Overview Repositories Revisions Requests Users Attributes Meta

Revisions of libqt5-qtbase

Gustavo Yokoyama Ribeiro's avatar Gustavo Yokoyama Ribeiro (gyribeiro) committed (revision 5) 
Mirrored from OBS SR#958079
place missed in the first version (boo#1195386, CVE-2022-23853,
    boo#1196501, CVE-2022-25255):
    (boo#1195386, CVE-2022-23853, boo#1196501, CVE-2022-25255):
Gustavo Yokoyama Ribeiro's avatar Gustavo Yokoyama Ribeiro (gyribeiro) committed (revision 4) 
- Update patch after it was merged to dev upstream and fix another
  place missed in the first version (boo#1195386, CVE-2022-23853):
  * 0001-QProcess-Unix-ensure-we-don-t-accidentally-execute-s.patch
Stefan Weiberg's avatar Stefan Weiberg (suntorytimed) committed (revision 3) 
Related to jsc#SLE-18248.

- Add patch to avoid unintentionally using binaries from CWD
  (boo#1195386, CVE-2022-23853):
  * 0001-QProcess-Unix-ensure-we-don-t-accidentally-execute-s.patch
Gustavo Yokoyama Ribeiro's avatar Gustavo Yokoyama Ribeiro (gyribeiro) committed (revision 2) 
Update package libqt5-qtbase from 5.12.7 to 5.15.2+kde294 (jsc#SLE-18248)

Some notes on this SR:
The following patches are not parsed correctly by factory-auto:
0001-Sanitize-QXcbScreen-s-pixelDensity-values.patch
0001-Fix-qfloat16-methods-definition-without-declaration-.patch
They're referenced correctly as being dropped in the changelog
entry from "Mon Sep 30 13:29:55 UTC 2019"

Also there are some bug references that seem to be removed
from the changelog in this SR but they're fine:

* CVE-2020-0569 is a wrong link (as can be seen at
https://nvd.nist.gov/vuln/detail/CVE-2020-0569 which is not
related to Qt at all) should be CVE-2020-0570, which is referenced
correctly.

* bsc#1179165 and kde#425188 are both actually the same bug
(QTBUG-88288) which doesn't affect the submitted Qt version
(quoting https://bugreports.qt.io/browse/QTBUG-88288: This bug does
not apply to Qt 5.14, because there QDesktopWidget is not used
anymore, and setDpiFromWidget() handles this case robustly)

- Update to version 5.15.2+kde294:
  * QTzTimeZonePrivate::init(): fix handling of empty ID
  * Restore support for reading /etc/timezone for system zone name
  * QPathEdge: Fix array initialization
  * QTzTimeZonePrivate: fix UB (data race on m_icu)
  * Don't access QObject::objectName during QThread start
  * Restore C++11 compatibility after e8b9f4c28d3ab5e960dc54f2dc0c4b749b0b50e0
  * QVarLengthArray: fix size update on failed append()
  * Call statx() with AT_NO_AUTOMOUNT
  * QThread: Remove superfluous initialization of threadId on Unix
  * QThread: Reset the system thread ID when thread exits on Unix
  * Add missing macOS header file that was indirectly included before
  * QXcb: don't dereference pointer before checking
  * xcb: avoid to use invalid pointers
  * QVarLengthArray: fix insert() type/alias mismatch between decl and impl
  * Use qint64 to replace int while qt_transform_image_rasterize
  * QVarLengthArray: assert that the range passed to erase() is valid
  * Fix pattern type matching
  * QThread: fix UB (invalid enum value) on Private::Priority
  * Use block char format to render list item bullets and numbers
  * QDateTime: Don't require c++17
  * QVariantAnimation: fix UB (FP 0/0) in interpolated() arg calculation
  * QDateTime: fix UB (signed overflow) in addDays()
  * QString: fix UB (pointer arithmetic on nullptr) in qLastIndexOf
  * tst_QIODevice: fix UB (precondition violation) in SequentialReadBuffer::readData()
  * QVarLengthArray: fix UB (precondition violation) in range-erase()
  * Fix segmentation fault in QObject::dumpObjectInfo

- Update to version 5.15.2+kde268:
  * Adapt for q_EVP_PKEY_base_id → q_EVP_PKEY_get_base_id rename in OpenSSL 3
Gustavo Yokoyama Ribeiro's avatar Gustavo Yokoyama Ribeiro (gyribeiro) committed (revision 1) 
initialize package
Displaying all 5 revisions
openSUSE Build Service is sponsored by
Places