ubuntu-sdk-bugs team mailing list archive
-
ubuntu-sdk-bugs team
-
Mailing list archive
-
Message #00622
[Bug 1251262] Re: Qt5 windows may be randomly unmapped due to assumption sizeof(long)==4
This bug was fixed in the package qtbase-opensource-src - 5.2.1+dfsg-
1ubuntu7
---------------
qtbase-opensource-src (5.2.1+dfsg-1ubuntu7) trusty; urgency=medium
[ Colin Watson ]
* Add arm64 to archs that don't use -m64
qtbase-opensource-src (5.2.1+dfsg-1ubuntu6) trusty; urgency=medium
* Add Use-None-instead-of-GLX_NONE.patch:
- Cherry-pick upstream patch (LP: #1288278)
qtbase-opensource-src (5.2.1+dfsg-1ubuntu5) trusty; urgency=medium
* Only run tests on armhf, amd64 and i386.
qtbase-opensource-src (5.2.1+dfsg-1ubuntu4) trusty; urgency=medium
[ Chris Gagnon ]
* Enable unit tests
qtbase-opensource-src (5.2.1+dfsg-1ubuntu3) trusty; urgency=medium
* Revert the transitional package change final landing.
qtbase-opensource-src (5.2.1+dfsg-1ubuntu2) trusty; urgency=medium
* libqt5core5 transitional package to be able to run ABI related tests
qtbase-opensource-src (5.2.1+dfsg-1ubuntu1) trusty; urgency=low
[ Dmitry Shachnev ]
* Update watch file (taken from Debian).
* Fix generating documentation by building qdoc before using it.
* Remove qtcreator.qdoc from qtbase5-doc.install, as it is already in
qtbase5-dev.install.
* Merge with Debian up to 5.2.0~beta1+dfsg-3.
- Fixes build failures on powerpc and armel.
* Add debian/patches/fix_cppcodemarker_crash.patch to fix qdoc
crash that caused ubuntu-ui-toolkit to FTBFS (LP: #1217331).
[ Łukasz 'sil2100' Zemczak ]
* Cherry-pick two submitted patches to support appmenu-qt: (LP: #1157213)
- make_qkdetheme_constructor_public.diff
- platformtheme_env.diff
[ Timo Jyrinki ]
* New upstream release 5.2.1 (LP: #1256341) (LP: #1223032) (LP: #1222988)
(LP: #1223042) (LP: #1253120) (LP: #1251262)
* Sync with Debian 5.2.0+dfsg-7, remaining changes:
- Remove firebird and ibase dependencies
- Maintainer fields and Vcs-Bzr
- No gdb required on ppc64el
- Provides: qt-default to qt5-default
- Define explicit list on which archs openvg required
- Additional patches:
+ disable_overlay_scrollbars.diff
+ load_testability_from_env_var.patch
+ make_qkdetheme_constructor_public.diff
+ platformtheme_env.diff
+ qdoc-Fix-crash-in-Generator-generateInnerNode.patch
+ 0001-Do-not-overwrite-basePixmap-of-QIconLoader-PixmapEnt.patch
- Use our symbols files
- Additional multi-arch packages (not correct policy-wise)
* Drop upstream patches:
- add_since_52_to_new_QColor_features.patch
- fix_cppcodemarker_crash.patch
- fix_usr-move_workaround_in_the_presence_of_multi-arch.patch
- make_QColor_understand_AARRGGBB.patch
- Add-workaround-for-GL-on-Android-emulator.patch
- 0001-Do-not-overwrite-basePixmap-of-QIconLoader-PixmapEnt.patch
- fix_destroy_qapp_segfault.diff
* Remove Ubuntu patches:
- enable_appmenu_support.diff (obsolete)
- 0001-Implement-XEmbed-protocol.patch (submitted and merged upstream)
- fix_maliit_activation.patch (not used anymore)
- inputmethod_fix_focusout.patch (not used anymore)
- fix_number_precision_qjsondocument.patch_8e8becdc.patch (upstream)
- bug1227629.patch (merged upstream)
- fix_rowinserted.patch (LP: #1242630)
* Update symbols and mark private ones
* Add armhf specific CMake files
* Drop aarch64 patches that are reportedly not needed anymore
* Cherry-pick qdoc-Fix-crash-in-Generator-generateInnerNode.patch:
- Fix qdoc with libhud-qt (LP: #1271036)
* Add 0001-Do-not-overwrite-basePixmap-of-QIconLoader-PixmapEnt.patch:
- Backport an upstreamed fix to blurry icons (LP: #1271158)
qtbase-opensource-src (5.2.0+dfsg-7) unstable; urgency=medium
[ Dmitry Shachnev ]
* Use canonical Vcs-Browser field.
[ Lisandro Damián Nicanor Pérez Meyer ]
* Install qmake's arch-specific data in an arch-specific path by using the
hostdatadir option while calling configure.
* Upload to unstable.
qtbase-opensource-src (5.2.0+dfsg-6) experimental; urgency=medium
[ Dmitry Shachnev ]
* Build-depend on libxcb-xkb-dev, to get more input languages support.
* Also, build-depend on libxcb-sync-dev instead of removed libxcb-sync0-dev.
* Fix misspelled DEB_HOST_ARCH_OS in debian/rules comments.
* Re-introduce qtbase5-doc-html package.
[ Lisandro Damián Nicanor Pérez Meyer ]
* Backport fix_crash_stale_pointer_dereferencing.patch to solve a crash
while using harfbuzz-ng.
* Update symbols files with buildd's logs.
qtbase-opensource-src (5.2.0+dfsg-5) experimental; urgency=medium
* Workaround sparc's FTBFS due to it's qatomic code.
* Build Qt against system's harfbuzz (Closes: #733972).
* Update symbol's files unsing buildd's logs.
qtbase-opensource-src (5.2.0+dfsg-4) experimental; urgency=medium
[ Dmitry Shachnev ]
* Remove unused piece of code in debian/rules.
[ Lisandro Damián Nicanor Pérez Meyer ]
* Enable processor detection for s390[x] and sparc.
- Do not use Wcast-align on header's tests on sparc, thus avoiding a FTBFS.
* Update symbols files using buildds' logs.
* Patch out Google-AdSense tracker from examples.
* Update Standars-Version to 3.9.5, no changes required.
qtbase-opensource-src (5.2.0+dfsg-3) experimental; urgency=low
[ Pino Toscano ]
* Further fix for MIPS, also in the orderedMemoryFence implementation;
patch mips_more_pre-mips32.diff.
* rules: small simplification in the platform_arg (mkspec) selection.
* Initial support for GNU/kFreeBSD:
- provide qmake mkspec, and use LD_LIBRARY_PATH; patch gnukfreebsd.diff
- rules: use the gnukfreebsd-g++ when configure'ing
* Get rid of our glibc-g++ qmake mkspec: it was a mistake with Qt4 (3?)
already, and it is no more working with non-Linux OSes; as a consequence,
error out for OSes with no qmake mkspec explicitly set in rules.
* Remove the Pre-Depends on dpkg >= 1.15.6~, since that version is available
in Squeeze already.
[ Lisandro Damián Nicanor Pérez Meyer ]
* Update symbols files with buildds' logs.
[ Dmitry Shachnev ]
* Explicitly define all DEB_HOST_ARCH{,_BITS} variables and remove duplicate
variables.
qtbase-opensource-src (5.2.0+dfsg-2) experimental; urgency=medium
[ Pino Toscano ]
* Simplify and sort qtbase5-dev.install-armel and qtbase5-dev.install-armhf.
* Include sys/utsname.h for uname(3); patch uname_include.diff.
* Move few Linux-only files from qtbase5-dev.install-common to
qtbase5-dev.install-linux.
* Remove the cmake files of QtSql plugins on dh_auto_install phase instead
of dh_install.
qtbase-opensource-src (5.2.0+dfsg-1) experimental; urgency=low
[ Dmitry Shachnev ]
* Fix two wrongly sorted lines in qtbase5-private-dev.install (thanks Timo).
* Do not list armhf-specific paths in qtbase5-dev.install-armel.
[ Lisandro Damián Nicanor Pérez Meyer ]
* New upstream release.
* Update install files.
* Update symbols files, marking private symbols as such.
* Remove Disallow_deep_or_widely_nested_entity_references.patch, it has been
applied upstream.
* Upstream made all archs use double for qreal (see #731261 for more
context).
- Rename libqt5core5 to libqt5core5a to help in the transition:
- Make libqt5core5a break and replace libqt5core5 << 5.2.0+dfsg~.
- Rename the associated files (install, lintian-overrides and symbols).
- Adjust dependencies in debian/control.
- Add lintian override for package not matching SONAME.
- Re create symbols that used the qreal subst, they are now all doubles.
* A user of Qt built by a distro doesn't needs to find where the SQL plugins
are via CMake. Do not install them (Closes: #729602).
qtbase-opensource-src (5.2.0~beta1+dfsg-3) experimental; urgency=low
[ Lisandro Damián Nicanor Pérez Meyer ]
* Also install KSM/EGL CMake's configuration files for armel:
- Create debian/qtbase5-dev.install-armel.
* Install the QEvdev CMake related files only in Linux, as they are not
present in Hurd.
* Update symbols files.
qtbase-opensource-src (5.2.0~beta1+dfsg-2) experimental; urgency=low
* Install KMS/EGL CMake's configuration files for armhf.
- Create debian/qtbase5-dev.install-armhf.
- Move debian/qtbase5-dev.install to debian/qtbase5-dev.install-common.
* Update symbols files.
* Import upstream's fix_power_atomic_code.patch for fixing PowerPC's FTBFS
(Closes: #729265). Thanks Aurelien Jarno for the patch.
* Import upstream's support_mips_atomic_on_pre-mips32_archs.patch for fixing
MIPS's FTBFS (Closes: #729187). Thanks Aurelien Jarno for the patch.
qtbase-opensource-src (5.2.0~beta1+dfsg-1) experimental; urgency=low
[ Dmitry Shachnev ]
* New upstream beta release.
* Drop fix_usr-move_workaround_in_the_presence_of_multi-arch.patch,
applied upstream.
* Update .install files for new upstream release.
* Make libqt5core5 provide qtbase-abi-5-2-0.
* Update symbols files.
* Add myself to Uploaders.
[ Lisandro Damián Nicanor Pérez Meyer ]
* Use newer qtbase-abi-5-2-0 in lintian-overrides files.
qtbase-opensource-src (5.1.1+dfsg-6) unstable; urgency=high
* Backport Disallow_deep_or_widely_nested_entity_references.patch to fix
CVE-2013-4549: XML Entity Expansion Denial of Service. Set severity
to high.
* Update symbols files with buildds' logs.
qtbase-opensource-src (5.1.1+dfsg-5) unstable; urgency=low
* Add mips64 and mipsel64 to the list of archs that should use linux-g++
instead of linux-g++-64 (Closes: #727139).
qtbase-opensource-src (5.1.1+dfsg-4) unstable; urgency=low
[ Pino Toscano ]
* Limit the libasound2-dev build dependency as linux-any, as the oss-alsa
replacement is not usable for qt5 anyway.
* Remove X11R6 library- and include-dirs from the hurd-g++ mkspec, as they
might cause issues; patch hurd_opengl_incldir.diff.
* Update symbols files.
qtbase-opensource-src (5.1.1+dfsg-3) unstable; urgency=low
[ Pino Toscano ]
* Move libcomposeplatforminputcontextplugin.so, libqoffscreen.so and
libqgtk2.so from libqt5gui5.install-linux to libqt5gui5.install-common,
as they are compiled also on non-Linux OSes.
qtbase-opensource-src (5.1.1+dfsg-2) unstable; urgency=low
* Add upstream patch
fix_usr-move_workaround_in_the_presence_of_multi-arch.patch to solve
a CMake paths issue that involved a workaround for other distros
(Closes: #721176).
* Update symbols files with symbols from other archs.
qtbase-opensource-src (5.1.1+dfsg-1) unstable; urgency=low
* New upstream release.
* Remove patches applied upstresm:
- deppath_gnu.diff, the fix is now included upstream.
- Dont_check_for_the_existence_of_priv_inc_dirs.patch
* Update amd64 symbols and mark the private ones.
* Update lintian overrides.
qtbase-opensource-src (5.1.0+dfsg-5) unstable; urgency=low
[ Pino Toscano ]
* Extend patch sha3_64bit_BE.diff with another needed function; should
really fix build on s390x and ppc64 now.
qtbase-opensource-src (5.1.0+dfsg-4) unstable; urgency=low
[ Pino Toscano ]
* Fix build of the SHA3 implementation on 64bit big endian architectures
(e.g. s390x and ppc64); patch sha3_64bit_BE.diff.
* Update/simplify lintian overrides.
* Fix build on ia64 by disabling the use of Linux perf events, which do not
seem present on linux/ia64 kernels; patch linux_no_perf.diff.
qtbase-opensource-src (5.1.0+dfsg-3) unstable; urgency=low
* Upload to unstable.
qtbase-opensource-src (5.1.0+dfsg-2) experimental; urgency=low
* Add libxkbcommon-dev as build dependency, thus avoiding using the bundled
lib.
* Minor improvement of mark_private_symbols.sh.
* Add Dont_check_for_the_existence_of_priv_inc_dirs.patch that avoids making
our users install private headers in order to compile with CMake
(Closes: #718348).
* Armel also builds libqkms.so, added to the proper install file.
* Update symbols files.
qtbase-opensource-src (5.1.0+dfsg-1) experimental; urgency=low
* New upstream release.
* Do not build depend on libopenvg1-mesa-dev on hurd, it's not available
there.
* Fix watch file with new url.
* Make libqt5core5 provide qtbase-abi-5-1-0.
* Update symbols files with latest 5.0.2 build logs.
* Remove patches applied upstream:
- undef_B0.diff
- Rename-qAbs-Function-for-timeval.patch
- build_examples.patch, adding the new -compile-examples switch.
* Refresh patches: deppath_gnu.diff.
* Bump Build-Depends-Indep qttools5-dev-tools dependency to << 5.1.0~.
* Do not remove the include dir on cleaning the sources. Prior to Qt 5.1 perl
would be run and re-create the includes. In 5.1, perl only runs if .git is
found and the build is done out-of-source. Thanks Pino and Thiago for the
hints.
* Fix typo in -no-direcfb switch in configure.
* Update install files.
* Update symbols files with current build. The missing symbols seemed to be
internal/private stuff and optional ones, so everything should be OK.
* Mark private symbols in symbols files.
* Add a lintian override for libqt5core5. Symbols should declare a dependency
on qtbase-abi-5-1-0.
* Change symbols files and lintian overrides to provide qtbase-abi-5-1-0.
* Minimal improve of README.source with private symbols handling.
* Remove doc packages. The build system has changed and I can't build them
anymore.
- Remove independent build deps.
- Remove the doc packages from debian/control.
- Remove their asociated install files.
- Remove the indep targets in debian/rules.
-- Timo Jyrinki <timo-jyrinki@xxxxxxxxxx> Mon, 10 Mar 2014 11:01:46 +0000
** Changed in: qtbase-opensource-src (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4549
--
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1251262
Title:
Qt5 windows may be randomly unmapped due to assumption sizeof(long)==4
Status in “qtbase-opensource-src” package in Ubuntu:
Fix Released
Bug description:
The patch debian/patches/0001-Implement-XEmbed-protocol.patch adds
XEmbed protocol support, but it has some undefined behaviour bugs on
LP64 systems like x86-64. In particular, the _XEMBED_INFO property is
defined as two CARD32 values (http://standards.freedesktop.org/xembed-
spec/xembed-spec-latest.html#id2877439), but it is cast as "long" in
some places e.g.
+ /* Add XEMBED info; this operation doesn't initiate the embedding. */
+ long data[] = { XEMBED_VERSION, XEMBED_MAPPED };
+ Q_XCB_CALL(xcb_change_property(xcb_connection(), XCB_PROP_MODE_REPLACE, m_window,
+ atom(QXcbAtom::_XEMBED_INFO),
+ atom(QXcbAtom::_XEMBED_INFO),
+ 32, 2, (void *)data));
...
+ const xcb_get_property_cookie_t get_cookie =
+ xcb_get_property(xcb_connection(), 0, m_window, xEmbedInfoAtom,
+ XCB_ATOM_ANY, 0, 3);
+
+ xcb_get_property_reply_t *reply =
+ xcb_get_property_reply(xcb_connection(), get_cookie, NULL);
+ if (reply && reply->length >= 2) {
+ const long *data = (const long *)xcb_get_property_value(reply);
+ if (data[1] & XEMBED_MAPPED)
+ Q_XCB_CALL(xcb_map_window(xcb_connection(), m_window));
+ else
+ Q_XCB_CALL(xcb_unmap_window(xcb_connection(), m_window));
+ }
I discovered this when some code I compiled with -fsanitize=address
would pop up a window for an instant before it was unmapped again -
since the reply only contains two 32-bit words (I confirmed with a
debugger than reply->length == 2 and reply->format == 32), data[1] has
undefined contents. On the sending side, it is actually sending {0, 0}
rather than the intended {0, 1}. Changing "long" to "quint32" made the
problem go away.
I don't know if this is a complete fix - there are other places where
'long' is used and I don't know enough about XCB to know whether
they're broken or not (and I'd never heard of XEmbed until a few hours
ago... I'm definitely not an expert on this stuff).
Incidentally, I also have no idea why the call to xcb_get_property
passes 3 as the length, when only 2 words are expected or examined.
I used ubuntu-bug so hopefully it will pick up all the relevant
information about my system, but just in case: I'm running 13.10 on
x86-64, and I'm building from qtbase-opensource-
src_5.0.2+dfsg1-7ubuntu11.
ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: libqt5gui5 5.0.2+dfsg1-7ubuntu11
ProcVersionSignature: Ubuntu 3.11.0-13.20-generic 3.11.6
Uname: Linux 3.11.0-13-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.12.5-0ubuntu2.1
Architecture: amd64
Date: Thu Nov 14 16:13:16 2013
InstallationDate: Installed on 2011-05-25 (904 days ago)
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110426)
MarkForUpload: True
SourcePackage: qtbase-opensource-src
UpgradeStatus: Upgraded to saucy on 2013-10-25 (19 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1251262/+subscriptions