commit: 5c6494f3f53aa0c495887368d84dc0e4d4e96553 Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Tue Jan 9 15:35:02 2024 +0000 Commit: orbea <orbea <AT> riseup <DOT> net> CommitDate: Tue Jan 9 15:35:02 2024 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=5c6494f3
dev-qt/qtbase: add 6.6.1-r3, drop 6.6.1-r1 Signed-off-by: orbea <orbea <AT> riseup.net> dev-qt/qtbase/Manifest | 1 + .../qtbase/files/qtbase-6.6.1-CVE-2023-51714.patch | 55 ++++++++++++++++++++++ ...base-6.6.1-r1.ebuild => qtbase-6.6.1-r3.ebuild} | 10 ++-- 3 files changed, 62 insertions(+), 4 deletions(-) diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest index 67b563a..fa00117 100644 --- a/dev-qt/qtbase/Manifest +++ b/dev-qt/qtbase/Manifest @@ -1 +1,2 @@ +DIST qtbase-6.6.1-QTBUG-116905.patch.xz 7132 BLAKE2B 5ad6108f3d278c7014a124733a7e0151d79ab9b82256948c09f2d7d93494020131ec52bae0a0c9ae1959afe724bc033805b28f12676b018dce7d04668d8dec01 SHA512 61c13a96b19bd9c06056681101c2c9d301a5d014c4a155b82ba9b7bce2ba0e715041cd6c3e8e45c9ec3d52c3b77bcf3145fbbf502a72ffbaac02f4eb6b82c912 DIST qtbase-everywhere-src-6.6.1.tar.xz 48370760 BLAKE2B 2dd551d15eef30c7d9a5f4c406143d6f8908d7ebade9daf9fbd3d82a25765425956f2cb8689c50f87f6477de2150eee7b820ef25bb4355c51e7e7fad3ef73005 SHA512 93e77b9b077a3acd5607b643db282fdd7ed0bdfa07df74c3f0d2285afeb1672a6fa229a7e7a6c8a462701305fc22ffef20c212d906484e50fb5cdb706a7b72e1 diff --git a/dev-qt/qtbase/files/qtbase-6.6.1-CVE-2023-51714.patch b/dev-qt/qtbase/files/qtbase-6.6.1-CVE-2023-51714.patch new file mode 100644 index 0000000..8d2b0e7 --- /dev/null +++ b/dev-qt/qtbase/files/qtbase-6.6.1-CVE-2023-51714.patch @@ -0,0 +1,55 @@ +Combination of the two patches [1][2] for CVE-2023-51714[3], +fixed in upcoming qtbase-6.6.2. + +https://bugs.gentoo.org/921292 + +[1] https://codereview.qt-project.org/c/qt/qtbase/+/525295 +[2] https://codereview.qt-project.org/c/qt/qtbase/+/525297 +[3] https://lists.qt-project.org/pipermail/announce/2024-January/000465.html + +From 13c16b756900fe524f6d9534e8a07aa003c05e0c Mon Sep 17 00:00:00 2001 +From: Marc Mutz <marc.m...@qt.io> +Date: Tue, 12 Dec 2023 20:51:56 +0100 +Subject: [PATCH] HPack: fix a Yoda Condition + +Putting the variable on the LHS of a relational operation makes the +expression easier to read. In this case, we find that the whole +expression is nonsensical as an overflow protection, because if +name.size() + value.size() overflows, the result will exactly _not_ +be > max() - 32, because UB will have happened. + +To be fixed in a follow-up commit. + +As a drive-by, add parentheses around the RHS. + +From 811b9eef6d08d929af8708adbf2a5effb0eb62d7 Mon Sep 17 00:00:00 2001 +From: Marc Mutz <marc.m...@qt.io> +Date: Tue, 12 Dec 2023 22:08:07 +0100 +Subject: [PATCH] HPack: fix incorrect integer overflow check + +This code never worked: + +For the comparison with max() - 32 to trigger, on 32-bit platforms (or +Qt 5) signed interger overflow would have had to happen in the +addition of the two sizes. The compiler can therefore remove the +overflow check as dead code. + +On Qt 6 and 64-bit platforms, the signed integer addition would be +very unlikely to overflow, but the following truncation to uint32 +would yield the correct result only in a narrow 32-value window just +below UINT_MAX, if even that. + +Fix by using the proper tool, qAddOverflow. +--- a/src/network/access/http2/hpacktable.cpp ++++ b/src/network/access/http2/hpacktable.cpp +@@ -27,6 +27,8 @@ + // 32 octets of overhead." + +- const unsigned sum = unsigned(name.size() + value.size()); +- if (std::numeric_limits<unsigned>::max() - 32 < sum) ++ size_t sum; ++ if (qAddOverflow(size_t(name.size()), size_t(value.size()), &sum)) ++ return HeaderSize(); ++ if (sum > (std::numeric_limits<unsigned>::max() - 32)) + return HeaderSize(); + return HeaderSize(true, quint32(sum + 32)); diff --git a/dev-qt/qtbase/qtbase-6.6.1-r1.ebuild b/dev-qt/qtbase/qtbase-6.6.1-r3.ebuild similarity index 97% rename from dev-qt/qtbase/qtbase-6.6.1-r1.ebuild rename to dev-qt/qtbase/qtbase-6.6.1-r3.ebuild index ad1aebe..40bd9f1 100644 --- a/dev-qt/qtbase/qtbase-6.6.1-r1.ebuild +++ b/dev-qt/qtbase/qtbase-6.6.1-r3.ebuild @@ -1,4 +1,4 @@ -# Copyright 2021-2023 Gentoo Authors +# Copyright 2021-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -6,6 +6,7 @@ EAPI=8 inherit flag-o-matic qt6-build toolchain-funcs DESCRIPTION="Cross-platform application development framework" +SRC_URI+=" https://dev.gentoo.org/~ionen/distfiles/${P}-QTBUG-116905.patch.xz"; if [[ ${QT6_BUILD_TYPE} == release ]]; then KEYWORDS="amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" @@ -138,6 +139,8 @@ PATCHES=( "${FILESDIR}"/${PN}-6.5.2-no-glx.patch "${FILESDIR}"/${PN}-6.5.2-no-symlink-check.patch "${FILESDIR}"/${PN}-6.6.1-forkfd-childstack-size.patch + "${FILESDIR}"/${P}-CVE-2023-51714.patch + "${WORKDIR}"/${P}-QTBUG-116905.patch ) src_prepare() { @@ -248,9 +251,6 @@ src_configure() { IFS=' ' read -ra intrins < <( : "$(test-flags-CXX "${cpuflags[@]/#/-m}")" $(tc-getCXX) -E -P ${_} ${CXXFLAGS} ${CPPFLAGS} - <<-EOF | tail -n 1 - #if defined(__GNUC__) && (defined(__x86_64__) || defined(__i386__)) - #include <x86intrin.h> - #endif $(printf '__%s__ ' "${cpuflags[@]^^}") EOF assert @@ -291,6 +291,8 @@ src_test() { tst_qsctpsocket # randomly fails without -j1, and not worth it over this (bug #916181) tst_qfiledialog{,2} + # may randomly hang+timeout, perhaps related to -j as well + tst_qtimer # these can be flaky depending on the environment/toolchain tst_qlogging # backtrace log test can easily vary tst_q{,raw}font # affected by available fonts / settings (bug #914737)
