[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 062236cf874509ab4640351ec35a277b7e61d0c2
Author: Saki Xi riseup net>
AuthorDate: Fri May 3 00:34:23 2024 +
Commit: orbea riseup net>
CommitDate: Fri May 3 00:58:13 2024 +
URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=062236cf
dev-qt/qtbase: upstream sync
Signed-off-by: Saki Xi riseup.net>
Closes: https://github.com/gentoo/libressl/pull/558
Signed-off-by: orbea riseup.net>
.../qtbase/files/qtbase-6.7.0-CVE-2024-33861.patch | 23 ++
...base-6.7.0-r1.ebuild => qtbase-6.7.0-r2.ebuild} | 1 +
2 files changed, 24 insertions(+)
diff --git a/dev-qt/qtbase/files/qtbase-6.7.0-CVE-2024-33861.patch
b/dev-qt/qtbase/files/qtbase-6.7.0-CVE-2024-33861.patch
new file mode 100644
index 000..0a73d72
--- /dev/null
+++ b/dev-qt/qtbase/files/qtbase-6.7.0-CVE-2024-33861.patch
@@ -0,0 +1,23 @@
+https://bugs.gentoo.org/931096
+https://www.qt.io/blog/security-advisory-qstringconverter
+https://codereview.qt-project.org/c/qt/qtbase/+/556191
+--- a/src/corelib/text/qstringconverter.cpp
b/src/corelib/text/qstringconverter.cpp
+@@ -1954,7 +1954,7 @@ struct QStringConverterICU : QStringConverter
+ const void *context;
+ ucnv_getToUCallBack(icu_conv, , );
+ if (context != state)
+- ucnv_setToUCallBack(icu_conv, action, , nullptr, nullptr,
);
++ ucnv_setToUCallBack(icu_conv, action, state, nullptr, nullptr,
);
+
+ ucnv_toUnicode(icu_conv, , targetLimit, , sourceLimit,
nullptr, flush, );
+ // We did reserve enough space:
+@@ -1987,7 +1987,7 @@ struct QStringConverterICU : QStringConverter
+ const void *context;
+ ucnv_getFromUCallBack(icu_conv, , );
+ if (context != state)
+- ucnv_setFromUCallBack(icu_conv, action, , nullptr,
nullptr, );
++ ucnv_setFromUCallBack(icu_conv, action, state, nullptr, nullptr,
);
+
+ ucnv_fromUnicode(icu_conv, , targetLimit, ,
sourceLimit, nullptr, flush, );
+ // We did reserve enough space:
diff --git a/dev-qt/qtbase/qtbase-6.7.0-r1.ebuild
b/dev-qt/qtbase/qtbase-6.7.0-r2.ebuild
similarity index 99%
rename from dev-qt/qtbase/qtbase-6.7.0-r1.ebuild
rename to dev-qt/qtbase/qtbase-6.7.0-r2.ebuild
index fb2a882..50d8950 100644
--- a/dev-qt/qtbase/qtbase-6.7.0-r1.ebuild
+++ b/dev-qt/qtbase/qtbase-6.7.0-r2.ebuild
@@ -142,6 +142,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-6.6.3-gcc14-avx512fp16.patch
"${FILESDIR}"/${PN}-6.6.3-pkgconf-deps.patch
"${FILESDIR}"/${PN}-6.7.0-qspan-ifdef.patch
+ "${FILESDIR}"/${PN}-6.7.0-CVE-2024-33861.patch
)
src_prepare() {
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 3c72ae0b23aa64d4cae4b690adff6d794a4724fb
Author: orbea riseup net>
AuthorDate: Mon Apr 22 23:30:37 2024 +
Commit: orbea riseup net>
CommitDate: Mon Apr 22 23:30:37 2024 +
URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=3c72ae0b
dev-qt/qtbase: drop 6.6.2-r1, 6.6.3-r1
Signed-off-by: orbea riseup.net>
dev-qt/qtbase/Manifest| 2 -
dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch | 29 --
dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch | 13 -
dev-qt/qtbase/qtbase-6.6.2-r1.ebuild | 368 -
dev-qt/qtbase/qtbase-6.6.3-r1.ebuild | 371 --
5 files changed, 783 deletions(-)
diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest
index ca12030..339951b 100644
--- a/dev-qt/qtbase/Manifest
+++ b/dev-qt/qtbase/Manifest
@@ -1,3 +1 @@
-DIST qtbase-everywhere-src-6.6.2.tar.xz 48689304 BLAKE2B
e00f4ac7ede0694b7934612f7dc3acdd50139d385492034c3046625a973d8adbca059e9d4081e248502cab8c673806cdb6b8bc5cee6d9356bbb0a7845db528a2
SHA512
ea343bcf269779a4e078ed8baddfbe6c5ec4a34275c7d72b3f3928da60feece2ddc9ce4a380c6536a4e1654b483cee8918f8ad3038904725d2dd1c653ae83ece
-DIST qtbase-everywhere-src-6.6.3.tar.xz 48784716 BLAKE2B
f79e369c31968d026fb50dd64d53931ea28c25bd7eb442806760f733dbcacd868774d1c991d4da80c5eb40e24d75ffaba61b2cb9036fdc2d189f865b22143596
SHA512
cd96903a3947a1f5cf6a3ff21ab0b3209ed421d2a8c45acb34ae5aa7ad0501cb79e26cfa81bc02141d5731ebfa662442f37806e97994332077d963c9e70a5f54
DIST qtbase-everywhere-src-6.7.0.tar.xz 49314276 BLAKE2B
f4ec35fd3c15d56a28e1608dec927eaf34d84c2250405d921adadc16d90ec148f4983024dcf9be1832de91381d18e33fd7578d60d8654469e23530a210618e11
SHA512
72896cc5a677361779f49d60dbdfc33a21d77bd479e0586b0beb03eee2016d613aee56e798143a489431a07a5e7a7db4c7c046105a11b63dd178768f3a7f195a
diff --git a/dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch
b/dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch
deleted file mode 100644
index f8263d1..000
--- a/dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Fixes build with libglvnd[-X].
-
-https://github.com/qt/qtbase/commit/929d9a4ca5c9eb0a590479182471d0bbc81589aa
-From: Yaroslav Isakov
-Date: Sat, 8 Jul 2023 22:09:40 +0200
-Subject: [PATCH] Allow OpenGL to be found on X11-less Linux systems (using
- libOpenGL)
-
-Cmake supports finding OpenGL, even if there is no GLX (for glvnd) or
-old-style libGL. This change keeps old behavior, but in case, if
-X11-related OpenGL libraries cannot be found on Linux, it adds logic
-to check for (and link with) libOpenGL, if it is present.
a/cmake/FindWrapOpenGL.cmake
-+++ b/cmake/FindWrapOpenGL.cmake
-@@ -47,4 +47,14 @@
- target_link_libraries(WrapOpenGL::WrapOpenGL INTERFACE OpenGL::GL)
- endif()
-+elseif(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "Integrity")
-+# Requesting only the OpenGL component ensures CMake does not mark the
package as
-+# not found if neither GLX nor libGL are available. This allows finding
OpenGL
-+# on an X11-less Linux system.
-+find_package(OpenGL ${WrapOpenGL_FIND_VERSION} COMPONENTS OpenGL)
-+if (OpenGL_FOUND)
-+set(WrapOpenGL_FOUND ON)
-+add_library(WrapOpenGL::WrapOpenGL INTERFACE IMPORTED)
-+target_link_libraries(WrapOpenGL::WrapOpenGL INTERFACE OpenGL::OpenGL)
-+endif()
- endif()
-
diff --git a/dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch
b/dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch
deleted file mode 100644
index 1204dcc..000
--- a/dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-https://bugs.gentoo.org/925103
a/src/corelib/thread/qthread.h
-+++ b/src/corelib/thread/qthread.h
-@@ -166,5 +166,9 @@
- #elif defined(Q_PROCESSOR_X86_64) && ((defined(Q_OS_LINUX) &&
defined(__GLIBC__)) || defined(Q_OS_FREEBSD))
- // x86_64 Linux, BSD uses FS
-+# if defined(__ILP32__)
-+__asm__("mov %%fs:%c1, %0" : "=r" (tid) : "i" (2 * sizeof(void*)) : );
-+# else
- __asm__("movq %%fs:%c1, %0" : "=r" (tid) : "i" (2 * sizeof(void*)) : );
-+# endif
- #elif defined(Q_PROCESSOR_X86_64) && defined(Q_OS_WIN)
- // See https://en.wikipedia.org/wiki/Win32_Thread_Information_Block
diff --git a/dev-qt/qtbase/qtbase-6.6.2-r1.ebuild
b/dev-qt/qtbase/qtbase-6.6.2-r1.ebuild
deleted file mode 100644
index 420111b..000
--- a/dev-qt/qtbase/qtbase-6.6.2-r1.ebuild
+++ /dev/null
@@ -1,368 +0,0 @@
-# Copyright 2021-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic qt6-build toolchain-funcs
-
-DESCRIPTION="Cross-platform application development framework"
-
-if [[ ${QT6_BUILD_TYPE} == release ]]; then
- KEYWORDS="amd64 ~arm arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
-fi
-
-declare -A QT6_IUSE=(
- [global]="+ssl +udev zstd"
- [core]="icu"
- [modules]="+concurrent +dbus +gui +network +sql +xml"
-
- [gui]="
-
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 8520a12ca5a255ea1f0b0523a585f2d4396a51b3
Author: orbea riseup net>
AuthorDate: Sun Feb 25 02:05:21 2024 +
Commit: orbea riseup net>
CommitDate: Sun Feb 25 02:05:21 2024 +
URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=8520a12c
dev-qt/qtbase: sync ::gentoo
Signed-off-by: orbea riseup.net>
dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch | 13 +
dev-qt/qtbase/qtbase-6.6.2.ebuild | 1 +
2 files changed, 14 insertions(+)
diff --git a/dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch
b/dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch
new file mode 100644
index 000..1204dcc
--- /dev/null
+++ b/dev-qt/qtbase/files/qtbase-6.6.2-x32abi.patch
@@ -0,0 +1,13 @@
+https://bugs.gentoo.org/925103
+--- a/src/corelib/thread/qthread.h
b/src/corelib/thread/qthread.h
+@@ -166,5 +166,9 @@
+ #elif defined(Q_PROCESSOR_X86_64) && ((defined(Q_OS_LINUX) &&
defined(__GLIBC__)) || defined(Q_OS_FREEBSD))
+ // x86_64 Linux, BSD uses FS
++# if defined(__ILP32__)
++__asm__("mov %%fs:%c1, %0" : "=r" (tid) : "i" (2 * sizeof(void*)) : );
++# else
+ __asm__("movq %%fs:%c1, %0" : "=r" (tid) : "i" (2 * sizeof(void*)) : );
++# endif
+ #elif defined(Q_PROCESSOR_X86_64) && defined(Q_OS_WIN)
+ // See https://en.wikipedia.org/wiki/Win32_Thread_Information_Block
diff --git a/dev-qt/qtbase/qtbase-6.6.2.ebuild
b/dev-qt/qtbase/qtbase-6.6.2.ebuild
index aafc726..9348366 100644
--- a/dev-qt/qtbase/qtbase-6.6.2.ebuild
+++ b/dev-qt/qtbase/qtbase-6.6.2.ebuild
@@ -138,6 +138,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-6.5.2-no-glx.patch
"${FILESDIR}"/${PN}-6.5.2-no-symlink-check.patch
"${FILESDIR}"/${PN}-6.6.1-forkfd-childstack-size.patch
+ "${FILESDIR}"/${PN}-6.6.2-x32abi.patch
)
src_prepare() {
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 6ef9c10dd62b23238000728abf2f4acbe7b77848 Author: orbea riseup net> AuthorDate: Fri Dec 29 15:20:34 2023 + Commit: orbea riseup net> CommitDate: Fri Dec 29 15:20:34 2023 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=6ef9c10d dev-qt/qtbase: drop 6.5.3-r1, 6.6.0-r1 Signed-off-by: orbea riseup.net> dev-qt/qtbase/Manifest | 2 - dev-qt/qtbase/files/qtbase-6.5.0-libressl.patch| 449 - .../qtbase-6.5.3-forkfd-childstack-size.patch | 27 -- .../qtbase/files/qtbase-6.5.3-xkbcommon160.patch | 18 - dev-qt/qtbase/qtbase-6.5.3-r1.ebuild | 354 dev-qt/qtbase/qtbase-6.6.0-r1.ebuild | 356 6 files changed, 1206 deletions(-) diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest index 71ca1f2..67b563a 100644 --- a/dev-qt/qtbase/Manifest +++ b/dev-qt/qtbase/Manifest @@ -1,3 +1 @@ -DIST qtbase-everywhere-src-6.5.3.tar.xz 47142456 BLAKE2B 5b4c774b7199563dc7f2aebf9b2b531d851ee49bc038212f4970eeb43a17c364710432708f82a518eee6692ab123d78b642c234d9548d5b553f689a43aa05ee6 SHA512 31c6c01d466f1e01f18d6dcee593360c08ee83ad0a6be495a8eba023faad628cf07ce7285426fabfd247db306319e9a64da329682c99a712a282e32f7493cdb9 -DIST qtbase-everywhere-src-6.6.0.tar.xz 48350308 BLAKE2B 719e265dfafb4fd95f972a317acb95e2d83f8d62175c28ab97837c635435bdcd79bdca113362dea2f04dab799d4749e23056ddb9583908ee20ab23cedeca19b7 SHA512 4e85acefeddc0a3cd6ba615b4768f435c4e237a605172153a1777a10285dab83d9cf220c18ce6d723d051b8b432f3e92be94925b54c2eb972c2c1d9ace849e17 DIST qtbase-everywhere-src-6.6.1.tar.xz 48370760 BLAKE2B 2dd551d15eef30c7d9a5f4c406143d6f8908d7ebade9daf9fbd3d82a25765425956f2cb8689c50f87f6477de2150eee7b820ef25bb4355c51e7e7fad3ef73005 SHA512 93e77b9b077a3acd5607b643db282fdd7ed0bdfa07df74c3f0d2285afeb1672a6fa229a7e7a6c8a462701305fc22ffef20c212d906484e50fb5cdb706a7b72e1 diff --git a/dev-qt/qtbase/files/qtbase-6.5.0-libressl.patch b/dev-qt/qtbase/files/qtbase-6.5.0-libressl.patch deleted file mode 100644 index d3d7313..000 --- a/dev-qt/qtbase/files/qtbase-6.5.0-libressl.patch +++ /dev/null @@ -1,449 +0,0 @@ -Fixes Qt6 build on LibreSSL. - -http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_cpp?rev=1.8 -http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qopenssl_p_h?rev=1.2 -http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qsslcontext_openssl_cpp?rev=1.2 -http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qsslsocket_openssl_symbols_p_h?rev=1.2 -http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qtls_openssl_cpp?rev=1.2 -http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qx509_openssl_cpp?rev=1.3 - a/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp -+++ b/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp -@@ -112,23 +112,37 @@ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYA - DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) - DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return) - DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return) -+#ifdef OPENSSL_NO_DEPRECATED_3_0 - DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return) -+DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return) - DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return) - DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return) -+#endif // OPENSSL_NO_DEPRECATED_3_0 -+#ifndef LIBRESSL_VERSION_NUMBER - DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return) - DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG) - DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return) - DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG) - DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) - DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) -+#else -+DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return) -+DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG) -+DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return) -+DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG) -+DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG) -+DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return nullptr, return) -+#endif // LIBRESSL_VERSION_NUMBER - DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) - DEFINEFUNC2(qssloptions, SSL_CTX_set_options, SSL_CTX *ctx, ctx, qssloptions op,
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 16863d6c45c6839a1f4e27edf934a5ac29551f01
Author: orbea riseup net>
AuthorDate: Wed Dec 6 04:41:15 2023 +
Commit: orbea riseup net>
CommitDate: Wed Dec 6 04:41:15 2023 +
URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=16863d6c
dev-qt/qtbase: add 6.6.1-r1
Signed-off-by: orbea riseup.net>
dev-qt/qtbase/Manifest | 1 +
.../qtbase-6.6.1-forkfd-childstack-size.patch | 23 ++
dev-qt/qtbase/qtbase-6.6.1-r1.ebuild | 362 +
3 files changed, 386 insertions(+)
diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest
index b6ec5a5..dc81a32 100644
--- a/dev-qt/qtbase/Manifest
+++ b/dev-qt/qtbase/Manifest
@@ -1,3 +1,4 @@
DIST qtbase-everywhere-src-6.5.2.tar.xz 48410716 BLAKE2B
578c69ede6f45a8b21cba0a24674d5d8801722503d13ab9578b06b2446ce15e6a84bcdbd0c5d2c9aa868ec70862f0845406c959ed79b695f82bb398ecf299c63
SHA512
8d97029aae5b73a3e03624c9a8495dbf2fe54a4f5e992071c06f3d93935e64c80f2121b33eeb60a92d96ceb288cb25d74906a5bf47b45bb018d859d4a2d13f20
DIST qtbase-everywhere-src-6.5.3.tar.xz 47142456 BLAKE2B
5b4c774b7199563dc7f2aebf9b2b531d851ee49bc038212f4970eeb43a17c364710432708f82a518eee6692ab123d78b642c234d9548d5b553f689a43aa05ee6
SHA512
31c6c01d466f1e01f18d6dcee593360c08ee83ad0a6be495a8eba023faad628cf07ce7285426fabfd247db306319e9a64da329682c99a712a282e32f7493cdb9
DIST qtbase-everywhere-src-6.6.0.tar.xz 48350308 BLAKE2B
719e265dfafb4fd95f972a317acb95e2d83f8d62175c28ab97837c635435bdcd79bdca113362dea2f04dab799d4749e23056ddb9583908ee20ab23cedeca19b7
SHA512
4e85acefeddc0a3cd6ba615b4768f435c4e237a605172153a1777a10285dab83d9cf220c18ce6d723d051b8b432f3e92be94925b54c2eb972c2c1d9ace849e17
+DIST qtbase-everywhere-src-6.6.1.tar.xz 48370760 BLAKE2B
2dd551d15eef30c7d9a5f4c406143d6f8908d7ebade9daf9fbd3d82a25765425956f2cb8689c50f87f6477de2150eee7b820ef25bb4355c51e7e7fad3ef73005
SHA512
93e77b9b077a3acd5607b643db282fdd7ed0bdfa07df74c3f0d2285afeb1672a6fa229a7e7a6c8a462701305fc22ffef20c212d906484e50fb5cdb706a7b72e1
diff --git a/dev-qt/qtbase/files/qtbase-6.6.1-forkfd-childstack-size.patch
b/dev-qt/qtbase/files/qtbase-6.6.1-forkfd-childstack-size.patch
new file mode 100644
index 000..6b0ff17
--- /dev/null
+++ b/dev-qt/qtbase/files/qtbase-6.6.1-forkfd-childstack-size.patch
@@ -0,0 +1,23 @@
+Avoid crash that happens for some users in qsb, qmake, and
+potentially other Qt tools when ran under sandbox leading
+to build failures for qtdeclarative and other packages.
+
+Former fix involved replacing 4096 by SIGSTKSZ but
+bug #918664 shown that this may be insufficient so this
+tries 32k instead.
+
+https://bugs.gentoo.org/908809
+https://bugs.gentoo.org/908816
+https://bugs.gentoo.org/913493
+https://bugs.gentoo.org/915695
+https://bugs.gentoo.org/918664
+https://codereview.qt-project.org/c/qt/qtbase/+/513140
+--- a/src/3rdparty/forkfd/forkfd_linux.c
b/src/3rdparty/forkfd/forkfd_linux.c
+@@ -158,5 +158,5 @@
+ int system_vforkfd(int flags, pid_t *ppid, int (*childFn)(void *), void
*token, int *system)
+ {
+-__attribute__((aligned(64))) char childStack[SIGSTKSZ];
++__attribute__((aligned(64))) char childStack[32768];
+ pid_t pid;
+ int pidfd;
diff --git a/dev-qt/qtbase/qtbase-6.6.1-r1.ebuild
b/dev-qt/qtbase/qtbase-6.6.1-r1.ebuild
new file mode 100644
index 000..678d382
--- /dev/null
+++ b/dev-qt/qtbase/qtbase-6.6.1-r1.ebuild
@@ -0,0 +1,362 @@
+# Copyright 2021-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic qt6-build toolchain-funcs
+
+DESCRIPTION="Cross-platform application development framework"
+
+if [[ ${QT6_BUILD_TYPE} == release ]]; then
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc
~x86"
+fi
+
+declare -A QT6_IUSE=(
+ [global]="+ssl +udev zstd"
+ [core]="icu"
+ [modules]="+concurrent +dbus +gui +network +sql +xml"
+
+ [gui]="
+ +X accessibility eglfs evdev gles2-only +libinput
+ opengl tslib vulkan +widgets
+ "
+ [network]="brotli gssapi libproxy sctp"
+ [sql]="mysql oci8 odbc postgres +sqlite"
+ [widgets]="cups gtk"
+
+ [optfeature]="nls wayland" #810802,864509
+)
+IUSE="${QT6_IUSE[*]}"
+REQUIRED_USE="
+ $(
+ printf '%s? ( gui ) ' ${QT6_IUSE[gui]//+/}
+ printf '%s? ( network ) ' ${QT6_IUSE[network]//+/}
+ printf '%s? ( sql ) ' ${QT6_IUSE[sql]//+/}
+ printf '%s? ( gui widgets ) ' ${QT6_IUSE[widgets]//+/}
+ )
+ accessibility? ( dbus )
+ eglfs? ( opengl )
+ gles2-only? ( opengl )
+ gui? ( || ( X eglfs wayland ) )
+ libinput? ( udev )
+ sql? ( || ( ${QT6_IUSE[sql]//+/} ) )
+ test? ( icu sql? ( sqlite ) )
+"
+
+# groups:
+# - global (configure.cmake)
+# - qtcore (src/corelib/configure.cmake)
+# - qtgui (src/gui/configure.cmake)
+# - qtnetwork (src/network/configure.cmake)
+# -
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 8386075470cbc50e34e85629f57614aefc77fc4b
Author: Saki Xi riseup net>
AuthorDate: Thu Sep 28 16:16:28 2023 +
Commit: orbea riseup net>
CommitDate: Thu Sep 28 16:54:31 2023 +
URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=83860754
dev-qt/qtbase: Update upstream sync ::gentoo
Signed-off-by: Saki Xi riseup.net>
Closes: https://github.com/gentoo/libressl/pull/540
Signed-off-by: orbea riseup.net>
dev-qt/qtbase/Manifest | 1 +
.../qtbase-6.5.2-hppa-forkfd-grow-stack.patch | 28 ++
dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch | 29 ++
dev-qt/qtbase/qtbase-6.5.3.ebuild | 351 +
4 files changed, 409 insertions(+)
diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest
index 9476478..4622d92 100644
--- a/dev-qt/qtbase/Manifest
+++ b/dev-qt/qtbase/Manifest
@@ -1 +1,2 @@
DIST qtbase-everywhere-src-6.5.2.tar.xz 48410716 BLAKE2B
578c69ede6f45a8b21cba0a24674d5d8801722503d13ab9578b06b2446ce15e6a84bcdbd0c5d2c9aa868ec70862f0845406c959ed79b695f82bb398ecf299c63
SHA512
8d97029aae5b73a3e03624c9a8495dbf2fe54a4f5e992071c06f3d93935e64c80f2121b33eeb60a92d96ceb288cb25d74906a5bf47b45bb018d859d4a2d13f20
+DIST qtbase-everywhere-src-6.5.3.tar.xz 47142456 BLAKE2B
5b4c774b7199563dc7f2aebf9b2b531d851ee49bc038212f4970eeb43a17c364710432708f82a518eee6692ab123d78b642c234d9548d5b553f689a43aa05ee6
SHA512
31c6c01d466f1e01f18d6dcee593360c08ee83ad0a6be495a8eba023faad628cf07ce7285426fabfd247db306319e9a64da329682c99a712a282e32f7493cdb9
diff --git a/dev-qt/qtbase/files/qtbase-6.5.2-hppa-forkfd-grow-stack.patch
b/dev-qt/qtbase/files/qtbase-6.5.2-hppa-forkfd-grow-stack.patch
new file mode 100644
index 000..ccada9f
--- /dev/null
+++ b/dev-qt/qtbase/files/qtbase-6.5.2-hppa-forkfd-grow-stack.patch
@@ -0,0 +1,28 @@
+Patch taken from Debian[1], largely broken on HPPA without and several
+tests give segmentation faults[2].
+
+Needs upstreaming if someone familiar with HPPA wants to give this
+attention. Note forkfd is essentially maintained in qtbase's repo[3]
+rather than truly third party.
+
+[1] https://bugs.debian.org/1042018
+[2] https://bugs.gentoo.org/914371
+[3] https://code.qt.io/cgit/qt/qtbase.git/tree/src/3rdparty/forkfd
+
+Description: Change how stack grows on HPPA.
+ On HPPA stack grows upwards. This patch introduces this change for
+ this 3rd party code.
+Author: John David Anglin
+--- a/src/3rdparty/forkfd/forkfd_linux.c
b/src/3rdparty/forkfd/forkfd_linux.c
+@@ -170,5 +170,10 @@
+ *system = 1;
+
++#if defined(__hppa__)
++/* Stack grows up */
++pid = clone(childFn, childStack, cloneflags, token, , NULL, NULL);
++#else
+ pid = clone(childFn, childStack + sizeof(childStack), cloneflags, token,
, NULL, NULL);
++#endif
+ if (pid < 0)
+ return pid;
diff --git a/dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch
b/dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch
new file mode 100644
index 000..f8263d1
--- /dev/null
+++ b/dev-qt/qtbase/files/qtbase-6.5.2-no-glx.patch
@@ -0,0 +1,29 @@
+Fixes build with libglvnd[-X].
+
+https://github.com/qt/qtbase/commit/929d9a4ca5c9eb0a590479182471d0bbc81589aa
+From: Yaroslav Isakov
+Date: Sat, 8 Jul 2023 22:09:40 +0200
+Subject: [PATCH] Allow OpenGL to be found on X11-less Linux systems (using
+ libOpenGL)
+
+Cmake supports finding OpenGL, even if there is no GLX (for glvnd) or
+old-style libGL. This change keeps old behavior, but in case, if
+X11-related OpenGL libraries cannot be found on Linux, it adds logic
+to check for (and link with) libOpenGL, if it is present.
+--- a/cmake/FindWrapOpenGL.cmake
b/cmake/FindWrapOpenGL.cmake
+@@ -47,4 +47,14 @@
+ target_link_libraries(WrapOpenGL::WrapOpenGL INTERFACE OpenGL::GL)
+ endif()
++elseif(UNIX AND NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "Integrity")
++# Requesting only the OpenGL component ensures CMake does not mark the
package as
++# not found if neither GLX nor libGL are available. This allows finding
OpenGL
++# on an X11-less Linux system.
++find_package(OpenGL ${WrapOpenGL_FIND_VERSION} COMPONENTS OpenGL)
++if (OpenGL_FOUND)
++set(WrapOpenGL_FOUND ON)
++add_library(WrapOpenGL::WrapOpenGL INTERFACE IMPORTED)
++target_link_libraries(WrapOpenGL::WrapOpenGL INTERFACE OpenGL::OpenGL)
++endif()
+ endif()
+
diff --git a/dev-qt/qtbase/qtbase-6.5.3.ebuild
b/dev-qt/qtbase/qtbase-6.5.3.ebuild
new file mode 100644
index 000..df8f999
--- /dev/null
+++ b/dev-qt/qtbase/qtbase-6.5.3.ebuild
@@ -0,0 +1,351 @@
+# Copyright 2021-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic qt6-build toolchain-funcs
+
+DESCRIPTION="Cross-platform application development framework"
+
+if [[ ${QT6_BUILD_TYPE} == release ]]; then
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~x86"
+fi
+
+declare -A QT6_IUSE=(
+ [global]="+ssl +udev zstd"
+
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 2239c79daced0d97373e4811db08426d13a07c83
Author: orbea riseup net>
AuthorDate: Wed Sep 6 18:10:16 2023 +
Commit: orbea riseup net>
CommitDate: Wed Sep 6 18:10:16 2023 +
URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=2239c79d
dev-qt/qtbase: add 6.5.2-r1, drop 6.5.2
Signed-off-by: orbea riseup.net>
dev-qt/qtbase/files/qtbase-6.5.2-tests-gcc13.patch | 25 ++
dev-qt/qtbase/metadata.xml | 3 +-
dev-qt/qtbase/qtbase-6.5.2-r1.ebuild | 335 +
dev-qt/qtbase/qtbase-6.5.2.ebuild | 196
4 files changed, 361 insertions(+), 198 deletions(-)
diff --git a/dev-qt/qtbase/files/qtbase-6.5.2-tests-gcc13.patch
b/dev-qt/qtbase/files/qtbase-6.5.2-tests-gcc13.patch
new file mode 100644
index 000..431d89a
--- /dev/null
+++ b/dev-qt/qtbase/files/qtbase-6.5.2-tests-gcc13.patch
@@ -0,0 +1,25 @@
+https://bugreports.qt.io/browse/QTBUG-114785
+https://code.qt.io/cgit/qt/qtbase.git/commit/?id=3e801b5477a7abfe4b87f20639e345bf3dc7eca8
+From: Martin Jansa
+Date: Sat, 29 Apr 2023 13:01:56 +0200
+Subject: [PATCH] tinycbor: fix build with gcc-13
+
+Fixes: QTBUG-114785
+Pick-to: 6.6 6.5
+Change-Id: I4876ebd8890eee883a0d1a2bef8cb7aec4fd0f2f
+Reviewed-by: Thiago Macieira
+--- a/src/3rdparty/tinycbor/tests/encoder/data.cpp
b/src/3rdparty/tinycbor/tests/encoder/data.cpp
+@@ -239,9 +239,9 @@
+ QTest::newRow("0.f16") << raw("\xf9\0\0") <<
QVariant::fromValue(qfloat16(0));
+ QTest::newRow("-1.f16") << raw("\xf9\xbc\0") <<
QVariant::fromValue(qfloat16(-1));
+ QTest::newRow("1.5f16") << raw("\xf9\x3e\0") <<
QVariant::fromValue(qfloat16(1.5));
+-QTest::newRow("nan_f16") << raw("\xf9\x7e\0") <<
QVariant::fromValue(myNaNf());
+-QTest::newRow("-inf_f16") << raw("\xf9\xfc\0") <<
QVariant::fromValue(myNInff());
+-QTest::newRow("+inf_f16") << raw("\xf9\x7c\0") <<
QVariant::fromValue(myInff());
++QTest::newRow("nan_f16") << raw("\xf9\x7e\0") <<
QVariant::fromValue(qfloat16(myNaNf()));
++QTest::newRow("-inf_f16") << raw("\xf9\xfc\0") <<
QVariant::fromValue(qfloat16(myNInff()));
++QTest::newRow("+inf_f16") << raw("\xf9\x7c\0") <<
QVariant::fromValue(qfloat16(myInff()));
+ #endif
+
+ QTest::newRow("0.f") << raw("\xfa\0\0\0\0") << QVariant::fromValue(0.f);
diff --git a/dev-qt/qtbase/metadata.xml b/dev-qt/qtbase/metadata.xml
index d828e06..573775d 100644
--- a/dev-qt/qtbase/metadata.xml
+++ b/dev-qt/qtbase/metadata.xml
@@ -9,7 +9,6 @@
Enable support for Brotli
decompression
Build Qt6Concurrent module
Build Qt6DBus module
- Enable EGL integration
Build the EGL Full Screen/Single Surface
platform plugin
Enable support for input devices via
evdev
Enable support for GSSAPI
(virtual/krb5)
@@ -21,13 +20,13 @@
Build Qt6Sql module
Enable native journald logging
support
Enable support for touchscreen devices via
x11-libs/tslib
- Build plugin to receive touch events over the
TUIO protocol
Build Qt6Widgets module
Build the XCB platform plugin and enable X11
integration
https://bugreports.qt.io/
https://doc.qt.io/
+ qt/qtbase
diff --git a/dev-qt/qtbase/qtbase-6.5.2-r1.ebuild
b/dev-qt/qtbase/qtbase-6.5.2-r1.ebuild
new file mode 100644
index 000..e0bb6d1
--- /dev/null
+++ b/dev-qt/qtbase/qtbase-6.5.2-r1.ebuild
@@ -0,0 +1,335 @@
+# Copyright 2021-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic qt6-build toolchain-funcs
+
+DESCRIPTION="Cross-platform application development framework"
+
+if [[ ${QT6_BUILD_TYPE} == release ]]; then
+ KEYWORDS="~amd64"
+fi
+
+declare -A QT6_IUSE=(
+ [global]="+ssl +udev zstd"
+ [core]="icu systemd"
+ [modules]="+concurrent +dbus +gui +network +sql +xml"
+
+ [gui]="
+ +X accessibility eglfs evdev gles2-only +libinput
+ opengl tslib vulkan +widgets
+ "
+ [network]="brotli gssapi libproxy sctp"
+ [sql]="mysql oci8 odbc postgres +sqlite"
+ [widgets]="cups gtk"
+
+ [optfeature]="wayland" #864509
+)
+IUSE="${QT6_IUSE[*]}"
+REQUIRED_USE="
+ $(
+ printf '%s? ( gui ) ' ${QT6_IUSE[gui]//+/}
+ printf '%s? ( network ) ' ${QT6_IUSE[network]//+/}
+ printf '%s? ( sql ) ' ${QT6_IUSE[sql]//+/}
+ printf '%s? ( gui widgets ) ' ${QT6_IUSE[widgets]//+/}
+ )
+ accessibility? ( X dbus )
+ eglfs? ( opengl )
+ gui? ( || ( X eglfs wayland ) )
+ libinput? ( udev )
+ sql? ( || ( ${QT6_IUSE[sql]//+/} ) )
+ test? ( icu sql? ( sqlite ) )
+"
+
+# groups:
+# - global (configure.cmake)
+# -
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 232704864cb16d7f2f0253253b25c4ed73e5fefd
Author: orbea riseup net>
AuthorDate: Wed Jul 26 14:44:51 2023 +
Commit: orbea riseup net>
CommitDate: Wed Jul 26 14:44:51 2023 +
URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=23270486
dev-qt/qtbase: drop 6.5.1-r1
Signed-off-by: orbea riseup.net>
dev-qt/qtbase/Manifest | 1 -
.../qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch | 54 --
dev-qt/qtbase/qtbase-6.5.1-r1.ebuild | 196 -
3 files changed, 251 deletions(-)
diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest
index f18d34b..9476478 100644
--- a/dev-qt/qtbase/Manifest
+++ b/dev-qt/qtbase/Manifest
@@ -1,2 +1 @@
-DIST qtbase-everywhere-src-6.5.1.tar.xz 48287392 BLAKE2B
47872492f21a936d980891c28df61591380bc236adc66b57a90fbb87dd292cdeb3c632fb1159231ba40142d25e02944e4c5e8568153f1286e0a1abc8c5b26699
SHA512
7f7b20bbc25cda65266d6067cdd68e3e077636988d67dbf5783f79a61186135fb3a36d57ac72cfe4501012035b630ab1f5849148e4817726d4f459fa1937e91a
DIST qtbase-everywhere-src-6.5.2.tar.xz 48410716 BLAKE2B
578c69ede6f45a8b21cba0a24674d5d8801722503d13ab9578b06b2446ce15e6a84bcdbd0c5d2c9aa868ec70862f0845406c959ed79b695f82bb398ecf299c63
SHA512
8d97029aae5b73a3e03624c9a8495dbf2fe54a4f5e992071c06f3d93935e64c80f2121b33eeb60a92d96ceb288cb25d74906a5bf47b45bb018d859d4a2d13f20
diff --git a/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch
b/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch
deleted file mode 100644
index 6f12647..000
--- a/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From: https://lists.qt-project.org/pipermail/development/2023-June/044031.html
-
a/src/plugins/tls/schannel/qtls_schannel.cpp
-+++ b/src/plugins/tls/schannel/qtls_schannel.cpp
-@@ -2106,6 +2106,27 @@ bool
TlsCryptographSchannel::verifyCertContext(CERT_CONTEXT *certContext)
- verifyDepth = DWORD(q->peerVerifyDepth());
-
- const auto = q->sslConfiguration().caCertificates();
-+
-+if (!rootCertOnDemandLoadingAllowed()
-+&& !(chain->TrustStatus.dwErrorStatus &
CERT_TRUST_IS_PARTIAL_CHAIN)
-+&& (q->peerVerifyMode() == QSslSocket::VerifyPeer
-+|| (isClient && q->peerVerifyMode() ==
QSslSocket::AutoVerifyPeer))) {
-+// When verifying a peer Windows "helpfully" builds a chain that
-+// may include roots from the system store. But we don't want that if
-+// the user has set their own CA certificates.
-+// Since Windows claims this is not a partial chain the root is
included
-+// and we have to check that it is one of our configured CAs.
-+CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1];
-+QSslCertificate certificate = getCertificateFromChainElement(element);
-+if (!caCertificates.contains(certificate)) {
-+auto error = QSslError(QSslError::CertificateUntrusted,
certificate);
-+sslErrors += error;
-+emit q->peerVerifyError(error);
-+if (q->state() != QAbstractSocket::ConnectedState)
-+return false;
-+}
-+}
-+
- QList peerCertificateChain;
- for (DWORD i = 0; i < verifyDepth; i++) {
- CERT_CHAIN_ELEMENT *element = chain->rgpElement[i];
-
a/src/network/ssl/qsslsocket.cpp
-+++ b/src/network/ssl/qsslsocket.cpp
-@@ -1973,6 +1973,10 @@ QSslSocketPrivate::QSslSocketPrivate()
- , flushTriggered(false)
- {
- QSslConfigurationPrivate::deepCopyDefaultConfiguration();
-+// If the global configuration doesn't allow root certificates to be
loaded
-+// on demand then we have to disable it for this socket as well.
-+if (!configuration.allowRootCertOnDemandLoading)
-+allowRootCertOnDemandLoading = false;
-
- const auto *tlsBackend = tlsBackendInUse();
- if (!tlsBackend) {
-@@ -2281,6 +2285,7 @@ void
QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
- ptr->sessionProtocol = global->sessionProtocol;
- ptr->ciphers = global->ciphers;
- ptr->caCertificates = global->caCertificates;
-+ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
- ptr->protocol = global->protocol;
- ptr->peerVerifyMode = global->peerVerifyMode;
- ptr->peerVerifyDepth = global->peerVerifyDepth;
diff --git a/dev-qt/qtbase/qtbase-6.5.1-r1.ebuild
b/dev-qt/qtbase/qtbase-6.5.1-r1.ebuild
deleted file mode 100644
index fde9d03..000
--- a/dev-qt/qtbase/qtbase-6.5.1-r1.ebuild
+++ /dev/null
@@ -1,196 +0,0 @@
-# Copyright 2021-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit qt6-build
-
-DESCRIPTION="Cross-platform application development framework"
-
-if [[ ${QT6_BUILD_TYPE} == release ]]; then
- KEYWORDS="~amd64"
-fi
-
-# Qt Modules
-IUSE="+concurrent +dbus +gui +network +sql opengl +widgets +xml zstd"
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: fbbe6f58b487453ab7f68a80e439249e4395bc9c Author: orbea riseup net> AuthorDate: Fri Jul 21 20:46:09 2023 + Commit: orbea riseup net> CommitDate: Fri Jul 21 20:46:09 2023 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=fbbe6f58 dev-qt/qtbase: add 6.5.2 Signed-off-by: orbea riseup.net> dev-qt/qtbase/Manifest | 1 + .../qtbase/files/qtbase-6.5.2-CVE-2023-38197.patch | 404 + dev-qt/qtbase/qtbase-6.5.2.ebuild | 196 ++ 3 files changed, 601 insertions(+) diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest index 3c5bf4d..f18d34b 100644 --- a/dev-qt/qtbase/Manifest +++ b/dev-qt/qtbase/Manifest @@ -1 +1,2 @@ DIST qtbase-everywhere-src-6.5.1.tar.xz 48287392 BLAKE2B 47872492f21a936d980891c28df61591380bc236adc66b57a90fbb87dd292cdeb3c632fb1159231ba40142d25e02944e4c5e8568153f1286e0a1abc8c5b26699 SHA512 7f7b20bbc25cda65266d6067cdd68e3e077636988d67dbf5783f79a61186135fb3a36d57ac72cfe4501012035b630ab1f5849148e4817726d4f459fa1937e91a +DIST qtbase-everywhere-src-6.5.2.tar.xz 48410716 BLAKE2B 578c69ede6f45a8b21cba0a24674d5d8801722503d13ab9578b06b2446ce15e6a84bcdbd0c5d2c9aa868ec70862f0845406c959ed79b695f82bb398ecf299c63 SHA512 8d97029aae5b73a3e03624c9a8495dbf2fe54a4f5e992071c06f3d93935e64c80f2121b33eeb60a92d96ceb288cb25d74906a5bf47b45bb018d859d4a2d13f20 diff --git a/dev-qt/qtbase/files/qtbase-6.5.2-CVE-2023-38197.patch b/dev-qt/qtbase/files/qtbase-6.5.2-CVE-2023-38197.patch new file mode 100644 index 000..220e94d --- /dev/null +++ b/dev-qt/qtbase/files/qtbase-6.5.2-CVE-2023-38197.patch @@ -0,0 +1,404 @@ +Upstream: https://codereview.qt-project.org/c/qt/qtbase/+/490550 +Upstream: https://lists.qt-project.org/pipermail/development/2023-July/044166.html + +From c216c3d9859a20b3aeec985512e89316423fc3a8 Mon Sep 17 00:00:00 2001 +From: Axel Spoerl +Date: Fri, 30 Jun 2023 12:43:59 +0200 +Subject: [PATCH] QXmlStreamReader: Raise error on unexpected tokens + +QXmlStreamReader accepted multiple DOCTYPE elements, containing DTD +fragments in the XML prolog, and in the XML body. +Well-formed but invalid XML files - with multiple DTD fragments in +prolog and body, combined with recursive entity expansions - have +caused infinite loops in QXmlStreamReader. + +This patch implements a token check in QXmlStreamReader. +A stream is allowed to start with an XML prolog. StartDocument +and DOCTYPE elements are only allowed in this prolog, which +may also contain ProcessingInstruction and Comment elements. +As soon as anything else is seen, the prolog ends. +After that, the prolog-specific elements are treated as unexpected. +Furthermore, the prolog can contain at most one DOCTYPE element. + +Update the documentation to reflect the new behavior. +Add an autotest that checks the new error cases are correctly detected, +and no error is raised for legitimate input. + +The original OSS-Fuzz files (see bug reports) are not included in this +patch for file size reasons. They have been tested manually. Each of +them has more than one DOCTYPE element, causing infinite loops in +recursive entity expansions. The newly implemented functionality +detects those invalid DTD fragments. By raising an error, it aborts +stream reading before an infinite loop occurs. + +Thanks to OSS-Fuzz for finding this. + +Fixes: QTBUG-92113 +Fixes: QTBUG-95188 +Change-Id: I0a082b9188b2eee50b396c4d5b1c9e1fd237bbdd +Reviewed-by: Volker Hilsheimer +(cherry picked from commit c4301be7d5f94852e1b17f2c2989d5ca807855d4) +--- + src/corelib/serialization/qxmlstream.cpp | 145 +++-- + src/corelib/serialization/qxmlstream_p.h | 11 ++ + .../qxmlstream/tokenError/dtdInBody.xml| 20 +++ + .../qxmlstream/tokenError/multipleDtd.xml | 20 +++ + .../qxmlstream/tokenError/wellFormed.xml | 15 +++ + .../serialization/qxmlstream/tst_qxmlstream.cpp| 39 ++ + 6 files changed, 242 insertions(+), 8 deletions(-) + create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/dtdInBody.xml + create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/multipleDtd.xml + create mode 100644 tests/auto/corelib/serialization/qxmlstream/tokenError/wellFormed.xml + +diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp +index 6e34d4da6e5a..cf46d690f122 100644 +--- a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp +@@ -185,7 +185,7 @@ WRAP(indexOf, QLatin1StringView) + addData() or by waiting for it to arrive on the device(). + + \value UnexpectedElementError The parser encountered an element +-that was different to those it expected. ++or token that was different to those it expected. + + */ + +@@ -322,13 +322,34 @@ QXmlStreamEntityResolver *QXmlStreamReader::entityResolver() const + + QXmlStreamReader is a well-formed XML 1.0 parser that does
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 9121a6d114c04e1530a14b657449d5d2aeb4c93b
Author: orbea riseup net>
AuthorDate: Wed May 24 17:13:13 2023 +
Commit: orbea riseup net>
CommitDate: Wed May 24 17:13:13 2023 +
URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=9121a6d1
dev-qt/qtbase: add 6.5.0-r2
Signed-off-by: orbea riseup.net>
.../qtbase/files/qtbase-6.5.0-CVE-2023-32762.patch | 54 ++
...base-6.5.0-r1.ebuild => qtbase-6.5.0-r2.ebuild} | 1 +
2 files changed, 55 insertions(+)
diff --git a/dev-qt/qtbase/files/qtbase-6.5.0-CVE-2023-32762.patch
b/dev-qt/qtbase/files/qtbase-6.5.0-CVE-2023-32762.patch
new file mode 100644
index 000..3574706
--- /dev/null
+++ b/dev-qt/qtbase/files/qtbase-6.5.0-CVE-2023-32762.patch
@@ -0,0 +1,54 @@
+From eae7c36d681acfb82572b56e24bbb2cd42242e57 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?M=C3=A5rten=20Nordheim?=
+Date: Fri, 5 May 2023 11:07:26 +0200
+Subject: [PATCH] Hsts: match header names case insensitively
+
+Header field names are always considered to be case-insensitive.
+
+Fixes: QTBUG-113392
+Change-Id: Ifb4def4bb7f2ac070416cdc76581a769f1e52b43
+Reviewed-by: Qt CI Bot
+Reviewed-by: Edward Welbourne
+Reviewed-by: Volker Hilsheimer
+(cherry picked from commit 1b736a815be0222f4b24289cf17575fc15707305)
+Reviewed-by: Qt Cherry-pick Bot
+---
+ src/network/access/qhsts.cpp | 4 ++--
+ tests/auto/network/access/hsts/tst_qhsts.cpp | 6 ++
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp
+index 39905f354807..82deede17298 100644
+--- a/src/network/access/qhsts.cpp
b/src/network/access/qhsts.cpp
+@@ -327,8 +327,8 @@ quoted-pair= "\" CHAR
+ bool QHstsHeaderParser::parse(const QList>
)
+ {
+ for (const auto : headers) {
+-// We use '==' since header name was already 'trimmed' for us:
+-if (h.first == "Strict-Transport-Security") {
++// We compare directly because header name was already 'trimmed' for
us:
++if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive)
== 0) {
+ header = h.second;
+ // RFC6797, 8.1:
+ //
+diff --git a/tests/auto/network/access/hsts/tst_qhsts.cpp
b/tests/auto/network/access/hsts/tst_qhsts.cpp
+index 252f5e8f5792..97a2d2889e57 100644
+--- a/tests/auto/network/access/hsts/tst_qhsts.cpp
b/tests/auto/network/access/hsts/tst_qhsts.cpp
+@@ -216,6 +216,12 @@ void tst_QHsts::testSTSHeaderParser()
+ QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc());
+ QVERIFY(parser.includeSubDomains());
+
++list.pop_back();
++list << Header("strict-transport-security",
"includeSubDomains;max-age=1000");
++QVERIFY(parser.parse(list));
++QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc());
++QVERIFY(parser.includeSubDomains());
++
+ list.pop_back();
+ // Invalid (includeSubDomains twice):
+ list << Header("Strict-Transport-Security", "max-age = 1000 ;
includeSubDomains;includeSubDomains");
+--
+2.16.3
+
diff --git a/dev-qt/qtbase/qtbase-6.5.0-r1.ebuild
b/dev-qt/qtbase/qtbase-6.5.0-r2.ebuild
similarity index 99%
rename from dev-qt/qtbase/qtbase-6.5.0-r1.ebuild
rename to dev-qt/qtbase/qtbase-6.5.0-r2.ebuild
index e3c6abe..08f45a6 100644
--- a/dev-qt/qtbase/qtbase-6.5.0-r1.ebuild
+++ b/dev-qt/qtbase/qtbase-6.5.0-r2.ebuild
@@ -106,6 +106,7 @@ RDEPEND="${DEPEND}"
PATCHES=(
"${FILESDIR}/${PN}-6.5.0-libressl.patch"
"${FILESDIR}/${PN}-6.5.0-setActiveWindow-deprecated-version.patch"
+ "${FILESDIR}/${PN}-6.5.0-CVE-2023-32762.patch"
)
src_configure() {
[gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/
commit: 7a3627237357385646db06e2ea2ae731700eee1e
Author: Anna “CyberTailor” sysrq in>
AuthorDate: Thu Apr 20 16:42:00 2023 +
Commit: orbea riseup net>
CommitDate: Fri Apr 21 14:56:30 2023 +
URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=7a362723
dev-qt/qtbase: add 6.5.0, drop 6.4.2
Signed-off-by: Anna “CyberTailor” sysrq.in>
Closes: https://github.com/gentoo/libressl/pull/529
Signed-off-by: orbea riseup.net>
dev-qt/qtbase/Manifest | 2 +-
...-libressl.patch => qtbase-6.5.0-libressl.patch} | 296 +++--
...-6.5.0-setActiveWindow-deprecated-version.patch | 35 +++
...{qtbase-6.4.2.ebuild => qtbase-6.5.0-r1.ebuild} | 13 +-
4 files changed, 195 insertions(+), 151 deletions(-)
diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest
index e77cc5d..6b955e5 100644
--- a/dev-qt/qtbase/Manifest
+++ b/dev-qt/qtbase/Manifest
@@ -1 +1 @@
-DIST qtbase-everywhere-src-6.4.2.tar.xz 47987188 BLAKE2B
5d25d8b912ba775faa5855ad4326cbd19580cc7f98b997a9bbdb4a2216550a60b2c8a7a2ef1741a5dfd66ebde0d1cf5d0394215474c39c7779648b03c3892812
SHA512
b00cce7bfc29d3a34c9a2f08db147c4bfd962e178916d60033e1845b25eaeaa4fbd42f5c1d7e39453ddb412a4e91c22c8eae52745eda8a47e35a691054d5496e
+DIST qtbase-everywhere-src-6.5.0.tar.xz 48020636 BLAKE2B
234000eeb6e1b57a1c7561613bf437453fc2db0d23d5ddd61c38961311a7de5263c086864554aff7a0bc1e5a406af78ef8342eed3c8a5f48b9237912614f380b
SHA512
29f70b9a9650afdd8e34703a7a8191feab4c3a25d0bc3a41010ea842389335b24e2685721fdb4a03653475ebd9bf8a8e4f4a77bf5d64b1289590b5ca0e4623f3
diff --git a/dev-qt/qtbase/files/qtbase-6.4.2-libressl.patch
b/dev-qt/qtbase/files/qtbase-6.5.0-libressl.patch
similarity index 85%
rename from dev-qt/qtbase/files/qtbase-6.4.2-libressl.patch
rename to dev-qt/qtbase/files/qtbase-6.5.0-libressl.patch
index f75f651..d3d7313 100644
--- a/dev-qt/qtbase/files/qtbase-6.4.2-libressl.patch
+++ b/dev-qt/qtbase/files/qtbase-6.5.0-libressl.patch
@@ -1,12 +1,148 @@
Fixes Qt6 build on LibreSSL.
-https://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_cpp?rev=1.7
-https://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qopenssl_p_h?rev=1.2
-https://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qsslcontext_openssl_cpp?rev=1.2
-https://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qsslsocket_openssl_symbols_p_h?rev=1.2
-https://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qtls_openssl_cpp?rev=1.2
-https://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qx509_openssl_cpp?rev=1.2
+http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_cpp?rev=1.8
+http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qopenssl_p_h?rev=1.2
+http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qsslcontext_openssl_cpp?rev=1.2
+http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qsslsocket_openssl_symbols_p_h?rev=1.2
+http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qtls_openssl_cpp?rev=1.2
+http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qx509_openssl_cpp?rev=1.3
+--- a/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
b/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
+@@ -112,23 +112,37 @@ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYA
+ DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return)
+ DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return)
+ DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return)
++#ifdef OPENSSL_NO_DEPRECATED_3_0
+ DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE
*e, e, return nullptr, return)
++DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE
*e, e, return nullptr, return)
+ DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0,
return)
+ DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return)
++#endif // OPENSSL_NO_DEPRECATED_3_0
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return)
+ DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*),
b, return, DUMMYARG)
+ DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return
nullptr, return)
+ DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return,
DUMMYARG)
+ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
+ DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return
nullptr, return)
++#else
++DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return)
++DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void
