Sync from SUSE:ALP:Source:Standard:1.0 qt6-base revision 97e8943b12fabd1e67609b25309bf17a

0001-QMimeDatabase-handle-buggy-type-definitions.patch

@@ -1,162 +0,0 @@
-From 54656da9ace06caf4a0eeb1832989c0ab211a4a0 Mon Sep 17 00:00:00 2001
-From: Alex Henrie <alexhenrie24@gmail.com>
-Date: Wed, 15 Nov 2023 09:36:06 -0700
-Subject: QMimeDatabase: handle buggy type definitions with circular
- inheritance
-
-This fixes an infinite loop reported by a user who had both the
-definition of text/javascript from shared-mime-info 2.3 and the
-definition of text/javascript from shared-mime-info 2.4 installed at the
-same time. In 2.3, text/javascript is a subtype of
-application/ecmascript, but in 2.4 application/ecmascript is a subtype
-of text/javascript. Having both at the same time resulted in circular
-inheritance.
-
-https://gitlab.freedesktop.org/xdg/shared-mime-info/-/merge_requests/258#note_2167707
-
-[ChangeLog][QtCore][QMimeDatabase] Added code to detect and break
-circular inheritance loops in the MIME data, which were causing infinite
-loops
-
-Pick-to: 6.6 6.5
-Change-Id: Ic207b1593a49c7bb88e4fd810d8f88aa630087ce
-Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
-Reviewed-by: David Faure <david.faure@kdab.com>
----
- src/corelib/mimetypes/qmimedatabase.cpp                     |  9 +++++++--
- src/corelib/mimetypes/qmimetype.cpp                         |  7 +++++--
- .../mimetypes/qmimedatabase/circular-inheritance.xml        | 13 +++++++++++++
- .../qmimedatabase/qmimedatabase-cache/CMakeLists.txt        |  1 +
- .../qmimedatabase/qmimedatabase-xml/CMakeLists.txt          |  1 +
- .../corelib/mimetypes/qmimedatabase/tst_qmimedatabase.cpp   |  8 ++++++++
- 6 files changed, 35 insertions(+), 4 deletions(-)
- create mode 100644 tests/auto/corelib/mimetypes/qmimedatabase/circular-inheritance.xml
-
-diff --git a/src/corelib/mimetypes/qmimedatabase.cpp b/src/corelib/mimetypes/qmimedatabase.cpp
-index f06a434d55..eaeb079c97 100644
---- a/src/corelib/mimetypes/qmimedatabase.cpp
-+++ b/src/corelib/mimetypes/qmimedatabase.cpp
-@@ -10,6 +10,7 @@
- #include "qmimeprovider_p.h"
- #include "qmimetype_p.h"
- 
-+#include <private/qduplicatetracker_p.h>
- #include <private/qfilesystementry_p.h>
- 
- #include <QtCore/QMap>
-@@ -503,6 +504,7 @@ QList<QMimeType> QMimeDatabasePrivate::allMimeTypes()
- bool QMimeDatabasePrivate::inherits(const QString &mime, const QString &parent)
- {
-     const QString resolvedParent = resolveAlias(parent);
-+    QDuplicateTracker<QString> seen;
-     std::stack<QString, QStringList> toCheck;
-     toCheck.push(mime);
-     while (!toCheck.empty()) {
-@@ -511,8 +513,11 @@ bool QMimeDatabasePrivate::inherits(const QString &mime, const QString &parent)
-         const QString mimeName = toCheck.top();
-         toCheck.pop();
-         const auto parentList = parents(mimeName);
--        for (const QString &par : parentList)
--            toCheck.push(resolveAlias(par));
-+        for (const QString &par : parentList) {
-+            const QString resolvedPar = resolveAlias(par);
-+            if (!seen.hasSeen(resolvedPar))
-+                toCheck.push(resolvedPar);
-+        }
-     }
-     return false;
- }
-diff --git a/src/corelib/mimetypes/qmimetype.cpp b/src/corelib/mimetypes/qmimetype.cpp
-index bed9e94364..ad3c484f30 100644
---- a/src/corelib/mimetypes/qmimetype.cpp
-+++ b/src/corelib/mimetypes/qmimetype.cpp
-@@ -325,14 +325,17 @@ QStringList QMimeType::parentMimeTypes() const
- static void collectParentMimeTypes(const QString &mime, QStringList &allParents)
- {
-     const QStringList parents = QMimeDatabasePrivate::instance()->mimeParents(mime);
-+    QStringList newParents;
-     for (const QString &parent : parents) {
-         // I would use QSet, but since order matters I better not
--        if (!allParents.contains(parent))
-+        if (!allParents.contains(parent)) {
-             allParents.append(parent);
-+            newParents.append(parent);
-+        }
-     }
-     // We want a breadth-first search, so that the least-specific parent (octet-stream) is last
-     // This means iterating twice, unfortunately.
--    for (const QString &parent : parents)
-+    for (const QString &parent : newParents)
-         collectParentMimeTypes(parent, allParents);
- }
- 
-diff --git a/tests/auto/corelib/mimetypes/qmimedatabase/circular-inheritance.xml b/tests/auto/corelib/mimetypes/qmimedatabase/circular-inheritance.xml
-new file mode 100644
-index 0000000000..466f039803
---- /dev/null
-+++ b/tests/auto/corelib/mimetypes/qmimedatabase/circular-inheritance.xml
-@@ -0,0 +1,13 @@
-+<?xml version="1.0" encoding="UTF-8"?>
-+<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
-+  <mime-type type="application/ecmascript">
-+    <comment>It's more accurate to say that ECMAScript is a subset of JavaScript</comment>
-+    <sub-class-of type="text/javascript"/>
-+    <glob pattern="*.js"/>
-+  </mime-type>
-+  <mime-type type="text/javascript">
-+    <comment>than to say that JavaScript is a subset of ECMAScript</comment>
-+    <sub-class-of type="application/ecmascript"/>
-+    <glob pattern="*.js"/>
-+  </mime-type>
-+</mime-info>
-diff --git a/tests/auto/corelib/mimetypes/qmimedatabase/qmimedatabase-cache/CMakeLists.txt b/tests/auto/corelib/mimetypes/qmimedatabase/qmimedatabase-cache/CMakeLists.txt
-index 9a70666b07..a267640a50 100644
---- a/tests/auto/corelib/mimetypes/qmimedatabase/qmimedatabase-cache/CMakeLists.txt
-+++ b/tests/auto/corelib/mimetypes/qmimedatabase/qmimedatabase-cache/CMakeLists.txt
-@@ -31,5 +31,6 @@ qt_internal_add_test(tst_qmimedatabase-cache
- #)
- set(testdata_resource_files
-+    "../circular-inheritance.xml"
-     "../invalid-magic1.xml"
-     "../invalid-magic2.xml"
-     "../invalid-magic3.xml"
-diff --git a/tests/auto/corelib/mimetypes/qmimedatabase/qmimedatabase-xml/CMakeLists.txt b/tests/auto/corelib/mimetypes/qmimedatabase/qmimedatabase-xml/CMakeLists.txt
-index 205d3c362b..729ac3933a 100644
---- a/tests/auto/corelib/mimetypes/qmimedatabase/qmimedatabase-xml/CMakeLists.txt
-+++ b/tests/auto/corelib/mimetypes/qmimedatabase/qmimedatabase-xml/CMakeLists.txt
-@@ -31,5 +31,6 @@ qt_internal_add_test(tst_qmimedatabase-xml
- #)
- set(testdata_resource_files
-+    "../circular-inheritance.xml"
-     "../invalid-magic1.xml"
-     "../invalid-magic2.xml"
-     "../invalid-magic3.xml"
-diff --git a/tests/auto/corelib/mimetypes/qmimedatabase/tst_qmimedatabase.cpp b/tests/auto/corelib/mimetypes/qmimedatabase/tst_qmimedatabase.cpp
-index 9bc3037c99..d7db4bb9bf 100644
---- a/tests/auto/corelib/mimetypes/qmimedatabase/tst_qmimedatabase.cpp
-+++ b/tests/auto/corelib/mimetypes/qmimedatabase/tst_qmimedatabase.cpp
-@@ -38,6 +38,7 @@
-                                                    "invalid-magic2.xml",
-                                                    "invalid-magic3.xml",
-                                                    "magic-and-hierarchy.xml",
-+                                                   "circular-inheritance.xml",
-                                                    0 };
- 
- static const auto s_resourcePrefix = ":/qt-project.org/qmime/"_L1;
-@@ -388,6 +389,13 @@ void tst_QMimeDatabase::inheritance()
-     const QMimeType mswordTemplate = db.mimeTypeForName(QString::fromLatin1("application/msword-template"));
-     QVERIFY(mswordTemplate.isValid());
-     QVERIFY(mswordTemplate.inherits(QLatin1String("application/msword")));
-+
-+    // Check that buggy type definitions that have circular inheritance don't cause an infinite
-+    // loop, especially when resolving a conflict between the file's name and its contents
-+    const QMimeType ecmascript = db.mimeTypeForName(QString::fromLatin1("application/ecmascript"));
-+    QVERIFY(ecmascript.allAncestors().contains("text/plain"));
-+    const QMimeType javascript = db.mimeTypeForFileNameAndData("xml.js", "<?xml?>");
-+    QVERIFY(javascript.inherits(QString::fromLatin1("text/javascript")));
- }
- 
- void tst_QMimeDatabase::aliases()
--- 
-cgit v1.2.3
-

0001-Use-newer-GCC-on-Leap.patch

@@ -1,7 +1,7 @@
-From fcd37b9845e4b4a362e7f2bb570955fad623bac8 Mon Sep 17 00:00:00 2001
+From 793c4c0d728024139083660a7f382f6d95853efe Mon Sep 17 00:00:00 2001
 From: Christophe Marin <christophe@krop.fr>
 Date: Sun, 6 Jun 2021 10:44:09 +0200
-Subject: [PATCH] Require GCC 12 on Leap
+Subject: [PATCH] Use newer GCC on Leap.patch
 
 The default compiler in Leap doesn't match the Qt requirements.
 Use the latest compiler version available on Leap.
@@ -13,7 +13,7 @@ Change-Id: I0c4ad87af4dd60d12fa09366eb9910edafcc9c4c
  2 files changed, 5 insertions(+), 5 deletions(-)
 
 diff --git a/mkspecs/common/g++-base.conf b/mkspecs/common/g++-base.conf
-index d392879f66..5aac58a546 100644
+index d392879..ddca128 100644
 --- a/mkspecs/common/g++-base.conf
 +++ b/mkspecs/common/g++-base.conf
 @@ -8,14 +8,14 @@
@@ -21,21 +21,21 @@ index d392879f66..5aac58a546 100644
  #
  
 -QMAKE_COMPILER          = gcc
-+QMAKE_COMPILER          = gcc-12
++QMAKE_COMPILER          = gcc-13
  
 -QMAKE_CC                = $${CROSS_COMPILE}gcc
-+QMAKE_CC                = $${CROSS_COMPILE}gcc-12
++QMAKE_CC                = $${CROSS_COMPILE}gcc-13
  
  QMAKE_LINK_C            = $$QMAKE_CC
  QMAKE_LINK_C_SHLIB      = $$QMAKE_CC
  
 -QMAKE_CXX               = $${CROSS_COMPILE}g++
-+QMAKE_CXX               = $${CROSS_COMPILE}g++-12
++QMAKE_CXX               = $${CROSS_COMPILE}g++-13
  
  QMAKE_LINK              = $$QMAKE_CXX
  QMAKE_LINK_SHLIB        = $$QMAKE_CXX
 diff --git a/mkspecs/common/gcc-base.conf b/mkspecs/common/gcc-base.conf
-index ae58326289..7bc6a54ccb 100644
+index ae58326..33cc860 100644
 --- a/mkspecs/common/gcc-base.conf
 +++ b/mkspecs/common/gcc-base.conf
 @@ -124,8 +124,8 @@ QMAKE_CFLAGS_MIPS_DSPR2 += -mdspr2
@@ -44,11 +44,11 @@ index ae58326289..7bc6a54ccb 100644
  # Wrapper tools that understand .o/.a files with GIMPLE instead of machine code
 -QMAKE_AR_LTCG           = gcc-ar cqs
 -QMAKE_NM_LTCG           = gcc-nm -P
-+QMAKE_AR_LTCG           = gcc-ar-12 cqs
-+QMAKE_NM_LTCG           = gcc-nm-12 -P
++QMAKE_AR_LTCG           = gcc-ar-13 cqs
++QMAKE_NM_LTCG           = gcc-nm-13 -P
  QMAKE_RANLIB_LTCG       = true          # No need to run since gcc-ar has "s"
  
  QMAKE_LINK_OBJECT_SCRIPT = object_script
 -- 
-2.41.0
+2.43.0
 

qt6-base.changes

@@ -1,7 +1,62 @@
+-------------------------------------------------------------------
+Tue Mar 26 14:25:22 UTC 2024 - Christophe Marin <christophe@krop.fr>
+
+- Update to 6.6.3:
+  * https://www.qt.io/blog/qt-6.6.3-released
+  * Includes fix for issue where the wasm component may access
+    QNetworkReply header data via a dangling pointer
+    (CVE-2024-30161, bsc#1221926, QTBUG-122893)
+- Make libQt6PrintSupport6 require qt6-printsupport-cups
+  (boo#1221576)
+
+-------------------------------------------------------------------
+Thu Mar 21 14:56:42 UTC 2024 - Christophe Marin <christophe@krop.fr>
+
+- Replace the postgresql-server build dependency with the client library
+
+-------------------------------------------------------------------
+Wed Feb 14 16:53:08 UTC 2024 - Christophe Marin <christophe@krop.fr>
+
+- Update to 6.6.2
+  * https://www.qt.io/blog/qt-6.6.2-released
+  * Fix for potential buffer overflow when reading KTX
+    images (boo#1219996, CVE-2024-25580)
+- Drop patches, merged upstream:
+  * 0001-QMimeDatabase-handle-buggy-type-definitions.patch
+  * 0001-QMimeDatabase-collect-glob-patterns-from.patch
+  * 0001-HPack-fix-a-Yoda-Condition.patch
+  * 0002-HPack-fix-incorrect-integer-overflow-check.patch
+  * 0001-Http2-fix-potential-overflow-in-assemble_hpack_block.patch
+
+-------------------------------------------------------------------
+Wed Jan 31 14:51:31 UTC 2024 - Christophe Marin <christophe@krop.fr>
+
+- Switch to the latest GCC version available in Leap
+- Replace 0001-Require-GCC-12.patch with 0001-Use-newer-GCC-on-Leap.patch
+
+-------------------------------------------------------------------
+Wed Jan  3 08:52:06 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+
+- Add upstream patches to fix an incorrect integer overflow check
+  (boo#1218413, CVE-2023-51714):
+  * 0001-HPack-fix-a-Yoda-Condition.patch
+  * 0002-HPack-fix-incorrect-integer-overflow-check.patch
+- Add upstream patch to fix a potential overflow in
+  assemble_hpack_block():
+  * 0001-Http2-fix-potential-overflow-in-assemble_hpack_block.patch
+
+-------------------------------------------------------------------
+Sat Dec 30 14:51:31 UTC 2023 - Luca Beltrame <lbeltrame@kde.org>
+
+- Add upstream patch for a bug in QMimeDatabase which makes
+  impossible to save JPEG files in Qt6 applications:
+  * 0001-QMimeDatabase-collect-glob-patterns-from.patch
+  * https://code.qt.io/cgit/qt/qtbase.git/commit/?id=4e9944e6c8a456353d243ab268cb0f01ff006faa
+
 -------------------------------------------------------------------
 Mon Dec  4 19:11:49 UTC 2023 - Kacper Koniuszy <kacper.koniuszy@tuta.io>
 
-- Add upstream patch for a bug in QMimeDatabase that causes some 
+- Add upstream patch for a bug in QMimeDatabase that causes some
   applications to hang:
   * 0001-QMimeDatabase-handle-buggy-type-definitions.patch
   * https://code.qt.io/cgit/qt/qtbase.git/commit/?id=54656da9ace06caf4a0eeb1832989c0ab211a4a0
@@ -131,6 +186,7 @@ Mon Apr  3 10:01:48 UTC 2023 - Christophe Marin <christophe@krop.fr>
 
 - Update to 6.5.0
   * https://www.qt.io/blog/qt-6.5-lts-released
+  * Includes fix for boo#1215178, QTBUG-109474, QTCREATORBUG-28593
 - Drop patch, merged upstream:
   * 0001-Avoid-resetting-CMAKE_AUTOMOC_MACRO_NAMES.patch
 
@@ -147,7 +203,7 @@ Thu Mar 16 09:59:57 UTC 2023 - Christophe Marin <christophe@krop.fr>
 -------------------------------------------------------------------
 Wed Feb  8 17:48:36 UTC 2023 - Christophe Marin <christophe@krop.fr>
 
-- Fix a possible DOS in the Qt ODBC driver plugin (CVE-2023-24607, 
+- Fix a possible DOS in the Qt ODBC driver plugin (CVE-2023-24607,
   bsc#1209616):
   * CVE-2023-24607-qtbase-6.4.diff
 

qt6-base.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package qt6-base
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,7 +16,7 @@
 #
 
 
-%define real_version 6.6.1
+%define real_version 6.6.3
 %define short_version 6.6
 %define tar_name qtbase-everywhere-src
 %define tar_suffix %{nil}
@@ -30,7 +30,7 @@
 %global with_gles 1
 %endif
 Name:           qt6-base%{?pkg_suffix}
-Version:        6.6.1
+Version:        6.6.3
 Release:        0
 Summary:        Qt 6 core components (Core, Gui, Widgets, Network...)
 # Legal: qtpaths is BSD-3-Clause
@@ -39,13 +39,12 @@ URL:            https://www.qt.io
 Source:         https://download.qt.io/official_releases/qt/%{short_version}/%{real_version}%{tar_suffix}/submodules/%{tar_name}-%{real_version}%{tar_suffix}.tar.xz
 Source99:       qt6-base-rpmlintrc
 # Patches 0-100 are upstream patches #
-Patch0:         0001-QMimeDatabase-handle-buggy-type-definitions.patch
 # Patches 100-200 are openSUSE and/or non-upstream(able) patches #
 Patch100:       0001-Tell-the-truth-about-private-API.patch
 # No need to pollute the library dir with object files, install them in the qt6 subfolder
 Patch101:       0001-CMake-Install-objects-files-into-ARCHDATADIR.patch
 %if 0%{?suse_version} == 1500
-Patch102:       0001-Require-GCC-12.patch
+Patch102:       0001-Use-newer-GCC-on-Leap.patch
 %endif
 Patch103:       0001-Don-t-strip-binaries-when-building-with-qmake.patch
 ##
@@ -53,8 +52,8 @@ BuildRequires:  cmake >= 3.18.3
 BuildRequires:  cups-devel
 # The default GCC version in Leap 15 is too old
 %if 0%{?suse_version} == 1500
-BuildRequires:  gcc12-PIE
-BuildRequires:  gcc12-c++
+BuildRequires:  gcc13-PIE
+BuildRequires:  gcc13-c++
 %else
 BuildRequires:  gcc-c++
 %endif
@@ -66,7 +65,6 @@ BuildRequires:  libproxy-devel
 BuildRequires:  pcre2-devel
 BuildRequires:  perl
 BuildRequires:  pkgconfig
-BuildRequires:  postgresql-server-devel
 BuildRequires:  qt6-macros
 BuildRequires:  xmlstarlet
 BuildRequires:  cmake(double-conversion)
@@ -87,6 +85,7 @@ BuildRequires:  pkgconfig(libbrotlienc)
 BuildRequires:  pkgconfig(libdrm)
 BuildRequires:  pkgconfig(libinput)
 BuildRequires:  pkgconfig(libpng)
+BuildRequires:  pkgconfig(libpq)
 BuildRequires:  pkgconfig(libsystemd)
 BuildRequires:  pkgconfig(libturbojpeg)
 BuildRequires:  pkgconfig(libudev)
@@ -235,8 +234,8 @@ Requires:       libQt6Core6 = %{version}
 Requires:       qt6-base-common-devel = %{version}
 %if 0%{?suse_version} == 1500
 # Some public classes require C++ 17 features
-Requires:       gcc12-PIE
-Requires:       gcc12-c++
+Requires:       gcc13-PIE
+Requires:       gcc13-c++
 %endif
 
 %description -n qt6-core-devel
@@ -430,7 +429,7 @@ Development files for the Qt 6 OpenGLWidgets library.
 %package -n libQt6PrintSupport6
 Summary:        Qt 6 PrintSupport library
 Requires:       libQt6Widgets6 = %{version}
-Recommends:     qt6-printsupport-cups = %{version}
+Requires:       qt6-printsupport-cups = %{version}
 
 %description -n libQt6PrintSupport6
 An abstraction over the platform-specific printing systems. Using
@@ -580,6 +579,7 @@ BuildArch:      noarch
 %description -n qt6-docs-common
 This package contains common files used for building Qt documentation.
 
+
 ### Static libraries ###
 
 %package -n qt6-exampleicons-devel-static
@@ -638,6 +638,7 @@ Requires:       qt6-platformsupport-devel-static = %{version}
 This package provides private headers of libQt6PlatformSupport that do not have
 any ABI or API guarantees.
 
+
 ### Plugins ###
 
 %package -n qt6-networkinformation-glib