summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJimi Huotari <chiitoo@gentoo.org>2023-06-06 22:12:30 +0300
committerJimi Huotari <chiitoo@gentoo.org>2023-06-10 16:32:55 +0300
commit78506c5a42cff9fa063c8e32716082306e4ba737 (patch)
tree85c43cda49c90a3c41dd70b2e7414dcfc8d37ea7 /dev-qt/qtbase
parentsys-apps/pkgcraft-tools: update DESCRIPTION (diff)
downloadgentoo-78506c5a42cff9fa063c8e32716082306e4ba737.tar.gz
gentoo-78506c5a42cff9fa063c8e32716082306e4ba737.tar.bz2
gentoo-78506c5a42cff9fa063c8e32716082306e4ba737.zip
dev-qt/qtbase: add 6.5.1
Signed-off-by: Jimi Huotari <chiitoo@gentoo.org>
Diffstat (limited to 'dev-qt/qtbase')
-rw-r--r--dev-qt/qtbase/Manifest1
-rw-r--r--dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch54
-rw-r--r--dev-qt/qtbase/qtbase-6.5.1.ebuild189
3 files changed, 244 insertions, 0 deletions
diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest
index 6b955e5819f8..c3071149fa00 100644
--- a/dev-qt/qtbase/Manifest
+++ b/dev-qt/qtbase/Manifest
@@ -1 +1,2 @@
DIST qtbase-everywhere-src-6.5.0.tar.xz 48020636 BLAKE2B 234000eeb6e1b57a1c7561613bf437453fc2db0d23d5ddd61c38961311a7de5263c086864554aff7a0bc1e5a406af78ef8342eed3c8a5f48b9237912614f380b SHA512 29f70b9a9650afdd8e34703a7a8191feab4c3a25d0bc3a41010ea842389335b24e2685721fdb4a03653475ebd9bf8a8e4f4a77bf5d64b1289590b5ca0e4623f3
+DIST qtbase-everywhere-src-6.5.1.tar.xz 48287392 BLAKE2B 47872492f21a936d980891c28df61591380bc236adc66b57a90fbb87dd292cdeb3c632fb1159231ba40142d25e02944e4c5e8568153f1286e0a1abc8c5b26699 SHA512 7f7b20bbc25cda65266d6067cdd68e3e077636988d67dbf5783f79a61186135fb3a36d57ac72cfe4501012035b630ab1f5849148e4817726d4f459fa1937e91a
diff --git a/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch b/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch
new file mode 100644
index 000000000000..6f1264709e01
--- /dev/null
+++ b/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch
@@ -0,0 +1,54 @@
+From: https://lists.qt-project.org/pipermail/development/2023-June/044031.html
+
+--- a/src/plugins/tls/schannel/qtls_schannel.cpp
++++ b/src/plugins/tls/schannel/qtls_schannel.cpp
+@@ -2106,6 +2106,27 @@ bool TlsCryptographSchannel::verifyCertContext(CERT_CONTEXT *certContext)
+ verifyDepth = DWORD(q->peerVerifyDepth());
+
+ const auto &caCertificates = q->sslConfiguration().caCertificates();
++
++ if (!rootCertOnDemandLoadingAllowed()
++ && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN)
++ && (q->peerVerifyMode() == QSslSocket::VerifyPeer
++ || (isClient && q->peerVerifyMode() == QSslSocket::AutoVerifyPeer))) {
++ // When verifying a peer Windows "helpfully" builds a chain that
++ // may include roots from the system store. But we don't want that if
++ // the user has set their own CA certificates.
++ // Since Windows claims this is not a partial chain the root is included
++ // and we have to check that it is one of our configured CAs.
++ CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1];
++ QSslCertificate certificate = getCertificateFromChainElement(element);
++ if (!caCertificates.contains(certificate)) {
++ auto error = QSslError(QSslError::CertificateUntrusted, certificate);
++ sslErrors += error;
++ emit q->peerVerifyError(error);
++ if (q->state() != QAbstractSocket::ConnectedState)
++ return false;
++ }
++ }
++
+ QList<QSslCertificate> peerCertificateChain;
+ for (DWORD i = 0; i < verifyDepth; i++) {
+ CERT_CHAIN_ELEMENT *element = chain->rgpElement[i];
+
+--- a/src/network/ssl/qsslsocket.cpp
++++ b/src/network/ssl/qsslsocket.cpp
+@@ -1973,6 +1973,10 @@ QSslSocketPrivate::QSslSocketPrivate()
+ , flushTriggered(false)
+ {
+ QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
++ // If the global configuration doesn't allow root certificates to be loaded
++ // on demand then we have to disable it for this socket as well.
++ if (!configuration.allowRootCertOnDemandLoading)
++ allowRootCertOnDemandLoading = false;
+
+ const auto *tlsBackend = tlsBackendInUse();
+ if (!tlsBackend) {
+@@ -2281,6 +2285,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
+ ptr->sessionProtocol = global->sessionProtocol;
+ ptr->ciphers = global->ciphers;
+ ptr->caCertificates = global->caCertificates;
++ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
+ ptr->protocol = global->protocol;
+ ptr->peerVerifyMode = global->peerVerifyMode;
+ ptr->peerVerifyDepth = global->peerVerifyDepth;
diff --git a/dev-qt/qtbase/qtbase-6.5.1.ebuild b/dev-qt/qtbase/qtbase-6.5.1.ebuild
new file mode 100644
index 000000000000..770570eb3710
--- /dev/null
+++ b/dev-qt/qtbase/qtbase-6.5.1.ebuild
@@ -0,0 +1,189 @@
+# Copyright 2021-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit qt6-build
+
+DESCRIPTION="Cross-platform application development framework"
+
+if [[ ${QT6_BUILD_TYPE} == release ]]; then
+ KEYWORDS="~amd64"
+fi
+
+# Qt Modules
+IUSE="+concurrent +dbus +gui +network +sql opengl +widgets +xml zstd"
+REQUIRED_USE="
+ opengl? ( gui )
+ widgets? ( gui )
+ X? ( || ( evdev libinput ) )
+"
+
+QTGUI_IUSE="accessibility egl eglfs evdev gles2-only +jpeg +libinput tslib tuio vulkan +X"
+QTNETWORK_IUSE="brotli gssapi libproxy sctp +ssl vnc"
+QTSQL_IUSE="freetds mysql oci8 odbc postgres +sqlite"
+IUSE+=" ${QTGUI_IUSE} ${QTNETWORK_IUSE} ${QTSQL_IUSE} cups gtk icu systemd +udev"
+# QtPrintSupport = QtGui + QtWidgets enabled.
+# ibus = xkbcommon + dbus, and xkbcommon needs either libinput or X
+REQUIRED_USE+="
+ $(printf '%s? ( gui ) ' ${QTGUI_IUSE//+/})
+ $(printf '%s? ( network ) ' ${QTNETWORK_IUSE//+/})
+ $(printf '%s? ( sql ) ' ${QTSQL_IUSE//+/})
+ accessibility? ( dbus X )
+ cups? ( gui widgets )
+ eglfs? ( egl )
+ gtk? ( widgets )
+ gui? ( || ( eglfs X ) || ( libinput X ) )
+ libinput? ( udev )
+ sql? ( || ( freetds mysql oci8 odbc postgres sqlite ) )
+ vnc? ( gui )
+ X? ( gles2-only? ( egl ) )
+"
+
+# TODO:
+# qtimageformats: mng not done yet, qtimageformats.git upstream commit 9443239c
+# qtnetwork: connman, networkmanager
+DEPEND="
+ app-crypt/libb2
+ dev-libs/double-conversion:=
+ dev-libs/glib:2
+ dev-libs/libpcre2:=[pcre16,unicode]
+ dev-util/gtk-update-icon-cache
+ media-libs/fontconfig
+ >=media-libs/freetype-2.6.1:2
+ >=media-libs/harfbuzz-1.6.0:=
+ media-libs/tiff:=
+ >=sys-apps/dbus-1.4.20
+ sys-libs/zlib:=
+ brotli? ( app-arch/brotli:= )
+ evdev? ( sys-libs/mtdev )
+ freetds? ( dev-db/freetds )
+ gles2-only? ( media-libs/libglvnd )
+ !gles2-only? ( media-libs/libglvnd[X] )
+ gssapi? ( virtual/krb5 )
+ gtk? (
+ x11-libs/gtk+:3
+ x11-libs/libX11
+ x11-libs/pango
+ )
+ gui? ( media-libs/libpng:= )
+ icu? ( dev-libs/icu:= )
+ !icu? ( virtual/libiconv )
+ jpeg? ( media-libs/libjpeg-turbo:= )
+ libinput? (
+ dev-libs/libinput:=
+ >=x11-libs/libxkbcommon-0.5.0
+ )
+ libproxy? ( net-libs/libproxy )
+ mysql? ( dev-db/mysql-connector-c:= )
+ oci8? ( dev-db/oracle-instantclient:=[sdk] )
+ odbc? ( dev-db/unixODBC )
+ postgres? ( dev-db/postgresql:* )
+ sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
+ sqlite? ( dev-db/sqlite:3 )
+ ssl? ( dev-libs/openssl:= )
+ systemd? ( sys-apps/systemd:= )
+ tslib? ( >=x11-libs/tslib-1.21 )
+ udev? ( virtual/libudev:= )
+ vulkan? ( dev-util/vulkan-headers )
+ X? (
+ x11-libs/libdrm
+ x11-libs/libICE
+ x11-libs/libSM
+ x11-libs/libX11
+ >=x11-libs/libxcb-1.12:=
+ >=x11-libs/libxkbcommon-0.5.0[X]
+ x11-libs/xcb-util-cursor
+ x11-libs/xcb-util-image
+ x11-libs/xcb-util-keysyms
+ x11-libs/xcb-util-renderutil
+ x11-libs/xcb-util-wm
+ )
+ zstd? ( app-arch/zstd:= )
+"
+RDEPEND="${DEPEND}"
+
+PATCHES=( "${FILESDIR}/${PN}-6.5.1-CVE-2023-34410.patch" )
+
+src_configure() {
+ local mycmakeargs=(
+ -DINSTALL_ARCHDATADIR=${QT6_ARCHDATADIR}
+ -DINSTALL_BINDIR=${QT6_BINDIR}
+ -DINSTALL_DATADIR=${QT6_DATADIR}
+ -DINSTALL_DOCDIR=${QT6_DOCDIR}
+ -DINSTALL_EXAMPLESDIR=${QT6_EXAMPLESDIR}
+ -DINSTALL_INCLUDEDIR=${QT6_HEADERDIR}
+ -DINSTALL_LIBDIR=${QT6_LIBDIR}
+ -DINSTALL_LIBEXECDIR=${QT6_LIBEXECDIR}
+ -DINSTALL_MKSPECSDIR=${QT6_ARCHDATADIR}/mkspecs
+ -DINSTALL_PLUGINSDIR=${QT6_PLUGINDIR}
+ -DINSTALL_QMLDIR=${QT6_QMLDIR}
+ -DINSTALL_SYSCONFDIR=${QT6_SYSCONFDIR}
+ -DINSTALL_TRANSLATIONSDIR=${QT6_TRANSLATIONDIR}
+ -DQT_FEATURE_androiddeployqt=OFF
+ $(qt_feature concurrent)
+ $(qt_feature dbus)
+ $(qt_feature gui)
+ $(qt_feature gui testlib)
+ $(qt_feature icu)
+ $(qt_feature network)
+ $(qt_feature sql)
+ $(qt_feature systemd journald)
+ $(qt_feature udev libudev)
+ $(qt_feature xml)
+ $(qt_feature zstd)
+ )
+ use gui && mycmakeargs+=(
+ $(qt_feature accessibility accessibility_atspi_bridge)
+ $(qt_feature egl)
+ $(qt_feature egl xcb_egl_plugin)
+ $(qt_feature eglfs eglfs_egldevice)
+ $(qt_feature eglfs eglfs_gbm)
+ $(qt_feature evdev)
+ $(qt_feature evdev mtdev)
+ -DQT_FEATURE_gif=ON
+ $(qt_feature jpeg)
+ $(qt_feature opengl)
+ $(qt_feature gles2-only opengles2)
+ $(qt_feature libinput)
+ $(qt_feature tslib)
+ $(qt_feature tuio tuiotouch)
+ $(qt_feature vulkan)
+ $(qt_feature widgets)
+ $(qt_feature X xcb)
+ $(qt_feature X xcb_xlib)
+ )
+ use widgets && mycmakeargs+=(
+ $(qt_feature cups)
+ $(qt_feature gtk gtk3)
+ )
+ if use libinput || use X; then
+ mycmakeargs+=( -DQT_FEATURE_xkbcommon=ON )
+ fi
+ use network && mycmakeargs+=(
+ $(qt_feature brotli)
+ $(qt_feature gssapi)
+ $(qt_feature libproxy)
+ $(qt_feature sctp)
+ $(qt_feature ssl openssl)
+ $(qt_feature vnc)
+ )
+ use sql && mycmakeargs+=(
+ $(qt_feature freetds sql_tds)
+ $(qt_feature mysql sql_mysql)
+ $(qt_feature oci8 sql_oci)
+ $(qt_feature odbc sql_odbc)
+ $(qt_feature postgres sql_psql)
+ $(qt_feature sqlite sql_sqlite)
+ $(qt_feature sqlite system_sqlite)
+ )
+
+ qt6-build_src_configure
+}
+
+src_install() {
+ qt6-build_src_install
+
+ # https://bugs.gentoo.org/863395
+ qt6_symlink_binary_to_path qmake 6
+}