gentoo auto-resync : 24:05:2023 - 03:01:18

3 files changed, 45 insertions, 2 deletions

diff --git a/dev-qt/qtnetwork/Manifest b/dev-qt/qtnetwork/Manifest
index 36c8bee27089..2997aaa79d4d 100644
--- a/dev-qt/qtnetwork/Manifest
+++ b/dev-qt/qtnetwork/Manifest
@@ -1,7 +1,8 @@
+AUX qtnetwork-5.15.9-CVE-2023-32762.patch 1598 BLAKE2B 2d7a37066205b9eb75df0783d49bb36b71e7fe5ee65a391b9d5578c283c6058bec951b9587b27ca63b658254f9c540e54460ea2c4f6a8503fb25da31e8c6d969 SHA512 f89d96bb473e38fc069c8d0afa9c7339647af30948f40de6fc432f55e0d23ba01d0a1ef29145213afd6dbae6992a436baa693dcace982fd0a906d7118e73ad14
 AUX qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch 4180 BLAKE2B b85be10b7274322b10eb4ab654aa83621655a495be641dd7d66ebdfc10749fe2aeb333f02b8fa4703e48eefec56e8657375c921320a22e601c9117fe605782e2 SHA512 f6ea5c46c252a3781de1364878692e76950b68f48e51cf042565cb7da0632310e7b85abe52054bb4571638645c2affa6ab20374c6b7c5beaa0b441b85a34956c
 DIST qtbase-5.15-gentoo-patchset-4.tar.xz 4884 BLAKE2B ef1f11ea63084b834e19a9bd4c4a146e0d47f10e6c1f540a23db64ba6b0d42f46d63f54f93587deae9ac528f6824fa0e88177fe109a53aaee7d8328d49e364cd SHA512 1ae6630cef6bead9187aaaf7c420566b2c1f946bfa22cb983c52267c098e9b1c7b82c99204cbd3eed5eb6ebde0359726e260fd449618802735af465ca39f0a1d
 DIST qtbase-5.15.9-gentoo-kde-1.tar.xz 748840 BLAKE2B 6601efaba2bd9f64edec9ab24a562b2850fe85e088acb2913a06a4a97f82fea015ae9cf20908e5044a0170a2f837cf94a67ac6e870da8ea6e7603057b5683c1a SHA512 60e6c338136affc936c776c129fd2d6620f5e36db8ded32970d59e953bf843786a6deea6cb529488dbd58dfc7c8ea9e71580026fdda8b364596f095e8e9b7791
 DIST qtbase-everywhere-opensource-src-5.15.9.tar.xz 50389220 BLAKE2B b1692f5907b7a262a8cad33d45935d76f72f2fb78b970b57fba76ef9f6789d1d7a435278a450ff1f3556c0846fa8dd8295707ead6adf21af6cd17fbe7f0d82f8 SHA512 2da78ea043c03fa4ff7c6a39c41a5d1b30af06248764e6f5eef3fe4aeb3f3d20e302fa7c5827112c89b6bc7c5c0c292454d127f9d7bb0d2031175f0f2c937ed3
-EBUILD qtnetwork-5.15.9-r1.ebuild 1681 BLAKE2B 6281de9484c05dfc94fc3a213cf64933a53da052c967d16cb461ce811026ab3024ea6ee0065dad7f6f58b533ecef5aebdcea983cf42e33ffb13e0aa5b38c8bc5 SHA512 d339def085d5c190144b486134e82184e2551b23717a288399014064c19e2f472554a11b2bf99dfb95f1ccabf3fae095a15d0f8c26303d547dfbc3b0af90902c
+EBUILD qtnetwork-5.15.9-r2.ebuild 1723 BLAKE2B 732826c77d8aeac48a308a10ff1da949d91f3f931931ac0799e7a20a6f3b332a3115550897446c746012ca3e8b0deda737dd0059632180d36f1e8786e9595558 SHA512 e9e224f7dc8e2e6343d4e0d4c0cbb5bf79ce3b055d6b3654e50da0928201f350bc19de5b3eb165c17de6583c4cdf80c71fb1d55494035febf6cc7bd0793406e0
 EBUILD qtnetwork-5.15.9.ebuild 1601 BLAKE2B 9cf47cc0adb7c85a2538161f2281e6e8dd4160b6aee2bc245e5837c1367a348478e17bca059d7d131b95ff6559c40ffb9641e72edce61134734637bd19471c33 SHA512 47873673446842b0afbbf0837ecd00aa8d7cd4d7cce5c095923a22a28fc8a419ec933b5e189b68b0be38b67b2677293d809ba26fa8a5b447c4f574129cacae7d
 MISC metadata.xml 877 BLAKE2B eefc4aa477bcc6ffb2a2fb0711861a9bd7c79af5c5febe0205da57a3fae7206f3ae96dffb8b57e15dfe2f1e26891691886e02984654556d3d53a269dde5ce757 SHA512 dad0239dceb378c1ad4f52c287fb5d61cc248ac533a3df3673b30c0f332eb5cd3a34255052afe2a42084bf1c1d6a1ee501723e43eb268ab5e215fb37f90bcf36
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch
new file mode 100644
index 000000000000..7509414bd317
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch
@@ -0,0 +1,39 @@
+From a196623892558623e467f20b67edb78794252a09 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
+Date: Fri, 5 May 2023 11:07:26 +0200
+Subject: [PATCH] Hsts: match header names case insensitively (CVE-2023-32762)
+
+Header field names are always considered to be case-insensitive.
+
+Pick-to: 6.5 6.5.1 6.2 5.15
+Fixes: QTBUG-113392
+Change-Id: Ifb4def4bb7f2ac070416cdc76581a769f1e52b43
+Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
+Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
+Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
+(cherry picked from commit 1b736a815be0222f4b24289cf17575fc15707305)
+
+* asturmlechner 2023-05-23: Upstream backport to 5.15 taken from
+  https://www.qt.io/blog/security-advisory-qt-network
+---
+ src/network/access/qhsts.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp
+index 0cef0ad3dc..be7ef7ff58 100644
+--- a/src/network/access/qhsts.cpp
++++ b/src/network/access/qhsts.cpp
+@@ -364,8 +364,8 @@ quoted-pair    = "\" CHAR
+ bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers)
+ {
+     for (const auto &h : headers) {
+-        // We use '==' since header name was already 'trimmed' for us:
+-        if (h.first == "Strict-Transport-Security") {
++        // We compare directly because header name was already 'trimmed' for us:
++        if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
+             header = h.second;
+             // RFC6797, 8.1:
+             //
+-- 
+2.40.1
+
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.9-r1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild
index 0566a4dd3c02..e3f87517c129 100644
--- a/dev-qt/qtnetwork/qtnetwork-5.15.9-r1.ebuild
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild
@@ -30,7 +30,10 @@ RDEPEND="${DEPEND}
 	networkmanager? ( net-misc/networkmanager )
 "
 
-PATCHES=( "${FILESDIR}/${P}-QDnsLookup-dont-overflow-the-buffer.patch" )
+PATCHES=(
+	"${FILESDIR}/${P}-QDnsLookup-dont-overflow-the-buffer.patch"
+	"${FILESDIR}/${P}-CVE-2023-32762.patch"
+)
 
 QT5_TARGET_SUBDIRS=(
 	src/network