From 6b0845fa8c13b564c6d0b26891c0b043afe0e6bc Mon Sep 17 00:00:00 2001 From: Ionen Wolkens Date: Tue, 16 Jul 2024 19:28:03 -0400 Subject: dev-qt/qtbase: backport fix for CVE-2024-39936 Still no update from Qt's blog, but given been handled for Qt5 may as well do it here too at this point. Bug: https://bugs.gentoo.org/935869 Signed-off-by: Ionen Wolkens --- .../qtbase/files/qtbase-6.7.2-CVE-2024-39936.patch | 200 ++++++++++++ dev-qt/qtbase/qtbase-6.7.2-r1.ebuild | 350 +++++++++++++++++++++ 2 files changed, 550 insertions(+) create mode 100644 dev-qt/qtbase/files/qtbase-6.7.2-CVE-2024-39936.patch create mode 100644 dev-qt/qtbase/qtbase-6.7.2-r1.ebuild (limited to 'dev-qt') diff --git a/dev-qt/qtbase/files/qtbase-6.7.2-CVE-2024-39936.patch b/dev-qt/qtbase/files/qtbase-6.7.2-CVE-2024-39936.patch new file mode 100644 index 000000000000..cc6238a55f1b --- /dev/null +++ b/dev-qt/qtbase/files/qtbase-6.7.2-CVE-2024-39936.patch @@ -0,0 +1,200 @@ +https://bugs.gentoo.org/935869 +https://github.com/qt/qtbase/commit/2b1e36e183ce75c224305c7a94457b92f7a5cf58 +From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= +Date: Tue, 25 Jun 2024 17:09:35 +0200 +Subject: [PATCH] HTTP2: Delay any communication until encrypted() can be + responded to + +We have the encrypted() signal that lets users do extra checks on the +established connection. It is emitted as BlockingQueued, so the HTTP +thread stalls until it is done emitting. Users can potentially call +abort() on the QNetworkReply at that point, which is passed as a Queued +call back to the HTTP thread. That means that any currently queued +signal emission will be processed before the abort() call is processed. + +In the case of HTTP2 it is a little special since it is multiplexed and +the code is built to start requests as they are available. This means +that, while the code worked fine for HTTP1, since one connection only +has one request, it is not working for HTTP2, since we try to send more +requests in-between the encrypted() signal and the abort() call. + +This patch changes the code to delay any communication until the +encrypted() signal has been emitted and processed, for HTTP2 only. +It's done by adding a few booleans, both to know that we have to return +early and so we can keep track of what events arose and what we need to +resume once enough time has passed that any abort() call must have been +processed. + +Fixes: QTBUG-126610 +--- a/src/network/access/qhttp2protocolhandler.cpp ++++ b/src/network/access/qhttp2protocolhandler.cpp +@@ -304,10 +304,10 @@ + } + +- if (!prefaceSent && !sendClientPreface()) +- return false; +- + if (!requests.size()) + return true; + ++ if (!prefaceSent && !sendClientPreface()) ++ return false; ++ + m_channel->state = QHttpNetworkConnectionChannel::WritingState; + // Check what was promised/pushed, maybe we do not have to send a request +--- a/src/network/access/qhttpnetworkconnectionchannel.cpp ++++ b/src/network/access/qhttpnetworkconnectionchannel.cpp +@@ -210,4 +210,8 @@ + { + Q_ASSERT(protocolHandler); ++ if (waitingForPotentialAbort) { ++ needInvokeSendRequest = true; ++ return false; // this return value is unused ++ } + return protocolHandler->sendRequest(); + } +@@ -222,7 +226,6 @@ + { + QMetaObject::invokeMethod(this, [this] { +- Q_ASSERT(protocolHandler); + if (reply) +- protocolHandler->sendRequest(); ++ sendRequest(); + }, Qt::ConnectionType::QueuedConnection); + } +@@ -231,4 +234,8 @@ + { + Q_ASSERT(protocolHandler); ++ if (waitingForPotentialAbort) { ++ needInvokeReceiveReply = true; ++ return; ++ } + protocolHandler->_q_receiveReply(); + } +@@ -237,4 +244,8 @@ + { + Q_ASSERT(protocolHandler); ++ if (waitingForPotentialAbort) { ++ needInvokeReadyRead = true; ++ return; ++ } + protocolHandler->_q_readyRead(); + } +@@ -1240,5 +1251,16 @@ + // Similar to HTTP/1.1 counterpart below: + const auto &pair = std::as_const(h2RequestsToSend).first(); ++ waitingForPotentialAbort = true; + emit pair.second->encrypted(); ++ ++ // We don't send or handle any received data until any effects from ++ // emitting encrypted() have been processed. This is necessary ++ // because the user may have called abort(). We may also abort the ++ // whole connection if the request has been aborted and there is ++ // no more requests to send. ++ QMetaObject::invokeMethod(this, ++ &QHttpNetworkConnectionChannel::checkAndResumeCommunication, ++ Qt::QueuedConnection); ++ + // In case our peer has sent us its settings (window size, max concurrent streams etc.) + // let's give _q_receiveReply a chance to read them first ('invokeMethod', QueuedConnection). +@@ -1258,4 +1280,26 @@ + } + ++ ++void QHttpNetworkConnectionChannel::checkAndResumeCommunication() ++{ ++ Q_ASSERT(connection->connectionType() == QHttpNetworkConnection::ConnectionTypeHTTP2 ++ || connection->connectionType() == QHttpNetworkConnection::ConnectionTypeHTTP2Direct); ++ ++ // Because HTTP/2 requires that we send a SETTINGS frame as the first thing we do, and respond ++ // to a SETTINGS frame with an ACK, we need to delay any handling until we can ensure that any ++ // effects from emitting encrypted() have been processed. ++ // This function is called after encrypted() was emitted, so check for changes. ++ ++ if (!reply && h2RequestsToSend.isEmpty()) ++ abort(); ++ waitingForPotentialAbort = false; ++ if (needInvokeReadyRead) ++ _q_readyRead(); ++ if (needInvokeReceiveReply) ++ _q_receiveReply(); ++ if (needInvokeSendRequest) ++ sendRequest(); ++} ++ + void QHttpNetworkConnectionChannel::requeueHttp2Requests() + { +--- a/src/network/access/qhttpnetworkconnectionchannel_p.h ++++ b/src/network/access/qhttpnetworkconnectionchannel_p.h +@@ -75,4 +75,8 @@ + bool ssl; + bool isInitialized; ++ bool waitingForPotentialAbort = false; ++ bool needInvokeReceiveReply = false; ++ bool needInvokeReadyRead = false; ++ bool needInvokeSendRequest = false; + ChannelState state; + QHttpNetworkRequest request; // current request, only used for HTTP +@@ -147,4 +151,6 @@ + void resendCurrentRequest(); + ++ void checkAndResumeCommunication(); ++ + bool isSocketBusy() const; + bool isSocketWriting() const; +--- a/tests/auto/network/access/http2/tst_http2.cpp ++++ b/tests/auto/network/access/http2/tst_http2.cpp +@@ -107,4 +107,6 @@ + void duplicateRequestsWithAborts(); + ++ void abortOnEncrypted(); ++ + protected slots: + // Slots to listen to our in-process server: +@@ -1480,4 +1482,46 @@ + } + ++void tst_Http2::abortOnEncrypted() ++{ ++#if !QT_CONFIG(ssl) ++ QSKIP("TLS support is needed for this test"); ++#else ++ clearHTTP2State(); ++ serverPort = 0; ++ ++ ServerPtr targetServer(newServer(defaultServerSettings, H2Type::h2Direct)); ++ ++ QMetaObject::invokeMethod(targetServer.data(), "startServer", Qt::QueuedConnection); ++ runEventLoop(); ++ ++ nRequests = 1; ++ nSentRequests = 0; ++ ++ const auto url = requestUrl(H2Type::h2Direct); ++ QNetworkRequest request(url); ++ request.setAttribute(QNetworkRequest::Http2DirectAttribute, true); ++ ++ std::unique_ptr reply{manager->get(request)}; ++ reply->ignoreSslErrors(); ++ connect(reply.get(), &QNetworkReply::encrypted, reply.get(), [reply = reply.get()](){ ++ reply->abort(); ++ }); ++ connect(reply.get(), &QNetworkReply::errorOccurred, this, &tst_Http2::replyFinishedWithError); ++ ++ runEventLoop(); ++ STOP_ON_FAILURE ++ ++ QCOMPARE(nRequests, 0); ++ QCOMPARE(reply->error(), QNetworkReply::OperationCanceledError); ++ ++ const bool res = QTest::qWaitFor( ++ [this, server = targetServer.get()]() { ++ return serverGotSettingsACK || prefaceOK || nSentRequests > 0; ++ }, ++ 500); ++ QVERIFY(!res); ++#endif // QT_CONFIG(ssl) ++} ++ + void tst_Http2::serverStarted(quint16 port) + { diff --git a/dev-qt/qtbase/qtbase-6.7.2-r1.ebuild b/dev-qt/qtbase/qtbase-6.7.2-r1.ebuild new file mode 100644 index 000000000000..499bf7372d57 --- /dev/null +++ b/dev-qt/qtbase/qtbase-6.7.2-r1.ebuild @@ -0,0 +1,350 @@ +# Copyright 2021-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit qt6-build toolchain-funcs + +DESCRIPTION="Cross-platform application development framework" + +if [[ ${QT6_BUILD_TYPE} == release ]]; then + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi + +declare -A QT6_IUSE=( + [global]="+ssl +udev zstd" + [core]="icu" + [modules]="+concurrent +dbus +gui +network +sql +xml" + + [gui]=" + +X accessibility eglfs evdev gles2-only +libinput + opengl renderdoc tslib vulkan wayland +widgets + " + [network]="brotli gssapi libproxy sctp" + [sql]="mysql oci8 odbc postgres +sqlite" + [widgets]="cups gtk" + + [optfeature]="nls" #810802 +) +IUSE="${QT6_IUSE[*]}" +REQUIRED_USE=" + $( + printf '%s? ( gui ) ' ${QT6_IUSE[gui]//+/} + printf '%s? ( network ) ' ${QT6_IUSE[network]//+/} + printf '%s? ( sql ) ' ${QT6_IUSE[sql]//+/} + printf '%s? ( gui widgets ) ' ${QT6_IUSE[widgets]//+/} + ) + accessibility? ( dbus ) + eglfs? ( opengl ) + gles2-only? ( opengl ) + gui? ( || ( X eglfs wayland ) ) + libinput? ( udev ) + sql? ( || ( ${QT6_IUSE[sql]//+/} ) ) + test? ( icu sql? ( sqlite ) ) +" + +# groups: +# - global (configure.cmake) +# - qtcore (src/corelib/configure.cmake) +# - qtgui (src/gui/configure.cmake) +# - qtnetwork (src/network/configure.cmake) +# - qtprintsupport (src/printsupport/configure.cmake) [gui+widgets] +# - qtsql (src/plugins/sqldrivers/configure.cmake) +# dlopen: renderdoc +RDEPEND=" + sys-libs/zlib:= + ssl? ( dev-libs/openssl:= ) + udev? ( virtual/libudev:= ) + zstd? ( app-arch/zstd:= ) + + app-crypt/libb2 + dev-libs/double-conversion:= + dev-libs/glib:2 + dev-libs/libpcre2:=[pcre16,unicode(+)] + icu? ( dev-libs/icu:= ) + + dbus? ( sys-apps/dbus ) + gui? ( + media-libs/fontconfig + media-libs/freetype:2 + media-libs/harfbuzz:= + media-libs/libjpeg-turbo:= + media-libs/libpng:= + x11-libs/libdrm + x11-libs/libxkbcommon[X?] + X? ( + x11-libs/libICE + x11-libs/libSM + x11-libs/libX11 + x11-libs/libxcb:= + x11-libs/xcb-util-cursor + x11-libs/xcb-util-image + x11-libs/xcb-util-keysyms + x11-libs/xcb-util-renderutil + x11-libs/xcb-util-wm + ) + accessibility? ( app-accessibility/at-spi2-core:2 ) + eglfs? ( media-libs/mesa[gbm(+)] ) + evdev? ( sys-libs/mtdev ) + libinput? ( dev-libs/libinput:= ) + opengl? ( + gles2-only? ( media-libs/libglvnd ) + !gles2-only? ( media-libs/libglvnd[X?] ) + ) + renderdoc? ( media-gfx/renderdoc ) + tslib? ( x11-libs/tslib ) + widgets? ( + cups? ( net-print/cups ) + gtk? ( + x11-libs/gdk-pixbuf:2 + x11-libs/gtk+:3 + x11-libs/pango + ) + ) + ) + network? ( + brotli? ( app-arch/brotli:= ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + ) + sql? ( + mysql? ( dev-db/mysql-connector-c:= ) + oci8? ( dev-db/oracle-instantclient:=[sdk] ) + odbc? ( dev-db/unixODBC ) + postgres? ( dev-db/postgresql:* ) + sqlite? ( dev-db/sqlite:3 ) + ) +" +DEPEND=" + ${RDEPEND} + X? ( x11-base/xorg-proto ) + gui? ( + vulkan? ( dev-util/vulkan-headers ) + ) + network? ( + sctp? ( net-misc/lksctp-tools ) + ) + test? ( + elibc_musl? ( sys-libs/timezone-data ) + ) +" +BDEPEND="zstd? ( app-arch/libarchive[zstd] )" #910392 +PDEPEND=" + nls? ( ~dev-qt/qttranslations-${PV}:6 ) + wayland? ( ~dev-qt/qtwayland-${PV}:6 ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-6.5.2-hppa-forkfd-grow-stack.patch + "${FILESDIR}"/${PN}-6.5.2-no-symlink-check.patch + "${FILESDIR}"/${PN}-6.6.1-forkfd-childstack-size.patch + "${FILESDIR}"/${PN}-6.6.3-gcc14-avx512fp16.patch + "${FILESDIR}"/${PN}-6.7.2-CVE-2024-39936.patch +) + +src_prepare() { + qt6-build_src_prepare + + if use test; then + # test itself has -Werror=strict-aliasing issues, drop for simplicity + sed -e '/add_subdirectory(qsharedpointer)/d' \ + -i tests/auto/corelib/tools/CMakeLists.txt || die + + # workaround for __extendhfxf2 being used for tst_qfloat16.cpp + # which is unavailable with compiler-rt (assume used if clang) + if tc-is-clang; then + sed -e '/add_subdirectory(qfloat16)/d' \ + -i tests/auto/corelib/global/CMakeLists.txt || die + fi + fi +} + +src_configure() { + local mycmakeargs=( + -DBUILD_WITH_PCH=OFF + + -DINSTALL_ARCHDATADIR="${QT6_ARCHDATADIR}" + -DINSTALL_BINDIR="${QT6_BINDIR}" + -DINSTALL_DATADIR="${QT6_DATADIR}" + -DINSTALL_DOCDIR="${QT6_DOCDIR}" + -DINSTALL_EXAMPLESDIR="${QT6_EXAMPLESDIR}" + -DINSTALL_INCLUDEDIR="${QT6_HEADERDIR}" + -DINSTALL_LIBDIR="${QT6_LIBDIR}" + -DINSTALL_LIBEXECDIR="${QT6_LIBEXECDIR}" + -DINSTALL_MKSPECSDIR="${QT6_MKSPECSDIR}" + -DINSTALL_PLUGINSDIR="${QT6_PLUGINDIR}" + -DINSTALL_QMLDIR="${QT6_QMLDIR}" + -DINSTALL_SYSCONFDIR="${QT6_SYSCONFDIR}" + -DINSTALL_TRANSLATIONSDIR="${QT6_TRANSLATIONDIR}" + + -DQT_UNITY_BUILD=ON # ~30% faster build, affects other dev-qt/* too + + -DQT_FEATURE_relocatable=OFF #927691 + $(qt_feature ssl openssl) + $(qt_feature ssl openssl_linked) + $(qt_feature udev libudev) + $(qt_feature zstd) + + # qtcore + $(qt_feature icu) + + # tools + -DQT_FEATURE_androiddeployqt=OFF + + # modules + $(qt_feature concurrent) + $(qt_feature dbus) + $(qt_feature gui) + $(qt_feature network) + $(qt_feature sql) + # trivial, and is often needed (sometimes even when not building tests) + -DQT_FEATURE_testlib=ON + $(qt_feature xml) + ) + + use gui && mycmakeargs+=( + $(qt_feature X xcb) + $(qt_feature X system_xcb_xinput) + $(qt_feature X xkbcommon_x11) + $(cmake_use_find_package X X11) # needed for truly no automagic + $(qt_feature accessibility accessibility_atspi_bridge) + $(qt_feature eglfs) + $(qt_feature evdev) + $(qt_feature evdev mtdev) + $(qt_feature libinput) + $(qt_feature renderdoc graphicsframecapture) + $(qt_feature tslib) + $(qt_feature vulkan) + $(qt_feature wayland) + $(qt_feature widgets) + -DINPUT_opengl=$(usex opengl $(usex gles2-only es2 desktop) no) + -DQT_FEATURE_system_textmarkdownreader=OFF # TODO?: package md4c + ) && use widgets && mycmakeargs+=( + # note: qtprintsupport is enabled w/ gui+widgets regardless of USE=cups + $(qt_feature cups) + $(qt_feature gtk gtk3) + ) + + use network && mycmakeargs+=( + $(qt_feature brotli) + $(qt_feature gssapi) + $(qt_feature libproxy) + $(qt_feature sctp) + $(usev test -DQT_SKIP_DOCKER_COMPOSE=ON) + ) + + use sql && mycmakeargs+=( + -DQT_FEATURE_sql_db2=OFF # unpackaged + -DQT_FEATURE_sql_ibase=OFF # unpackaged + -DQT_FEATURE_sql_mimer=OFF # unpackaged + $(qt_feature mysql sql_mysql) + $(qt_feature oci8 sql_oci) + $(usev oci8 -DOracle_ROOT="${ESYSROOT}"/usr/$(get_libdir)/oracle/client) + $(qt_feature odbc sql_odbc) + $(qt_feature postgres sql_psql) + $(qt_feature sqlite sql_sqlite) + $(qt_feature sqlite system_sqlite) + ) + + qt6-build_src_configure +} + +src_test() { + local -x TZ=UTC + local -x LC_TIME=C + + local CMAKE_SKIP_TESTS=( + # broken with out-of-source + if qtbase is not already installed + tst_moc + tst_qmake + # similarly broken when relocatable=OFF (bug #927691) + tst_qapplication + tst_qt_cmake_create + tst_uic + # needs x11/opengl, we *could* run these but tend to be flaky + # when opengl rendering is involved (even if software-only) + tst_qopengl{,config,widget,window} + tst_qgraphicsview + tst_qx11info + # fails with network sandbox + tst_qdnslookup + # fails with sandbox + tst_qsharedmemory + # typical to lack SCTP support on non-generic kernels + tst_qsctpsocket + # randomly fails without -j1, and not worth it over this (bug #916181) + tst_qfiledialog{,2} + # may randomly hang+timeout, perhaps related to -j as well + tst_qtimer + # these can be flaky depending on the environment/toolchain + tst_qlogging # backtrace log test can easily vary + tst_q{,raw}font # affected by available fonts / settings (bug #914737) + tst_qprinter # checks system's printers (bug #916216) + tst_qhighdpi # may detect users' settings and fail (bug #935364) + tst_qstorageinfo # checks mounted filesystems + # flaky due to using different test framework and fails with USE=-gui + tst_selftests + # known failing when using clang+glibc+stdc++, needs looking into + tst_qthread + # partially failing on x86 chroots and seemingly(?) harmless (dev-qt + # revdeps tests pass), skip globally to avoid keywording flakiness + tst_json + tst_qcolorspace + tst_qdoublevalidator + tst_qglobal + tst_qglyphrun + tst_qvectornd + tst_rcc + # similarly, but on armv7 and potentially others (bug #914028) + tst_qlineedit + tst_qpainter + # likewise, known failing on BE arches (bug #914033,914371,918878) + tst_qimagereader + tst_qimagewriter + tst_qpluginloader + tst_quuid # >=6.6.2 had related fixes, needs retesting + # partially broken on llvm-musl, needs looking into but skip to have + # a baseline for regressions (rest of dev-qt still passes with musl) + $(usev elibc_musl ' + tst_qicoimageformat + tst_qimagereader + tst_qimage + tst_qprocess + ') + # fails due to hppa's NaN handling, needs looking into (bug #914371) + $(usev hppa ' + tst_qcborvalue + tst_qnumeric + ') + # bug #914033 + $(usev sparc ' + tst_qbuffer + tst_qprocess + tst_qtconcurrentiteratekernel + ') + # note: for linux, upstream only really runs+maintains tests for amd64 + # https://doc.qt.io/qt-6/supported-platforms.html + ) + + qt6-build_src_test +} + +src_install() { + qt6-build_src_install + + if use test; then + local delete_bins=( # need a better way to handle this + clientserver copier crashingServer desktopsettingsaware_helper + echo fileWriterProcess modal_helper nospace 'one space' + paster qcommandlineparser_test_helper qfileopeneventexternal + socketprocess syslocaleapp tst_qhashseed_helper 'two space s' + write-read-write + ) + local delete=( # sigh + "${D}${QT6_BINDIR}"/test* + "${delete_bins[@]/#/${D}${QT6_BINDIR}/}" + ) + # using -f given not tracking which tests may be skipped or not + rm -rf -- "${delete[@]}" || die + fi +} -- cgit v1.2.3-65-gdbad