[Medium] Patch qtbase for CVE-2025-5455 (microsoft#14142)

akhila-guruju · web-flow · commit d92d9578f94b · 2025-07-21T17:34:47.000+05:30
diff --git a/SPECS/qtbase/CVE-2025-5455.patch b/SPECS/qtbase/CVE-2025-5455.patch
@@ -0,0 +1,49 @@
+From 25c4ed587ff4b16ea682721ffad16031bb91f03e Mon Sep 17 00:00:00 2001
+From: akhila-guruju <v-guakhila@microsoft.com>
+Date: Tue, 15 Jul 2025 06:19:38 +0000
+Subject: [PATCH] Address CVE-2025-5455
+
+Upstream patch reference:
+ 1. https://download.qt.io/official_releases/qt/6.5/CVE-2025-5455-qtbase-6.5.patch
+ 2. for test: https://codereview.qt-project.org/c/qt/qtbase/+/642006/7/tests/auto/corelib/io/qdataurl/tst_qdataurl.cpp
+---
+ src/corelib/io/qdataurl.cpp                     | 9 +++++----
+ tests/auto/corelib/io/qdataurl/tst_qdataurl.cpp | 2 ++
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/src/corelib/io/qdataurl.cpp b/src/corelib/io/qdataurl.cpp
+index 92c6f541..9ace4e1f 100644
+--- a/src/corelib/io/qdataurl.cpp
++++ b/src/corelib/io/qdataurl.cpp
+@@ -42,10 +42,11 @@ Q_CORE_EXPORT bool qDecodeDataUrl(const QUrl &uri, QString &mimeType, QByteArray
+         }
+ 
+         if (QLatin1StringView{data}.startsWith("charset"_L1, Qt::CaseInsensitive)) {
+-            qsizetype i = 7;      // strlen("charset")
+-            while (data.at(i) == ' ')
+-                ++i;
+-            if (data.at(i) == '=')
++            qsizetype prefixSize = 7; // strlen("charset")
++            QByteArrayView copy(data.constData() + prefixSize, data.size() - prefixSize);
++            while (copy.startsWith(' '))
++                copy = copy.sliced(1);
++            if (copy.startsWith('='))
+                 data.prepend("text/plain;");
+         }
+ 
+diff --git a/tests/auto/corelib/io/qdataurl/tst_qdataurl.cpp b/tests/auto/corelib/io/qdataurl/tst_qdataurl.cpp
+index 8cc1b0ae..c1db6d59 100644
+--- a/tests/auto/corelib/io/qdataurl/tst_qdataurl.cpp
++++ b/tests/auto/corelib/io/qdataurl/tst_qdataurl.cpp
+@@ -34,6 +34,8 @@ void tst_QDataUrl::decode_data()
+         "text/plain"_L1, QByteArray::fromPercentEncoding("%E2%88%9A"));
+     row("everythingIsCaseInsensitive", "Data:texT/PlaiN;charSet=iSo-8859-1;Base64,SGVsbG8=", true,
+         "texT/PlaiN;charSet=iSo-8859-1"_L1, QByteArrayLiteral("Hello"));
++    row("prematureCharsetEnd", "data:charset,", true,
++        "charset", ""); // nonsense result, but don't crash
+ }
+ 
+ void tst_QDataUrl::decode()
+-- 
+2.45.2
+
diff --git a/SPECS/qtbase/qtbase.spec b/SPECS/qtbase/qtbase.spec
@@ -35,7 +35,7 @@
 Name:         qtbase
 Summary:      Qt6 - QtBase components
 Version:      6.6.3
-Release:      3%{?dist}
+Release:      4%{?dist}
 # See LICENSE.GPL3-EXCEPT.txt, for exception details
 License:      GFDL AND LGPLv3 AND GPLv2 AND GPLv3 with exceptions AND QT License Agreement 4.0
 Vendor:       Microsoft Corporation
@@ -98,6 +98,7 @@ Patch61: qtbase-cxxflag.patch
 # fix for new mariadb
 Patch65: qtbase-mysql.patch
 Patch66: CVE-2025-30348.patch
+Patch67: CVE-2025-5455.patch
 
 # Do not check any files in %%{_qt_plugindir}/platformthemes/ for requires.
 # Those themes are there for platform integration. If the required libraries are
@@ -702,6 +703,9 @@ fi
 %{_qt_plugindir}/platformthemes/libqxdgdesktopportal.so
 
 %changelog
+* Fri Jun 27 2025 Akhila Guruju <v-guakhila@microsoft.com> - 6.6.3-4
+- Patch CVE-2025-5455
+
 * Wed Mar 26 2025 Jyoti Kanase <v-jykanase@microsoft.com> - 6.6.3-3
 - Fix CVE-2025-30348
 
