Skip to content

Commit

Permalink
Merge "Merge remote-tracking branch 'origin/5.14.2' into 5.14"
Browse files Browse the repository at this point in the history
  • Loading branch information
@mitchcurtis
mitchcurtis committed Mar 19, 2020
2 parents ad68ecf + 1480922 commit fcbbe7f
Show file tree
Hide file tree
Showing 10 changed files with 363 additions and 24 deletions.
117 changes: 117 additions & 0 deletions dist/changes-5.14.2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
Qt 5.14.2 is a bug-fix release. It maintains both forward and backward
compatibility (source and binary) with Qt 5.14.0 through 5.14.1.

For more details, refer to the online documentation included in this
distribution. The documentation is also available online:

https://doc.qt.io/qt-5/index.html

The Qt version 5.14 series is binary compatible with the 5.13.x series.
Applications compiled for 5.13 will continue to run with 5.14.

Some of the changes listed in this file include issue tracking numbers
corresponding to tasks in the Qt Bug Tracker:

https://bugreports.qt.io/

Each of these identifiers can be entered in the bug tracker to obtain more
information about a particular change.

****************************************************************************
* QtCore *
****************************************************************************

- QCollator:
* QTBUG-81673: Fixed a regression introduced in 5.14.0 that caused
QCollator not to operate with default-constructed QStrings and print a
warning on Windows.

- QString, codecs:
* QTBUG-62011: ZWNBS is no longer discarded (mistaken for a BOM despite
not being at the start) when converting UCS4 to QString's UCS2.

- QLocale:
* QTBUG-80459: Skip digit-grouping if the system locale is configured to
use an empty group separator.
* QTBUG-81530: Use "+" if MS reports empty for the system locale's plus
sign, as documented in MS's API for the relevant query.

- QLockFile:
* Suppressed the warning on QNX that said 'setNativeLocks failed:
"Function not implemented"'. There is no difference in behavior: Qt
will continue not to be able to apply an OS- level file lock, which
means the lock could be accidentally stolen by buggy software. Correct
software using QLockFile should not be affected.

- QObject:
* For the purposes of QT_NO_NARROWING_CONVERSIONS_IN_CONNECT, pointer
(incl. pointer-to-member) to bool conversions are now considered
narrowing. This matches the resolution of a defect report in C++
itself.

- QStorageInfo:
* Improved discovery of device nodes on Linux if the /dev entry was
renamed after the filesystem was mounted and udev is in use.

****************************************************************************
* QtGui *
****************************************************************************

- QTextMarkdownImporter:
* Text in Markdown format is assumed to be UTF-8.
* The "title" in a Markdown hyperlink is now used as the tooltip,
not the anchor name.
* Fixed vulnerability oss-fuzz-20450 (invalid input resulted in an
attempt to insert items into a list that no longer exists).

****************************************************************************
* QtWidgets *
****************************************************************************

- QLineEdit:
* the inputMask property has allowed any Letter or Number category
character for the respective mask characters, not just ASCII. The
documentation has been updated accordingly.

****************************************************************************
* qmake *
****************************************************************************

- To remove the NDEBUG define that is added by default in MSVC mkspecs,
write DEFINES_RELEASE -= NDEBUG in your .pro file.
- Install/uninstall rules are now generated for target.targets on Windows.
This mirrors the behavior on Unix.

****************************************************************************
* Third-Party Code *
****************************************************************************

- md4c was updated to 0.4.3. This fixes vulnerability oss-fuzz-20580.

- QtSQL, sqlite:
* Updated to v3.31.1
* [QTBUG-82533] Fixed CVE-2020-9327

****************************************************************************
* CMake *
****************************************************************************

- Windows:
* Fixed linking with Qt static build

****************************************************************************
* MSVC *
****************************************************************************

- Fixed a compatibility issue found when linking code compiled with
version 16.6 to a Qt compiled with 16.5.

****************************************************************************
* MinGW *
****************************************************************************

- Fixed build regressions.
- The -debug-and-release configuration has been fixed. In this
configuration, Qt libraries again have a 'd' suffix.
- In the -debug configuration, libraries do not have a 'd' suffix, similar
to Unix platforms.
2 changes: 1 addition & 1 deletion mkspecs/features/qt_helper_lib.prf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ win32|CONFIG(static, static|shared) {
"QMAKE_DEFINES_$${ucmodule} = $$val_escape(MODULE_DEFINES)"
android {
MODULE_PRI_CONT += "QMAKE_LIBS_$${ucmodule} ="
} else: qtConfig(debug_and_release): {
} else: if(msvc|qtConfig(debug_and_release)): {
win32: \
MODULE_DEBUG_LIBS = $$DESTDIR/$$prefix$${TARGET}d.$$suffix
else: darwin: \
Expand Down
203 changes: 203 additions & 0 deletions src/3rdparty/sqlite/patches/0001-Fix-CVE-2020-9327-in-SQLite.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,203 @@
From 63566d1fff2665b777650594eec6eefd3587e177 Mon Sep 17 00:00:00 2001
From: Andy Shaw <[email protected]>
Date: Wed, 4 Mar 2020 07:44:22 +0100
Subject: [PATCH] Fix CVE-2020-9327 in SQLite

This was taken from abc473fb8fb99900 in SQLite, ref:
https://www.sqlite.org/cgi/src/info/abc473fb8fb99900

Fixes: QTBUG-82533
Change-Id: I9840e29f19a0b861229987f5b59d8585ba2e55dc
---
.../0001-Fix-CVE-2020-9327-in-SQLite.patch | 96 +++++++++++++++++++
src/3rdparty/sqlite/sqlite3.c | 31 ++++--
2 files changed, 118 insertions(+), 9 deletions(-)
create mode 100644 src/3rdparty/sqlite/patches/0001-Fix-CVE-2020-9327-in-SQLite.patch

diff --git a/src/3rdparty/sqlite/patches/0001-Fix-CVE-2020-9327-in-SQLite.patch b/src/3rdparty/sqlite/patches/0001-Fix-CVE-2020-9327-in-SQLite.patch
new file mode 100644
index 0000000000..e0e8206db5
--- /dev/null
+++ b/src/3rdparty/sqlite/patches/0001-Fix-CVE-2020-9327-in-SQLite.patch
@@ -0,0 +1,96 @@
+From f79860e0fe251e3267a3cd5558dce98f918e0caa Mon Sep 17 00:00:00 2001
+From: Andy Shaw <[email protected]>
+Date: Wed, 4 Mar 2020 07:44:22 +0100
+Subject: [PATCH] Fix CVE-2020-9327 in SQLite
+
+Fixes: QTBUG-82533
+Change-Id: I9840e29f19a0b861229987f5b59d8585ba2e55dc
+---
+ src/3rdparty/sqlite/sqlite3.c | 31 ++++++++++++++++++++++---------
+ 1 file changed, 22 insertions(+), 9 deletions(-)
+
+diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c
+index 55dc686ee0..dfe5323a59 100644
+--- a/src/3rdparty/sqlite/sqlite3.c
++++ b/src/3rdparty/sqlite/sqlite3.c
+@@ -17428,8 +17428,11 @@ struct Table {
+ */
+ #ifndef SQLITE_OMIT_VIRTUALTABLE
+ # define IsVirtual(X) ((X)->nModuleArg)
++# define ExprIsVtab(X) \
++ ((X)->op==TK_COLUMN && (X)->y.pTab!=0 && (X)->y.pTab->nModuleArg)
+ #else
+ # define IsVirtual(X) 0
++# define ExprIsVtab(X) 0
+ #endif
+
+ /*
+@@ -104133,19 +104136,25 @@ static int impliesNotNullRow(Walker *pWalker, Expr *pExpr){
+ case TK_LT:
+ case TK_LE:
+ case TK_GT:
+- case TK_GE:
++ case TK_GE: {
++ Expr *pLeft = pExpr->pLeft;
++ Expr *pRight = pExpr->pRight;
+ testcase( pExpr->op==TK_EQ );
+ testcase( pExpr->op==TK_NE );
+ testcase( pExpr->op==TK_LT );
+ testcase( pExpr->op==TK_LE );
+ testcase( pExpr->op==TK_GT );
+ testcase( pExpr->op==TK_GE );
+- if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab))
+- || (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab))
++ /* The y.pTab=0 assignment in wherecode.c always happens after the
++ ** impliesNotNullRow() test */
++ if( (pLeft->op==TK_COLUMN && ALWAYS(pLeft->y.pTab!=0)
++ && IsVirtual(pLeft->y.pTab))
++ || (pRight->op==TK_COLUMN && ALWAYS(pRight->y.pTab!=0)
++ && IsVirtual(pRight->y.pTab))
+ ){
+- return WRC_Prune;
++ return WRC_Prune;
+ }
+-
++ }
+ default:
+ return WRC_Continue;
+ }
+@@ -142591,7 +142600,8 @@ static int isAuxiliaryVtabOperator(
+ ** MATCH(expression,vtab_column)
+ */
+ pCol = pList->a[1].pExpr;
+- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){
++ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 );
++ if( ExprIsVtab(pCol) ){
+ for(i=0; i<ArraySize(aOp); i++){
+ if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){
+ *peOp2 = aOp[i].eOp2;
+@@ -142613,7 +142623,8 @@ static int isAuxiliaryVtabOperator(
+ ** with function names in an arbitrary case.
+ */
+ pCol = pList->a[0].pExpr;
+- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){
++ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 );
++ if( ExprIsVtab(pCol) ){
+ sqlite3_vtab *pVtab;
+ sqlite3_module *pMod;
+ void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**);
+@@ -142636,10 +142647,12 @@ static int isAuxiliaryVtabOperator(
+ int res = 0;
+ Expr *pLeft = pExpr->pLeft;
+ Expr *pRight = pExpr->pRight;
+- if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){
++ testcase( pLeft->op==TK_COLUMN && pLeft->y.pTab==0 );
++ if( ExprIsVtab(pLeft) ){
+ res++;
+ }
+- if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){
++ testcase( pRight && pRight->op==TK_COLUMN && pRight->y.pTab==0 );
++ if( pRight && ExprIsVtab(pRight) ){
+ res++;
+ SWAP(Expr*, pLeft, pRight);
+ }
+--
+2.21.0 (Apple Git-122.2)
+
diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c
index 55dc686ee0..dfe5323a59 100644
--- a/src/3rdparty/sqlite/sqlite3.c
+++ b/src/3rdparty/sqlite/sqlite3.c
@@ -17428,8 +17428,11 @@ struct Table {
*/
#ifndef SQLITE_OMIT_VIRTUALTABLE
# define IsVirtual(X) ((X)->nModuleArg)
+# define ExprIsVtab(X) \
+ ((X)->op==TK_COLUMN && (X)->y.pTab!=0 && (X)->y.pTab->nModuleArg)
#else
# define IsVirtual(X) 0
+# define ExprIsVtab(X) 0
#endif

/*
@@ -104133,19 +104136,25 @@ static int impliesNotNullRow(Walker *pWalker, Expr *pExpr){
case TK_LT:
case TK_LE:
case TK_GT:
- case TK_GE:
+ case TK_GE: {
+ Expr *pLeft = pExpr->pLeft;
+ Expr *pRight = pExpr->pRight;
testcase( pExpr->op==TK_EQ );
testcase( pExpr->op==TK_NE );
testcase( pExpr->op==TK_LT );
testcase( pExpr->op==TK_LE );
testcase( pExpr->op==TK_GT );
testcase( pExpr->op==TK_GE );
- if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab))
- || (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab))
+ /* The y.pTab=0 assignment in wherecode.c always happens after the
+ ** impliesNotNullRow() test */
+ if( (pLeft->op==TK_COLUMN && ALWAYS(pLeft->y.pTab!=0)
+ && IsVirtual(pLeft->y.pTab))
+ || (pRight->op==TK_COLUMN && ALWAYS(pRight->y.pTab!=0)
+ && IsVirtual(pRight->y.pTab))
){
- return WRC_Prune;
+ return WRC_Prune;
}
-
+ }
default:
return WRC_Continue;
}
@@ -142591,7 +142600,8 @@ static int isAuxiliaryVtabOperator(
** MATCH(expression,vtab_column)
*/
pCol = pList->a[1].pExpr;
- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){
+ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 );
+ if( ExprIsVtab(pCol) ){
for(i=0; i<ArraySize(aOp); i++){
if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){
*peOp2 = aOp[i].eOp2;
@@ -142613,7 +142623,8 @@ static int isAuxiliaryVtabOperator(
** with function names in an arbitrary case.
*/
pCol = pList->a[0].pExpr;
- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){
+ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 );
+ if( ExprIsVtab(pCol) ){
sqlite3_vtab *pVtab;
sqlite3_module *pMod;
void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**);
@@ -142636,10 +142647,12 @@ static int isAuxiliaryVtabOperator(
int res = 0;
Expr *pLeft = pExpr->pLeft;
Expr *pRight = pExpr->pRight;
- if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){
+ testcase( pLeft->op==TK_COLUMN && pLeft->y.pTab==0 );
+ if( ExprIsVtab(pLeft) ){
res++;
}
- if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){
+ testcase( pRight && pRight->op==TK_COLUMN && pRight->y.pTab==0 );
+ if( pRight && ExprIsVtab(pRight) ){
res++;
SWAP(Expr*, pLeft, pRight);
}
--
2.21.0 (Apple Git-122.2)

Loading

0 comments on commit fcbbe7f

Please sign in to comment.