /dev/block/ path, which exists on Linux only; hence, perform that check within a Q_OS_LINUX block. |
Pino Toscano <toscano.pino@tiscali.it> | no | 2020-04-19 | ||
| cross_build_mysql.diff | call pkgconfig in order to be able to cross build qtbase with MySql. Qt's build system calls mysql_config... which won't work in a cross build environment like Debian's, as it will throw an exec format error. . In order to solve this call pkgconfig and use mysqlclient.pc. |
Helmut Grohne <helmut@subdivi.de> | not-needed | debian | ||
| cast_types_for_egl_x11_test.diff | properly cast types for libglvnd 1.3.4 | Rex Dieter <rdieter@gmail.com> | no | https://src.fedoraproject.org/rpms/qt5-qtbase/blob/rawhide/f/qtbase-everywhere-src-5.15.2-libglvnd.patch | ||
| revert_startBlocking_removal.diff | revert "Remove the dead code for blocking methods from QtConcurrent" It's a binary incompatible change. Also submitted to upstream 5.15 branch according to https://lists.qt-project.org/pipermail/development/2022-September/042951.html. |
no | KDE, https://invent.kde.org/qt/qt/qtbase/-/commit/eeadc036d77b75be | 2022-09-10 | ||
| a11y_root.diff | fix accessibility on XCB when running as root Accessibility actually works when running applications as root, but we would never properly connect, since the enabledChanged signal would be emitted from the constructor in this case. So after connecting the signal, check the value by hand to make sure not to miss the notification. . Only applications running as root would be affected, because all other applications would go through the asynchronous pattern of getting the bus address from dbus instead. |
invalid | upstream | https://codereview.qt-project.org/c/qt/qtbase/+/205196 | 2023-04-12 |