From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 60096138334 for ; Wed, 6 Mar 2019 20:55:11 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 286D6E09B6; Wed, 6 Mar 2019 20:55:10 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id CB936E09B6 for ; Wed, 6 Mar 2019 20:55:09 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 8E64B335C16 for ; Wed, 6 Mar 2019 20:55:07 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 0502554F for ; Wed, 6 Mar 2019 20:55:06 +0000 (UTC) From: "Jimi Huotari" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jimi Huotari" Message-ID: <1551905445.32d376215b9ba05ff3d8abe9b76a36b08b1a6f7b.chiitoo@gentoo> Subject: [gentoo-commits] proj/qt:master commit in: dev-qt/qtwebengine/, dev-qt/qtwebengine/files/ X-VCS-Repository: proj/qt X-VCS-Files: dev-qt/qtwebengine/files/qtwebengine-5.12.1-CVE-2019-5786.patch dev-qt/qtwebengine/qtwebengine-5.12.9999.ebuild dev-qt/qtwebengine/qtwebengine-5.13.9999.ebuild dev-qt/qtwebengine/qtwebengine-5.9999.ebuild X-VCS-Directories: dev-qt/qtwebengine/files/ dev-qt/qtwebengine/ X-VCS-Committer: chiitoo X-VCS-Committer-Name: Jimi Huotari X-VCS-Revision: 32d376215b9ba05ff3d8abe9b76a36b08b1a6f7b X-VCS-Branch: master Date: Wed, 6 Mar 2019 20:55:06 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: a5f9b1cc-8918-4a13-8558-2a6adf82a472 X-Archives-Hash: 627694fa691ae8ee7f201d0c519650f1 commit: 32d376215b9ba05ff3d8abe9b76a36b08b1a6f7b Author: Jimi Huotari gentoo org> AuthorDate: Wed Mar 6 20:48:36 2019 +0000 Commit: Jimi Huotari gentoo org> CommitDate: Wed Mar 6 20:50:45 2019 +0000 URL: https://gitweb.gentoo.org/proj/qt.git/commit/?id=32d37621 dev-qt/qtwebengine: fix CVE-2019-5786 Bug: https://bugs.gentoo.org/679530 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Jimi Huotari gentoo.org> .../files/qtwebengine-5.12.1-CVE-2019-5786.patch | 29 ++++++++++++++++++++++ dev-qt/qtwebengine/qtwebengine-5.12.9999.ebuild | 1 + dev-qt/qtwebengine/qtwebengine-5.13.9999.ebuild | 2 ++ dev-qt/qtwebengine/qtwebengine-5.9999.ebuild | 5 +++- 4 files changed, 36 insertions(+), 1 deletion(-) diff --git a/dev-qt/qtwebengine/files/qtwebengine-5.12.1-CVE-2019-5786.patch b/dev-qt/qtwebengine/files/qtwebengine-5.12.1-CVE-2019-5786.patch new file mode 100644 index 00000000..5dbc6172 --- /dev/null +++ b/dev-qt/qtwebengine/files/qtwebengine-5.12.1-CVE-2019-5786.patch @@ -0,0 +1,29 @@ +# Bug: https://bugs.gentoo.org/679530 +# Chromium Gerrit: https://chromium-review.googlesource.com/c/chromium/src/+/1495209 + +--- a/src/3rdparty/chromium/third_party/blink/renderer/core/fileapi/file_reader_loader.cc ++++ b/src/3rdparty/chromium/third_party/blink/renderer/core/fileapi/file_reader_loader.cc +@@ -143,14 +143,16 @@ + if (!raw_data_ || error_code_ != FileErrorCode::kOK) + return nullptr; + +- DOMArrayBuffer* result = DOMArrayBuffer::Create(raw_data_->ToArrayBuffer()); +- if (finished_loading_) { +- array_buffer_result_ = result; +- AdjustReportedMemoryUsageToV8( +- -1 * static_cast(raw_data_->ByteLength())); +- raw_data_.reset(); ++ if (!finished_loading_) { ++ return DOMArrayBuffer::Create( ++ ArrayBuffer::Create(raw_data_->Data(), raw_data_->ByteLength())); + } +- return result; ++ ++ array_buffer_result_ = DOMArrayBuffer::Create(raw_data_->ToArrayBuffer()); ++ AdjustReportedMemoryUsageToV8(-1 * ++ static_cast(raw_data_->ByteLength())); ++ raw_data_.reset(); ++ return array_buffer_result_; + } + + String FileReaderLoader::StringResult() { diff --git a/dev-qt/qtwebengine/qtwebengine-5.12.9999.ebuild b/dev-qt/qtwebengine/qtwebengine-5.12.9999.ebuild index 48fcb535..50e3c61c 100644 --- a/dev-qt/qtwebengine/qtwebengine-5.12.9999.ebuild +++ b/dev-qt/qtwebengine/qtwebengine-5.12.9999.ebuild @@ -81,6 +81,7 @@ DEPEND="${RDEPEND} PATCHES+=( "${FILESDIR}/${PN}-5.12.0-nouveau-disable-gpu.patch" # bug 609752 + "${FILESDIR}/${PN}-5.12.1-CVE-2019-5786.patch" # bug 679530 ) src_prepare() { diff --git a/dev-qt/qtwebengine/qtwebengine-5.13.9999.ebuild b/dev-qt/qtwebengine/qtwebengine-5.13.9999.ebuild index cff56886..2b24b481 100644 --- a/dev-qt/qtwebengine/qtwebengine-5.13.9999.ebuild +++ b/dev-qt/qtwebengine/qtwebengine-5.13.9999.ebuild @@ -79,6 +79,8 @@ DEPEND="${RDEPEND} pax_kernel? ( sys-apps/elfix ) " +PATCHES+=( "${FILESDIR}/${PN}-5.12.1-CVE-2019-5786.patch" ) # bug 679530 + src_prepare() { use pax_kernel && PATCHES+=( "${FILESDIR}/${PN}-5.11.2-paxmark-mksnapshot.patch" ) diff --git a/dev-qt/qtwebengine/qtwebengine-5.9999.ebuild b/dev-qt/qtwebengine/qtwebengine-5.9999.ebuild index ff148cf7..fbf405c6 100644 --- a/dev-qt/qtwebengine/qtwebengine-5.9999.ebuild +++ b/dev-qt/qtwebengine/qtwebengine-5.9999.ebuild @@ -79,7 +79,10 @@ DEPEND="${RDEPEND} pax_kernel? ( sys-apps/elfix ) " -PATCHES=( "${FILESDIR}/${PN}-5.13.0-fixup-system-icu.patch" ) +PATCHES=( + "${FILESDIR}/${PN}-5.13.0-fixup-system-icu.patch" + "${FILESDIR}/${PN}-5.12.1-CVE-2019-5786.patch" # bug 679530 +) src_prepare() { use pax_kernel && PATCHES+=( "${FILESDIR}/${PN}-5.11.2-paxmark-mksnapshot.patch" )