[packages/qt6] up to 6.6.2 (fixes CVE-2024-25580)
atler
atler at pld-linux.org
Sun Feb 25 12:44:05 CET 2024
commit a7bcbb9d98e2373ad51501c0c8d3b8feecbf9747
Author: Jan Palus <atler at pld-linux.org>
Date: Sun Feb 25 11:43:55 2024 +0100
up to 6.6.2 (fixes CVE-2024-25580)
CVE-2023-51714.patch | 80 ----------------------------------------------------
libxml2.12.patch | 36 -----------------------
qt6.spec | 10 ++-----
3 files changed, 3 insertions(+), 123 deletions(-)
---
diff --git a/qt6.spec b/qt6.spec
index 53d4f28..113605d 100644
--- a/qt6.spec
+++ b/qt6.spec
@@ -108,20 +108,18 @@
Summary: Qt6 Library
Summary(pl.UTF-8): Biblioteka Qt6
Name: qt6
-Version: 6.6.1
-Release: 3
+Version: 6.6.2
+Release: 1
License: LGPL v3 or GPL v2 or GPL v3 or commercial
Group: X11/Libraries
Source0: https://download.qt.io/official_releases/qt/6.6/%{version}/single/qt-everywhere-src-%{version}.tar.xz
-# Source0-md5: 91aad0b55cf01be5a08ca9bece490f39
+# Source0-md5: b92112e12298f4b27050ef7060658191
Patch0: system-cacerts.patch
Patch1: ninja-program.patch
Patch2: %{name}-gn.patch
Patch3: no-implicit-sse2.patch
Patch4: x32.patch
Patch5: qtwebengine-cmake-build-type.patch
-Patch6: libxml2.12.patch
-Patch7: CVE-2023-51714.patch
URL: https://www.qt.io/
%{?with_directfb:BuildRequires: DirectFB-devel}
BuildRequires: EGL-devel
@@ -3645,8 +3643,6 @@ narzędzia.
%patch3 -p1
%patch4 -p1
%patch5 -p1
-%patch6 -p1 -d qtwebengine
-%patch7 -p1 -d qtbase
%{__sed} -i -e 's,usr/X11R6/,usr/,g' qtbase/mkspecs/linux-g++-64/qmake.conf
diff --git a/CVE-2023-51714.patch b/CVE-2023-51714.patch
deleted file mode 100644
index c6c5a3d..0000000
--- a/CVE-2023-51714.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 13c16b756900fe524f6d9534e8a07aa003c05e0c Mon Sep 17 00:00:00 2001
-From: Marc Mutz <marc.mutz at qt.io>
-Date: Tue, 12 Dec 2023 20:51:56 +0100
-Subject: [PATCH] HPack: fix a Yoda Condition
-
-Putting the variable on the LHS of a relational operation makes the
-expression easier to read. In this case, we find that the whole
-expression is nonsensical as an overflow protection, because if
-name.size() + value.size() overflows, the result will exactly _not_
-be > max() - 32, because UB will have happened.
-
-To be fixed in a follow-up commit.
-
-As a drive-by, add parentheses around the RHS.
-
-Pick-to: 6.5 6.2 5.15
-Change-Id: I35ce598884c37c51b74756b3bd2734b9aad63c09
-Reviewed-by: Allan Sandfeld Jensen <allan.jensen at qt.io>
-(cherry picked from commit 658607a34ead214fbacbc2cca44915655c318ea9)
-Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot at qt-project.org>
-(cherry picked from commit 4f7efd41740107f90960116700e3134f5e433867)
----
-
-diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
-index 74a09a2..c8c5d09 100644
---- a/src/network/access/http2/hpacktable.cpp
-+++ b/src/network/access/http2/hpacktable.cpp
-@@ -27,7 +27,7 @@
- // 32 octets of overhead."
-
- const unsigned sum = unsigned(name.size() + value.size());
-- if (std::numeric_limits<unsigned>::max() - 32 < sum)
-+ if (sum > (std::numeric_limits<unsigned>::max() - 32))
- return HeaderSize();
- return HeaderSize(true, quint32(sum + 32));
- }
-From 811b9eef6d08d929af8708adbf2a5effb0eb62d7 Mon Sep 17 00:00:00 2001
-From: Marc Mutz <marc.mutz at qt.io>
-Date: Tue, 12 Dec 2023 22:08:07 +0100
-Subject: [PATCH] HPack: fix incorrect integer overflow check
-
-This code never worked:
-
-For the comparison with max() - 32 to trigger, on 32-bit platforms (or
-Qt 5) signed interger overflow would have had to happen in the
-addition of the two sizes. The compiler can therefore remove the
-overflow check as dead code.
-
-On Qt 6 and 64-bit platforms, the signed integer addition would be
-very unlikely to overflow, but the following truncation to uint32
-would yield the correct result only in a narrow 32-value window just
-below UINT_MAX, if even that.
-
-Fix by using the proper tool, qAddOverflow.
-
-Pick-to: 6.5 6.2 5.15
-Change-Id: I7599f2e75ff7f488077b0c60b81022591005661c
-Reviewed-by: Allan Sandfeld Jensen <allan.jensen at qt.io>
-(cherry picked from commit ee5da1f2eaf8932aeca02ffea6e4c618585e29e3)
-Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot at qt-project.org>
-(cherry picked from commit debeb8878da2dc706ead04b6072ecbe7e5313860)
-Reviewed-by: Thiago Macieira <thiago.macieira at intel.com>
-Reviewed-by: Marc Mutz <marc.mutz at qt.io>
----
-
-diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
-index c8c5d09..2c728b3 100644
---- a/src/network/access/http2/hpacktable.cpp
-+++ b/src/network/access/http2/hpacktable.cpp
-@@ -26,7 +26,9 @@
- // for counting the number of references to the name and value would have
- // 32 octets of overhead."
-
-- const unsigned sum = unsigned(name.size() + value.size());
-+ size_t sum;
-+ if (qAddOverflow(size_t(name.size()), size_t(value.size()), &sum))
-+ return HeaderSize();
- if (sum > (std::numeric_limits<unsigned>::max() - 32))
- return HeaderSize();
- return HeaderSize(true, quint32(sum + 32));
diff --git a/libxml2.12.patch b/libxml2.12.patch
deleted file mode 100644
index 0e93868..0000000
--- a/libxml2.12.patch
+++ /dev/null
@@ -1,36 +0,0 @@
---- qtwebengine/src/3rdparty/chromium/third_party/blink/renderer/core/xml/xslt_processor.h.orig 2023-11-20 17:08:07.000000000 +0100
-+++ qtwebengine/src/3rdparty/chromium/third_party/blink/renderer/core/xml/xslt_processor.h 2023-11-28 00:01:08.206020832 +0100
-@@ -30,6 +30,7 @@
- #include "third_party/blink/renderer/platform/wtf/text/string_hash.h"
-
- #include <libxml/parserInternals.h>
-+#include <libxml/xmlversion.h>
- #include <libxslt/documents.h>
-
- namespace blink {
-@@ -77,7 +78,11 @@
-
- void reset();
-
-+#if defined(LIBXML_VERSION) && LIBXML_VERSION >= 21200
-+ static void ParseErrorFunc(void* user_data, const xmlError*);
-+#else
- static void ParseErrorFunc(void* user_data, xmlError*);
-+#endif
- static void GenericErrorFunc(void* user_data, const char* msg, ...);
-
- // Only for libXSLT callbacks
---- qtwebengine/src/3rdparty/chromium/third_party/blink/renderer/core/xml/xslt_processor_libxslt.cc.orig 2023-11-20 17:08:07.000000000 +0100
-+++ qtwebengine/src/3rdparty/chromium/third_party/blink/renderer/core/xml/xslt_processor_libxslt.cc 2023-11-28 00:12:15.789955472 +0100
-@@ -66,7 +66,11 @@
- // It would be nice to do something with this error message.
- }
-
-+#if defined(LIBXML_VERSION) && LIBXML_VERSION >= 21200
-+void XSLTProcessor::ParseErrorFunc(void* user_data, const xmlError* error) {
-+#else
- void XSLTProcessor::ParseErrorFunc(void* user_data, xmlError* error) {
-+#endif
- FrameConsole* console = static_cast<FrameConsole*>(user_data);
- if (!console)
- return;
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/qt6.git/commitdiff/a7bcbb9d98e2373ad51501c0c8d3b8feecbf9747
More information about the pld-cvs-commit
mailing list