[neon/qt6/qt6-base/Neon/release] debian/patches: sync patches as well
Carlos De Maine
null at kde.org
Fri Oct 20 23:38:44 BST 2023
Git commit 801c55c8a3c0b3a513b331f66055cbd91456deb5 by Carlos De Maine.
Committed on 21/10/2023 at 00:38.
Pushed by carlosdem into branch 'Neon/release'.
sync patches as well
A +32 -0 debian/patches/Add-SH-detection.patch
M +5 -1 debian/patches/armel-noyield.patch
M +3 -7 debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch
A +37 -0 debian/patches/cross.patch
A +342 -0 debian/patches/cve-2023-24607.patch
A +15 -0 debian/patches/cve-2023-32762.diff
A +58 -0 debian/patches/cve-2023-32763.diff
A +70 -0 debian/patches/cve-2023-33285.diff
A +45 -0 debian/patches/cve-2023-34410-57ba626.diff
A +275 -0 debian/patches/cve-2023-34410-ada2c57.diff
A +28 -0 debian/patches/force_shared_libzstd.patch
A +23 -0 debian/patches/forkfd_grow_stack_upwards_on_hppa.patch
A +30 -0 debian/patches/no_htmlinfo_example.patch
A +22 -0 debian/patches/remove_rpath_from_examples.patch
M +23 -1 debian/patches/series
A +83 -0 debian/patches/upstream_Add-HPPA-detection.patch
A +84 -0 debian/patches/upstream_Add-M68k-detection.patch
A +62 -0 debian/patches/upstream_Add-enable-Alpha-detection.patch
https://invent.kde.org/neon/qt6/qt6-base/-/commit/801c55c8a3c0b3a513b331f66055cbd91456deb5
diff --git a/debian/patches/Add-SH-detection.patch b/debian/patches/Add-SH-detection.patch
new file mode 100644
index 0000000..6d50e59
--- /dev/null
+++ b/debian/patches/Add-SH-detection.patch
@@ -0,0 +1,32 @@
+Description: Add SH description
+ Upstream processes archs from time to time and tends to disable those that
+ they do not know wether they are working or not.
+ .
+ SH is working on Debian, so as an intermediate measure re enable it here.
+Author: John Paul Adrian Glaubitz <glaubitz at physik.fu-berlin.de>
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043225
+Reviewed-by: Lisandro Damián Nicanor Pérez Meyer <lisandro at debian.org>
+
+Index: qt6-base-6.4.2+dfsg/src/corelib/global/qprocessordetection.h
+===================================================================
+--- qt6-base-6.4.2+dfsg.orig/src/corelib/global/qprocessordetection.h
++++ qt6-base-6.4.2+dfsg/src/corelib/global/qprocessordetection.h
+@@ -294,12 +294,12 @@
+
+ SuperH is bi-endian, use endianness auto-detection implemented below.
+ */
+-// #elif defined(__sh__)
+-// # define Q_PROCESSOR_SH
+-// # if defined(__sh4a__)
+-// # define Q_PROCESSOR_SH_4A
+-// # endif
+-// Q_BYTE_ORDER not defined, use endianness auto-detection
++#elif defined(__sh__)
++# define Q_PROCESSOR_SH
++# if defined(__sh4a__)
++# define Q_PROCESSOR_SH_4A
++# endif
++# define Q_BYTE_ORDER Q_LITTLE_ENDIAN
+
+ /*
+ SPARC family, optional revision: V9
diff --git a/debian/patches/armel-noyield.patch b/debian/patches/armel-noyield.patch
index 37061fb..74b1ae2 100644
--- a/debian/patches/armel-noyield.patch
+++ b/debian/patches/armel-noyield.patch
@@ -1,8 +1,12 @@
Description: Don't use yield on CPUs that might not support it
+---
+ src/corelib/global/qsimd_p.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
--- a/src/corelib/global/qsimd_p.h
+++ b/src/corelib/global/qsimd_p.h
-@@ -428,7 +428,9 @@ static inline void qYieldCpu()
+@@ -401,7 +401,9 @@ static inline void qYieldCpu()
https://stackoverflow.com/a/70076751/134841
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105416
*/
diff --git a/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch b/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch
index 2ab0f5e..bf93bca 100644
--- a/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch
+++ b/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch
@@ -9,22 +9,18 @@ and causes reproducibility issues when built in different paths.
https://reproducible-builds.org/docs/build-path/
---
- cmake/QtBuildInternalsExtra.cmake.in | 3 ---
+ cmake/QtBuildInternalsExtra.cmake.in | 3 ---
1 file changed, 3 deletions(-)
-diff --git a/cmake/QtBuildInternalsExtra.cmake.in b/cmake/QtBuildInternalsExtra.cmake.in
-index cbd70b1..23b2391 100644
--- a/cmake/QtBuildInternalsExtra.cmake.in
+++ b/cmake/QtBuildInternalsExtra.cmake.in
-@@ -53,9 +53,6 @@ endif()
+@@ -75,9 +75,6 @@ endif()
set(QT_WILL_INSTALL @QT_WILL_INSTALL@ CACHE BOOL
"Boolean indicating if doing a Qt prefix build (vs non-prefix build)." FORCE)
-
+
-set(QT_SOURCE_TREE "@QT_SOURCE_TREE@" CACHE PATH
-"A path to the source tree of the previously configured QtBase project." FORCE)
-
# Propagate decision of building tests and examples to other repositories.
set(QT_BUILD_TESTS @QT_BUILD_TESTS@ CACHE BOOL "Build the testing tree.")
set(QT_BUILD_EXAMPLES @QT_BUILD_EXAMPLES@ CACHE BOOL "Build Qt examples")
---
-2.35.1
diff --git a/debian/patches/cross.patch b/debian/patches/cross.patch
new file mode 100644
index 0000000..e84f821
--- /dev/null
+++ b/debian/patches/cross.patch
@@ -0,0 +1,37 @@
+---
+ cmake/QtBuildInternals/QtBuildInternalsConfig.cmake | 2 --
+ src/tools/configure.cmake | 2 +-
+ 2 files changed, 1 insertion(+), 3 deletions(-)
+
+--- a/cmake/QtBuildInternals/QtBuildInternalsConfig.cmake
++++ b/cmake/QtBuildInternals/QtBuildInternalsConfig.cmake
+@@ -151,8 +151,6 @@ function(qt_build_internals_disable_pkg_
+ set(FEATURE_pkg_config "${pkg_config_enabled}" CACHE STRING "Using pkg-config")
+ if(NOT pkg_config_enabled)
+ qt_build_internals_disable_pkg_config()
+- else()
+- unset(PKG_CONFIG_EXECUTABLE CACHE)
+ endif()
+ endfunction()
+
+--- a/src/tools/configure.cmake
++++ b/src/tools/configure.cmake
+@@ -2,7 +2,7 @@ qt_feature("androiddeployqt" PRIVATE
+ SECTION "Deployment"
+ LABEL "Android deployment tool"
+ PURPOSE "The Android deployment tool automates the process of creating Android packages."
+- CONDITION NOT CMAKE_CROSSCOMPILING AND QT_FEATURE_regularexpression)
++ CONDITION (QT_FORCE_BUILD_TOOLS OR NOT CMAKE_CROSSCOMPILING) AND QT_FEATURE_regularexpression)
+
+ qt_feature("macdeployqt" PRIVATE
+ SECTION "Deployment"
+--- a/examples/sql/CMakeLists.txt
++++ b/examples/sql/CMakeLists.txt
+@@ -12,6 +12,6 @@ if(TARGET Qt::Xml)
+ qt_internal_add_example(masterdetail)
+ endif()
+
+-if(NOT CMAKE_CROSSCOMPILING)
++if(QT_FORCE_BUILD_TOOLS OR NOT CMAKE_CROSSCOMPILING)
+ qt_internal_add_example(sqlbrowser)
+ endif()
diff --git a/debian/patches/cve-2023-24607.patch b/debian/patches/cve-2023-24607.patch
new file mode 100644
index 0000000..bea047c
--- /dev/null
+++ b/debian/patches/cve-2023-24607.patch
@@ -0,0 +1,342 @@
+Description: Fix CVE-2023-24607
+ CVE-2023-24607 can trigger a DOS with a specifically crafted string,
+ see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031871.
+ This patch https://codereview.qt-project.org/c/qt/qtbase/+/456216,
+ https://codereview.qt-project.org/c/qt/qtbase/+/457637 and
+ https://codereview.qt-project.org/c/qt/qtbase/+/457937
+ See: https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
+Forwarded: not-needed
+
+--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
++++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
+@@ -58,23 +58,39 @@ inline static QString fromSQLTCHAR(const QVarLengthArray<SQLTCHAR>& input, qsize
+ return result;
+ }
+
++template <size_t SizeOfChar = sizeof(SQLTCHAR)>
++void toSQLTCHARImpl(QVarLengthArray<SQLTCHAR> &result, const QString &input); // primary template undefined
++
++template <typename Container>
++void do_append(QVarLengthArray<SQLTCHAR> &result, const Container &c)
++{
++ result.append(reinterpret_cast<const SQLTCHAR *>(c.data()), c.size());
++}
++
++template <>
++void toSQLTCHARImpl<1>(QVarLengthArray<SQLTCHAR> &result, const QString &input)
++{
++ const auto u8 = input.toUtf8();
++ do_append(result, u8);
++}
++
++template <>
++void toSQLTCHARImpl<2>(QVarLengthArray<SQLTCHAR> &result, const QString &input)
++{
++ do_append(result, input);
++}
++
++template <>
++void toSQLTCHARImpl<4>(QVarLengthArray<SQLTCHAR> &result, const QString &input)
++{
++ const auto u32 = input.toUcs4();
++ do_append(result, u32);
++}
++
+ inline static QVarLengthArray<SQLTCHAR> toSQLTCHAR(const QString &input)
+ {
+ QVarLengthArray<SQLTCHAR> result;
+- result.resize(input.size());
+- switch(sizeof(SQLTCHAR)) {
+- case 1:
+- memcpy(result.data(), input.toUtf8().data(), input.size());
+- break;
+- case 2:
+- memcpy(result.data(), input.unicode(), input.size() * 2);
+- break;
+- case 4:
+- memcpy(result.data(), input.toUcs4().data(), input.size() * 4);
+- break;
+- default:
+- qCritical("sizeof(SQLTCHAR) is %d. Don't know how to handle this.", int(sizeof(SQLTCHAR)));
+- }
++ toSQLTCHARImpl(result, input);
+ result.append(0); // make sure it's null terminated, doesn't matter if it already is, it does if it isn't.
+ return result;
+ }
+
+--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
++++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
+@@ -1740,10 +1740,11 @@ bool QODBCResult::exec()
+ case QMetaType::QString:
+ if (d->unicode) {
+ if (bindValueType(i) & QSql::Out) {
+- const QByteArray &first = tmpStorage.at(i);
+- QVarLengthArray<SQLTCHAR> array;
+- array.append((const SQLTCHAR *)first.constData(), first.size());
+- values[i] = fromSQLTCHAR(array, first.size()/sizeof(SQLTCHAR));
++ const QByteArray &bytes = tmpStorage.at(i);
++ const auto strSize = bytes.size() / sizeof(SQLTCHAR);
++ QVarLengthArray<SQLTCHAR> string(strSize);
++ memcpy(string.data(), bytes.data(), strSize * sizeof(SQLTCHAR));
++ values[i] = fromSQLTCHAR(string);
+ }
+ break;
+ }
+
+
+--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
++++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
+@@ -745,6 +745,14 @@ QChar QODBCDriverPrivate::quoteChar()
+ return quote;
+ }
+
++static SQLRETURN qt_string_SQLSetConnectAttr(SQLHDBC handle, SQLINTEGER attr, const QString &val)
++{
++ auto encoded = toSQLTCHAR(val);
++ return SQLSetConnectAttr(handle, attr,
++ encoded.data(),
++ SQLINTEGER(encoded.size() * sizeof(SQLTCHAR))); // size in bytes
++}
++
+
+ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
+ {
+@@ -780,10 +788,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
+ v = val.toUInt();
+ r = SQLSetConnectAttr(hDbc, SQL_ATTR_LOGIN_TIMEOUT, (SQLPOINTER) size_t(v), 0);
+ } else if (opt.toUpper() == "SQL_ATTR_CURRENT_CATALOG"_L1) {
+- val.utf16(); // 0 terminate
+- r = SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG,
+- toSQLTCHAR(val).data(),
+- SQLINTEGER(val.length() * sizeof(SQLTCHAR)));
++ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG, val);
+ } else if (opt.toUpper() == "SQL_ATTR_METADATA_ID"_L1) {
+ if (val.toUpper() == "SQL_TRUE"_L1) {
+ v = SQL_TRUE;
+@@ -798,10 +803,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
+ v = val.toUInt();
+ r = SQLSetConnectAttr(hDbc, SQL_ATTR_PACKET_SIZE, (SQLPOINTER) size_t(v), 0);
+ } else if (opt.toUpper() == "SQL_ATTR_TRACEFILE"_L1) {
+- val.utf16(); // 0 terminate
+- r = SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE,
+- toSQLTCHAR(val).data(),
+- SQLINTEGER(val.length() * sizeof(SQLTCHAR)));
++ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, val);
+ } else if (opt.toUpper() == "SQL_ATTR_TRACE"_L1) {
+ if (val.toUpper() == "SQL_OPT_TRACE_OFF"_L1) {
+ v = SQL_OPT_TRACE_OFF;
+@@ -1004,9 +1006,12 @@ bool QODBCResult::reset (const QString& query)
+ return false;
+ }
+
+- r = SQLExecDirect(d->hStmt,
+- toSQLTCHAR(query).data(),
+- (SQLINTEGER) query.length());
++ {
++ auto encoded = toSQLTCHAR(query);
++ r = SQLExecDirect(d->hStmt,
++ encoded.data(),
++ SQLINTEGER(encoded.size()));
++ }
+ if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO && r!= SQL_NO_DATA) {
+ setLastError(qMakeError(QCoreApplication::translate("QODBCResult",
+ "Unable to execute statement"), QSqlError::StatementError, d));
+@@ -1355,9 +1360,12 @@ bool QODBCResult::prepare(const QString& query)
+ return false;
+ }
+
+- r = SQLPrepare(d->hStmt,
+- toSQLTCHAR(query).data(),
+- (SQLINTEGER) query.length());
++ {
++ auto encoded = toSQLTCHAR(query);
++ r = SQLPrepare(d->hStmt,
++ encoded.data(),
++ SQLINTEGER(encoded.size()));
++ }
+
+ if (r != SQL_SUCCESS) {
+ setLastError(qMakeError(QCoreApplication::translate("QODBCResult",
+@@ -1385,7 +1393,7 @@ bool QODBCResult::exec()
+ SQLCloseCursor(d->hStmt);
+
+ QVariantList &values = boundValues();
+- QByteArrayList tmpStorage(values.count(), QByteArray()); // holds temporary buffers
++ QByteArrayList tmpStorage(values.count(), QByteArray()); // targets for SQLBindParameter()
+ QVarLengthArray<SQLLEN, 32> indicators(values.count());
+ memset(indicators.data(), 0, indicators.size() * sizeof(SQLLEN));
+
+@@ -1600,36 +1608,36 @@ bool QODBCResult::exec()
+ case QMetaType::QString:
+ if (d->unicode) {
+ QByteArray &ba = tmpStorage[i];
+- QString str = val.toString();
++ {
++ const auto encoded = toSQLTCHAR(val.toString());
++ ba = QByteArray(reinterpret_cast<const char *>(encoded.data()),
++ encoded.size() * sizeof(SQLTCHAR));
++ }
++
+ if (*ind != SQL_NULL_DATA)
+- *ind = str.length() * sizeof(SQLTCHAR);
+- const qsizetype strSize = str.length() * sizeof(SQLTCHAR);
++ *ind = ba.size();
+
+ if (bindValueType(i) & QSql::Out) {
+- const QVarLengthArray<SQLTCHAR> a(toSQLTCHAR(str));
+- ba = QByteArray((const char *)a.constData(), int(a.size() * sizeof(SQLTCHAR)));
+ r = SQLBindParameter(d->hStmt,
+ i + 1,
+ qParamType[bindValueType(i) & QSql::InOut],
+ SQL_C_TCHAR,
+- strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR,
++ ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR,
+ 0, // god knows... don't change this!
+ 0,
+- ba.data(),
++ const_cast<char *>(ba.constData()), // don't detach
+ ba.size(),
+ ind);
+ break;
+ }
+- ba = QByteArray(reinterpret_cast<const char *>(toSQLTCHAR(str).constData()),
+- int(strSize));
+ r = SQLBindParameter(d->hStmt,
+ i + 1,
+ qParamType[bindValueType(i) & QSql::InOut],
+ SQL_C_TCHAR,
+- strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR,
+- strSize,
++ ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR,
++ ba.size(),
+ 0,
+- const_cast<char *>(ba.constData()),
++ const_cast<char *>(ba.constData()), // don't detach
+ ba.size(),
+ ind);
+ break;
+@@ -1991,14 +1999,16 @@ bool QODBCDriver::open(const QString & db,
+ SQLSMALLINT cb;
+ QVarLengthArray<SQLTCHAR> connOut(1024);
+ memset(connOut.data(), 0, connOut.size() * sizeof(SQLTCHAR));
+- r = SQLDriverConnect(d->hDbc,
+- NULL,
+- toSQLTCHAR(connQStr).data(),
+- (SQLSMALLINT)connQStr.length(),
+- connOut.data(),
+- 1024,
+- &cb,
+- /*SQL_DRIVER_NOPROMPT*/0);
++ {
++ auto encoded = toSQLTCHAR(connQStr);
++ r = SQLDriverConnect(d->hDbc,
++ nullptr,
++ encoded.data(), SQLSMALLINT(encoded.size()),
++ connOut.data(),
++ 1024,
++ &cb,
++ /*SQL_DRIVER_NOPROMPT*/0);
++ }
+
+ if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO) {
+ setLastError(qMakeError(tr("Unable to connect"), QSqlError::ConnectionError, d));
+@@ -2377,17 +2387,15 @@ QStringList QODBCDriver::tables(QSql::TableType type) const
+ if (tableType.isEmpty())
+ return tl;
+
+- QString joinedTableTypeString = tableType.join(u',');
++ {
++ auto joinedTableTypeString = toSQLTCHAR(tableType.join(u','));
+
+- r = SQLTables(hStmt,
+- NULL,
+- 0,
+- NULL,
+- 0,
+- NULL,
+- 0,
+- toSQLTCHAR(joinedTableTypeString).data(),
+- joinedTableTypeString.length() /* characters, not bytes */);
++ r = SQLTables(hStmt,
++ nullptr, 0,
++ nullptr, 0,
++ nullptr, 0,
++ joinedTableTypeString.data(), joinedTableTypeString.size());
++ }
+
+ if (r != SQL_SUCCESS)
+ qSqlWarning("QODBCDriver::tables Unable to execute table list"_L1, d);
+@@ -2460,28 +2468,30 @@ QSqlIndex QODBCDriver::primaryIndex(const QString& tablename) const
+ SQL_ATTR_CURSOR_TYPE,
+ (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY,
+ SQL_IS_UINTEGER);
+- r = SQLPrimaryKeys(hStmt,
+- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(),
+- catalog.length(),
+- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(),
+- schema.length(),
+- toSQLTCHAR(table).data(),
+- table.length() /* in characters, not in bytes */);
++ {
++ auto c = toSQLTCHAR(catalog);
++ auto s = toSQLTCHAR(schema);
++ auto t = toSQLTCHAR(table);
++ r = SQLPrimaryKeys(hStmt,
++ catalog.isEmpty() ? nullptr : c.data(), c.size(),
++ schema.isEmpty() ? nullptr : s.data(), s.size(),
++ t.data(), t.size());
++ }
+
+ // if the SQLPrimaryKeys() call does not succeed (e.g the driver
+ // does not support it) - try an alternative method to get hold of
+ // the primary index (e.g MS Access and FoxPro)
+ if (r != SQL_SUCCESS) {
+- r = SQLSpecialColumns(hStmt,
+- SQL_BEST_ROWID,
+- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(),
+- catalog.length(),
+- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(),
+- schema.length(),
+- toSQLTCHAR(table).data(),
+- table.length(),
+- SQL_SCOPE_CURROW,
+- SQL_NULLABLE);
++ auto c = toSQLTCHAR(catalog);
++ auto s = toSQLTCHAR(schema);
++ auto t = toSQLTCHAR(table);
++ r = SQLSpecialColumns(hStmt,
++ SQL_BEST_ROWID,
++ catalog.isEmpty() ? nullptr : c.data(), c.size(),
++ schema.isEmpty() ? nullptr : s.data(), s.size(),
++ t.data(), t.size(),
++ SQL_SCOPE_CURROW,
++ SQL_NULLABLE);
+
+ if (r != SQL_SUCCESS) {
+ qSqlWarning("QODBCDriver::primaryIndex: Unable to execute primary key list"_L1, d);
+@@ -2562,15 +2572,17 @@ QSqlRecord QODBCDriver::record(const QString& tablename) const
+ SQL_ATTR_CURSOR_TYPE,
+ (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY,
+ SQL_IS_UINTEGER);
+- r = SQLColumns(hStmt,
+- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(),
+- catalog.length(),
+- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(),
+- schema.length(),
+- toSQLTCHAR(table).data(),
+- table.length(),
+- NULL,
+- 0);
++ {
++ auto c = toSQLTCHAR(catalog);
++ auto s = toSQLTCHAR(schema);
++ auto t = toSQLTCHAR(table);
++ r = SQLColumns(hStmt,
++ catalog.isEmpty() ? nullptr : c.data(), c.size(),
++ schema.isEmpty() ? nullptr : s.data(), s.size(),
++ t.data(), t.size(),
++ nullptr,
++ 0);
++ }
+ if (r != SQL_SUCCESS)
+ qSqlWarning("QODBCDriver::record: Unable to execute column list"_L1, d);
diff --git a/debian/patches/cve-2023-32762.diff b/debian/patches/cve-2023-32762.diff
new file mode 100644
index 0000000..92b76fa
--- /dev/null
+++ b/debian/patches/cve-2023-32762.diff
@@ -0,0 +1,15 @@
+---
+ src/network/access/qhsts.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/network/access/qhsts.cpp
++++ b/src/network/access/qhsts.cpp
+@@ -328,7 +328,7 @@ bool QHstsHeaderParser::parse(const QLis
+ {
+ for (const auto &h : headers) {
+ // We use '==' since header name was already 'trimmed' for us:
+- if (h.first == "Strict-Transport-Security") {
++ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
+ header = h.second;
+ // RFC6797, 8.1:
+ //
diff --git a/debian/patches/cve-2023-32763.diff b/debian/patches/cve-2023-32763.diff
new file mode 100644
index 0000000..4d0f5f9
--- /dev/null
+++ b/debian/patches/cve-2023-32763.diff
@@ -0,0 +1,58 @@
+---
+ src/gui/painting/qfixed_p.h | 17 +++++++++++++++++
+ src/gui/text/qtextlayout.cpp | 9 ++++++---
+ 2 files changed, 23 insertions(+), 3 deletions(-)
+
+--- a/src/gui/painting/qfixed_p.h
++++ b/src/gui/painting/qfixed_p.h
+@@ -18,6 +18,7 @@
+ #include <QtGui/private/qtguiglobal_p.h>
+ #include "QtCore/qdebug.h"
+ #include "QtCore/qpoint.h"
++#include "QtCore/qnumeric.h"
+ #include "QtCore/qsize.h"
+
+ QT_BEGIN_NAMESPACE
+@@ -136,6 +137,22 @@ constexpr inline QFixed operator+(uint i
+ constexpr inline QFixed operator-(uint i, QFixed d) { return -(d-i); }
+ // constexpr inline QFixed operator*(qreal d, QFixed d2) { return d2*d; }
+
++inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r)
++{
++ int val;
++ bool result = qAddOverflow(v1.value(), v2.value(), &val);
++ r->setValue(val);
++ return result;
++}
++
++inline bool qMulOverflow(QFixed v1, QFixed v2, QFixed *r)
++{
++ int val;
++ bool result = qMulOverflow(v1.value(), v2.value(), &val);
++ r->setValue(val);
++ return result;
++}
++
+ #ifndef QT_NO_DEBUG_STREAM
+ inline QDebug &operator<<(QDebug &dbg, QFixed f)
+ { return dbg << f.toReal(); }
+--- a/src/gui/text/qtextlayout.cpp
++++ b/src/gui/text/qtextlayout.cpp
+@@ -2105,11 +2105,14 @@ found:
+ eng->maxWidth = qMax(eng->maxWidth, line.textWidth);
+ } else {
+ eng->minWidth = qMax(eng->minWidth, lbh.minw);
+- eng->maxWidth += line.textWidth;
++ if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth))
++ eng->maxWidth = QFIXED_MAX;
+ }
+
+- if (line.textWidth > 0 && item < eng->layoutData->items.size())
+- eng->maxWidth += lbh.spaceData.textWidth;
++ if (line.textWidth > 0 && item < eng->layoutData->items.size()) {
++ if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, &eng->maxWidth))
++ eng->maxWidth = QFIXED_MAX;
++ }
+
+ line.textWidth += trailingSpace;
+ if (lbh.spaceData.length) {
diff --git a/debian/patches/cve-2023-33285.diff b/debian/patches/cve-2023-33285.diff
new file mode 100644
index 0000000..f7eb569
--- /dev/null
+++ b/debian/patches/cve-2023-33285.diff
@@ -0,0 +1,70 @@
+diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp
+index 75f7c6c440..de0113494f 100644
+--- a/src/network/kernel/qdnslookup_unix.cpp
++++ b/src/network/kernel/qdnslookup_unix.cpp
+@@ -193,7 +193,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+ // responseLength in case of error, we still can extract the
+ // exact error code from the response.
+ HEADER *header = (HEADER*)response;
+- const int answerCount = ntohs(header->ancount);
+ switch (header->rcode) {
+ case NOERROR:
+ break;
+@@ -226,18 +225,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+ return;
+ }
+
+- // Skip the query host, type (2 bytes) and class (2 bytes).
+ char host[PACKETSZ], answer[PACKETSZ];
+ unsigned char *p = response + sizeof(HEADER);
+- int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
+- if (status < 0) {
++ int status;
++
++ if (ntohs(header->qdcount) == 1) {
++ // Skip the query host, type (2 bytes) and class (2 bytes).
++ status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
++ if (status < 0) {
++ reply->error = QDnsLookup::InvalidReplyError;
++ reply->errorString = tr("Could not expand domain name");
++ return;
++ }
++ if ((p - response) + status + 4 >= responseLength)
++ header->qdcount = 0xffff; // invalid reply below
++ else
++ p += status + 4;
++ }
++ if (ntohs(header->qdcount) > 1) {
+ reply->error = QDnsLookup::InvalidReplyError;
+- reply->errorString = tr("Could not expand domain name");
++ reply->errorString = tr("Invalid reply received");
+ return;
+ }
+- p += status + 4;
+
+ // Extract results.
++ const int answerCount = ntohs(header->ancount);
+ int answerIndex = 0;
+ while ((p < response + responseLength) && (answerIndex < answerCount)) {
+ status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
+@@ -249,6 +261,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+ const QString name = QUrl::fromAce(host);
+
+ p += status;
++
++ if ((p - response) + 10 > responseLength) {
++ // probably just a truncated reply, return what we have
++ return;
++ }
+ const quint16 type = (p[0] << 8) | p[1];
+ p += 2; // RR type
+ p += 2; // RR class
+@@ -256,6 +273,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+ p += 4;
+ const quint16 size = (p[0] << 8) | p[1];
+ p += 2;
++ if ((p - response) + size > responseLength)
++ return; // truncated
+
+ if (type == QDnsLookup::A) {
+ if (size != 4) {
diff --git a/debian/patches/cve-2023-34410-57ba626.diff b/debian/patches/cve-2023-34410-57ba626.diff
new file mode 100644
index 0000000..aa74996
--- /dev/null
+++ b/debian/patches/cve-2023-34410-57ba626.diff
@@ -0,0 +1,45 @@
+From 57ba6260c0801055b7188fdaa1818b940590f5f1 Mon Sep 17 00:00:00 2001
+From: Mårten Nordheim <marten.nordheim at qt.io>
+Date: Thu, 25 May 2023 14:40:29 +0200
+Subject: [PATCH] Ssl: Copy the on-demand cert loading bool from default config
+
+Otherwise individual sockets will still load system certificates when
+a chain doesn't match against the configured CA certificates.
+That's not intended behavior, since specifically setting the CA
+certificates means you don't want the system certificates to be used.
+
+Follow-up to/amends ada2c573c1a25f8d96577734968fe317ddfa292a
+
+This is potentially a breaking change because now, if you ever add a
+CA to the default config, it will disable loading system certificates
+on demand for all sockets. And the only way to re-enable it is to
+create a null-QSslConfiguration and set it as the new default.
+
+Pick-to: 6.5 6.2 5.15
+Change-Id: Ic3b2ab125c0cdd58ad654af1cb36173960ce2d1e
+Reviewed-by: Timur Pocheptsov <timur.pocheptsov at qt.io>
+---
+
+diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
+index 4eefe43..0563fd0 100644
+--- a/src/network/ssl/qsslsocket.cpp
++++ b/src/network/ssl/qsslsocket.cpp
+@@ -1973,6 +1973,10 @@
+ , flushTriggered(false)
+ {
+ QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
++ // If the global configuration doesn't allow root certificates to be loaded
++ // on demand then we have to disable it for this socket as well.
++ if (!configuration.allowRootCertOnDemandLoading)
++ allowRootCertOnDemandLoading = false;
+
+ const auto *tlsBackend = tlsBackendInUse();
+ if (!tlsBackend) {
+@@ -2281,6 +2285,7 @@
+ ptr->sessionProtocol = global->sessionProtocol;
+ ptr->ciphers = global->ciphers;
+ ptr->caCertificates = global->caCertificates;
++ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
+ ptr->protocol = global->protocol;
+ ptr->peerVerifyMode = global->peerVerifyMode;
+ ptr->peerVerifyDepth = global->peerVerifyDepth;
diff --git a/debian/patches/cve-2023-34410-ada2c57.diff b/debian/patches/cve-2023-34410-ada2c57.diff
new file mode 100644
index 0000000..b8fa3af
--- /dev/null
+++ b/debian/patches/cve-2023-34410-ada2c57.diff
@@ -0,0 +1,275 @@
+From ada2c573c1a25f8d96577734968fe317ddfa292a Mon Sep 17 00:00:00 2001
+From: Mårten Nordheim <marten.nordheim at qt.io>
+Date: Wed, 10 May 2023 16:43:41 +0200
+Subject: [PATCH] Schannel: Reject certificate not signed by a configured CA certificate
+
+Not entirely clear why, but when building the certificate chain for a
+peer the system certificate store is searched for root certificates.
+General expectation is that after calling
+`sslConfiguration.setCaCertificates()` the system certificates will
+not be taken into consideration.
+
+To work around this behavior, we do a manual check that the root of the
+chain is part of the configured CA certificates.
+
+Pick-to: 6.5 6.2 5.15
+Change-Id: I03666a4d9b0eac39ae97e150b4743120611a11b3
+Reviewed-by: Edward Welbourne <edward.welbourne at qt.io>
+Reviewed-by: Volker Hilsheimer <volker.hilsheimer at qt.io>
+---
+
+diff --git a/src/plugins/tls/schannel/qtls_schannel.cpp b/src/plugins/tls/schannel/qtls_schannel.cpp
+index d72aaa5..ae9ff06 100644
+--- a/src/plugins/tls/schannel/qtls_schannel.cpp
++++ b/src/plugins/tls/schannel/qtls_schannel.cpp
+@@ -2066,6 +2066,27 @@
+ verifyDepth = DWORD(q->peerVerifyDepth());
+
+ const auto &caCertificates = q->sslConfiguration().caCertificates();
++
++ if (!rootCertOnDemandLoadingAllowed()
++ && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN)
++ && (q->peerVerifyMode() == QSslSocket::VerifyPeer
++ || (isClient && q->peerVerifyMode() == QSslSocket::AutoVerifyPeer))) {
++ // When verifying a peer Windows "helpfully" builds a chain that
++ // may include roots from the system store. But we don't want that if
++ // the user has set their own CA certificates.
++ // Since Windows claims this is not a partial chain the root is included
++ // and we have to check that it is one of our configured CAs.
++ CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1];
++ QSslCertificate certificate = getCertificateFromChainElement(element);
++ if (!caCertificates.contains(certificate)) {
++ auto error = QSslError(QSslError::CertificateUntrusted, certificate);
++ sslErrors += error;
++ emit q->peerVerifyError(error);
++ if (q->state() != QAbstractSocket::ConnectedState)
++ return false;
++ }
++ }
++
+ QList<QSslCertificate> peerCertificateChain;
+ for (DWORD i = 0; i < verifyDepth; i++) {
+ CERT_CHAIN_ELEMENT *element = chain->rgpElement[i];
+diff --git a/tests/manual/network/ssl/client-auth/CMakeLists.txt b/tests/manual/network/ssl/client-auth/CMakeLists.txt
+new file mode 100644
+index 0000000..67ecc20
+--- /dev/null
++++ b/tests/manual/network/ssl/client-auth/CMakeLists.txt
+@@ -0,0 +1,24 @@
++# Copyright (C) 2023 The Qt Company Ltd.
++# SPDX-License-Identifier: BSD-3-Clause
++
++qt_internal_add_manual_test(tst_manual_ssl_client_auth
++ SOURCES
++ tst_manual_ssl_client_auth.cpp
++ LIBRARIES
++ Qt::Network
++)
++
++qt_internal_add_resource(tst_manual_ssl_client_auth "tst_manual_ssl_client_auth"
++ PREFIX
++ "/"
++ FILES
++ "certs/127.0.0.1.pem"
++ "certs/127.0.0.1-key.pem"
++ "certs/127.0.0.1-client.pem"
++ "certs/127.0.0.1-client-key.pem"
++ "certs/accepted-client.pem"
++ "certs/accepted-client-key.pem"
++ "certs/rootCA.pem"
++ BASE
++ "certs"
++)
+diff --git a/tests/manual/network/ssl/client-auth/certs/.gitignore b/tests/manual/network/ssl/client-auth/certs/.gitignore
+new file mode 100644
+index 0000000..5866f7b
+--- /dev/null
++++ b/tests/manual/network/ssl/client-auth/certs/.gitignore
+@@ -0,0 +1,4 @@
++*
++!/.gitignore
++!/generate.sh
++!/accepted-client.conf
+diff --git a/tests/manual/network/ssl/client-auth/certs/accepted-client.conf b/tests/manual/network/ssl/client-auth/certs/accepted-client.conf
+new file mode 100644
+index 0000000..a88b276
+--- /dev/null
++++ b/tests/manual/network/ssl/client-auth/certs/accepted-client.conf
+@@ -0,0 +1,14 @@
++[req]
++default_md = sha512
++basicConstraints = CA:FALSE
++extendedKeyUsage = clientAuth
++[req]
++distinguished_name = client_distinguished_name
++prompt = no
++[client_distinguished_name]
++C = NO
++ST = Oslo
++L = Oslo
++O = The Qt Project
++OU = The Qt Project
++CN = Fake Qt Project Client Certificate
+diff --git a/tests/manual/network/ssl/client-auth/certs/generate.sh b/tests/manual/network/ssl/client-auth/certs/generate.sh
+new file mode 100755
+index 0000000..5dbe3b3
+--- /dev/null
++++ b/tests/manual/network/ssl/client-auth/certs/generate.sh
+@@ -0,0 +1,33 @@
++#!/bin/bash
++# Copyright (C) 2023 The Qt Company Ltd.
++# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0
++
++# Requires mkcert and openssl
++
++warn () { echo "$@" >&2; }
++die () { warn "$@"; exit 1; }
++
++
++command -v mkcert 1>/dev/null 2>&1 || die "Failed to find mkcert"
++command -v openssl 1>/dev/null 2>&1 || die "Failed to find openssl"
++
++SCRIPT=$(realpath "$0")
++SCRIPTPATH=$(dirname "$SCRIPT")
++
++pushd "$SCRIPTPATH" || die "Unable to pushd to $SCRIPTPATH"
++mkcert 127.0.0.1
++mkcert -client 127.0.0.1
++warn "Remember to run mkcert -install if you haven't already"
++
++# Generate CA
++openssl genrsa -out ca-key.pem 2048
++openssl req -new -x509 -noenc -days 365 -key ca-key.pem -out rootCA.pem
++
++# Generate accepted client certificate
++openssl genrsa -out accepted-client-key.pem 2048
++openssl req -new -sha512 -nodes -key accepted-client-key.pem -out accepted-client.csr -config accepted-client.conf
++openssl x509 -req -sha512 -days 45 -in accepted-client.csr -CA rootCA.pem -CAkey ca-key.pem -CAcreateserial -out accepted-client.pem
++rm accepted-client.csr
++rm rootCA.srl
++
++popd || die "Unable to popd"
+diff --git a/tests/manual/network/ssl/client-auth/tst_manual_ssl_client_auth.cpp b/tests/manual/network/ssl/client-auth/tst_manual_ssl_client_auth.cpp
+new file mode 100644
+index 0000000..2307cbb
+--- /dev/null
++++ b/tests/manual/network/ssl/client-auth/tst_manual_ssl_client_auth.cpp
+@@ -0,0 +1,118 @@
++// Copyright (C) 2023 The Qt Company Ltd.
++// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0
++
++#include <QtCore/qcoreapplication.h>
++
++#include <QtCore/qthread.h>
++#include <QtCore/qfile.h>
++#include <QtCore/qdir.h>
++
++#include <QtNetwork/qsslsocket.h>
++#include <QtNetwork/qsslserver.h>
++#include <QtNetwork/qsslconfiguration.h>
++#include <QtNetwork/qsslkey.h>
++
++// Client and/or server presents a certificate signed by a system-trusted CA
++// but the other side presents a certificate signed by a different CA.
++constexpr bool TestServerPresentsIncorrectCa = false;
++constexpr bool TestClientPresentsIncorrectCa = true;
++
++class ServerThread : public QThread
++{
++ Q_OBJECT
++public:
++ void run() override
++ {
++ QSslServer server;
++
++ QSslConfiguration config = server.sslConfiguration();
++ QList<QSslCertificate> certs = QSslCertificate::fromPath(QStringLiteral(":/rootCA.pem"));
++ config.setCaCertificates(certs);
++ config.setLocalCertificate(QSslCertificate::fromPath(QStringLiteral(":/127.0.0.1.pem"))
++ .first());
++ QFile keyFile(QStringLiteral(":/127.0.0.1-key.pem"));
++ if (!keyFile.open(QIODevice::ReadOnly))
++ qFatal("Failed to open key file");
++ config.setPrivateKey(QSslKey(&keyFile, QSsl::Rsa));
++ config.setPeerVerifyMode(QSslSocket::VerifyPeer);
++ server.setSslConfiguration(config);
++
++ connect(&server, &QSslServer::pendingConnectionAvailable, [&server]() {
++ QSslSocket *socket = static_cast<QSslSocket *>(server.nextPendingConnection());
++ qDebug() << "[s] newConnection" << socket->peerAddress() << socket->peerPort();
++ socket->disconnectFromHost();
++ qApp->quit();
++ });
++ connect(&server, &QSslServer::startedEncryptionHandshake, [](QSslSocket *socket) {
++ qDebug() << "[s] new handshake" << socket->peerAddress() << socket->peerPort();
++ });
++ connect(&server, &QSslServer::errorOccurred,
++ [](QSslSocket *socket, QAbstractSocket::SocketError error) {
++ qDebug() << "[s] errorOccurred" << socket->peerAddress() << socket->peerPort()
++ << error << socket->errorString();
++ });
++ connect(&server, &QSslServer::peerVerifyError,
++ [](QSslSocket *socket, const QSslError &error) {
++ qDebug() << "[s] peerVerifyError" << socket->peerAddress() << socket->peerPort()
++ << error;
++ });
++ server.listen(QHostAddress::LocalHost, 24242);
++
++ exec();
++
++ server.close();
++ }
++};
++
++int main(int argc, char **argv)
++{
++ QCoreApplication app(argc, argv);
++
++ using namespace Qt::StringLiterals;
++
++ if (!QFileInfo(u":/rootCA.pem"_s).exists())
++ qFatal("rootCA.pem not found. Did you run generate.sh in the certs directory?");
++
++ ServerThread serverThread;
++ serverThread.start();
++
++ QSslSocket socket;
++ QSslConfiguration config = socket.sslConfiguration();
++ QString certificatePath;
++ QString keyFileName;
++ if constexpr (TestClientPresentsIncorrectCa) { // true: Present cert signed with incorrect CA: should fail
++ certificatePath = u":/127.0.0.1-client.pem"_s;
++ keyFileName = u":/127.0.0.1-client-key.pem"_s;
++ } else { // false: Use correct CA: should succeed
++ certificatePath = u":/accepted-client.pem"_s;
++ keyFileName = u":/accepted-client-key.pem"_s;
++ }
++ config.setLocalCertificate(QSslCertificate::fromPath(certificatePath).first());
++ if (TestServerPresentsIncorrectCa) // true: Verify server using incorrect CA: should fail
++ config.setCaCertificates(QSslCertificate::fromPath(u":/rootCA.pem"_s));
++ QFile keyFile(keyFileName);
++ if (!keyFile.open(QIODevice::ReadOnly))
++ qFatal("Failed to open key file");
++ config.setPrivateKey(QSslKey(&keyFile, QSsl::Rsa));
++ socket.setSslConfiguration(config);
++
++ QObject::connect(&socket, &QSslSocket::encrypted, []() { qDebug() << "[c] encrypted"; });
++ QObject::connect(&socket, &QSslSocket::errorOccurred,
++ [&socket](QAbstractSocket::SocketError error) {
++ qDebug() << "[c] errorOccurred" << error << socket.errorString();
++ qApp->quit();
++ });
++ QObject::connect(&socket, &QSslSocket::sslErrors, [](const QList<QSslError> &errors) {
++ qDebug() << "[c] sslErrors" << errors;
++ });
++ QObject::connect(&socket, &QSslSocket::connected, []() { qDebug() << "[c] connected"; });
++
++ socket.connectToHostEncrypted(QStringLiteral("127.0.0.1"), 24242);
++
++ const int res = app.exec();
++ serverThread.quit();
++ serverThread.wait();
++ return res;
++}
++
++#include "tst_manual_ssl_client_auth.moc"
diff --git a/debian/patches/force_shared_libzstd.patch b/debian/patches/force_shared_libzstd.patch
new file mode 100644
index 0000000..7c1ac1f
--- /dev/null
+++ b/debian/patches/force_shared_libzstd.patch
@@ -0,0 +1,28 @@
+Description: force the usage of the shared libzstd library.
+ The library provides both versions, and the original code prefers the static
+ version over the shared, while on Debian it should always use the shared
+ version.
+Author: Lisandro Damián Nicanor Pérez Meyer <lisandro at debian.org>
+Bug: https://bugreports.qt.io/browse/QTBUG-110978
+Forwarded: not-needed
+
+---
+ cmake/FindWrapZSTD.cmake | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+--- a/cmake/FindWrapZSTD.cmake
++++ b/cmake/FindWrapZSTD.cmake
+@@ -25,11 +25,8 @@ include(FindPackageHandleStandardArgs)
+ if(TARGET zstd::libzstd_static OR TARGET zstd::libzstd_shared)
+ find_package_handle_standard_args(WrapZSTD
+ REQUIRED_VARS zstd_VERSION VERSION_VAR zstd_VERSION)
+- if(TARGET zstd::libzstd_static)
+- set(zstdtargetsuffix "_static")
+- else()
+- set(zstdtargetsuffix "_shared")
+- endif()
++ set(zstdtargetsuffix "_shared")
++
+ if(NOT TARGET WrapZSTD::WrapZSTD)
+ add_library(WrapZSTD::WrapZSTD INTERFACE IMPORTED)
+ set_target_properties(WrapZSTD::WrapZSTD PROPERTIES
diff --git a/debian/patches/forkfd_grow_stack_upwards_on_hppa.patch b/debian/patches/forkfd_grow_stack_upwards_on_hppa.patch
new file mode 100644
index 0000000..0d87ac1
--- /dev/null
+++ b/debian/patches/forkfd_grow_stack_upwards_on_hppa.patch
@@ -0,0 +1,23 @@
+Description: Change how stack grows on HPPA.
+ On HPPA stack grows upwards. This patch introduces this change for
+ this 3rd party code.
+Author: John David Anglin <dave.anglin at bell.net>
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042018
+Reviewed-by: Lisandro Damián Nicanor Pérez Meyer <lisandro at debian.org>
+Last-Update: 2023-07-28
+
+--- ./src/3rdparty/forkfd/forkfd_linux.c.save 2023-07-27 12:04:02.940466337 +0000
++++ ./src/3rdparty/forkfd/forkfd_linux.c 2023-07-27 12:06:53.522077424 +0000
+@@ -168,7 +168,12 @@
+ }
+ *system = 1;
+
++#if defined(__hppa__)
++ /* Stack grows up */
++ pid = clone(childFn, childStack, cloneflags, token, &pidfd, NULL, NULL);
++#else
+ pid = clone(childFn, childStack + sizeof(childStack), cloneflags, token, &pidfd, NULL, NULL);
++#endif
+ if (pid < 0)
+ return pid;
+ if (ppid)
diff --git a/debian/patches/no_htmlinfo_example.patch b/debian/patches/no_htmlinfo_example.patch
new file mode 100644
index 0000000..68d9b34
--- /dev/null
+++ b/debian/patches/no_htmlinfo_example.patch
@@ -0,0 +1,30 @@
+Description: Avoid trying to build the htmlinfo example
+ This example uses non-free images, so we had to remove it from the original
+ tarball.
+ .
+ This patch avoid building this example.
+Author: Lisandro Damián Nicanor Pérez Meyer <lisandro at debian.org>
+Forwarded: not-needed
+
+---
+ examples/xml/CMakeLists.txt | 1 -
+ examples/xml/xml.pro | 3 +--
+ 2 files changed, 1 insertion(+), 3 deletions(-)
+
+--- a/examples/xml/CMakeLists.txt
++++ b/examples/xml/CMakeLists.txt
+@@ -1,4 +1,3 @@
+-qt_internal_add_example(htmlinfo)
+ qt_internal_add_example(xmlstreamlint)
+ if(TARGET Qt::Widgets)
+ qt_internal_add_example(dombookmarks)
+--- a/examples/xml/xml.pro
++++ b/examples/xml/xml.pro
+@@ -1,6 +1,5 @@
+ TEMPLATE = subdirs
+-SUBDIRS = htmlinfo \
+- xmlstreamlint
++SUBDIRS = xmlstreamlint
+
+ qtHaveModule(widgets) {
+ SUBDIRS += dombookmarks \
diff --git a/debian/patches/remove_rpath_from_examples.patch b/debian/patches/remove_rpath_from_examples.patch
new file mode 100644
index 0000000..07f01d5
--- /dev/null
+++ b/debian/patches/remove_rpath_from_examples.patch
@@ -0,0 +1,22 @@
+Description: remove RPATH/RUNPATH from examples' binaries.
+ On Debian the examples are built against system's libraries, so there is no
+ need to set RPATH/RUNPATH.
+Author: Lisandro Damián Nicanor Pérez Meyer <lisandro at debian.org>
+Forwarded: not-needed
+Last-Update: 2023-07-23
+
+---
+ cmake/QtBuildInternals/QtBuildInternalsConfig.cmake | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/cmake/QtBuildInternals/QtBuildInternalsConfig.cmake
++++ b/cmake/QtBuildInternals/QtBuildInternalsConfig.cmake
+@@ -849,7 +849,7 @@ macro(qt_examples_build_begin)
+ # This means that installed examples are not relocatable at the moment. We would need to
+ # annotate where each example is installed to, to be able to derive a relative rpath, and it
+ # seems there's no way to query such information from CMake itself.
+- set(CMAKE_INSTALL_RPATH "${_default_install_rpath}")
++ #set(CMAKE_INSTALL_RPATH "${_default_install_rpath}")
+ set(QT_DISABLE_QT_ADD_PLUGIN_COMPATIBILITY TRUE)
+
+ install(CODE "
diff --git a/debian/patches/series b/debian/patches/series
index d925b80..d3a4af2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,7 +1,29 @@
+# fixed in 6.5.2
+cve-2023-34410-57ba626.diff
+cve-2023-34410-ada2c57.diff
+
+# fixed in 6.5.1
+cve-2023-32762.diff
+cve-2023-32763.diff
+cve-2023-33285.diff
+upstream_Add-HPPA-detection.patch
+upstream_Add-M68k-detection.patch
+upstream_Add-enable-Alpha-detection.patch
+
+# fixed in 6.4.3
+cve-2023-24607.patch
+
+# Needs to be fixed upstream.
+Add-SH-detection.patch
+
# Debian specific
remove_privacy_breaches.diff
build_path_embedded_qtbuildinternalsextra_cmake.patch
+cross.patch
+force_shared_libzstd.patch
+no_htmlinfo_example.patch
+remove_rpath_from_examples.patch
+forkfd_grow_stack_upwards_on_hppa.patch
# Don't use yield on CPUs that might not support it
armel-noyield.patch
-
diff --git a/debian/patches/upstream_Add-HPPA-detection.patch b/debian/patches/upstream_Add-HPPA-detection.patch
new file mode 100644
index 0000000..5e3bd79
--- /dev/null
+++ b/debian/patches/upstream_Add-HPPA-detection.patch
@@ -0,0 +1,83 @@
+From e81cba0cd33339c2e5f5e3c670741605264b21c2 Mon Sep 17 00:00:00 2001
+From: Pino Toscano <toscano.pino at tiscali.it>
+Date: Thu, 6 Oct 2022 23:15:30 +0200
+Subject: [PATCH] Add HPPA detection
+
+- detect the HPPA architecture (PA-RISC) and define Q_PROCESSOR_HPPA
+- set the right machine type in QElfParser for HPPA ELF files
+
+Change-Id: I5214ce64ef1fdd0ecca3d6c1694c5db9b2852a22
+Reviewed-by: Thiago Macieira <thiago.macieira at intel.com>
+---
+ src/corelib/global/archdetect.cpp | 2 ++
+ src/corelib/global/qglobal.cpp | 9 +++++++++
+ src/corelib/global/qprocessordetection.h | 9 +++++++++
+ src/corelib/plugin/qelfparser_p.cpp | 3 +++
+ 4 files changed, 23 insertions(+)
+
+--- a/src/corelib/global/archdetect.cpp
++++ b/src/corelib/global/archdetect.cpp
+@@ -17,6 +17,8 @@
+ # define ARCH_PROCESSOR "bfin"
+ #elif defined(Q_PROCESSOR_WASM)
+ # define ARCH_PROCESSOR "wasm"
++#elif defined(Q_PROCESSOR_HPPA)
++# define ARCH_PROCESSOR "hppa"
+ #elif defined(Q_PROCESSOR_X86_32)
+ # define ARCH_PROCESSOR "i386"
+ #elif defined(Q_PROCESSOR_X86_64)
+--- a/src/corelib/global/qprocessordetection.h
++++ b/src/corelib/global/qprocessordetection.h
+@@ -140,6 +140,15 @@
+ // # define Q_BYTE_ORDER Q_LITTLE_ENDIAN
+
+ /*
++ PA-RISC family, no revisions or variants
++
++ PA-RISC is big-endian.
++*/
++#elif defined(__hppa__)
++# define Q_PROCESSOR_HPPA
++# define Q_BYTE_ORDER Q_BIG_ENDIAN
++
++/*
+ X86 family, known variants: 32- and 64-bit
+
+ X86 is little-endian.
+--- a/src/corelib/plugin/qelfparser_p.cpp
++++ b/src/corelib/plugin/qelfparser_p.cpp
+@@ -118,6 +118,8 @@ struct ElfMachineCheck
+ EM_AARCH64
+ #elif defined(Q_PROCESSOR_BLACKFIN)
+ EM_BLACKFIN
++#elif defined(Q_PROCESSOR_HPPA)
++ EM_PARISC
+ #elif defined(Q_PROCESSOR_IA64)
+ EM_IA_64
+ #elif defined(Q_PROCESSOR_MIPS)
+@@ -383,6 +385,7 @@ Q_DECL_UNUSED Q_DECL_COLD_FUNCTION stati
+ #endif
+ case EM_IA_64: d << ", IA-64"; break;
+ case EM_MIPS: d << ", MIPS"; break;
++ case EM_PARISC: d << ", HPPA"; break;
+ case EM_PPC: d << ", PowerPC"; break;
+ case EM_PPC64: d << ", PowerPC 64-bit"; break;
+ #ifdef EM_RISCV
+--- a/src/corelib/global/qglobal.cpp
++++ b/src/corelib/global/qglobal.cpp
+@@ -1791,6 +1791,15 @@ bool qSharedBuild() noexcept
+ */
+
+ /*!
++ \macro Q_PROCESSOR_HPPA
++ \relates <QtGlobal>
++
++ Defined if the application is compiled for PA-RISC processors.
++
++ \sa QSysInfo::buildCpuArchitecture()
++*/
++
++/*!
+ \macro Q_PROCESSOR_IA64
+ \relates <QtGlobal>
+
diff --git a/debian/patches/upstream_Add-M68k-detection.patch b/debian/patches/upstream_Add-M68k-detection.patch
new file mode 100644
index 0000000..9df96b4
--- /dev/null
+++ b/debian/patches/upstream_Add-M68k-detection.patch
@@ -0,0 +1,84 @@
+From ac17a394a5701174c705050640e26c9cb95d289b Mon Sep 17 00:00:00 2001
+From: Pino Toscano <toscano.pino at tiscali.it>
+Date: Thu, 6 Oct 2022 23:17:57 +0200
+Subject: [PATCH] Add M68k detection
+
+- detect the M68k architecture (Motorola 68000) and define
+ Q_PROCESSOR_M68K
+- set the right machine type in QElfParser for M68k ELF files
+
+Change-Id: Ie5694abbe1ae2bfeb5692defba0ca6062c1d60ac
+Reviewed-by: Thiago Macieira <thiago.macieira at intel.com>
+---
+ src/corelib/global/archdetect.cpp | 2 ++
+ src/corelib/global/qglobal.cpp | 9 +++++++++
+ src/corelib/global/qprocessordetection.h | 9 +++++++++
+ src/corelib/plugin/qelfparser_p.cpp | 3 +++
+ 4 files changed, 23 insertions(+)
+
+--- a/src/corelib/global/archdetect.cpp
++++ b/src/corelib/global/archdetect.cpp
+@@ -25,6 +25,8 @@
+ # define ARCH_PROCESSOR "x86_64"
+ #elif defined(Q_PROCESSOR_IA64)
+ # define ARCH_PROCESSOR "ia64"
++#elif defined(Q_PROCESSOR_M68K)
++# define ARCH_PROCESSOR "m68k"
+ #elif defined(Q_PROCESSOR_MIPS_64)
+ # define ARCH_PROCESSOR "mips64"
+ #elif defined(Q_PROCESSOR_MIPS)
+--- a/src/corelib/global/qprocessordetection.h
++++ b/src/corelib/global/qprocessordetection.h
+@@ -197,6 +197,15 @@
+ // Q_BYTE_ORDER not defined, use endianness auto-detection
+
+ /*
++ Motorola 68000 family, no revisions or variants
++
++ M68K is big-endian.
++*/
++#elif defined(__m68k__)
++# define Q_PROCESSOR_M68K
++# define Q_BYTE_ORDER Q_BIG_ENDIAN
++
++/*
+ MIPS family, known revisions: I, II, III, IV, 32, 64
+
+ MIPS is bi-endian, use endianness auto-detection implemented below.
+--- a/src/corelib/plugin/qelfparser_p.cpp
++++ b/src/corelib/plugin/qelfparser_p.cpp
+@@ -122,6 +122,8 @@ struct ElfMachineCheck
+ EM_PARISC
+ #elif defined(Q_PROCESSOR_IA64)
+ EM_IA_64
++#elif defined(Q_PROCESSOR_M68K)
++ EM_68K
+ #elif defined(Q_PROCESSOR_MIPS)
+ EM_MIPS
+ #elif defined(Q_PROCESSOR_POWER_32)
+@@ -378,6 +380,7 @@ Q_DECL_UNUSED Q_DECL_COLD_FUNCTION stati
+ switch (r.machine) {
+ // list definitely not exhaustive!
+ case EM_NONE: d << ", no machine"; break;
++ case EM_68K: d << ", MC68000"; break;
+ case EM_ARM: d << ", ARM"; break;
+ case EM_AARCH64: d << ", AArch64"; break;
+ #ifdef EM_BLACKFIN
+--- a/src/corelib/global/qglobal.cpp
++++ b/src/corelib/global/qglobal.cpp
+@@ -1810,6 +1810,15 @@ bool qSharedBuild() noexcept
+ */
+
+ /*!
++ \macro Q_PROCESSOR_M68K
++ \relates <QtGlobal>
++
++ Defined if the application is compiled for Motorola 68000 processors.
++
++ \sa QSysInfo::buildCpuArchitecture()
++*/
++
++/*!
+ \macro Q_PROCESSOR_MIPS
+ \relates <QtGlobal>
+
diff --git a/debian/patches/upstream_Add-enable-Alpha-detection.patch b/debian/patches/upstream_Add-enable-Alpha-detection.patch
new file mode 100644
index 0000000..13ebd78
--- /dev/null
+++ b/debian/patches/upstream_Add-enable-Alpha-detection.patch
@@ -0,0 +1,62 @@
+From eeb66b99df521c4a32b8eda1d889f615319355a6 Mon Sep 17 00:00:00 2001
+From: Pino Toscano <toscano.pino at tiscali.it>
+Date: Tue, 15 Nov 2022 07:15:44 +0100
+Subject: [PATCH] Add/enable Alpha detection
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+- uncomment the Alpha detection defining Q_PROCESSOR_ALPHA, which is
+ already used/documented in few places
+- set the right machine type in QElfParser for Alpha ELF files
+
+Pick-to: 6.5
+Change-Id: I072bdee8b73ad3c86591c764aa7075c114967fd9
+Reviewed-by: Thiago Macieira <thiago.macieira at intel.com>
+Reviewed-by: Lisandro Damián Nicanor Pérez Meyer <perezmeyer at gmail.com>
+---
+ src/corelib/global/qprocessordetection.h | 6 +++---
+ src/corelib/plugin/qelfparser_p.cpp | 3 +++
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+--- a/src/corelib/global/qprocessordetection.h
++++ b/src/corelib/global/qprocessordetection.h
+@@ -48,8 +48,8 @@
+
+ Alpha is bi-endian, use endianness auto-detection implemented below.
+ */
+-// #elif defined(__alpha__) || defined(_M_ALPHA)
+-// # define Q_PROCESSOR_ALPHA
++#if defined(__alpha__) || defined(_M_ALPHA)
++# define Q_PROCESSOR_ALPHA
+ // Q_BYTE_ORDER not defined, use endianness auto-detection
+
+ /*
+@@ -58,7 +58,7 @@
+ ARM is bi-endian, detect using __ARMEL__ or __ARMEB__, falling back to
+ auto-detection implemented below.
+ */
+-#if defined(__arm__) || defined(__TARGET_ARCH_ARM) || defined(_M_ARM) || defined(_M_ARM64) || defined(__aarch64__) || defined(__ARM64__)
++#elif defined(__arm__) || defined(__TARGET_ARCH_ARM) || defined(_M_ARM) || defined(_M_ARM64) || defined(__aarch64__) || defined(__ARM64__)
+ # if defined(__aarch64__) || defined(__ARM64__) || defined(_M_ARM64)
+ # define Q_PROCESSOR_ARM_64
+ # define Q_PROCESSOR_WORDSIZE 8
+--- a/src/corelib/plugin/qelfparser_p.cpp
++++ b/src/corelib/plugin/qelfparser_p.cpp
+@@ -112,6 +112,8 @@ struct ElfMachineCheck
+ static const Elf32_Half ExpectedMachine =
+ #if 0
+ // nothing
++#elif defined(Q_PROCESSOR_ALPHA)
++ EM_ALPHA
+ #elif defined(Q_PROCESSOR_ARM_32)
+ EM_ARM
+ #elif defined(Q_PROCESSOR_ARM_64)
+@@ -380,6 +382,7 @@ Q_DECL_UNUSED Q_DECL_COLD_FUNCTION stati
+ switch (r.machine) {
+ // list definitely not exhaustive!
+ case EM_NONE: d << ", no machine"; break;
++ case EM_ALPHA: d << ", Alpha"; break;
+ case EM_68K: d << ", MC68000"; break;
+ case EM_ARM: d << ", ARM"; break;
+ case EM_AARCH64: d << ", AArch64"; break;
More information about the Neon-commits
mailing list