commit: 14516d8afc141ef1bb025e3e5fc83226136d9394 Author: Jimi Huotari <chiitoo <AT> gentoo <DOT> org> AuthorDate: Wed Jul 26 13:23:21 2023 +0000 Commit: Jimi Huotari <chiitoo <AT> gentoo <DOT> org> CommitDate: Wed Jul 26 13:30:57 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=14516d8a
dev-qt/qtbase: drop 6.5.1-r1 Closes: https://bugs.gentoo.org/908384 Signed-off-by: Jimi Huotari <chiitoo <AT> gentoo.org> dev-qt/qtbase/Manifest | 1 - .../qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch | 54 ------ dev-qt/qtbase/qtbase-6.5.1-r1.ebuild | 190 --------------------- 3 files changed, 245 deletions(-) diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest index f18d34b4b586..9476478fb0bf 100644 --- a/dev-qt/qtbase/Manifest +++ b/dev-qt/qtbase/Manifest @@ -1,2 +1 @@ -DIST qtbase-everywhere-src-6.5.1.tar.xz 48287392 BLAKE2B 47872492f21a936d980891c28df61591380bc236adc66b57a90fbb87dd292cdeb3c632fb1159231ba40142d25e02944e4c5e8568153f1286e0a1abc8c5b26699 SHA512 7f7b20bbc25cda65266d6067cdd68e3e077636988d67dbf5783f79a61186135fb3a36d57ac72cfe4501012035b630ab1f5849148e4817726d4f459fa1937e91a DIST qtbase-everywhere-src-6.5.2.tar.xz 48410716 BLAKE2B 578c69ede6f45a8b21cba0a24674d5d8801722503d13ab9578b06b2446ce15e6a84bcdbd0c5d2c9aa868ec70862f0845406c959ed79b695f82bb398ecf299c63 SHA512 8d97029aae5b73a3e03624c9a8495dbf2fe54a4f5e992071c06f3d93935e64c80f2121b33eeb60a92d96ceb288cb25d74906a5bf47b45bb018d859d4a2d13f20 diff --git a/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch b/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch deleted file mode 100644 index 6f1264709e01..000000000000 --- a/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: https://lists.qt-project.org/pipermail/development/2023-June/044031.html - ---- a/src/plugins/tls/schannel/qtls_schannel.cpp -+++ b/src/plugins/tls/schannel/qtls_schannel.cpp -@@ -2106,6 +2106,27 @@ bool TlsCryptographSchannel::verifyCertContext(CERT_CONTEXT *certContext) - verifyDepth = DWORD(q->peerVerifyDepth()); - - const auto &caCertificates = q->sslConfiguration().caCertificates(); -+ -+ if (!rootCertOnDemandLoadingAllowed() -+ && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN) -+ && (q->peerVerifyMode() == QSslSocket::VerifyPeer -+ || (isClient && q->peerVerifyMode() == QSslSocket::AutoVerifyPeer))) { -+ // When verifying a peer Windows "helpfully" builds a chain that -+ // may include roots from the system store. But we don't want that if -+ // the user has set their own CA certificates. -+ // Since Windows claims this is not a partial chain the root is included -+ // and we have to check that it is one of our configured CAs. -+ CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1]; -+ QSslCertificate certificate = getCertificateFromChainElement(element); -+ if (!caCertificates.contains(certificate)) { -+ auto error = QSslError(QSslError::CertificateUntrusted, certificate); -+ sslErrors += error; -+ emit q->peerVerifyError(error); -+ if (q->state() != QAbstractSocket::ConnectedState) -+ return false; -+ } -+ } -+ - QList<QSslCertificate> peerCertificateChain; - for (DWORD i = 0; i < verifyDepth; i++) { - CERT_CHAIN_ELEMENT *element = chain->rgpElement[i]; - ---- a/src/network/ssl/qsslsocket.cpp -+++ b/src/network/ssl/qsslsocket.cpp -@@ -1973,6 +1973,10 @@ QSslSocketPrivate::QSslSocketPrivate() - , flushTriggered(false) - { - QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration); -+ // If the global configuration doesn't allow root certificates to be loaded -+ // on demand then we have to disable it for this socket as well. -+ if (!configuration.allowRootCertOnDemandLoading) -+ allowRootCertOnDemandLoading = false; - - const auto *tlsBackend = tlsBackendInUse(); - if (!tlsBackend) { -@@ -2281,6 +2285,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri - ptr->sessionProtocol = global->sessionProtocol; - ptr->ciphers = global->ciphers; - ptr->caCertificates = global->caCertificates; -+ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading; - ptr->protocol = global->protocol; - ptr->peerVerifyMode = global->peerVerifyMode; - ptr->peerVerifyDepth = global->peerVerifyDepth; diff --git a/dev-qt/qtbase/qtbase-6.5.1-r1.ebuild b/dev-qt/qtbase/qtbase-6.5.1-r1.ebuild deleted file mode 100644 index 4bcdc55ce530..000000000000 --- a/dev-qt/qtbase/qtbase-6.5.1-r1.ebuild +++ /dev/null @@ -1,190 +0,0 @@ -# Copyright 2021-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit qt6-build - -DESCRIPTION="Cross-platform application development framework" - -if [[ ${QT6_BUILD_TYPE} == release ]]; then - KEYWORDS="~amd64" -fi - -# Qt Modules -IUSE="+concurrent +dbus +gui +network +sql opengl +widgets +xml zstd" -REQUIRED_USE=" - opengl? ( gui ) - widgets? ( gui ) - X? ( || ( evdev libinput ) ) -" - -QTGUI_IUSE="accessibility egl eglfs evdev gles2-only +jpeg +libinput tslib tuio vulkan +X" -QTNETWORK_IUSE="brotli gssapi libproxy sctp +ssl vnc" -QTSQL_IUSE="freetds mysql oci8 odbc postgres +sqlite" -IUSE+=" ${QTGUI_IUSE} ${QTNETWORK_IUSE} ${QTSQL_IUSE} cups gtk icu systemd +udev wayland" -# QtPrintSupport = QtGui + QtWidgets enabled. -# ibus = xkbcommon + dbus, and xkbcommon needs either libinput or X -REQUIRED_USE+=" - $(printf '%s? ( gui ) ' ${QTGUI_IUSE//+/}) - $(printf '%s? ( network ) ' ${QTNETWORK_IUSE//+/}) - $(printf '%s? ( sql ) ' ${QTSQL_IUSE//+/}) - accessibility? ( dbus X ) - cups? ( gui widgets ) - eglfs? ( egl ) - gtk? ( widgets ) - gui? ( || ( eglfs X ) || ( libinput X ) ) - libinput? ( udev ) - sql? ( || ( freetds mysql oci8 odbc postgres sqlite ) ) - vnc? ( gui ) - X? ( gles2-only? ( egl ) ) -" - -# TODO: -# qtimageformats: mng not done yet, qtimageformats.git upstream commit 9443239c -# qtnetwork: connman, networkmanager -DEPEND=" - app-crypt/libb2 - dev-libs/double-conversion:= - dev-libs/glib:2 - dev-libs/libpcre2:=[pcre16,unicode] - dev-util/gtk-update-icon-cache - media-libs/fontconfig - >=media-libs/freetype-2.6.1:2 - >=media-libs/harfbuzz-1.6.0:= - media-libs/tiff:= - >=sys-apps/dbus-1.4.20 - sys-libs/zlib:= - brotli? ( app-arch/brotli:= ) - evdev? ( sys-libs/mtdev ) - freetds? ( dev-db/freetds ) - gles2-only? ( media-libs/libglvnd ) - !gles2-only? ( media-libs/libglvnd[X] ) - gssapi? ( virtual/krb5 ) - gtk? ( - x11-libs/gtk+:3 - x11-libs/libX11 - x11-libs/pango - ) - gui? ( media-libs/libpng:= ) - icu? ( dev-libs/icu:= ) - !icu? ( virtual/libiconv ) - jpeg? ( media-libs/libjpeg-turbo:= ) - libinput? ( - dev-libs/libinput:= - >=x11-libs/libxkbcommon-0.5.0 - ) - libproxy? ( net-libs/libproxy ) - mysql? ( dev-db/mysql-connector-c:= ) - oci8? ( dev-db/oracle-instantclient:=[sdk] ) - odbc? ( dev-db/unixODBC ) - postgres? ( dev-db/postgresql:* ) - sctp? ( kernel_linux? ( net-misc/lksctp-tools ) ) - sqlite? ( dev-db/sqlite:3 ) - ssl? ( dev-libs/openssl:= ) - systemd? ( sys-apps/systemd:= ) - tslib? ( >=x11-libs/tslib-1.21 ) - udev? ( virtual/libudev:= ) - vulkan? ( dev-util/vulkan-headers ) - X? ( - x11-libs/libdrm - x11-libs/libICE - x11-libs/libSM - x11-libs/libX11 - >=x11-libs/libxcb-1.12:= - >=x11-libs/libxkbcommon-0.5.0[X] - x11-libs/xcb-util-cursor - x11-libs/xcb-util-image - x11-libs/xcb-util-keysyms - x11-libs/xcb-util-renderutil - x11-libs/xcb-util-wm - ) - zstd? ( app-arch/zstd:= ) -" -RDEPEND="${DEPEND}" -PDEPEND="wayland? ( =dev-qt/qtwayland-${PV}* )" - -PATCHES=( "${FILESDIR}/${PN}-6.5.1-CVE-2023-34410.patch" ) - -src_configure() { - local mycmakeargs=( - -DINSTALL_ARCHDATADIR=${QT6_ARCHDATADIR} - -DINSTALL_BINDIR=${QT6_BINDIR} - -DINSTALL_DATADIR=${QT6_DATADIR} - -DINSTALL_DOCDIR=${QT6_DOCDIR} - -DINSTALL_EXAMPLESDIR=${QT6_EXAMPLESDIR} - -DINSTALL_INCLUDEDIR=${QT6_HEADERDIR} - -DINSTALL_LIBDIR=${QT6_LIBDIR} - -DINSTALL_LIBEXECDIR=${QT6_LIBEXECDIR} - -DINSTALL_MKSPECSDIR=${QT6_ARCHDATADIR}/mkspecs - -DINSTALL_PLUGINSDIR=${QT6_PLUGINDIR} - -DINSTALL_QMLDIR=${QT6_QMLDIR} - -DINSTALL_SYSCONFDIR=${QT6_SYSCONFDIR} - -DINSTALL_TRANSLATIONSDIR=${QT6_TRANSLATIONDIR} - -DQT_FEATURE_androiddeployqt=OFF - $(qt_feature concurrent) - $(qt_feature dbus) - $(qt_feature gui) - $(qt_feature gui testlib) - $(qt_feature icu) - $(qt_feature network) - $(qt_feature sql) - $(qt_feature systemd journald) - $(qt_feature udev libudev) - $(qt_feature xml) - $(qt_feature zstd) - ) - use gui && mycmakeargs+=( - $(qt_feature accessibility accessibility_atspi_bridge) - $(qt_feature egl) - $(qt_feature egl xcb_egl_plugin) - $(qt_feature eglfs eglfs_egldevice) - $(qt_feature eglfs eglfs_gbm) - $(qt_feature evdev) - $(qt_feature evdev mtdev) - -DQT_FEATURE_gif=ON - $(qt_feature jpeg) - $(qt_feature opengl) - $(qt_feature gles2-only opengles2) - $(qt_feature libinput) - $(qt_feature tslib) - $(qt_feature tuio tuiotouch) - $(qt_feature vulkan) - $(qt_feature widgets) - $(qt_feature X xcb) - $(qt_feature X xcb_xlib) - ) - use widgets && mycmakeargs+=( - $(qt_feature cups) - $(qt_feature gtk gtk3) - ) - if use libinput || use X; then - mycmakeargs+=( -DQT_FEATURE_xkbcommon=ON ) - fi - use network && mycmakeargs+=( - $(qt_feature brotli) - $(qt_feature gssapi) - $(qt_feature libproxy) - $(qt_feature sctp) - $(qt_feature ssl openssl) - $(qt_feature vnc) - ) - use sql && mycmakeargs+=( - $(qt_feature freetds sql_tds) - $(qt_feature mysql sql_mysql) - $(qt_feature oci8 sql_oci) - $(qt_feature odbc sql_odbc) - $(qt_feature postgres sql_psql) - $(qt_feature sqlite sql_sqlite) - $(qt_feature sqlite system_sqlite) - ) - - qt6-build_src_configure -} - -src_install() { - qt6-build_src_install - - # https://bugs.gentoo.org/863395 - qt6_symlink_binary_to_path qmake 6 -}
