[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 062236cf874509ab4640351ec35a277b7e61d0c2 Author: Saki Xi riseup net> AuthorDate: Fri May 3 00:34:23 2024 + Commit: orbea riseup net> CommitDate: Fri May 3 00:58:13 2024 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=062236cf dev-qt/qtbase: upstream sync Signed-off-by: Saki Xi riseup.net> Closes: https://github.com/gentoo/libressl/pull/558 Signed-off-by: orbea riseup.net> .../qtbase/files/qtbase-6.7.0-CVE-2024-33861.patch | 23 ++ ...base-6.7.0-r1.ebuild => qtbase-6.7.0-r2.ebuild} | 1 + 2 files changed, 24 insertions(+) diff --git a/dev-qt/qtbase/files/qtbase-6.7.0-CVE-2024-33861.patch b/dev-qt/qtbase/files/qtbase-6.7.0-CVE-2024-33861.patch new file mode 100644 index 000..0a73d72 --- /dev/null +++ b/dev-qt/qtbase/files/qtbase-6.7.0-CVE-2024-33861.patch @@ -0,0 +1,23 @@ +https://bugs.gentoo.org/931096 +https://www.qt.io/blog/security-advisory-qstringconverter +https://codereview.qt-project.org/c/qt/qtbase/+/556191 +--- a/src/corelib/text/qstringconverter.cpp b/src/corelib/text/qstringconverter.cpp +@@ -1954,7 +1954,7 @@ struct QStringConverterICU : QStringConverter + const void *context; + ucnv_getToUCallBack(icu_conv, , ); + if (context != state) +- ucnv_setToUCallBack(icu_conv, action, , nullptr, nullptr, ); ++ ucnv_setToUCallBack(icu_conv, action, state, nullptr, nullptr, ); + + ucnv_toUnicode(icu_conv, , targetLimit, , sourceLimit, nullptr, flush, ); + // We did reserve enough space: +@@ -1987,7 +1987,7 @@ struct QStringConverterICU : QStringConverter + const void *context; + ucnv_getFromUCallBack(icu_conv, , ); + if (context != state) +- ucnv_setFromUCallBack(icu_conv, action, , nullptr, nullptr, ); ++ ucnv_setFromUCallBack(icu_conv, action, state, nullptr, nullptr, ); + + ucnv_fromUnicode(icu_conv, , targetLimit, , sourceLimit, nullptr, flush, ); + // We did reserve enough space: diff --git a/dev-qt/qtbase/qtbase-6.7.0-r1.ebuild b/dev-qt/qtbase/qtbase-6.7.0-r2.ebuild similarity index 99% rename from dev-qt/qtbase/qtbase-6.7.0-r1.ebuild rename to dev-qt/qtbase/qtbase-6.7.0-r2.ebuild index fb2a882..50d8950 100644 --- a/dev-qt/qtbase/qtbase-6.7.0-r1.ebuild +++ b/dev-qt/qtbase/qtbase-6.7.0-r2.ebuild @@ -142,6 +142,7 @@ PATCHES=( "${FILESDIR}"/${PN}-6.6.3-gcc14-avx512fp16.patch "${FILESDIR}"/${PN}-6.6.3-pkgconf-deps.patch "${FILESDIR}"/${PN}-6.7.0-qspan-ifdef.patch + "${FILESDIR}"/${PN}-6.7.0-CVE-2024-33861.patch ) src_prepare() {
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 3c72ae0b23aa64d4cae4b690adff6d794a4724fb Author: orbea riseup net> AuthorDate: Mon Apr 22 23:30:37 2024 + Commit: orbea riseup net> CommitDate: Mon Apr 22 23:30:37 2024 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=3c72ae0b dev-qt/qtbase: drop 6.6.2-r1, 6.6.3-r1 Signed-off-by: orbea riseup.net> dev-qt/qtbase/Manifest| 2 - dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch | 29 -- dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch | 13 - dev-qt/qtbase/qtbase-6.6.2-r1.ebuild | 368 - dev-qt/qtbase/qtbase-6.6.3-r1.ebuild | 371 -- 5 files changed, 783 deletions(-) diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest index ca12030..339951b 100644 --- a/dev-qt/qtbase/Manifest +++ b/dev-qt/qtbase/Manifest @@ -1,3 +1 @@ -DIST qtbase-everywhere-src-6.6.2.tar.xz 48689304 BLAKE2B e00f4ac7ede0694b7934612f7dc3acdd50139d385492034c3046625a973d8adbca059e9d4081e248502cab8c673806cdb6b8bc5cee6d9356bbb0a7845db528a2 SHA512 ea343bcf269779a4e078ed8baddfbe6c5ec4a34275c7d72b3f3928da60feece2ddc9ce4a380c6536a4e1654b483cee8918f8ad3038904725d2dd1c653ae83ece -DIST qtbase-everywhere-src-6.6.3.tar.xz 48784716 BLAKE2B f79e369c31968d026fb50dd64d53931ea28c25bd7eb442806760f733dbcacd868774d1c991d4da80c5eb40e24d75ffaba61b2cb9036fdc2d189f865b22143596 SHA512 cd96903a3947a1f5cf6a3ff21ab0b3209ed421d2a8c45acb34ae5aa7ad0501cb79e26cfa81bc02141d5731ebfa662442f37806e97994332077d963c9e70a5f54 DIST qtbase-everywhere-src-6.7.0.tar.xz 49314276 BLAKE2B f4ec35fd3c15d56a28e1608dec927eaf34d84c2250405d921adadc16d90ec148f4983024dcf9be1832de91381d18e33fd7578d60d8654469e23530a210618e11 SHA512 72896cc5a677361779f49d60dbdfc33a21d77bd479e0586b0beb03eee2016d613aee56e798143a489431a07a5e7a7db4c7c046105a11b63dd178768f3a7f195a diff --git a/dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch b/dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch deleted file mode 100644 index f8263d1..000 --- a/dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch +++ /dev/null @@ -1,29 +0,0 @@ -Fixes build with libglvnd[-X]. - -https://github.com/qt/qtbase/commit/929d9a4ca5c9eb0a590479182471d0bbc81589aa -From: Yaroslav Isakov -Date: Sat, 8 Jul 2023 22:09:40 +0200 -Subject: [PATCH] Allow OpenGL to be found on X11-less Linux systems (using - libOpenGL) - -Cmake supports finding OpenGL, even if there is no GLX (for glvnd) or -old-style libGL. This change keeps old behavior, but in case, if -X11-related OpenGL libraries cannot be found on Linux, it adds logic -to check for (and link with) libOpenGL, if it is present. a/cmake/FindWrapOpenGL.cmake -+++ b/cmake/FindWrapOpenGL.cmake -@@ -47,4 +47,14 @@ - target_link_libraries(WrapOpenGL::WrapOpenGL INTERFACE OpenGL::GL) - endif() -+elseif(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "Integrity") -+# Requesting only the OpenGL component ensures CMake does not mark the package as -+# not found if neither GLX nor libGL are available. This allows finding OpenGL -+# on an X11-less Linux system. -+find_package(OpenGL ${WrapOpenGL_FIND_VERSION} COMPONENTS OpenGL) -+if (OpenGL_FOUND) -+set(WrapOpenGL_FOUND ON) -+add_library(WrapOpenGL::WrapOpenGL INTERFACE IMPORTED) -+target_link_libraries(WrapOpenGL::WrapOpenGL INTERFACE OpenGL::OpenGL) -+endif() - endif() - diff --git a/dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch b/dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch deleted file mode 100644 index 1204dcc..000 --- a/dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch +++ /dev/null @@ -1,13 +0,0 @@ -https://bugs.gentoo.org/925103 a/src/corelib/thread/qthread.h -+++ b/src/corelib/thread/qthread.h -@@ -166,5 +166,9 @@ - #elif defined(Q_PROCESSOR_X86_64) && ((defined(Q_OS_LINUX) && defined(__GLIBC__)) || defined(Q_OS_FREEBSD)) - // x86_64 Linux, BSD uses FS -+# if defined(__ILP32__) -+__asm__("mov %%fs:%c1, %0" : "=r" (tid) : "i" (2 * sizeof(void*)) : ); -+# else - __asm__("movq %%fs:%c1, %0" : "=r" (tid) : "i" (2 * sizeof(void*)) : ); -+# endif - #elif defined(Q_PROCESSOR_X86_64) && defined(Q_OS_WIN) - // See https://en.wikipedia.org/wiki/Win32_Thread_Information_Block diff --git a/dev-qt/qtbase/qtbase-6.6.2-r1.ebuild b/dev-qt/qtbase/qtbase-6.6.2-r1.ebuild deleted file mode 100644 index 420111b..000 --- a/dev-qt/qtbase/qtbase-6.6.2-r1.ebuild +++ /dev/null @@ -1,368 +0,0 @@ -# Copyright 2021-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit flag-o-matic qt6-build toolchain-funcs - -DESCRIPTION="Cross-platform application development framework" - -if [[ ${QT6_BUILD_TYPE} == release ]]; then - KEYWORDS="amd64 ~arm arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" -fi - -declare -A QT6_IUSE=( - [global]="+ssl +udev zstd" - [core]="icu" - [modules]="+concurrent +dbus +gui +network +sql +xml" - - [gui]=" -
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 8520a12ca5a255ea1f0b0523a585f2d4396a51b3 Author: orbea riseup net> AuthorDate: Sun Feb 25 02:05:21 2024 + Commit: orbea riseup net> CommitDate: Sun Feb 25 02:05:21 2024 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=8520a12c dev-qt/qtbase: sync ::gentoo Signed-off-by: orbea riseup.net> dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch | 13 + dev-qt/qtbase/qtbase-6.6.2.ebuild | 1 + 2 files changed, 14 insertions(+) diff --git a/dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch b/dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch new file mode 100644 index 000..1204dcc --- /dev/null +++ b/dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch @@ -0,0 +1,13 @@ +https://bugs.gentoo.org/925103 +--- a/src/corelib/thread/qthread.h b/src/corelib/thread/qthread.h +@@ -166,5 +166,9 @@ + #elif defined(Q_PROCESSOR_X86_64) && ((defined(Q_OS_LINUX) && defined(__GLIBC__)) || defined(Q_OS_FREEBSD)) + // x86_64 Linux, BSD uses FS ++# if defined(__ILP32__) ++__asm__("mov %%fs:%c1, %0" : "=r" (tid) : "i" (2 * sizeof(void*)) : ); ++# else + __asm__("movq %%fs:%c1, %0" : "=r" (tid) : "i" (2 * sizeof(void*)) : ); ++# endif + #elif defined(Q_PROCESSOR_X86_64) && defined(Q_OS_WIN) + // See https://en.wikipedia.org/wiki/Win32_Thread_Information_Block diff --git a/dev-qt/qtbase/qtbase-6.6.2.ebuild b/dev-qt/qtbase/qtbase-6.6.2.ebuild index aafc726..9348366 100644 --- a/dev-qt/qtbase/qtbase-6.6.2.ebuild +++ b/dev-qt/qtbase/qtbase-6.6.2.ebuild @@ -138,6 +138,7 @@ PATCHES=( "${FILESDIR}"/${PN}-6.5.2-no-glx.patch "${FILESDIR}"/${PN}-6.5.2-no-symlink-check.patch "${FILESDIR}"/${PN}-6.6.1-forkfd-childstack-size.patch + "${FILESDIR}"/${PN}-6.6.2-x32abi.patch ) src_prepare() {
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 6ef9c10dd62b23238000728abf2f4acbe7b77848 Author: orbea riseup net> AuthorDate: Fri Dec 29 15:20:34 2023 + Commit: orbea riseup net> CommitDate: Fri Dec 29 15:20:34 2023 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=6ef9c10d dev-qt/qtbase: drop 6.5.3-r1, 6.6.0-r1 Signed-off-by: orbea riseup.net> dev-qt/qtbase/Manifest | 2 - dev-qt/qtbase/files/qtbase-6.5.0-libressl.patch| 449 - .../qtbase-6.5.3-forkfd-childstack-size.patch | 27 -- .../qtbase/files/qtbase-6.5.3-xkbcommon160.patch | 18 - dev-qt/qtbase/qtbase-6.5.3-r1.ebuild | 354 dev-qt/qtbase/qtbase-6.6.0-r1.ebuild | 356 6 files changed, 1206 deletions(-) diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest index 71ca1f2..67b563a 100644 --- a/dev-qt/qtbase/Manifest +++ b/dev-qt/qtbase/Manifest @@ -1,3 +1 @@ -DIST qtbase-everywhere-src-6.5.3.tar.xz 47142456 BLAKE2B 5b4c774b7199563dc7f2aebf9b2b531d851ee49bc038212f4970eeb43a17c364710432708f82a518eee6692ab123d78b642c234d9548d5b553f689a43aa05ee6 SHA512 31c6c01d466f1e01f18d6dcee593360c08ee83ad0a6be495a8eba023faad628cf07ce7285426fabfd247db306319e9a64da329682c99a712a282e32f7493cdb9 -DIST qtbase-everywhere-src-6.6.0.tar.xz 48350308 BLAKE2B 719e265dfafb4fd95f972a317acb95e2d83f8d62175c28ab97837c635435bdcd79bdca113362dea2f04dab799d4749e23056ddb9583908ee20ab23cedeca19b7 SHA512 4e85acefeddc0a3cd6ba615b4768f435c4e237a605172153a1777a10285dab83d9cf220c18ce6d723d051b8b432f3e92be94925b54c2eb972c2c1d9ace849e17 DIST qtbase-everywhere-src-6.6.1.tar.xz 48370760 BLAKE2B 2dd551d15eef30c7d9a5f4c406143d6f8908d7ebade9daf9fbd3d82a25765425956f2cb8689c50f87f6477de2150eee7b820ef25bb4355c51e7e7fad3ef73005 SHA512 93e77b9b077a3acd5607b643db282fdd7ed0bdfa07df74c3f0d2285afeb1672a6fa229a7e7a6c8a462701305fc22ffef20c212d906484e50fb5cdb706a7b72e1 diff --git a/dev-qt/qtbase/files/qtbase-6.5.0-libressl.patch b/dev-qt/qtbase/files/qtbase-6.5.0-libressl.patch deleted file mode 100644 index d3d7313..000 --- a/dev-qt/qtbase/files/qtbase-6.5.0-libressl.patch +++ /dev/null @@ -1,449 +0,0 @@ -Fixes Qt6 build on LibreSSL. - -http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_cpp?rev=1.8 -http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qopenssl_p_h?rev=1.2 -http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qsslcontext_openssl_cpp?rev=1.2 -http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qsslsocket_openssl_symbols_p_h?rev=1.2 -http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qtls_openssl_cpp?rev=1.2 -http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qx509_openssl_cpp?rev=1.3 - a/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp -+++ b/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp -@@ -112,23 +112,37 @@ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYA - DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) - DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return) - DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return) -+#ifdef OPENSSL_NO_DEPRECATED_3_0 - DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return) -+DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return) - DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return) - DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return) -+#endif // OPENSSL_NO_DEPRECATED_3_0 -+#ifndef LIBRESSL_VERSION_NUMBER - DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return) - DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG) - DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return) - DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG) - DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) - DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) -+#else -+DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return) -+DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG) -+DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return) -+DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG) -+DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG) -+DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return nullptr, return) -+#endif // LIBRESSL_VERSION_NUMBER - DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) - DEFINEFUNC2(qssloptions, SSL_CTX_set_options, SSL_CTX *ctx, ctx, qssloptions op,
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 16863d6c45c6839a1f4e27edf934a5ac29551f01 Author: orbea riseup net> AuthorDate: Wed Dec 6 04:41:15 2023 + Commit: orbea riseup net> CommitDate: Wed Dec 6 04:41:15 2023 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=16863d6c dev-qt/qtbase: add 6.6.1-r1 Signed-off-by: orbea riseup.net> dev-qt/qtbase/Manifest | 1 + .../qtbase-6.6.1-forkfd-childstack-size.patch | 23 ++ dev-qt/qtbase/qtbase-6.6.1-r1.ebuild | 362 + 3 files changed, 386 insertions(+) diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest index b6ec5a5..dc81a32 100644 --- a/dev-qt/qtbase/Manifest +++ b/dev-qt/qtbase/Manifest @@ -1,3 +1,4 @@ DIST qtbase-everywhere-src-6.5.2.tar.xz 48410716 BLAKE2B 578c69ede6f45a8b21cba0a24674d5d8801722503d13ab9578b06b2446ce15e6a84bcdbd0c5d2c9aa868ec70862f0845406c959ed79b695f82bb398ecf299c63 SHA512 8d97029aae5b73a3e03624c9a8495dbf2fe54a4f5e992071c06f3d93935e64c80f2121b33eeb60a92d96ceb288cb25d74906a5bf47b45bb018d859d4a2d13f20 DIST qtbase-everywhere-src-6.5.3.tar.xz 47142456 BLAKE2B 5b4c774b7199563dc7f2aebf9b2b531d851ee49bc038212f4970eeb43a17c364710432708f82a518eee6692ab123d78b642c234d9548d5b553f689a43aa05ee6 SHA512 31c6c01d466f1e01f18d6dcee593360c08ee83ad0a6be495a8eba023faad628cf07ce7285426fabfd247db306319e9a64da329682c99a712a282e32f7493cdb9 DIST qtbase-everywhere-src-6.6.0.tar.xz 48350308 BLAKE2B 719e265dfafb4fd95f972a317acb95e2d83f8d62175c28ab97837c635435bdcd79bdca113362dea2f04dab799d4749e23056ddb9583908ee20ab23cedeca19b7 SHA512 4e85acefeddc0a3cd6ba615b4768f435c4e237a605172153a1777a10285dab83d9cf220c18ce6d723d051b8b432f3e92be94925b54c2eb972c2c1d9ace849e17 +DIST qtbase-everywhere-src-6.6.1.tar.xz 48370760 BLAKE2B 2dd551d15eef30c7d9a5f4c406143d6f8908d7ebade9daf9fbd3d82a25765425956f2cb8689c50f87f6477de2150eee7b820ef25bb4355c51e7e7fad3ef73005 SHA512 93e77b9b077a3acd5607b643db282fdd7ed0bdfa07df74c3f0d2285afeb1672a6fa229a7e7a6c8a462701305fc22ffef20c212d906484e50fb5cdb706a7b72e1 diff --git a/dev-qt/qtbase/files/qtbase-6.6.1-forkfd-childstack-size.patch b/dev-qt/qtbase/files/qtbase-6.6.1-forkfd-childstack-size.patch new file mode 100644 index 000..6b0ff17 --- /dev/null +++ b/dev-qt/qtbase/files/qtbase-6.6.1-forkfd-childstack-size.patch @@ -0,0 +1,23 @@ +Avoid crash that happens for some users in qsb, qmake, and +potentially other Qt tools when ran under sandbox leading +to build failures for qtdeclarative and other packages. + +Former fix involved replacing 4096 by SIGSTKSZ but +bug #918664 shown that this may be insufficient so this +tries 32k instead. + +https://bugs.gentoo.org/908809 +https://bugs.gentoo.org/908816 +https://bugs.gentoo.org/913493 +https://bugs.gentoo.org/915695 +https://bugs.gentoo.org/918664 +https://codereview.qt-project.org/c/qt/qtbase/+/513140 +--- a/src/3rdparty/forkfd/forkfd_linux.c b/src/3rdparty/forkfd/forkfd_linux.c +@@ -158,5 +158,5 @@ + int system_vforkfd(int flags, pid_t *ppid, int (*childFn)(void *), void *token, int *system) + { +-__attribute__((aligned(64))) char childStack[SIGSTKSZ]; ++__attribute__((aligned(64))) char childStack[32768]; + pid_t pid; + int pidfd; diff --git a/dev-qt/qtbase/qtbase-6.6.1-r1.ebuild b/dev-qt/qtbase/qtbase-6.6.1-r1.ebuild new file mode 100644 index 000..678d382 --- /dev/null +++ b/dev-qt/qtbase/qtbase-6.6.1-r1.ebuild @@ -0,0 +1,362 @@ +# Copyright 2021-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit flag-o-matic qt6-build toolchain-funcs + +DESCRIPTION="Cross-platform application development framework" + +if [[ ${QT6_BUILD_TYPE} == release ]]; then + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi + +declare -A QT6_IUSE=( + [global]="+ssl +udev zstd" + [core]="icu" + [modules]="+concurrent +dbus +gui +network +sql +xml" + + [gui]=" + +X accessibility eglfs evdev gles2-only +libinput + opengl tslib vulkan +widgets + " + [network]="brotli gssapi libproxy sctp" + [sql]="mysql oci8 odbc postgres +sqlite" + [widgets]="cups gtk" + + [optfeature]="nls wayland" #810802,864509 +) +IUSE="${QT6_IUSE[*]}" +REQUIRED_USE=" + $( + printf '%s? ( gui ) ' ${QT6_IUSE[gui]//+/} + printf '%s? ( network ) ' ${QT6_IUSE[network]//+/} + printf '%s? ( sql ) ' ${QT6_IUSE[sql]//+/} + printf '%s? ( gui widgets ) ' ${QT6_IUSE[widgets]//+/} + ) + accessibility? ( dbus ) + eglfs? ( opengl ) + gles2-only? ( opengl ) + gui? ( || ( X eglfs wayland ) ) + libinput? ( udev ) + sql? ( || ( ${QT6_IUSE[sql]//+/} ) ) + test? ( icu sql? ( sqlite ) ) +" + +# groups: +# - global (configure.cmake) +# - qtcore (src/corelib/configure.cmake) +# - qtgui (src/gui/configure.cmake) +# - qtnetwork (src/network/configure.cmake) +# -
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 8386075470cbc50e34e85629f57614aefc77fc4b Author: Saki Xi riseup net> AuthorDate: Thu Sep 28 16:16:28 2023 + Commit: orbea riseup net> CommitDate: Thu Sep 28 16:54:31 2023 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=83860754 dev-qt/qtbase: Update upstream sync ::gentoo Signed-off-by: Saki Xi riseup.net> Closes: https://github.com/gentoo/libressl/pull/540 Signed-off-by: orbea riseup.net> dev-qt/qtbase/Manifest | 1 + .../qtbase-6.5.2-hppa-forkfd-grow-stack.patch | 28 ++ dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch | 29 ++ dev-qt/qtbase/qtbase-6.5.3.ebuild | 351 + 4 files changed, 409 insertions(+) diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest index 9476478..4622d92 100644 --- a/dev-qt/qtbase/Manifest +++ b/dev-qt/qtbase/Manifest @@ -1 +1,2 @@ DIST qtbase-everywhere-src-6.5.2.tar.xz 48410716 BLAKE2B 578c69ede6f45a8b21cba0a24674d5d8801722503d13ab9578b06b2446ce15e6a84bcdbd0c5d2c9aa868ec70862f0845406c959ed79b695f82bb398ecf299c63 SHA512 8d97029aae5b73a3e03624c9a8495dbf2fe54a4f5e992071c06f3d93935e64c80f2121b33eeb60a92d96ceb288cb25d74906a5bf47b45bb018d859d4a2d13f20 +DIST qtbase-everywhere-src-6.5.3.tar.xz 47142456 BLAKE2B 5b4c774b7199563dc7f2aebf9b2b531d851ee49bc038212f4970eeb43a17c364710432708f82a518eee6692ab123d78b642c234d9548d5b553f689a43aa05ee6 SHA512 31c6c01d466f1e01f18d6dcee593360c08ee83ad0a6be495a8eba023faad628cf07ce7285426fabfd247db306319e9a64da329682c99a712a282e32f7493cdb9 diff --git a/dev-qt/qtbase/files/qtbase-6.5.2-hppa-forkfd-grow-stack.patch b/dev-qt/qtbase/files/qtbase-6.5.2-hppa-forkfd-grow-stack.patch new file mode 100644 index 000..ccada9f --- /dev/null +++ b/dev-qt/qtbase/files/qtbase-6.5.2-hppa-forkfd-grow-stack.patch @@ -0,0 +1,28 @@ +Patch taken from Debian[1], largely broken on HPPA without and several +tests give segmentation faults[2]. + +Needs upstreaming if someone familiar with HPPA wants to give this +attention. Note forkfd is essentially maintained in qtbase's repo[3] +rather than truly third party. + +[1] https://bugs.debian.org/1042018 +[2] https://bugs.gentoo.org/914371 +[3] https://code.qt.io/cgit/qt/qtbase.git/tree/src/3rdparty/forkfd + +Description: Change how stack grows on HPPA. + On HPPA stack grows upwards. This patch introduces this change for + this 3rd party code. +Author: John David Anglin +--- a/src/3rdparty/forkfd/forkfd_linux.c b/src/3rdparty/forkfd/forkfd_linux.c +@@ -170,5 +170,10 @@ + *system = 1; + ++#if defined(__hppa__) ++/* Stack grows up */ ++pid = clone(childFn, childStack, cloneflags, token, , NULL, NULL); ++#else + pid = clone(childFn, childStack + sizeof(childStack), cloneflags, token, , NULL, NULL); ++#endif + if (pid < 0) + return pid; diff --git a/dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch b/dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch new file mode 100644 index 000..f8263d1 --- /dev/null +++ b/dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch @@ -0,0 +1,29 @@ +Fixes build with libglvnd[-X]. + +https://github.com/qt/qtbase/commit/929d9a4ca5c9eb0a590479182471d0bbc81589aa +From: Yaroslav Isakov +Date: Sat, 8 Jul 2023 22:09:40 +0200 +Subject: [PATCH] Allow OpenGL to be found on X11-less Linux systems (using + libOpenGL) + +Cmake supports finding OpenGL, even if there is no GLX (for glvnd) or +old-style libGL. This change keeps old behavior, but in case, if +X11-related OpenGL libraries cannot be found on Linux, it adds logic +to check for (and link with) libOpenGL, if it is present. +--- a/cmake/FindWrapOpenGL.cmake b/cmake/FindWrapOpenGL.cmake +@@ -47,4 +47,14 @@ + target_link_libraries(WrapOpenGL::WrapOpenGL INTERFACE OpenGL::GL) + endif() ++elseif(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "Integrity") ++# Requesting only the OpenGL component ensures CMake does not mark the package as ++# not found if neither GLX nor libGL are available. This allows finding OpenGL ++# on an X11-less Linux system. ++find_package(OpenGL ${WrapOpenGL_FIND_VERSION} COMPONENTS OpenGL) ++if (OpenGL_FOUND) ++set(WrapOpenGL_FOUND ON) ++add_library(WrapOpenGL::WrapOpenGL INTERFACE IMPORTED) ++target_link_libraries(WrapOpenGL::WrapOpenGL INTERFACE OpenGL::OpenGL) ++endif() + endif() + diff --git a/dev-qt/qtbase/qtbase-6.5.3.ebuild b/dev-qt/qtbase/qtbase-6.5.3.ebuild new file mode 100644 index 000..df8f999 --- /dev/null +++ b/dev-qt/qtbase/qtbase-6.5.3.ebuild @@ -0,0 +1,351 @@ +# Copyright 2021-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit flag-o-matic qt6-build toolchain-funcs + +DESCRIPTION="Cross-platform application development framework" + +if [[ ${QT6_BUILD_TYPE} == release ]]; then + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~x86" +fi + +declare -A QT6_IUSE=( + [global]="+ssl +udev zstd" +
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 2239c79daced0d97373e4811db08426d13a07c83 Author: orbea riseup net> AuthorDate: Wed Sep 6 18:10:16 2023 + Commit: orbea riseup net> CommitDate: Wed Sep 6 18:10:16 2023 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=2239c79d dev-qt/qtbase: add 6.5.2-r1, drop 6.5.2 Signed-off-by: orbea riseup.net> dev-qt/qtbase/files/qtbase-6.5.2-tests-gcc13.patch | 25 ++ dev-qt/qtbase/metadata.xml | 3 +- dev-qt/qtbase/qtbase-6.5.2-r1.ebuild | 335 + dev-qt/qtbase/qtbase-6.5.2.ebuild | 196 4 files changed, 361 insertions(+), 198 deletions(-) diff --git a/dev-qt/qtbase/files/qtbase-6.5.2-tests-gcc13.patch b/dev-qt/qtbase/files/qtbase-6.5.2-tests-gcc13.patch new file mode 100644 index 000..431d89a --- /dev/null +++ b/dev-qt/qtbase/files/qtbase-6.5.2-tests-gcc13.patch @@ -0,0 +1,25 @@ +https://bugreports.qt.io/browse/QTBUG-114785 +https://code.qt.io/cgit/qt/qtbase.git/commit/?id=3e801b5477a7abfe4b87f20639e345bf3dc7eca8 +From: Martin Jansa +Date: Sat, 29 Apr 2023 13:01:56 +0200 +Subject: [PATCH] tinycbor: fix build with gcc-13 + +Fixes: QTBUG-114785 +Pick-to: 6.6 6.5 +Change-Id: I4876ebd8890eee883a0d1a2bef8cb7aec4fd0f2f +Reviewed-by: Thiago Macieira +--- a/src/3rdparty/tinycbor/tests/encoder/data.cpp b/src/3rdparty/tinycbor/tests/encoder/data.cpp +@@ -239,9 +239,9 @@ + QTest::newRow("0.f16") << raw("\xf9\0\0") << QVariant::fromValue(qfloat16(0)); + QTest::newRow("-1.f16") << raw("\xf9\xbc\0") << QVariant::fromValue(qfloat16(-1)); + QTest::newRow("1.5f16") << raw("\xf9\x3e\0") << QVariant::fromValue(qfloat16(1.5)); +-QTest::newRow("nan_f16") << raw("\xf9\x7e\0") << QVariant::fromValue(myNaNf()); +-QTest::newRow("-inf_f16") << raw("\xf9\xfc\0") << QVariant::fromValue(myNInff()); +-QTest::newRow("+inf_f16") << raw("\xf9\x7c\0") << QVariant::fromValue(myInff()); ++QTest::newRow("nan_f16") << raw("\xf9\x7e\0") << QVariant::fromValue(qfloat16(myNaNf())); ++QTest::newRow("-inf_f16") << raw("\xf9\xfc\0") << QVariant::fromValue(qfloat16(myNInff())); ++QTest::newRow("+inf_f16") << raw("\xf9\x7c\0") << QVariant::fromValue(qfloat16(myInff())); + #endif + + QTest::newRow("0.f") << raw("\xfa\0\0\0\0") << QVariant::fromValue(0.f); diff --git a/dev-qt/qtbase/metadata.xml b/dev-qt/qtbase/metadata.xml index d828e06..573775d 100644 --- a/dev-qt/qtbase/metadata.xml +++ b/dev-qt/qtbase/metadata.xml @@ -9,7 +9,6 @@ Enable support for Brotli decompression Build Qt6Concurrent module Build Qt6DBus module - Enable EGL integration Build the EGL Full Screen/Single Surface platform plugin Enable support for input devices via evdev Enable support for GSSAPI (virtual/krb5) @@ -21,13 +20,13 @@ Build Qt6Sql module Enable native journald logging support Enable support for touchscreen devices via x11-libs/tslib - Build plugin to receive touch events over the TUIO protocol Build Qt6Widgets module Build the XCB platform plugin and enable X11 integration https://bugreports.qt.io/ https://doc.qt.io/ + qt/qtbase diff --git a/dev-qt/qtbase/qtbase-6.5.2-r1.ebuild b/dev-qt/qtbase/qtbase-6.5.2-r1.ebuild new file mode 100644 index 000..e0bb6d1 --- /dev/null +++ b/dev-qt/qtbase/qtbase-6.5.2-r1.ebuild @@ -0,0 +1,335 @@ +# Copyright 2021-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit flag-o-matic qt6-build toolchain-funcs + +DESCRIPTION="Cross-platform application development framework" + +if [[ ${QT6_BUILD_TYPE} == release ]]; then + KEYWORDS="~amd64" +fi + +declare -A QT6_IUSE=( + [global]="+ssl +udev zstd" + [core]="icu systemd" + [modules]="+concurrent +dbus +gui +network +sql +xml" + + [gui]=" + +X accessibility eglfs evdev gles2-only +libinput + opengl tslib vulkan +widgets + " + [network]="brotli gssapi libproxy sctp" + [sql]="mysql oci8 odbc postgres +sqlite" + [widgets]="cups gtk" + + [optfeature]="wayland" #864509 +) +IUSE="${QT6_IUSE[*]}" +REQUIRED_USE=" + $( + printf '%s? ( gui ) ' ${QT6_IUSE[gui]//+/} + printf '%s? ( network ) ' ${QT6_IUSE[network]//+/} + printf '%s? ( sql ) ' ${QT6_IUSE[sql]//+/} + printf '%s? ( gui widgets ) ' ${QT6_IUSE[widgets]//+/} + ) + accessibility? ( X dbus ) + eglfs? ( opengl ) + gui? ( || ( X eglfs wayland ) ) + libinput? ( udev ) + sql? ( || ( ${QT6_IUSE[sql]//+/} ) ) + test? ( icu sql? ( sqlite ) ) +" + +# groups: +# - global (configure.cmake) +# -
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 232704864cb16d7f2f0253253b25c4ed73e5fefd Author: orbea riseup net> AuthorDate: Wed Jul 26 14:44:51 2023 + Commit: orbea riseup net> CommitDate: Wed Jul 26 14:44:51 2023 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=23270486 dev-qt/qtbase: drop 6.5.1-r1 Signed-off-by: orbea riseup.net> dev-qt/qtbase/Manifest | 1 - .../qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch | 54 -- dev-qt/qtbase/qtbase-6.5.1-r1.ebuild | 196 - 3 files changed, 251 deletions(-) diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest index f18d34b..9476478 100644 --- a/dev-qt/qtbase/Manifest +++ b/dev-qt/qtbase/Manifest @@ -1,2 +1 @@ -DIST qtbase-everywhere-src-6.5.1.tar.xz 48287392 BLAKE2B 47872492f21a936d980891c28df61591380bc236adc66b57a90fbb87dd292cdeb3c632fb1159231ba40142d25e02944e4c5e8568153f1286e0a1abc8c5b26699 SHA512 7f7b20bbc25cda65266d6067cdd68e3e077636988d67dbf5783f79a61186135fb3a36d57ac72cfe4501012035b630ab1f5849148e4817726d4f459fa1937e91a DIST qtbase-everywhere-src-6.5.2.tar.xz 48410716 BLAKE2B 578c69ede6f45a8b21cba0a24674d5d8801722503d13ab9578b06b2446ce15e6a84bcdbd0c5d2c9aa868ec70862f0845406c959ed79b695f82bb398ecf299c63 SHA512 8d97029aae5b73a3e03624c9a8495dbf2fe54a4f5e992071c06f3d93935e64c80f2121b33eeb60a92d96ceb288cb25d74906a5bf47b45bb018d859d4a2d13f20 diff --git a/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch b/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch deleted file mode 100644 index 6f12647..000 --- a/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: https://lists.qt-project.org/pipermail/development/2023-June/044031.html - a/src/plugins/tls/schannel/qtls_schannel.cpp -+++ b/src/plugins/tls/schannel/qtls_schannel.cpp -@@ -2106,6 +2106,27 @@ bool TlsCryptographSchannel::verifyCertContext(CERT_CONTEXT *certContext) - verifyDepth = DWORD(q->peerVerifyDepth()); - - const auto = q->sslConfiguration().caCertificates(); -+ -+if (!rootCertOnDemandLoadingAllowed() -+&& !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN) -+&& (q->peerVerifyMode() == QSslSocket::VerifyPeer -+|| (isClient && q->peerVerifyMode() == QSslSocket::AutoVerifyPeer))) { -+// When verifying a peer Windows "helpfully" builds a chain that -+// may include roots from the system store. But we don't want that if -+// the user has set their own CA certificates. -+// Since Windows claims this is not a partial chain the root is included -+// and we have to check that it is one of our configured CAs. -+CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1]; -+QSslCertificate certificate = getCertificateFromChainElement(element); -+if (!caCertificates.contains(certificate)) { -+auto error = QSslError(QSslError::CertificateUntrusted, certificate); -+sslErrors += error; -+emit q->peerVerifyError(error); -+if (q->state() != QAbstractSocket::ConnectedState) -+return false; -+} -+} -+ - QList peerCertificateChain; - for (DWORD i = 0; i < verifyDepth; i++) { - CERT_CHAIN_ELEMENT *element = chain->rgpElement[i]; - a/src/network/ssl/qsslsocket.cpp -+++ b/src/network/ssl/qsslsocket.cpp -@@ -1973,6 +1973,10 @@ QSslSocketPrivate::QSslSocketPrivate() - , flushTriggered(false) - { - QSslConfigurationPrivate::deepCopyDefaultConfiguration(); -+// If the global configuration doesn't allow root certificates to be loaded -+// on demand then we have to disable it for this socket as well. -+if (!configuration.allowRootCertOnDemandLoading) -+allowRootCertOnDemandLoading = false; - - const auto *tlsBackend = tlsBackendInUse(); - if (!tlsBackend) { -@@ -2281,6 +2285,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri - ptr->sessionProtocol = global->sessionProtocol; - ptr->ciphers = global->ciphers; - ptr->caCertificates = global->caCertificates; -+ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading; - ptr->protocol = global->protocol; - ptr->peerVerifyMode = global->peerVerifyMode; - ptr->peerVerifyDepth = global->peerVerifyDepth; diff --git a/dev-qt/qtbase/qtbase-6.5.1-r1.ebuild b/dev-qt/qtbase/qtbase-6.5.1-r1.ebuild deleted file mode 100644 index fde9d03..000 --- a/dev-qt/qtbase/qtbase-6.5.1-r1.ebuild +++ /dev/null @@ -1,196 +0,0 @@ -# Copyright 2021-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit qt6-build - -DESCRIPTION="Cross-platform application development framework" - -if [[ ${QT6_BUILD_TYPE} == release ]]; then - KEYWORDS="~amd64" -fi - -# Qt Modules -IUSE="+concurrent +dbus +gui +network +sql opengl +widgets +xml zstd"
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: fbbe6f58b487453ab7f68a80e439249e4395bc9c Author: orbea riseup net> AuthorDate: Fri Jul 21 20:46:09 2023 + Commit: orbea riseup net> CommitDate: Fri Jul 21 20:46:09 2023 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=fbbe6f58 dev-qt/qtbase: add 6.5.2 Signed-off-by: orbea riseup.net> dev-qt/qtbase/Manifest | 1 + .../qtbase/files/qtbase-6.5.2-CVE-2023-38197.patch | 404 + dev-qt/qtbase/qtbase-6.5.2.ebuild | 196 ++ 3 files changed, 601 insertions(+) diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest index 3c5bf4d..f18d34b 100644 --- a/dev-qt/qtbase/Manifest +++ b/dev-qt/qtbase/Manifest @@ -1 +1,2 @@ DIST qtbase-everywhere-src-6.5.1.tar.xz 48287392 BLAKE2B 47872492f21a936d980891c28df61591380bc236adc66b57a90fbb87dd292cdeb3c632fb1159231ba40142d25e02944e4c5e8568153f1286e0a1abc8c5b26699 SHA512 7f7b20bbc25cda65266d6067cdd68e3e077636988d67dbf5783f79a61186135fb3a36d57ac72cfe4501012035b630ab1f5849148e4817726d4f459fa1937e91a +DIST qtbase-everywhere-src-6.5.2.tar.xz 48410716 BLAKE2B 578c69ede6f45a8b21cba0a24674d5d8801722503d13ab9578b06b2446ce15e6a84bcdbd0c5d2c9aa868ec70862f0845406c959ed79b695f82bb398ecf299c63 SHA512 8d97029aae5b73a3e03624c9a8495dbf2fe54a4f5e992071c06f3d93935e64c80f2121b33eeb60a92d96ceb288cb25d74906a5bf47b45bb018d859d4a2d13f20 diff --git a/dev-qt/qtbase/files/qtbase-6.5.2-CVE-2023-38197.patch b/dev-qt/qtbase/files/qtbase-6.5.2-CVE-2023-38197.patch new file mode 100644 index 000..220e94d --- /dev/null +++ b/dev-qt/qtbase/files/qtbase-6.5.2-CVE-2023-38197.patch @@ -0,0 +1,404 @@ +Upstream: https://codereview.qt-project.org/c/qt/qtbase/+/490550 +Upstream: https://lists.qt-project.org/pipermail/development/2023-July/044166.html + +From c216c3d9859a20b3aeec985512e89316423fc3a8 Mon Sep 17 00:00:00 2001 +From: Axel Spoerl +Date: Fri, 30 Jun 2023 12:43:59 +0200 +Subject: [PATCH] QXmlStreamReader: Raise error on unexpected tokens + +QXmlStreamReader accepted multiple DOCTYPE elements, containing DTD +fragments in the XML prolog, and in the XML body. +Well-formed but invalid XML files - with multiple DTD fragments in +prolog and body, combined with recursive entity expansions - have +caused infinite loops in QXmlStreamReader. + +This patch implements a token check in QXmlStreamReader. +A stream is allowed to start with an XML prolog. StartDocument +and DOCTYPE elements are only allowed in this prolog, which +may also contain ProcessingInstruction and Comment elements. +As soon as anything else is seen, the prolog ends. +After that, the prolog-specific elements are treated as unexpected. +Furthermore, the prolog can contain at most one DOCTYPE element. + +Update the documentation to reflect the new behavior. +Add an autotest that checks the new error cases are correctly detected, +and no error is raised for legitimate input. + +The original OSS-Fuzz files (see bug reports) are not included in this +patch for file size reasons. They have been tested manually. Each of +them has more than one DOCTYPE element, causing infinite loops in +recursive entity expansions. The newly implemented functionality +detects those invalid DTD fragments. By raising an error, it aborts +stream reading before an infinite loop occurs. + +Thanks to OSS-Fuzz for finding this. + +Fixes: QTBUG-92113 +Fixes: QTBUG-95188 +Change-Id: I0a082b9188b2eee50b396c4d5b1c9e1fd237bbdd +Reviewed-by: Volker Hilsheimer +(cherry picked from commit c4301be7d5f94852e1b17f2c2989d5ca807855d4) +--- + src/corelib/serialization/qxmlstream.cpp | 145 +++-- + src/corelib/serialization/qxmlstream_p.h | 11 ++ + .../qxmlstream/tokenError/dtdInBody.xml| 20 +++ + .../qxmlstream/tokenError/multipleDtd.xml | 20 +++ + .../qxmlstream/tokenError/wellFormed.xml | 15 +++ + .../serialization/qxmlstream/tst_qxmlstream.cpp| 39 ++ + 6 files changed, 242 insertions(+), 8 deletions(-) + create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml + create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml + create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml + +diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp +index 6e34d4da6e5a..cf46d690f122 100644 +--- a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp +@@ -185,7 +185,7 @@ WRAP(indexOf, QLatin1StringView) + addData() or by waiting for it to arrive on the device(). + + \value UnexpectedElementError The parser encountered an element +-that was different to those it expected. ++or token that was different to those it expected. + + */ + +@@ -322,13 +322,34 @@ QXmlStreamEntityResolver *QXmlStreamReader::entityResolver() const + + QXmlStreamReader is a well-formed XML 1.0 parser that does
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 9121a6d114c04e1530a14b657449d5d2aeb4c93b Author: orbea riseup net> AuthorDate: Wed May 24 17:13:13 2023 + Commit: orbea riseup net> CommitDate: Wed May 24 17:13:13 2023 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=9121a6d1 dev-qt/qtbase: add 6.5.0-r2 Signed-off-by: orbea riseup.net> .../qtbase/files/qtbase-6.5.0-CVE-2023-32762.patch | 54 ++ ...base-6.5.0-r1.ebuild => qtbase-6.5.0-r2.ebuild} | 1 + 2 files changed, 55 insertions(+) diff --git a/dev-qt/qtbase/files/qtbase-6.5.0-CVE-2023-32762.patch b/dev-qt/qtbase/files/qtbase-6.5.0-CVE-2023-32762.patch new file mode 100644 index 000..3574706 --- /dev/null +++ b/dev-qt/qtbase/files/qtbase-6.5.0-CVE-2023-32762.patch @@ -0,0 +1,54 @@ +From eae7c36d681acfb82572b56e24bbb2cd42242e57 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?M=C3=A5rten=20Nordheim?= +Date: Fri, 5 May 2023 11:07:26 +0200 +Subject: [PATCH] Hsts: match header names case insensitively + +Header field names are always considered to be case-insensitive. + +Fixes: QTBUG-113392 +Change-Id: Ifb4def4bb7f2ac070416cdc76581a769f1e52b43 +Reviewed-by: Qt CI Bot +Reviewed-by: Edward Welbourne +Reviewed-by: Volker Hilsheimer +(cherry picked from commit 1b736a815be0222f4b24289cf17575fc15707305) +Reviewed-by: Qt Cherry-pick Bot +--- + src/network/access/qhsts.cpp | 4 ++-- + tests/auto/network/access/hsts/tst_qhsts.cpp | 6 ++ + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp +index 39905f354807..82deede17298 100644 +--- a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp +@@ -327,8 +327,8 @@ quoted-pair= "\" CHAR + bool QHstsHeaderParser::parse(const QList> ) + { + for (const auto : headers) { +-// We use '==' since header name was already 'trimmed' for us: +-if (h.first == "Strict-Transport-Security") { ++// We compare directly because header name was already 'trimmed' for us: ++if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) { + header = h.second; + // RFC6797, 8.1: + // +diff --git a/tests/auto/network/access/hsts/tst_qhsts.cpp b/tests/auto/network/access/hsts/tst_qhsts.cpp +index 252f5e8f5792..97a2d2889e57 100644 +--- a/tests/auto/network/access/hsts/tst_qhsts.cpp b/tests/auto/network/access/hsts/tst_qhsts.cpp +@@ -216,6 +216,12 @@ void tst_QHsts::testSTSHeaderParser() + QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc()); + QVERIFY(parser.includeSubDomains()); + ++list.pop_back(); ++list << Header("strict-transport-security", "includeSubDomains;max-age=1000"); ++QVERIFY(parser.parse(list)); ++QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc()); ++QVERIFY(parser.includeSubDomains()); ++ + list.pop_back(); + // Invalid (includeSubDomains twice): + list << Header("Strict-Transport-Security", "max-age = 1000 ; includeSubDomains;includeSubDomains"); +-- +2.16.3 + diff --git a/dev-qt/qtbase/qtbase-6.5.0-r1.ebuild b/dev-qt/qtbase/qtbase-6.5.0-r2.ebuild similarity index 99% rename from dev-qt/qtbase/qtbase-6.5.0-r1.ebuild rename to dev-qt/qtbase/qtbase-6.5.0-r2.ebuild index e3c6abe..08f45a6 100644 --- a/dev-qt/qtbase/qtbase-6.5.0-r1.ebuild +++ b/dev-qt/qtbase/qtbase-6.5.0-r2.ebuild @@ -106,6 +106,7 @@ RDEPEND="${DEPEND}" PATCHES=( "${FILESDIR}/${PN}-6.5.0-libressl.patch" "${FILESDIR}/${PN}-6.5.0-setActiveWindow-deprecated-version.patch" + "${FILESDIR}/${PN}-6.5.0-CVE-2023-32762.patch" ) src_configure() {
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 7a3627237357385646db06e2ea2ae731700eee1e Author: Anna “CyberTailor” sysrq in> AuthorDate: Thu Apr 20 16:42:00 2023 + Commit: orbea riseup net> CommitDate: Fri Apr 21 14:56:30 2023 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=7a362723 dev-qt/qtbase: add 6.5.0, drop 6.4.2 Signed-off-by: Anna “CyberTailor” sysrq.in> Closes: https://github.com/gentoo/libressl/pull/529 Signed-off-by: orbea riseup.net> dev-qt/qtbase/Manifest | 2 +- ...-libressl.patch => qtbase-6.5.0-libressl.patch} | 296 +++-- ...-6.5.0-setActiveWindow-deprecated-version.patch | 35 +++ ...{qtbase-6.4.2.ebuild => qtbase-6.5.0-r1.ebuild} | 13 +- 4 files changed, 195 insertions(+), 151 deletions(-) diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest index e77cc5d..6b955e5 100644 --- a/dev-qt/qtbase/Manifest +++ b/dev-qt/qtbase/Manifest @@ -1 +1 @@ -DIST qtbase-everywhere-src-6.4.2.tar.xz 47987188 BLAKE2B 5d25d8b912ba775faa5855ad4326cbd19580cc7f98b997a9bbdb4a2216550a60b2c8a7a2ef1741a5dfd66ebde0d1cf5d0394215474c39c7779648b03c3892812 SHA512 b00cce7bfc29d3a34c9a2f08db147c4bfd962e178916d60033e1845b25eaeaa4fbd42f5c1d7e39453ddb412a4e91c22c8eae52745eda8a47e35a691054d5496e +DIST qtbase-everywhere-src-6.5.0.tar.xz 48020636 BLAKE2B 234000eeb6e1b57a1c7561613bf437453fc2db0d23d5ddd61c38961311a7de5263c086864554aff7a0bc1e5a406af78ef8342eed3c8a5f48b9237912614f380b SHA512 29f70b9a9650afdd8e34703a7a8191feab4c3a25d0bc3a41010ea842389335b24e2685721fdb4a03653475ebd9bf8a8e4f4a77bf5d64b1289590b5ca0e4623f3 diff --git a/dev-qt/qtbase/files/qtbase-6.4.2-libressl.patch b/dev-qt/qtbase/files/qtbase-6.5.0-libressl.patch similarity index 85% rename from dev-qt/qtbase/files/qtbase-6.4.2-libressl.patch rename to dev-qt/qtbase/files/qtbase-6.5.0-libressl.patch index f75f651..d3d7313 100644 --- a/dev-qt/qtbase/files/qtbase-6.4.2-libressl.patch +++ b/dev-qt/qtbase/files/qtbase-6.5.0-libressl.patch @@ -1,12 +1,148 @@ Fixes Qt6 build on LibreSSL. -https://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_cpp?rev=1.7 -https://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qopenssl_p_h?rev=1.2 -https://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qsslcontext_openssl_cpp?rev=1.2 -https://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qsslsocket_openssl_symbols_p_h?rev=1.2 -https://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qtls_openssl_cpp?rev=1.2 -https://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qx509_openssl_cpp?rev=1.2 +http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_cpp?rev=1.8 +http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qopenssl_p_h?rev=1.2 +http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qsslcontext_openssl_cpp?rev=1.2 +http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qsslsocket_openssl_symbols_p_h?rev=1.2 +http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qtls_openssl_cpp?rev=1.2 +http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qx509_openssl_cpp?rev=1.3 +--- a/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp b/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp +@@ -112,23 +112,37 @@ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYA + DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) + DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return) + DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return) ++#ifdef OPENSSL_NO_DEPRECATED_3_0 + DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return) ++DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return) + DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return) + DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return) ++#endif // OPENSSL_NO_DEPRECATED_3_0 ++#ifndef LIBRESSL_VERSION_NUMBER + DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return) + DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG) + DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return) + DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG) + DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) + DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) ++#else ++DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return) ++DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void