[packages/qt6] up to 6.6.2 (fixes CVE-2024-25580)

atler atler at pld-linux.org
Sun Feb 25 12:44:05 CET 2024 

commit a7bcbb9d98e2373ad51501c0c8d3b8feecbf9747
Author: Jan Palus <atler at pld-linux.org>
Date:   Sun Feb 25 11:43:55 2024 +0100

    up to 6.6.2 (fixes CVE-2024-25580)

 CVE-2023-51714.patch | 80 ----------------------------------------------------
 libxml2.12.patch     | 36 -----------------------
 qt6.spec             | 10 ++-----
 3 files changed, 3 insertions(+), 123 deletions(-)
---
diff --git a/qt6.spec b/qt6.spec
index 53d4f28..113605d 100644
--- a/qt6.spec
+++ b/qt6.spec
@@ -108,20 +108,18 @@
 Summary:	Qt6 Library
 Summary(pl.UTF-8):	Biblioteka Qt6
 Name:		qt6
-Version:	6.6.1
-Release:	3
+Version:	6.6.2
+Release:	1
 License:	LGPL v3 or GPL v2 or GPL v3 or commercial
 Group:		X11/Libraries
 Source0:	https://download.qt.io/official_releases/qt/6.6/%{version}/single/qt-everywhere-src-%{version}.tar.xz
-# Source0-md5:	91aad0b55cf01be5a08ca9bece490f39
+# Source0-md5:	b92112e12298f4b27050ef7060658191
 Patch0:		system-cacerts.patch
 Patch1:		ninja-program.patch
 Patch2:		%{name}-gn.patch
 Patch3:		no-implicit-sse2.patch
 Patch4:		x32.patch
 Patch5:		qtwebengine-cmake-build-type.patch
-Patch6:		libxml2.12.patch
-Patch7:		CVE-2023-51714.patch
 URL:		https://www.qt.io/
 %{?with_directfb:BuildRequires:	DirectFB-devel}
 BuildRequires:	EGL-devel
@@ -3645,8 +3643,6 @@ narzędzia.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
-%patch6 -p1 -d qtwebengine
-%patch7 -p1 -d qtbase
 
 %{__sed} -i -e 's,usr/X11R6/,usr/,g' qtbase/mkspecs/linux-g++-64/qmake.conf
 
diff --git a/CVE-2023-51714.patch b/CVE-2023-51714.patch
deleted file mode 100644
index c6c5a3d..0000000
--- a/CVE-2023-51714.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 13c16b756900fe524f6d9534e8a07aa003c05e0c Mon Sep 17 00:00:00 2001
-From: Marc Mutz <marc.mutz at qt.io>
-Date: Tue, 12 Dec 2023 20:51:56 +0100
-Subject: [PATCH] HPack: fix a Yoda Condition
-
-Putting the variable on the LHS of a relational operation makes the
-expression easier to read. In this case, we find that the whole
-expression is nonsensical as an overflow protection, because if
-name.size() + value.size() overflows, the result will exactly _not_
-be > max() - 32, because UB will have happened.
-
-To be fixed in a follow-up commit.
-
-As a drive-by, add parentheses around the RHS.
-
-Pick-to: 6.5 6.2 5.15
-Change-Id: I35ce598884c37c51b74756b3bd2734b9aad63c09
-Reviewed-by: Allan Sandfeld Jensen <allan.jensen at qt.io>
-(cherry picked from commit 658607a34ead214fbacbc2cca44915655c318ea9)
-Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot at qt-project.org>
-(cherry picked from commit 4f7efd41740107f90960116700e3134f5e433867)
----
-
-diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
-index 74a09a2..c8c5d09 100644
---- a/src/network/access/http2/hpacktable.cpp
-+++ b/src/network/access/http2/hpacktable.cpp
-@@ -27,7 +27,7 @@
-     // 32 octets of overhead."
- 
-     const unsigned sum = unsigned(name.size() + value.size());
--    if (std::numeric_limits<unsigned>::max() - 32 < sum)
-+    if (sum > (std::numeric_limits<unsigned>::max() - 32))
-         return HeaderSize();
-     return HeaderSize(true, quint32(sum + 32));
- }
-From 811b9eef6d08d929af8708adbf2a5effb0eb62d7 Mon Sep 17 00:00:00 2001
-From: Marc Mutz <marc.mutz at qt.io>
-Date: Tue, 12 Dec 2023 22:08:07 +0100
-Subject: [PATCH] HPack: fix incorrect integer overflow check
-
-This code never worked:
-
-For the comparison with max() - 32 to trigger, on 32-bit platforms (or
-Qt 5) signed interger overflow would have had to happen in the
-addition of the two sizes. The compiler can therefore remove the
-overflow check as dead code.
-
-On Qt 6 and 64-bit platforms, the signed integer addition would be
-very unlikely to overflow, but the following truncation to uint32
-would yield the correct result only in a narrow 32-value window just
-below UINT_MAX, if even that.
-
-Fix by using the proper tool, qAddOverflow.
-
-Pick-to: 6.5 6.2 5.15
-Change-Id: I7599f2e75ff7f488077b0c60b81022591005661c
-Reviewed-by: Allan Sandfeld Jensen <allan.jensen at qt.io>
-(cherry picked from commit ee5da1f2eaf8932aeca02ffea6e4c618585e29e3)
-Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot at qt-project.org>
-(cherry picked from commit debeb8878da2dc706ead04b6072ecbe7e5313860)
-Reviewed-by: Thiago Macieira <thiago.macieira at intel.com>
-Reviewed-by: Marc Mutz <marc.mutz at qt.io>
----
-
-diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
-index c8c5d09..2c728b3 100644
---- a/src/network/access/http2/hpacktable.cpp
-+++ b/src/network/access/http2/hpacktable.cpp
-@@ -26,7 +26,9 @@
-     // for counting the number of references to the name and value would have
-     // 32 octets of overhead."
- 
--    const unsigned sum = unsigned(name.size() + value.size());
-+    size_t sum;
-+    if (qAddOverflow(size_t(name.size()), size_t(value.size()), &sum))
-+        return HeaderSize();
-     if (sum > (std::numeric_limits<unsigned>::max() - 32))
-         return HeaderSize();
-     return HeaderSize(true, quint32(sum + 32));
diff --git a/libxml2.12.patch b/libxml2.12.patch
deleted file mode 100644
index 0e93868..0000000
--- a/libxml2.12.patch
+++ /dev/null
@@ -1,36 +0,0 @@
---- qtwebengine/src/3rdparty/chromium/third_party/blink/renderer/core/xml/xslt_processor.h.orig	2023-11-20 17:08:07.000000000 +0100
-+++ qtwebengine/src/3rdparty/chromium/third_party/blink/renderer/core/xml/xslt_processor.h	2023-11-28 00:01:08.206020832 +0100
-@@ -30,6 +30,7 @@
- #include "third_party/blink/renderer/platform/wtf/text/string_hash.h"
- 
- #include <libxml/parserInternals.h>
-+#include <libxml/xmlversion.h>
- #include <libxslt/documents.h>
- 
- namespace blink {
-@@ -77,7 +78,11 @@
- 
-   void reset();
- 
-+#if defined(LIBXML_VERSION) && LIBXML_VERSION >= 21200
-+  static void ParseErrorFunc(void* user_data, const xmlError*);
-+#else
-   static void ParseErrorFunc(void* user_data, xmlError*);
-+#endif
-   static void GenericErrorFunc(void* user_data, const char* msg, ...);
- 
-   // Only for libXSLT callbacks
---- qtwebengine/src/3rdparty/chromium/third_party/blink/renderer/core/xml/xslt_processor_libxslt.cc.orig	2023-11-20 17:08:07.000000000 +0100
-+++ qtwebengine/src/3rdparty/chromium/third_party/blink/renderer/core/xml/xslt_processor_libxslt.cc	2023-11-28 00:12:15.789955472 +0100
-@@ -66,7 +66,11 @@
-   // It would be nice to do something with this error message.
- }
- 
-+#if defined(LIBXML_VERSION) && LIBXML_VERSION >= 21200
-+void XSLTProcessor::ParseErrorFunc(void* user_data, const xmlError* error) {
-+#else
- void XSLTProcessor::ParseErrorFunc(void* user_data, xmlError* error) {
-+#endif
-   FrameConsole* console = static_cast<FrameConsole*>(user_data);
-   if (!console)
-     return;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/qt6.git/commitdiff/a7bcbb9d98e2373ad51501c0c8d3b8feecbf9747

More information about the pld-cvs-commit mailing list