depends: Qt 5.15.18

depends/packages/qt.mk

@@ -1,9 +1,9 @@
 package=qt
-$(package)_version=5.15.16
+$(package)_version=5.15.18
 $(package)_download_path=https://download.qt.io/archive/qt/5.15/$($(package)_version)/submodules
 $(package)_suffix=everywhere-opensource-src-$($(package)_version).tar.xz
 $(package)_file_name=qtbase-$($(package)_suffix)
-$(package)_sha256_hash=b04815058c18058b6ba837206756a2c87d1391f07a0dcb0dd314f970fd041592
+$(package)_sha256_hash=7b632550ea1048fc10c741e46e2e3b093e5ca94dfa6209e9e0848800e247023b
 $(package)_linux_dependencies=freetype fontconfig libxcb libxkbcommon libxcb_util libxcb_util_render libxcb_util_keysyms libxcb_util_image libxcb_util_wm
 $(package)_qt_libs=corelib network widgets gui plugins testlib
 $(package)_linguist_tools = lrelease lupdate lconvert
@@ -20,16 +20,18 @@ $(package)_patches += rcc_hardcode_timestamp.patch
 $(package)_patches += duplicate_lcqpafonts.patch
 $(package)_patches += guix_cross_lib_path.patch
 $(package)_patches += memory_resource.patch
-$(package)_patches += clang_18_libpng.patch
 $(package)_patches += utc_from_string_no_optimize.patch
 $(package)_patches += windows_lto.patch
 $(package)_patches += darwin_no_libm.patch
+$(package)_patches += CVE-2025-4211-qtbase-5.15.patch
+$(package)_patches += CVE-2025-5455-qtbase-5.15.patch
+$(package)_patches += CVE-2025-30348-qtbase-5.15.patch
 
 $(package)_qttranslations_file_name=qttranslations-$($(package)_suffix)
-$(package)_qttranslations_sha256_hash=415dbbb82a75dfc9a7be969e743bee54c0e6867be37bce4cf8f03da39f20112a
+$(package)_qttranslations_sha256_hash=e5625757913caf66a9d702ba102ae92cb165d8dde17759b6de9fdea84a1f857f
 
 $(package)_qttools_file_name=qttools-$($(package)_suffix)
-$(package)_qttools_sha256_hash=1cab11887faca54af59f4995ee435c9ad98d194e9e6889c846692c8b6815fc1c
+$(package)_qttools_sha256_hash=931e0969d9f9d8f233e5e9bf9db0cea9ce9914d49982f1795fe6191010113568
 
 $(package)_extra_sources  = $($(package)_qttranslations_file_name)
 $(package)_extra_sources += $($(package)_qttools_file_name)
@@ -247,13 +249,15 @@ define $(package)_preprocess_cmds
   patch -p1 -i $($(package)_patch_dir)/qtbase-moc-ignore-gcc-macro.patch && \
   patch -p1 -i $($(package)_patch_dir)/memory_resource.patch && \
   patch -p1 -i $($(package)_patch_dir)/no_warnings_for_symbols.patch && \
-  patch -p1 -i $($(package)_patch_dir)/clang_18_libpng.patch && \
   patch -p1 -i $($(package)_patch_dir)/rcc_hardcode_timestamp.patch && \
   patch -p1 -i $($(package)_patch_dir)/duplicate_lcqpafonts.patch && \
   patch -p1 -i $($(package)_patch_dir)/utc_from_string_no_optimize.patch && \
   patch -p1 -i $($(package)_patch_dir)/guix_cross_lib_path.patch && \
   patch -p1 -i $($(package)_patch_dir)/windows_lto.patch && \
   patch -p1 -i $($(package)_patch_dir)/darwin_no_libm.patch && \
+  patch -p1 -i $($(package)_patch_dir)/CVE-2025-4211-qtbase-5.15.patch && \
+  patch -p1 -i $($(package)_patch_dir)/CVE-2025-5455-qtbase-5.15.patch && \
+  patch -p1 -i $($(package)_patch_dir)/CVE-2025-30348-qtbase-5.15.patch && \
   mkdir -p qtbase/mkspecs/macx-clang-linux &&\
   cp -f qtbase/mkspecs/macx-clang/qplatformdefs.h qtbase/mkspecs/macx-clang-linux/ &&\
   cp -f $($(package)_patch_dir)/mac-qmake.conf qtbase/mkspecs/macx-clang-linux/qmake.conf && \

depends/patches/qt/CVE-2025-30348-qtbase-5.15.patch

@@ -0,0 +1,156 @@
+From 16918c1df3e709df2a97281e3825d94c84edb668 Mon Sep 17 00:00:00 2001
+From: Christian Ehrlicher <ch.ehrlicher@gmx.de>
+Date: Tue, 06 Aug 2024 22:39:44 +0200
+Subject: [PATCH] XML/QDom: speedup encodeText()
+
+The code copied the whole string, then replaced parts inline, at
+the cost of relocating everything beyond, at each replacement.
+Instead, copy character by character (in chunks where possible)
+and append replacements as we skip what they replace.
+
+Manual conflict resolution for 6.5:
+- This is a manual cherry-pick. The original change was only
+  picked to 6.8, but the quadratic behavior is present in Qt 5, too.
+- Changed Task-number to Fixes: because this is the real fix;
+  the QString change, 315210de916d060c044c01e53ff249d676122b1b,
+  was unrelated to the original QTBUG-127549.
+
+Manual conflcit resolution for 5.15:
+- Kept/re-added QTextCodec::canEncode() check
+- Ported from Qt 6 to 5, to wit:
+  - qsizetype -> int
+  - QStringView::first/sliced(n) -> left/mid(n)
+    (these functions are clearly called in-range, so the widened
+    contract of the Qt 5 functions doesn't matter)
+- Ported from C++17- and C++14-isms to C++11:
+  - replaced polymorphic lambda with a normal one (this requires
+    rewriting the !canEncode() branch to use QByteArray/QLatin1String
+    instead of QString)
+- As a drive-by, corrected the indentation of the case labels to
+  horizontally align existing code (and follow Qt style)
+
+Fixes: QTBUG-127549
+Change-Id: I368482859ed0c4127f1eec2919183711b5488ada
+Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
+(cherry picked from commit 2ce08e3671b8d18b0284447e5908ce15e6e8f80f)
+Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
+(cherry picked from commit 225e235cf966a44af23dbe9aaaa2fd20ab6430ee)
+Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
+(cherry picked from commit 905a5bd421efff6a1d90b6140500d134d32ca745)
+---
+
+diff --git a/qtbase/src/xml/dom/qdom.cpp b/qtbase/src/xml/dom/qdom.cpp
+index 872221c..bf70477 100644
+--- a/qtbase/src/xml/dom/qdom.cpp
++++ b/qtbase/src/xml/dom/qdom.cpp
+@@ -3676,59 +3676,67 @@
+     const QTextCodec *const codec = s.codec();
+     Q_ASSERT(codec);
+ #endif
+-    QString retval(str);
+-    int len = retval.length();
+-    int i = 0;
++    QString retval;
++    int start = 0;
++    auto appendToOutput = [&](int cur, QLatin1String replacement)
++    {
++        if (start < cur) {
++            retval.reserve(str.size() + replacement.size());
++            retval.append(QStringView(str).left(cur).mid(start));
++        }
++        // Skip over str[cur], replaced by replacement
++        start = cur + 1;
++        retval.append(replacement);
++    };
+
+-    while (i < len) {
+-        const QChar ati(retval.at(i));
+-
+-        if (ati == QLatin1Char('<')) {
+-            retval.replace(i, 1, QLatin1String("&lt;"));
+-            len += 3;
+-            i += 4;
+-        } else if (encodeQuotes && (ati == QLatin1Char('"'))) {
+-            retval.replace(i, 1, QLatin1String("&quot;"));
+-            len += 5;
+-            i += 6;
+-        } else if (ati == QLatin1Char('&')) {
+-            retval.replace(i, 1, QLatin1String("&amp;"));
+-            len += 4;
+-            i += 5;
+-        } else if (ati == QLatin1Char('>') && i >= 2 && retval[i - 1] == QLatin1Char(']') && retval[i - 2] == QLatin1Char(']')) {
+-            retval.replace(i, 1, QLatin1String("&gt;"));
+-            len += 3;
+-            i += 4;
+-        } else if (performAVN &&
+-                   (ati == QChar(0xA) ||
+-                    ati == QChar(0xD) ||
+-                    ati == QChar(0x9))) {
+-            const QString replacement(QLatin1String("&#x") + QString::number(ati.unicode(), 16) + QLatin1Char(';'));
+-            retval.replace(i, 1, replacement);
+-            i += replacement.length();
+-            len += replacement.length() - 1;
+-        } else if (encodeEOLs && ati == QChar(0xD)) {
+-            retval.replace(i, 1, QLatin1String("&#xd;")); // Replace a single 0xD with a ref for 0xD
+-            len += 4;
+-            i += 5;
+-        } else {
++    const int len = str.size();
++    for (int cur = 0; cur < len; ++cur) {
++        switch (const char16_t ati = str[cur].unicode()) {
++        case u'<':
++            appendToOutput(cur, QLatin1String("&lt;"));
++            break;
++        case u'"':
++            if (encodeQuotes)
++                appendToOutput(cur, QLatin1String("&quot;"));
++            break;
++        case u'&':
++            appendToOutput(cur, QLatin1String("&amp;"));
++            break;
++        case u'>':
++            if (cur >= 2 && str[cur - 1] == u']' && str[cur - 2] == u']')
++                appendToOutput(cur, QLatin1String("&gt;"));
++            break;
++        case u'\r':
++            if (performAVN || encodeEOLs)
++                appendToOutput(cur, QLatin1String("&#xd;"));    // \r == 0x0d
++            break;
++        case u'\n':
++            if (performAVN)
++                appendToOutput(cur, QLatin1String("&#xa;"));    // \n == 0x0a
++            break;
++        case u'\t':
++            if (performAVN)
++                appendToOutput(cur, QLatin1String("&#x9;"));    // \t == 0x09
++            break;
++        default:
+ #if QT_CONFIG(textcodec)
+             if(codec->canEncode(ati))
+-                ++i;
++                ; // continue
+             else
+ #endif
+             {
+                 // We have to use a character reference to get it through.
+-                const ushort codepoint(ati.unicode());
+-                const QString replacement(QLatin1String("&#x") + QString::number(codepoint, 16) + QLatin1Char(';'));
+-                retval.replace(i, 1, replacement);
+-                i += replacement.length();
+-                len += replacement.length() - 1;
++                const QByteArray replacement = "&#x" + QByteArray::number(uint{ati}, 16) + ';';
++                appendToOutput(cur, QLatin1String{replacement});
+             }
++            break;
+         }
+     }
+-
+-    return retval;
++    if (start > 0) {
++        retval.append(QStringView(str).left(len).mid(start));
++        return retval;
++    }
++    return str;
+ }
+
+ void QDomAttrPrivate::save(QTextStream& s, int, int) const

depends/patches/qt/CVE-2025-4211-qtbase-5.15.patch

@@ -0,0 +1,61 @@
+From 3d20cd0105c2ae06605c5078e7675e200f1a001a Mon Sep 17 00:00:00 2001
+From: Mårten Nordheim <marten.nordheim@qt.io>
+Date: Mon, 17 Mar 2025 14:22:11 +0100
+Subject: [PATCH] QFileSystemEngine/Win: Use GetTempPath2 when available
+
+Because the documentation for GetTempPath nows says apps should call
+GetTempPath2.[0]
+
+Starting with Windows 11[1], and recently Windows 10[2],
+GetTempPath2 was added. The difference being that elevated
+processes are returned a different directory. Usually
+'C:\Windows\SystemTemp'.
+
+Currently temporary files of an elevated process may be placed in a
+world write-able location. GetTempPath2, by default, but can be
+overridden, places it in a directory that's only accessible by SYSTEM
+and administrators.
+
+[0] https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-gettemppathw#remarks
+[1] https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-gettemppath2w
+(Minimum supported client - Windows 11 Build 22000)
+[2] https://blogs.windows.com/windows-insider/2025/03/13/releasing-windows-10-build-19045-5674-to-the-release-preview-channel/
+(This update enables system processes to store temporary files ...)
+
+[ChangeLog][QtCore][Important Behavior Changes] On
+Windows, generating temporary directories for processes with elevated
+privileges may now return a different path with a stricter
+set of permissions. Please consult Microsoft's documentation from when
+they made the same change for the .NET framework:
+https://support.microsoft.com/en-us/topic/gettemppath-changes-in-windows-february-cumulative-update-preview-4cc631fb-9d97-4118-ab6d-f643cd0a7259
+
+Change-Id: I5caf11151fb2f711bbc5599231f140598b3c9d03
+Reviewed-by: Marc Mutz <marc.mutz@qt.io>
+(cherry picked from commit 69633bcb58e681bac5bff3744e5a2352788dc36c)
+Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
+(cherry picked from commit 6a684a53b371ec483b27bf243af24819be63f85f)
+(cherry picked from commit bbeccc0c22e520f46f0b33e281fa5ac85ac9c727)
+(cherry picked from commit 59d7eb9bbb4f13cccbd9323fd995a8c108b56e60)
+---
+
+diff --git a/qtbase/src/corelib/io/qfilesystemengine_win.cpp b/qtbase/src/corelib/io/qfilesystemengine_win.cpp
+index 75c661f..37a400f 100644
+--- a/qtbase/src/corelib/io/qfilesystemengine_win.cpp
++++ b/qtbase/src/corelib/io/qfilesystemengine_win.cpp
+@@ -1390,7 +1390,15 @@
+     QString ret;
+ #ifndef Q_OS_WINRT
+     wchar_t tempPath[MAX_PATH];
+-    const DWORD len = GetTempPath(MAX_PATH, tempPath);
++    using GetTempPathPrototype = DWORD (WINAPI *)(DWORD, LPWSTR);
++    // We try to resolve GetTempPath2 and use that, otherwise fall back to GetTempPath:
++    static GetTempPathPrototype getTempPathW = []() {
++        const HMODULE kernel32 = GetModuleHandleW(L"kernel32.dll");
++        if (auto *func = QFunctionPointer(GetProcAddress(kernel32, "GetTempPath2W")))
++            return GetTempPathPrototype(func);
++        return GetTempPath;
++    }();
++    const DWORD len = getTempPathW(MAX_PATH, tempPath);
+     if (len) { // GetTempPath() can return short names, expand.
+         wchar_t longTempPath[MAX_PATH];
+         const DWORD longLen = GetLongPathName(tempPath, longTempPath, MAX_PATH);

depends/patches/qt/CVE-2025-5455-qtbase-5.15.patch

@@ -0,0 +1,20 @@
+diff --git a/qtbase/src/corelib/io/qdataurl.cpp b/qtbase/src/corelib/io/qdataurl.cpp
+index f14d399301f..83e59e3ac00 100644
+--- a/qtbase/src/corelib/io/qdataurl.cpp
++++ b/qtbase/src/corelib/io/qdataurl.cpp
+@@ -76,10 +76,11 @@ Q_CORE_EXPORT bool qDecodeDataUrl(const QUrl &uri, QString &mimeType, QByteArray
+         }
+
+         if (data.toLower().startsWith("charset")) {
+-            int i = 7;      // strlen("charset")
+-            while (data.at(i) == ' ')
+-                ++i;
+-            if (data.at(i) == '=')
++            int prefixSize = 7; // strlen("charset")
++            QLatin1String copy(data.constData() + prefixSize, data.size() - prefixSize);
++            while (copy.startsWith(QLatin1String(" ")))
++                copy = copy.mid(1);
++            if (copy.startsWith(QLatin1String("=")))
+                 data.prepend("text/plain;");
+         }
+

doc/dependencies.md

@@ -33,7 +33,7 @@ You can find installation instructions in the `build-*.md` file for your platfor
 | [Fontconfig](../depends/packages/fontconfig.mk) | [link](https://www.freedesktop.org/wiki/Software/fontconfig/) | [2.12.6](https://github.com/bitcoin/bitcoin/pull/23495) | 2.6 | Yes |
 | [FreeType](../depends/packages/freetype.mk) | [link](https://freetype.org) | [2.11.0](https://github.com/bitcoin/bitcoin/commit/01544dd78ccc0b0474571da854e27adef97137fb) | 2.3.0 | Yes |
 | [qrencode](../depends/packages/qrencode.mk) | [link](https://fukuchi.org/works/qrencode/) | [4.1.1](https://github.com/bitcoin/bitcoin/pull/27312) | | No |
-| [Qt](../depends/packages/qt.mk) | [link](https://download.qt.io/official_releases/qt/) | [5.15.16](https://github.com/bitcoin/bitcoin/pull/30774) | [5.11.3](https://github.com/bitcoin/bitcoin/pull/24132) | No |
+| [Qt](../depends/packages/qt.mk) | [link](https://download.qt.io/official_releases/qt/) | [5.15.18](https://github.com/dashpay/dash/pull/6949) | [5.11.3](https://github.com/bitcoin/bitcoin/pull/24132) | No |
 
 ### Networking
 | Dependency | Releases | Version used | Minimum required | Runtime |