commit: 81ab1553032718e562bc55b45c048bae863b747a Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> AuthorDate: Tue May 23 21:07:27 2023 +0000 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> CommitDate: Tue May 23 21:19:23 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81ab1553
dev-qt/qtgui: Fix CVE-2023-32763 See also: https://www.qt.io/blog/security-advisory-qt-svg-1 QTBUG: https://bugreports.qt.io/browse/QTBUG-113337 Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> .../qtgui/files/qtgui-5.15.9-CVE-2023-32763.patch | 71 ++++++++ dev-qt/qtgui/qtgui-5.15.9-r1.ebuild | 180 +++++++++++++++++++++ 2 files changed, 251 insertions(+) diff --git a/dev-qt/qtgui/files/qtgui-5.15.9-CVE-2023-32763.patch b/dev-qt/qtgui/files/qtgui-5.15.9-CVE-2023-32763.patch new file mode 100644 index 000000000000..2b34807fbd03 --- /dev/null +++ b/dev-qt/qtgui/files/qtgui-5.15.9-CVE-2023-32763.patch @@ -0,0 +1,71 @@ +From e6c8aa2426ef5bd575f85aae530322b145b49006 Mon Sep 17 00:00:00 2001 +From: Allan Sandfeld Jensen <[email protected]> +Date: Fri, 5 May 2023 09:51:32 +0200 +Subject: [PATCH] Fix specific overflow in qtextlayout (CVE-2023-32763) + +Fixes: QTBUG-113337 +Pick-to: 6.5 6.5.1 6.2 5.15 +Change-Id: I13579306defceaccdc0fbb1ec0e9b77c6f8d1af9 +Reviewed-by: Eirik Aavitsland <[email protected]> +Reviewed-by: Thiago Macieira <[email protected]> +(cherry picked from commit 7b7a01c266b507636eab51a36328c7c72d82d93c) + +* asturmlechner 2023-05-23: Upstream backport to 5.15 taken from + https://www.qt.io/blog/security-advisory-qt-svg-1 +--- + src/gui/painting/qfixed_p.h | 9 +++++++++ + src/gui/text/qtextlayout.cpp | 9 ++++++--- + 2 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/src/gui/painting/qfixed_p.h b/src/gui/painting/qfixed_p.h +index 846592881c..57d750a4b3 100644 +--- a/src/gui/painting/qfixed_p.h ++++ b/src/gui/painting/qfixed_p.h +@@ -54,6 +54,7 @@ + #include <QtGui/private/qtguiglobal_p.h> + #include "QtCore/qdebug.h" + #include "QtCore/qpoint.h" ++#include <QtCore/private/qnumeric_p.h> + #include "QtCore/qsize.h" + + QT_BEGIN_NAMESPACE +@@ -182,6 +183,14 @@ Q_DECL_CONSTEXPR inline bool operator<(int i, const QFixed &f) { return i * 64 < + Q_DECL_CONSTEXPR inline bool operator>(const QFixed &f, int i) { return f.value() > i * 64; } + Q_DECL_CONSTEXPR inline bool operator>(int i, const QFixed &f) { return i * 64 > f.value(); } + ++inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r) ++{ ++ int val; ++ bool result = add_overflow(v1.value(), v2.value(), &val); ++ r->setValue(val); ++ return result; ++} ++ + #ifndef QT_NO_DEBUG_STREAM + inline QDebug &operator<<(QDebug &dbg, const QFixed &f) + { return dbg << f.toReal(); } +diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp +index 26ac37b016..f6c69ff4a2 100644 +--- a/src/gui/text/qtextlayout.cpp ++++ b/src/gui/text/qtextlayout.cpp +@@ -2150,11 +2150,14 @@ found: + eng->maxWidth = qMax(eng->maxWidth, line.textWidth); + } else { + eng->minWidth = qMax(eng->minWidth, lbh.minw); +- eng->maxWidth += line.textWidth; ++ if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth)) ++ eng->maxWidth = QFIXED_MAX; + } + +- if (line.textWidth > 0 && item < eng->layoutData->items.size()) +- eng->maxWidth += lbh.spaceData.textWidth; ++ if (line.textWidth > 0 && item < eng->layoutData->items.size()) { ++ if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, &eng->maxWidth)) ++ eng->maxWidth = QFIXED_MAX; ++ } + + line.textWidth += trailingSpace; + if (lbh.spaceData.length) { +-- +2.40.1 + diff --git a/dev-qt/qtgui/qtgui-5.15.9-r1.ebuild b/dev-qt/qtgui/qtgui-5.15.9-r1.ebuild new file mode 100644 index 000000000000..ae7cbfc33ac7 --- /dev/null +++ b/dev-qt/qtgui/qtgui-5.15.9-r1.ebuild @@ -0,0 +1,180 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +if [[ ${PV} != *9999* ]]; then + QT5_KDEPATCHSET_REV=1 + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi + +QT5_MODULE="qtbase" +inherit qt5-build + +DESCRIPTION="The GUI module and platform plugins for the Qt5 framework" + +SLOT=5/${QT5_PV} # bug 707658 +IUSE="accessibility dbus egl eglfs evdev gles2-only ibus jpeg +libinput + linuxfb +png tslib tuio +udev vnc vulkan wayland +X" +REQUIRED_USE=" + || ( eglfs linuxfb vnc X ) + accessibility? ( dbus X ) + eglfs? ( egl ) + ibus? ( dbus ) + libinput? ( udev ) + X? ( gles2-only? ( egl ) ) +" + +RDEPEND=" + dev-libs/glib:2 + =dev-qt/qtcore-${QT5_PV}*:5= + dev-util/gtk-update-icon-cache + media-libs/fontconfig + media-libs/freetype:2 + media-libs/harfbuzz:= + sys-libs/zlib:= + dbus? ( =dev-qt/qtdbus-${QT5_PV}* ) + eglfs? ( + media-libs/mesa[gbm(+)] + x11-libs/libdrm + ) + evdev? ( sys-libs/mtdev ) + jpeg? ( media-libs/libjpeg-turbo:= ) + gles2-only? ( media-libs/libglvnd ) + !gles2-only? ( media-libs/libglvnd[X] ) + libinput? ( + dev-libs/libinput:= + x11-libs/libxkbcommon + ) + png? ( media-libs/libpng:= ) + tslib? ( >=x11-libs/tslib-1.21 ) + tuio? ( =dev-qt/qtnetwork-${QT5_PV}* ) + udev? ( virtual/libudev:= ) + vnc? ( =dev-qt/qtnetwork-${QT5_PV}* ) + vulkan? ( dev-util/vulkan-headers ) + X? ( + x11-libs/libICE + x11-libs/libSM + x11-libs/libX11 + x11-libs/libxcb:= + x11-libs/libxkbcommon[X] + x11-libs/xcb-util-image + x11-libs/xcb-util-keysyms + x11-libs/xcb-util-renderutil + x11-libs/xcb-util-wm + ) +" +DEPEND="${RDEPEND} + evdev? ( sys-kernel/linux-headers ) + linuxfb? ( sys-kernel/linux-headers ) + udev? ( sys-kernel/linux-headers ) + X? ( x11-base/xorg-proto ) +" +PDEPEND=" + ibus? ( app-i18n/ibus ) + wayland? ( =dev-qt/qtwayland-${QT5_PV}* ) +" + +PATCHES=( "${FILESDIR}/${P}-CVE-2023-32763.patch" ) + +QT5_TARGET_SUBDIRS=( + src/tools/qvkgen + src/gui + src/openglextensions + src/platformheaders + src/platformsupport + src/plugins/generic + src/plugins/imageformats + src/plugins/platforms + src/plugins/platforminputcontexts +) + +QT5_GENTOO_CONFIG=( + accessibility:accessibility-atspi-bridge + egl:egl: + eglfs:eglfs: + eglfs:eglfs_egldevice: + eglfs:eglfs_gbm: + evdev:evdev: + evdev:mtdev: + :fontconfig: + :system-freetype:FREETYPE + !:no-freetype: + gles2-only::OPENGL_ES + gles2-only:opengles2:OPENGL_ES_2 + !:no-gui: + :system-harfbuzz: + !:no-harfbuzz: + jpeg:system-jpeg:IMAGEFORMAT_JPEG + !jpeg:no-jpeg: + libinput + libinput:xkbcommon: + :opengl + png:png: + png:system-png:IMAGEFORMAT_PNG + !png:no-png: + tslib:tslib: + udev:libudev: + vulkan:vulkan: + X:xcb: + X:xcb-glx: + X:xcb-plugin: + X:xcb-render: + X:xcb-sm: + X:xcb-xlib: + X:xcb-xinput: +) + +QT5_GENTOO_PRIVATE_CONFIG=( + :gui +) + +src_prepare() { + # don't add -O3 to CXXFLAGS, bug 549140 + sed -i -e '/CONFIG\s*+=/s/optimize_full//' src/gui/gui.pro || die + + # egl_x11 is activated when both egl and X are enabled + use egl && QT5_GENTOO_CONFIG+=(X:egl_x11:) || QT5_GENTOO_CONFIG+=(egl:egl_x11:) + + qt_use_disable_config dbus dbus \ + src/platformsupport/themes/genericunix/genericunix.pri + + qt_use_disable_config tuio tuiotouch src/plugins/generic/generic.pro + + qt_use_disable_mod ibus dbus \ + src/plugins/platforminputcontexts/platforminputcontexts.pro + + use vnc || sed -i -e '/SUBDIRS += vnc/d' \ + src/plugins/platforms/platforms.pro || die + + qt5-build_src_prepare +} + +src_configure() { + local myconf=( + $(usev dbus -dbus-linked) + $(qt_use egl) + $(qt_use eglfs) + $(usev eglfs '-gbm -kms') + $(qt_use evdev) + $(qt_use evdev mtdev) + -fontconfig + -system-freetype + -gui + -system-harfbuzz + $(qt_use jpeg libjpeg system) + $(qt_use libinput) + $(qt_use linuxfb) + -opengl $(usex gles2-only es2 desktop) + $(qt_use png libpng system) + $(qt_use tslib) + $(qt_use udev libudev) + $(qt_use vulkan) + $(qt_use X xcb) + $(usev X '-xcb-xlib') + ) + if use libinput || use X; then + myconf+=( -xkbcommon ) + fi + qt5-build_src_configure +}
