Skip to content
Snippets Groups Projects
Commit 15158282 authored by Lisandro Damián Nicanor Pérez Meyer's avatar Lisandro Damián Nicanor Pérez Meyer
Browse files

Import Debian changes 5.11.3+dfsg1-1+deb10u3

qtbase-opensource-src (5.11.3+dfsg1-1+deb10u3) buster-security; urgency=high

  [ Dmitry Shachnev ]
  * Backport fixes for two vulnerabilities:
    - CVE-2020-0569: Do not load plugin from the CWD.
    - CVE-2020-0570: Qt tries to load invalid library from CWD.

qtbase-opensource-src (5.11.3+dfsg1-1+deb10u2) buster; urgency=medium

  [ Dmitry Shachnev ]
  * Backport upstream patch to add support for non-PPD printers and avoid
    silent fallback to a printer supporting PPD (closes: #911702, #911844).
  * Backport upstream patch to fix crash in QStyleSheetStyle::repolish()
    when using QLabels with rich text (closes: #935909).

  [ Melvin Vermeeren ]
  * Backport upstream patch to fix graphics tablet hover events (closes:
    #935627).
parent 62f8dcd4
Branches debian/buster-security
Tags debian/5.11.3+dfsg1-1+deb10u3
5 merge requests!7Merge changes from apertis/v2020-security into apertis/v2020,!6Merge changes from apertis/v2019-security into apertis/v2019,!5Wip/ritesh/debian security update 2019,!4Wip/ritesh/debian security update 2020,!3Merge Buster Security Update dsa 4617
qtbase-opensource-src (5.11.3+dfsg1-1+deb10u3) buster-security; urgency=high
[ Dmitry Shachnev ]
* Backport fixes for two vulnerabilities:
- CVE-2020-0569: Do not load plugin from the CWD.
- CVE-2020-0570: Qt tries to load invalid library from CWD.
-- Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org> Thu, 30 Jan 2020 10:42:01 -0300
qtbase-opensource-src (5.11.3+dfsg1-1+deb10u2) buster; urgency=medium
[ Dmitry Shachnev ]
* Backport upstream patch to add support for non-PPD printers and avoid
silent fallback to a printer supporting PPD (closes: #911702, #911844).
* Backport upstream patch to fix crash in QStyleSheetStyle::repolish()
when using QLabels with rich text (closes: #935909).
[ Melvin Vermeeren ]
* Backport upstream patch to fix graphics tablet hover events (closes:
#935627).
-- Dmitry Shachnev <mitya57@debian.org> Sun, 24 Nov 2019 20:34:59 +0300
qtbase-opensource-src (5.11.3+dfsg1-1+deb10u1) buster-security; urgency=high qtbase-opensource-src (5.11.3+dfsg1-1+deb10u1) buster-security; urgency=high
* Fix crash when text contains too many directional chars (CVE-2019-18281). * Fix crash when text contains too many directional chars (CVE-2019-18281).
......
Description: do not load plugin from the $PWD
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b340
Last-Update: 2020-01-30
--- a/src/corelib/plugin/qpluginloader.cpp
+++ b/src/corelib/plugin/qpluginloader.cpp
@@ -305,7 +305,6 @@ static QString locatePlugin(const QStrin
paths.append(fileName.left(slash)); // don't include the '/'
} else {
paths = QCoreApplication::libraryPaths();
- paths.prepend(QStringLiteral(".")); // search in current dir first
}
for (const QString &path : qAsConst(paths)) {
Description: QLibrary/Unix: do not attempt to load a library relative to $PWD
I added the code in commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d to
find libraries in a haswell/ subdir of the main path, but we only need
to do that transformation if the library is contains at least one
directory separator. That is, if the user asks to load "lib/foo", then we
should try "lib/haswell/foo" (often, the path prefix will be absolute).
.
When the library name the user requested has no directory separators, we
let dlopen() do the transformation for us. Testing on Linux confirms
glibc does so:
.
$ LD_DEBUG=libs /lib64/ld-linux-x86-64.so.2 --inhibit-cache ./qml -help |& grep Xcursor
1972475: find library=libXcursor.so.1 [0]; searching
1972475: trying file=/usr/lib64/haswell/avx512_1/libXcursor.so.1
1972475: trying file=/usr/lib64/haswell/libXcursor.so.1
1972475: trying file=/usr/lib64/libXcursor.so.1
1972475: calling init: /usr/lib64/libXcursor.so.1
1972475: calling fini: /usr/lib64/libXcursor.so.1 [0]
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e6f1fde24f77f63f
Last-Update: 2020-01-30
--- a/src/corelib/plugin/qlibrary_unix.cpp
+++ b/src/corelib/plugin/qlibrary_unix.cpp
@@ -208,6 +208,8 @@ bool QLibraryPrivate::load_sys()
for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) {
if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix)))
continue;
+ if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/')))
+ continue;
if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix)))
continue;
if (loadHints & QLibrary::LoadArchiveMemberHint) {
Description: ensure that QTabletEvent is not pre-accepted before sending
In QWidget-world it's normal for input events to have the accepted
flag false by default, so that it's obvious after visiting a widget
subclass that does not override a particular handler function that it
did not handle that event type at all. For tablet events in
particular, the contract (to which we've been paying more attention to
ensure that QTBUG-47007 remains properly fixed) is that if a
QTabletEvent is not accepted, a mouse event will follow.
Tablet-unaware applications need to get the same mouse events from a
Wacom stylus as they would receive from an actual mouse.
.
In this case the issue was missing hover events (mouse movements
in which no mouse button is pressed). Without those, the enterEvent
and exitEvent virtuals are also not invoked properly.
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=b4b706d454b785ae
Bug: https://bugs.debian.org/935627
Last-Update: 2019-08-24
--- a/src/widgets/kernel/qapplication.cpp
+++ b/src/widgets/kernel/qapplication.cpp
@@ -3374,6 +3374,7 @@ bool QApplication::notify(QObject *recei
tablet->tangentialPressure(), tablet->rotation(), tablet->z(),
tablet->modifiers(), tablet->uniqueId(), tablet->button(), tablet->buttons());
te.spont = e->spontaneous();
+ te.setAccepted(false);
res = d->notify_helper(w, w == receiver ? tablet : &te);
eventAccepted = ((w == receiver) ? tablet : &te)->isAccepted();
e->spont = false;
--- a/src/widgets/kernel/qwidgetwindow.cpp
+++ b/src/widgets/kernel/qwidgetwindow.cpp
@@ -1021,6 +1021,7 @@ void QWidgetWindow::handleTabletEvent(QT
event->pressure(), event->xTilt(), event->yTilt(), event->tangentialPressure(),
event->rotation(), event->z(), event->modifiers(), event->uniqueId(), event->button(), event->buttons());
ev.setTimestamp(event->timestamp());
+ ev.setAccepted(false);
QGuiApplication::forwardEvent(widget, &ev, event);
event->setAccepted(ev.isAccepted());
}
Description: cups: support raw printers
They don't have a ppd but we don't *really* need a ppd to just print.
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=84cc8d0badb4abc3
Last-Update: 2019-06-16
--- a/src/plugins/printsupport/cups/qcupsprintengine.cpp
+++ b/src/plugins/printsupport/cups/qcupsprintengine.cpp
@@ -104,7 +104,11 @@ void QCupsPrintEngine::setProperty(Print
break;
case PPK_QPageLayout: {
QPageLayout pageLayout = value.value<QPageLayout>();
- if (pageLayout.isValid() && (d->m_printDevice.isValidPageLayout(pageLayout, d->resolution) || d->m_printDevice.supportsCustomPageSizes())) {
+ if (pageLayout.isValid() && (d->m_printDevice.isValidPageLayout(pageLayout, d->resolution)
+ || d->m_printDevice.supportsCustomPageSizes()
+ || d->m_printDevice.supportedPageSizes().isEmpty())) {
+ // supportedPageSizes().isEmpty() because QPageSetupWidget::initPageSizes says
+ // "If no available printer page sizes, populate with all page sizes"
d->m_pageLayout = pageLayout;
d->setPageSize(pageLayout.pageSize());
}
--- a/src/plugins/printsupport/cups/qppdprintdevice.cpp
+++ b/src/plugins/printsupport/cups/qppdprintdevice.cpp
@@ -71,7 +71,7 @@ QPpdPrintDevice::QPpdPrintDevice(const Q
m_cupsInstance = parts.at(1).toUtf8();
loadPrinter();
- if (m_cupsDest && m_ppd) {
+ if (m_cupsDest) {
m_name = printerOption("printer-info");
m_location = printerOption("printer-location");
m_makeAndModel = printerOption("printer-make-and-model");
@@ -87,10 +87,6 @@ QPpdPrintDevice::QPpdPrintDevice(const Q
// Cups ppd_file_t variable_sizes custom_min custom_max
// PPD MaxMediaWidth MaxMediaHeight
m_supportsCustomPageSizes = type & CUPS_PRINTER_VARIABLE;
- m_minimumPhysicalPageSize = QSize(m_ppd->custom_min[0], m_ppd->custom_min[1]);
- m_maximumPhysicalPageSize = QSize(m_ppd->custom_max[0], m_ppd->custom_max[1]);
- m_customMargins = QMarginsF(m_ppd->custom_margins[0], m_ppd->custom_margins[3],
- m_ppd->custom_margins[2], m_ppd->custom_margins[1]);
}
}
}
@@ -107,7 +103,7 @@ QPpdPrintDevice::~QPpdPrintDevice()
bool QPpdPrintDevice::isValid() const
{
- return m_cupsDest && m_ppd;
+ return m_cupsDest;
}
bool QPpdPrintDevice::isDefault() const
@@ -152,8 +148,8 @@ void QPpdPrintDevice::loadPageSizes() co
}
}
}
- m_havePageSizes = true;
}
+ m_havePageSizes = true;
}
QPageSize QPpdPrintDevice::defaultPageSize() const
@@ -505,10 +501,11 @@ void QPpdPrintDevice::loadPrinter()
ppdMarkDefaults(m_ppd);
cupsMarkOptions(m_ppd, m_cupsDest->num_options, m_cupsDest->options);
ppdLocalize(m_ppd);
- } else {
- cupsFreeDests(1, m_cupsDest);
- m_cupsDest = 0;
- m_ppd = 0;
+
+ m_minimumPhysicalPageSize = QSize(m_ppd->custom_min[0], m_ppd->custom_min[1]);
+ m_maximumPhysicalPageSize = QSize(m_ppd->custom_max[0], m_ppd->custom_max[1]);
+ m_customMargins = QMarginsF(m_ppd->custom_margins[0], m_ppd->custom_margins[3],
+ m_ppd->custom_margins[2], m_ppd->custom_margins[1]);
}
}
}
--- a/src/printsupport/dialogs/qpagesetupdialog_unix.cpp
+++ b/src/printsupport/dialogs/qpagesetupdialog_unix.cpp
@@ -415,6 +415,12 @@ void QPageSetupWidget::setPrinter(QPrint
initPageSizes();
updateWidget();
updateSavedValues();
+
+ if (m_ui.pageSizeCombo->currentIndex() == -1) {
+ // This can happen in raw printers that since they don't have a default
+ // page size none will get selected so just default to the first size (A4)
+ m_ui.pageSizeCombo->setCurrentIndex(0);
+ }
}
// Update the widget with the current settings
Description: QStyleSheetStyle::repolish: only run on direct children
When re-parenting, some widgets change their children. For example
QLabel, when set to rich text, will not update, until receiving a polish
call, at which time getting a list of all children recursively and then
trying to call functions on them will crash, since the children change
in the middle of this operation.
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=21dcb96ddca357a6
Last-Update: 2019-09-06
--- a/src/widgets/styles/qstylesheetstyle.cpp
+++ b/src/widgets/styles/qstylesheetstyle.cpp
@@ -2878,7 +2878,10 @@ void QStyleSheetStyle::polish(QPalette &
void QStyleSheetStyle::repolish(QWidget *w)
{
- QList<const QObject *> children = w->findChildren<const QObject *>(QString());
+ QList<const QObject *> children;
+ children.reserve(w->children().size() + 1);
+ for (auto child: qAsConst(w->children()))
+ children.append(child);
children.append(w);
styleSheetCaches->styleSheetCache.remove(w);
updateObjects(children);
...@@ -5,6 +5,11 @@ remove_need_for_glXGetProcAddressARB.patch ...@@ -5,6 +5,11 @@ remove_need_for_glXGetProcAddressARB.patch
mysql_free_results_when_qsqlquery_finished_is_called.patch mysql_free_results_when_qsqlquery_finished_is_called.patch
qprintdialog_duplex.diff qprintdialog_duplex.diff
cve-2019-18281.diff cve-2019-18281.diff
raw_printers.diff
ensure-qtabletevent-is-not-pre-accepted.patch
repolish_run_on_direct_children.diff
CVE-2020-0569.diff
CVE-2020-0570.diff
# Debian specific. # Debian specific.
gnukfreebsd.diff gnukfreebsd.diff
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment