commit 1b1d7130fde53a6bbb017a3528b44d399f6f70d5 Author: Danny Rawlins <contact@romster.me> Date: Tue Oct 19 12:12:03 2021 +1100 [notify] qt5: various patches and one CVE-2021-3481 Out of bounds read in function QRadialFetchSimd from crafted svg file diff --git a/qt5/.signature b/qt5/.signature index c479e8602..e5048feb6 100644 --- a/qt5/.signature +++ b/qt5/.signature @@ -1,7 +1,13 @@ untrusted comment: verify with /etc/ports/opt.pub -RWSE3ohX2g5d/W2ZSpNiseAN+1SF8SzENy+XacXlFLIusMXmL//JJNQjcQnsOMQzM2um9WO9vr7VZ/dLLIP/K/R1bdlsks10FgM= -SHA256 (Pkgfile) = 292e8e91ab37f1396a4f89c7d611bb736615a9797ea50267e9d2f92a8d628085 +RWSE3ohX2g5d/WUvqEglgs19kHuAwlpReMp9CGp4s7BtqrUvbFERZEDh/D+shW/x3wbMLz1Ihb+pbiYY0QT7iHGlOQtk01qeqg4= +SHA256 (Pkgfile) = a7b960d5d2cd67569969adaa9168d29cc5606068a215fe0709c82dcd8291ea32 SHA256 (.footprint) = cd747f02bb34a0c1e8ed0edfbda866740d6ab9940824b2c6848ee51bb0ecf64c SHA256 (qt-everywhere-src-5.15.2.tar.xz) = 3a530d1b243b5dec00bc54937455471aaa3e56849d2593edb8ded07228202240 SHA256 (qt5-cflags.patch) = cf707cd970650f8b60f8897692b36708ded9ba116723ec8fcd885576783fe85c SHA256 (qt5-logo.png) = ae1335ecd1cd2d17032184895ab298a636cdfa8121b0ed71307c4f2b23ec928e +SHA256 (qtbase-everywhere-src-5.11.1-python3.patch) = 5218cf7651f21a865fc1d8b18753e0eb0c1c412acbac080cd9d61f95b69589e5 +SHA256 (qtbase-everywhere-src-5.14.2-no_relocatable.patch) = 1fed8b9e4eb5749e70d85d7678f08a5abc881e2a2ecab85fb21f59cb124500e5 +SHA256 (qtbase-everywhere-src-5.15.2-libglvnd.patch) = 6dd54f841127f20c27300874833636105f15e7481f549c007504bb82cf26c177 +SHA256 (qtbase-filechooser-portal-send-window-id-in-hex.patch) = 4aa41d1052b0712aa0ed75dd2fbd5038529a2db1b5c2f03cf9fa5eccd7bf438d +SHA256 (qtbase-use-wayland-on-gnome.patch) = d62367c679e655a472f2777b9a7a97e17bd1340c0f0b2d40d1621217743122b8 +SHA256 (qt-everywhere-src-5.15.2-CVE-2021-3481-1.patch) = 1a6eee5409bc91bc487c933ed17f9a802eafa514818993493c383c5b0797d623 diff --git a/qt5/Pkgfile b/qt5/Pkgfile index 2b40ffa53..7675f72d5 100644 --- a/qt5/Pkgfile +++ b/qt5/Pkgfile @@ -6,15 +6,27 @@ name=qt5 version=5.15.2 -release=1 +release=2 source=(https://download.qt.io/official_releases/qt/${version::4}/$version/single/qt-everywhere-src-$version.tar.xz qt5-cflags.patch - qt5-logo.png) + qt5-logo.png + qtbase-everywhere-src-5.11.1-python3.patch + qtbase-everywhere-src-5.14.2-no_relocatable.patch + qtbase-everywhere-src-5.15.2-libglvnd.patch + qtbase-filechooser-portal-send-window-id-in-hex.patch + qtbase-use-wayland-on-gnome.patch + qt-everywhere-src-5.15.2-CVE-2021-3481-1.patch) build() { cd qt-everywhere-src-$version patch -d qtbase -p1 -i $SRC/qt5-cflags.patch + patch -d qtbase -p1 -i $SRC/qtbase-everywhere-src-5.11.1-python3.patch + patch -d qtbase -p1 -i $SRC/qtbase-everywhere-src-5.14.2-no_relocatable.patch + patch -d qtbase -p1 -i $SRC/qtbase-everywhere-src-5.15.2-libglvnd.patch + patch -d qtbase -p1 -i $SRC/qtbase-filechooser-portal-send-window-id-in-hex.patch + patch -d qtbase -p1 -i $SRC/qtbase-use-wayland-on-gnome.patch + patch -p1 -i $SRC/qt-everywhere-src-5.15.2-CVE-2021-3481-1.patch export PYTHON='/usr/bin/python3' mkdir $SRC/bin @@ -25,7 +37,13 @@ build() { export LD_LIBRARY_PATH="$QTDIR/qtbase/lib:$QTDIR/qttools/lib:$LD_LIBRARY_PATH" export QT_PLUGIN_PATH="$QTDIR/qtbase/plugins" - prt-get isinst ccache && PKGMK_QT5+=' -ccache' && PATH="$(echo ${PATH} | awk -v RS=: -v ORS=: '/ccache/ {next} {print}' | sed 's/:*$//')" + prt-get isinst ccache && PKGMK_QT5+=' -ccache' && \ + PATH="$(echo ${PATH} | awk -v RS=: -v ORS=: '/ccache/ {next} {print}' | sed 's/:*$//')" + + sed -i '/utility/a #include <limits>' qtbase/src/corelib/global/qglobal.h + sed -i '/string/a #include <limits>' qtbase/src/corelib/global/qfloat16.h + sed -i '/qbytearray/a #include <limits>' qtbase/src/corelib/text/qbytearraymatcher.h + sed -i '/type_traits/a #include <limits>' qtdeclarative/src/qmldebug/qqmlprofilerevent_p.h ./configure $PKGMK_QT5 \ -prefix /usr/ \ @@ -50,7 +68,6 @@ build() { -opengl desktop \ -opensource \ -openssl-linked \ - -optimized-qmake \ -reduce-relocations \ -release \ -shared \ @@ -66,7 +83,7 @@ build() { # Fix paths find "$PKG/usr/lib" -type f -name '*.prl' \ -exec sed -e '/^QMAKE_PRL_BUILD_DIR/d' -i {} \; - + sed -e "s|$PWD/qtbase|/usr/lib/qt5|g" \ -i $PKG/usr/lib/qt5/mkspecs/modules/qt_lib_bootstrap_private.pri diff --git a/qt5/qt-everywhere-src-5.15.2-CVE-2021-3481-1.patch b/qt5/qt-everywhere-src-5.15.2-CVE-2021-3481-1.patch new file mode 100644 index 000000000..31b44601b --- /dev/null +++ b/qt5/qt-everywhere-src-5.15.2-CVE-2021-3481-1.patch @@ -0,0 +1,40 @@ +Not yet Submitted By: Ken Moffat <ken at linuxfromscratch dot org> +Date: 2021-06-19 +Initial Package Version: 5.15.2 +Upstream Status: Applied +Origin: Upstream, found at debian +Description: Fixes CVE-2021-3401 (out of bounds read) by clamoing +parsed doubles to float representable values. Upstream commits: + https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=aceea78cc05ac8ff + https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=bfd6ee0d8cf34b63 + +diff -Naur a/qtsvg/src/svg/qsvghandler.cpp b/qtsvg/src/svg/qsvghandler.cpp +--- a/qtsvg/src/svg/qsvghandler.cpp 2020-10-27 08:02:11.000000000 +0000 ++++ b/qtsvg/src/svg/qsvghandler.cpp 2021-06-18 23:16:47.263564883 +0100 +@@ -65,6 +65,7 @@ + #include "private/qmath_p.h" + + #include "float.h" ++#include <cmath> + + QT_BEGIN_NAMESPACE + +@@ -672,6 +673,9 @@ + val = -val; + } else { + val = QByteArray::fromRawData(temp, pos).toDouble(); ++ // Do not tolerate values too wild to be represented normally by floats ++ if (qFpClassify(float(val)) != FP_NORMAL) ++ val = 0; + } + return val; + +@@ -3043,6 +3047,8 @@ + ncy = toDouble(cy); + if (!r.isEmpty()) + nr = toDouble(r); ++ if (nr < 0.5) ++ nr = 0.5; + + qreal nfx = ncx; + if (!fx.isEmpty()) diff --git a/qt5/qtbase-everywhere-src-5.11.1-python3.patch b/qt5/qtbase-everywhere-src-5.11.1-python3.patch new file mode 100644 index 000000000..40dfd4790 --- /dev/null +++ b/qt5/qtbase-everywhere-src-5.11.1-python3.patch @@ -0,0 +1,9 @@ +diff -up qtbase-everywhere-src-5.11.1/mkspecs/features/uikit/devices.py.me qtbase-everywhere-src-5.11.1/mkspecs/features/uikit/devices.py +--- qtbase-everywhere-src-5.11.1/mkspecs/features/uikit/devices.py.me 2018-06-23 11:29:21.750066271 +0200 ++++ qtbase-everywhere-src-5.11.1/mkspecs/features/uikit/devices.py 2018-06-23 11:30:07.457292033 +0200 +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/python3 + + ############################################################################# + ## diff --git a/qt5/qtbase-everywhere-src-5.14.2-no_relocatable.patch b/qt5/qtbase-everywhere-src-5.14.2-no_relocatable.patch new file mode 100644 index 000000000..56b9db8a7 --- /dev/null +++ b/qt5/qtbase-everywhere-src-5.14.2-no_relocatable.patch @@ -0,0 +1,16 @@ +diff -up qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp.no_relocatable qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp +--- qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp.no_relocatable 2020-03-27 04:49:31.000000000 -0500 ++++ qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp 2020-04-13 15:13:44.075705226 -0500 +@@ -671,8 +671,11 @@ static QString getPrefix( + # if QT_CONFIGURE_CROSSBUILD + if (group == QLibraryInfo::DevicePaths) + return QString::fromLocal8Bit(QT_CONFIGURE_PREFIX_PATH); +-# endif ++# elif 0 //QT_CONFIG(relocatable) + return getExtPrefixFromHostBinDir(); ++# else ++ return QString::fromLocal8Bit(QT_CONFIGURE_PREFIX_PATH); ++# endif + #elif QT_CONFIG(relocatable) + return getRelocatablePrefix(); + #else diff --git a/qt5/qtbase-everywhere-src-5.15.2-libglvnd.patch b/qt5/qtbase-everywhere-src-5.15.2-libglvnd.patch new file mode 100644 index 000000000..e819f8df3 --- /dev/null +++ b/qt5/qtbase-everywhere-src-5.15.2-libglvnd.patch @@ -0,0 +1,15 @@ +diff -up qtbase-everywhere-src-5.15.2/src/gui/configure.json.libglvnd qtbase-everywhere-src-5.15.2/src/gui/configure.json +--- qtbase-everywhere-src-5.15.2/src/gui/configure.json.libglvnd 2020-10-27 03:02:11.000000000 -0500 ++++ qtbase-everywhere-src-5.15.2/src/gui/configure.json 2021-09-10 10:05:53.610312223 -0500 +@@ -847,9 +847,9 @@ + ], + "include": [ "EGL/egl.h", "X11/Xlib.h" ], + "main": [ +- "Display *dpy = EGL_DEFAULT_DISPLAY;", ++ "Display *dpy = reinterpret_cast<Display *>(EGL_DEFAULT_DISPLAY);", + "EGLNativeDisplayType egldpy = XOpenDisplay(\"\");", +- "dpy = egldpy;", ++ "dpy = reinterpret_cast<Display *>(egldpy);", + "EGLNativeWindowType w = XCreateWindow(dpy, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);", + "XDestroyWindow(dpy, w);", + "XCloseDisplay(dpy);" diff --git a/qt5/qtbase-filechooser-portal-send-window-id-in-hex.patch b/qt5/qtbase-filechooser-portal-send-window-id-in-hex.patch new file mode 100644 index 000000000..42030364b --- /dev/null +++ b/qt5/qtbase-filechooser-portal-send-window-id-in-hex.patch @@ -0,0 +1,26 @@ +From acaabc9108dfe75530960cf8e3ec4f3602cd82e0 Mon Sep 17 00:00:00 2001 +From: Jan Grulich <jgrulich@redhat.com> +Date: Mon, 08 Mar 2021 12:29:21 +0100 +Subject: [PATCH] FileChooser portal: send window id in hex + +We send window id in decimal, however, it is expected to be send in hex. +This causes a mismatch and makes portal dialog to show in background. + +Pick-to: 5.15 6.0 6.1 +Change-Id: Ibd77199bbb4a2ad4782a0457ddc5506c6b5608fe +Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> +--- + +diff --git a/src/plugins/platformthemes/xdgdesktopportal/qxdgdesktopportalfiledialog.cpp b/src/plugins/platformthemes/xdgdesktopportal/qxdgdesktopportalfiledialog.cpp +index ec153f6..85bdd1a 100644 +--- a/src/plugins/platformthemes/xdgdesktopportal/qxdgdesktopportalfiledialog.cpp ++++ b/src/plugins/platformthemes/xdgdesktopportal/qxdgdesktopportalfiledialog.cpp +@@ -185,7 +185,7 @@ + QLatin1String("/org/freedesktop/portal/desktop"), + QLatin1String("org.freedesktop.portal.FileChooser"), + d->saveFile ? QLatin1String("SaveFile") : QLatin1String("OpenFile")); +- QString parentWindowId = QLatin1String("x11:") + QString::number(d->winId); ++ QString parentWindowId = QLatin1String("x11:") + QString::number(d->winId, 16); + + QVariantMap options; + if (!d->acceptLabel.isEmpty()) diff --git a/qt5/qtbase-use-wayland-on-gnome.patch b/qt5/qtbase-use-wayland-on-gnome.patch new file mode 100644 index 000000000..526963cbf --- /dev/null +++ b/qt5/qtbase-use-wayland-on-gnome.patch @@ -0,0 +1,20 @@ +diff --git a/src/gui/kernel/qguiapplication.cpp b/src/gui/kernel/qguiapplication.cpp +index b8bfad4f16..676fdfad5e 100644 +--- a/src/gui/kernel/qguiapplication.cpp ++++ b/src/gui/kernel/qguiapplication.cpp +@@ -1376,14 +1376,7 @@ void QGuiApplicationPrivate::createPlatformIntegration() + if (sessionType == QByteArrayLiteral("x11") && !platformName.contains(QByteArrayLiteral("xcb"))) { + platformName = QByteArrayLiteral("xcb"); + } else if (sessionType == QByteArrayLiteral("wayland") && !platformName.contains(QByteArrayLiteral("wayland"))) { +- QByteArray currentDesktop = qgetenv("XDG_CURRENT_DESKTOP").toLower(); +- QByteArray sessionDesktop = qgetenv("XDG_SESSION_DESKTOP").toLower(); +- if (currentDesktop.contains("gnome") || sessionDesktop.contains("gnome")) { +- qInfo() << "Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome." +- << "Use QT_QPA_PLATFORM=wayland to run on Wayland anyway."; +- } else { +- platformName = QByteArrayLiteral("wayland"); +- } ++ platformName = QByteArrayLiteral("wayland"); + } + } + #ifdef QT_QPA_DEFAULT_PLATFORM_NAME