Update Qt package to fix CVE-2023-4863

hifi_qt.py

@@ -151,10 +151,8 @@ def __init__(self, args):
                 # The `or 0` conditional assignment prevents the int parsing error from hiding the useful Qt package error 
                 u_major = int( distro.major_version() or '0' )
                 if distro.id() == 'ubuntu' or distro.id() == 'linuxmint':
-                    if (distro.id() == 'ubuntu' and u_major == 18) or distro.id() == 'linuxmint' and u_major == 19:
-                        self.qtUrl = self.assets_url + '/dependencies/qt5/qt5-install-5.15.5-2022.07.17-kde_ea4efc067b47c11b1aac61668afd8578a6834f5b-ubuntu-18.04-amd64.tar.xz'
-                    elif (distro.id() == 'ubuntu' and u_major == 20) or distro.id() == 'linuxmint' and u_major == 20:
-                        self.qtUrl = self.assets_url + '/dependencies/qt5/qt5-install-5.15.5-2022.08.12-kde_0b4d44f2ff1103349bac22b9b207cfcc1f50a53a-ubuntu-20.04-amd64.tar.xz'
+                    if (distro.id() == 'ubuntu' and u_major == 20) or distro.id() == 'linuxmint' and u_major == 20:
+                        self.qtUrl = self.assets_url + '/dependencies/qt5/qt5-install-5.15.10-2023.09.16-kde_15e6be42c230046646237698fa761b8fb3df71ee-ubuntu-20.04-amd64.tar.xz'
                     elif (distro.id() == 'ubuntu' and u_major > 20) or (distro.id() == 'linuxmint' and u_major > 20):
                         self.__no_qt_package_error()
                     else:

tools/qt-builder/Dockerfile_Ubuntu_20.04_Qt5

@@ -4,11 +4,11 @@
 # - Check which commit you are building https://invent.kde.org/qt/qt/qt5/-/tree/kde/5.15
 # - Adjust this file to include the commit hash you are building, the date, the number of threads you want to use (-j10), the platform, and the Qt and QtWebEngine versions.
 #     Keep in mind that building Qt requires a lot of memory. You should have over 1.2GiB of system memory available per thread.
-# - Run the build process with something like `PROGRESS_NO_TRUNC=1 DOCKER_BUILDKIT=1 BUILDKIT_STEP_LOG_MAX_SIZE=-1 docker build --progress plain -t overte-qt5:5.15.9-2023.05.21-kde_fb3ec282151b1ee281a24f0545a40ac6438537c2 -f Dockerfile_Ubuntu_20.04_Qt5 .`
+# - Run the build process with something like `PROGRESS_NO_TRUNC=1 DOCKER_BUILDKIT=1 BUILDKIT_STEP_LOG_MAX_SIZE=-1 docker build --progress plain -t overte-qt5:5.15.10-2023.09.16-kde_15e6be42c230046646237698fa761b8fb3df71ee -f Dockerfile_Ubuntu_20.04_Qt5 .`
 #     Buildkit is used to cache intermittent steps in case you need to modify something afterwards.
 # - Once the build has completed, create a container from the image and export the created Qt package.
-#     `docker create --name extract overte-qt5:5.15.9-2023.05.21-kde_fb3ec282151b1ee281a24f0545a40ac6438537c2`
-#     `docker cp extract:qt5-install-5.15.9-2023.05.21-kde_fb3ec282151b1ee281a24f0545a40ac6438537c2-ubuntu-20.04-amd64.tar.xz /path/on/host`
+#     `docker create --name extract overte-qt5:5.15.10-2023.09.16-kde_15e6be42c230046646237698fa761b8fb3df71ee`
+#     `docker cp extract:qt5-install-5.15.10-2023.09.16-kde_15e6be42c230046646237698fa761b8fb3df71ee-ubuntu-20.04-amd64.tar.xz /path/on/host`
 #     `docker rm extract`
 
 FROM ubuntu:20.04
@@ -42,37 +42,37 @@ RUN sed -i qt5/qtbase/mkspecs/linux-g++-64/qmake.conf -e 's/\/usr\/X11R6\/lib64/
 RUN apt-get -y build-dep qt5-default
 
 # Install build dependencies
-RUN apt-get -y install git python gperf flex bison pkg-config mesa-utils libgl1-mesa-dev make g++ libdbus-glib-1-dev libnss3-dev nodejs libxkbfile-dev libx11-dev
+RUN apt-get -y install git python gperf flex bison pkg-config mesa-utils libgl1-mesa-dev make g++ libdbus-glib-1-dev libnss3-dev nodejs libxkbfile-dev libx11-dev libwebp-dev
 
 
 RUN mkdir qt5-install && mkdir qt5-build
 WORKDIR qt5-build
 RUN ../qt5/configure -force-debug-info -release -opensource -confirm-license -platform linux-g++ -recheck-all -nomake tests -nomake examples -skip qttranslations -skip qtserialport -skip qt3d -skip qtlocation -skip qtwayland -skip qtsensors -skip qtgamepad -skip qtcharts -skip qtx11extras -skip qtmacextras -skip qtvirtualkeyboard -skip qtpurchasing -skip qtdatavis3d -skip qtlottie -skip qtquick3d -skip qtpim -skip qtdocgallery -no-warnings-are-errors -no-pch -no-icu -prefix ../qt5-install
 
-RUN NINJAFLAGS='-j16' make -j16
+RUN NINJAFLAGS='-j6' make -j6
 
-RUN make -j16 module-qtscript
+RUN make -j6 module-qtscript
 
-RUN make -j16 install
+RUN make -j6 install
 
 WORKDIR ./qtscript
-RUN make -j16 install
+RUN make -j6 install
 
 WORKDIR ../../qt5-install
 RUN find . -name \*.prl -exec sed -i -e '/^QMAKE_PRL_BUILD_DIR/d' {} \;
 
 # Overwrite QtWebengine version to work around version conflicts
-RUN find . -name \Qt5WebEngine*Config.cmake -exec sed -i '' -e 's/5\.15\.14/5\.15\.9/g' {} \;
-RUN cp lib/libQt5WebEngine.so.5.15.14 lib/libQt5WebEngine.so.5.15.9
-RUN cp lib/libQt5WebEngineCore.so.5.15.14 lib/libQt5WebEngineCore.so.5.15.9
-RUN cp lib/libQt5WebEngineWidgets.so.5.15.14 lib/libQt5WebEngineWidgets.so.5.15.9
-RUN cp lib/libQt5Pdf.so.5.15.14 lib/libQt5Pdf.so.5.15.9
-RUN cp lib/libQt5PdfWidgets.so.5.15.14 lib/libQt5PdfWidgets.so.5.15.9
+RUN find . -name \Qt5WebEngine*Config.cmake -exec sed -i '' -e 's/5\.15\.14/5\.15\.10/g' {} \;
+RUN cp lib/libQt5WebEngine.so.5.15.14 lib/libQt5WebEngine.so.5.15.10
+RUN cp lib/libQt5WebEngineCore.so.5.15.14 lib/libQt5WebEngineCore.so.5.15.10
+RUN cp lib/libQt5WebEngineWidgets.so.5.15.14 lib/libQt5WebEngineWidgets.so.5.15.10
+RUN cp lib/libQt5Pdf.so.5.15.14 lib/libQt5Pdf.so.5.15.10
+RUN cp lib/libQt5PdfWidgets.so.5.15.14 lib/libQt5PdfWidgets.so.5.15.10
 
 
 COPY ./qt.conf ./bin/
 
 RUN cp ../qt5-build/config.summary ./
 
 WORKDIR ..
-RUN XZ_OPT='-T0' tar -Jcvf qt5-install-5.15.9-2023.05.21-kde_fb3ec282151b1ee281a24f0545a40ac6438537c2-ubuntu-20.04-amd64.tar.xz qt5-install
+RUN XZ_OPT='-T0' tar -Jcvf qt5-install-5.15.10-2023.09.16-kde_15e6be42c230046646237698fa761b8fb3df71ee-ubuntu-20.04-amd64.tar.xz qt5-install