[Medium] patch qt5-qtbase for CVE-2025-30348 (#14007)

jykanase · web-flow · commit 13c8e54c2330 · 2025-06-23T15:27:57.000+05:30
diff --git a/SPECS/qt5-qtbase/CVE-2025-30348.patch b/SPECS/qt5-qtbase/CVE-2025-30348.patch
@@ -0,0 +1,93 @@
+From ccf4cbf309f7d1da4df07e2239e5b674b9534bce Mon Sep 17 00:00:00 2001
+From: jykanase <v-jykanase@microsoft.com>
+Date: Fri, 13 Jun 2025 14:00:19 +0000
+Subject: [PATCH] CVE-2025-30348.patch
+
+Upstream Patch Reference: https://codereview.qt-project.org/c/qt/qtbase/+/581442/1/src/xml/dom/qdom.cpp#3643
+---
+ src/xml/dom/qdom.cpp | 60 ++++++++++++++------------------------------
+ 1 file changed, 19 insertions(+), 41 deletions(-)
+
+diff --git a/src/xml/dom/qdom.cpp b/src/xml/dom/qdom.cpp
+index dd6916f9..cb33b78c 100644
+--- a/src/xml/dom/qdom.cpp
++++ b/src/xml/dom/qdom.cpp
+@@ -4159,56 +4159,34 @@ static QString encodeText(const QString &str,
+     const QTextCodec *const codec = s.codec();
+     Q_ASSERT(codec);
+ #endif
+-    QString retval(str);
+-    int len = retval.length();
+-    int i = 0;
++    const qsizetype len = str.size();
++    QString retval;
++    retval.reserve(len * 1.2);
++    qsizetype i = 0;
+ 
+     while (i < len) {
+-        const QChar ati(retval.at(i));
++        const QChar ati(str.at(i));
+ 
+         if (ati == QLatin1Char('<')) {
+-            retval.replace(i, 1, QLatin1String("&lt;"));
+-            len += 3;
+-            i += 4;
++            retval.append(QLatin1String("&lt;"));
+         } else if (encodeQuotes && (ati == QLatin1Char('"'))) {
+-            retval.replace(i, 1, QLatin1String("&quot;"));
+-            len += 5;
+-            i += 6;
++            retval.append(QLatin1String("&quot;"));
+         } else if (ati == QLatin1Char('&')) {
+-            retval.replace(i, 1, QLatin1String("&amp;"));
+-            len += 4;
+-            i += 5;
+-        } else if (ati == QLatin1Char('>') && i >= 2 && retval[i - 1] == QLatin1Char(']') && retval[i - 2] == QLatin1Char(']')) {
+-            retval.replace(i, 1, QLatin1String("&gt;"));
+-            len += 3;
+-            i += 4;
++            retval.append(QLatin1String("&amp;"));
++        } else if (ati == QLatin1Char('>') && i >= 2 && str.at(i - 1) == QLatin1Char(']') && str.at(i - 2) == QLatin1Char(']')) {
++            retval.append(QLatin1String("&gt;"));
+         } else if (performAVN &&
+-                   (ati == QChar(0xA) ||
+-                    ati == QChar(0xD) ||
+-                    ati == QChar(0x9))) {
++                   (ati == QLatin1Char(0xA) ||
++                    ati == QLatin1Char(0xD) ||
++                    ati == QLatin1Char(0x9))) {
+             const QString replacement(QLatin1String("&#x") + QString::number(ati.unicode(), 16) + QLatin1Char(';'));
+-            retval.replace(i, 1, replacement);
+-            i += replacement.length();
+-            len += replacement.length() - 1;
+-        } else if (encodeEOLs && ati == QChar(0xD)) {
+-            retval.replace(i, 1, QLatin1String("&#xd;")); // Replace a single 0xD with a ref for 0xD
+-            len += 4;
+-            i += 5;
++            retval.append(replacement);
++        } else if (encodeEOLs && ati == QLatin1Char(0xD)) {
++            retval.append(QLatin1String("&#xd;")); // Replace a single 0xD with a ref for 0xD
+         } else {
+-#if QT_CONFIG(textcodec)
+-            if(codec->canEncode(ati))
+-                ++i;
+-            else
+-#endif
+-            {
+-                // We have to use a character reference to get it through.
+-                const ushort codepoint(ati.unicode());
+-                const QString replacement(QLatin1String("&#x") + QString::number(codepoint, 16) + QLatin1Char(';'));
+-                retval.replace(i, 1, replacement);
+-                i += replacement.length();
+-                len += replacement.length() - 1;
+-            }
+-        }
++	    retval.append(ati);
++        } 
++	++i;
+     }
+ 
+     return retval;
+-- 
+2.45.2
+
diff --git a/SPECS/qt5-qtbase/qt5-qtbase.spec b/SPECS/qt5-qtbase/qt5-qtbase.spec
@@ -33,7 +33,7 @@
 Name:         qt5-qtbase
 Summary:      Qt5 - QtBase components
 Version:      5.12.11
-Release:      15%{?dist}
+Release:      16%{?dist}
 # See LICENSE.GPL3-EXCEPT.txt, for exception details
 License:      GFDL AND LGPLv3 AND GPLv2 AND GPLv3 with exceptions AND QT License Agreement 4.0
 Vendor:       Microsoft Corporation
@@ -167,6 +167,7 @@ Patch93: CVE-2022-25255.patch
 
 Patch94: CVE-2024-25580.patch
 Patch95: CVE-2023-34410.patch
+Patch96: CVE-2025-30348.patch
 
 # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
 # Those themes are there for platform integration. If the required libraries are
@@ -270,20 +271,7 @@ Qt5 libraries used for drawing widgets and OpenGL items.
 %patch68 -p1
 
 %patch80 -p1 -b .use-wayland-on-gnome.patch
-%patch81 -p1
-%patch82 -p1
-%patch83 -p1
-%patch84 -p1
-%patch86 -p1
-%patch87 -p1
-%patch88 -p1
-%patch89 -p1
-%patch90 -p1
-%patch91 -p1
-%patch92 -p1
-%patch93 -p1
-%patch94 -p1
-%patch95 -p1
+%autopatch -p1 -m 81
 
 ## upstream patches
 
@@ -789,6 +777,9 @@ fi
 %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QXdgDesktopPortalThemePlugin.cmake
 
 %changelog
+* Fri Jun 13 2025 Jyoti Kanase <v-jykanase@microsoft.com> - 5.12.11-16
+- Fix CVE-2025-30348
+
 * Fri Feb 14 2025 Archana Shettigar <v-shettigara@microsoft.com> - 5.12.11-15
 - Add patch to resolve CVE-2024-25580 & CVE-2023-34410
 
