From 0a3d5f62f59ea08933fd51b22c8c35ea85e2ce7c Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Wed, 3 Jan 2024 19:55:55 +0000
Subject: gentoo auto-resync : 03:01:2024 - 19:55:55

---
 dev-qt/qtbase/Manifest                             |   2 +
 .../qtbase/files/qtbase-6.6.1-CVE-2023-51714.patch |  55 ++++
 dev-qt/qtbase/qtbase-6.6.1-r2.ebuild               | 362 +++++++++++++++++++++
 3 files changed, 419 insertions(+)
 create mode 100644 dev-qt/qtbase/files/qtbase-6.6.1-CVE-2023-51714.patch
 create mode 100644 dev-qt/qtbase/qtbase-6.6.1-r2.ebuild

(limited to 'dev-qt/qtbase')

diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest
index fc8c82056341..32ca811f1126 100644
--- a/dev-qt/qtbase/Manifest
+++ b/dev-qt/qtbase/Manifest
@@ -1,9 +1,11 @@
 AUX qtbase-6.5.2-hppa-forkfd-grow-stack.patch 1001 BLAKE2B 21fabd37d44ad496d2e114351c52bb56ed311f4939e243efc8c0e61b9090bc2dacf29590fa7b5ec21244df7d7f37960fdc2446079609fc7f38d450c0b3afd420 SHA512 4619902ea198a3565e9520206f88632e1c06518b42edfc7e0d2656b0593404bdc96fe0673ca56703858dc0697ee77593eac44cac9108fef4a5147ed7ab1470ca
 AUX qtbase-6.5.2-no-glx.patch 1298 BLAKE2B 83b399a1faa1bb976bc00b7d0b9721b2a2bc64f11f345d3ddb6019481c16f503a6faf1789c56fdbbb7a4d0bde5ffd9c1620dc677189d0e40008cef0ab02e732e SHA512 fcdd0ad2f0f6dadfea8ca00fbb93c18426eb4e12a8374f9f6d0c9fb2f4aa3bb9494e1c5eb0408066dbc4f9b5075c56f8b99a6336b9d66ac5558e99f38357f9ca
 AUX qtbase-6.5.2-no-symlink-check.patch 152 BLAKE2B 676ff8577f678fe3ed1e34e3fc8f7a9b16145259b2e23c432d4cb08465cb5d3a6685e557c9da862f3abb0d51459c7dc055155d804c3daef768bf0e9bdcc3b162 SHA512 6a82cb63812c7fa6d04e9ba9d017ce23ff1d620ec6ebcd575719678138d74e1298e3962d48e211ee72c9a533f03cb7a0fa47b428592a1402ec7ad1d1c487a4b4
+AUX qtbase-6.6.1-CVE-2023-51714.patch 2168 BLAKE2B dd30b68aea17c3a2d4d57327226cb9fd906f740184786a05ee643a47eb7a31c08fb0889811a76d15c330667378cd448d37b0fbbcaf120105d827164332f38c17 SHA512 8b4fdf64901c8a230dc0dfb3e5940c412560c8c51383abcb2257883ebf34768cf12cd343aa358dcdd25f99692c0426ef7c282a9dd79793f143b539470a8fb267
 AUX qtbase-6.6.1-forkfd-childstack-size.patch 861 BLAKE2B c5b1f471cf91150b6d6a643994284e95721f0739284680ba3e2d5d2332b3e0544c85f6dfb7129fccc3ed3beae24d7d3c919357d160bc9d5004426c68e8fa6321 SHA512 8c619b24cd9b7dd72ee975a66d6919718a0594eaeb0907454a9a9fd68a259db345f685aa9c87cf0c0c27b4194f621306a6f00f20dce95482bce7efe55fae00d6
 DIST qtbase-everywhere-src-6.6.1.tar.xz 48370760 BLAKE2B 2dd551d15eef30c7d9a5f4c406143d6f8908d7ebade9daf9fbd3d82a25765425956f2cb8689c50f87f6477de2150eee7b820ef25bb4355c51e7e7fad3ef73005 SHA512 93e77b9b077a3acd5607b643db282fdd7ed0bdfa07df74c3f0d2285afeb1672a6fa229a7e7a6c8a462701305fc22ffef20c212d906484e50fb5cdb706a7b72e1
 EBUILD qtbase-6.6.1-r1.ebuild 9827 BLAKE2B 35113f1f790be17a68775902d954aba7518ac4e4eefe6dde2b4ceb0f567bc947590efdf12ff2dd625fcabf56db8000c3e8c06d915b3b00eecf7c2a3e1d8ca7a3 SHA512 0077d3813ae8b86aa09dc2999efd7fd5a4146de21c268af94c26f8d7ee6992f6f2274725c4942a42deae1119f4fb1e3afced1d82dfb215a0c624d96de3dbd4c4
+EBUILD qtbase-6.6.1-r2.ebuild 9869 BLAKE2B 18941c37f6a3320b57005514b151494bbd3b28339b0371c54c03b8ee96dd7d97ccdb84d3208672fe640c6292f944aa1f14ec4cfee89071d832c94e476268a202 SHA512 323a41a20baca677e15593c0b79cf25841582509a8c34d56542ca03069398a33777cc4eae6d8fad07d383596f285905b22f1ee24299912eae333eab9a1a353ab
 EBUILD qtbase-6.6.9999.ebuild 9802 BLAKE2B 7f6e4f599859c886805c3cb8c1f121bf0afe35ac3ef8c4b58dfe94229d7a66b41ae768f209c74398bd5af5fd8354d8ff3c802de72f7f0fe8d42a74870b5e4fdd SHA512 2b681bbccd8fb04f7a1a76a993c6636d00fedaeda95acd1ae59f3f3d0d39be04721a075be9d9bd8d1c0bc49648a8cb7aa3c40188a6165ce25812b5b7fe26daf5
 EBUILD qtbase-6.7.9999.ebuild 9893 BLAKE2B 03feeb5173e6f4df50ae5cd01a516eab57f5713ec28508d3450e7a6fa66ff122f50b983241c0bc35f97c5df481e80666c63dc808105e80c2c2c02857f61c322d SHA512 820c187b379ead294eaea537dadd3de09137576dd66331cdd13fcd9308adb8053a896a5d00236138adf521efe441368af550aa577c12702c9b1cce01508fa3d6
 EBUILD qtbase-6.9999.ebuild 9893 BLAKE2B 03feeb5173e6f4df50ae5cd01a516eab57f5713ec28508d3450e7a6fa66ff122f50b983241c0bc35f97c5df481e80666c63dc808105e80c2c2c02857f61c322d SHA512 820c187b379ead294eaea537dadd3de09137576dd66331cdd13fcd9308adb8053a896a5d00236138adf521efe441368af550aa577c12702c9b1cce01508fa3d6
diff --git a/dev-qt/qtbase/files/qtbase-6.6.1-CVE-2023-51714.patch b/dev-qt/qtbase/files/qtbase-6.6.1-CVE-2023-51714.patch
new file mode 100644
index 000000000000..8d2b0e74ad08
--- /dev/null
+++ b/dev-qt/qtbase/files/qtbase-6.6.1-CVE-2023-51714.patch
@@ -0,0 +1,55 @@
+Combination of the two patches [1][2] for CVE-2023-51714[3],
+fixed in upcoming qtbase-6.6.2.
+
+https://bugs.gentoo.org/921292
+
+[1] https://codereview.qt-project.org/c/qt/qtbase/+/525295
+[2] https://codereview.qt-project.org/c/qt/qtbase/+/525297
+[3] https://lists.qt-project.org/pipermail/announce/2024-January/000465.html
+
+From 13c16b756900fe524f6d9534e8a07aa003c05e0c Mon Sep 17 00:00:00 2001
+From: Marc Mutz <marc.mutz@qt.io>
+Date: Tue, 12 Dec 2023 20:51:56 +0100
+Subject: [PATCH] HPack: fix a Yoda Condition
+
+Putting the variable on the LHS of a relational operation makes the
+expression easier to read. In this case, we find that the whole
+expression is nonsensical as an overflow protection, because if
+name.size() + value.size() overflows, the result will exactly _not_
+be > max() - 32, because UB will have happened.
+
+To be fixed in a follow-up commit.
+
+As a drive-by, add parentheses around the RHS.
+
+From 811b9eef6d08d929af8708adbf2a5effb0eb62d7 Mon Sep 17 00:00:00 2001
+From: Marc Mutz <marc.mutz@qt.io>
+Date: Tue, 12 Dec 2023 22:08:07 +0100
+Subject: [PATCH] HPack: fix incorrect integer overflow check
+
+This code never worked:
+
+For the comparison with max() - 32 to trigger, on 32-bit platforms (or
+Qt 5) signed interger overflow would have had to happen in the
+addition of the two sizes. The compiler can therefore remove the
+overflow check as dead code.
+
+On Qt 6 and 64-bit platforms, the signed integer addition would be
+very unlikely to overflow, but the following truncation to uint32
+would yield the correct result only in a narrow 32-value window just
+below UINT_MAX, if even that.
+
+Fix by using the proper tool, qAddOverflow.
+--- a/src/network/access/http2/hpacktable.cpp
++++ b/src/network/access/http2/hpacktable.cpp
+@@ -27,6 +27,8 @@
+     // 32 octets of overhead."
+ 
+-    const unsigned sum = unsigned(name.size() + value.size());
+-    if (std::numeric_limits<unsigned>::max() - 32 < sum)
++    size_t sum;
++    if (qAddOverflow(size_t(name.size()), size_t(value.size()), &sum))
++        return HeaderSize();
++    if (sum > (std::numeric_limits<unsigned>::max() - 32))
+         return HeaderSize();
+     return HeaderSize(true, quint32(sum + 32));
diff --git a/dev-qt/qtbase/qtbase-6.6.1-r2.ebuild b/dev-qt/qtbase/qtbase-6.6.1-r2.ebuild
new file mode 100644
index 000000000000..5b21d1f773b8
--- /dev/null
+++ b/dev-qt/qtbase/qtbase-6.6.1-r2.ebuild
@@ -0,0 +1,362 @@
+# Copyright 2021-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic qt6-build toolchain-funcs
+
+DESCRIPTION="Cross-platform application development framework"
+
+if [[ ${QT6_BUILD_TYPE} == release ]]; then
+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+declare -A QT6_IUSE=(
+	[global]="+ssl +udev zstd"
+	[core]="icu"
+	[modules]="+concurrent +dbus +gui +network +sql +xml"
+
+	[gui]="
+		+X accessibility eglfs evdev gles2-only +libinput
+		opengl tslib vulkan +widgets
+	"
+	[network]="brotli gssapi libproxy sctp"
+	[sql]="mysql oci8 odbc postgres +sqlite"
+	[widgets]="cups gtk"
+
+	[optfeature]="nls wayland" #810802,864509
+)
+IUSE="${QT6_IUSE[*]}"
+REQUIRED_USE="
+	$(
+		printf '%s? ( gui ) ' ${QT6_IUSE[gui]//+/}
+		printf '%s? ( network ) ' ${QT6_IUSE[network]//+/}
+		printf '%s? ( sql ) ' ${QT6_IUSE[sql]//+/}
+		printf '%s? ( gui widgets ) ' ${QT6_IUSE[widgets]//+/}
+	)
+	accessibility? ( dbus )
+	eglfs? ( opengl )
+	gles2-only? ( opengl )
+	gui? ( || ( X eglfs wayland ) )
+	libinput? ( udev )
+	sql? ( || ( ${QT6_IUSE[sql]//+/} ) )
+	test? ( icu sql? ( sqlite ) )
+"
+
+# groups:
+# - global (configure.cmake)
+# - qtcore (src/corelib/configure.cmake)
+# - qtgui (src/gui/configure.cmake)
+# - qtnetwork (src/network/configure.cmake)
+# - qtprintsupport (src/printsupport/configure.cmake) [gui+widgets]
+# - qtsql (src/plugins/sqldrivers/configure.cmake)
+RDEPEND="
+	sys-libs/zlib:=
+	ssl? ( dev-libs/openssl:= )
+	udev? ( virtual/libudev:= )
+	zstd? ( app-arch/zstd:= )
+
+	app-crypt/libb2
+	dev-libs/double-conversion:=
+	dev-libs/glib:2
+	dev-libs/libpcre2:=[pcre16,unicode(+)]
+	icu? ( dev-libs/icu:= )
+
+	dbus? ( sys-apps/dbus )
+	gui? (
+		media-libs/fontconfig
+		media-libs/freetype:2
+		media-libs/harfbuzz:=
+		media-libs/libjpeg-turbo:=
+		media-libs/libpng:=
+		x11-libs/libdrm
+		x11-libs/libxkbcommon[X?]
+		X? (
+			x11-libs/libICE
+			x11-libs/libSM
+			x11-libs/libX11
+			x11-libs/libxcb:=
+			x11-libs/xcb-util-cursor
+			x11-libs/xcb-util-image
+			x11-libs/xcb-util-keysyms
+			x11-libs/xcb-util-renderutil
+			x11-libs/xcb-util-wm
+		)
+		accessibility? ( app-accessibility/at-spi2-core:2 )
+		eglfs? ( media-libs/mesa[gbm(+)] )
+		evdev? ( sys-libs/mtdev )
+		libinput? ( dev-libs/libinput:= )
+		opengl? (
+			gles2-only? ( media-libs/libglvnd )
+			!gles2-only? ( media-libs/libglvnd[X?] )
+		)
+		tslib? ( x11-libs/tslib )
+		widgets? (
+			cups? ( net-print/cups )
+			gtk? (
+				x11-libs/gdk-pixbuf:2
+				x11-libs/gtk+:3
+				x11-libs/pango
+			)
+		)
+	)
+	network? (
+		brotli? ( app-arch/brotli:= )
+		gssapi? ( virtual/krb5 )
+		libproxy? ( net-libs/libproxy )
+	)
+	sql? (
+		mysql? ( dev-db/mysql-connector-c:= )
+		oci8? ( dev-db/oracle-instantclient:=[sdk] )
+		odbc? ( dev-db/unixODBC )
+		postgres? ( dev-db/postgresql:* )
+		sqlite? ( dev-db/sqlite:3 )
+	)
+"
+DEPEND="
+	${RDEPEND}
+	X? ( x11-base/xorg-proto )
+	gui? (
+		vulkan? ( dev-util/vulkan-headers )
+	)
+	network? (
+		sctp? ( net-misc/lksctp-tools )
+	)
+	test? (
+		elibc_musl? ( sys-libs/timezone-data )
+	)
+"
+BDEPEND="zstd? ( app-arch/libarchive[zstd] )" #910392
+PDEPEND="
+	nls? ( ~dev-qt/qttranslations-${PV}:6 )
+	wayland? ( ~dev-qt/qtwayland-${PV}:6 )
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-6.5.2-hppa-forkfd-grow-stack.patch
+	"${FILESDIR}"/${PN}-6.5.2-no-glx.patch
+	"${FILESDIR}"/${PN}-6.5.2-no-symlink-check.patch
+	"${FILESDIR}"/${PN}-6.6.1-forkfd-childstack-size.patch
+	"${FILESDIR}"/${P}-CVE-2023-51714.patch
+)
+
+src_prepare() {
+	qt6-build_src_prepare
+
+	if use test; then
+		# test itself has -Werror=strict-aliasing issues, drop for simplicity
+		sed -e '/add_subdirectory(qsharedpointer)/d' \
+			-i tests/auto/corelib/tools/CMakeLists.txt || die
+	fi
+}
+
+src_configure() {
+	local mycmakeargs=(
+		-DBUILD_WITH_PCH=OFF
+
+		-DINSTALL_ARCHDATADIR="${QT6_ARCHDATADIR}"
+		-DINSTALL_BINDIR="${QT6_BINDIR}"
+		-DINSTALL_DATADIR="${QT6_DATADIR}"
+		-DINSTALL_DOCDIR="${QT6_DOCDIR}"
+		-DINSTALL_EXAMPLESDIR="${QT6_EXAMPLESDIR}"
+		-DINSTALL_INCLUDEDIR="${QT6_HEADERDIR}"
+		-DINSTALL_LIBDIR="${QT6_LIBDIR}"
+		-DINSTALL_LIBEXECDIR="${QT6_LIBEXECDIR}"
+		-DINSTALL_MKSPECSDIR="${QT6_MKSPECSDIR}"
+		-DINSTALL_PLUGINSDIR="${QT6_PLUGINDIR}"
+		-DINSTALL_QMLDIR="${QT6_QMLDIR}"
+		-DINSTALL_SYSCONFDIR="${QT6_SYSCONFDIR}"
+		-DINSTALL_TRANSLATIONSDIR="${QT6_TRANSLATIONDIR}"
+
+		$(qt_feature ssl openssl)
+		$(qt_feature ssl openssl_linked)
+		$(qt_feature udev libudev)
+		$(qt_feature zstd)
+
+		# qtcore
+		$(qt_feature icu)
+
+		# tools
+		-DQT_FEATURE_androiddeployqt=OFF
+
+		# modules
+		$(qt_feature concurrent)
+		$(qt_feature dbus)
+		$(qt_feature gui)
+		$(qt_feature network)
+		$(qt_feature sql)
+		# trivial, and is often needed (sometimes even when not building tests)
+		-DQT_FEATURE_testlib=ON
+		$(qt_feature xml)
+	)
+
+	use gui && mycmakeargs+=(
+		$(qt_feature X xcb)
+		$(qt_feature X system_xcb_xinput)
+		$(qt_feature X xkbcommon_x11)
+		$(cmake_use_find_package X X11) # needed for truly no automagic
+		$(qt_feature accessibility accessibility_atspi_bridge)
+		$(qt_feature eglfs)
+		$(qt_feature evdev)
+		$(qt_feature evdev mtdev)
+		$(qt_feature libinput)
+		$(qt_feature tslib)
+		$(qt_feature vulkan)
+		$(qt_feature widgets)
+		-DINPUT_opengl=$(usex opengl $(usex gles2-only es2 desktop) no)
+		-DQT_FEATURE_system_textmarkdownreader=OFF # TODO?: package md4c
+	) && use widgets && mycmakeargs+=(
+		# note: qtprintsupport is enabled w/ gui+widgets regardless of USE=cups
+		$(qt_feature cups)
+		$(qt_feature gtk gtk3)
+	)
+
+	use network && mycmakeargs+=(
+		$(qt_feature brotli)
+		$(qt_feature gssapi)
+		$(qt_feature libproxy)
+		$(qt_feature sctp)
+		$(usev test -DQT_SKIP_DOCKER_COMPOSE=ON)
+	)
+
+	use sql && mycmakeargs+=(
+		-DQT_FEATURE_sql_db2=OFF # unpackaged
+		-DQT_FEATURE_sql_ibase=OFF # unpackaged
+		-DQT_FEATURE_sql_mimer=OFF # unpackaged
+		$(qt_feature mysql sql_mysql)
+		$(qt_feature oci8 sql_oci)
+		$(usev oci8 -DOracle_ROOT="${ESYSROOT}"/usr/$(get_libdir)/oracle/client)
+		$(qt_feature odbc sql_odbc)
+		$(qt_feature postgres sql_psql)
+		$(qt_feature sqlite sql_sqlite)
+		$(qt_feature sqlite system_sqlite)
+	)
+
+	if use amd64 || use x86; then
+		# see bug #913400 for explanations
+		local cpufeats=(
+			# list of checked cpu features in configure.cmake
+			avx avx2 avx512{bw,cd,dq,er,f,ifma,pf,vbmi,vbmi2,vl}
+			f16c rdrnd rdseed sse2 sse3 sse4_1 sse4_2 ssse3 vaes
+		)
+		# handle odd ones out not matching -m* and macros (keep same order)
+		local cpuflags=( "${cpufeats[@]}" aes sha )
+		local cpufeats+=( aesni shani )
+
+		local -a intrins
+		IFS=' ' read -ra intrins < <(
+			: "$(test-flags-CXX "${cpuflags[@]/#/-m}")"
+			$(tc-getCXX) -E -P ${_} ${CXXFLAGS} ${CPPFLAGS} - <<-EOF | tail -n 1
+				#if defined(__GNUC__) && (defined(__x86_64__) || defined(__i386__))
+				#include <x86intrin.h>
+				#endif
+				$(printf '__%s__ ' "${cpuflags[@]^^}")
+			EOF
+			assert
+		)
+
+		# do nothing and leave to qtbase if no macros expanded (test failed?)
+		if [[ \ ${intrins[*]} == *\ [^_\ ]* ]]; then
+			local -i i
+			for ((i=0; i<${#cpufeats[@]}; i++)); do
+				[[ ${intrins[i]} == __* ]] &&
+					mycmakeargs+=( -DQT_FEATURE_${cpufeats[i]}=OFF )
+			done
+			mycmakeargs+=( -DTEST_x86intrin=ON )
+		fi
+	fi
+
+	qt6-build_src_configure
+}
+
+src_test() {
+	local -x TZ=UTC
+	local -x LC_TIME=C
+
+	local CMAKE_SKIP_TESTS=(
+		# broken with out-of-source + if qtbase is not already installed
+		tst_moc
+		tst_qmake
+		# needs x11/opengl, we *could* run these but tend to be flaky
+		# when opengl rendering is involved (even if software-only)
+		tst_qopengl{,config,widget,window}
+		tst_qgraphicsview
+		tst_qx11info
+		# fails with network sandbox
+		tst_qdnslookup
+		# fails with sandbox
+		tst_qsharedmemory
+		# typical to lack SCTP support on non-generic kernels
+		tst_qsctpsocket
+		# randomly fails without -j1, and not worth it over this (bug #916181)
+		tst_qfiledialog{,2}
+		# these can be flaky depending on the environment/toolchain
+		tst_qlogging # backtrace log test can easily vary
+		tst_q{,raw}font # affected by available fonts / settings (bug #914737)
+		tst_qprinter # checks system's printers (bug #916216)
+		tst_qstorageinfo # checks mounted filesystems
+		# flaky due to using different test framework and fails with USE=-gui
+		tst_selftests
+		# known failing when using clang+glibc+stdc++, needs looking into
+		tst_qthread
+		# partially failing on x86 chroots and seemingly(?) harmless (dev-qt
+		# revdeps tests pass), skip globally to avoid keywording flakiness
+		tst_json
+		tst_qcolorspace
+		tst_qdoublevalidator
+		tst_qglobal
+		tst_qglyphrun
+		tst_qvectornd
+		tst_rcc
+		# similarly, but on armv7 and potentially others (bug #914028)
+		tst_qlineedit
+		tst_qpainter
+		# likewise, known failing on BE arches (bug #914033,914371,918878)
+		tst_qimagereader
+		tst_qimagewriter
+		tst_qpluginloader
+		tst_quuid
+		# partially broken on llvm-musl, needs looking into but skip to have
+		# a baseline for regressions (rest of dev-qt still passes with musl)
+		$(usev elibc_musl '
+			tst_qicoimageformat
+			tst_qimagereader
+			tst_qimage
+		')
+		# fails due to hppa's NaN handling, needs looking into (bug #914371)
+		$(usev hppa '
+			tst_qcborvalue
+			tst_qnumeric
+		')
+		# bug #914033
+		$(usev sparc '
+			tst_qbuffer
+			tst_qprocess
+			tst_qtconcurrentiteratekernel
+		')
+		# note: for linux, upstream only really runs+maintains tests for amd64
+		# https://doc.qt.io/qt-6/supported-platforms.html
+	)
+
+	qt6-build_src_test
+}
+
+src_install() {
+	qt6-build_src_install
+
+	if use test; then
+		local delete_bins=( # need a better way to handle this
+			clientserver copier crashingServer desktopsettingsaware_helper
+			echo fileWriterProcess modal_helper nospace 'one space'
+			paster qcommandlineparser_test_helper qfileopeneventexternal
+			socketprocess syslocaleapp tst_qhashseed_helper 'two space s'
+			write-read-write
+		)
+		local delete=( # sigh
+			"${D}${QT6_BINDIR}"/test*
+			"${delete_bins[@]/#/${D}${QT6_BINDIR}/}"
+		)
+		# using -f given not tracking which tests may be skipped or not
+		rm -rf -- "${delete[@]}" || die
+	fi
+}
-- 
cgit v1.2.3