Update Qt to 6.5.3

.github/workflows/build.yml

@@ -13,7 +13,7 @@ jobs:
       MACOSX_DEPLOYMENT_TARGET: 11.0
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         submodules: recursive
     - name: Download artifact
@@ -68,7 +68,7 @@ jobs:
       if: matrix.container != 'ubuntu:20.04'
       run: apt update -qq && apt install --no-install-recommends -y git lsb-release fakeroot build-essential devscripts debhelper pkg-config cmake libldap2-dev gettext libpcsclite-dev libssl-dev libgl-dev libqt6svg6-dev qt6-tools-dev qt6-tools-dev-tools qt6-l10n-tools libqt6core5compat6-dev lintian libflatbuffers-dev zlib1g-dev
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         submodules: recursive
     - name: Download artifact
@@ -112,7 +112,7 @@ jobs:
     - name: Install Deps
       run: dnf install -y git gcc-c++ cmake rpm-build gettext openssl-devel openldap-devel pcsc-lite-devel qt6-qtsvg-devel qt6-qttools-devel qt6-qt5compat-devel flatbuffers-devel flatbuffers-compiler zlib-devel
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         submodules: recursive
     - name: Download artifact
@@ -151,7 +151,7 @@ jobs:
       VER_SUFFIX: .VS${{ matrix.vcver }}
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         submodules: recursive
     - name: Download artifact
@@ -175,7 +175,7 @@ jobs:
     - name: Install Qt
       uses: jurplel/install-qt-action@v3
       with:
-        version: 6.5.2
+        version: 6.5.3
         arch: win64_msvc2019_64
         modules: qt5compat
     - name: Setup dev env
@@ -187,10 +187,9 @@ jobs:
       run: |
         md build/client
         copy ${{ env.RUNVCPKG_VCPKG_ROOT }}\installed\x64-windows\bin\*.dll build\client\
-        cmake "-GNinja" -DCMAKE_BUILD_TYPE=RelWithDebInfo `
+        cmake "-GNinja" -B build -S . -DCMAKE_BUILD_TYPE=RelWithDebInfo `
           -DCMAKE_TOOLCHAIN_FILE=${{ env.RUNVCPKG_VCPKG_ROOT }}/scripts/buildsystems/vcpkg.cmake `
-          "-DLIBDIGIDOCPP_LIBRARY=libs/libdigidocpp/x64/digidocpp.lib" `
-          "-DLIBDIGIDOCPP_INCLUDE_DIR=libs/libdigidocpp/include" -B build -S .
+          "-DLibDigiDocpp_ROOT=libs/libdigidocpp"
         cmake --build build --target msi
         cmake --build build --target appx
     - name: Archive artifacts
@@ -209,7 +208,7 @@ jobs:
       PROJECTNAME: open-eid/DigiDoc4-Client
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         submodules: recursive
     - name: Install dependencies
@@ -253,7 +252,7 @@ jobs:
       security-events: write
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         submodules: recursive
     - name: Install dependencies

README.md

@@ -64,7 +64,7 @@
 3. Configure
 
         cmake -B build -S . \
-          -DCMAKE_PREFIX_PATH=~/cmake_builds/Qt-6.5.1-OpenSSL
+          -DCMAKE_PREFIX_PATH=~/cmake_builds/Qt-6.5.3-OpenSSL
           -DOPENSSL_ROOT_DIR=~/cmake_build/OpenSSL \
           -DLDAP_ROOT=~/cmake_build/OpenLDAP \
           -DCMAKE_OSX_ARCHITECTURES="x86_64;arm64"
@@ -93,7 +93,7 @@
 
 3. Configure
 
-        cmake -G"NMAKE Makefiles" -DCMAKE_PREFIX_PATH="C:\Qt\6.5.1\msvc2019\lib\cmake\Qt6" -B build -S .
+        cmake -G"NMAKE Makefiles" -DCMAKE_PREFIX_PATH=C:\Qt\6.5.3\msvc2019_x64  -DLibDigiDocpp_ROOT="C:\Program Files (x86)\libdigidocpp" -B build -S .
 
 4. Build
 

RELEASE-NOTES.md

@@ -1,3 +1,15 @@
+DigiDoc4 version [4.4.0](https://github.com/open-eid/DigiDoc4-Client/releases/tag/v4.4.0) release notes
+--------------------------------------
+- Code, Text and translation improvements and updates
+
+[Full Changelog](https://github.com/open-eid/DigiDoc4-Client/compare/v4.3.0...v4.4.0)
+
+DigiDoc4 version [4.3.0](https://github.com/open-eid/DigiDoc4-Client/releases/tag/v4.3.0) release notes
+--------------------------------------
+- Code, Text and translation improvements and updates
+
+[Full Changelog](https://github.com/open-eid/DigiDoc4-Client/compare/v4.2.14...v4.3.0)
+
 DigiDoc4 version [4.2.14](https://github.com/open-eid/DigiDoc4-Client/releases/tag/v4.2.14) release notes
 --------------------------------------
 - Code, Text and translation improvements and updates

client/CMakeLists.txt

@@ -199,7 +199,14 @@ elseif(WIN32)
 	target_compile_options(${PROJECT_NAME} PRIVATE "/guard:cf")
 	target_link_options(${PROJECT_NAME} PRIVATE "/guard:cf" $<$<BOOL:${CROSSSIGNCERT}>:/INTEGRITYCHECK>)
 	target_link_libraries(${PROJECT_NAME} NCrypt Crypt32 Cryptui)
-	get_filename_component(LIBS_PATH ${LIBDIGIDOCPP_LIBRARIES} DIRECTORY)
+	cmake_parse_arguments(GETLIB "" "optimized;debug" "" ${LIBDIGIDOCPP_LIBRARY})
+	if(GETLIB_debug AND CMAKE_BUILD_TYPE STREQUAL "Debug")
+		get_filename_component(LIBS_PATH ${GETLIB_debug} DIRECTORY)
+	elseif(GETLIB_optimized)
+		get_filename_component(LIBS_PATH ${GETLIB_optimized} DIRECTORY)
+	else()
+		get_filename_component(LIBS_PATH ${GETLIB_UNPARSED_ARGUMENTS} DIRECTORY)
+	endif()
 	if(CMAKE_SIZEOF_VOID_P EQUAL 8)
 		set(PLATFORM x64)
 		set(OPENSSL_SUFFIX "-x64")

debian/control

@@ -20,10 +20,11 @@ Package: qdigidoc4
 Architecture: any
 Depends:
  opensc-pkcs11,
- python3-nautilus|python-nautilus,
  qt6-qpa-plugins | libqt5gui5,
  ${shlibs:Depends},
  ${misc:Depends}
+Recommends:
+ python3-nautilus:amd64 | python3-nautilus:arm64 | python-nautilus
 Replaces:
  qdigidoc (<< 3.14)
 Description: Estonian digital signature application

prepare_osx_build_environment.sh

@@ -4,7 +4,7 @@
 set -e
 
 ######### Versions of libraries/frameworks to be compiled
-QT_VER="6.5.2"
+QT_VER="6.5.3"
 OPENSSL_VER="3.0.11"
 OPENLDAP_VER="2.6.6"
 REBUILD=false
@@ -108,229 +108,6 @@ if [[ "$REBUILD" = true || ! -d ${QT_PATH} ]] ; then
         tar xf ${PACKAGE}.tar.xz
         pushd ${PACKAGE}
         if [[ "${PACKAGE}" == *"qtbase"* ]] ; then
-            # CVE-2023-34410-qtbase-6.5.diff
-            patch -Np1 <<'EOF'
-diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp
-index 6e34d4d..cf46d69 100644
---- a/src/corelib/serialization/qxmlstream.cpp
-+++ b/src/corelib/serialization/qxmlstream.cpp
-@@ -185,7 +185,7 @@
-     addData() or by waiting for it to arrive on the device().
-
-     \value UnexpectedElementError The parser encountered an element
--    that was different to those it expected.
-+    or token that was different to those it expected.
-
- */
-
-@@ -322,13 +322,34 @@
-
-   QXmlStreamReader is a well-formed XML 1.0 parser that does \e not
-   include external parsed entities. As long as no error occurs, the
--  application code can thus be assured that the data provided by the
--  stream reader satisfies the W3C's criteria for well-formed XML. For
--  example, you can be certain that all tags are indeed nested and
--  closed properly, that references to internal entities have been
--  replaced with the correct replacement text, and that attributes have
--  been normalized or added according to the internal subset of the
--  DTD.
-+  application code can thus be assured, that
-+  \list
-+  \li the data provided by the stream reader satisfies the W3C's
-+      criteria for well-formed XML,
-+  \li tokens are provided in a valid order.
-+  \endlist
-+
-+  Unless QXmlStreamReader raises an error, it guarantees the following:
-+  \list
-+  \li All tags are nested and closed properly.
-+  \li References to internal entities have been replaced with the
-+      correct replacement text.
-+  \li Attributes have been normalized or added according to the
-+      internal subset of the \l DTD.
-+  \li Tokens of type \l StartDocument happen before all others,
-+      aside from comments and processing instructions.
-+  \li At most one DOCTYPE element (a token of type \l DTD) is present.
-+  \li If present, the DOCTYPE appears before all other elements,
-+      aside from StartDocument, comments and processing instructions.
-+  \endlist
-+
-+  In particular, once any token of type \l StartElement, \l EndElement,
-+  \l Characters, \l EntityReference or \l EndDocument is seen, no
-+  tokens of type StartDocument or DTD will be seen. If one is present in
-+  the input stream, out of order, an error is raised.
-+
-+  \note The token types \l Comment and \l ProcessingInstruction may appear
-+  anywhere in the stream.
-
-   If an error occurs while parsing, atEnd() and hasError() return
-   true, and error() returns the error that occurred. The functions
-@@ -659,6 +680,7 @@
-         d->token = -1;
-         return readNext();
-     }
-+    d->checkToken();
-     return d->type;
- }
-
-@@ -743,6 +765,11 @@
-     "ProcessingInstruction"
- );
-
-+static constexpr auto QXmlStreamReader_XmlContextString = qOffsetStringArray(
-+    "Prolog",
-+    "Body"
-+);
-+
- /*!
-     \property  QXmlStreamReader::namespaceProcessing
-     \brief the namespace-processing flag of the stream reader.
-@@ -777,6 +804,15 @@
-     return QLatin1StringView(QXmlStreamReader_tokenTypeString.at(d->type));
- }
-
-+/*!
-+   \internal
-+   \return \param loc (Prolog/Body) as a string.
-+ */
-+static constexpr QLatin1StringView contextString(QXmlStreamReaderPrivate::XmlContext ctxt)
-+{
-+    return QLatin1StringView(QXmlStreamReader_XmlContextString.at(static_cast<int>(ctxt)));
-+}
-+
- #endif // QT_NO_XMLSTREAMREADER
-
- QXmlStreamPrivateTagStack::QXmlStreamPrivateTagStack()
-@@ -864,6 +900,8 @@
-
-     type = QXmlStreamReader::NoToken;
-     error = QXmlStreamReader::NoError;
-+    currentContext = XmlContext::Prolog;
-+    foundDTD = false;
- }
-
- /*
-@@ -3838,6 +3876,97 @@
-     }
- }
-
-+static constexpr bool isTokenAllowedInContext(QXmlStreamReader::TokenType type,
-+                                               QXmlStreamReaderPrivate::XmlContext loc)
-+{
-+    switch (type) {
-+    case QXmlStreamReader::StartDocument:
-+    case QXmlStreamReader::DTD:
-+        return loc == QXmlStreamReaderPrivate::XmlContext::Prolog;
-+
-+    case QXmlStreamReader::StartElement:
-+    case QXmlStreamReader::EndElement:
-+    case QXmlStreamReader::Characters:
-+    case QXmlStreamReader::EntityReference:
-+    case QXmlStreamReader::EndDocument:
-+        return loc == QXmlStreamReaderPrivate::XmlContext::Body;
-+
-+    case QXmlStreamReader::Comment:
-+    case QXmlStreamReader::ProcessingInstruction:
-+        return true;
-+
-+    case QXmlStreamReader::NoToken:
-+    case QXmlStreamReader::Invalid:
-+        return false;
-+    }
-+
-+    // GCC 8.x does not treat __builtin_unreachable() as constexpr
-+#if !defined(Q_CC_GNU_ONLY) || (Q_CC_GNU >= 900)
-+    Q_UNREACHABLE_RETURN(false);
-+#else
-+    return false;
-+#endif
-+}
-+
-+/*!
-+   \internal
-+   \brief QXmlStreamReader::isValidToken
-+   \return \c true if \param type is a valid token type.
-+   \return \c false if \param type is an unexpected token,
-+   which indicates a non-well-formed or invalid XML stream.
-+ */
-+bool QXmlStreamReaderPrivate::isValidToken(QXmlStreamReader::TokenType type)
-+{
-+    // Don't change currentContext, if Invalid or NoToken occur in the prolog
-+    if (type == QXmlStreamReader::Invalid || type == QXmlStreamReader::NoToken)
-+        return false;
-+
-+    // If a token type gets rejected in the body, there is no recovery
-+    const bool result = isTokenAllowedInContext(type, currentContext);
-+    if (result || currentContext == XmlContext::Body)
-+        return result;
-+
-+    // First non-Prolog token observed => switch context to body and check again.
-+    currentContext = XmlContext::Body;
-+    return isTokenAllowedInContext(type, currentContext);
-+}
-+
-+/*!
-+   \internal
-+   Checks token type and raises an error, if it is invalid
-+   in the current context (prolog/body).
-+ */
-+void QXmlStreamReaderPrivate::checkToken()
-+{
-+    Q_Q(QXmlStreamReader);
-+
-+    // The token type must be consumed, to keep track if the body has been reached.
-+    const XmlContext context = currentContext;
-+    const bool ok = isValidToken(type);
-+
-+    // Do nothing if an error has been raised already (going along with an unexpected token)
-+    if (error != QXmlStreamReader::Error::NoError)
-+        return;
-+
-+    if (!ok) {
-+        raiseError(QXmlStreamReader::UnexpectedElementError,
-+                   QObject::tr("Unexpected token type %1 in %2.")
-+                   .arg(q->tokenString(), contextString(context)));
-+        return;
-+    }
-+
-+    if (type != QXmlStreamReader::DTD)
-+        return;
-+
-+    // Raise error on multiple DTD tokens
-+    if (foundDTD) {
-+        raiseError(QXmlStreamReader::UnexpectedElementError,
-+                   QObject::tr("Found second DTD token in %1.").arg(contextString(context)));
-+    } else {
-+        foundDTD = true;
-+    }
-+}
-+
- /*!
-  \fn bool QXmlStreamAttributes::hasAttribute(QAnyStringView qualifiedName) const
-
-diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
-index 070424a..f09adaa 100644
---- a/src/corelib/serialization/qxmlstream_p.h
-+++ b/src/corelib/serialization/qxmlstream_p.h
-@@ -297,6 +297,17 @@
-     QStringDecoder decoder;
-     bool atEnd;
-
-+    enum class XmlContext
-+    {
-+        Prolog,
-+        Body,
-+    };
-+
-+    XmlContext currentContext = XmlContext::Prolog;
-+    bool foundDTD = false;
-+    bool isValidToken(QXmlStreamReader::TokenType type);
-+    void checkToken();
-+
-     /*!
-       \sa setType()
-      */
-EOF
             ./configure -prefix ${QT_PATH} -opensource -nomake tests -nomake examples -no-securetransport -openssl-linked -confirm-license -appstore-compliant -- -DOPENSSL_ROOT_DIR=${OPENSSL_PATH} -DCMAKE_OSX_ARCHITECTURES="x86_64;arm64"
         else
             ${QT_PATH}/bin/qt-configure-module .