diff --git a/CMakeLists.txt b/CMakeLists.txt
index e86afb357..91098986c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -60,7 +60,7 @@ if(UNIX AND NOT IOS)
set(CMAKE_OSX_DEPLOYMENT_TARGET 10.15 CACHE STRING "Required macOS version")
endif()
-project(AusweisApp2 VERSION 1.26.4 LANGUAGES ${LANGUAGES})
+project(AusweisApp2 VERSION 1.26.5 LANGUAGES ${LANGUAGES})
# Set TWEAK if not defined in PROJECT_VERSION above to
# have a valid tweak version without propagating it
diff --git a/Dockerfile b/Dockerfile
index 932b38267..ab32e67a4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-ARG ALPINE_VERSION=3.17
+ARG ALPINE_VERSION=3.18
FROM alpine:$ALPINE_VERSION as builder
# Install development stuff
diff --git a/cmake/Install.cmake b/cmake/Install.cmake
index 79998b2de..73dea883e 100644
--- a/cmake/Install.cmake
+++ b/cmake/Install.cmake
@@ -84,13 +84,16 @@ if(WIN32)
endif()
if (QT6)
- # Workaround for QTBUG-94066
- include("${QT_INSTALL_ARCHDATA}/lib/cmake/Qt6Gui/Qt6QSvgPluginTargets.cmake")
- include("${QT_INSTALL_ARCHDATA}/lib/cmake/Qt6Gui/Qt6QGifPluginTargets.cmake")
- include("${QT_INSTALL_ARCHDATA}/lib/cmake/Qt6Gui/Qt6QJpegPluginTargets.cmake")
- include("${QT_INSTALL_ARCHDATA}/lib/cmake/Qt6Gui/Qt6QWindowsIntegrationPluginTargets.cmake")
- include("${QT_INSTALL_ARCHDATA}/lib/cmake/Qt6Widgets/Qt6QWindowsVistaStylePluginTargets.cmake")
- include("${QT_INSTALL_ARCHDATA}/lib/cmake/Qt6Network/Qt6QTlsBackendOpenSSLPluginTargets.cmake")
+ if(QT_VERSION VERSION_LESS "6.4")
+ # Workaround for QTBUG-94066
+ include("${QT_INSTALL_ARCHDATA}/lib/cmake/Qt6Gui/Qt6QSvgPluginTargets.cmake")
+ include("${QT_INSTALL_ARCHDATA}/lib/cmake/Qt6Gui/Qt6QGifPluginTargets.cmake")
+ include("${QT_INSTALL_ARCHDATA}/lib/cmake/Qt6Gui/Qt6QJpegPluginTargets.cmake")
+ include("${QT_INSTALL_ARCHDATA}/lib/cmake/Qt6Gui/Qt6QWindowsIntegrationPluginTargets.cmake")
+ include("${QT_INSTALL_ARCHDATA}/lib/cmake/Qt6Widgets/Qt6QWindowsVistaStylePluginTargets.cmake")
+ include("${QT_INSTALL_ARCHDATA}/lib/cmake/Qt6Network/Qt6QTlsBackendOpenSSLPluginTargets.cmake")
+ endif()
+
FETCH_TARGET_LOCATION(openSslBackend "${Qt}::QTlsBackendOpenSSLPlugin")
install(FILES ${openSslBackend} DESTINATION tls COMPONENT Runtime)
list(APPEND LIBS ${openSslBackend})
@@ -247,6 +250,7 @@ elseif(ANDROID)
foreach(entry ldpi mdpi hdpi xhdpi xxhdpi xxxhdpi)
install(FILES ${RESOURCES_IMG_ANDROID_DIR}/${entry}/background_npa.png DESTINATION ${ANDROID_PACKAGE_SRC_DIR}/res/mipmap-${entry} COMPONENT Runtime RENAME npa_background.png)
install(FILES ${RESOURCES_IMG_ANDROID_DIR}/${entry}/foreground_${ANDROID_LAUNCHER_ICON} DESTINATION ${ANDROID_PACKAGE_SRC_DIR}/res/mipmap-${entry} COMPONENT Runtime RENAME npa_foreground.png)
+ install(FILES ${RESOURCES_IMG_ANDROID_DIR}/${entry}/monochrome_${ANDROID_LAUNCHER_ICON} DESTINATION ${ANDROID_PACKAGE_SRC_DIR}/res/mipmap-${entry} COMPONENT Runtime RENAME npa_monochrome.png)
install(FILES ${RESOURCES_IMG_ANDROID_DIR}/${entry}/${ANDROID_LAUNCHER_ICON} DESTINATION ${ANDROID_PACKAGE_SRC_DIR}/res/mipmap-${entry} COMPONENT Runtime RENAME npa.png)
install(FILES ${RESOURCES_IMG_ANDROID_DIR}/${entry}/${ANDROID_SPLASH_SCREEN_ICON_NAME} DESTINATION ${ANDROID_PACKAGE_SRC_DIR}/res/drawable-${entry} COMPONENT Runtime RENAME splash_npa.png)
endforeach()
@@ -269,6 +273,8 @@ elseif(ANDROID)
set(QML_ROOT_PATH [\"${RESOURCES_DIR}/qml\"])
set(ANDROID_ROOT_LOGGER "")
configure_file(${PACKAGING_DIR}/android/fileprovider.xml ${ANDROID_PACKAGE_SRC_DIR}/res/xml/fileprovider.xml COPYONLY)
+ configure_file(${PACKAGING_DIR}/android/full_backup_content.xml ${ANDROID_PACKAGE_SRC_DIR}/res/xml/full_backup_content.xml COPYONLY)
+ configure_file(${PACKAGING_DIR}/android/data_extraction_rules.xml ${ANDROID_PACKAGE_SRC_DIR}/res/xml/data_extraction_rules.xml COPYONLY)
endif()
set(ANDROID_SO_NAME libAusweisApp2_${CMAKE_ANDROID_ARCH_ABI}.so)
diff --git a/cmake/Libraries.cmake b/cmake/Libraries.cmake
index 6ece9e5d5..8e47744f2 100644
--- a/cmake/Libraries.cmake
+++ b/cmake/Libraries.cmake
@@ -49,11 +49,8 @@ if(NOT CONTAINER_SDK)
endif()
if(NOT INTEGRATED_SDK)
- list(APPEND QT_COMPONENTS Svg WebSockets Qml Quick QuickControls2 QuickTemplates2)
+ list(APPEND QT_COMPONENTS Svg WebSockets Qml Quick QuickControls2 QuickTemplates2 QmlWorkerScript)
- if(QT_VERSION VERSION_GREATER_EQUAL "5.14")
- list(APPEND QT_COMPONENTS QmlWorkerScript)
- endif()
if(NOT DESKTOP AND NOT QT6)
list(APPEND QT_COMPONENTS QuickShapes)
endif()
diff --git a/cmake/Messages.cmake b/cmake/Messages.cmake
index 0a5e4ecab..e3c63199d 100644
--- a/cmake/Messages.cmake
+++ b/cmake/Messages.cmake
@@ -25,7 +25,6 @@ if(ANDROID)
message(STATUS "ANDROID_BUILD_TOOLS_REVISION: ${ANDROID_BUILD_TOOLS_REVISION}")
message(STATUS "ANDROID_NDK_REVISION: ${ANDROID_NDK_REVISION}")
- message(STATUS "ANDROID_SDK_REVISION: ${ANDROID_SDK_REVISION}")
endif()
diff --git a/cmake/Packaging.cmake b/cmake/Packaging.cmake
index 461c3b285..f2dfbe911 100644
--- a/cmake/Packaging.cmake
+++ b/cmake/Packaging.cmake
@@ -171,7 +171,11 @@ elseif(ANDROID)
file(READ "${BUILD_GRADLE_APPEND}" BUILD_GRADLE)
file(APPEND "${CMAKE_INSTALL_PREFIX}/build.gradle" "${BUILD_GRADLE}")
- if(USE_SMARTEID AND NOT INTEGRATED_SDK)
+ if(INTEGRATED_SDK)
+ set(BUILD_GRADLE_APPEND "${PACKAGING_DIR}/android/build.gradle.append.aar")
+ file(READ "${BUILD_GRADLE_APPEND}" BUILD_GRADLE)
+ file(APPEND "${CMAKE_INSTALL_PREFIX}/build.gradle" "${BUILD_GRADLE}")
+ elseif(USE_SMARTEID)
set(BUILD_GRADLE_APPEND "${PACKAGING_DIR}/android/build.gradle.append.smarteid")
file(READ "${BUILD_GRADLE_APPEND}" BUILD_GRADLE)
file(APPEND "${CMAKE_INSTALL_PREFIX}/build.gradle" "${BUILD_GRADLE}")
diff --git a/cmake/Tools.Libraries.cmake b/cmake/Tools.Libraries.cmake
index 7f37aa427..9237c91ca 100644
--- a/cmake/Tools.Libraries.cmake
+++ b/cmake/Tools.Libraries.cmake
@@ -2,7 +2,7 @@
# So this file will be called two times and the check needs to respect that
# with a "VALIDATOR function" or "if(NOT VARIABLE)".
-if(NOT QMLFORMAT)
+if(NOT TARGET format.qml)
set(QMLFORMAT_MIN_VERSION 6)
function(qmlformat_validator validator_result binary)
execute_process(COMMAND ${binary} --version OUTPUT_VARIABLE QMLFORMAT_VERSION OUTPUT_STRIP_TRAILING_WHITESPACE)
diff --git a/cmake/Tools.cmake b/cmake/Tools.cmake
index 2ee0c3ef7..132bfddda 100644
--- a/cmake/Tools.cmake
+++ b/cmake/Tools.cmake
@@ -228,6 +228,33 @@ if(INKSCAPE)
COMMAND ${INKSCAPE} adaptive_foreground_preview.svg -d 640 -y 0 -o xxxhdpi/foreground_npa_preview.png
WORKING_DIRECTORY ${RESOURCES_DIR}/images/android)
+ add_custom_target(npaicons.android.adaptive.monochrome
+ COMMAND ${INKSCAPE} adaptive_monochrome_release.svg -d 120 -y 0 -o ldpi/monochrome_npa.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_release.svg -d 160 -y 0 -o mdpi/monochrome_npa.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_release.svg -d 240 -y 0 -o hdpi/monochrome_npa.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_release.svg -d 320 -y 0 -o xhdpi/monochrome_npa.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_release.svg -d 480 -y 0 -o xxhdpi/monochrome_npa.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_release.svg -d 640 -y 0 -o xxxhdpi/monochrome_npa.png
+ WORKING_DIRECTORY ${RESOURCES_DIR}/images/android)
+
+ add_custom_target(npaicons.android.adaptive.monochrome.beta
+ COMMAND ${INKSCAPE} adaptive_monochrome_beta.svg -d 120 -y 0 -o ldpi/monochrome_npa_beta.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_beta.svg -d 160 -y 0 -o mdpi/monochrome_npa_beta.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_beta.svg -d 240 -y 0 -o hdpi/monochrome_npa_beta.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_beta.svg -d 320 -y 0 -o xhdpi/monochrome_npa_beta.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_beta.svg -d 480 -y 0 -o xxhdpi/monochrome_npa_beta.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_beta.svg -d 640 -y 0 -o xxxhdpi/monochrome_npa_beta.png
+ WORKING_DIRECTORY ${RESOURCES_DIR}/images/android)
+
+ add_custom_target(npaicons.android.adaptive.monochrome.preview
+ COMMAND ${INKSCAPE} adaptive_monochrome_preview.svg -d 120 -y 0 -o ldpi/monochrome_npa_preview.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_preview.svg -d 160 -y 0 -o mdpi/monochrome_npa_preview.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_preview.svg -d 240 -y 0 -o hdpi/monochrome_npa_preview.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_preview.svg -d 320 -y 0 -o xhdpi/monochrome_npa_preview.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_preview.svg -d 480 -y 0 -o xxhdpi/monochrome_npa_preview.png
+ COMMAND ${INKSCAPE} adaptive_monochrome_preview.svg -d 640 -y 0 -o xxxhdpi/monochrome_npa_preview.png
+ WORKING_DIRECTORY ${RESOURCES_DIR}/images/android)
+
add_custom_target(npaicons.android.launchimage
COMMAND ${INKSCAPE} npa_release.svg -w 120 -h 120 -y 0 -o android/ldpi/splash_npa.png
COMMAND ${INKSCAPE} npa_release.svg -w 180 -h 180 -y 0 -o android/mdpi/splash_npa.png
@@ -313,6 +340,9 @@ if(INKSCAPE)
npaicons.android.adaptive.foreground
npaicons.android.adaptive.foreground.beta
npaicons.android.adaptive.foreground.preview
+ npaicons.android.adaptive.monochrome
+ npaicons.android.adaptive.monochrome.beta
+ npaicons.android.adaptive.monochrome.preview
npaicons.android.launchimage
npaicons.android.launchimage.beta
npaicons.android.launchimage.preview
@@ -407,6 +437,33 @@ if(PNGQUANT)
COMMAND ${PNGQUANT_CMD} xxxhdpi/foreground_npa_preview.png -- xxxhdpi/foreground_npa_preview.png
WORKING_DIRECTORY ${RESOURCES_DIR}/images/android)
+ add_custom_target(pngquant.android.adaptive.monochrome
+ COMMAND ${PNGQUANT_CMD} ldpi/monochrome_npa.png -- ldpi/monochrome_npa.png
+ COMMAND ${PNGQUANT_CMD} mdpi/monochrome_npa.png -- mdpi/monochrome_npa.png
+ COMMAND ${PNGQUANT_CMD} hdpi/monochrome_npa.png -- hdpi/monochrome_npa.png
+ COMMAND ${PNGQUANT_CMD} xhdpi/monochrome_npa.png -- xhdpi/monochrome_npa.png
+ COMMAND ${PNGQUANT_CMD} xxhdpi/monochrome_npa.png -- xxhdpi/monochrome_npa.png
+ COMMAND ${PNGQUANT_CMD} xxxhdpi/monochrome_npa.png -- xxxhdpi/monochrome_npa.png
+ WORKING_DIRECTORY ${RESOURCES_DIR}/images/android)
+
+ add_custom_target(pngquant.android.adaptive.monochrome.beta
+ COMMAND ${PNGQUANT_CMD} ldpi/monochrome_npa_beta.png -- ldpi/monochrome_npa_beta.png
+ COMMAND ${PNGQUANT_CMD} mdpi/monochrome_npa_beta.png -- mdpi/monochrome_npa_beta.png
+ COMMAND ${PNGQUANT_CMD} hdpi/monochrome_npa_beta.png -- hdpi/monochrome_npa_beta.png
+ COMMAND ${PNGQUANT_CMD} xhdpi/monochrome_npa_beta.png -- xhdpi/monochrome_npa_beta.png
+ COMMAND ${PNGQUANT_CMD} xxhdpi/monochrome_npa_beta.png -- xxhdpi/monochrome_npa_beta.png
+ COMMAND ${PNGQUANT_CMD} xxxhdpi/monochrome_npa_beta.png -- xxxhdpi/monochrome_npa_beta.png
+ WORKING_DIRECTORY ${RESOURCES_DIR}/images/android)
+
+ add_custom_target(pngquant.android.adaptive.monochrome.preview
+ COMMAND ${PNGQUANT_CMD} ldpi/monochrome_npa_preview.png -- ldpi/monochrome_npa_preview.png
+ COMMAND ${PNGQUANT_CMD} mdpi/monochrome_npa_preview.png -- mdpi/monochrome_npa_preview.png
+ COMMAND ${PNGQUANT_CMD} hdpi/monochrome_npa_preview.png -- hdpi/monochrome_npa_preview.png
+ COMMAND ${PNGQUANT_CMD} xhdpi/monochrome_npa_preview.png -- xhdpi/monochrome_npa_preview.png
+ COMMAND ${PNGQUANT_CMD} xxhdpi/monochrome_npa_preview.png -- xxhdpi/monochrome_npa_preview.png
+ COMMAND ${PNGQUANT_CMD} xxxhdpi/monochrome_npa_preview.png -- xxxhdpi/monochrome_npa_preview.png
+ WORKING_DIRECTORY ${RESOURCES_DIR}/images/android)
+
add_custom_target(pngquant.android.launchimage
COMMAND ${PNGQUANT_CMD} ldpi/splash_npa.png -- ldpi/splash_npa.png
COMMAND ${PNGQUANT_CMD} mdpi/splash_npa.png -- mdpi/splash_npa.png
@@ -491,6 +548,9 @@ if(PNGQUANT)
pngquant.android.adaptive.foreground
pngquant.android.adaptive.foreground.beta
pngquant.android.adaptive.foreground.preview
+ pngquant.android.adaptive.monochrome
+ pngquant.android.adaptive.monochrome.beta
+ pngquant.android.adaptive.monochrome.preview
pngquant.android.launchimage
pngquant.android.launchimage.beta
pngquant.android.launchimage.preview
diff --git a/cmake/android.toolchain.cmake b/cmake/android.toolchain.cmake
index c21ea168a..a509852ae 100644
--- a/cmake/android.toolchain.cmake
+++ b/cmake/android.toolchain.cmake
@@ -52,7 +52,6 @@ if(NOT ANDROID_BUILD_TOOLS_REVISION)
endif()
READ_REVISION(ANDROID_NDK_REVISION ".*Revision = ([0-9|\\.]+)" "${CMAKE_ANDROID_NDK}/source.properties")
-READ_REVISION(ANDROID_SDK_REVISION ".*Revision=([0-9|\\.]+)" "${ANDROID_SDK}/cmdline-tools/latest/source.properties;${ANDROID_SDK}/tools/source.properties")
set(CMAKE_ANDROID_NDK_TOOLCHAIN_VERSION clang)
set(CMAKE_SYSTEM_NAME Android)
@@ -73,10 +72,6 @@ if(CMAKE_ANDROID_ARCH_ABI STREQUAL "armeabi-v7a")
set(CMAKE_ANDROID_ARM_NEON ON)
endif()
-# Emulate NDK CMake-Variable as Qt 5.14 needs this (Multi-ABI)
-set(ANDROID_ABI ${CMAKE_ANDROID_ARCH_ABI})
-
-
set(CMAKE_FIND_ROOT_PATH ${CMAKE_PREFIX_PATH} CACHE STRING "android find search path root")
set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
diff --git a/docs/failurecodes/failurecodes.rst b/docs/failurecodes/failurecodes.rst
index 1a5fe2024..1e880d5e0 100644
--- a/docs/failurecodes/failurecodes.rst
+++ b/docs/failurecodes/failurecodes.rst
@@ -157,21 +157,21 @@ Codes
the description of the service provider certificate. This condition is not met.
| **Possible Solutions:** :ref:`failure_code_inform_service_provider`.
- - | **Pre_Verfication_No_Test_Environment**
+ - | **Pre_Verification_No_Test_Environment**
| Occurs when the development mode of AusweisApp2 is activated and a genuine ID card is used.
| **Possible Solutions:** Disable developer mode. The use of genuine ID cards is not permitted with
activated developer mode, as this is only intended to facilitate the commissioning of services
with test ID cards.
- - | **Pre_Verfication_Invalid_Certificate_Chain**
+ - | **Pre_Verification_Invalid_Certificate_Chain**
| A certificate chain was sent from the server that is unknown to AusweisApp2.
| **Possible Solutions:** :ref:`failure_code_inform_service_provider`.
- - | **Pre_Verfication_Invalid_Certificate_Signature**
+ - | **Pre_Verification_Invalid_Certificate_Signature**
| At least one signature in the certificate chain used by the server is incorrect.
| **Possible Solutions:** :ref:`failure_code_inform_service_provider`.
- - | **Pre_Verfication_Certificate_Expired**
+ - | **Pre_Verification_Certificate_Expired**
| The certificate chain used by the server is currently not valid.
| **Possible Solutions:** Make sure your system time is set correctly. If the problem persists,
see :ref:`failure_code_inform_service_provider`.
@@ -262,14 +262,14 @@ Codes
- | **Generic_Send_Receive_Paos_Unhandled**
| A message was sent by the server in the PAOS communication during authentication, that
- could be completely processed.
+ could not be completely processed.
| **Possible Solutions:** :ref:`failure_code_contact_support`.
- | **Generic_Send_Receive_Network_Error**
| A network error has occurred in the PAOS communication during authentication.
| **Possible Solutions:** :ref:`failure_code_fix_connections_problems`.
- - | **Generic_Send_Receive_Ssl_Error**
+ - | **Generic_Send_Receive_Tls_Error**
| An authentication error occurred in the PAOS communication during the TLS handshake. The TLS
certificate is incorrect.
| **Possible Solutions:** :ref:`failure_code_inform_service_provider`.
@@ -318,7 +318,7 @@ Codes
did not behave as expected by the server.
| **Possible Solutions:** :ref:`failure_code_contact_support`.
- - | **Check_Refresh_Address_Fatal_Ssl_Error_Before_Reply**
+ - | **Check_Refresh_Address_Fatal_Tls_Error_Before_Reply**
| An error occurred during the TLS handshake when checking the return address after a successful
authentication. The TLS certificate is incorrect.
| **Possible Solutions:** :ref:`failure_code_inform_service_provider`.
@@ -341,7 +341,7 @@ Codes
didn't work for checking the return address.
| **Possible Solutions:** :ref:`failure_code_fix_connections_problems`.
- - | **Check_Refresh_Address_Fatal_Ssl_Error_After_Reply**
+ - | **Check_Refresh_Address_Fatal_Tls_Error_After_Reply**
| When checking the return address after successful authentication, the TLS handshake could not
be completed successfully.
| **Possible Solutions:** :ref:`failure_code_fix_connections_problems`.
@@ -413,7 +413,7 @@ Codes
self-authentication.
| **Possible Solutions:** :ref:`failure_code_inform_service_provider`.
- - | **Generic_Provider_Communication_Ssl_Error**
+ - | **Generic_Provider_Communication_Tls_Error**
| An error occurred during the TLS handshake when communicating with a service provider. The TLS
certificate is incorrect. This only applies to services that are started from AusweisApp2,
such as self-authentication.
diff --git a/docs/failurecodes/locales/de/LC_MESSAGES/failurecodes.po b/docs/failurecodes/locales/de/LC_MESSAGES/failurecodes.po
index f99714f26..6f1d212ec 100644
--- a/docs/failurecodes/locales/de/LC_MESSAGES/failurecodes.po
+++ b/docs/failurecodes/locales/de/LC_MESSAGES/failurecodes.po
@@ -360,7 +360,7 @@ msgstr ""
"TLS-Zertifikate in der Beschreibung des Diensteanbieterzertifikats "
"enthalten sind. Diese Bedingung ist nicht erfüllt."
-msgid "**Pre_Verfication_No_Test_Environment**"
+msgid "**Pre_Verification_No_Test_Environment**"
msgstr ""
msgid ""
@@ -380,7 +380,7 @@ msgstr ""
"dieser nur die Inbetriebnahme von Diensten mit Testausweisen erleichtern "
"soll."
-msgid "**Pre_Verfication_Invalid_Certificate_Chain**"
+msgid "**Pre_Verification_Invalid_Certificate_Chain**"
msgstr ""
msgid ""
@@ -390,7 +390,7 @@ msgstr ""
"Vom Server wurde eine Zertifikatskette gesendet, die der AusweisApp2 "
"nicht bekannt ist."
-msgid "**Pre_Verfication_Invalid_Certificate_Signature**"
+msgid "**Pre_Verification_Invalid_Certificate_Signature**"
msgstr ""
msgid ""
@@ -400,7 +400,7 @@ msgstr ""
"Mindestens eine Signatur in der vom Server genutzten Zertifikatskette ist"
" nicht korrekt."
-msgid "**Pre_Verfication_Certificate_Expired**"
+msgid "**Pre_Verification_Certificate_Expired**"
msgstr ""
msgid "The certificate chain used by the server is currently not valid."
@@ -639,7 +639,7 @@ msgstr ""
msgid ""
"A message was sent by the server in the PAOS communication during "
-"authentication, that could be completely processed."
+"authentication, that could not be completely processed."
msgstr ""
"Bei einer Authentisierung ist eine Nachricht vom Server in der PAOS-"
"Kommunikation gesendet worden, die nicht vollständig verarbeitet werden "
@@ -655,7 +655,7 @@ msgstr ""
"Bei einer Authentisierung ist ein Netzwerkfehler in der PAOS-"
"Kommunikation aufgetreten."
-msgid "**Generic_Send_Receive_Ssl_Error**"
+msgid "**Generic_Send_Receive_Tls_Error**"
msgstr ""
msgid ""
@@ -766,7 +766,7 @@ msgstr ""
"geliefert. Die AusweisApp2 oder die Karte hat sich nicht entsprechend der"
" Erwartung des Servers verhalten."
-msgid "**Check_Refresh_Address_Fatal_Ssl_Error_Before_Reply**"
+msgid "**Check_Refresh_Address_Fatal_Tls_Error_Before_Reply**"
msgstr ""
msgid ""
@@ -815,7 +815,7 @@ msgstr ""
" Proxyserver konfiguriert. Dieser hat für die Überprüfung der "
"Rücksprungadresse nicht funktioniert."
-msgid "**Check_Refresh_Address_Fatal_Ssl_Error_After_Reply**"
+msgid "**Check_Refresh_Address_Fatal_Tls_Error_After_Reply**"
msgstr ""
msgid ""
@@ -976,7 +976,7 @@ msgstr ""
"aus der AusweisApp2 heraus gestartet werden, wie zum Beispiel die "
"Selbstauskunft."
-msgid "**Generic_Provider_Communication_Ssl_Error**"
+msgid "**Generic_Provider_Communication_Tls_Error**"
msgstr ""
msgid ""
diff --git a/docs/installation/README.de.rst b/docs/installation/README.de.rst
index a1aea8ea2..ae077291b 100644
--- a/docs/installation/README.de.rst
+++ b/docs/installation/README.de.rst
@@ -173,8 +173,8 @@ dargestellt:
remindToClose
- showSetupAssistant
-
+ uiStartupModule
+ DEFAULT
transportPinReminder
customProxyType
@@ -183,8 +183,6 @@ dargestellt:
proxy.example.org
customProxyPort
1337
- autoUpdateCheck
-
keylessPassword
shuffleScreenKeyboard
@@ -209,12 +207,11 @@ macOS Windows
======================= =======================
autoCloseWindow AUTOHIDE
remindToClose REMINDTOCLOSE
-showSetupAssistant ASSISTANT
+uiStartupModule ASSISTANT
transportPinReminder TRANSPORTPINREMINDER
customProxyType CUSTOMPROXYTYPE
customProxyPort CUSTOMPROXYPORT
customProxyHost CUSTOMPROXYHOST
-autoUpdateCheck UPDATECHECK
keylessPassword ONSCREENKEYBOARD
shuffleScreenKeyboard SHUFFLESCREENKEYBOARD
visualPrivacy SECURESCREENKEYBOARD
diff --git a/docs/installation/README.en.rst b/docs/installation/README.en.rst
index 2f03af350..4ab2cd596 100644
--- a/docs/installation/README.en.rst
+++ b/docs/installation/README.en.rst
@@ -160,8 +160,8 @@ the file must be "com.governikus.AusweisApp2.plist". The content is shown below:
remindToClose
- showSetupAssistant
-
+ uiStartupModule
+ DEFAULT
transportPinReminder
customProxyType
@@ -170,8 +170,6 @@ the file must be "com.governikus.AusweisApp2.plist". The content is shown below:
proxy.example.org
customProxyPort
1337
- autoUpdateCheck
-
keylessPassword
shuffleScreenKeyboard
@@ -195,12 +193,11 @@ macOS Windows
======================= =======================
autoCloseWindow AUTOHIDE
remindToClose REMINDTOCLOSE
-showSetupAssistant ASSISTANT
+uiStartupModule ASSISTANT
transportPinReminder TRANSPORTPINREMINDER
customProxyType CUSTOMPROXYTYPE
customProxyPort CUSTOMPROXYPORT
customProxyHost CUSTOMPROXYHOST
-autoUpdateCheck UPDATECHECK
keylessPassword ONSCREENKEYBOARD
shuffleScreenKeyboard SHUFFLESCREENKEYBOARD
visualPrivacy SECURESCREENKEYBOARD
@@ -251,7 +248,7 @@ the requests.
Broadcast on UDP port 24727 in the local subnet have to be receivable by the
AusweisApp2 to use the "Smartphone as Card Reader" functionality.
-It may be necessary to deactive AP isolation on your router.
+It may be necessary to deactivate AP isolation on your router.
.. _communicationmodel_en:
.. figure:: CommunicationModel_en.pdf
diff --git a/docs/releasenotes/1.26.5.rst b/docs/releasenotes/1.26.5.rst
new file mode 100644
index 000000000..450f414bb
--- /dev/null
+++ b/docs/releasenotes/1.26.5.rst
@@ -0,0 +1,36 @@
+AusweisApp2 1.26.5
+^^^^^^^^^^^^^^^^^^
+
+**Releasedatum:** 25. Juli 2023
+
+
+Anwender
+""""""""
+- Überarbeitung des Kopplungsprozesses der Funktion Smartphone als Kartenleser.
+ Beide an der Kopplung beteiligten Geräte müssen auf Version 1.26.5 aktualisiert werden.
+ Versionen kleiner als 1.26.5 lassen sich nicht mit einer AusweisApp2 1.26.5 koppeln.
+
+- Die Anzeige des Fortschritts erfolgt jetzt auch auf einem Smartphone als Kartenleser.
+
+- Der Tastaturmodus auf einem Smartphone als Kartenleser ist jetzt standardmäßig aktiviert.
+
+- Bei Nutzung des Tastaturmodus auf einem Smartphone als Kartenleser kann in den Einstellungen eine
+ erneute Anzeige der Berechtigungen aktiviert werden.
+
+- Ergänzung eines monochromen Icons unter Android.
+
+- Berücksichtigung von Command + W unter macOS.
+
+- Entfernung der Updatefunktion auf macOS zugunsten des Mac App Store.
+
+- Kleinere Fehlerbehebungen und Optimierungen.
+
+
+Entwickler
+""""""""""
+- Die Dokumentation für die Installation in Firmennetzwerken unter macOS für die Einstellung zum
+ Einrichtungsassistenten wurde korrigiert.
+
+- Optimierung der Größe des Android SDK.
+
+- Aktualisierung von OpenSSL auf die Version 3.0.9.
diff --git a/docs/releasenotes/announce.rst b/docs/releasenotes/announce.rst
index 13d2566ef..f8b914e20 100644
--- a/docs/releasenotes/announce.rst
+++ b/docs/releasenotes/announce.rst
@@ -5,6 +5,8 @@ Mit der Version 1.28.0 der AusweisApp2 wird die Unterstützung
folgender Systeme und Funktionen eingestellt.
- macOS Catalina 10.15
+- Android 7
+- iOS 13
- Online-Hilfe
- PDF-Export-Funktion der Selbstauskunft
diff --git a/docs/releasenotes/appcast.rst b/docs/releasenotes/appcast.rst
index 682bc053d..5aee3573d 100644
--- a/docs/releasenotes/appcast.rst
+++ b/docs/releasenotes/appcast.rst
@@ -4,6 +4,7 @@ Release Notes
.. toctree::
:maxdepth: 1
+ 1.26.5
1.26.4
1.26.3
1.26.2
diff --git a/docs/releasenotes/issues.rst b/docs/releasenotes/issues.rst
index 0ca9b1bd4..9f6d82294 100644
--- a/docs/releasenotes/issues.rst
+++ b/docs/releasenotes/issues.rst
@@ -38,11 +38,6 @@ Windows / macOS
- Die visuelle Hervorhebung des aktiven Elements wird an einigen Stellen
fälschlicherwiese auch aktiviert, wenn die Maus benutzt wurde.
-- Unter macOS werden im System hinterlegte Proxy-Server nicht erkannt und
- damit auch nicht automatisch verwendet. Um manuell einen Proxy-Server in
- der AusweisApp2 zu hinterlegen beachten Sie die Anleitung zur Installation
- in Firmennetzwerken.
-
Android / iOS
"""""""""""""
diff --git a/docs/releasenotes/support.rst b/docs/releasenotes/support.rst
index 6a5f4bf21..88faee3ed 100644
--- a/docs/releasenotes/support.rst
+++ b/docs/releasenotes/support.rst
@@ -54,13 +54,13 @@ und sollte daher mit allen marktüblichen Browsern verwendet werden können.
Im Rahmen der Qualitätssicherung werden die folgenden Browserversionen
getestet.
-- Chrome 112
+- Chrome 115
-- Firefox 112
+- Firefox 115
-- Safari 16.4 (macOS)
+- Safari 16.5 (macOS)
-- Edge 112
+- Edge 115
@@ -118,13 +118,13 @@ Im mobilen Umfeld ist die Funktionalität jedoch abhängig von der vom
Anbieter umgesetzten Aktivierung. Daher empfehlen wir einen der
folgenden Browser zu verwenden.
-- Chrome 112 (iOS/Android)
+- Chrome 115 (iOS/Android)
-- Firefox 112 (iOS/Android)
+- Firefox 115 (iOS/Android)
-- Samsung Internet 20 (Android)
+- Samsung Internet 22 (Android)
-- Safari 16.4 (iOS)
+- Safari 16.5 (iOS)
Kartenleser
diff --git a/docs/releasenotes/versions.rst b/docs/releasenotes/versions.rst
index 67040af81..2eeb00038 100644
--- a/docs/releasenotes/versions.rst
+++ b/docs/releasenotes/versions.rst
@@ -6,6 +6,7 @@ Versionszweig 1.26
.. toctree::
:maxdepth: 1
+ 1.26.5
1.26.4
1.26.3
1.26.2
diff --git a/docs/sdk/messages.rst b/docs/sdk/messages.rst
index 8187f0715..d091862e6 100644
--- a/docs/sdk/messages.rst
+++ b/docs/sdk/messages.rst
@@ -810,6 +810,8 @@ until a card with enabled eID function is inserted.
to unblock the PIN.
- **deactivated**: True if eID function is deactivated, otherwise false.
+ The scan dialog on iOS won't be closed if this is True. You need to
+ send :ref:`interrupt` yourself to show an error message.
- **retryCounter**: Count of possible retries for the PIN. If you enter a PIN
with command :ref:`set_pin` it will be decreased if PIN was incorrect.
diff --git a/docs/sdk/workflow.rst b/docs/sdk/workflow.rst
index b5cc87807..a55a97779 100644
--- a/docs/sdk/workflow.rst
+++ b/docs/sdk/workflow.rst
@@ -24,7 +24,7 @@ into the connected card reader.
.. code-block:: json
- {"cmd": "RUN_AUTH", "tcTokenURL": "https://test.governikus-eid.de/DEMO"}
+ {"cmd": "RUN_AUTH", "tcTokenURL": "https://test.governikus-eid.de/AusweisAuskunft/WebServiceRequesterServlet"}
{"msg": "AUTH"}
diff --git a/libs/CMakeLists.txt b/libs/CMakeLists.txt
index 4af45b2a6..77505ba7f 100644
--- a/libs/CMakeLists.txt
+++ b/libs/CMakeLists.txt
@@ -109,11 +109,7 @@ if(NOT CMAKE_HOST_SYSTEM_NAME STREQUAL CMAKE_SYSTEM_NAME)
endif()
################################## Versions
-set(QT 6.4.1)
-set(QT_HASH e20b850b6134098a7f2e7701cfddfb213c6cf394b9e848e6fbc5b0e89dcfcc09)
-
-set(OPENSSL 3.0.8)
-set(OPENSSL_HASH 6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e)
+include(Versions.cmake)
################################## Files
set(QT_FILE qt-everywhere-src-${QT}.tar.xz)
diff --git a/libs/Versions.cmake b/libs/Versions.cmake
new file mode 100644
index 000000000..56bc6c003
--- /dev/null
+++ b/libs/Versions.cmake
@@ -0,0 +1,5 @@
+set(QT 6.4.1)
+set(QT_HASH e20b850b6134098a7f2e7701cfddfb213c6cf394b9e848e6fbc5b0e89dcfcc09)
+
+set(OPENSSL 3.0.9)
+set(OPENSSL_HASH eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90)
diff --git a/libs/patch.cmake.in b/libs/patch.cmake.in
index 6f5ded14a..adec3a60a 100644
--- a/libs/patch.cmake.in
+++ b/libs/patch.cmake.in
@@ -15,11 +15,11 @@ endfunction()
function(PATCH_SOURCES _component)
set(PATCHES_DIR @PROJECT_SOURCE_DIR@/patches)
- file(GLOB PATCHES "${PATCHES_DIR}/${_component}-*.patch")
+ file(GLOB PATCHES "${PATCHES_DIR}/${_component}*.patch")
PATCH_SOURCES_EXECUTE("${PATCHES}")
if("@CMAKE_BUILD_TYPE@" STREQUAL "DEBUG")
- file(GLOB PATCHES_DEBUG "${PATCHES_DIR}/debug/${_component}-*.patch")
+ file(GLOB PATCHES_DEBUG "${PATCHES_DIR}/debug/${_component}*.patch")
PATCH_SOURCES_EXECUTE("${PATCHES_DEBUG}")
endif()
endfunction()
diff --git a/libs/patches.cmake b/libs/patches.cmake
new file mode 100644
index 000000000..fcedd53b2
--- /dev/null
+++ b/libs/patches.cmake
@@ -0,0 +1,223 @@
+cmake_minimum_required(VERSION 3.19.0)
+
+# How to use
+#
+# Create an empty directory and provide it by -DREPOSITORY_DIR or set
+# REPOSITORY_DIR as environment variable.
+#
+# - Apply existing patches
+# $ cmake -DCMD=apply -P libs/patches.cmake
+# 1. This will clone all repositores to REPOSITORY_DIR.
+# 2. Checkout git tag from Versions.cmake to a new ausweisap_ branch.
+# It will delete that branch if it exist.
+# 3. Apply all patches to the new branch.
+#
+# - Generate patches from repositories
+# $ cmake -DCMD=generate -P libs/patches.cmake
+# 1. All existing patches in "patches" directory will be deleted.
+# 2. Branch of current Version on all repositories in REPOSITORY_DIR will be scanned.
+# 3. All changesets from the latest tag will be exported to "patches" dir.
+#
+# If you need a new repository you can clone it into REPOSITORY_DIR.
+# Checkout the release tag of used Version.cmake and cherry-pick or add
+# changesets to it. It will be exported with "generate".
+# If you need to remove patches, just delete the changesets or the whole clone.
+#
+# - Upgrade Qt or OpenSSL
+# 1. Apply all patches with this script and do the following on each repository.
+# The version is an example and should be adjusted!
+# 2. git checkout ausweisapp_6.4.3 -b ausweisapp_6.6.0
+# 3. git rebase --onto v6.6.0 v6.4.3 HEAD
+# 4. Bump version in Versions.cmake and use this script to generate the patches.
+
+if(NOT CMAKE_SCRIPT_MODE_FILE OR NOT CMD)
+ message(FATAL_ERROR "Usage: cmake -DCMD=apply|generate -P libs/patches.cmake")
+endif()
+
+find_package(Git REQUIRED)
+
+if(NOT REPOSITORY_DIR)
+ set(REPOSITORY_DIR $ENV{REPOSITORY_DIR})
+ if(NOT REPOSITORY_DIR)
+ message(FATAL_ERROR "Define REPOSITORY_DIR for local repositories")
+ endif()
+ if(NOT EXISTS "${REPOSITORY_DIR}")
+ message(FATAL_ERROR "REPOSITORY_DIR ${REPOSITORY_DIR} does not exist")
+ endif()
+endif()
+
+get_filename_component(libs_dir "${CMAKE_SCRIPT_MODE_FILE}" DIRECTORY)
+set(patch_dir "${libs_dir}/patches")
+set(CMAKE_MODULE_PATH "${PROJECT_SOURCE_DIR}/../cmake;${libs_dir}")
+include(Versions)
+
+function(execute_dir dir)
+ execute_process(COMMAND ${GIT_EXECUTABLE} ${ARGN}
+ WORKING_DIRECTORY "${REPOSITORY_DIR}/${dir}"
+ RESULT_VARIABLE _result)
+
+ if(NOT "${_result}" EQUAL 0)
+ message(FATAL_ERROR "git failed: ${_result}")
+ endif()
+endfunction()
+
+function(execute)
+ execute_dir("" ${ARGN})
+endfunction()
+
+function(git_clone prefix)
+ if(NOT EXISTS "${REPOSITORY_DIR}/${prefix}")
+ message(STATUS "Repository not found: ${prefix}")
+ if(prefix STREQUAL "openssl")
+ execute(clone "https://github.com/openssl/openssl" "${prefix}")
+ elseif(prefix MATCHES "qt")
+ execute(clone "https://code.qt.io/qt/${prefix}.git" "${prefix}")
+ endif()
+ endif()
+endfunction()
+
+function(git_checkout prefix)
+ get_version_branch("${prefix}" version tmp_branch)
+ execute_dir("${prefix}" fetch)
+ execute_dir("${prefix}" checkout -q ${version})
+ execute_process(COMMAND ${GIT_EXECUTABLE} branch -D ${tmp_branch} WORKING_DIRECTORY ${REPOSITORY_DIR}/${prefix})
+ execute_process(COMMAND ${GIT_EXECUTABLE} am --abort WORKING_DIRECTORY ${REPOSITORY_DIR}/${prefix} OUTPUT_QUIET ERROR_QUIET)
+ execute_dir("${prefix}" checkout ${version} -b ${tmp_branch})
+endfunction()
+
+function(get_version_branch prefix _version _branch)
+ set(tmp_branch ausweisapp)
+ if(prefix STREQUAL "openssl")
+ set(version openssl-${OPENSSL})
+ set(tmp_branch ${tmp_branch}_${OPENSSL})
+ elseif(prefix MATCHES "qt")
+ set(version v${QT})
+ set(tmp_branch ${tmp_branch}_${QT})
+ endif()
+
+ set(${_version} "${version}" PARENT_SCOPE)
+ set(${_branch} "${tmp_branch}" PARENT_SCOPE)
+endfunction()
+
+function(apply_patches)
+ file(GLOB PATCHES "${patch_dir}/*.patch")
+ foreach(patch ${PATCHES})
+ get_filename_component(filename "${patch}" NAME)
+ string(REGEX MATCH "([a-z|-]+)-[0-9]+.+" _unused "${filename}")
+ set(prefix ${CMAKE_MATCH_1})
+
+ list(APPEND prefixes "${prefix}")
+ list(APPEND "${prefix}" "${patch}")
+
+ if(NOT (prefix STREQUAL "openssl" OR prefix MATCHES "qt"))
+ message(FATAL_ERROR "Prefix unknown: ${prefix}")
+ endif()
+ endforeach()
+
+ list(REMOVE_DUPLICATES prefixes)
+ foreach(prefix ${prefixes})
+ message(STATUS "Apply component: ${prefix}")
+ git_clone(${prefix})
+ git_checkout(${prefix})
+
+ foreach(patch ${${prefix}})
+ if(prefix STREQUAL "openssl")
+ set(p 1)
+ elseif(prefix MATCHES "qt")
+ set(p 2)
+ endif()
+
+ execute_process(COMMAND ${CMAKE_COMMAND} -E env GIT_COMMITTER_NAME="Governikus" GIT_COMMITTER_EMAIL="" --
+ ${GIT_EXECUTABLE} am --whitespace=fix --no-gpg-sign --committer-date-is-author-date -p${p} "${patch}"
+ WORKING_DIRECTORY "${REPOSITORY_DIR}/${prefix}"
+ RESULT_VARIABLE _result)
+
+ if(NOT "${_result}" EQUAL 0)
+ message(FATAL_ERROR "cannot apply patch: ${_result}")
+ endif()
+ endforeach()
+ endforeach()
+endfunction()
+
+
+function(get_latest_tag _out repo)
+ execute_process(COMMAND ${GIT_EXECUTABLE} describe --tags --abbrev=0
+ WORKING_DIRECTORY ${repo}
+ OUTPUT_VARIABLE _output
+ RESULT_VARIABLE _result
+ ERROR_QUIET
+ OUTPUT_STRIP_TRAILING_WHITESPACE)
+
+ if(${_result} EQUAL 0)
+ set(${_out} "${_output}" PARENT_SCOPE)
+ endif()
+endfunction()
+
+function(get_current_branch _out repo)
+ execute_process(COMMAND ${GIT_EXECUTABLE} branch --show-current
+ WORKING_DIRECTORY ${repo}
+ OUTPUT_VARIABLE _output
+ RESULT_VARIABLE _result
+ ERROR_QUIET
+ OUTPUT_STRIP_TRAILING_WHITESPACE)
+
+ if(NOT "${_result}" EQUAL 0)
+ message(FATAL_ERROR "git failed: ${_result}")
+ endif()
+ set(${_out} "${_output}" PARENT_SCOPE)
+endfunction()
+
+function(rename_patches component)
+ file(GLOB PATCHES "${patch_dir}/*.patch")
+ foreach(patch ${PATCHES})
+ get_filename_component(filename "${patch}" NAME)
+ if(filename MATCHES "^[0-9]+.*")
+ file(RENAME "${patch}" "${patch_dir}/${component}-${filename}")
+ endif()
+ endforeach()
+endfunction()
+
+function(generate_patches)
+ file(GLOB PATCHES "${patch_dir}/*.patch")
+ if(PATCHES)
+ file(REMOVE ${PATCHES})
+ endif()
+
+ list(APPEND prefixes openssl qt)
+ foreach(prefix ${prefixes})
+ file(GLOB REPOS "${REPOSITORY_DIR}/${prefix}*")
+ foreach(repo ${REPOS})
+ get_filename_component(dirname "${repo}" NAME)
+ get_version_branch("${prefix}" version tmp_branch)
+ execute_process(COMMAND ${GIT_EXECUTABLE} checkout -q ${tmp_branch} WORKING_DIRECTORY ${repo} OUTPUT_QUIET ERROR_QUIET)
+ get_current_branch(current_branch "${repo}")
+ if(current_branch STREQUAL tmp_branch)
+ get_latest_tag(latesttag "${repo}")
+ message(STATUS "Generate patches of ${dirname} since tag ${latesttag}")
+
+ if(dirname STREQUAL "openssl")
+ set(component "")
+ else()
+ set(component "${dirname}/")
+ endif()
+
+ execute_dir("${dirname}" format-patch --no-signature --no-renames --no-binary --src-prefix=x/${component} --dst-prefix=y/${component} -k ${latesttag}..HEAD -o "${patch_dir}")
+ rename_patches(${dirname})
+ else()
+ message(STATUS "Skip patches of ${dirname} and branch ${current_branch}")
+ endif()
+ endforeach()
+ endforeach()
+endfunction()
+
+
+
+if(CMD STREQUAL "generate")
+ message(STATUS "Generate patches!")
+ generate_patches()
+elseif(CMD STREQUAL "apply")
+ message(STATUS "Apply patches!")
+ apply_patches()
+else()
+ message(FATAL_ERROR "Unknown CMD: ${CMD}")
+endif()
diff --git a/libs/patches/openssl-0001-Adjust-iOS-target.patch b/libs/patches/openssl-0001-Adjust-iOS-target.patch
index c2345ef24..6f9fcdcc7 100644
--- a/libs/patches/openssl-0001-Adjust-iOS-target.patch
+++ b/libs/patches/openssl-0001-Adjust-iOS-target.patch
@@ -1,4 +1,4 @@
-From a16972bcfd33b694fd27d19e85754be74daa4430 Mon Sep 17 00:00:00 2001
+From c97e9531a9da0ad5ae3bfb7cec90b03475a58a76 Mon Sep 17 00:00:00 2001
From: Lars Schmertmann
Date: Fri, 12 Feb 2021 13:15:00 +0100
Subject: Adjust iOS target
@@ -8,7 +8,7 @@ Subject: Adjust iOS target
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git x/Configurations/15-ios.conf y/Configurations/15-ios.conf
-index 54d37f63f4..a4ade8d209 100644
+index 54d37f63f4..7e411b2e3a 100644
--- x/Configurations/15-ios.conf
+++ y/Configurations/15-ios.conf
@@ -25,7 +25,7 @@ my %targets = (
@@ -20,5 +20,3 @@ index 54d37f63f4..a4ade8d209 100644
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
asm_arch => 'aarch64',
perlasm_scheme => "ios64",
---
-2.35.1
diff --git a/libs/patches/openssl-0002-android-shlib_variant.patch b/libs/patches/openssl-0002-android-shlib_variant.patch
index 24f251fda..d562c1057 100644
--- a/libs/patches/openssl-0002-android-shlib_variant.patch
+++ b/libs/patches/openssl-0002-android-shlib_variant.patch
@@ -1,4 +1,4 @@
-From 8e011194bf8b4e4275f51f76b75a1b22e45e9564 Mon Sep 17 00:00:00 2001
+From 8353ce61f188109953e327b4bddf65c95e4baf92 Mon Sep 17 00:00:00 2001
From: Lars Schmertmann
Date: Tue, 19 Jan 2021 17:07:51 +0100
Subject: android shlib_variant
@@ -41,6 +41,3 @@ index 41ad9223e0..f804aeb11b 100644
},
####################################################################
---
-2.35.1
-
diff --git a/libs/patches/openssl-0003-Do-not-ignore-empty-associated-data-with-AES-SIV-mod.patch b/libs/patches/openssl-0003-Do-not-ignore-empty-associated-data-with-AES-SIV-mod.patch
new file mode 100644
index 000000000..914498ed2
--- /dev/null
+++ b/libs/patches/openssl-0003-Do-not-ignore-empty-associated-data-with-AES-SIV-mod.patch
@@ -0,0 +1,55 @@
+From 9faa80071777b8a0b9eca1ab59bf69adb4621d9f Mon Sep 17 00:00:00 2001
+From: Tomas Mraz
+Date: Tue, 4 Jul 2023 17:30:35 +0200
+Subject: Do not ignore empty associated data with AES-SIV mode
+
+The AES-SIV mode allows for multiple associated data items
+authenticated separately with any of these being 0 length.
+
+The provided implementation ignores such empty associated data
+which is incorrect in regards to the RFC 5297 and is also
+a security issue because such empty associated data then become
+unauthenticated if an application expects to authenticate them.
+
+Fixes CVE-2023-2975
+
+Reviewed-by: Matt Caswell
+Reviewed-by: Paul Dale
+(Merged from https://github.com/openssl/openssl/pull/21384)
+
+(cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9)
+(cherry picked from commit 00e2f5eea29994d19293ec4e8c8775ba73678598)
+---
+ .../implementations/ciphers/cipher_aes_siv.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git x/providers/implementations/ciphers/cipher_aes_siv.c y/providers/implementations/ciphers/cipher_aes_siv.c
+index 45010b90db..b396c8651a 100644
+--- x/providers/implementations/ciphers/cipher_aes_siv.c
++++ y/providers/implementations/ciphers/cipher_aes_siv.c
+@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl,
+ if (!ossl_prov_is_running())
+ return 0;
+
+- if (inl == 0) {
+- *outl = 0;
+- return 1;
+- }
++ /* Ignore just empty encryption/decryption call and not AAD. */
++ if (out != NULL) {
++ if (inl == 0) {
++ if (outl != NULL)
++ *outl = 0;
++ return 1;
++ }
+
+- if (outsize < inl) {
+- ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+- return 0;
++ if (outsize < inl) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
++ return 0;
++ }
+ }
+
+ if (ctx->hw->cipher(ctx, out, in, inl) <= 0)
diff --git a/libs/patches/openssl-0004-Fix-DH_check-excessive-time-with-over-sized-modulus.patch b/libs/patches/openssl-0004-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
new file mode 100644
index 000000000..4582d5309
--- /dev/null
+++ b/libs/patches/openssl-0004-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
@@ -0,0 +1,72 @@
+From c012334ed713416cc30d6b2ff4dbeca97d1503c3 Mon Sep 17 00:00:00 2001
+From: Matt Caswell
+Date: Thu, 6 Jul 2023 16:36:35 +0100
+Subject: Fix DH_check() excessive time with over sized modulus
+
+The DH_check() function checks numerous aspects of the key or parameters
+that have been supplied. Some of those checks use the supplied modulus
+value even if it is excessively large.
+
+There is already a maximum DH modulus size (10,000 bits) over which
+OpenSSL will not generate or derive keys. DH_check() will however still
+perform various tests for validity on such a large modulus. We introduce a
+new maximum (32,768) over which DH_check() will just fail.
+
+An application that calls DH_check() and supplies a key or parameters
+obtained from an untrusted source could be vulnerable to a Denial of
+Service attack.
+
+The function DH_check() is itself called by a number of other OpenSSL
+functions. An application calling any of those other functions may
+similarly be affected. The other functions affected by this are
+DH_check_ex() and EVP_PKEY_param_check().
+
+CVE-2023-3446
+
+Reviewed-by: Paul Dale
+Reviewed-by: Tom Cosgrove
+Reviewed-by: Bernd Edlinger
+Reviewed-by: Tomas Mraz
+(Merged from https://github.com/openssl/openssl/pull/21451)
+
+(cherry picked from commit 9e0094e2aa1b3428a12d5095132f133c078d3c3d)
+(cherry picked from commit 1fa20cf2f506113c761777127a38bce5068740eb)
+---
+ crypto/dh/dh_check.c | 6 ++++++
+ include/openssl/dh.h | 6 +++++-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git x/crypto/dh/dh_check.c y/crypto/dh/dh_check.c
+index 0b391910d6..84a926998e 100644
+--- x/crypto/dh/dh_check.c
++++ y/crypto/dh/dh_check.c
+@@ -152,6 +152,12 @@ int DH_check(const DH *dh, int *ret)
+ if (nid != NID_undef)
+ return 1;
+
++ /* Don't do any checks at all with an excessively large modulus */
++ if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
++ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
++ return 0;
++ }
++
+ if (!DH_check_params(dh, ret))
+ return 0;
+
+diff --git x/include/openssl/dh.h y/include/openssl/dh.h
+index b97871eca7..36420f51d8 100644
+--- x/include/openssl/dh.h
++++ y/include/openssl/dh.h
+@@ -89,7 +89,11 @@ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
+ # include
+
+ # ifndef OPENSSL_DH_MAX_MODULUS_BITS
+-# define OPENSSL_DH_MAX_MODULUS_BITS 10000
++# define OPENSSL_DH_MAX_MODULUS_BITS 10000
++# endif
++
++# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
++# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
+ # endif
+
+ # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
diff --git a/libs/patches/qt-base-0002-Revert-Android-Fix-QSettings-when-using-content-URL.patch b/libs/patches/qt-base-0002-Revert-Android-Fix-QSettings-when-using-content-URL.patch
deleted file mode 100644
index 86f8eb005..000000000
--- a/libs/patches/qt-base-0002-Revert-Android-Fix-QSettings-when-using-content-URL.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From c6818d0c25f067bc13198b9aa2ca82776a40ad3b Mon Sep 17 00:00:00 2001
-From: Lars Schmertmann
-Date: Wed, 14 Dec 2022 11:52:12 +0100
-Subject: Revert "Android: Fix QSettings when using content URL"
-
-This reverts commit 140ca89a3c2b8d78889d27217f977cd4de10041b.
----
- src/corelib/io/qsettings.cpp | 21 +++------------------
- 1 file changed, 3 insertions(+), 18 deletions(-)
-
-diff --git x/qtbase/src/corelib/io/qsettings.cpp y/qtbase/src/corelib/io/qsettings.cpp
-index 60622e3aaa..a999aa6996 100644
---- x/qtbase/src/corelib/io/qsettings.cpp
-+++ y/qtbase/src/corelib/io/qsettings.cpp
-@@ -48,9 +48,8 @@
- #define Q_XDG_PLATFORM
- #endif
-
--#if !defined(QT_NO_STANDARDPATHS) \
-- && (defined(Q_XDG_PLATFORM) || defined(QT_PLATFORM_UIKIT) || defined(Q_OS_ANDROID))
--# define QSETTINGS_USE_QSTANDARDPATHS
-+#if !defined(QT_NO_STANDARDPATHS) && (defined(Q_XDG_PLATFORM) || defined(QT_PLATFORM_UIKIT))
-+#define QSETTINGS_USE_QSTANDARDPATHS
- #endif
-
- // ************************************************************************
-@@ -1332,15 +1331,6 @@ void QConfFileSettingsPrivate::syncConfFile(QConfFile *confFile)
- }
-
- #ifndef QT_BOOTSTRAPPED
-- QString lockFileName = confFile->name + ".lock"_L1;
--
--# if defined(Q_OS_ANDROID) && defined(QSETTINGS_USE_QSTANDARDPATHS)
-- // On android and if it is a content URL put the lock file in a
-- // writable location to prevent permissions issues and invalid paths.
-- if (confFile->name.startsWith("content:"_L1))
-- lockFileName = QStandardPaths::writableLocation(QStandardPaths::CacheLocation)
-- + QFileInfo(lockFileName).fileName();
--# endif
- /*
- Use a lockfile in order to protect us against other QSettings instances
- trying to write the same settings at the same time.
-@@ -1348,7 +1338,7 @@ void QConfFileSettingsPrivate::syncConfFile(QConfFile *confFile)
- We only need to lock if we are actually writing as only concurrent writes are a problem.
- Concurrent read and write are not a problem because the writing operation is atomic.
- */
-- QLockFile lockFile(lockFileName);
-+ QLockFile lockFile(confFile->name + ".lock"_L1);
- if (!readOnly && !lockFile.lock() && atomicSyncOnly) {
- setStatus(QSettings::AccessError);
- return;
-@@ -1426,11 +1416,6 @@ void QConfFileSettingsPrivate::syncConfFile(QConfFile *confFile)
- #if !defined(QT_BOOTSTRAPPED) && QT_CONFIG(temporaryfile)
- QSaveFile sf(confFile->name);
- sf.setDirectWriteFallback(!atomicSyncOnly);
--# ifdef Q_OS_ANDROID
-- // QSaveFile requires direct write when using content scheme URL in Android
-- if (confFile->name.startsWith("content:"_L1))
-- sf.setDirectWriteFallback(true);
--# endif
- #else
- QFile sf(confFile->name);
- #endif
---
-2.39.0
-
diff --git a/libs/patches/qt-base-0001-Revert-Fix-usage-of-logging-category-on-Android.patch b/libs/patches/qtbase-0001-Revert-Fix-usage-of-logging-category-on-Android.patch
similarity index 95%
rename from libs/patches/qt-base-0001-Revert-Fix-usage-of-logging-category-on-Android.patch
rename to libs/patches/qtbase-0001-Revert-Fix-usage-of-logging-category-on-Android.patch
index 23f53c9c0..8a73295e4 100644
--- a/libs/patches/qt-base-0001-Revert-Fix-usage-of-logging-category-on-Android.patch
+++ b/libs/patches/qtbase-0001-Revert-Fix-usage-of-logging-category-on-Android.patch
@@ -1,4 +1,4 @@
-From ca3a694221c62131a384cbabd7dc34f91add9eae Mon Sep 17 00:00:00 2001
+From 68bc2e3fae6480d6315f524c2ee9acf3a33a435a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Klitzing?=
Date: Mon, 25 Jul 2022 17:08:54 +0200
Subject: Revert "Fix usage of logging category on Android"
@@ -38,6 +38,3 @@ index 9ac70b3340..737a91dc6e 100644
return true; // Prevent further output to stderr
}
---
-2.38.1
-
diff --git a/libs/patches/qtbase-0002-Android-Restore-the-default-QSettings-path-to-the-.c.patch b/libs/patches/qtbase-0002-Android-Restore-the-default-QSettings-path-to-the-.c.patch
new file mode 100644
index 000000000..13641dcee
--- /dev/null
+++ b/libs/patches/qtbase-0002-Android-Restore-the-default-QSettings-path-to-the-.c.patch
@@ -0,0 +1,89 @@
+From bdd9f0e3a243977858df6691b734b7f596a9729b Mon Sep 17 00:00:00 2001
+From: Bartlomiej Moskal
+Date: Tue, 30 May 2023 14:17:19 +0200
+Subject: Android: Restore the default QSettings path to the .config directory
+
+After 140ca89a3c2b8d78889d27217f977cd4de10041b commit, the path of the
+QSettings default file location changed. That caused the problem with
+updating the app (old settings file is not used anymore). That is why we
+should still use old (.config) directory for QSettings file if the file
+exists.
+
+Pick-to: 6.2 6.5 6.6
+Fixes: QTBUG-109405
+Fixes: QTBUG-109369
+Change-Id: I8ce53e0a80e4c2d16802b27b000ab3fbed198628
+Reviewed-by: Assam Boudjelthia
+(cherry picked from commit beaaa0bf02fee696b03f2839bea8e0e6bc685a62)
+---
+ src/corelib/io/qsettings.cpp | 40 +++++++++++++++++++++++++-----------
+ 1 file changed, 28 insertions(+), 12 deletions(-)
+
+diff --git x/qtbase/src/corelib/io/qsettings.cpp y/qtbase/src/corelib/io/qsettings.cpp
+index 60622e3aaa..9fb2e0b522 100644
+--- x/qtbase/src/corelib/io/qsettings.cpp
++++ y/qtbase/src/corelib/io/qsettings.cpp
+@@ -954,26 +954,43 @@ static inline int pathHashKey(QSettings::Format format, QSettings::Scope scope)
+ }
+
+ #ifndef Q_OS_WIN
+-static QString make_user_path()
++static constexpr QChar sep = u'/';
++
++#if !defined(QSETTINGS_USE_QSTANDARDPATHS) || defined(Q_OS_ANDROID)
++static QString make_user_path_without_qstandard_paths()
+ {
+- static constexpr QChar sep = u'/';
+-#ifndef QSETTINGS_USE_QSTANDARDPATHS
+- // Non XDG platforms (OS X, iOS, Android...) have used this code path erroneously
+- // for some time now. Moving away from that would require migrating existing settings.
+ QByteArray env = qgetenv("XDG_CONFIG_HOME");
+ if (env.isEmpty()) {
+ return QDir::homePath() + "/.config/"_L1;
+ } else if (env.startsWith('/')) {
+ return QFile::decodeName(env) + sep;
+- } else {
+- return QDir::homePath() + sep + QFile::decodeName(env) + sep;
+ }
++
++ return QDir::homePath() + sep + QFile::decodeName(env) + sep;
++}
++#endif // !QSETTINGS_USE_QSTANDARDPATHS || Q_OS_ANDROID
++
++static QString make_user_path()
++{
++#ifndef QSETTINGS_USE_QSTANDARDPATHS
++ // Non XDG platforms (OS X, iOS, Android...) have used this code path erroneously
++ // for some time now. Moving away from that would require migrating existing settings.
++ // The migration has already been done for Android.
++ return make_user_path_without_qstandard_paths();
+ #else
+- // When using a proper XDG platform, use QStandardPaths rather than the above hand-written code;
+- // it makes the use of test mode from unit tests possible.
++
++#ifdef Q_OS_ANDROID
++ // If an old settings path exists, use it instead of creating a new one
++ QString ret = make_user_path_without_qstandard_paths();
++ if (QFile(ret).exists())
++ return ret;
++#endif // Q_OS_ANDROID
++
++ // When using a proper XDG platform or Android platform, use QStandardPaths rather than the
++ // above hand-written code. It makes the use of test mode from unit tests possible.
+ // Ideally all platforms should use this, but see above for the migration issue.
+ return QStandardPaths::writableLocation(QStandardPaths::GenericConfigLocation) + sep;
+-#endif
++#endif // !QSETTINGS_USE_QSTANDARDPATHS
+ }
+ #endif // !Q_OS_WIN
+
+@@ -1338,8 +1355,7 @@ void QConfFileSettingsPrivate::syncConfFile(QConfFile *confFile)
+ // On android and if it is a content URL put the lock file in a
+ // writable location to prevent permissions issues and invalid paths.
+ if (confFile->name.startsWith("content:"_L1))
+- lockFileName = QStandardPaths::writableLocation(QStandardPaths::CacheLocation)
+- + QFileInfo(lockFileName).fileName();
++ lockFileName = make_user_path() + QFileInfo(lockFileName).fileName();
+ # endif
+ /*
+ Use a lockfile in order to protect us against other QSettings instances
diff --git a/libs/patches/qt-base-0003-Android-A11Y-Only-access-the-main-thread-when-it-is-.patch b/libs/patches/qtbase-0003-Android-A11Y-Only-access-the-main-thread-when-it-is-.patch
similarity index 97%
rename from libs/patches/qt-base-0003-Android-A11Y-Only-access-the-main-thread-when-it-is-.patch
rename to libs/patches/qtbase-0003-Android-A11Y-Only-access-the-main-thread-when-it-is-.patch
index ea17cb1c6..df111949d 100644
--- a/libs/patches/qt-base-0003-Android-A11Y-Only-access-the-main-thread-when-it-is-.patch
+++ b/libs/patches/qtbase-0003-Android-A11Y-Only-access-the-main-thread-when-it-is-.patch
@@ -1,4 +1,4 @@
-From 97d4394f85f120724a9cbe518ba2233b87e48c68 Mon Sep 17 00:00:00 2001
+From a7490023e8f11906b30013c93ff991d941efc622 Mon Sep 17 00:00:00 2001
From: Julian Greilich
Date: Wed, 4 Jan 2023 16:32:28 +0100
Subject: Android A11Y: Only access the main thread when it is not blocked
@@ -61,6 +61,3 @@ index 3067cb178a..8990289dc4 100644
if (!QtAndroid::blockEventLoopsWhenSuspended()
|| QGuiApplication::applicationState() != Qt::ApplicationSuspended) {
QMetaObject::invokeMethod(context, func, Qt::BlockingQueuedConnection, retVal);
---
-2.39.0
-
diff --git a/libs/patches/qt-base-0004-Fix-warning-in-q20algorithm.h-when-xcodebuild-is-use.patch b/libs/patches/qtbase-0004-Fix-warning-in-q20algorithm.h-when-xcodebuild-is-use.patch
similarity index 97%
rename from libs/patches/qt-base-0004-Fix-warning-in-q20algorithm.h-when-xcodebuild-is-use.patch
rename to libs/patches/qtbase-0004-Fix-warning-in-q20algorithm.h-when-xcodebuild-is-use.patch
index 29a703777..e9761b1d9 100644
--- a/libs/patches/qt-base-0004-Fix-warning-in-q20algorithm.h-when-xcodebuild-is-use.patch
+++ b/libs/patches/qtbase-0004-Fix-warning-in-q20algorithm.h-when-xcodebuild-is-use.patch
@@ -1,4 +1,4 @@
-From bc1b984a5b1a53c0c9eccc44763aaf0c94294fb7 Mon Sep 17 00:00:00 2001
+From 03485e0ca36c615b87b82c6711fbacf0493d02bc Mon Sep 17 00:00:00 2001
From: Lars Schmertmann
Date: Mon, 9 Jan 2023 06:54:53 +0100
Subject: Fix warning in q20algorithm.h when xcodebuild is used
@@ -44,6 +44,3 @@ index 69dc2d2446..88e8ab08d2 100644
{
while (first != last) {
if (std::invoke(pred, std::invoke(proj, *first)))
---
-2.39.0
-
diff --git a/libs/patches/qt-base-0005-macOS-Use-NSStatusItem.menu-to-manage-system-tray-me.patch b/libs/patches/qtbase-0005-macOS-Use-NSStatusItem.menu-to-manage-system-tray-me.patch
similarity index 97%
rename from libs/patches/qt-base-0005-macOS-Use-NSStatusItem.menu-to-manage-system-tray-me.patch
rename to libs/patches/qtbase-0005-macOS-Use-NSStatusItem.menu-to-manage-system-tray-me.patch
index 737430dba..85819c91f 100644
--- a/libs/patches/qt-base-0005-macOS-Use-NSStatusItem.menu-to-manage-system-tray-me.patch
+++ b/libs/patches/qtbase-0005-macOS-Use-NSStatusItem.menu-to-manage-system-tray-me.patch
@@ -1,4 +1,4 @@
-From d5555d3c62cbc8c061de0ae9e1f0c20374b4004e Mon Sep 17 00:00:00 2001
+From e2402debef95b7ccc2050f331ee9f5076332ae91 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tor=20Arne=20Vestb=C3=B8?=
Date: Mon, 12 Dec 2022 14:33:41 +0100
Subject: macOS: Use NSStatusItem.menu to manage system tray menu
@@ -26,7 +26,7 @@ Reviewed-by: Volker Hilsheimer
2 files changed, 24 insertions(+), 15 deletions(-)
diff --git x/qtbase/src/plugins/platforms/cocoa/qcocoasystemtrayicon.h y/qtbase/src/plugins/platforms/cocoa/qcocoasystemtrayicon.h
-index 414560e1192..75c33cc5a3f 100644
+index 414560e119..75c33cc5a3 100644
--- x/qtbase/src/plugins/platforms/cocoa/qcocoasystemtrayicon.h
+++ y/qtbase/src/plugins/platforms/cocoa/qcocoasystemtrayicon.h
@@ -45,12 +45,11 @@ public:
@@ -44,7 +44,7 @@ index 414560e1192..75c33cc5a3f 100644
QT_END_NAMESPACE
diff --git x/qtbase/src/plugins/platforms/cocoa/qcocoasystemtrayicon.mm y/qtbase/src/plugins/platforms/cocoa/qcocoasystemtrayicon.mm
-index c004cd69b57..2f7f73b4813 100644
+index c004cd69b5..2f7f73b481 100644
--- x/qtbase/src/plugins/platforms/cocoa/qcocoasystemtrayicon.mm
+++ y/qtbase/src/plugins/platforms/cocoa/qcocoasystemtrayicon.mm
@@ -64,6 +64,8 @@ void QCocoaSystemTrayIcon::init()
@@ -125,6 +125,3 @@ index c004cd69b57..2f7f73b4813 100644
}
- (BOOL)userNotificationCenter:(NSUserNotificationCenter *)center shouldPresentNotification:(NSUserNotification *)notification
---
-2.39.2
-
diff --git a/libs/patches/qt-base-0006-iOS-Don-t-assume-screens-will-not-be-connected-befor.patch b/libs/patches/qtbase-0006-iOS-Don-t-assume-screens-will-not-be-connected-befor.patch
similarity index 93%
rename from libs/patches/qt-base-0006-iOS-Don-t-assume-screens-will-not-be-connected-befor.patch
rename to libs/patches/qtbase-0006-iOS-Don-t-assume-screens-will-not-be-connected-befor.patch
index b5c1ff9c8..63c2ce919 100644
--- a/libs/patches/qt-base-0006-iOS-Don-t-assume-screens-will-not-be-connected-befor.patch
+++ b/libs/patches/qtbase-0006-iOS-Don-t-assume-screens-will-not-be-connected-befor.patch
@@ -1,4 +1,4 @@
-From e28710e3f175663b030c00d75ee899a9a7b0cdd2 Mon Sep 17 00:00:00 2001
+From d967022bcd7061771f10e4d36d38ab8ffe5aef98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tor=20Arne=20Vestb=C3=B8?=
Date: Thu, 15 Dec 2022 16:40:34 +0100
Subject: iOS: Don't assume screens will not be connected before
@@ -25,7 +25,7 @@ Reviewed-by: Volker Hilsheimer
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git x/qtbase/src/plugins/platforms/ios/qiosscreen.mm y/qtbase/src/plugins/platforms/ios/qiosscreen.mm
-index f144c00fb0a..3d660189af4 100644
+index f144c00fb0..3d660189af 100644
--- x/qtbase/src/plugins/platforms/ios/qiosscreen.mm
+++ y/qtbase/src/plugins/platforms/ios/qiosscreen.mm
@@ -72,8 +72,8 @@ static QIOSScreen* qtPlatformScreenFor(UIScreen *uiScreen)
@@ -39,6 +39,3 @@ index f144c00fb0a..3d660189af4 100644
QWindowSystemInterface::handleScreenAdded(new QIOSScreen([notification object]));
}
---
-2.39.2
-
diff --git a/libs/patches/qt-base-0007-Ignore-removed-changed-screens-if-no-QIOSIntegration.patch b/libs/patches/qtbase-0007-Ignore-removed-changed-screens-if-no-QIOSIntegration.patch
similarity index 95%
rename from libs/patches/qt-base-0007-Ignore-removed-changed-screens-if-no-QIOSIntegration.patch
rename to libs/patches/qtbase-0007-Ignore-removed-changed-screens-if-no-QIOSIntegration.patch
index 548920794..ff423344e 100644
--- a/libs/patches/qt-base-0007-Ignore-removed-changed-screens-if-no-QIOSIntegration.patch
+++ b/libs/patches/qtbase-0007-Ignore-removed-changed-screens-if-no-QIOSIntegration.patch
@@ -1,4 +1,4 @@
-From ae857fcf8415daafa6b77999dc8a44cd0e5ede7b Mon Sep 17 00:00:00 2001
+From 6d6832fc530c9296d92dd924f6f6bca0effa6412 Mon Sep 17 00:00:00 2001
From: Jan Moeller
Date: Thu, 6 Apr 2023 09:27:16 +0200
Subject: Ignore removed/changed screens if no QIOSIntegration instance exists
@@ -29,7 +29,7 @@ Reviewed-by: Lars Schmertmann
1 file changed, 6 insertions(+)
diff --git x/qtbase/src/plugins/platforms/ios/qiosscreen.mm y/qtbase/src/plugins/platforms/ios/qiosscreen.mm
-index 3d660189af4..e0216ce6526 100644
+index 3d660189af..e0216ce652 100644
--- x/qtbase/src/plugins/platforms/ios/qiosscreen.mm
+++ y/qtbase/src/plugins/platforms/ios/qiosscreen.mm
@@ -80,6 +80,9 @@ static QIOSScreen* qtPlatformScreenFor(UIScreen *uiScreen)
@@ -52,6 +52,3 @@ index 3d660189af4..e0216ce6526 100644
QIOSScreen *screen = qtPlatformScreenFor([notification object]);
Q_ASSERT_X(screen, Q_FUNC_INFO, "Screen changed that we didn't know about");
---
-2.39.2
-
diff --git a/libs/patches/qtbase-0008-Fix-specific-overflow-in-qtextlayout.patch b/libs/patches/qtbase-0008-Fix-specific-overflow-in-qtextlayout.patch
new file mode 100644
index 000000000..ba82d2414
--- /dev/null
+++ b/libs/patches/qtbase-0008-Fix-specific-overflow-in-qtextlayout.patch
@@ -0,0 +1,75 @@
+From 25b9264bd6e5a547db3692032dd5c49cb2db0bfd Mon Sep 17 00:00:00 2001
+From: Allan Sandfeld Jensen
+Date: Fri, 5 May 2023 09:51:32 +0200
+Subject: Fix specific overflow in qtextlayout
+
+Adds qAddOverflow and qMulOverflow definitions to QFixed
+
+Fixes: QTBUG-113337
+Pick-to: 6.5 6.5.1 6.2 5.15
+Change-Id: I13579306defceaccdc0fbb1ec0e9b77c6f8d1af9
+Reviewed-by: Eirik Aavitsland
+Reviewed-by: Thiago Macieira
+(cherry picked from commit 7b7a01c266b507636eab51a36328c7c72d82d93c)
+---
+ src/gui/painting/qfixed_p.h | 17 +++++++++++++++++
+ src/gui/text/qtextlayout.cpp | 9 ++++++---
+ 2 files changed, 23 insertions(+), 3 deletions(-)
+
+diff --git x/qtbase/src/gui/painting/qfixed_p.h y/qtbase/src/gui/painting/qfixed_p.h
+index f3718a097e..c0a13d057f 100644
+--- x/qtbase/src/gui/painting/qfixed_p.h
++++ y/qtbase/src/gui/painting/qfixed_p.h
+@@ -18,6 +18,7 @@
+ #include
+ #include "QtCore/qdebug.h"
+ #include "QtCore/qpoint.h"
++#include "QtCore/qnumeric.h"
+ #include "QtCore/qsize.h"
+
+ QT_BEGIN_NAMESPACE
+@@ -136,6 +137,22 @@ constexpr inline QFixed operator+(uint i, QFixed d) { return d+i; }
+ constexpr inline QFixed operator-(uint i, QFixed d) { return -(d-i); }
+ // constexpr inline QFixed operator*(qreal d, QFixed d2) { return d2*d; }
+
++inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r)
++{
++ int val;
++ bool result = qAddOverflow(v1.value(), v2.value(), &val);
++ r->setValue(val);
++ return result;
++}
++
++inline bool qMulOverflow(QFixed v1, QFixed v2, QFixed *r)
++{
++ int val;
++ bool result = qMulOverflow(v1.value(), v2.value(), &val);
++ r->setValue(val);
++ return result;
++}
++
+ #ifndef QT_NO_DEBUG_STREAM
+ inline QDebug &operator<<(QDebug &dbg, QFixed f)
+ { return dbg << f.toReal(); }
+diff --git x/qtbase/src/gui/text/qtextlayout.cpp y/qtbase/src/gui/text/qtextlayout.cpp
+index 365131f508..6a36b2458a 100644
+--- x/qtbase/src/gui/text/qtextlayout.cpp
++++ y/qtbase/src/gui/text/qtextlayout.cpp
+@@ -2105,11 +2105,14 @@ found:
+ eng->maxWidth = qMax(eng->maxWidth, line.textWidth);
+ } else {
+ eng->minWidth = qMax(eng->minWidth, lbh.minw);
+- eng->maxWidth += line.textWidth;
++ if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth))
++ eng->maxWidth = QFIXED_MAX;
+ }
+
+- if (line.textWidth > 0 && item < eng->layoutData->items.size())
+- eng->maxWidth += lbh.spaceData.textWidth;
++ if (line.textWidth > 0 && item < eng->layoutData->items.size()) {
++ if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, &eng->maxWidth))
++ eng->maxWidth = QFIXED_MAX;
++ }
+
+ line.textWidth += trailingSpace;
+ if (lbh.spaceData.length) {
diff --git a/libs/patches/qtbase-0009-Schannel-Reject-certificate-not-signed-by-a-configur.patch b/libs/patches/qtbase-0009-Schannel-Reject-certificate-not-signed-by-a-configur.patch
new file mode 100644
index 000000000..9f1a1ec5b
--- /dev/null
+++ b/libs/patches/qtbase-0009-Schannel-Reject-certificate-not-signed-by-a-configur.patch
@@ -0,0 +1,289 @@
+From 550172c8a2f5e7195e2255bc50cffb2a64b8701c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?M=C3=A5rten=20Nordheim?=
+Date: Wed, 10 May 2023 16:43:41 +0200
+Subject: Schannel: Reject certificate not signed by a configured CA
+ certificate
+
+Not entirely clear why, but when building the certificate chain for a
+peer the system certificate store is searched for root certificates.
+General expectation is that after calling
+`sslConfiguration.setCaCertificates()` the system certificates will
+not be taken into consideration.
+
+To work around this behavior, we do a manual check that the root of the
+chain is part of the configured CA certificates.
+
+Pick-to: 6.5 6.2 5.15
+Change-Id: I03666a4d9b0eac39ae97e150b4743120611a11b3
+Reviewed-by: Edward Welbourne
+Reviewed-by: Volker Hilsheimer
+(cherry picked from commit ada2c573c1a25f8d96577734968fe317ddfa292a)
+---
+ src/plugins/tls/schannel/qtls_schannel.cpp | 21 ++++
+ .../network/ssl/client-auth/CMakeLists.txt | 24 ++++
+ .../network/ssl/client-auth/certs/.gitignore | 4 +
+ .../client-auth/certs/accepted-client.conf | 14 +++
+ .../network/ssl/client-auth/certs/generate.sh | 33 +++++
+ .../tst_manual_ssl_client_auth.cpp | 118 ++++++++++++++++++
+ 6 files changed, 214 insertions(+)
+ create mode 100644 tests/manual/network/ssl/client-auth/CMakeLists.txt
+ create mode 100644 tests/manual/network/ssl/client-auth/certs/.gitignore
+ create mode 100644 tests/manual/network/ssl/client-auth/certs/accepted-client.conf
+ create mode 100755 tests/manual/network/ssl/client-auth/certs/generate.sh
+ create mode 100644 tests/manual/network/ssl/client-auth/tst_manual_ssl_client_auth.cpp
+
+diff --git x/qtbase/src/plugins/tls/schannel/qtls_schannel.cpp y/qtbase/src/plugins/tls/schannel/qtls_schannel.cpp
+index 58e74357d8..c15eab8796 100644
+--- x/qtbase/src/plugins/tls/schannel/qtls_schannel.cpp
++++ y/qtbase/src/plugins/tls/schannel/qtls_schannel.cpp
+@@ -2106,6 +2106,27 @@ bool TlsCryptographSchannel::verifyCertContext(CERT_CONTEXT *certContext)
+ verifyDepth = DWORD(q->peerVerifyDepth());
+
+ const auto &caCertificates = q->sslConfiguration().caCertificates();
++
++ if (!rootCertOnDemandLoadingAllowed()
++ && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN)
++ && (q->peerVerifyMode() == QSslSocket::VerifyPeer
++ || (isClient && q->peerVerifyMode() == QSslSocket::AutoVerifyPeer))) {
++ // When verifying a peer Windows "helpfully" builds a chain that
++ // may include roots from the system store. But we don't want that if
++ // the user has set their own CA certificates.
++ // Since Windows claims this is not a partial chain the root is included
++ // and we have to check that it is one of our configured CAs.
++ CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1];
++ QSslCertificate certificate = getCertificateFromChainElement(element);
++ if (!caCertificates.contains(certificate)) {
++ auto error = QSslError(QSslError::CertificateUntrusted, certificate);
++ sslErrors += error;
++ emit q->peerVerifyError(error);
++ if (q->state() != QAbstractSocket::ConnectedState)
++ return false;
++ }
++ }
++
+ QList peerCertificateChain;
+ for (DWORD i = 0; i < verifyDepth; i++) {
+ CERT_CHAIN_ELEMENT *element = chain->rgpElement[i];
+diff --git x/qtbase/tests/manual/network/ssl/client-auth/CMakeLists.txt y/qtbase/tests/manual/network/ssl/client-auth/CMakeLists.txt
+new file mode 100644
+index 0000000000..67ecc20bf4
+--- /dev/null
++++ y/qtbase/tests/manual/network/ssl/client-auth/CMakeLists.txt
+@@ -0,0 +1,24 @@
++# Copyright (C) 2023 The Qt Company Ltd.
++# SPDX-License-Identifier: BSD-3-Clause
++
++qt_internal_add_manual_test(tst_manual_ssl_client_auth
++ SOURCES
++ tst_manual_ssl_client_auth.cpp
++ LIBRARIES
++ Qt::Network
++)
++
++qt_internal_add_resource(tst_manual_ssl_client_auth "tst_manual_ssl_client_auth"
++ PREFIX
++ "/"
++ FILES
++ "certs/127.0.0.1.pem"
++ "certs/127.0.0.1-key.pem"
++ "certs/127.0.0.1-client.pem"
++ "certs/127.0.0.1-client-key.pem"
++ "certs/accepted-client.pem"
++ "certs/accepted-client-key.pem"
++ "certs/rootCA.pem"
++ BASE
++ "certs"
++)
+diff --git x/qtbase/tests/manual/network/ssl/client-auth/certs/.gitignore y/qtbase/tests/manual/network/ssl/client-auth/certs/.gitignore
+new file mode 100644
+index 0000000000..5866f7b609
+--- /dev/null
++++ y/qtbase/tests/manual/network/ssl/client-auth/certs/.gitignore
+@@ -0,0 +1,4 @@
++*
++!/.gitignore
++!/generate.sh
++!/accepted-client.conf
+diff --git x/qtbase/tests/manual/network/ssl/client-auth/certs/accepted-client.conf y/qtbase/tests/manual/network/ssl/client-auth/certs/accepted-client.conf
+new file mode 100644
+index 0000000000..a88b276efe
+--- /dev/null
++++ y/qtbase/tests/manual/network/ssl/client-auth/certs/accepted-client.conf
+@@ -0,0 +1,14 @@
++[req]
++default_md = sha512
++basicConstraints = CA:FALSE
++extendedKeyUsage = clientAuth
++[req]
++distinguished_name = client_distinguished_name
++prompt = no
++[client_distinguished_name]
++C = NO
++ST = Oslo
++L = Oslo
++O = The Qt Project
++OU = The Qt Project
++CN = Fake Qt Project Client Certificate
+diff --git x/qtbase/tests/manual/network/ssl/client-auth/certs/generate.sh y/qtbase/tests/manual/network/ssl/client-auth/certs/generate.sh
+new file mode 100755
+index 0000000000..5dbe3b3712
+--- /dev/null
++++ y/qtbase/tests/manual/network/ssl/client-auth/certs/generate.sh
+@@ -0,0 +1,33 @@
++#!/bin/bash
++# Copyright (C) 2023 The Qt Company Ltd.
++# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0
++
++# Requires mkcert and openssl
++
++warn () { echo "$@" >&2; }
++die () { warn "$@"; exit 1; }
++
++
++command -v mkcert 1>/dev/null 2>&1 || die "Failed to find mkcert"
++command -v openssl 1>/dev/null 2>&1 || die "Failed to find openssl"
++
++SCRIPT=$(realpath "$0")
++SCRIPTPATH=$(dirname "$SCRIPT")
++
++pushd "$SCRIPTPATH" || die "Unable to pushd to $SCRIPTPATH"
++mkcert 127.0.0.1
++mkcert -client 127.0.0.1
++warn "Remember to run mkcert -install if you haven't already"
++
++# Generate CA
++openssl genrsa -out ca-key.pem 2048
++openssl req -new -x509 -noenc -days 365 -key ca-key.pem -out rootCA.pem
++
++# Generate accepted client certificate
++openssl genrsa -out accepted-client-key.pem 2048
++openssl req -new -sha512 -nodes -key accepted-client-key.pem -out accepted-client.csr -config accepted-client.conf
++openssl x509 -req -sha512 -days 45 -in accepted-client.csr -CA rootCA.pem -CAkey ca-key.pem -CAcreateserial -out accepted-client.pem
++rm accepted-client.csr
++rm rootCA.srl
++
++popd || die "Unable to popd"
+diff --git x/qtbase/tests/manual/network/ssl/client-auth/tst_manual_ssl_client_auth.cpp y/qtbase/tests/manual/network/ssl/client-auth/tst_manual_ssl_client_auth.cpp
+new file mode 100644
+index 0000000000..2307cbb191
+--- /dev/null
++++ y/qtbase/tests/manual/network/ssl/client-auth/tst_manual_ssl_client_auth.cpp
+@@ -0,0 +1,118 @@
++// Copyright (C) 2023 The Qt Company Ltd.
++// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0
++
++#include
++
++#include
++#include
++#include
++
++#include
++#include
++#include
++#include
++
++// Client and/or server presents a certificate signed by a system-trusted CA
++// but the other side presents a certificate signed by a different CA.
++constexpr bool TestServerPresentsIncorrectCa = false;
++constexpr bool TestClientPresentsIncorrectCa = true;
++
++class ServerThread : public QThread
++{
++ Q_OBJECT
++public:
++ void run() override
++ {
++ QSslServer server;
++
++ QSslConfiguration config = server.sslConfiguration();
++ QList certs = QSslCertificate::fromPath(QStringLiteral(":/rootCA.pem"));
++ config.setCaCertificates(certs);
++ config.setLocalCertificate(QSslCertificate::fromPath(QStringLiteral(":/127.0.0.1.pem"))
++ .first());
++ QFile keyFile(QStringLiteral(":/127.0.0.1-key.pem"));
++ if (!keyFile.open(QIODevice::ReadOnly))
++ qFatal("Failed to open key file");
++ config.setPrivateKey(QSslKey(&keyFile, QSsl::Rsa));
++ config.setPeerVerifyMode(QSslSocket::VerifyPeer);
++ server.setSslConfiguration(config);
++
++ connect(&server, &QSslServer::pendingConnectionAvailable, [&server]() {
++ QSslSocket *socket = static_cast(server.nextPendingConnection());
++ qDebug() << "[s] newConnection" << socket->peerAddress() << socket->peerPort();
++ socket->disconnectFromHost();
++ qApp->quit();
++ });
++ connect(&server, &QSslServer::startedEncryptionHandshake, [](QSslSocket *socket) {
++ qDebug() << "[s] new handshake" << socket->peerAddress() << socket->peerPort();
++ });
++ connect(&server, &QSslServer::errorOccurred,
++ [](QSslSocket *socket, QAbstractSocket::SocketError error) {
++ qDebug() << "[s] errorOccurred" << socket->peerAddress() << socket->peerPort()
++ << error << socket->errorString();
++ });
++ connect(&server, &QSslServer::peerVerifyError,
++ [](QSslSocket *socket, const QSslError &error) {
++ qDebug() << "[s] peerVerifyError" << socket->peerAddress() << socket->peerPort()
++ << error;
++ });
++ server.listen(QHostAddress::LocalHost, 24242);
++
++ exec();
++
++ server.close();
++ }
++};
++
++int main(int argc, char **argv)
++{
++ QCoreApplication app(argc, argv);
++
++ using namespace Qt::StringLiterals;
++
++ if (!QFileInfo(u":/rootCA.pem"_s).exists())
++ qFatal("rootCA.pem not found. Did you run generate.sh in the certs directory?");
++
++ ServerThread serverThread;
++ serverThread.start();
++
++ QSslSocket socket;
++ QSslConfiguration config = socket.sslConfiguration();
++ QString certificatePath;
++ QString keyFileName;
++ if constexpr (TestClientPresentsIncorrectCa) { // true: Present cert signed with incorrect CA: should fail
++ certificatePath = u":/127.0.0.1-client.pem"_s;
++ keyFileName = u":/127.0.0.1-client-key.pem"_s;
++ } else { // false: Use correct CA: should succeed
++ certificatePath = u":/accepted-client.pem"_s;
++ keyFileName = u":/accepted-client-key.pem"_s;
++ }
++ config.setLocalCertificate(QSslCertificate::fromPath(certificatePath).first());
++ if (TestServerPresentsIncorrectCa) // true: Verify server using incorrect CA: should fail
++ config.setCaCertificates(QSslCertificate::fromPath(u":/rootCA.pem"_s));
++ QFile keyFile(keyFileName);
++ if (!keyFile.open(QIODevice::ReadOnly))
++ qFatal("Failed to open key file");
++ config.setPrivateKey(QSslKey(&keyFile, QSsl::Rsa));
++ socket.setSslConfiguration(config);
++
++ QObject::connect(&socket, &QSslSocket::encrypted, []() { qDebug() << "[c] encrypted"; });
++ QObject::connect(&socket, &QSslSocket::errorOccurred,
++ [&socket](QAbstractSocket::SocketError error) {
++ qDebug() << "[c] errorOccurred" << error << socket.errorString();
++ qApp->quit();
++ });
++ QObject::connect(&socket, &QSslSocket::sslErrors, [](const QList &errors) {
++ qDebug() << "[c] sslErrors" << errors;
++ });
++ QObject::connect(&socket, &QSslSocket::connected, []() { qDebug() << "[c] connected"; });
++
++ socket.connectToHostEncrypted(QStringLiteral("127.0.0.1"), 24242);
++
++ const int res = app.exec();
++ serverThread.quit();
++ serverThread.wait();
++ return res;
++}
++
++#include "tst_manual_ssl_client_auth.moc"
diff --git a/libs/patches/qtbase-0010-Ssl-Copy-the-on-demand-cert-loading-bool-from-defaul.patch b/libs/patches/qtbase-0010-Ssl-Copy-the-on-demand-cert-loading-bool-from-defaul.patch
new file mode 100644
index 000000000..84724d31b
--- /dev/null
+++ b/libs/patches/qtbase-0010-Ssl-Copy-the-on-demand-cert-loading-bool-from-defaul.patch
@@ -0,0 +1,110 @@
+From d13e70c1d56a94d64eb68d2f3cba670e58a1a73f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?M=C3=A5rten=20Nordheim?=
+Date: Thu, 25 May 2023 14:40:29 +0200
+Subject: Ssl: Copy the on-demand cert loading bool from default config
+
+Otherwise individual sockets will still load system certificates when
+a chain doesn't match against the configured CA certificates.
+That's not intended behavior, since specifically setting the CA
+certificates means you don't want the system certificates to be used.
+
+Follow-up to/amends ada2c573c1a25f8d96577734968fe317ddfa292a
+
+This is potentially a breaking change because now, if you ever add a
+CA to the default config, it will disable loading system certificates
+on demand for all sockets. And the only way to re-enable it is to
+create a null-QSslConfiguration and set it as the new default.
+
+Pick-to: 6.5 6.2 5.15
+Change-Id: Ic3b2ab125c0cdd58ad654af1cb36173960ce2d1e
+Reviewed-by: Timur Pocheptsov
+(cherry picked from commit 57ba6260c0801055b7188fdaa1818b940590f5f1)
+---
+ src/network/ssl/qsslsocket.cpp | 5 ++++
+ .../tst_manual_ssl_client_auth.cpp | 24 ++++++++++++++++---
+ 2 files changed, 26 insertions(+), 3 deletions(-)
+
+diff --git x/qtbase/src/network/ssl/qsslsocket.cpp y/qtbase/src/network/ssl/qsslsocket.cpp
+index cd76517c25..a94f2b79c3 100644
+--- x/qtbase/src/network/ssl/qsslsocket.cpp
++++ y/qtbase/src/network/ssl/qsslsocket.cpp
+@@ -1973,6 +1973,10 @@ QSslSocketPrivate::QSslSocketPrivate()
+ , flushTriggered(false)
+ {
+ QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
++ // If the global configuration doesn't allow root certificates to be loaded
++ // on demand then we have to disable it for this socket as well.
++ if (!configuration.allowRootCertOnDemandLoading)
++ allowRootCertOnDemandLoading = false;
+
+ const auto *tlsBackend = tlsBackendInUse();
+ if (!tlsBackend) {
+@@ -2281,6 +2285,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
+ ptr->sessionProtocol = global->sessionProtocol;
+ ptr->ciphers = global->ciphers;
+ ptr->caCertificates = global->caCertificates;
++ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
+ ptr->protocol = global->protocol;
+ ptr->peerVerifyMode = global->peerVerifyMode;
+ ptr->peerVerifyDepth = global->peerVerifyDepth;
+diff --git x/qtbase/tests/manual/network/ssl/client-auth/tst_manual_ssl_client_auth.cpp y/qtbase/tests/manual/network/ssl/client-auth/tst_manual_ssl_client_auth.cpp
+index 2307cbb191..4d4aaca7e3 100644
+--- x/qtbase/tests/manual/network/ssl/client-auth/tst_manual_ssl_client_auth.cpp
++++ y/qtbase/tests/manual/network/ssl/client-auth/tst_manual_ssl_client_auth.cpp
+@@ -16,6 +16,9 @@
+ // but the other side presents a certificate signed by a different CA.
+ constexpr bool TestServerPresentsIncorrectCa = false;
+ constexpr bool TestClientPresentsIncorrectCa = true;
++// Decides whether or not to put the root CA into the global ssl configuration
++// or into the socket's specific ssl configuration.
++constexpr bool UseGlobalConfiguration = true;
+
+ class ServerThread : public QThread
+ {
+@@ -26,8 +29,10 @@ public:
+ QSslServer server;
+
+ QSslConfiguration config = server.sslConfiguration();
+- QList certs = QSslCertificate::fromPath(QStringLiteral(":/rootCA.pem"));
+- config.setCaCertificates(certs);
++ if (!UseGlobalConfiguration) {
++ QList certs = QSslCertificate::fromPath(QStringLiteral(":/rootCA.pem"));
++ config.setCaCertificates(certs);
++ }
+ config.setLocalCertificate(QSslCertificate::fromPath(QStringLiteral(":/127.0.0.1.pem"))
+ .first());
+ QFile keyFile(QStringLiteral(":/127.0.0.1-key.pem"));
+@@ -73,6 +78,12 @@ int main(int argc, char **argv)
+ if (!QFileInfo(u":/rootCA.pem"_s).exists())
+ qFatal("rootCA.pem not found. Did you run generate.sh in the certs directory?");
+
++ if (UseGlobalConfiguration) {
++ QSslConfiguration config = QSslConfiguration::defaultConfiguration();
++ config.setCaCertificates(QSslCertificate::fromPath(u":/rootCA.pem"_s));
++ QSslConfiguration::setDefaultConfiguration(config);
++ }
++
+ ServerThread serverThread;
+ serverThread.start();
+
+@@ -88,12 +99,19 @@ int main(int argc, char **argv)
+ keyFileName = u":/accepted-client-key.pem"_s;
+ }
+ config.setLocalCertificate(QSslCertificate::fromPath(certificatePath).first());
+- if (TestServerPresentsIncorrectCa) // true: Verify server using incorrect CA: should fail
++ if (!UseGlobalConfiguration && TestServerPresentsIncorrectCa) {
++ // Verify server using incorrect CA: should fail
+ config.setCaCertificates(QSslCertificate::fromPath(u":/rootCA.pem"_s));
++ } else if (UseGlobalConfiguration && !TestServerPresentsIncorrectCa) {
++ // Verify server using correct CA, we need to explicitly set the
++ // system CAs when the global config is overridden.
++ config.setCaCertificates(QSslConfiguration::systemCaCertificates());
++ }
+ QFile keyFile(keyFileName);
+ if (!keyFile.open(QIODevice::ReadOnly))
+ qFatal("Failed to open key file");
+ config.setPrivateKey(QSslKey(&keyFile, QSsl::Rsa));
++
+ socket.setSslConfiguration(config);
+
+ QObject::connect(&socket, &QSslSocket::encrypted, []() { qDebug() << "[c] encrypted"; });
diff --git a/libs/patches/qtbase-0011-Improve-Intent-source-app-detection.patch b/libs/patches/qtbase-0011-Improve-Intent-source-app-detection.patch
new file mode 100644
index 000000000..4dcdca6fe
--- /dev/null
+++ b/libs/patches/qtbase-0011-Improve-Intent-source-app-detection.patch
@@ -0,0 +1,51 @@
+From bdc4845cd844e674f17161435a11e60dde2769cc Mon Sep 17 00:00:00 2001
+From: Jens Trillmann
+Date: Wed, 5 Jul 2023 09:33:03 +0200
+Subject: Improve Intent source app detection
+
+Activity.getReferrer does not only return app IDs but also URLs if
+Intent.EXTRA_REFERRER is set on the Intent. In the case of Chrome the referrer
+is set to the website triggering the Intent. To improve the detection of the
+calling app we check first if the browser specific
+Browser.EXTRAS_APPLICATION_ID is set. If it is not set we fall back to
+Intent.getReferrer.
+
+Pick-to: 6.6
+Change-Id: I33d1edd52de98486d9616713e531ea20ada87bcb
+---
+ .../qtproject/qt/android/bindings/QtActivity.java | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git x/qtbase/src/android/java/src/org/qtproject/qt/android/bindings/QtActivity.java y/qtbase/src/android/java/src/org/qtproject/qt/android/bindings/QtActivity.java
+index 9cef8146fd..f862f6aaee 100644
+--- x/qtbase/src/android/java/src/org/qtproject/qt/android/bindings/QtActivity.java
++++ y/qtbase/src/android/java/src/org/qtproject/qt/android/bindings/QtActivity.java
+@@ -16,6 +16,7 @@ import android.graphics.Canvas;
+ import android.net.Uri;
+ import android.os.Build;
+ import android.os.Bundle;
++import android.provider.Browser;
+ import android.util.AttributeSet;
+ import android.view.ActionMode;
+ import android.view.ActionMode.Callback;
+@@ -237,9 +238,17 @@ public class QtActivity extends Activity
+ return;
+
+ String sourceInformation = "";
+- Uri referrer = getReferrer();
+- if (referrer != null)
+- sourceInformation = referrer.toString().replaceFirst("android-app://", "");
++ String browserApplicationId = intent.getExtras() == null ? "" : intent.getExtras().getString(Browser.EXTRA_APPLICATION_ID);
++ if (!browserApplicationId.isEmpty())
++ {
++ sourceInformation = browserApplicationId;
++ }
++ else
++ {
++ Uri referrer = getReferrer();
++ if (referrer != null)
++ sourceInformation = referrer.toString().replaceFirst("android-app://", "");
++ }
+
+ intent.putExtra(EXTRA_SOURCE_INFO, sourceInformation);
+ }
diff --git a/libs/patches/qtbase-0012-QXmlStreamReader-change-fastScanName-to-take-a-Value.patch b/libs/patches/qtbase-0012-QXmlStreamReader-change-fastScanName-to-take-a-Value.patch
new file mode 100644
index 000000000..5602a0238
--- /dev/null
+++ b/libs/patches/qtbase-0012-QXmlStreamReader-change-fastScanName-to-take-a-Value.patch
@@ -0,0 +1,105 @@
+From f9a1c8668e5f4787e9b0b3136076138f4fda5563 Mon Sep 17 00:00:00 2001
+From: Ahmad Samir
+Date: Wed, 12 Apr 2023 13:10:26 +0200
+Subject: QXmlStreamReader: change fastScanName() to take a Value*
+
+For easier debugging, e.g. to print out value.len and value.prefix.
+
+Pick-to: 6.6 6.5 6.5.2 6.2 5.15
+Change-Id: Ib0eed38772f899502962f578775d34ea2744fdde
+Reviewed-by: Marc Mutz
+(cherry picked from commit 1a423ce4372d18a779f3c0d746d5283d9a425839)
+---
+ src/corelib/serialization/qxmlstream.cpp | 16 ++++++++--------
+ src/corelib/serialization/qxmlstream.g | 3 ++-
+ src/corelib/serialization/qxmlstream_p.h | 2 +-
+ src/corelib/serialization/qxmlstreamparser_p.h | 3 ++-
+ 4 files changed, 13 insertions(+), 11 deletions(-)
+
+diff --git x/qtbase/src/corelib/serialization/qxmlstream.cpp y/qtbase/src/corelib/serialization/qxmlstream.cpp
+index a6a2bc41af..f64db47867 100644
+--- x/qtbase/src/corelib/serialization/qxmlstream.cpp
++++ y/qtbase/src/corelib/serialization/qxmlstream.cpp
+@@ -1243,7 +1243,7 @@ inline qsizetype QXmlStreamReaderPrivate::fastScanContentCharList()
+ return n;
+ }
+
+-inline qsizetype QXmlStreamReaderPrivate::fastScanName(qint16 *prefix)
++inline qsizetype QXmlStreamReaderPrivate::fastScanName(Value *val)
+ {
+ qsizetype n = 0;
+ uint c;
+@@ -1280,16 +1280,16 @@ inline qsizetype QXmlStreamReaderPrivate::fastScanName(qint16 *prefix)
+ case '+':
+ case '*':
+ putChar(c);
+- if (prefix && *prefix == n+1) {
+- *prefix = 0;
++ if (val && val->prefix == n + 1) {
++ val->prefix = 0;
+ putChar(':');
+ --n;
+ }
+ return n;
+ case ':':
+- if (prefix) {
+- if (*prefix == 0) {
+- *prefix = qint16(n + 2);
++ if (val) {
++ if (val->prefix == 0) {
++ val->prefix = qint16(n + 2);
+ } else { // only one colon allowed according to the namespace spec.
+ putChar(c);
+ return n;
+@@ -1305,8 +1305,8 @@ inline qsizetype QXmlStreamReaderPrivate::fastScanName(qint16 *prefix)
+ }
+ }
+
+- if (prefix)
+- *prefix = 0;
++ if (val)
++ val->prefix = 0;
+ qsizetype pos = textBuffer.size() - n;
+ putString(textBuffer, pos);
+ textBuffer.resize(pos);
+diff --git x/qtbase/src/corelib/serialization/qxmlstream.g y/qtbase/src/corelib/serialization/qxmlstream.g
+index d06c371eb8..f3152bff37 100644
+--- x/qtbase/src/corelib/serialization/qxmlstream.g
++++ y/qtbase/src/corelib/serialization/qxmlstream.g
+@@ -1419,7 +1419,8 @@ space_opt ::= space;
+ qname ::= LETTER;
+ /.
+ case $rule_number: {
+- sym(1).len += fastScanName(&sym(1).prefix);
++ Value &val = sym(1);
++ val.len += fastScanName(&val);
+ if (atEnd) {
+ resume($rule_number);
+ return false;
+diff --git x/qtbase/src/corelib/serialization/qxmlstream_p.h y/qtbase/src/corelib/serialization/qxmlstream_p.h
+index 8e523f9c67..5da1f4aa5a 100644
+--- x/qtbase/src/corelib/serialization/qxmlstream_p.h
++++ y/qtbase/src/corelib/serialization/qxmlstream_p.h
+@@ -471,7 +471,7 @@ public:
+ qsizetype fastScanLiteralContent();
+ qsizetype fastScanSpace();
+ qsizetype fastScanContentCharList();
+- qsizetype fastScanName(qint16 *prefix = nullptr);
++ qsizetype fastScanName(Value *val = nullptr);
+ inline qsizetype fastScanNMTOKEN();
+
+
+diff --git x/qtbase/src/corelib/serialization/qxmlstreamparser_p.h y/qtbase/src/corelib/serialization/qxmlstreamparser_p.h
+index e3ae6faa44..59370a9310 100644
+--- x/qtbase/src/corelib/serialization/qxmlstreamparser_p.h
++++ y/qtbase/src/corelib/serialization/qxmlstreamparser_p.h
+@@ -947,7 +947,8 @@ bool QXmlStreamReaderPrivate::parse()
+ break;
+
+ case 262: {
+- sym(1).len += fastScanName(&sym(1).prefix);
++ Value &val = sym(1);
++ val.len += fastScanName(&val);
+ if (atEnd) {
+ resume(262);
+ return false;
diff --git a/libs/patches/qtbase-0013-QXmlStreamReader-make-fastScanName-indicate-parsing-.patch b/libs/patches/qtbase-0013-QXmlStreamReader-make-fastScanName-indicate-parsing-.patch
new file mode 100644
index 000000000..375a274a4
--- /dev/null
+++ b/libs/patches/qtbase-0013-QXmlStreamReader-make-fastScanName-indicate-parsing-.patch
@@ -0,0 +1,270 @@
+From 836d7df23ec9b6cb3dea1bb68b7c8bc75090702e Mon Sep 17 00:00:00 2001
+From: Ahmad Samir
+Date: Thu, 22 Jun 2023 15:56:07 +0300
+Subject: QXmlStreamReader: make fastScanName() indicate parsing status to
+ callers
+
+This fixes a crash while parsing an XML file with garbage data, the file
+starts with '<' then garbage data:
+- The loop in the parse() keeps iterating until it hits "case 262:",
+ which calls fastScanName()
+- fastScanName() iterates over the text buffer scanning for the
+ attribute name (e.g. "xml:lang"), until it finds ':'
+- Consider a Value val, fastScanName() is called on it, it would set
+ val.prefix to a number > val.len, then it would hit the 4096 condition
+ and return (returned 0, now it returns the equivalent of
+ std::null_opt), which means that val.len doesn't get modified, making
+ it smaller than val.prefix
+- The code would try constructing an XmlStringRef with negative length,
+ which would hit an assert in one of QStringView's constructors
+
+Add an assert to the XmlStringRef constructor.
+
+Add unittest based on the file from the bug report.
+
+Later on I will replace FastScanNameResult with std::optional
+(std::optional is C++17, which isn't required by Qt 5.15, and we want to
+backport this fix).
+
+Credit to OSS-Fuzz.
+
+Fixes: QTBUG-109781
+Fixes: QTBUG-114829
+Pick-to: 6.6 6.5 6.2 5.15
+Change-Id: I455a5eeb47870c2ac9ffd0cbcdcd99c1ae2dd374
+Reviewed-by: Allan Sandfeld Jensen
+(cherry picked from commit 6326bec46a618c72feba4a2bb994c4d475050aed)
+---
+ src/corelib/serialization/qxmlstream.cpp | 23 ++++++++---
+ src/corelib/serialization/qxmlstream.g | 12 +++++-
+ src/corelib/serialization/qxmlstream_p.h | 14 ++++++-
+ .../serialization/qxmlstreamparser_p.h | 12 +++++-
+ .../qxmlstream/tst_qxmlstream.cpp | 39 +++++++++++++++++++
+ 5 files changed, 88 insertions(+), 12 deletions(-)
+
+diff --git x/qtbase/src/corelib/serialization/qxmlstream.cpp y/qtbase/src/corelib/serialization/qxmlstream.cpp
+index f64db47867..34568b7351 100644
+--- x/qtbase/src/corelib/serialization/qxmlstream.cpp
++++ y/qtbase/src/corelib/serialization/qxmlstream.cpp
+@@ -1243,7 +1243,9 @@ inline qsizetype QXmlStreamReaderPrivate::fastScanContentCharList()
+ return n;
+ }
+
+-inline qsizetype QXmlStreamReaderPrivate::fastScanName(Value *val)
++// Fast scan an XML attribute name (e.g. "xml:lang").
++inline QXmlStreamReaderPrivate::FastScanNameResult
++QXmlStreamReaderPrivate::fastScanName(Value *val)
+ {
+ qsizetype n = 0;
+ uint c;
+@@ -1251,7 +1253,8 @@ inline qsizetype QXmlStreamReaderPrivate::fastScanName(Value *val)
+ if (n >= 4096) {
+ // This is too long to be a sensible name, and
+ // can exhaust memory, or the range of decltype(*prefix)
+- return 0;
++ raiseNamePrefixTooLongError();
++ return {};
+ }
+ switch (c) {
+ case '\n':
+@@ -1285,18 +1288,18 @@ inline qsizetype QXmlStreamReaderPrivate::fastScanName(Value *val)
+ putChar(':');
+ --n;
+ }
+- return n;
++ return FastScanNameResult(n);
+ case ':':
+ if (val) {
+ if (val->prefix == 0) {
+ val->prefix = qint16(n + 2);
+ } else { // only one colon allowed according to the namespace spec.
+ putChar(c);
+- return n;
++ return FastScanNameResult(n);
+ }
+ } else {
+ putChar(c);
+- return n;
++ return FastScanNameResult(n);
+ }
+ Q_FALLTHROUGH();
+ default:
+@@ -1310,7 +1313,7 @@ inline qsizetype QXmlStreamReaderPrivate::fastScanName(Value *val)
+ qsizetype pos = textBuffer.size() - n;
+ putString(textBuffer, pos);
+ textBuffer.resize(pos);
+- return 0;
++ return FastScanNameResult(0);
+ }
+
+ enum NameChar { NameBeginning, NameNotBeginning, NotName };
+@@ -1791,6 +1794,14 @@ void QXmlStreamReaderPrivate::raiseWellFormedError(const QString &message)
+ raiseError(QXmlStreamReader::NotWellFormedError, message);
+ }
+
++void QXmlStreamReaderPrivate::raiseNamePrefixTooLongError()
++{
++ // TODO: add a ImplementationLimitsExceededError and use it instead
++ raiseError(QXmlStreamReader::NotWellFormedError,
++ QXmlStream::tr("Length of XML attribute name exceeds implemnetation limits (4KiB "
++ "characters)."));
++}
++
+ void QXmlStreamReaderPrivate::parseError()
+ {
+
+diff --git x/qtbase/src/corelib/serialization/qxmlstream.g y/qtbase/src/corelib/serialization/qxmlstream.g
+index f3152bff37..fc122e6681 100644
+--- x/qtbase/src/corelib/serialization/qxmlstream.g
++++ y/qtbase/src/corelib/serialization/qxmlstream.g
+@@ -1420,7 +1420,11 @@ qname ::= LETTER;
+ /.
+ case $rule_number: {
+ Value &val = sym(1);
+- val.len += fastScanName(&val);
++ if (auto res = fastScanName(&val))
++ val.len += *res;
++ else
++ return false;
++
+ if (atEnd) {
+ resume($rule_number);
+ return false;
+@@ -1431,7 +1435,11 @@ qname ::= LETTER;
+ name ::= LETTER;
+ /.
+ case $rule_number:
+- sym(1).len += fastScanName();
++ if (auto res = fastScanName())
++ sym(1).len += *res;
++ else
++ return false;
++
+ if (atEnd) {
+ resume($rule_number);
+ return false;
+diff --git x/qtbase/src/corelib/serialization/qxmlstream_p.h y/qtbase/src/corelib/serialization/qxmlstream_p.h
+index 5da1f4aa5a..7925e59014 100644
+--- x/qtbase/src/corelib/serialization/qxmlstream_p.h
++++ y/qtbase/src/corelib/serialization/qxmlstream_p.h
+@@ -38,7 +38,7 @@ public:
+
+ constexpr XmlStringRef() = default;
+ constexpr inline XmlStringRef(const QString *string, qsizetype pos, qsizetype length)
+- : m_string(string), m_pos(pos), m_size(length)
++ : m_string(string), m_pos(pos), m_size((Q_ASSERT(length >= 0), length))
+ {
+ }
+ XmlStringRef(const QString *string)
+@@ -471,7 +471,16 @@ public:
+ qsizetype fastScanLiteralContent();
+ qsizetype fastScanSpace();
+ qsizetype fastScanContentCharList();
+- qsizetype fastScanName(Value *val = nullptr);
++
++ struct FastScanNameResult {
++ FastScanNameResult() : ok(false) {}
++ explicit FastScanNameResult(qsizetype len) : addToLen(len), ok(true) { }
++ operator bool() { return ok; }
++ qsizetype operator*() { Q_ASSERT(ok); return addToLen; }
++ qsizetype addToLen;
++ bool ok;
++ };
++ FastScanNameResult fastScanName(Value *val = nullptr);
+ inline qsizetype fastScanNMTOKEN();
+
+
+@@ -480,6 +489,7 @@ public:
+
+ void raiseError(QXmlStreamReader::Error error, const QString& message = QString());
+ void raiseWellFormedError(const QString &message);
++ void raiseNamePrefixTooLongError();
+
+ QXmlStreamEntityResolver *entityResolver;
+
+diff --git x/qtbase/src/corelib/serialization/qxmlstreamparser_p.h y/qtbase/src/corelib/serialization/qxmlstreamparser_p.h
+index 59370a9310..afd83381b3 100644
+--- x/qtbase/src/corelib/serialization/qxmlstreamparser_p.h
++++ y/qtbase/src/corelib/serialization/qxmlstreamparser_p.h
+@@ -948,7 +948,11 @@ bool QXmlStreamReaderPrivate::parse()
+
+ case 262: {
+ Value &val = sym(1);
+- val.len += fastScanName(&val);
++ if (auto res = fastScanName(&val))
++ val.len += *res;
++ else
++ return false;
++
+ if (atEnd) {
+ resume(262);
+ return false;
+@@ -956,7 +960,11 @@ bool QXmlStreamReaderPrivate::parse()
+ } break;
+
+ case 263:
+- sym(1).len += fastScanName();
++ if (auto res = fastScanName())
++ sym(1).len += *res;
++ else
++ return false;
++
+ if (atEnd) {
+ resume(263);
+ return false;
+diff --git x/qtbase/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp y/qtbase/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp
+index 2799e7a999..7eb0aac5cc 100644
+--- x/qtbase/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp
++++ y/qtbase/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp
+@@ -581,6 +581,8 @@ private slots:
+ void readBack() const;
+ void roundTrip() const;
+ void roundTrip_data() const;
++ void test_fastScanName_data() const;
++ void test_fastScanName() const;
+
+ void entityExpansionLimit() const;
+
+@@ -1753,5 +1755,42 @@ void tst_QXmlStream::roundTrip() const
+ QCOMPARE(out, in);
+ }
+
++void tst_QXmlStream::test_fastScanName_data() const
++{
++ QTest::addColumn("data");
++ QTest::addColumn("errorType");
++
++ // 4096 is the limit in QXmlStreamReaderPrivate::fastScanName()
++
++ QByteArray arr = "
+Date: Fri, 2 Sep 2022 16:52:04 +0200
+Subject: QXmlStreamReader: use qOffsetStringArray for storing token types
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Change-Id: I9e58c17d97c44e1b13899d30396f65b452d8600f
+Reviewed-by: Mårten Nordheim
+(cherry picked from commit d674f3f5454fb39de9405484a8c01fb928523f67)
+---
+ src/corelib/serialization/qxmlstream.cpp | 67 ++++++------------------
+ 1 file changed, 16 insertions(+), 51 deletions(-)
+
+diff --git x/qtbase/src/corelib/serialization/qxmlstream.cpp y/qtbase/src/corelib/serialization/qxmlstream.cpp
+index 34568b7351..535f98a215 100644
+--- x/qtbase/src/corelib/serialization/qxmlstream.cpp
++++ y/qtbase/src/corelib/serialization/qxmlstream.cpp
+@@ -15,6 +15,8 @@
+ #include
+ #include
+
++#include
++
+ #include
+ #include "qxmlstream_p.h"
+ #include "qxmlstreamparser_p.h"
+@@ -640,55 +642,19 @@ void QXmlStreamReader::skipCurrentElement()
+ }
+ }
+
+-/*
+- * Use the following Perl script to generate the error string index list:
+-===== PERL SCRIPT ====
+-print "static const char QXmlStreamReader_tokenTypeString_string[] =\n";
+-$counter = 0;
+-$i = 0;
+-while () {
+- chomp;
+- print " \"$_\\0\"\n";
+- $sizes[$i++] = $counter;
+- $counter += length 1 + $_;
+-}
+-print " \"\\0\";\n\nstatic const short QXmlStreamReader_tokenTypeString_indices[] = {\n ";
+-for ($j = 0; $j < $i; ++$j) {
+- printf "$sizes[$j], ";
+-}
+-print "0\n};\n";
+-===== PERL SCRIPT ====
+-
+- * The input data is as follows (copied from qxmlstream.h):
+-NoToken
+-Invalid
+-StartDocument
+-EndDocument
+-StartElement
+-EndElement
+-Characters
+-Comment
+-DTD
+-EntityReference
+-ProcessingInstruction
+-*/
+-static const char QXmlStreamReader_tokenTypeString_string[] =
+- "NoToken\0"
+- "Invalid\0"
+- "StartDocument\0"
+- "EndDocument\0"
+- "StartElement\0"
+- "EndElement\0"
+- "Characters\0"
+- "Comment\0"
+- "DTD\0"
+- "EntityReference\0"
+- "ProcessingInstruction\0";
+-
+-static const short QXmlStreamReader_tokenTypeString_indices[] = {
+- 0, 8, 16, 30, 42, 55, 66, 77, 85, 89, 105, 0
+-};
+-
++static constexpr auto QXmlStreamReader_tokenTypeString = qOffsetStringArray(
++ "NoToken",
++ "Invalid",
++ "StartDocument",
++ "EndDocument",
++ "StartElement",
++ "EndElement",
++ "Characters",
++ "Comment",
++ "DTD",
++ "EntityReference",
++ "ProcessingInstruction"
++);
+
+ /*!
+ \property QXmlStreamReader::namespaceProcessing
+@@ -721,8 +687,7 @@ bool QXmlStreamReader::namespaceProcessing() const
+ QString QXmlStreamReader::tokenString() const
+ {
+ Q_D(const QXmlStreamReader);
+- return QLatin1StringView(QXmlStreamReader_tokenTypeString_string +
+- QXmlStreamReader_tokenTypeString_indices[d->type]);
++ return QLatin1StringView(QXmlStreamReader_tokenTypeString.at(d->type));
+ }
+
+ #endif // QT_NO_XMLSTREAMREADER
diff --git a/libs/patches/qtbase-0015-QXmlStreamReader-Raise-error-on-unexpected-tokens.patch b/libs/patches/qtbase-0015-QXmlStreamReader-Raise-error-on-unexpected-tokens.patch
new file mode 100644
index 000000000..b9fd729ba
--- /dev/null
+++ b/libs/patches/qtbase-0015-QXmlStreamReader-Raise-error-on-unexpected-tokens.patch
@@ -0,0 +1,394 @@
+From ce9ffbc726f7a0d90561db7206f3061371126190 Mon Sep 17 00:00:00 2001
+From: Axel Spoerl
+Date: Fri, 30 Jun 2023 12:43:59 +0200
+Subject: QXmlStreamReader: Raise error on unexpected tokens
+
+QXmlStreamReader accepted multiple DOCTYPE elements, containing DTD
+fragments in the XML prolog, and in the XML body.
+Well-formed but invalid XML files - with multiple DTD fragments in
+prolog and body, combined with recursive entity expansions - have
+caused infinite loops in QXmlStreamReader.
+
+This patch implements a token check in QXmlStreamReader.
+A stream is allowed to start with an XML prolog. StartDocument
+and DOCTYPE elements are only allowed in this prolog, which
+may also contain ProcessingInstruction and Comment elements.
+As soon as anything else is seen, the prolog ends.
+After that, the prolog-specific elements are treated as unexpected.
+Furthermore, the prolog can contain at most one DOCTYPE element.
+
+Update the documentation to reflect the new behavior.
+Add an autotest that checks the new error cases are correctly detected,
+and no error is raised for legitimate input.
+
+The original OSS-Fuzz files (see bug reports) are not included in this
+patch for file size reasons. They have been tested manually. Each of
+them has more than one DOCTYPE element, causing infinite loops in
+recursive entity expansions. The newly implemented functionality
+detects those invalid DTD fragments. By raising an error, it aborts
+stream reading before an infinite loop occurs.
+
+Thanks to OSS-Fuzz for finding this.
+
+Fixes: QTBUG-92113
+Fixes: QTBUG-95188
+Change-Id: I0a082b9188b2eee50b396c4d5b1c9e1fd237bbdd
+Reviewed-by: Volker Hilsheimer
+(cherry picked from commit c4301be7d5f94852e1b17f2c2989d5ca807855d4)
+(cherry picked from commit c216c3d9859a20b3aeec985512e89316423fc3a8)
+---
+ src/corelib/serialization/qxmlstream.cpp | 140 +++++++++++++++++-
+ src/corelib/serialization/qxmlstream_p.h | 11 ++
+ .../qxmlstream/tokenError/dtdInBody.xml | 20 +++
+ .../qxmlstream/tokenError/multipleDtd.xml | 20 +++
+ .../qxmlstream/tokenError/wellFormed.xml | 15 ++
+ .../qxmlstream/tst_qxmlstream.cpp | 39 +++++
+ 6 files changed, 237 insertions(+), 8 deletions(-)
+ create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml
+ create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml
+ create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml
+
+diff --git x/qtbase/src/corelib/serialization/qxmlstream.cpp y/qtbase/src/corelib/serialization/qxmlstream.cpp
+index 535f98a215..050556f463 100644
+--- x/qtbase/src/corelib/serialization/qxmlstream.cpp
++++ y/qtbase/src/corelib/serialization/qxmlstream.cpp
+@@ -128,7 +128,7 @@ void reversed(const Range &&) = delete;
+ addData() or by waiting for it to arrive on the device().
+
+ \value UnexpectedElementError The parser encountered an element
+- that was different to those it expected.
++ or token that was different to those it expected.
+
+ */
+
+@@ -263,13 +263,34 @@ QXmlStreamEntityResolver *QXmlStreamReader::entityResolver() const
+
+ QXmlStreamReader is a well-formed XML 1.0 parser that does \e not
+ include external parsed entities. As long as no error occurs, the
+- application code can thus be assured that the data provided by the
+- stream reader satisfies the W3C's criteria for well-formed XML. For
+- example, you can be certain that all tags are indeed nested and
+- closed properly, that references to internal entities have been
+- replaced with the correct replacement text, and that attributes have
+- been normalized or added according to the internal subset of the
+- DTD.
++ application code can thus be assured, that
++ \list
++ \li the data provided by the stream reader satisfies the W3C's
++ criteria for well-formed XML,
++ \li tokens are provided in a valid order.
++ \endlist
++
++ Unless QXmlStreamReader raises an error, it guarantees the following:
++ \list
++ \li All tags are nested and closed properly.
++ \li References to internal entities have been replaced with the
++ correct replacement text.
++ \li Attributes have been normalized or added according to the
++ internal subset of the \l DTD.
++ \li Tokens of type \l StartDocument happen before all others,
++ aside from comments and processing instructions.
++ \li At most one DOCTYPE element (a token of type \l DTD) is present.
++ \li If present, the DOCTYPE appears before all other elements,
++ aside from StartDocument, comments and processing instructions.
++ \endlist
++
++ In particular, once any token of type \l StartElement, \l EndElement,
++ \l Characters, \l EntityReference or \l EndDocument is seen, no
++ tokens of type StartDocument or DTD will be seen. If one is present in
++ the input stream, out of order, an error is raised.
++
++ \note The token types \l Comment and \l ProcessingInstruction may appear
++ anywhere in the stream.
+
+ If an error occurs while parsing, atEnd() and hasError() return
+ true, and error() returns the error that occurred. The functions
+@@ -572,6 +593,7 @@ QXmlStreamReader::TokenType QXmlStreamReader::readNext()
+ d->token = -1;
+ return readNext();
+ }
++ d->checkToken();
+ return d->type;
+ }
+
+@@ -656,6 +678,11 @@ static constexpr auto QXmlStreamReader_tokenTypeString = qOffsetStringArray(
+ "ProcessingInstruction"
+ );
+
++static constexpr auto QXmlStreamReader_XmlContextString = qOffsetStringArray(
++ "Prolog",
++ "Body"
++);
++
+ /*!
+ \property QXmlStreamReader::namespaceProcessing
+ \brief the namespace-processing flag of the stream reader.
+@@ -690,6 +717,15 @@ QString QXmlStreamReader::tokenString() const
+ return QLatin1StringView(QXmlStreamReader_tokenTypeString.at(d->type));
+ }
+
++/*!
++ \internal
++ \return \param loc (Prolog/Body) as a string.
++ */
++static constexpr QLatin1StringView contextString(QXmlStreamReaderPrivate::XmlContext ctxt)
++{
++ return QLatin1StringView(QXmlStreamReader_XmlContextString.at(static_cast(ctxt)));
++}
++
+ #endif // QT_NO_XMLSTREAMREADER
+
+ QXmlStreamPrivateTagStack::QXmlStreamPrivateTagStack()
+@@ -776,6 +812,8 @@ void QXmlStreamReaderPrivate::init()
+
+ type = QXmlStreamReader::NoToken;
+ error = QXmlStreamReader::NoError;
++ currentContext = XmlContext::Prolog;
++ foundDTD = false;
+ }
+
+ /*
+@@ -3692,6 +3730,92 @@ void QXmlStreamWriter::writeCurrentToken(const QXmlStreamReader &reader)
+ }
+ }
+
++static constexpr bool isTokenAllowedInContext(QXmlStreamReader::TokenType type,
++ QXmlStreamReaderPrivate::XmlContext loc)
++{
++ switch (type) {
++ case QXmlStreamReader::StartDocument:
++ case QXmlStreamReader::DTD:
++ return loc == QXmlStreamReaderPrivate::XmlContext::Prolog;
++
++ case QXmlStreamReader::StartElement:
++ case QXmlStreamReader::EndElement:
++ case QXmlStreamReader::Characters:
++ case QXmlStreamReader::EntityReference:
++ case QXmlStreamReader::EndDocument:
++ return loc == QXmlStreamReaderPrivate::XmlContext::Body;
++
++ case QXmlStreamReader::Comment:
++ case QXmlStreamReader::ProcessingInstruction:
++ return true;
++
++ case QXmlStreamReader::NoToken:
++ case QXmlStreamReader::Invalid:
++ return false;
++ }
++
++ return false;
++}
++
++/*!
++ \internal
++ \brief QXmlStreamReader::isValidToken
++ \return \c true if \param type is a valid token type.
++ \return \c false if \param type is an unexpected token,
++ which indicates a non-well-formed or invalid XML stream.
++ */
++bool QXmlStreamReaderPrivate::isValidToken(QXmlStreamReader::TokenType type)
++{
++ // Don't change currentContext, if Invalid or NoToken occur in the prolog
++ if (type == QXmlStreamReader::Invalid || type == QXmlStreamReader::NoToken)
++ return false;
++
++ // If a token type gets rejected in the body, there is no recovery
++ const bool result = isTokenAllowedInContext(type, currentContext);
++ if (result || currentContext == XmlContext::Body)
++ return result;
++
++ // First non-Prolog token observed => switch context to body and check again.
++ currentContext = XmlContext::Body;
++ return isTokenAllowedInContext(type, currentContext);
++}
++
++/*!
++ \internal
++ Checks token type and raises an error, if it is invalid
++ in the current context (prolog/body).
++ */
++void QXmlStreamReaderPrivate::checkToken()
++{
++ Q_Q(QXmlStreamReader);
++
++ // The token type must be consumed, to keep track if the body has been reached.
++ const XmlContext context = currentContext;
++ const bool ok = isValidToken(type);
++
++ // Do nothing if an error has been raised already (going along with an unexpected token)
++ if (error != QXmlStreamReader::Error::NoError)
++ return;
++
++ if (!ok) {
++ raiseError(QXmlStreamReader::UnexpectedElementError,
++ QObject::tr("Unexpected token type %1 in %2.")
++ .arg(q->tokenString(), contextString(context)));
++ return;
++ }
++
++ if (type != QXmlStreamReader::DTD)
++ return;
++
++ // Raise error on multiple DTD tokens
++ if (foundDTD) {
++ raiseError(QXmlStreamReader::UnexpectedElementError,
++ QObject::tr("Found second DTD token in %1.").arg(contextString(context)));
++ } else {
++ foundDTD = true;
++ }
++}
++
+ /*!
+ \fn bool QXmlStreamAttributes::hasAttribute(const QString &qualifiedName) const
+ \since 4.5
+diff --git x/qtbase/src/corelib/serialization/qxmlstream_p.h y/qtbase/src/corelib/serialization/qxmlstream_p.h
+index 7925e59014..c24c74d5c9 100644
+--- x/qtbase/src/corelib/serialization/qxmlstream_p.h
++++ y/qtbase/src/corelib/serialization/qxmlstream_p.h
+@@ -270,6 +270,17 @@ public:
+ QStringDecoder decoder;
+ bool atEnd;
+
++ enum class XmlContext
++ {
++ Prolog,
++ Body,
++ };
++
++ XmlContext currentContext = XmlContext::Prolog;
++ bool foundDTD = false;
++ bool isValidToken(QXmlStreamReader::TokenType type);
++ void checkToken();
++
+ /*!
+ \sa setType()
+ */
+diff --git x/qtbase/tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml y/qtbase/tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml
+new file mode 100644
+index 0000000000..1c3ca4e271
+--- /dev/null
++++ y/qtbase/tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml
+@@ -0,0 +1,20 @@
++
++
++
++
++
++
++
++
++]>
++
++
++ tst_QXmlStream
++
++
++
++
++ ]>
++
+diff --git x/qtbase/tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml y/qtbase/tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml
+new file mode 100644
+index 0000000000..cd398c0f9f
+--- /dev/null
++++ y/qtbase/tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml
+@@ -0,0 +1,20 @@
++
++
++
++
++
++
++
++
++]>
++
++
++
++]>
++
++
++ tst_QXmlStream
++
++
+diff --git x/qtbase/tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml y/qtbase/tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml
+new file mode 100644
+index 0000000000..1b61a3f062
+--- /dev/null
++++ y/qtbase/tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml
+@@ -0,0 +1,15 @@
++
++
++
++
++
++
++
++
++]>
++
++
++ tst_QXmlStream
++
++
+diff --git x/qtbase/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp y/qtbase/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp
+index 7eb0aac5cc..ee962d3870 100644
+--- x/qtbase/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp
++++ y/qtbase/tests/auto/corelib/serialization/qxmlstream/tst_qxmlstream.cpp
+@@ -586,6 +586,9 @@ private slots:
+
+ void entityExpansionLimit() const;
+
++ void tokenErrorHandling_data() const;
++ void tokenErrorHandling() const;
++
+ private:
+ static QByteArray readFile(const QString &filename);
+
+@@ -1792,5 +1795,41 @@ void tst_QXmlStream::test_fastScanName() const
+ QCOMPARE(reader.error(), errorType);
+ }
+
++void tst_QXmlStream::tokenErrorHandling_data() const
++{
++ QTest::addColumn("fileName");
++ QTest::addColumn("expectedError");
++ QTest::addColumn("errorKeyWord");
++
++ constexpr auto invalid = QXmlStreamReader::Error::UnexpectedElementError;
++ constexpr auto valid = QXmlStreamReader::Error::NoError;
++ QTest::newRow("DtdInBody") << "dtdInBody.xml" << invalid << "DTD";
++ QTest::newRow("multipleDTD") << "multipleDtd.xml" << invalid << "second DTD";
++ QTest::newRow("wellFormed") << "wellFormed.xml" << valid << "";
++}
++
++void tst_QXmlStream::tokenErrorHandling() const
++{
++ QFETCH(const QString, fileName);
++ QFETCH(const QXmlStreamReader::Error, expectedError);
++ QFETCH(const QString, errorKeyWord);
++
++ const QDir dir(QFINDTESTDATA("tokenError"));
++ QFile file(dir.absoluteFilePath(fileName));
++
++ // Cross-compiling: File will be on host only
++ if (!file.exists())
++ QSKIP("Testfile not found.");
++
++ file.open(QIODevice::ReadOnly);
++ QXmlStreamReader reader(&file);
++ while (!reader.atEnd())
++ reader.readNext();
++
++ QCOMPARE(reader.error(), expectedError);
++ if (expectedError != QXmlStreamReader::Error::NoError)
++ QVERIFY(reader.errorString().contains(errorKeyWord));
++}
++
+ #include "tst_qxmlstream.moc"
+ // vim: et:ts=4:sw=4:sts=4
diff --git a/libs/patches/qtbase-0016-QOffsetStringArray-fix-ambiguous-qOffsetStringArray-.patch b/libs/patches/qtbase-0016-QOffsetStringArray-fix-ambiguous-qOffsetStringArray-.patch
new file mode 100644
index 000000000..9f06617f8
--- /dev/null
+++ b/libs/patches/qtbase-0016-QOffsetStringArray-fix-ambiguous-qOffsetStringArray-.patch
@@ -0,0 +1,42 @@
+From e6d25e8d3b67cf7d9601d3fdd07131280f8ff056 Mon Sep 17 00:00:00 2001
+From: Marc Mutz
+Date: Sun, 4 Sep 2022 12:31:10 +0200
+Subject: QOffsetStringArray: fix ambiguous qOffsetStringArray overloads
+
+There are two qOffsetStringArray overloads: one in QT_NAMESPACE, the
+other in QT_PREPEND_NAMESPACE(QtPrivate). In TUs which use using
+namespace QtPrivate, a call to qOffsetStringArray() may become
+ambiguous.
+
+Fix by renaming the qOffsetStringArray() to makeOffsetStringArray().
+
+Pick-to: 6.4 6.3 6.2
+Change-Id: I242a969f363e230d6a8dfb048601a0c024724f6a
+Reviewed-by: Thiago Macieira
+(cherry picked from commit 21c5eeba673694f865badfd137ee9fc474177ae0)
+---
+ src/corelib/tools/qoffsetstringarray_p.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git x/qtbase/src/corelib/tools/qoffsetstringarray_p.h y/qtbase/src/corelib/tools/qoffsetstringarray_p.h
+index 3afb5cb731..68afef57d5 100644
+--- x/qtbase/src/corelib/tools/qoffsetstringarray_p.h
++++ y/qtbase/src/corelib/tools/qoffsetstringarray_p.h
+@@ -116,7 +116,7 @@ template struct StaticMapEntry
+ };
+
+ template
+-constexpr auto qOffsetStringArray(StringExtractor extractString, const T &... entries)
++constexpr auto makeOffsetStringArray(StringExtractor extractString, const T &... entries)
+ {
+ constexpr size_t Count = sizeof...(T);
+ constexpr qsizetype StringLength = (sizeof(extractString(T{})) + ...);
+@@ -140,7 +140,7 @@ template
+ constexpr auto qOffsetStringArray(const char (&...strings)[Nx]) noexcept
+ {
+ auto extractString = [](const auto &s) -> decltype(auto) { return s; };
+- return QtPrivate::qOffsetStringArray(extractString, QtPrivate::StaticString(strings)...);
++ return QtPrivate::makeOffsetStringArray(extractString, QtPrivate::StaticString(strings)...);
+ }
+
+ QT_WARNING_POP
diff --git a/libs/patches/qtbase-0017-QOffsetStringArray-fix-size_t-qsizetype-mismatch.patch b/libs/patches/qtbase-0017-QOffsetStringArray-fix-size_t-qsizetype-mismatch.patch
new file mode 100644
index 000000000..5f23bbb77
--- /dev/null
+++ b/libs/patches/qtbase-0017-QOffsetStringArray-fix-size_t-qsizetype-mismatch.patch
@@ -0,0 +1,31 @@
+From 72533c561d6952e63f86f11d9e4f0c6ffe8ed5a1 Mon Sep 17 00:00:00 2001
+From: Marc Mutz
+Date: Mon, 5 Sep 2022 08:59:23 +0200
+Subject: QOffsetStringArray: fix size_t/qsizetype mismatch
+
+The sizeof operator returns, and both minifyValue and makeStaticString
+accept, size_t. Don't funnel it through a qsizetype variable, then,
+but maintain it as a size_t all the way.
+
+Pick-to: 6.4 6.3 6.2
+Task-number: QTBUG-103533
+Change-Id: I05c6a6c5da3d02daabbf1d25a15531c6f44a80ce
+Reviewed-by: Sona Kurazyan
+(cherry picked from commit 8932eee9a652d8a325410b147955c9939278f9ed)
+---
+ src/corelib/tools/qoffsetstringarray_p.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git x/qtbase/src/corelib/tools/qoffsetstringarray_p.h y/qtbase/src/corelib/tools/qoffsetstringarray_p.h
+index 68afef57d5..fbe714aca6 100644
+--- x/qtbase/src/corelib/tools/qoffsetstringarray_p.h
++++ y/qtbase/src/corelib/tools/qoffsetstringarray_p.h
+@@ -119,7 +119,7 @@ template
+ constexpr auto makeOffsetStringArray(StringExtractor extractString, const T &... entries)
+ {
+ constexpr size_t Count = sizeof...(T);
+- constexpr qsizetype StringLength = (sizeof(extractString(T{})) + ...);
++ constexpr size_t StringLength = (sizeof(extractString(T{})) + ...);
+ using MinifiedOffsetType = decltype(QtPrivate::minifyValue());
+
+ size_t offset = 0;
diff --git a/libs/patches/qt-connectivity-0001-iOS-NFC-Always-ensure-timeout-after-session-invalida.patch b/libs/patches/qtconnectivity-0001-iOS-NFC-Always-ensure-timeout-after-session-invalida.patch
similarity index 98%
rename from libs/patches/qt-connectivity-0001-iOS-NFC-Always-ensure-timeout-after-session-invalida.patch
rename to libs/patches/qtconnectivity-0001-iOS-NFC-Always-ensure-timeout-after-session-invalida.patch
index f7da165bc..c65a9aa3d 100644
--- a/libs/patches/qt-connectivity-0001-iOS-NFC-Always-ensure-timeout-after-session-invalida.patch
+++ b/libs/patches/qtconnectivity-0001-iOS-NFC-Always-ensure-timeout-after-session-invalida.patch
@@ -1,4 +1,4 @@
-From 720768b715d432aa084c9c15b994a396a89968a8 Mon Sep 17 00:00:00 2001
+From 37c9240e9d6d295118fcabedbaaf403310af8dba Mon Sep 17 00:00:00 2001
From: Julian Greilich
Date: Thu, 26 Jan 2023 19:19:21 +0100
Subject: iOS NFC: Always ensure timeout after session invalidation
@@ -135,6 +135,3 @@ index 6aa1574e..b3668ff6 100644
};
---
-2.39.1
-
diff --git a/libs/patches/qt-declarative-0001-qmlformat-fix-omitting-some-comments-while-reformatt.patch b/libs/patches/qtdeclarative-0001-qmlformat-fix-omitting-some-comments-while-reformatt.patch
similarity index 98%
rename from libs/patches/qt-declarative-0001-qmlformat-fix-omitting-some-comments-while-reformatt.patch
rename to libs/patches/qtdeclarative-0001-qmlformat-fix-omitting-some-comments-while-reformatt.patch
index 7ad14c863..b0a3983d0 100644
--- a/libs/patches/qt-declarative-0001-qmlformat-fix-omitting-some-comments-while-reformatt.patch
+++ b/libs/patches/qtdeclarative-0001-qmlformat-fix-omitting-some-comments-while-reformatt.patch
@@ -1,4 +1,4 @@
-From f5b5a974f6ad854008c587c9494ae46785e21899 Mon Sep 17 00:00:00 2001
+From 7785342c8d6fe223977958c59cd4102ed417d442 Mon Sep 17 00:00:00 2001
From: Semih Yavuz
Date: Wed, 18 Jan 2023 15:36:23 +0100
Subject: qmlformat: fix omitting some comments while reformatting
@@ -97,6 +97,3 @@ index 9d7beb23a7..7755095acd 100644
}
void TestQmlformat::testFormat()
---
-2.39.1
-
diff --git a/libs/patches/qtdeclarative-0002-QQuickItem-item-stays-pressed-after-DoubleClicks.patch b/libs/patches/qtdeclarative-0002-QQuickItem-item-stays-pressed-after-DoubleClicks.patch
new file mode 100644
index 000000000..fb4f59031
--- /dev/null
+++ b/libs/patches/qtdeclarative-0002-QQuickItem-item-stays-pressed-after-DoubleClicks.patch
@@ -0,0 +1,119 @@
+From 26cac8dada39c83cfcebd8b0bbcacf92f1ce9e9f Mon Sep 17 00:00:00 2001
+From: Sami Shalayel
+Date: Mon, 17 Apr 2023 18:03:09 +0200
+Subject: QQuickItem: item stays pressed after DoubleClicks
+
+Amends 72651a50f83aa72998822312c7b5c6235d28978f.
+This commit decided to ignore double clicks in the virtual
+QQuickItem::mouseDoubleClickEvent().
+If a subclass inheriting from QQuickItem wants to not ignore
+a double click, it should override mouseDoubleClickEvent()
+and handle the double click event accordingly.
+
+Fix QQuickMouseArea::mouseDoubleClickEvent(QMouseEvent *event) to *not*
+call the base implementation in QQuickItem after handling a double
+click, because QQuickItem sets that double-click MouseEvent back to
+the ignored state.
+
+This was leading to weird behavior on platforms with touch
+screens like Android or IOS where buttons "got stuck" after
+a double click.
+
+Fixes: QTBUG-112434
+Fixes: QTBUG-109393
+Pick-to: 6.5
+Change-Id: I774189fbcb356b07336f35f053e05a12c34ce602
+Reviewed-by: Qt CI Bot
+Reviewed-by: Ivan Solovev
+(cherry picked from commit d7fac6923a6d4e4ac7dc22458256366968acbdb3)
+---
+ src/quick/items/qquickmousearea.cpp | 5 ++++
+ .../data/doubleClickInMouseArea.qml | 23 +++++++++++++++++++
+ .../tst_mousearea_interop.cpp | 21 +++++++++++++++++
+ 3 files changed, 49 insertions(+)
+ create mode 100644 tests/auto/quick/pointerhandlers/mousearea_interop/data/doubleClickInMouseArea.qml
+
+diff --git x/qtdeclarative/src/quick/items/qquickmousearea.cpp y/qtdeclarative/src/quick/items/qquickmousearea.cpp
+index 75b67d01e3..db338c7ae5 100644
+--- x/qtdeclarative/src/quick/items/qquickmousearea.cpp
++++ y/qtdeclarative/src/quick/items/qquickmousearea.cpp
+@@ -795,6 +795,11 @@ void QQuickMouseArea::mouseDoubleClickEvent(QMouseEvent *event)
+ d->propagate(&me, QQuickMouseAreaPrivate::DoubleClick);
+ if (d->pressed)
+ d->doubleClick = d->isDoubleClickConnected() || me.isAccepted();
++
++ // do not call the base implementation if the event is accepted
++ // because it will revert the event back to ignored state
++ if (me.isAccepted())
++ return;
+ }
+ QQuickItem::mouseDoubleClickEvent(event);
+ }
+diff --git x/qtdeclarative/tests/auto/quick/pointerhandlers/mousearea_interop/data/doubleClickInMouseArea.qml y/qtdeclarative/tests/auto/quick/pointerhandlers/mousearea_interop/data/doubleClickInMouseArea.qml
+new file mode 100644
+index 0000000000..e43a2f3160
+--- /dev/null
++++ y/qtdeclarative/tests/auto/quick/pointerhandlers/mousearea_interop/data/doubleClickInMouseArea.qml
+@@ -0,0 +1,23 @@
++import QtQuick
++import QtQuick.Controls
++import QtQuick.Window
++
++Rectangle {
++ width: 200; height: 200
++ color: mouseArea.pressed ? "red" : "orange"
++
++ Popup {
++ visible: true
++ closePolicy: Popup.NoAutoClose
++ width: 100
++ height: 100
++ contentItem: MouseArea {
++ id: mouseArea
++
++ anchors.fill: parent
++ }
++ background: Rectangle {
++ color: "green"
++ }
++ }
++}
+diff --git x/qtdeclarative/tests/auto/quick/pointerhandlers/mousearea_interop/tst_mousearea_interop.cpp y/qtdeclarative/tests/auto/quick/pointerhandlers/mousearea_interop/tst_mousearea_interop.cpp
+index c4059a1fbd..bc0dfbc736 100644
+--- x/qtdeclarative/tests/auto/quick/pointerhandlers/mousearea_interop/tst_mousearea_interop.cpp
++++ y/qtdeclarative/tests/auto/quick/pointerhandlers/mousearea_interop/tst_mousearea_interop.cpp
+@@ -31,6 +31,7 @@ private slots:
+ void dragHandlerInSiblingStealingGrabFromMouseAreaViaTouch();
+ void hoverHandlerDoesntHoverOnPress();
+ void doubleClickInMouseAreaWithDragHandlerInGrandparent();
++ void doubleClickInMouseArea();
+
+ private:
+ void createView(QScopedPointer &window, const char *fileName);
+@@ -203,6 +204,26 @@ void tst_MouseAreaInterop::doubleClickInMouseAreaWithDragHandlerInGrandparent()
+ QCOMPARE(dragActiveSpy.count(), 0);
+ }
+
++void tst_MouseAreaInterop::doubleClickInMouseArea()
++{
++ QQuickView window;
++ QVERIFY(QQuickTest::showView(window, testFileUrl("doubleClickInMouseArea.qml")));
++
++ auto *ma = window.rootObject()->findChild();
++ QVERIFY(ma);
++ QSignalSpy doubleClickSpy(ma, &QQuickMouseArea::doubleClicked);
++ QSignalSpy longPressSpy(ma, &QQuickMouseArea::pressAndHold);
++ QPoint p = ma->mapToScene(ma->boundingRect().center()).toPoint();
++
++ // check with normal double click
++ QTest::mouseDClick(&window, Qt::LeftButton, Qt::NoModifier, p);
++ QCOMPARE(doubleClickSpy.count(), 1);
++
++ // wait enough time for a wrong long press to happen
++ QTest::qWait(QGuiApplication::styleHints()->mousePressAndHoldInterval() + 10);
++ QCOMPARE(longPressSpy.count(), 0);
++}
++
+ QTEST_MAIN(tst_MouseAreaInterop)
+
+ #include "tst_mousearea_interop.moc"
diff --git a/libs/patches/qtdeclarative-0003-MouseArea-don-t-ignore-double-click-events.patch b/libs/patches/qtdeclarative-0003-MouseArea-don-t-ignore-double-click-events.patch
new file mode 100644
index 000000000..c35b19150
--- /dev/null
+++ b/libs/patches/qtdeclarative-0003-MouseArea-don-t-ignore-double-click-events.patch
@@ -0,0 +1,283 @@
+From 65fd0af4aece6028e82e018c50583aed706dd525 Mon Sep 17 00:00:00 2001
+From: Shawn Rutledge
+Date: Mon, 12 Jun 2023 22:53:23 +0200
+Subject: MouseArea: don't ignore double-click events
+
+In 72651a50f83aa72998822312c7b5c6235d28978f
+QQuickItem::mouseDoubleClickEvent() started to ignore double-clicks by
+default, which is consistent with the fact that it ignores the other
+pointer event types. But now we have to worry about subclasses that
+override mouseDoubleClickEvent() and call the base class implementation.
+
+d7fac6923a6d4e4ac7dc22458256366968acbdb3 tried to fix it but neglected
+the case when the MouseArea does not have an onDoubleClicked signal
+handling script. Since the QQuickMouseEvent object that we emit to QML
+won't be accepted if isDoubleClickConnected() is false, and since the
+code before 72651a50f83aa72998822312c7b5c6235d28978f was leaving the
+event accepted regardless of whether QQuickMouseEvent was accepted, we
+should not need to check it now either. Perhaps we should care about the
+case when onDoubleClicked sets accepted to false, but so far that
+doesn't seem very useful either: if you accept the press, a parent
+MouseArea will not see either the press or the double-click; if you
+ignore the press, you won't see the double-click, and a parent MouseArea
+will see both by default. tst_QQuickMouseArea::clickThrough() tests
+accepted = false in onDoubleClicked but not onPressed, and only with
+mouse, not touch.
+
+Added tst_QQuickMouseArea::doubleTap(); also moved the autotest from
+d7fac6923a6d4e4ac7dc22458256366968acbdb3 which has nothing to do with
+pointer handlers.
+
+Fixes: QTBUG-112434
+Fixes: QTBUG-109393
+Pick-to: 6.6 6.5 6.5.2
+Change-Id: I426827c20cdb2373e77744987dffba59cd941edc
+Reviewed-by: Fabian Kosmale
+Reviewed-by: Doris Verria
+(cherry picked from commit 35b5511189f0f9dbb8cfd8b3ec97cca2c65b3e2e)
+---
+ src/quick/items/qquickmousearea.cpp | 6 +-
+ .../data/doubleClickInMouseArea.qml | 23 --------
+ .../tst_mousearea_interop.cpp | 21 -------
+ .../qquickmousearea/tst_qquickmousearea.cpp | 56 +++++++++++++++++++
+ .../data/doubleClickInMouseArea.qml | 23 ++++++++
+ .../qquickpopup/tst_qquickpopup.cpp | 22 ++++++++
+ 6 files changed, 103 insertions(+), 48 deletions(-)
+ delete mode 100644 tests/auto/quick/pointerhandlers/mousearea_interop/data/doubleClickInMouseArea.qml
+ create mode 100644 tests/auto/quickcontrols2/qquickpopup/data/doubleClickInMouseArea.qml
+
+diff --git x/qtdeclarative/src/quick/items/qquickmousearea.cpp y/qtdeclarative/src/quick/items/qquickmousearea.cpp
+index db338c7ae5..de283672cc 100644
+--- x/qtdeclarative/src/quick/items/qquickmousearea.cpp
++++ y/qtdeclarative/src/quick/items/qquickmousearea.cpp
+@@ -796,10 +796,8 @@ void QQuickMouseArea::mouseDoubleClickEvent(QMouseEvent *event)
+ if (d->pressed)
+ d->doubleClick = d->isDoubleClickConnected() || me.isAccepted();
+
+- // do not call the base implementation if the event is accepted
+- // because it will revert the event back to ignored state
+- if (me.isAccepted())
+- return;
++ // Do not call the base implementation: we don't want to call event->ignore().
++ return;
+ }
+ QQuickItem::mouseDoubleClickEvent(event);
+ }
+diff --git x/qtdeclarative/tests/auto/quick/pointerhandlers/mousearea_interop/data/doubleClickInMouseArea.qml y/qtdeclarative/tests/auto/quick/pointerhandlers/mousearea_interop/data/doubleClickInMouseArea.qml
+deleted file mode 100644
+index e43a2f3160..0000000000
+--- x/qtdeclarative/tests/auto/quick/pointerhandlers/mousearea_interop/data/doubleClickInMouseArea.qml
++++ /dev/null
+@@ -1,23 +0,0 @@
+-import QtQuick
+-import QtQuick.Controls
+-import QtQuick.Window
+-
+-Rectangle {
+- width: 200; height: 200
+- color: mouseArea.pressed ? "red" : "orange"
+-
+- Popup {
+- visible: true
+- closePolicy: Popup.NoAutoClose
+- width: 100
+- height: 100
+- contentItem: MouseArea {
+- id: mouseArea
+-
+- anchors.fill: parent
+- }
+- background: Rectangle {
+- color: "green"
+- }
+- }
+-}
+diff --git x/qtdeclarative/tests/auto/quick/pointerhandlers/mousearea_interop/tst_mousearea_interop.cpp y/qtdeclarative/tests/auto/quick/pointerhandlers/mousearea_interop/tst_mousearea_interop.cpp
+index bc0dfbc736..c4059a1fbd 100644
+--- x/qtdeclarative/tests/auto/quick/pointerhandlers/mousearea_interop/tst_mousearea_interop.cpp
++++ y/qtdeclarative/tests/auto/quick/pointerhandlers/mousearea_interop/tst_mousearea_interop.cpp
+@@ -31,7 +31,6 @@ private slots:
+ void dragHandlerInSiblingStealingGrabFromMouseAreaViaTouch();
+ void hoverHandlerDoesntHoverOnPress();
+ void doubleClickInMouseAreaWithDragHandlerInGrandparent();
+- void doubleClickInMouseArea();
+
+ private:
+ void createView(QScopedPointer &window, const char *fileName);
+@@ -204,26 +203,6 @@ void tst_MouseAreaInterop::doubleClickInMouseAreaWithDragHandlerInGrandparent()
+ QCOMPARE(dragActiveSpy.count(), 0);
+ }
+
+-void tst_MouseAreaInterop::doubleClickInMouseArea()
+-{
+- QQuickView window;
+- QVERIFY(QQuickTest::showView(window, testFileUrl("doubleClickInMouseArea.qml")));
+-
+- auto *ma = window.rootObject()->findChild();
+- QVERIFY(ma);
+- QSignalSpy doubleClickSpy(ma, &QQuickMouseArea::doubleClicked);
+- QSignalSpy longPressSpy(ma, &QQuickMouseArea::pressAndHold);
+- QPoint p = ma->mapToScene(ma->boundingRect().center()).toPoint();
+-
+- // check with normal double click
+- QTest::mouseDClick(&window, Qt::LeftButton, Qt::NoModifier, p);
+- QCOMPARE(doubleClickSpy.count(), 1);
+-
+- // wait enough time for a wrong long press to happen
+- QTest::qWait(QGuiApplication::styleHints()->mousePressAndHoldInterval() + 10);
+- QCOMPARE(longPressSpy.count(), 0);
+-}
+-
+ QTEST_MAIN(tst_MouseAreaInterop)
+
+ #include "tst_mousearea_interop.moc"
+diff --git x/qtdeclarative/tests/auto/quick/qquickmousearea/tst_qquickmousearea.cpp y/qtdeclarative/tests/auto/quick/qquickmousearea/tst_qquickmousearea.cpp
+index 7da0913e0c..0c7528320e 100644
+--- x/qtdeclarative/tests/auto/quick/qquickmousearea/tst_qquickmousearea.cpp
++++ y/qtdeclarative/tests/auto/quick/qquickmousearea/tst_qquickmousearea.cpp
+@@ -95,6 +95,7 @@ private slots:
+ void pressedCanceledOnWindowDeactivate();
+ void doubleClick_data() { acceptedButton_data(); }
+ void doubleClick();
++ void doubleTap();
+ void clickTwice_data() { acceptedButton_data(); }
+ void clickTwice();
+ void invalidClick_data() { rejectedButton_data(); }
+@@ -929,6 +930,61 @@ void tst_QQuickMouseArea::doubleClick()
+ QCOMPARE(window.rootObject()->property("released").toInt(), 2);
+ }
+
++void tst_QQuickMouseArea::doubleTap() // QTBUG-112434
++{
++ QQuickView window;
++ QVERIFY(QQuickTest::showView(window, testFileUrl("doubleclick.qml")));
++
++ QQuickMouseArea *mouseArea = window.rootObject()->findChild("mousearea");
++ QVERIFY(mouseArea);
++ QPoint p1 = mouseArea->mapToScene(mouseArea->boundingRect().center()).toPoint();
++
++ QTest::touchEvent(&window, device).press(0, p1);
++ QQuickTouchUtils::flush(&window);
++ QTest::touchEvent(&window, device).release(0, p1);
++ QQuickTouchUtils::flush(&window);
++ QCOMPARE(window.rootObject()->property("released").toInt(), 1);
++ QCOMPARE(window.rootObject()->property("clicked").toInt(), 1);
++
++ p1 += QPoint(1, -1); // movement less than QPlatformTheme::TouchDoubleTapDistance
++ QTest::touchEvent(&window, device).press(1, p1); // touchpoint ID is different the second time
++ QQuickTouchUtils::flush(&window);
++ QCOMPARE(mouseArea->isPressed(), true);
++ // at this time QQuickDeliveryAgentPrivate::deliverTouchAsMouse() synthesizes the double-click event
++ QCOMPARE(window.rootObject()->property("doubleClicked").toInt(), 1);
++
++ QTest::touchEvent(&window, device).release(1, p1);
++ QQuickTouchUtils::flush(&window);
++ QCOMPARE(window.rootObject()->property("released").toInt(), 2);
++ QCOMPARE(mouseArea->isPressed(), false);
++ QCOMPARE(window.rootObject()->property("clicked").toInt(), 1);
++
++ // now tap with two fingers simultaneously: only one of them generates synth-mouse
++ QPoint p2 = p1 + QPoint(50, 5);
++ QTest::touchEvent(&window, device).press(2, p1).press(3, p2);
++ QQuickTouchUtils::flush(&window);
++ QCOMPARE(mouseArea->isPressed(), true);
++ QTest::touchEvent(&window, device).release(2, p1).release(3, p2);
++ QQuickTouchUtils::flush(&window);
++ QCOMPARE(window.rootObject()->property("released").toInt(), 3);
++ QCOMPARE(window.rootObject()->property("clicked").toInt(), 2);
++ QCOMPARE(window.rootObject()->property("doubleClicked").toInt(), 1);
++ QCOMPARE(mouseArea->isPressed(), false);
++
++ // tap with two fingers simultaneously again: get another double-click from one point
++ p1 -= QPoint(1, -1);
++ p2 += QPoint(1, -1);
++ QTest::touchEvent(&window, device).press(4, p1).press(5, p2);
++ QQuickTouchUtils::flush(&window);
++ QCOMPARE(mouseArea->isPressed(), true);
++ QTest::touchEvent(&window, device).release(4, p1).release(5, p2);
++ QQuickTouchUtils::flush(&window);
++ QCOMPARE(window.rootObject()->property("released").toInt(), 4);
++ QCOMPARE(window.rootObject()->property("clicked").toInt(), 2);
++ QCOMPARE(window.rootObject()->property("doubleClicked").toInt(), 2);
++ QCOMPARE(mouseArea->isPressed(), false); // make sure it doesn't get stuck
++}
++
+ // QTBUG-14832
+ void tst_QQuickMouseArea::clickTwice()
+ {
+diff --git x/qtdeclarative/tests/auto/quickcontrols2/qquickpopup/data/doubleClickInMouseArea.qml y/qtdeclarative/tests/auto/quickcontrols2/qquickpopup/data/doubleClickInMouseArea.qml
+new file mode 100644
+index 0000000000..e43a2f3160
+--- /dev/null
++++ y/qtdeclarative/tests/auto/quickcontrols2/qquickpopup/data/doubleClickInMouseArea.qml
+@@ -0,0 +1,23 @@
++import QtQuick
++import QtQuick.Controls
++import QtQuick.Window
++
++Rectangle {
++ width: 200; height: 200
++ color: mouseArea.pressed ? "red" : "orange"
++
++ Popup {
++ visible: true
++ closePolicy: Popup.NoAutoClose
++ width: 100
++ height: 100
++ contentItem: MouseArea {
++ id: mouseArea
++
++ anchors.fill: parent
++ }
++ background: Rectangle {
++ color: "green"
++ }
++ }
++}
+diff --git x/qtdeclarative/tests/auto/quickcontrols2/qquickpopup/tst_qquickpopup.cpp y/qtdeclarative/tests/auto/quickcontrols2/qquickpopup/tst_qquickpopup.cpp
+index ab20bd71b4..0e8ee05725 100644
+--- x/qtdeclarative/tests/auto/quickcontrols2/qquickpopup/tst_qquickpopup.cpp
++++ y/qtdeclarative/tests/auto/quickcontrols2/qquickpopup/tst_qquickpopup.cpp
+@@ -10,6 +10,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -89,6 +90,7 @@ private slots:
+ void dimmerContainmentMask();
+ void shrinkPopupThatWasLargerThanWindow_data();
+ void shrinkPopupThatWasLargerThanWindow();
++ void doubleClickInMouseArea();
+
+ private:
+ static bool hasWindowActivation();
+@@ -1928,6 +1930,26 @@ void tst_QQuickPopup::shrinkPopupThatWasLargerThanWindow()
+ .arg(popup->height()).arg(window->height())));
+ }
+
++void tst_QQuickPopup::doubleClickInMouseArea()
++{
++ QQuickView window;
++ QVERIFY(QQuickTest::showView(window, testFileUrl("doubleClickInMouseArea.qml")));
++
++ auto *ma = window.rootObject()->findChild();
++ QVERIFY(ma);
++ QSignalSpy doubleClickSpy(ma, &QQuickMouseArea::doubleClicked);
++ QSignalSpy longPressSpy(ma, &QQuickMouseArea::pressAndHold);
++ QPoint p = ma->mapToScene(ma->boundingRect().center()).toPoint();
++
++ // check with normal double click
++ QTest::mouseDClick(&window, Qt::LeftButton, Qt::NoModifier, p);
++ QCOMPARE(doubleClickSpy.count(), 1);
++
++ // wait enough time for a wrong long press to happen
++ QTest::qWait(QGuiApplication::styleHints()->mousePressAndHoldInterval() + 10);
++ QCOMPARE(longPressSpy.count(), 0);
++}
++
+ QTEST_QUICKCONTROLS_MAIN(tst_QQuickPopup)
+
+ #include "tst_qquickpopup.moc"
diff --git a/libs/patches/qt-scxml-0001-Make-qtdeclarative-optional-for-CONTAINER_SDK.patch b/libs/patches/qtscxml-0001-Make-qtdeclarative-optional-for-CONTAINER_SDK.patch
similarity index 84%
rename from libs/patches/qt-scxml-0001-Make-qtdeclarative-optional-for-CONTAINER_SDK.patch
rename to libs/patches/qtscxml-0001-Make-qtdeclarative-optional-for-CONTAINER_SDK.patch
index d345633b1..362eba137 100644
--- a/libs/patches/qt-scxml-0001-Make-qtdeclarative-optional-for-CONTAINER_SDK.patch
+++ b/libs/patches/qtscxml-0001-Make-qtdeclarative-optional-for-CONTAINER_SDK.patch
@@ -1,4 +1,4 @@
-From 5a844a0c1b5e9c1b9fb94831afc0724f5deaa7dd Mon Sep 17 00:00:00 2001
+From abe6296550b5531a129b7d4a21466cdc50dbb2e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Klitzing?=
Date: Tue, 12 Apr 2022 10:21:19 +0200
Subject: Make qtdeclarative optional for CONTAINER_SDK
@@ -9,7 +9,7 @@ Change-Id: Ia25b91ea5e3716aef4cb096de1052267b70e343d
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git x/qtscxml/dependencies.yaml y/qtscxml/dependencies.yaml
-index ee6f92e..7375551 100644
+index ee6f92e0..73755512 100644
--- x/qtscxml/dependencies.yaml
+++ y/qtscxml/dependencies.yaml
@@ -4,4 +4,4 @@ dependencies:
@@ -18,6 +18,3 @@ index ee6f92e..7375551 100644
ref: a514640b2a38391fceaaac3ca01b390ad3d62f31
- required: true
+ required: false
---
-2.38.1
-
diff --git a/libs/patches/qt-scxml-0002-Disable-qtscxml-library.patch b/libs/patches/qtscxml-0002-Disable-qtscxml-library.patch
similarity index 87%
rename from libs/patches/qt-scxml-0002-Disable-qtscxml-library.patch
rename to libs/patches/qtscxml-0002-Disable-qtscxml-library.patch
index c311a71a1..864deee26 100644
--- a/libs/patches/qt-scxml-0002-Disable-qtscxml-library.patch
+++ b/libs/patches/qtscxml-0002-Disable-qtscxml-library.patch
@@ -1,4 +1,4 @@
-From ee68d7d67358f92c87720c2f740322fb03ad8299 Mon Sep 17 00:00:00 2001
+From 2fa2cbc5c55e862cee7fc495edc444c46d4193ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Klitzing?=
Date: Tue, 12 Apr 2022 11:39:12 +0200
Subject: Disable qtscxml library
@@ -9,7 +9,7 @@ Subject: Disable qtscxml library
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git x/qtscxml/src/CMakeLists.txt y/qtscxml/src/CMakeLists.txt
-index f1b7c2b..7e28acc 100644
+index f1b7c2b9..7e28acc2 100644
--- x/qtscxml/src/CMakeLists.txt
+++ y/qtscxml/src/CMakeLists.txt
@@ -1,8 +1,8 @@
@@ -24,7 +24,7 @@ index f1b7c2b..7e28acc 100644
endif()
add_subdirectory(plugins)
diff --git x/qtscxml/tools/CMakeLists.txt y/qtscxml/tools/CMakeLists.txt
-index 9726a78..956f904 100644
+index 9726a783..956f9048 100644
--- x/qtscxml/tools/CMakeLists.txt
+++ y/qtscxml/tools/CMakeLists.txt
@@ -1,4 +1,4 @@
@@ -33,6 +33,3 @@ index 9726a78..956f904 100644
- add_subdirectory(qscxmlc)
+ #add_subdirectory(qscxmlc)
endif()
---
-2.38.1
-
diff --git a/libs/patches/qtsvg-0001-QSvgFont-Initialize-used-member-remove-unused.patch b/libs/patches/qtsvg-0001-QSvgFont-Initialize-used-member-remove-unused.patch
new file mode 100644
index 000000000..e8f0d75e6
--- /dev/null
+++ b/libs/patches/qtsvg-0001-QSvgFont-Initialize-used-member-remove-unused.patch
@@ -0,0 +1,56 @@
+From c3b8e687ca723262f15f31b181a3e5db847afb68 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Robert=20L=C3=B6hning?=
+Date: Mon, 24 Apr 2023 15:27:17 +0200
+Subject: QSvgFont: Initialize used member, remove unused
+
+Credit to OSS-Fuzz
+
+[ChangeLog][QtSvg] Fixed undefined behavior from using uninitialized
+variable.
+
+Pick-to: 6.5 6.2 5.15
+Coverity-Id: 22618
+Change-Id: Id52277bb0e2845f4d342e187dbb8093e9276b70c
+Reviewed-by: Eskil Abrahamsen Blomfeldt
+(cherry picked from commit ff22c3ccf8ccf813fdcfda23f7740ba73ba5ce0a)
+---
+ src/svg/qsvgfont_p.h | 5 ++---
+ src/svg/qsvghandler.cpp | 2 +-
+ 2 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git x/qtsvg/src/svg/qsvgfont_p.h y/qtsvg/src/svg/qsvgfont_p.h
+index a7cc98b..9cf3dfe 100644
+--- x/qtsvg/src/svg/qsvgfont_p.h
++++ y/qtsvg/src/svg/qsvgfont_p.h
+@@ -38,6 +38,7 @@ public:
+ class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted
+ {
+ public:
++ static constexpr qreal DEFAULT_UNITS_PER_EM = 1000;
+ QSvgFont(qreal horizAdvX);
+
+ void setFamilyName(const QString &name);
+@@ -50,9 +51,7 @@ public:
+ void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const;
+ public:
+ QString m_familyName;
+- qreal m_unitsPerEm;
+- qreal m_ascent;
+- qreal m_descent;
++ qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
+ qreal m_horizAdvX;
+ QHash m_glyphs;
+ };
+diff --git x/qtsvg/src/svg/qsvghandler.cpp y/qtsvg/src/svg/qsvghandler.cpp
+index e88e83b..1e2b2fc 100644
+--- x/qtsvg/src/svg/qsvghandler.cpp
++++ y/qtsvg/src/svg/qsvghandler.cpp
+@@ -2622,7 +2622,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent,
+
+ qreal unitsPerEm = toDouble(unitsPerEmStr);
+ if (!unitsPerEm)
+- unitsPerEm = 1000;
++ unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
+
+ if (!name.isEmpty())
+ font->setFamilyName(name);
diff --git a/libs/patches/qt-tools-0001-Disable-linguist-but-keep-translation-tools.patch b/libs/patches/qttools-0001-Disable-linguist-but-keep-translation-tools.patch
similarity index 92%
rename from libs/patches/qt-tools-0001-Disable-linguist-but-keep-translation-tools.patch
rename to libs/patches/qttools-0001-Disable-linguist-but-keep-translation-tools.patch
index 54eda298c..0f8e56d70 100644
--- a/libs/patches/qt-tools-0001-Disable-linguist-but-keep-translation-tools.patch
+++ b/libs/patches/qttools-0001-Disable-linguist-but-keep-translation-tools.patch
@@ -1,4 +1,4 @@
-From 125584904a64497ae50b227ef326e0fc12683a4b Mon Sep 17 00:00:00 2001
+From d52894c2b13954d13ff940ba6b36e5cab7fbf3ac Mon Sep 17 00:00:00 2001
From: Jan Moeller
Date: Mon, 14 Feb 2022 13:46:46 +0100
Subject: Disable linguist but keep translation tools
@@ -22,6 +22,3 @@ index 16ff9f559..fde23b0c4 100644
# special case begin
# Create a fake module that would emulate the Qt5::LinguistTools CMake Config package
---
-2.38.1
-
diff --git a/libs/patches/qt-tools-0002-Revert-Move-UiTools-and-UiPlugin-modules-to-a-upper-.patch b/libs/patches/qttools-0002-Revert-Move-UiTools-and-UiPlugin-modules-to-a-upper-.patch
similarity index 99%
rename from libs/patches/qt-tools-0002-Revert-Move-UiTools-and-UiPlugin-modules-to-a-upper-.patch
rename to libs/patches/qttools-0002-Revert-Move-UiTools-and-UiPlugin-modules-to-a-upper-.patch
index ef7852d63..618650497 100644
--- a/libs/patches/qt-tools-0002-Revert-Move-UiTools-and-UiPlugin-modules-to-a-upper-.patch
+++ b/libs/patches/qttools-0002-Revert-Move-UiTools-and-UiPlugin-modules-to-a-upper-.patch
@@ -1,4 +1,4 @@
-From d6c550d3ef01a50e100acd4fa44a2d6fbd376cbb Mon Sep 17 00:00:00 2001
+From 2cbc188e4facb12153f37a501f14384ec733c944 Mon Sep 17 00:00:00 2001
From: Lars Schmertmann
Date: Wed, 9 Nov 2022 09:49:38 +0100
Subject: Revert "Move UiTools and UiPlugin modules to a upper level
@@ -15,8 +15,8 @@ Change-Id: I247e2189577b74d813a210ace0b49d672a90975e
src/designer/src/uiplugin/customwidget.h | 62 ++
src/designer/src/uiplugin/customwidget.qdoc | 269 ++++++
.../src/uiplugin/qdesignerexportwidget.h | 24 +
- src/designer/src/uitools/CMakeLists.txt | 47 +
- src/designer/src/uitools/qtuitoolsglobal.h | 24 +
+ src/designer/src/uitools/CMakeLists.txt | 46 +
+ src/designer/src/uitools/qtuitoolsglobal.h | 23 +
src/designer/src/uitools/quiloader.cpp | 914 ++++++++++++++++++
src/designer/src/uitools/quiloader.h | 61 ++
src/designer/src/uitools/quiloader_p.h | 77 ++
@@ -30,7 +30,7 @@ Change-Id: I247e2189577b74d813a210ace0b49d672a90975e
src/uitools/quiloader.h | 61 --
src/uitools/quiloader_p.h | 77 --
sync.profile | 4 +-
- 22 files changed, 1511 insertions(+), 1514 deletions(-)
+ 22 files changed, 1509 insertions(+), 1514 deletions(-)
create mode 100644 src/designer/src/uiplugin/CMakeLists.txt
create mode 100644 src/designer/src/uiplugin/customwidget.h
create mode 100644 src/designer/src/uiplugin/customwidget.qdoc
@@ -505,10 +505,10 @@ index 000000000..d90e9b217
+#endif //QDESIGNEREXPORTWIDGET_H
diff --git x/qttools/src/designer/src/uitools/CMakeLists.txt y/qttools/src/designer/src/uitools/CMakeLists.txt
new file mode 100644
-index 000000000..5306fcbd5
+index 000000000..6040ac71d
--- /dev/null
+++ y/qttools/src/designer/src/uitools/CMakeLists.txt
-@@ -0,0 +1,47 @@
+@@ -0,0 +1,46 @@
+# Generated from uitools.pro.
+
+#####################################################################
@@ -555,13 +555,12 @@ index 000000000..5306fcbd5
+qt_internal_add_docs(UiTools
+ doc/qtuitools.qdocconf
+)
-+
diff --git x/qttools/src/designer/src/uitools/qtuitoolsglobal.h y/qttools/src/designer/src/uitools/qtuitoolsglobal.h
new file mode 100644
-index 000000000..a2f967dee
+index 000000000..6874fb15b
--- /dev/null
+++ y/qttools/src/designer/src/uitools/qtuitoolsglobal.h
-@@ -0,0 +1,24 @@
+@@ -0,0 +1,23 @@
+// Copyright (C) 2020 The Qt Company Ltd.
+// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+
@@ -585,7 +584,6 @@ index 000000000..a2f967dee
+QT_END_NAMESPACE
+
+#endif // QTUITOOLSGLOBAL_H
-+
diff --git x/qttools/src/designer/src/uitools/quiloader.cpp y/qttools/src/designer/src/uitools/quiloader.cpp
new file mode 100644
index 000000000..a06d4717b
@@ -3230,6 +3228,3 @@ index caa7ed5ad..de4261afc 100644
"QtDesigner" => "$basedir/src/designer/src/lib",
"QtDesignerComponents" => "$basedir/src/designer/src/components/lib",
);
---
-2.38.1
-
diff --git a/libs/patches/qt-webengine-0001-Fix-Linux-build-with-CMake-versions-3.25.patch b/libs/patches/qtwebengine-0001-Fix-Linux-build-with-CMake-versions-3.25.patch
similarity index 94%
rename from libs/patches/qt-webengine-0001-Fix-Linux-build-with-CMake-versions-3.25.patch
rename to libs/patches/qtwebengine-0001-Fix-Linux-build-with-CMake-versions-3.25.patch
index 0ded83d28..2aa80208d 100644
--- a/libs/patches/qt-webengine-0001-Fix-Linux-build-with-CMake-versions-3.25.patch
+++ b/libs/patches/qtwebengine-0001-Fix-Linux-build-with-CMake-versions-3.25.patch
@@ -1,4 +1,4 @@
-From dfc2918f8d635edf9300512fc5c1a067a89707d1 Mon Sep 17 00:00:00 2001
+From a120b53dcef4aebd5e7bea35bc6fc6c462e748f1 Mon Sep 17 00:00:00 2001
From: Alexey Edelev
Date: Wed, 23 Nov 2022 12:40:45 +0100
Subject: Fix Linux build with CMake versions >= 3.25
@@ -34,6 +34,3 @@ index f485c1b4b..fff76d54a 100644
else()
find_package(Ninja 1.7.2)
find_package(Gn ${QT_REPO_MODULE_VERSION} EXACT)
---
-2.38.1
-
diff --git a/resources/ausweisapp_android.qrc b/resources/ausweisapp_android.qrc
index e8a5f7821..47d5d95b7 100644
--- a/resources/ausweisapp_android.qrc
+++ b/resources/ausweisapp_android.qrc
@@ -1,6 +1,5 @@
- images/android/material_phone_android.svg
images/android/material_share.svg
diff --git a/resources/ausweisapp_desktop.qrc b/resources/ausweisapp_desktop.qrc
index 02422ee37..90d7d0e66 100644
--- a/resources/ausweisapp_desktop.qrc
+++ b/resources/ausweisapp_desktop.qrc
@@ -1,6 +1,7 @@
images/macos/appIcon.svg
+ images/desktop/info_white.svg
images/desktop/titlebar_arrow.svg
images/desktop/material_assistant.svg
images/desktop/material_bug_report.svg
@@ -13,6 +14,8 @@
images/desktop/material_question_answer.svg
images/desktop/material_highlight.svg
images/desktop/material_menu_book.svg
+ images/desktop/material_menu_book_white.svg
+ images/desktop/material_settings_white.svg
images/desktop/material_open_in_browser.svg
images/desktop/material_a11y.svg
images/desktop/material_privacy.svg
diff --git a/resources/ausweisapp_ios.qrc b/resources/ausweisapp_ios.qrc
index 182741824..401170d57 100644
--- a/resources/ausweisapp_ios.qrc
+++ b/resources/ausweisapp_ios.qrc
@@ -1,6 +1,5 @@
- images/ios/material_phone_iphone.svg
images/ios/share.svg
diff --git a/resources/ausweisapp_mobile.qrc b/resources/ausweisapp_mobile.qrc
index a6ba90344..f861f5da0 100644
--- a/resources/ausweisapp_mobile.qrc
+++ b/resources/ausweisapp_mobile.qrc
@@ -1,224 +1,220 @@
- qtquickcontrols2.conf
+ images/android/stay_primary_landscape-24px.svg
+ images/android/stay_primary_portrait-24px.svg
+ images/ios/material_arrow_left.svg
+ images/ios/material_cancel.svg
+ images/ios/material_more_horiz.svg
+ images/material_add.svg
images/mobile/device.svg
+ images/mobile/generic_id_card.svg
images/mobile/icon_nfc.svg
- images/mobile/icon_smart.svg
images/mobile/icon_remote.svg
images/mobile/icon_simulator.svg
- images/mobile/material_arrow_right.svg
+ images/mobile/icon_smart.svg
images/mobile/material_arrow_back.svg
+ images/mobile/material_arrow_right.svg
images/mobile/material_backspace.svg
- images/mobile/material_view_headline.svg
images/mobile/material_home.svg
- images/mobile/phone_smart.svg
+ images/mobile/material_view_headline.svg
+ images/mobile/phone_card_reader.svg
images/mobile/phone_nfc.svg
images/mobile/phone_nfc_with_card.svg
images/mobile/phone_remote.svg
images/mobile/phone_simulator.svg
- images/mobile/generic_id_card.svg
- images/android/stay_primary_landscape-24px.svg
- images/android/stay_primary_portrait-24px.svg
- images/ios/material_arrow_left.svg
- images/ios/material_cancel.svg
- images/ios/material_more_horiz.svg
- images/provider/ios/general.svg
+ images/mobile/phone_smart.svg
images/provider/ios/citizen.svg
- images/provider/ios/finance.svg
- images/provider/ios/insurance.svg
- images/provider/ios/other.svg
- images/provider/default_bg.svg
- images/provider/citizen_button.svg
- images/provider/finance_button.svg
- images/provider/general_button.svg
- images/provider/insurance_button.svg
- images/provider/other_button.svg
images/provider/citizen_bg.svg
+ images/provider/citizen_button.svg
+ images/provider/default_bg.svg
+ images/provider/ios/finance.svg
images/provider/finance_bg.svg
+ images/provider/finance_button.svg
+ images/provider/ios/general.svg
images/provider/general_bg.svg
+ images/provider/general_button.svg
+ images/provider/ios/insurance.svg
images/provider/insurance_bg.svg
+ images/provider/insurance_button.svg
+ images/provider/ios/other.svg
images/provider/other_bg.svg
- images/tutorial/main_menu_what_caret.svg
- images/tutorial/main_menu_where_caret.svg
- images/tutorial/main_menu_how_caret.svg
- images/tutorial/main_menu_important_caret.svg
- images/tutorial/background_icon_how.svg
- images/tutorial/background_icon_where.svg
- images/tutorial/background_icon_important.svg
- images/tutorial/icon_box.svg
- images/tutorial/icon_circle.svg
- images/tutorial/icon_diamond.svg
- images/tutorial/icon_star.svg
+ images/provider/other_button.svg
images/tutorial/arrow_blue.svg
images/tutorial/arrows.svg
+ images/tutorial/background_icon_how.svg
+ images/tutorial/background_icon_important.svg
+ images/tutorial/background_icon_where.svg
images/tutorial/button_de.png
images/tutorial/button_en.png
- images/tutorial/identify.svg
- images/tutorial/questionmark.svg
- images/tutorial/hint.svg
- images/tutorial/thumb_up.svg
- images/tutorial/hand.svg
- images/tutorial/check.svg
- images/tutorial/cross.svg
- images/tutorial/click.svg
- images/tutorial/save.svg
+ images/tutorial/button_en.png
+ images/tutorial/button_en.png
images/tutorial/bva.svg
- images/tutorial/provider_home.svg
- images/tutorial/rectangles.svg
- images/tutorial/laptop.svg
- images/tutorial/tablet.svg
- images/tutorial/tablet-nfc.svg
- images/tutorial/tablet-no-nfc.svg
- images/tutorial/reader.svg
- images/tutorial/desktop.svg
- images/tutorial/phone.svg
- images/tutorial/phone_border.svg
- images/tutorial/phone_list.svg
- images/tutorial/phone_screen.svg
- images/tutorial/nfc.svg
- images/tutorial/no-nfc.svg
- images/tutorial/wifi.svg
- images/tutorial/letters.svg
- images/tutorial/usb.svg
+ images/tutorial/check.svg
images/tutorial/circle-1.svg
images/tutorial/circle-2.svg
images/tutorial/circle-3.svg
images/tutorial/circle-4.svg
- images/tutorial/circle-lock.svg
images/tutorial/circle-lock-2.svg
- images/tutorial/up_icon.svg
- images/tutorial/phone_screen_de.png
- images/tutorial/phone_screen_en.png
- images/tutorial/pin-5@2x.png
- images/tutorial/pin-6@2x.png
- images/tutorial/user-tine@3x.png
- images/tutorial/providericons.png
- images/tutorial/play_movie.png
- images/tutorial/screenshot_check_id_card_android_de.png
- images/tutorial/screenshot_check_id_card_android_en.png
- images/tutorial/screenshot_check_id_card_ios_de.png
- images/tutorial/screenshot_check_id_card_ios_en.png
- images/tutorial/screenshot_cert_android_de.png
- images/tutorial/screenshot_cert_android_en.png
- images/tutorial/screenshot_cert_ios_de.png
- images/tutorial/screenshot_cert_ios_en.png
- images/tutorial/screenshot_providerlist_android_de.png
- images/tutorial/screenshot_providerlist_android_en.png
- images/tutorial/screenshot_providerlist_ios_de.png
- images/tutorial/screenshot_providerlist_ios_en.png
- images/tutorial/screenshot_remoteservice_android_de.png
- images/tutorial/screenshot_remoteservice_android_en.png
- images/tutorial/screenshot_remoteservice_ios_en.png
- images/tutorial/screenshot_remoteservice_ios_de.png
- images/tutorial/screenshot_pairing_de.png
- images/tutorial/screenshot_pairing_en.png
- images/tutorial/screenshot_choose_reader_android_de.png
- images/tutorial/screenshot_choose_reader_android_en.png
- images/tutorial/screenshot_choose_reader_ios_de.png
- images/tutorial/screenshot_choose_reader_ios_en.png
- images/tutorial/screenshot_pin_management_menu_android_en.png
- images/tutorial/screenshot_pin_management_menu_android_de.png
- images/tutorial/screenshot_pin_management_menu_ios_en.png
- images/tutorial/screenshot_pin_management_menu_ios_de.png
- images/tutorial/screenshot_start_android_en.png
- images/tutorial/screenshot_start_android_de.png
- images/tutorial/screenshot_start_ios_en.png
- images/tutorial/screenshot_start_ios_de.png
- images/tutorial/screenshot_selfauthentication_android_de.png
- images/tutorial/screenshot_selfauthentication_android_en.png
- images/tutorial/screenshot_selfauthentication_ios_de.png
- images/tutorial/screenshot_selfauthentication_ios_en.png
- images/tutorial/section_seperator_what.svg
- images/tutorial/section_seperator_where.svg
- images/tutorial/section_seperator_how.svg
- images/tutorial/section_seperator_important.svg
- images/tutorial/where_overview_question.svg
- images/tutorial/where_identify_now_de.svg
- images/tutorial/where_identify_now_en.svg
- images/tutorial/where_userdata_example_de.svg
- images/tutorial/where_userdata_example_en.svg
- images/tutorial/where_lay_down_id.svg
- images/tutorial/where_pin6.svg
- images/tutorial/how_questions_everywhere.svg
+ images/tutorial/circle-lock.svg
+ images/tutorial/click.svg
+ images/tutorial/cross.svg
+ images/tutorial/desktop.svg
+ images/tutorial/hand.svg
+ images/tutorial/hint.svg
+ images/tutorial/how_desktop.svg
images/tutorial/how_device_lineup.svg
+ images/tutorial/how_form_no_fun.svg
images/tutorial/how_method_nfc.svg
images/tutorial/how_method_sac_desktop.svg
images/tutorial/how_method_sac_mobile.svg
- images/tutorial/how_form_no_fun.svg
- images/tutorial/how_desktop.svg
+ images/tutorial/how_questions_everywhere.svg
+ images/tutorial/icon_box.svg
+ images/tutorial/icon_circle.svg
+ images/tutorial/icon_diamond.svg
+ images/tutorial/icon_star.svg
+ images/tutorial/identify.svg
+ images/tutorial/important_lets_go.svg
images/tutorial/important_pin5.svg
images/tutorial/important_pin6.svg
- images/tutorial/important_lets_go.svg
images/tutorial/important_space_questionmark.svg
- images/tutorial/reader_nfc_provider_on_smartphone.svg
- images/tutorial/reader_nfc_npa_on_smartphone.svg
- images/tutorial/reader_nfc_smartphone_nfc_position.svg
+ images/tutorial/laptop.svg
+ images/tutorial/letters.svg
+ images/tutorial/main_menu_how_caret.svg
+ images/tutorial/main_menu_important_caret.svg
+ images/tutorial/main_menu_what_caret.svg
+ images/tutorial/main_menu_where_caret.svg
+ images/tutorial/nfc.svg
+ images/tutorial/no-nfc.svg
+ images/tutorial/phone.svg
+ images/tutorial/phone_border.svg
+ images/tutorial/phone_list.svg
+ images/tutorial/phone_screen.svg
+ images/tutorial/phone_screen_de.png
+ images/tutorial/phone_screen_en.png
+ images/tutorial/phone_screen_en.png
+ images/tutorial/phone_screen_en.png
+ images/tutorial/pin-5@2x.png
+ images/tutorial/pin-6@2x.png
+ images/tutorial/play_movie.png
+ images/tutorial/provider_home.svg
+ images/tutorial/providericons.png
+ images/tutorial/questionmark.svg
+ images/tutorial/reader.svg
images/tutorial/reader_nfc_finished.svg
+ images/tutorial/reader_nfc_npa_on_smartphone.svg
images/tutorial/reader_nfc_pin6.svg
+ images/tutorial/reader_nfc_provider_on_smartphone.svg
+ images/tutorial/reader_nfc_smartphone_nfc_position.svg
images/tutorial/reader_nfc_userdata_example_de.svg
images/tutorial/reader_nfc_userdata_example_en.svg
- images/tutorial/reader_sac_provider_on_laptop.svg
- images/tutorial/reader_sac_npa_on_laptop.svg
+ images/tutorial/reader_nfc_userdata_example_en.svg
+ images/tutorial/reader_nfc_userdata_example_en.svg
images/tutorial/reader_sac_aa2_ok.svg
images/tutorial/reader_sac_menu_android_de.svg
images/tutorial/reader_sac_menu_android_en.svg
+ images/tutorial/reader_sac_menu_android_en.svg
+ images/tutorial/reader_sac_menu_android_en.svg
images/tutorial/reader_sac_menu_ios_de.svg
images/tutorial/reader_sac_menu_ios_en.svg
+ images/tutorial/reader_sac_menu_ios_en.svg
+ images/tutorial/reader_sac_menu_ios_en.svg
images/tutorial/reader_sac_no_nfc_devices.svg
images/tutorial/reader_sac_no_nfc_provider.svg
-
-
- images/tutorial/button_en.png
- images/tutorial/phone_screen_en.png
+ images/tutorial/reader_sac_npa_on_laptop.svg
+ images/tutorial/reader_sac_provider_on_laptop.svg
+ images/tutorial/rectangles.svg
+ images/tutorial/save.svg
+ images/tutorial/screenshot_cert_android_de.png
+ images/tutorial/screenshot_cert_android_en.png
images/tutorial/screenshot_cert_android_en.png
- images/tutorial/screenshot_cert_ios_en.png
- images/tutorial/screenshot_check_id_card_android_en.png
- images/tutorial/screenshot_check_id_card_ios_en.png
- images/tutorial/screenshot_choose_reader_android_en.png
- images/tutorial/screenshot_choose_reader_ios_en.png
- images/tutorial/screenshot_pairing_en.png
- images/tutorial/screenshot_pin_management_menu_android_en.png
- images/tutorial/screenshot_pin_management_menu_ios_en.png
- images/tutorial/screenshot_providerlist_android_en.png
- images/tutorial/screenshot_providerlist_ios_en.png
- images/tutorial/screenshot_remoteservice_android_en.png
- images/tutorial/screenshot_remoteservice_ios_en.png
- images/tutorial/screenshot_selfauthentication_android_en.png
- images/tutorial/screenshot_selfauthentication_ios_en.png
- images/tutorial/screenshot_start_android_en.png
- images/tutorial/screenshot_start_ios_en.png
- images/tutorial/reader_nfc_userdata_example_en.svg
- images/tutorial/reader_sac_menu_android_en.svg
- images/tutorial/reader_sac_menu_ios_en.svg
- images/tutorial/src/phone_screen_en.svg
- images/tutorial/where_identify_now_en.svg
- images/tutorial/where_userdata_example_en.svg
-
-
- images/tutorial/button_en.png
- images/tutorial/phone_screen_en.png
images/tutorial/screenshot_cert_android_en.png
+ images/tutorial/screenshot_cert_ios_de.png
+ images/tutorial/screenshot_cert_ios_en.png
+ images/tutorial/screenshot_cert_ios_en.png
images/tutorial/screenshot_cert_ios_en.png
+ images/tutorial/screenshot_check_id_card_android_de.png
+ images/tutorial/screenshot_check_id_card_android_en.png
images/tutorial/screenshot_check_id_card_android_en.png
+ images/tutorial/screenshot_check_id_card_android_en.png
+ images/tutorial/screenshot_check_id_card_ios_de.png
+ images/tutorial/screenshot_check_id_card_ios_en.png
images/tutorial/screenshot_check_id_card_ios_en.png
+ images/tutorial/screenshot_check_id_card_ios_en.png
+ images/tutorial/screenshot_choose_reader_android_de.png
+ images/tutorial/screenshot_choose_reader_android_en.png
+ images/tutorial/screenshot_choose_reader_android_en.png
images/tutorial/screenshot_choose_reader_android_en.png
+ images/tutorial/screenshot_choose_reader_ios_de.png
+ images/tutorial/screenshot_choose_reader_ios_en.png
+ images/tutorial/screenshot_choose_reader_ios_en.png
images/tutorial/screenshot_choose_reader_ios_en.png
+ images/tutorial/screenshot_pairing_de.png
+ images/tutorial/screenshot_pairing_en.png
+ images/tutorial/screenshot_pairing_en.png
images/tutorial/screenshot_pairing_en.png
+ images/tutorial/screenshot_pin_management_menu_android_de.png
+ images/tutorial/screenshot_pin_management_menu_android_en.png
images/tutorial/screenshot_pin_management_menu_android_en.png
+ images/tutorial/screenshot_pin_management_menu_android_en.png
+ images/tutorial/screenshot_pin_management_menu_ios_de.png
+ images/tutorial/screenshot_pin_management_menu_ios_en.png
+ images/tutorial/screenshot_pin_management_menu_ios_en.png
images/tutorial/screenshot_pin_management_menu_ios_en.png
+ images/tutorial/screenshot_providerlist_android_de.png
+ images/tutorial/screenshot_providerlist_android_en.png
images/tutorial/screenshot_providerlist_android_en.png
+ images/tutorial/screenshot_providerlist_android_en.png
+ images/tutorial/screenshot_providerlist_ios_de.png
+ images/tutorial/screenshot_providerlist_ios_en.png
images/tutorial/screenshot_providerlist_ios_en.png
+ images/tutorial/screenshot_providerlist_ios_en.png
+ images/tutorial/screenshot_remoteservice_android_de.png
+ images/tutorial/screenshot_remoteservice_android_en.png
+ images/tutorial/screenshot_remoteservice_android_en.png
images/tutorial/screenshot_remoteservice_android_en.png
+ images/tutorial/screenshot_remoteservice_ios_de.png
+ images/tutorial/screenshot_remoteservice_ios_en.png
+ images/tutorial/screenshot_remoteservice_ios_en.png
images/tutorial/screenshot_remoteservice_ios_en.png
+ images/tutorial/screenshot_selfauthentication_android_de.png
+ images/tutorial/screenshot_selfauthentication_android_en.png
images/tutorial/screenshot_selfauthentication_android_en.png
+ images/tutorial/screenshot_selfauthentication_android_en.png
+ images/tutorial/screenshot_selfauthentication_ios_de.png
+ images/tutorial/screenshot_selfauthentication_ios_en.png
images/tutorial/screenshot_selfauthentication_ios_en.png
+ images/tutorial/screenshot_selfauthentication_ios_en.png
+ images/tutorial/screenshot_start_android_de.png
+ images/tutorial/screenshot_start_android_en.png
+ images/tutorial/screenshot_start_android_en.png
images/tutorial/screenshot_start_android_en.png
+ images/tutorial/screenshot_start_ios_de.png
+ images/tutorial/screenshot_start_ios_en.png
+ images/tutorial/screenshot_start_ios_en.png
images/tutorial/screenshot_start_ios_en.png
- images/tutorial/reader_nfc_userdata_example_en.svg
- images/tutorial/reader_sac_menu_android_en.svg
- images/tutorial/reader_sac_menu_ios_en.svg
- images/tutorial/src/phone_screen_en.svg
+ images/tutorial/section_seperator_how.svg
+ images/tutorial/section_seperator_important.svg
+ images/tutorial/section_seperator_what.svg
+ images/tutorial/section_seperator_where.svg
+ images/tutorial/tablet-nfc.svg
+ images/tutorial/tablet-no-nfc.svg
+ images/tutorial/tablet.svg
+ images/tutorial/thumb_up.svg
+ images/tutorial/up_icon.svg
+ images/tutorial/usb.svg
+ images/tutorial/user-tine@3x.png
+ images/tutorial/where_identify_now_de.svg
+ images/tutorial/where_identify_now_en.svg
+ images/tutorial/where_identify_now_en.svg
images/tutorial/where_identify_now_en.svg
+ images/tutorial/where_lay_down_id.svg
+ images/tutorial/where_overview_question.svg
+ images/tutorial/where_pin6.svg
+ images/tutorial/where_userdata_example_de.svg
+ images/tutorial/where_userdata_example_en.svg
+ images/tutorial/where_userdata_example_en.svg
images/tutorial/where_userdata_example_en.svg
+ images/tutorial/wifi.svg
+ qtquickcontrols2.conf
diff --git a/resources/images/android/adaptive_monochrome_beta.svg b/resources/images/android/adaptive_monochrome_beta.svg
new file mode 100644
index 000000000..148445eef
--- /dev/null
+++ b/resources/images/android/adaptive_monochrome_beta.svg
@@ -0,0 +1,7 @@
+
+
diff --git a/resources/images/android/adaptive_monochrome_preview.svg b/resources/images/android/adaptive_monochrome_preview.svg
new file mode 100644
index 000000000..de08bb3cd
--- /dev/null
+++ b/resources/images/android/adaptive_monochrome_preview.svg
@@ -0,0 +1,7 @@
+
+
diff --git a/resources/images/android/adaptive_monochrome_release.svg b/resources/images/android/adaptive_monochrome_release.svg
new file mode 100644
index 000000000..6e8057b1f
--- /dev/null
+++ b/resources/images/android/adaptive_monochrome_release.svg
@@ -0,0 +1,15 @@
+
+
diff --git a/resources/images/android/hdpi/monochrome_npa.png b/resources/images/android/hdpi/monochrome_npa.png
new file mode 100644
index 000000000..a1f62c6f5
Binary files /dev/null and b/resources/images/android/hdpi/monochrome_npa.png differ
diff --git a/resources/images/android/hdpi/monochrome_npa_beta.png b/resources/images/android/hdpi/monochrome_npa_beta.png
new file mode 100644
index 000000000..0b02ef3eb
Binary files /dev/null and b/resources/images/android/hdpi/monochrome_npa_beta.png differ
diff --git a/resources/images/android/hdpi/monochrome_npa_preview.png b/resources/images/android/hdpi/monochrome_npa_preview.png
new file mode 100644
index 000000000..26762f855
Binary files /dev/null and b/resources/images/android/hdpi/monochrome_npa_preview.png differ
diff --git a/resources/images/android/ldpi/monochrome_npa.png b/resources/images/android/ldpi/monochrome_npa.png
new file mode 100644
index 000000000..21d31857a
Binary files /dev/null and b/resources/images/android/ldpi/monochrome_npa.png differ
diff --git a/resources/images/android/ldpi/monochrome_npa_beta.png b/resources/images/android/ldpi/monochrome_npa_beta.png
new file mode 100644
index 000000000..cfe226711
Binary files /dev/null and b/resources/images/android/ldpi/monochrome_npa_beta.png differ
diff --git a/resources/images/android/ldpi/monochrome_npa_preview.png b/resources/images/android/ldpi/monochrome_npa_preview.png
new file mode 100644
index 000000000..6f7b4c17d
Binary files /dev/null and b/resources/images/android/ldpi/monochrome_npa_preview.png differ
diff --git a/resources/images/android/material_phone_android.svg b/resources/images/android/material_phone_android.svg
deleted file mode 100644
index b7a256bcb..000000000
--- a/resources/images/android/material_phone_android.svg
+++ /dev/null
@@ -1 +0,0 @@
-
\ No newline at end of file
diff --git a/resources/images/android/mdpi/monochrome_npa.png b/resources/images/android/mdpi/monochrome_npa.png
new file mode 100644
index 000000000..1e08f0def
Binary files /dev/null and b/resources/images/android/mdpi/monochrome_npa.png differ
diff --git a/resources/images/android/mdpi/monochrome_npa_beta.png b/resources/images/android/mdpi/monochrome_npa_beta.png
new file mode 100644
index 000000000..cf03b597e
Binary files /dev/null and b/resources/images/android/mdpi/monochrome_npa_beta.png differ
diff --git a/resources/images/android/mdpi/monochrome_npa_preview.png b/resources/images/android/mdpi/monochrome_npa_preview.png
new file mode 100644
index 000000000..38a2f986e
Binary files /dev/null and b/resources/images/android/mdpi/monochrome_npa_preview.png differ
diff --git a/resources/images/android/xhdpi/monochrome_npa.png b/resources/images/android/xhdpi/monochrome_npa.png
new file mode 100644
index 000000000..e8acb1170
Binary files /dev/null and b/resources/images/android/xhdpi/monochrome_npa.png differ
diff --git a/resources/images/android/xhdpi/monochrome_npa_beta.png b/resources/images/android/xhdpi/monochrome_npa_beta.png
new file mode 100644
index 000000000..5cb637325
Binary files /dev/null and b/resources/images/android/xhdpi/monochrome_npa_beta.png differ
diff --git a/resources/images/android/xhdpi/monochrome_npa_preview.png b/resources/images/android/xhdpi/monochrome_npa_preview.png
new file mode 100644
index 000000000..ac7309a88
Binary files /dev/null and b/resources/images/android/xhdpi/monochrome_npa_preview.png differ
diff --git a/resources/images/android/xxhdpi/monochrome_npa.png b/resources/images/android/xxhdpi/monochrome_npa.png
new file mode 100644
index 000000000..fd700d694
Binary files /dev/null and b/resources/images/android/xxhdpi/monochrome_npa.png differ
diff --git a/resources/images/android/xxhdpi/monochrome_npa_beta.png b/resources/images/android/xxhdpi/monochrome_npa_beta.png
new file mode 100644
index 000000000..c7647f0ce
Binary files /dev/null and b/resources/images/android/xxhdpi/monochrome_npa_beta.png differ
diff --git a/resources/images/android/xxhdpi/monochrome_npa_preview.png b/resources/images/android/xxhdpi/monochrome_npa_preview.png
new file mode 100644
index 000000000..6866745a8
Binary files /dev/null and b/resources/images/android/xxhdpi/monochrome_npa_preview.png differ
diff --git a/resources/images/android/xxxhdpi/monochrome_npa.png b/resources/images/android/xxxhdpi/monochrome_npa.png
new file mode 100644
index 000000000..812653d7e
Binary files /dev/null and b/resources/images/android/xxxhdpi/monochrome_npa.png differ
diff --git a/resources/images/android/xxxhdpi/monochrome_npa_beta.png b/resources/images/android/xxxhdpi/monochrome_npa_beta.png
new file mode 100644
index 000000000..76abeeb9d
Binary files /dev/null and b/resources/images/android/xxxhdpi/monochrome_npa_beta.png differ
diff --git a/resources/images/android/xxxhdpi/monochrome_npa_preview.png b/resources/images/android/xxxhdpi/monochrome_npa_preview.png
new file mode 100644
index 000000000..fc43da6c3
Binary files /dev/null and b/resources/images/android/xxxhdpi/monochrome_npa_preview.png differ
diff --git a/resources/images/desktop/info_white.svg b/resources/images/desktop/info_white.svg
new file mode 100644
index 000000000..6725deeef
--- /dev/null
+++ b/resources/images/desktop/info_white.svg
@@ -0,0 +1,21 @@
+
+
diff --git a/resources/images/desktop/material_a11y.svg b/resources/images/desktop/material_a11y.svg
index a87416f2f..3b02dc969 100644
--- a/resources/images/desktop/material_a11y.svg
+++ b/resources/images/desktop/material_a11y.svg
@@ -1 +1 @@
-
\ No newline at end of file
+
diff --git a/resources/images/desktop/material_assistant.svg b/resources/images/desktop/material_assistant.svg
index a70334532..fbfd819c1 100644
--- a/resources/images/desktop/material_assistant.svg
+++ b/resources/images/desktop/material_assistant.svg
@@ -1 +1 @@
-
+
diff --git a/resources/images/desktop/material_bug_report.svg b/resources/images/desktop/material_bug_report.svg
index 718f6b36b..fb22e9dfe 100644
--- a/resources/images/desktop/material_bug_report.svg
+++ b/resources/images/desktop/material_bug_report.svg
@@ -1 +1 @@
-
+
diff --git a/resources/images/desktop/material_highlight.svg b/resources/images/desktop/material_highlight.svg
index ae7443060..a9a7692dc 100644
--- a/resources/images/desktop/material_highlight.svg
+++ b/resources/images/desktop/material_highlight.svg
@@ -1 +1 @@
-
+
diff --git a/resources/images/desktop/material_menu_book.svg b/resources/images/desktop/material_menu_book.svg
index 0a9ef46da..e2e3e95b2 100644
--- a/resources/images/desktop/material_menu_book.svg
+++ b/resources/images/desktop/material_menu_book.svg
@@ -1 +1 @@
-
+
diff --git a/resources/images/desktop/material_menu_book_white.svg b/resources/images/desktop/material_menu_book_white.svg
new file mode 100644
index 000000000..0a9ef46da
--- /dev/null
+++ b/resources/images/desktop/material_menu_book_white.svg
@@ -0,0 +1 @@
+
diff --git a/resources/images/desktop/material_privacy.svg b/resources/images/desktop/material_privacy.svg
index 209018412..75866ac43 100644
--- a/resources/images/desktop/material_privacy.svg
+++ b/resources/images/desktop/material_privacy.svg
@@ -1 +1 @@
-
\ No newline at end of file
+
diff --git a/resources/images/desktop/material_settings_white.svg b/resources/images/desktop/material_settings_white.svg
new file mode 100644
index 000000000..f7ca45ae7
--- /dev/null
+++ b/resources/images/desktop/material_settings_white.svg
@@ -0,0 +1 @@
+
diff --git a/resources/images/desktop/material_video.svg b/resources/images/desktop/material_video.svg
index 1d5a32eca..a7530621f 100644
--- a/resources/images/desktop/material_video.svg
+++ b/resources/images/desktop/material_video.svg
@@ -1 +1 @@
-
\ No newline at end of file
+
diff --git a/resources/images/desktop/material_view_list.svg b/resources/images/desktop/material_view_list.svg
index 550b676c0..d7af03ef2 100644
--- a/resources/images/desktop/material_view_list.svg
+++ b/resources/images/desktop/material_view_list.svg
@@ -1 +1 @@
-
+
diff --git a/resources/images/info.svg b/resources/images/info.svg
index 6725deeef..81059acf2 100644
--- a/resources/images/info.svg
+++ b/resources/images/info.svg
@@ -1,6 +1,6 @@
\ No newline at end of file
diff --git a/resources/images/material_add.svg b/resources/images/material_add.svg
new file mode 100644
index 000000000..70898c171
--- /dev/null
+++ b/resources/images/material_add.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/resources/images/material_help.svg b/resources/images/material_help.svg
index 7677f0ed9..85fb2092a 100644
--- a/resources/images/material_help.svg
+++ b/resources/images/material_help.svg
@@ -1 +1 @@
-
+
diff --git a/resources/images/material_history.svg b/resources/images/material_history.svg
index 6975ecef2..357da249c 100644
--- a/resources/images/material_history.svg
+++ b/resources/images/material_history.svg
@@ -1 +1 @@
-
+
diff --git a/resources/images/material_live_help.svg b/resources/images/material_live_help.svg
index 06255c48d..8f975fdda 100644
--- a/resources/images/material_live_help.svg
+++ b/resources/images/material_live_help.svg
@@ -1 +1 @@
-
+
diff --git a/resources/images/material_lock.svg b/resources/images/material_lock.svg
index cfc8a0c3f..57dd76bc6 100644
--- a/resources/images/material_lock.svg
+++ b/resources/images/material_lock.svg
@@ -1 +1 @@
-
+
diff --git a/resources/images/material_settings.svg b/resources/images/material_settings.svg
index f7ca45ae7..819864198 100644
--- a/resources/images/material_settings.svg
+++ b/resources/images/material_settings.svg
@@ -1 +1 @@
-
+
diff --git a/resources/images/mobile/phone_card_reader.svg b/resources/images/mobile/phone_card_reader.svg
new file mode 100644
index 000000000..81d3e8232
--- /dev/null
+++ b/resources/images/mobile/phone_card_reader.svg
@@ -0,0 +1,10 @@
+
diff --git a/resources/images/mydata.svg b/resources/images/mydata.svg
index 4988d8537..8d1a386d1 100644
--- a/resources/images/mydata.svg
+++ b/resources/images/mydata.svg
@@ -7,5 +7,5 @@
m 0 3 a 1 1 0 0 1 0 -2 h 9 a 1 1 0 0 1 0 2 z
M 31.64 35.75 l -3 -6 a 6 6 0 1 1 2 -1 l 3 6 a 1.118 1.118 0 0 1 -2 1 z
m -9.64 -11.8 a 5 5 0 0 0 10 0 a 5 5 0 0 0 -10 0 z
- m 1.536 2 a 4 4 0 0 1 0 -4 h 6.928 a 4 4 0 0 1 0 4 z" fill="#ffffff"/>
+ m 1.536 2 a 4 4 0 0 1 0 -4 h 6.928 a 4 4 0 0 1 0 4 z" fill="#164a8c" />
diff --git a/resources/images/provider.svg b/resources/images/provider.svg
index e7d8a8f8d..cc58a7752 100644
--- a/resources/images/provider.svg
+++ b/resources/images/provider.svg
@@ -1,6 +1,6 @@