Accepting request 1283610 from KDE:Qt:5.15

- Add patch (CVE-2025-5455, boo#1243958) * CVE-2025-5455.patch OBS-URL: https://build.opensuse.org/request/show/1283610 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libqt5-qtbase?expand=0&rev=159
Add CVE-2025-5455 fix
2025-06-10 06:59:26 +00:00 · 2025-06-06 10:58:32 +00:00
3 changed files with 33 additions and 0 deletions
--- a/CVE-2025-5455.patch
+++ b/CVE-2025-5455.patch
@@ -0,0 +1,26 @@
+An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code.
+
+This has been assigned the CVE id CVE-2025-5455.
+
+https://www.qt.io/blog/security-advisory-recently-discovered-issue-in-qdecodedataurl-in-qtcore-impacts-qt
+--
+diff --git a/src/corelib/io/qdataurl.cpp b/src/corelib/io/qdataurl.cpp
+index f14d399301f..83e59e3ac00 100644
+--- a/src/corelib/io/qdataurl.cpp
+++ b/src/corelib/io/qdataurl.cpp
+@@ -76,10 +76,11 @@ Q_CORE_EXPORT bool qDecodeDataUrl(const QUrl &uri, QString &mimeType, QByteArray
+         }
+ 
+         if (data.toLower().startsWith("charset")) {
+-            int i = 7;      // strlen("charset")
+-            while (data.at(i) == ' ')
+-                ++i;
+-            if (data.at(i) == '=')
+            int prefixSize = 7; // strlen("charset")
+            QLatin1String copy(data.constData() + prefixSize, data.size() - prefixSize);
+            while (copy.startsWith(QLatin1String(" ")))
+                copy = copy.mid(1);
+            if (copy.startsWith(QLatin1String("=")))
+                 data.prepend("text/plain;");
+         }
+ 
--- a/libqt5-qtbase.changes
+++ b/libqt5-qtbase.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Jun  6 10:57:45 UTC 2025 - Christophe Marin <christophe@krop.fr>
+
+- Add patch (CVE-2025-5455, boo#1243958)
+  * CVE-2025-5455.patch
+
 -------------------------------------------------------------------
 Wed May 28 08:27:35 UTC 2025 - Fabian Vogt <fabian@ritter-vogt.de>

--- a/libqt5-qtbase.spec
+++ b/libqt5-qtbase.spec
@@ -63,6 +63,7 @@ Patch12:        0001-Add-remote-print-queue-support.patch
 Patch21:        0001-Don-t-white-list-recent-Mesa-versions-for-multithrea.patch
 Patch24:        fix-fixqt4headers.patch
 # patches 1000-2000 and above from upstream 5.15 branch #
+Patch1000:      CVE-2025-5455.patch
 # patches 2000-3000 and above from upstream qt6/dev branch #
 # Not accepted yet, https://codereview.qt-project.org/c/qt/qtbase/+/255384
 Patch2001:      0002-Synthesize-Enter-LeaveEvent-for-accepted-QTabletEven.patch