From 6bfca79d7848c1818dce34928aa151a798b99321 Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Sat, 7 Jun 2025 21:15:29 +0800
Subject: [PATCH] fix CVE-2025-5455

---
 CVE-2025-5455.patch | 20 ++++++++++++++++++++
 qt.spec             |  8 ++++++--
 2 files changed, 26 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2025-5455.patch

diff --git a/CVE-2025-5455.patch b/CVE-2025-5455.patch
new file mode 100644
index 0000000..aa3a78d
--- /dev/null
+++ b/CVE-2025-5455.patch
@@ -0,0 +1,20 @@
+diff --git a/src/corelib/io/qdataurl.cpp b/src/corelib/io/qdataurl.cpp
+index f14d399301f..83e59e3ac00 100644
+--- a/src/corelib/io/qdataurl.cpp
++++ b/src/corelib/io/qdataurl.cpp
+@@ -82,10 +82,11 @@
+             }
+ 
+             if (data.toLower().startsWith("charset")) {
+-                int i = 7;      // strlen("charset")
+-                while (data.at(i) == ' ')
+-                    ++i;
+-                if (data.at(i) == '=')
++            int prefixSize = 7; // strlen("charset")
++            QLatin1String copy(data.constData() + prefixSize, data.size() - prefixSize);
++            while (copy.startsWith(QLatin1String(" ")))
++                copy = copy.mid(1);
++            if (copy.startsWith(QLatin1String("=")))
+                     data.prepend("text/plain;");
+             }
+ 
diff --git a/qt.spec b/qt.spec
index 8c2d3fd..0763d15 100644
--- a/qt.spec
+++ b/qt.spec
@@ -13,7 +13,7 @@
 Name:           qt
 Epoch:          1
 Version:        4.8.7
-Release:        63
+Release:        64
 Summary:        A software toolkit for developing applications
 License:        (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
 URL:            https://www.qt.io/
@@ -90,7 +90,8 @@ Patch6007:      CVE-2023-32573.patch
 Patch6008:      qt-CVE-2023-34410.patch
 Patch6009:      qt-CVE-2023-38197.patch
 Patch6010:      qt-CVE-2023-37369.patch 
-Patch6011:      qt-CVE-2023-43114.patch 
+Patch6011:      qt-CVE-2023-43114.patch
+Patch6012:      CVE-2025-5455.patch
 
 BuildRequires:  cups-devel desktop-file-utils gcc-c++ libjpeg-devel findutils libmng-devel libtiff-devel pkgconfig pkgconfig(alsa)
 BuildRequires:  pkgconfig(dbus-1) pkgconfig(fontconfig) pkgconfig(glib-2.0) pkgconfig(icu-i18n) openssl-devel pkgconfig(libpng)
@@ -442,6 +443,9 @@ fi
 %{_qt4_prefix}/examples/
 
 %changelog
+* Sat Jun 07 2025 Funda Wang <fundawang@yeah.net> - 1:4.8.7-64
+- fix CVE-2025-5455
+
 * Fri Jan 24 2025 Funda Wang <fundawang@yeah.net> - 1:4.8.7-63
 - fix build with icu 76
 
-- 
Gitee