MGASA-2021-0200

QSslSocket incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications (CVE-2020-13962)

This update provides additionals fixes: - Check that the sizes are even representable when checking if clipping is necessary (P300)

• Multiply instead of shifting, The shift operator is undefined for negative values. (P301)

• Check returns of hex2int in gethexrgb, Avoids undefined behavior when trying to shift negative values. (P302)

• Sanitize lengthValue in CSS parser, Limit the LengthData to the integer range before rounding it, taking into account that qRound() substracts 1 from negative values. (P303)

• QBezier: Don't try calculating a unit vector when length is null. It's undefined and causes a division by zero. (P304)

• Avoid potential ub in corrupt bmp file. biHeight may be int_min, in which case qAbs<int>() will not work. (P305)

• wasm: disable XDGRUNTIMEDIR warning XDG is not very relevant on the Web platform. (P306)

• Use SOURCEDATEEPOCH. Use the standard variable name in addition to the QT-specific one to make builds reproducible out-of-the-box (P308)

• Fix notification of QDockWidget when it gets undocked (P309)

• Synthesize Enter/LeaveEvent for accepted QTabletEvent (P310)

• Fix crash when running QtCore: Stack is misaligned on x86-64 (P311)

• Add support for PostgreSQL 12 (P312)

• QStandardPaths: Correct handling for XDGRUNTIMEDIR (P313)

• QStandardPaths/Unix: improve the XDGRUNTIMEDIR creation/detection (P312)

• Add remote print queue support (P313)