From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1477625-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id BEB7215800F
	for <garchives@archives.gentoo.org>; Sun, 15 Jan 2023 12:37:00 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id EB1B0E08F6;
	Sun, 15 Jan 2023 12:36:56 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id CBC03E08F6
	for <gentoo-commits@lists.gentoo.org>; Sun, 15 Jan 2023 12:36:56 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id C8182340F4D
	for <gentoo-commits@lists.gentoo.org>; Sun, 15 Jan 2023 12:36:55 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 89D19899
	for <gentoo-commits@lists.gentoo.org>; Sun, 15 Jan 2023 12:36:52 +0000 (UTC)
From: "Andreas Sturmlechner" <asturm@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Andreas Sturmlechner" <asturm@gentoo.org>
Message-ID: <1673786192.90c0da93ba084e79f9e5468d1b3759bc0a351a89.asturm@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-qt/qtwebengine/
X-VCS-Repository: repo/gentoo
X-VCS-Files: dev-qt/qtwebengine/Manifest dev-qt/qtwebengine/qtwebengine-5.15.8_p20230112.ebuild
X-VCS-Directories: dev-qt/qtwebengine/
X-VCS-Committer: asturm
X-VCS-Committer-Name: Andreas Sturmlechner
X-VCS-Revision: 90c0da93ba084e79f9e5468d1b3759bc0a351a89
X-VCS-Branch: master
Date: Sun, 15 Jan 2023 12:36:52 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: e1d5eebb-ca6a-4160-8309-acf6e2141b6e
X-Archives-Hash: e625adbc2d6c4174f6364258d1e87567

commit:     90c0da93ba084e79f9e5468d1b3759bc0a351a89
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 14 12:12:33 2023 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sun Jan 15 12:36:32 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90c0da93

dev-qt/qtwebengine: add 5.15.8_p20230112

Fixes CVE-2022-4437 and CVE-2022-4438.

Snapshotted at:
Branch: 5.15
Commit: 38e0df6c6e5a1186b68df9b3d6f4cafbb211f2da

Submodule qtwebengine-chromium.git:
Branch: 87-based
Commit: 97a1254923022e66fa75245c3ace64f58112cba6

Patched with security patches up to Chromium version: 98.0.4758.102

Bug: https://bugs.gentoo.org/888946
Bug: https://bugs.gentoo.org/888181
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>

 dev-qt/qtwebengine/Manifest                        |   1 +
 .../qtwebengine-5.15.8_p20230112.ebuild            | 284 +++++++++++++++++++++
 2 files changed, 285 insertions(+)

diff --git a/dev-qt/qtwebengine/Manifest b/dev-qt/qtwebengine/Manifest
index 6f9f75c68502..9e66ddba2e79 100644
--- a/dev-qt/qtwebengine/Manifest
+++ b/dev-qt/qtwebengine/Manifest
@@ -3,5 +3,6 @@ DIST qtwebengine-5.15.2_p20211019-jumbo-build.patch.bz2 2930 BLAKE2B fca1d140687
 DIST qtwebengine-5.15.3_p20220406-patchset.tar.xz 35480 BLAKE2B ce6aeebbb3255196611130d04ee7a3907ba45d6d2a283f2433e2176cf67e473e74137b180de0a9998762cc54439bb06825815e81e9f95f9413ce2956ac9308b7 SHA512 47e29a1429dce2db324929af91c8ef8421c75ae48f5a491db71b434f8017a5b1e7475e9938989e331e8e012220852848565242e09747892e1a8a8d3ab7386840
 DIST qtwebengine-5.15.7_p20221122.tar.xz 319323408 BLAKE2B f0f7d566e84a78bae964bf34ccb305d51ae3c0b73bea2b382edca373a5240ab63ce6d90a1f81c8e70fd1f1eb05f9985fccbdae36958afe9dd8fa9c95a72775e0 SHA512 42665d2d7d227aeb04b9f7af0728ea5b07978e221b858fd2855595ad588d709bacbea18ab9e0c3a023579e5e3b80cdf6d3ff721573631ee43626bd37fb424225
 DIST qtwebengine-5.15.8_p20230106.tar.xz 319368288 BLAKE2B cbf6abc941cc20d7568c458726ccd371d5c6838b93e034e79767a2f98a00576a89a81eeb2964fb549df5f347cb8927863c15bf082c6abb749ed90cbe69c9677c SHA512 9b65cb69945516ee57945ccf59b2f60182673e7a77e29418269a285c708a5dcd4ddfdd6c23e187280e68d7abee4e1dc2d00da6678393a44e88b88702db337615
+DIST qtwebengine-5.15.8_p20230112.tar.xz 320881876 BLAKE2B 681fb4e2c6dfb80f1f2839092bbbd891a0a0d68f6b31dbdfe8693b8ea9a0ecd9611ba692b0565f32fc2ad199de715cf61e333d796df618572f79d9ed88545ffb SHA512 1806e7a3134579a5cfc0c932cc95ffb15edc515c2ff32b01eee9de8245938f95301610cd7b57451a07a9e38451111973b88c1d64a03f1371e58106bf202b143e
 DIST qtwebengine-everywhere-src-6.4.0.tar.xz 440346968 BLAKE2B ffe9ad9f71034d14f016a71bf3e6034853d5c2b17a3ab3e8aefc1c3a79896363eb2ce41446f16e126ec313608619900ee7ac41750978c28f135df5bbc2e0be5c SHA512 a024781c675c60ca746abb6cd977872b51e3f4a7ff9f934450b82e9b19883c68c0c6c630c28997624f0caceed3c43e8b0658419ecb18cf08fa9081275bedd2a7
 DIST qtwebengine-everywhere-src-6.4.2.tar.xz 440538956 BLAKE2B df94e0e8e22d11614d0d35002c0e404e6735d75e7b43bef1bfd3d5e1230a997625fe8471d8a9154798cc1f9b9c296c2b697ec70fba0428d509d1352d6d3fafee SHA512 47b184a690d4fa5ccccaa3533903068df7b28825aeb16b7c75e3c7cc29fe0cfdf07501c5f0311926c22852f626b0cd59c836d44527261dc7d5c1efbf7e15439b

diff --git a/dev-qt/qtwebengine/qtwebengine-5.15.8_p20230112.ebuild b/dev-qt/qtwebengine/qtwebengine-5.15.8_p20230112.ebuild
new file mode 100644
index 000000000000..62c77057afa3
--- /dev/null
+++ b/dev-qt/qtwebengine/qtwebengine-5.15.8_p20230112.ebuild
@@ -0,0 +1,284 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9,10} )
+PYTHON_REQ_USE="xml(+)"
+inherit check-reqs estack flag-o-matic multiprocessing python-any-r1 qt5-build toolchain-funcs
+
+DESCRIPTION="Library for rendering dynamic web content in Qt5 C++ and QML applications"
+HOMEPAGE="https://www.qt.io/"
+
+if [[ ${QT5_BUILD_TYPE} == release ]]; then
+	KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+	if [[ ${PV} == ${QT5_PV}_p* ]]; then
+		SRC_URI="https://dev.gentoo.org/~asturm/distfiles/${P}.tar.xz"
+		S="${WORKDIR}/${P}"
+		QT5_BUILD_DIR="${S}_build"
+	fi
+else
+	EGIT_BRANCH="5.15"
+	EGIT_REPO_URI=(
+		"https://code.qt.io/qt/${QT5_MODULE}.git"
+		"https://github.com/qt/${QT5_MODULE}.git"
+	)
+	inherit git-r3
+fi
+
+# ppc64 patchset based on https://github.com/chromium-ppc64le releases
+SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${PN}-5.15.2_p20211019-jumbo-build.patch.bz2
+	https://dev.gentoo.org/~asturm/distfiles/${PN}-5.15.3_p20220406-patchset.tar.xz
+	ppc64? ( https://dev.gentoo.org/~gyakovlev/distfiles/${PN}-5.15.2-r1-chromium87-ppc64le.tar.xz )"
+
+IUSE="alsa bindist designer geolocation +jumbo-build kerberos pulseaudio screencast +system-ffmpeg +system-icu widgets"
+REQUIRED_USE="designer? ( widgets )"
+
+RDEPEND="
+	app-arch/snappy:=
+	dev-libs/glib:2
+	dev-libs/nspr
+	dev-libs/nss
+	dev-libs/expat
+	dev-libs/libevent:=
+	dev-libs/libxml2[icu]
+	dev-libs/libxslt
+	dev-libs/re2:=
+	=dev-qt/qtcore-${QT5_PV}*
+	=dev-qt/qtdeclarative-${QT5_PV}*
+	=dev-qt/qtgui-${QT5_PV}*
+	=dev-qt/qtnetwork-${QT5_PV}*
+	=dev-qt/qtprintsupport-${QT5_PV}*
+	=dev-qt/qtwebchannel-${QT5_PV}*[qml]
+	media-libs/fontconfig
+	media-libs/freetype
+	media-libs/harfbuzz:=
+	media-libs/lcms:2
+	media-libs/libjpeg-turbo:=
+	media-libs/libpng:0=
+	>=media-libs/libvpx-1.5:=[svc(+)]
+	media-libs/libwebp:=
+	media-libs/opus
+	sys-apps/dbus
+	sys-apps/pciutils
+	sys-libs/zlib[minizip]
+	virtual/libudev
+	x11-libs/libdrm
+	x11-libs/libX11
+	x11-libs/libXcomposite
+	x11-libs/libXcursor
+	x11-libs/libXdamage
+	x11-libs/libXext
+	x11-libs/libXfixes
+	x11-libs/libXi
+	x11-libs/libxkbfile
+	x11-libs/libXrandr
+	x11-libs/libXrender
+	x11-libs/libXScrnSaver
+	x11-libs/libXtst
+	alsa? ( media-libs/alsa-lib )
+	designer? ( =dev-qt/designer-${QT5_PV}* )
+	geolocation? ( =dev-qt/qtpositioning-${QT5_PV}* )
+	kerberos? ( virtual/krb5 )
+	pulseaudio? ( media-libs/libpulse )
+	screencast? ( media-video/pipewire:= )
+	system-ffmpeg? ( media-video/ffmpeg:0= )
+	system-icu? ( >=dev-libs/icu-69.1:= )
+	widgets? (
+		=dev-qt/qtdeclarative-${QT5_PV}*[widgets]
+		=dev-qt/qtwidgets-${QT5_PV}*
+	)
+"
+DEPEND="${RDEPEND}
+	media-libs/libglvnd
+"
+BDEPEND="${PYTHON_DEPS}
+	dev-util/gperf
+	dev-util/ninja
+	dev-util/re2c
+	net-libs/nodejs[ssl]
+	sys-devel/bison
+	sys-devel/flex
+	ppc64? ( >=dev-util/gn-0.1807 )
+"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-5.15.2-disable-fatal-warnings.patch" # downstream, bug 695446
+	"${FILESDIR}/${PN}-5.15.3_p20220505-extra-gn.patch" # downstream, bug 774186
+	"${FILESDIR}/${PN}-5.15.2_p20210224-chromium-87-v8-icu68.patch" # downstream, bug 757606
+	"${FILESDIR}/${PN}-5.15.2_p20210224-disable-git.patch" # downstream snapshot fix
+	"${FILESDIR}/${PN}-5.15.2_p20211015-pdfium-system-lcms2.patch" # by Debian, QTBUG-61746
+	"${FILESDIR}/${PN}-5.15.3_p20220329-clang14.patch" # by FreeBSD, bug 836604
+	"${FILESDIR}/${PN}-5.15.3_p20220406-gcc12-includes.patch" # by openSUSE, bug 840326
+	"${WORKDIR}/${PN}-5.15.2_p20211019-jumbo-build.patch" # bug 813957
+	"${WORKDIR}/${PN}-5.15.3_p20220406-patchset" # bug 698988 (py2--), pipewire-3
+	"${FILESDIR}/${PN}-5.15.8_p20230106-v8-opcode-constexpr.patch" # bug 889042
+	"${FILESDIR}/${PN}-5.15.8_p20230106-widevine.patch" # bug 888783
+)
+
+qtwebengine_check-reqs() {
+	# bug #307861
+	eshopts_push -s extglob
+	if is-flagq '-g?(gdb)?([1-9])'; then
+		ewarn "You have enabled debug info (probably have -g or -ggdb in your CFLAGS/CXXFLAGS)."
+		ewarn "You may experience really long compilation times and/or increased memory usage."
+		ewarn "If compilation fails, please try removing -g/-ggdb before reporting a bug."
+	fi
+	eshopts_pop
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# (check-reqs added for bug #570534)
+	#
+	# Estimate the amount of RAM required
+	# Multiplier is *10 because Bash doesn't do floating point maths.
+	# Let's crudely assume ~2GB per compiler job for GCC.
+	local multiplier=20
+
+	# And call it ~1.5GB for Clang.
+	if tc-is-clang ; then
+		multiplier=15
+	fi
+
+	local CHECKREQS_DISK_BUILD="7G"
+	local CHECKREQS_DISK_USR="150M"
+	if ! has "distcc" ${FEATURES} ; then
+		# bug #830661
+		# Not super realistic to come up with good estimates for distcc right now
+		local CHECKREQS_MEMORY=$(($(makeopts_jobs)*multiplier/10))G
+	fi
+
+	check-reqs_${EBUILD_PHASE_FUNC}
+}
+
+pkg_pretend() {
+	qtwebengine_check-reqs
+}
+
+pkg_setup() {
+	qtwebengine_check-reqs
+	python-any-r1_pkg_setup
+}
+
+src_unpack() {
+	case ${QT5_BUILD_TYPE} in
+		live)    git-r3_src_unpack ;&
+		release) default ;;
+	esac
+}
+
+src_prepare() {
+	if [[ ${PV} == ${QT5_PV}_p* ]]; then
+		# This is made from git, and for some reason will fail w/o .git directories.
+		mkdir -p .git src/3rdparty/chromium/.git || die
+	fi
+	# We need to make sure this integrates well into Qt 5.15.3 installation.
+	# Otherwise revdeps fail w/o heavy changes. This is the simplest way to do it.
+	# See also: https://www.qt.io/blog/building-qt-webengine-against-other-qt-versions
+	sed -E "/^MODULE_VERSION/s/5\.15\.[0-9]+/${QT5_PV}/" -i .qmake.conf || die
+
+	# QTBUG-88657 - jumbo-build could still make trouble
+	if ! use jumbo-build; then
+		sed -i -e 's|use_jumbo_build=true|use_jumbo_build=false|' \
+			src/buildtools/config/common.pri || die
+	fi
+
+	# bug 620444 - ensure local headers are used
+	find "${S}" -type f -name "*.pr[fio]" | \
+		xargs sed -i -e 's|INCLUDEPATH += |&$${QTWEBENGINE_ROOT}_build/include $${QTWEBENGINE_ROOT}/include |' || die
+
+	if use system-icu; then
+		# Sanity check to ensure that bundled copy of ICU is not used.
+		# Whole src/3rdparty/chromium/third_party/icu directory cannot be deleted because
+		# src/3rdparty/chromium/third_party/icu/BUILD.gn is used by build system.
+		# If usage of headers of bundled copy of ICU occurs, then lists of shim headers in
+		# shim_headers("icui18n_shim") and shim_headers("icuuc_shim") in
+		# src/3rdparty/chromium/third_party/icu/BUILD.gn should be updated.
+		local file
+		while read file; do
+			echo "#error This file should not be used!" > "${file}" || die
+		done < <(find src/3rdparty/chromium/third_party/icu -type f "(" -name "*.c" -o -name "*.cpp" -o -name "*.h" ")" 2>/dev/null)
+	fi
+
+	# src/3rdparty/gn fails with libc++ due to passing of `-static-libstdc++`
+	if tc-is-clang ; then
+		if has_version 'sys-devel/clang[default-libcxx(-)]' || has_version 'sys-devel/clang-common[default-libcxx(-)]' ; then
+			eapply "${FILESDIR}/${PN}-5.15.2_p20210521-clang-libc++.patch"
+		fi
+	fi
+
+	if use system-ffmpeg && has_version '>=media-video/ffmpeg-5'; then
+		eapply "${FILESDIR}/${PN}-5.15.3_p20220406-ffmpeg5.patch" # by Archlinux, bug 831437
+	fi
+
+	qt_use_disable_config alsa webengine-alsa src/buildtools/config/linux.pri
+	qt_use_disable_config pulseaudio webengine-pulseaudio src/buildtools/config/linux.pri
+
+	qt_use_disable_mod designer webenginewidgets src/plugins/plugins.pro
+
+	qt_use_disable_mod widgets widgets src/src.pro
+
+	qt5-build_src_prepare
+
+	# we need to generate ppc64 stuff because upstream does not ship it yet
+	if use ppc64; then
+		einfo "Patching for ppc64le and generating build files"
+		eapply "${FILESDIR}/qtwebengine-5.15.2-enable-ppc64.patch"
+		pushd src/3rdparty/chromium > /dev/null || die
+		eapply -p0 "${WORKDIR}/${PN}-ppc64le"
+		popd > /dev/null || die
+		pushd src/3rdparty/chromium/third_party/libvpx > /dev/null || die
+		mkdir -vp source/config/linux/ppc64 || die
+		mkdir -p source/libvpx/test || die
+		touch source/libvpx/test/test.mk || die
+		# clang-format is used to re-format sources
+		# but we'd rather make it a no-op than introduce a clang dependency
+		# https://bugs.gentoo.org/849458
+		clang-format() { : ; }
+		export -f clang-format || die
+		./generate_gni.sh || die
+		popd >/dev/null || die
+	fi
+}
+
+src_configure() {
+	export NINJA_PATH=/usr/bin/ninja
+	export NINJAFLAGS="${NINJAFLAGS:--j$(makeopts_jobs "${MAKEOPTS}" 999) -l$(makeopts_loadavg "${MAKEOPTS}" 0) -v}"
+
+	local myqmakeargs=(
+		--
+		-no-build-qtpdf
+		-printing-and-pdf
+		-system-opus
+		-system-webp
+		$(qt_use alsa)
+		$(qt_use !bindist proprietary-codecs)
+		$(qt_use geolocation webengine-geolocation)
+		$(qt_use kerberos webengine-kerberos)
+		$(qt_use pulseaudio)
+		$(usex screencast -webengine-webrtc-pipewire '')
+		$(usex system-ffmpeg -system-ffmpeg -qt-ffmpeg)
+		$(qt_use system-icu webengine-icu)
+	)
+	qt5-build_src_configure
+}
+
+src_install() {
+	qt5-build_src_install
+
+	# bug 601472
+	if [[ ! -f ${D}${QT5_LIBDIR}/libQt5WebEngine.so ]]; then
+		die "${CATEGORY}/${PF} failed to build anything. Please report to https://bugs.gentoo.org/"
+	fi
+}
+
+pkg_preinst() {
+	elog "This version of Qt WebEngine is based on Chromium version 87.0.4280.144,"
+	elog "with additional security fixes from newer versions. Extensive as it is, the"
+	elog "list of backports is impossible to evaluate, but always bound to be behind"
+	elog "Chromium's release schedule."
+	elog "In addition, various online services may deny service based on an outdated"
+	elog "user agent version (and/or other checks). Google is already known to do so."
+	elog
+	elog "tldr: Your web browsing experience will be compromised."
+}