[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/

orbea Thu, 02 May 2024 18:00:11 -0700

commit:     062236cf874509ab4640351ec35a277b7e61d0c2
Author:     Saki Xi <space_raccoon <AT> riseup <DOT> net>
AuthorDate: Fri May  3 00:34:23 2024 +0000
Commit:     orbea <orbea <AT> riseup <DOT> net>
CommitDate: Fri May  3 00:58:13 2024 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=062236cf


dev-qt/qtbase: upstream sync

Signed-off-by: Saki Xi <space_raccoon <AT> riseup.net>
Closes: https://github.com/gentoo/libressl/pull/558
Signed-off-by: orbea <orbea <AT> riseup.net>

 .../qtbase/files/qtbase-6.7.0-CVE-2024-33861.patch | 23 ++++++++++++++++++++++
 ...base-6.7.0-r1.ebuild => qtbase-6.7.0-r2.ebuild} |  1 +
 2 files changed, 24 insertions(+)

diff --git a/dev-qt/qtbase/files/qtbase-6.7.0-CVE-2024-33861.patch 
b/dev-qt/qtbase/files/qtbase-6.7.0-CVE-2024-33861.patch
new file mode 100644
index 0000000..0a73d72
--- /dev/null
+++ b/dev-qt/qtbase/files/qtbase-6.7.0-CVE-2024-33861.patch
@@ -0,0 +1,23 @@
+https://bugs.gentoo.org/931096
+https://www.qt.io/blog/security-advisory-qstringconverter
+https://codereview.qt-project.org/c/qt/qtbase/+/556191
+--- a/src/corelib/text/qstringconverter.cpp
++++ b/src/corelib/text/qstringconverter.cpp
+@@ -1954,7 +1954,7 @@ struct QStringConverterICU : QStringConverter
+         const void *context;
+         ucnv_getToUCallBack(icu_conv, &action, &context);
+         if (context != state)
+-             ucnv_setToUCallBack(icu_conv, action, &state, nullptr, nullptr, 
&err);
++             ucnv_setToUCallBack(icu_conv, action, state, nullptr, nullptr, 
&err);
+ 
+         ucnv_toUnicode(icu_conv, &target, targetLimit, &source, sourceLimit, 
nullptr, flush, &err);
+         // We did reserve enough space:
+@@ -1987,7 +1987,7 @@ struct QStringConverterICU : QStringConverter
+         const void *context;
+         ucnv_getFromUCallBack(icu_conv, &action, &context);
+         if (context != state)
+-             ucnv_setFromUCallBack(icu_conv, action, &state, nullptr, 
nullptr, &err);
++             ucnv_setFromUCallBack(icu_conv, action, state, nullptr, nullptr, 
&err);
+ 
+         ucnv_fromUnicode(icu_conv, &target, targetLimit, &source, 
sourceLimit, nullptr, flush, &err);
+         // We did reserve enough space:

diff --git a/dev-qt/qtbase/qtbase-6.7.0-r1.ebuild 
b/dev-qt/qtbase/qtbase-6.7.0-r2.ebuild
similarity index 99%
rename from dev-qt/qtbase/qtbase-6.7.0-r1.ebuild
rename to dev-qt/qtbase/qtbase-6.7.0-r2.ebuild
index fb2a882..50d8950 100644
--- a/dev-qt/qtbase/qtbase-6.7.0-r1.ebuild
+++ b/dev-qt/qtbase/qtbase-6.7.0-r2.ebuild
@@ -142,6 +142,7 @@ PATCHES=(
        "${FILESDIR}"/${PN}-6.6.3-gcc14-avx512fp16.patch
        "${FILESDIR}"/${PN}-6.6.3-pkgconf-deps.patch
        "${FILESDIR}"/${PN}-6.7.0-qspan-ifdef.patch
+       "${FILESDIR}"/${PN}-6.7.0-CVE-2024-33861.patch
 )
 
 src_prepare() {

[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/

Reply via email to