diff --git a/CVE-2025-5455.patch b/CVE-2025-5455.patch new file mode 100644 index 0000000000000000000000000000000000000000..aa3a78d452b2aef7b79be97e721428d77bf005e5 --- /dev/null +++ b/CVE-2025-5455.patch @@ -0,0 +1,20 @@ +diff --git a/src/corelib/io/qdataurl.cpp b/src/corelib/io/qdataurl.cpp +index f14d399301f..83e59e3ac00 100644 +--- a/src/corelib/io/qdataurl.cpp ++++ b/src/corelib/io/qdataurl.cpp +@@ -82,10 +82,11 @@ + } + + if (data.toLower().startsWith("charset")) { +- int i = 7; // strlen("charset") +- while (data.at(i) == ' ') +- ++i; +- if (data.at(i) == '=') ++ int prefixSize = 7; // strlen("charset") ++ QLatin1String copy(data.constData() + prefixSize, data.size() - prefixSize); ++ while (copy.startsWith(QLatin1String(" "))) ++ copy = copy.mid(1); ++ if (copy.startsWith(QLatin1String("="))) + data.prepend("text/plain;"); + } + diff --git a/qt.spec b/qt.spec index 8c2d3fdcdc7279b9679a2b15bc71a8fedd7d7c8d..0763d153e9a4245fdb122a6bee8862406fb6b81c 100644 --- a/qt.spec +++ b/qt.spec @@ -13,7 +13,7 @@ Name: qt Epoch: 1 Version: 4.8.7 -Release: 63 +Release: 64 Summary: A software toolkit for developing applications License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT URL: https://www.qt.io/ @@ -90,7 +90,8 @@ Patch6007: CVE-2023-32573.patch Patch6008: qt-CVE-2023-34410.patch Patch6009: qt-CVE-2023-38197.patch Patch6010: qt-CVE-2023-37369.patch -Patch6011: qt-CVE-2023-43114.patch +Patch6011: qt-CVE-2023-43114.patch +Patch6012: CVE-2025-5455.patch BuildRequires: cups-devel desktop-file-utils gcc-c++ libjpeg-devel findutils libmng-devel libtiff-devel pkgconfig pkgconfig(alsa) BuildRequires: pkgconfig(dbus-1) pkgconfig(fontconfig) pkgconfig(glib-2.0) pkgconfig(icu-i18n) openssl-devel pkgconfig(libpng) @@ -442,6 +443,9 @@ fi %{_qt4_prefix}/examples/ %changelog +* Sat Jun 07 2025 Funda Wang - 1:4.8.7-64 +- fix CVE-2025-5455 + * Fri Jan 24 2025 Funda Wang - 1:4.8.7-63 - fix build with icu 76