diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9f60159b0..6ef975bd7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,7 +13,7 @@ jobs: MACOSX_DEPLOYMENT_TARGET: 11.0 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: recursive - name: Download artifact @@ -68,7 +68,7 @@ jobs: if: matrix.container != 'ubuntu:20.04' run: apt update -qq && apt install --no-install-recommends -y git lsb-release fakeroot build-essential devscripts debhelper pkg-config cmake libldap2-dev gettext libpcsclite-dev libssl-dev libgl-dev libqt6svg6-dev qt6-tools-dev qt6-tools-dev-tools qt6-l10n-tools libqt6core5compat6-dev lintian libflatbuffers-dev zlib1g-dev - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: recursive - name: Download artifact @@ -112,7 +112,7 @@ jobs: - name: Install Deps run: dnf install -y git gcc-c++ cmake rpm-build gettext openssl-devel openldap-devel pcsc-lite-devel qt6-qtsvg-devel qt6-qttools-devel qt6-qt5compat-devel flatbuffers-devel flatbuffers-compiler zlib-devel - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: recursive - name: Download artifact @@ -151,7 +151,7 @@ jobs: VER_SUFFIX: .VS${{ matrix.vcver }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: recursive - name: Download artifact @@ -175,7 +175,7 @@ jobs: - name: Install Qt uses: jurplel/install-qt-action@v3 with: - version: 6.5.2 + version: 6.5.3 arch: win64_msvc2019_64 modules: qt5compat - name: Setup dev env @@ -187,10 +187,9 @@ jobs: run: | md build/client copy ${{ env.RUNVCPKG_VCPKG_ROOT }}\installed\x64-windows\bin\*.dll build\client\ - cmake "-GNinja" -DCMAKE_BUILD_TYPE=RelWithDebInfo ` + cmake "-GNinja" -B build -S . -DCMAKE_BUILD_TYPE=RelWithDebInfo ` -DCMAKE_TOOLCHAIN_FILE=${{ env.RUNVCPKG_VCPKG_ROOT }}/scripts/buildsystems/vcpkg.cmake ` - "-DLIBDIGIDOCPP_LIBRARY=libs/libdigidocpp/x64/digidocpp.lib" ` - "-DLIBDIGIDOCPP_INCLUDE_DIR=libs/libdigidocpp/include" -B build -S . + "-DLibDigiDocpp_ROOT=libs/libdigidocpp" cmake --build build --target msi cmake --build build --target appx - name: Archive artifacts @@ -209,7 +208,7 @@ jobs: PROJECTNAME: open-eid/DigiDoc4-Client steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: recursive - name: Install dependencies @@ -253,7 +252,7 @@ jobs: security-events: write steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: recursive - name: Install dependencies diff --git a/README.md b/README.md index d89e81bf7..d33030e2f 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,7 @@ 3. Configure cmake -B build -S . \ - -DCMAKE_PREFIX_PATH=~/cmake_builds/Qt-6.5.1-OpenSSL + -DCMAKE_PREFIX_PATH=~/cmake_builds/Qt-6.5.3-OpenSSL -DOPENSSL_ROOT_DIR=~/cmake_build/OpenSSL \ -DLDAP_ROOT=~/cmake_build/OpenLDAP \ -DCMAKE_OSX_ARCHITECTURES="x86_64;arm64" @@ -93,7 +93,7 @@ 3. Configure - cmake -G"NMAKE Makefiles" -DCMAKE_PREFIX_PATH="C:\Qt\6.5.1\msvc2019\lib\cmake\Qt6" -B build -S . + cmake -G"NMAKE Makefiles" -DCMAKE_PREFIX_PATH=C:\Qt\6.5.3\msvc2019_x64 -DLibDigiDocpp_ROOT="C:\Program Files (x86)\libdigidocpp" -B build -S . 4. Build diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index fb3cbce3b..9bdeade4a 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,3 +1,15 @@ +DigiDoc4 version [4.4.0](https://github.com/open-eid/DigiDoc4-Client/releases/tag/v4.4.0) release notes +-------------------------------------- +- Code, Text and translation improvements and updates + +[Full Changelog](https://github.com/open-eid/DigiDoc4-Client/compare/v4.3.0...v4.4.0) + +DigiDoc4 version [4.3.0](https://github.com/open-eid/DigiDoc4-Client/releases/tag/v4.3.0) release notes +-------------------------------------- +- Code, Text and translation improvements and updates + +[Full Changelog](https://github.com/open-eid/DigiDoc4-Client/compare/v4.2.14...v4.3.0) + DigiDoc4 version [4.2.14](https://github.com/open-eid/DigiDoc4-Client/releases/tag/v4.2.14) release notes -------------------------------------- - Code, Text and translation improvements and updates diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 7c79420bd..3312e6f96 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -199,7 +199,14 @@ elseif(WIN32) target_compile_options(${PROJECT_NAME} PRIVATE "/guard:cf") target_link_options(${PROJECT_NAME} PRIVATE "/guard:cf" $<$:/INTEGRITYCHECK>) target_link_libraries(${PROJECT_NAME} NCrypt Crypt32 Cryptui) - get_filename_component(LIBS_PATH ${LIBDIGIDOCPP_LIBRARIES} DIRECTORY) + cmake_parse_arguments(GETLIB "" "optimized;debug" "" ${LIBDIGIDOCPP_LIBRARY}) + if(GETLIB_debug AND CMAKE_BUILD_TYPE STREQUAL "Debug") + get_filename_component(LIBS_PATH ${GETLIB_debug} DIRECTORY) + elseif(GETLIB_optimized) + get_filename_component(LIBS_PATH ${GETLIB_optimized} DIRECTORY) + else() + get_filename_component(LIBS_PATH ${GETLIB_UNPARSED_ARGUMENTS} DIRECTORY) + endif() if(CMAKE_SIZEOF_VOID_P EQUAL 8) set(PLATFORM x64) set(OPENSSL_SUFFIX "-x64") diff --git a/cmake b/cmake index 01ec22ddc..b8799741a 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 01ec22ddceaf93824737bed3158bd4a560c4af9d +Subproject commit b8799741abb8466fb6df8b5afeb3a5f0dd019e3c diff --git a/debian/control b/debian/control index 82d06f64a..857a5d625 100644 --- a/debian/control +++ b/debian/control @@ -20,10 +20,11 @@ Package: qdigidoc4 Architecture: any Depends: opensc-pkcs11, - python3-nautilus|python-nautilus, qt6-qpa-plugins | libqt5gui5, ${shlibs:Depends}, ${misc:Depends} +Recommends: + python3-nautilus:any|python-nautilus Replaces: qdigidoc (<< 3.14) Description: Estonian digital signature application diff --git a/prepare_osx_build_environment.sh b/prepare_osx_build_environment.sh index 0838dd717..06cdabca2 100755 --- a/prepare_osx_build_environment.sh +++ b/prepare_osx_build_environment.sh @@ -4,7 +4,7 @@ set -e ######### Versions of libraries/frameworks to be compiled -QT_VER="6.5.2" +QT_VER="6.5.3" OPENSSL_VER="3.0.11" OPENLDAP_VER="2.6.6" REBUILD=false @@ -108,229 +108,6 @@ if [[ "$REBUILD" = true || ! -d ${QT_PATH} ]] ; then tar xf ${PACKAGE}.tar.xz pushd ${PACKAGE} if [[ "${PACKAGE}" == *"qtbase"* ]] ; then - # CVE-2023-34410-qtbase-6.5.diff - patch -Np1 <<'EOF' -diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp -index 6e34d4d..cf46d69 100644 ---- a/src/corelib/serialization/qxmlstream.cpp -+++ b/src/corelib/serialization/qxmlstream.cpp -@@ -185,7 +185,7 @@ - addData() or by waiting for it to arrive on the device(). - - \value UnexpectedElementError The parser encountered an element -- that was different to those it expected. -+ or token that was different to those it expected. - - */ - -@@ -322,13 +322,34 @@ - - QXmlStreamReader is a well-formed XML 1.0 parser that does \e not - include external parsed entities. As long as no error occurs, the -- application code can thus be assured that the data provided by the -- stream reader satisfies the W3C's criteria for well-formed XML. For -- example, you can be certain that all tags are indeed nested and -- closed properly, that references to internal entities have been -- replaced with the correct replacement text, and that attributes have -- been normalized or added according to the internal subset of the -- DTD. -+ application code can thus be assured, that -+ \list -+ \li the data provided by the stream reader satisfies the W3C's -+ criteria for well-formed XML, -+ \li tokens are provided in a valid order. -+ \endlist -+ -+ Unless QXmlStreamReader raises an error, it guarantees the following: -+ \list -+ \li All tags are nested and closed properly. -+ \li References to internal entities have been replaced with the -+ correct replacement text. -+ \li Attributes have been normalized or added according to the -+ internal subset of the \l DTD. -+ \li Tokens of type \l StartDocument happen before all others, -+ aside from comments and processing instructions. -+ \li At most one DOCTYPE element (a token of type \l DTD) is present. -+ \li If present, the DOCTYPE appears before all other elements, -+ aside from StartDocument, comments and processing instructions. -+ \endlist -+ -+ In particular, once any token of type \l StartElement, \l EndElement, -+ \l Characters, \l EntityReference or \l EndDocument is seen, no -+ tokens of type StartDocument or DTD will be seen. If one is present in -+ the input stream, out of order, an error is raised. -+ -+ \note The token types \l Comment and \l ProcessingInstruction may appear -+ anywhere in the stream. - - If an error occurs while parsing, atEnd() and hasError() return - true, and error() returns the error that occurred. The functions -@@ -659,6 +680,7 @@ - d->token = -1; - return readNext(); - } -+ d->checkToken(); - return d->type; - } - -@@ -743,6 +765,11 @@ - "ProcessingInstruction" - ); - -+static constexpr auto QXmlStreamReader_XmlContextString = qOffsetStringArray( -+ "Prolog", -+ "Body" -+); -+ - /*! - \property QXmlStreamReader::namespaceProcessing - \brief the namespace-processing flag of the stream reader. -@@ -777,6 +804,15 @@ - return QLatin1StringView(QXmlStreamReader_tokenTypeString.at(d->type)); - } - -+/*! -+ \internal -+ \return \param loc (Prolog/Body) as a string. -+ */ -+static constexpr QLatin1StringView contextString(QXmlStreamReaderPrivate::XmlContext ctxt) -+{ -+ return QLatin1StringView(QXmlStreamReader_XmlContextString.at(static_cast(ctxt))); -+} -+ - #endif // QT_NO_XMLSTREAMREADER - - QXmlStreamPrivateTagStack::QXmlStreamPrivateTagStack() -@@ -864,6 +900,8 @@ - - type = QXmlStreamReader::NoToken; - error = QXmlStreamReader::NoError; -+ currentContext = XmlContext::Prolog; -+ foundDTD = false; - } - - /* -@@ -3838,6 +3876,97 @@ - } - } - -+static constexpr bool isTokenAllowedInContext(QXmlStreamReader::TokenType type, -+ QXmlStreamReaderPrivate::XmlContext loc) -+{ -+ switch (type) { -+ case QXmlStreamReader::StartDocument: -+ case QXmlStreamReader::DTD: -+ return loc == QXmlStreamReaderPrivate::XmlContext::Prolog; -+ -+ case QXmlStreamReader::StartElement: -+ case QXmlStreamReader::EndElement: -+ case QXmlStreamReader::Characters: -+ case QXmlStreamReader::EntityReference: -+ case QXmlStreamReader::EndDocument: -+ return loc == QXmlStreamReaderPrivate::XmlContext::Body; -+ -+ case QXmlStreamReader::Comment: -+ case QXmlStreamReader::ProcessingInstruction: -+ return true; -+ -+ case QXmlStreamReader::NoToken: -+ case QXmlStreamReader::Invalid: -+ return false; -+ } -+ -+ // GCC 8.x does not treat __builtin_unreachable() as constexpr -+#if !defined(Q_CC_GNU_ONLY) || (Q_CC_GNU >= 900) -+ Q_UNREACHABLE_RETURN(false); -+#else -+ return false; -+#endif -+} -+ -+/*! -+ \internal -+ \brief QXmlStreamReader::isValidToken -+ \return \c true if \param type is a valid token type. -+ \return \c false if \param type is an unexpected token, -+ which indicates a non-well-formed or invalid XML stream. -+ */ -+bool QXmlStreamReaderPrivate::isValidToken(QXmlStreamReader::TokenType type) -+{ -+ // Don't change currentContext, if Invalid or NoToken occur in the prolog -+ if (type == QXmlStreamReader::Invalid || type == QXmlStreamReader::NoToken) -+ return false; -+ -+ // If a token type gets rejected in the body, there is no recovery -+ const bool result = isTokenAllowedInContext(type, currentContext); -+ if (result || currentContext == XmlContext::Body) -+ return result; -+ -+ // First non-Prolog token observed => switch context to body and check again. -+ currentContext = XmlContext::Body; -+ return isTokenAllowedInContext(type, currentContext); -+} -+ -+/*! -+ \internal -+ Checks token type and raises an error, if it is invalid -+ in the current context (prolog/body). -+ */ -+void QXmlStreamReaderPrivate::checkToken() -+{ -+ Q_Q(QXmlStreamReader); -+ -+ // The token type must be consumed, to keep track if the body has been reached. -+ const XmlContext context = currentContext; -+ const bool ok = isValidToken(type); -+ -+ // Do nothing if an error has been raised already (going along with an unexpected token) -+ if (error != QXmlStreamReader::Error::NoError) -+ return; -+ -+ if (!ok) { -+ raiseError(QXmlStreamReader::UnexpectedElementError, -+ QObject::tr("Unexpected token type %1 in %2.") -+ .arg(q->tokenString(), contextString(context))); -+ return; -+ } -+ -+ if (type != QXmlStreamReader::DTD) -+ return; -+ -+ // Raise error on multiple DTD tokens -+ if (foundDTD) { -+ raiseError(QXmlStreamReader::UnexpectedElementError, -+ QObject::tr("Found second DTD token in %1.").arg(contextString(context))); -+ } else { -+ foundDTD = true; -+ } -+} -+ - /*! - \fn bool QXmlStreamAttributes::hasAttribute(QAnyStringView qualifiedName) const - -diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h -index 070424a..f09adaa 100644 ---- a/src/corelib/serialization/qxmlstream_p.h -+++ b/src/corelib/serialization/qxmlstream_p.h -@@ -297,6 +297,17 @@ - QStringDecoder decoder; - bool atEnd; - -+ enum class XmlContext -+ { -+ Prolog, -+ Body, -+ }; -+ -+ XmlContext currentContext = XmlContext::Prolog; -+ bool foundDTD = false; -+ bool isValidToken(QXmlStreamReader::TokenType type); -+ void checkToken(); -+ - /*! - \sa setType() - */ -EOF ./configure -prefix ${QT_PATH} -opensource -nomake tests -nomake examples -no-securetransport -openssl-linked -confirm-license -appstore-compliant -- -DOPENSSL_ROOT_DIR=${OPENSSL_PATH} -DCMAKE_OSX_ARCHITECTURES="x86_64;arm64" else ${QT_PATH}/bin/qt-configure-module .