From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1198908-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by finch.gentoo.org (Postfix) with ESMTPS id A488B138359
for <garchives@archives.gentoo.org>; Sat, 22 Aug 2020 18:52:47 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id BB050E082B;
Sat, 22 Aug 2020 18:52:46 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id 8EECDE082B
for <gentoo-commits@lists.gentoo.org>; Sat, 22 Aug 2020 18:52:46 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id 4771D340E62
for <gentoo-commits@lists.gentoo.org>; Sat, 22 Aug 2020 18:52:44 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
by oystercatcher.gentoo.org (Postfix) with ESMTP id B455830A
for <gentoo-commits@lists.gentoo.org>; Sat, 22 Aug 2020 18:52:42 +0000 (UTC)
From: "Andreas Sturmlechner" <asturm@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Andreas Sturmlechner" <asturm@gentoo.org>
Message-ID: <1598122342.621b799854a30f790193cf9f6177cb297048412a.asturm@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-qt/qtgui/files/, dev-qt/qtgui/
X-VCS-Repository: repo/gentoo
X-VCS-Files: dev-qt/qtgui/files/qtgui-5.14.2-CVE-2020-17507.patch dev-qt/qtgui/qtgui-5.14.2-r1.ebuild dev-qt/qtgui/qtgui-5.15.0-r1.ebuild
X-VCS-Directories: dev-qt/qtgui/files/ dev-qt/qtgui/
X-VCS-Committer: asturm
X-VCS-Committer-Name: Andreas Sturmlechner
X-VCS-Revision: 621b799854a30f790193cf9f6177cb297048412a
X-VCS-Branch: master
Date: Sat, 22 Aug 2020 18:52:42 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 5d435908-5808-4cee-a706-1c4df09fd8ce
X-Archives-Hash: 97437d138b32f4742e49468fafce34fb
commit: 621b799854a30f790193cf9f6177cb297048412a
Author: Jimi Huotari <chiitoo <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 20 12:03:19 2020 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sat Aug 22 18:52:22 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=621b7998
dev-qt/qtgui: fix CVE-2020-17507
Upstream commit: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=1616c719
Reported-by: John Helmert III (ajak) <jchelmert3 <AT> posteo.net>
Bug: https://bugs.gentoo.org/736924
Package-Manager: Portage-3.0.4, Repoman-3.0.1
Signed-off-by: Jimi Huotari <chiitoo <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/17183
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
.../qtgui/files/qtgui-5.14.2-CVE-2020-17507.patch | 39 +++++
dev-qt/qtgui/qtgui-5.14.2-r1.ebuild | 185 +++++++++++++++++++++
dev-qt/qtgui/qtgui-5.15.0-r1.ebuild | 185 +++++++++++++++++++++
3 files changed, 409 insertions(+)
diff --git a/dev-qt/qtgui/files/qtgui-5.14.2-CVE-2020-17507.patch b/dev-qt/qtgui/files/qtgui-5.14.2-CVE-2020-17507.patch
new file mode 100644
index 00000000000..cad9aa4b682
--- /dev/null
+++ b/dev-qt/qtgui/files/qtgui-5.14.2-CVE-2020-17507.patch
@@ -0,0 +1,39 @@
+From 1616c71921b73b227f56ccb3f2c49a994ec23440 Mon Sep 17 00:00:00 2001
+From: Allan Sandfeld Jensen <allan.jensen@qt.io>
+Date: Thu, 23 Jul 2020 11:48:48 +0200
+Subject: Fix buffer overflow in XBM parser
+
+Avoid parsing over the buffer limit, or interpreting non-hex
+as hex.
+
+This still leaves parsing of lines longer than 300 chars
+unreliable
+
+Change-Id: I1c57a7e530c4380f6f9040b2ec729ccd7dc7a5fb
+Reviewed-by: Robert Loehning <robert.loehning@qt.io>
+Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
+(cherry picked from commit c562c1fc19629fb505acd0f6380604840b634211)
+Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
+---
+ src/gui/image/qxbmhandler.cpp | 4 ++-
+ .../gui/image/qimagereader/tst_qimagereader.cpp | 38 ++++++++++++++++++++++
+ 2 files changed, 41 insertions(+), 1 deletion(-)
+
+diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp
+index f06561690c..72ce7f7ecd 100644
+--- a/src/gui/image/qxbmhandler.cpp
++++ b/src/gui/image/qxbmhandler.cpp
+@@ -159,7 +159,9 @@ static bool read_xbm_body(QIODevice *device, int w, int h, QImage *outImage)
+ w = (w+7)/8; // byte width
+
+ while (y < h) { // for all encoded bytes...
+- if (p) { // p = "0x.."
++ if (p && p < (buf + readBytes - 3)) { // p = "0x.."
++ if (!isxdigit(p[2]) || !isxdigit(p[3]))
++ return false;
+ *b++ = hex2byte(p+2);
+ p += 2;
+ if (++x == w && ++y < h) {
+--
+cgit v1.2.1
+
diff --git a/dev-qt/qtgui/qtgui-5.14.2-r1.ebuild b/dev-qt/qtgui/qtgui-5.14.2-r1.ebuild
new file mode 100644
index 00000000000..a676219df35
--- /dev/null
+++ b/dev-qt/qtgui/qtgui-5.14.2-r1.ebuild
@@ -0,0 +1,185 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="The GUI module and platform plugins for the Qt5 framework"
+SLOT=5/$(ver_cut 1-3) # bug 707658
+
+if [[ ${QT5_BUILD_TYPE} == release ]]; then
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+# TODO: linuxfb
+
+IUSE="accessibility dbus egl eglfs evdev +gif gles2-only ibus jpeg
+ +libinput +png tslib tuio +udev vnc vulkan wayland +X"
+REQUIRED_USE="
+ || ( eglfs X )
+ accessibility? ( dbus X )
+ eglfs? ( egl )
+ ibus? ( dbus )
+ libinput? ( udev )
+ X? ( gles2-only? ( egl ) )
+"
+
+RDEPEND="
+ dev-libs/glib:2
+ ~dev-qt/qtcore-${PV}:5=
+ dev-util/gtk-update-icon-cache
+ media-libs/fontconfig
+ >=media-libs/freetype-2.6.1:2
+ >=media-libs/harfbuzz-1.6.0:=
+ sys-libs/zlib:=
+ virtual/opengl
+ dbus? ( ~dev-qt/qtdbus-${PV} )
+ egl? ( media-libs/mesa[egl] )
+ eglfs? (
+ media-libs/mesa[gbm]
+ x11-libs/libdrm
+ )
+ evdev? ( sys-libs/mtdev )
+ gles2-only? ( media-libs/mesa[gles2] )
+ jpeg? ( virtual/jpeg:0 )
+ libinput? (
+ dev-libs/libinput:=
+ >=x11-libs/libxkbcommon-0.5.0
+ )
+ png? ( media-libs/libpng:0= )
+ tslib? ( >=x11-libs/tslib-1.21 )
+ tuio? ( ~dev-qt/qtnetwork-${PV} )
+ udev? ( virtual/libudev:= )
+ vnc? ( ~dev-qt/qtnetwork-${PV} )
+ vulkan? ( dev-util/vulkan-headers )
+ X? (
+ x11-libs/libICE
+ x11-libs/libSM
+ x11-libs/libX11
+ >=x11-libs/libxcb-1.12:=[xkb]
+ >=x11-libs/libxkbcommon-0.5.0[X]
+ x11-libs/xcb-util-image
+ x11-libs/xcb-util-keysyms
+ x11-libs/xcb-util-renderutil
+ x11-libs/xcb-util-wm
+ )
+"
+DEPEND="${RDEPEND}
+ evdev? ( sys-kernel/linux-headers )
+ udev? ( sys-kernel/linux-headers )
+"
+PDEPEND="
+ ibus? ( app-i18n/ibus )
+ wayland? ( ~dev-qt/qtwayland-${PV} )
+"
+
+QT5_TARGET_SUBDIRS=(
+ src/tools/qvkgen
+ src/gui
+ src/openglextensions
+ src/platformheaders
+ src/platformsupport
+ src/plugins/generic
+ src/plugins/imageformats
+ src/plugins/platforms
+ src/plugins/platforminputcontexts
+)
+
+QT5_GENTOO_CONFIG=(
+ accessibility:accessibility-atspi-bridge
+ egl:egl:
+ eglfs:eglfs:
+ eglfs:eglfs_egldevice:
+ eglfs:eglfs_gbm:
+ evdev:evdev:
+ evdev:mtdev:
+ :fontconfig:
+ :system-freetype:FREETYPE
+ !:no-freetype:
+ !gif:no-gif:
+ gles2-only::OPENGL_ES
+ gles2-only:opengles2:OPENGL_ES_2
+ !:no-gui:
+ :system-harfbuzz:
+ !:no-harfbuzz:
+ jpeg:system-jpeg:IMAGEFORMAT_JPEG
+ !jpeg:no-jpeg:
+ libinput
+ libinput:xkbcommon:
+ :opengl
+ png:png:
+ png:system-png:IMAGEFORMAT_PNG
+ !png:no-png:
+ tslib:tslib:
+ udev:libudev:
+ vulkan:vulkan:
+ X:xcb:
+ X:xcb-glx:
+ X:xcb-plugin:
+ X:xcb-render:
+ X:xcb-sm:
+ X:xcb-xlib:
+ X:xcb-xinput:
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :gui
+)
+
+PATCHES=(
+ "${FILESDIR}/qt-5.12-gcc-avx2.patch" # bug 672946
+ "${FILESDIR}/${PN}-5.14.1-cmake-macro-backward-compat.patch" # bug 703306
+ "${FILESDIR}/${PN}-5.14.2-CVE-2020-17507.patch" # bug 736924
+)
+
+src_prepare() {
+ # don't add -O3 to CXXFLAGS, bug 549140
+ sed -i -e '/CONFIG\s*+=/s/optimize_full//' src/gui/gui.pro || die
+
+ # egl_x11 is activated when both egl and X are enabled
+ use egl && QT5_GENTOO_CONFIG+=(X:egl_x11:) || QT5_GENTOO_CONFIG+=(egl:egl_x11:)
+
+ qt_use_disable_config dbus dbus \
+ src/platformsupport/themes/genericunix/genericunix.pri
+
+ qt_use_disable_config tuio tuiotouch src/plugins/generic/generic.pro
+
+ qt_use_disable_mod ibus dbus \
+ src/plugins/platforminputcontexts/platforminputcontexts.pro
+
+ use vnc || sed -i -e '/SUBDIRS += vnc/d' \
+ src/plugins/platforms/platforms.pro || die
+
+ qt5-build_src_prepare
+}
+
+src_configure() {
+ local myconf=(
+ $(usex dbus -dbus-linked '')
+ $(qt_use egl)
+ $(qt_use eglfs)
+ $(usex eglfs '-gbm -kms' '')
+ $(qt_use evdev)
+ $(qt_use evdev mtdev)
+ -fontconfig
+ -system-freetype
+ $(usex gif '' -no-gif)
+ -gui
+ -system-harfbuzz
+ $(qt_use jpeg libjpeg system)
+ $(qt_use libinput)
+ -opengl $(usex gles2-only es2 desktop)
+ $(qt_use png libpng system)
+ $(qt_use tslib)
+ $(qt_use udev libudev)
+ $(qt_use vulkan)
+ $(qt_use X xcb system)
+ $(usex X '-xcb-xlib -xcb-xinput -xkb' '')
+ )
+ if use libinput || use X; then
+ myconf+=( -xkbcommon )
+ fi
+ qt5-build_src_configure
+}
diff --git a/dev-qt/qtgui/qtgui-5.15.0-r1.ebuild b/dev-qt/qtgui/qtgui-5.15.0-r1.ebuild
new file mode 100644
index 00000000000..850f329c65a
--- /dev/null
+++ b/dev-qt/qtgui/qtgui-5.15.0-r1.ebuild
@@ -0,0 +1,185 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="The GUI module and platform plugins for the Qt5 framework"
+SLOT=5/$(ver_cut 1-3) # bug 707658
+
+if [[ ${QT5_BUILD_TYPE} == release ]]; then
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+# TODO: linuxfb
+
+IUSE="accessibility dbus egl eglfs evdev +gif gles2-only ibus jpeg
+ +libinput +png tslib tuio +udev vnc vulkan wayland +X"
+REQUIRED_USE="
+ || ( eglfs X )
+ accessibility? ( dbus X )
+ eglfs? ( egl )
+ ibus? ( dbus )
+ libinput? ( udev )
+ X? ( gles2-only? ( egl ) )
+"
+
+RDEPEND="
+ dev-libs/glib:2
+ ~dev-qt/qtcore-${PV}:5=
+ dev-util/gtk-update-icon-cache
+ media-libs/fontconfig
+ >=media-libs/freetype-2.6.1:2
+ >=media-libs/harfbuzz-1.6.0:=
+ sys-libs/zlib:=
+ virtual/opengl
+ dbus? ( ~dev-qt/qtdbus-${PV} )
+ egl? ( media-libs/mesa[egl] )
+ eglfs? (
+ media-libs/mesa[gbm]
+ x11-libs/libdrm
+ )
+ evdev? ( sys-libs/mtdev )
+ gles2-only? ( media-libs/mesa[gles2] )
+ jpeg? ( virtual/jpeg:0 )
+ libinput? (
+ dev-libs/libinput:=
+ >=x11-libs/libxkbcommon-0.5.0
+ )
+ png? ( media-libs/libpng:0= )
+ tslib? ( >=x11-libs/tslib-1.21 )
+ tuio? ( ~dev-qt/qtnetwork-${PV} )
+ udev? ( virtual/libudev:= )
+ vnc? ( ~dev-qt/qtnetwork-${PV} )
+ vulkan? ( dev-util/vulkan-headers )
+ X? (
+ x11-libs/libICE
+ x11-libs/libSM
+ x11-libs/libX11
+ >=x11-libs/libxcb-1.12:=[xkb]
+ >=x11-libs/libxkbcommon-0.5.0[X]
+ x11-libs/xcb-util-image
+ x11-libs/xcb-util-keysyms
+ x11-libs/xcb-util-renderutil
+ x11-libs/xcb-util-wm
+ )
+"
+DEPEND="${RDEPEND}
+ evdev? ( sys-kernel/linux-headers )
+ udev? ( sys-kernel/linux-headers )
+"
+PDEPEND="
+ ibus? ( app-i18n/ibus )
+ wayland? ( ~dev-qt/qtwayland-${PV} )
+"
+
+QT5_TARGET_SUBDIRS=(
+ src/tools/qvkgen
+ src/gui
+ src/openglextensions
+ src/platformheaders
+ src/platformsupport
+ src/plugins/generic
+ src/plugins/imageformats
+ src/plugins/platforms
+ src/plugins/platforminputcontexts
+)
+
+QT5_GENTOO_CONFIG=(
+ accessibility:accessibility-atspi-bridge
+ egl:egl:
+ eglfs:eglfs:
+ eglfs:eglfs_egldevice:
+ eglfs:eglfs_gbm:
+ evdev:evdev:
+ evdev:mtdev:
+ :fontconfig:
+ :system-freetype:FREETYPE
+ !:no-freetype:
+ !gif:no-gif:
+ gles2-only::OPENGL_ES
+ gles2-only:opengles2:OPENGL_ES_2
+ !:no-gui:
+ :system-harfbuzz:
+ !:no-harfbuzz:
+ jpeg:system-jpeg:IMAGEFORMAT_JPEG
+ !jpeg:no-jpeg:
+ libinput
+ libinput:xkbcommon:
+ :opengl
+ png:png:
+ png:system-png:IMAGEFORMAT_PNG
+ !png:no-png:
+ tslib:tslib:
+ udev:libudev:
+ vulkan:vulkan:
+ X:xcb:
+ X:xcb-glx:
+ X:xcb-plugin:
+ X:xcb-render:
+ X:xcb-sm:
+ X:xcb-xlib:
+ X:xcb-xinput:
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :gui
+)
+
+PATCHES=(
+ "${FILESDIR}/qt-5.12-gcc-avx2.patch" # bug 672946
+ "${FILESDIR}/${PN}-5.14.1-cmake-macro-backward-compat.patch" # bug 703306
+ "${FILESDIR}/${PN}-5.14.2-CVE-2020-17507.patch" # bug 736924
+)
+
+src_prepare() {
+ # don't add -O3 to CXXFLAGS, bug 549140
+ sed -i -e '/CONFIG\s*+=/s/optimize_full//' src/gui/gui.pro || die
+
+ # egl_x11 is activated when both egl and X are enabled
+ use egl && QT5_GENTOO_CONFIG+=(X:egl_x11:) || QT5_GENTOO_CONFIG+=(egl:egl_x11:)
+
+ qt_use_disable_config dbus dbus \
+ src/platformsupport/themes/genericunix/genericunix.pri
+
+ qt_use_disable_config tuio tuiotouch src/plugins/generic/generic.pro
+
+ qt_use_disable_mod ibus dbus \
+ src/plugins/platforminputcontexts/platforminputcontexts.pro
+
+ use vnc || sed -i -e '/SUBDIRS += vnc/d' \
+ src/plugins/platforms/platforms.pro || die
+
+ qt5-build_src_prepare
+}
+
+src_configure() {
+ local myconf=(
+ $(usex dbus -dbus-linked '')
+ $(qt_use egl)
+ $(qt_use eglfs)
+ $(usex eglfs '-gbm -kms' '')
+ $(qt_use evdev)
+ $(qt_use evdev mtdev)
+ -fontconfig
+ -system-freetype
+ $(usex gif '' -no-gif)
+ -gui
+ -system-harfbuzz
+ $(qt_use jpeg libjpeg system)
+ $(qt_use libinput)
+ -opengl $(usex gles2-only es2 desktop)
+ $(qt_use png libpng system)
+ $(qt_use tslib)
+ $(qt_use udev libudev)
+ $(qt_use vulkan)
+ $(qt_use X xcb)
+ $(usex X '-xcb-xlib' '')
+ )
+ if use libinput || use X; then
+ myconf+=( -xkbcommon )
+ fi
+ qt5-build_src_configure
+}