From 8e8dc649b29d456cbb1e3633b10e6d0b6ebb036c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20Gro=C3=9F?= Date: Sat, 16 Sep 2023 17:24:40 +0200 Subject: [PATCH] Update Qt package to fix CVE-2023-4863 --- hifi_qt.py | 6 ++-- tools/qt-builder/Dockerfile_Ubuntu_20.04_Qt5 | 30 ++++++++++---------- 2 files changed, 17 insertions(+), 19 deletions(-) diff --git a/hifi_qt.py b/hifi_qt.py index f22d8099ef7..01aeaafa26f 100644 --- a/hifi_qt.py +++ b/hifi_qt.py @@ -151,10 +151,8 @@ def __init__(self, args): # The `or 0` conditional assignment prevents the int parsing error from hiding the useful Qt package error u_major = int( distro.major_version() or '0' ) if distro.id() == 'ubuntu' or distro.id() == 'linuxmint': - if (distro.id() == 'ubuntu' and u_major == 18) or distro.id() == 'linuxmint' and u_major == 19: - self.qtUrl = self.assets_url + '/dependencies/qt5/qt5-install-5.15.5-2022.07.17-kde_ea4efc067b47c11b1aac61668afd8578a6834f5b-ubuntu-18.04-amd64.tar.xz' - elif (distro.id() == 'ubuntu' and u_major == 20) or distro.id() == 'linuxmint' and u_major == 20: - self.qtUrl = self.assets_url + '/dependencies/qt5/qt5-install-5.15.5-2022.08.12-kde_0b4d44f2ff1103349bac22b9b207cfcc1f50a53a-ubuntu-20.04-amd64.tar.xz' + if (distro.id() == 'ubuntu' and u_major == 20) or distro.id() == 'linuxmint' and u_major == 20: + self.qtUrl = self.assets_url + '/dependencies/qt5/qt5-install-5.15.10-2023.09.16-kde_15e6be42c230046646237698fa761b8fb3df71ee-ubuntu-20.04-amd64.tar.xz' elif (distro.id() == 'ubuntu' and u_major > 20) or (distro.id() == 'linuxmint' and u_major > 20): self.__no_qt_package_error() else: diff --git a/tools/qt-builder/Dockerfile_Ubuntu_20.04_Qt5 b/tools/qt-builder/Dockerfile_Ubuntu_20.04_Qt5 index 94bda6d4107..0d7173f450f 100644 --- a/tools/qt-builder/Dockerfile_Ubuntu_20.04_Qt5 +++ b/tools/qt-builder/Dockerfile_Ubuntu_20.04_Qt5 @@ -4,11 +4,11 @@ # - Check which commit you are building https://invent.kde.org/qt/qt/qt5/-/tree/kde/5.15 # - Adjust this file to include the commit hash you are building, the date, the number of threads you want to use (-j10), the platform, and the Qt and QtWebEngine versions. # Keep in mind that building Qt requires a lot of memory. You should have over 1.2GiB of system memory available per thread. -# - Run the build process with something like `PROGRESS_NO_TRUNC=1 DOCKER_BUILDKIT=1 BUILDKIT_STEP_LOG_MAX_SIZE=-1 docker build --progress plain -t overte-qt5:5.15.9-2023.05.21-kde_fb3ec282151b1ee281a24f0545a40ac6438537c2 -f Dockerfile_Ubuntu_20.04_Qt5 .` +# - Run the build process with something like `PROGRESS_NO_TRUNC=1 DOCKER_BUILDKIT=1 BUILDKIT_STEP_LOG_MAX_SIZE=-1 docker build --progress plain -t overte-qt5:5.15.10-2023.09.16-kde_15e6be42c230046646237698fa761b8fb3df71ee -f Dockerfile_Ubuntu_20.04_Qt5 .` # Buildkit is used to cache intermittent steps in case you need to modify something afterwards. # - Once the build has completed, create a container from the image and export the created Qt package. -# `docker create --name extract overte-qt5:5.15.9-2023.05.21-kde_fb3ec282151b1ee281a24f0545a40ac6438537c2` -# `docker cp extract:qt5-install-5.15.9-2023.05.21-kde_fb3ec282151b1ee281a24f0545a40ac6438537c2-ubuntu-20.04-amd64.tar.xz /path/on/host` +# `docker create --name extract overte-qt5:5.15.10-2023.09.16-kde_15e6be42c230046646237698fa761b8fb3df71ee` +# `docker cp extract:qt5-install-5.15.10-2023.09.16-kde_15e6be42c230046646237698fa761b8fb3df71ee-ubuntu-20.04-amd64.tar.xz /path/on/host` # `docker rm extract` FROM ubuntu:20.04 @@ -42,32 +42,32 @@ RUN sed -i qt5/qtbase/mkspecs/linux-g++-64/qmake.conf -e 's/\/usr\/X11R6\/lib64/ RUN apt-get -y build-dep qt5-default # Install build dependencies -RUN apt-get -y install git python gperf flex bison pkg-config mesa-utils libgl1-mesa-dev make g++ libdbus-glib-1-dev libnss3-dev nodejs libxkbfile-dev libx11-dev +RUN apt-get -y install git python gperf flex bison pkg-config mesa-utils libgl1-mesa-dev make g++ libdbus-glib-1-dev libnss3-dev nodejs libxkbfile-dev libx11-dev libwebp-dev RUN mkdir qt5-install && mkdir qt5-build WORKDIR qt5-build RUN ../qt5/configure -force-debug-info -release -opensource -confirm-license -platform linux-g++ -recheck-all -nomake tests -nomake examples -skip qttranslations -skip qtserialport -skip qt3d -skip qtlocation -skip qtwayland -skip qtsensors -skip qtgamepad -skip qtcharts -skip qtx11extras -skip qtmacextras -skip qtvirtualkeyboard -skip qtpurchasing -skip qtdatavis3d -skip qtlottie -skip qtquick3d -skip qtpim -skip qtdocgallery -no-warnings-are-errors -no-pch -no-icu -prefix ../qt5-install -RUN NINJAFLAGS='-j16' make -j16 +RUN NINJAFLAGS='-j6' make -j6 -RUN make -j16 module-qtscript +RUN make -j6 module-qtscript -RUN make -j16 install +RUN make -j6 install WORKDIR ./qtscript -RUN make -j16 install +RUN make -j6 install WORKDIR ../../qt5-install RUN find . -name \*.prl -exec sed -i -e '/^QMAKE_PRL_BUILD_DIR/d' {} \; # Overwrite QtWebengine version to work around version conflicts -RUN find . -name \Qt5WebEngine*Config.cmake -exec sed -i '' -e 's/5\.15\.14/5\.15\.9/g' {} \; -RUN cp lib/libQt5WebEngine.so.5.15.14 lib/libQt5WebEngine.so.5.15.9 -RUN cp lib/libQt5WebEngineCore.so.5.15.14 lib/libQt5WebEngineCore.so.5.15.9 -RUN cp lib/libQt5WebEngineWidgets.so.5.15.14 lib/libQt5WebEngineWidgets.so.5.15.9 -RUN cp lib/libQt5Pdf.so.5.15.14 lib/libQt5Pdf.so.5.15.9 -RUN cp lib/libQt5PdfWidgets.so.5.15.14 lib/libQt5PdfWidgets.so.5.15.9 +RUN find . -name \Qt5WebEngine*Config.cmake -exec sed -i '' -e 's/5\.15\.14/5\.15\.10/g' {} \; +RUN cp lib/libQt5WebEngine.so.5.15.14 lib/libQt5WebEngine.so.5.15.10 +RUN cp lib/libQt5WebEngineCore.so.5.15.14 lib/libQt5WebEngineCore.so.5.15.10 +RUN cp lib/libQt5WebEngineWidgets.so.5.15.14 lib/libQt5WebEngineWidgets.so.5.15.10 +RUN cp lib/libQt5Pdf.so.5.15.14 lib/libQt5Pdf.so.5.15.10 +RUN cp lib/libQt5PdfWidgets.so.5.15.14 lib/libQt5PdfWidgets.so.5.15.10 COPY ./qt.conf ./bin/ @@ -75,4 +75,4 @@ COPY ./qt.conf ./bin/ RUN cp ../qt5-build/config.summary ./ WORKDIR .. -RUN XZ_OPT='-T0' tar -Jcvf qt5-install-5.15.9-2023.05.21-kde_fb3ec282151b1ee281a24f0545a40ac6438537c2-ubuntu-20.04-amd64.tar.xz qt5-install +RUN XZ_OPT='-T0' tar -Jcvf qt5-install-5.15.10-2023.09.16-kde_15e6be42c230046646237698fa761b8fb3df71ee-ubuntu-20.04-amd64.tar.xz qt5-install