gentoo auto-resync : 24:05:2023 - 09:01:50

3 files changed, 60 insertions, 2 deletions

diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest
index 13bc51598c16..53e539b066e2 100644
--- a/dev-qt/qtbase/Manifest
+++ b/dev-qt/qtbase/Manifest
@@ -1,4 +1,5 @@
+AUX qtbase-6.5.0-CVE-2023-32762.patch 2425 BLAKE2B 3a69063ebf4e94debe19eb97747e7fcbae626177ae265d44a4cca5576584192b6d878d65241dbc2c6e791ae8e7163835d274bc3387fe4035901a8d7c9e14470a SHA512 6631f772416fdd1d870fc98377617003d892e100357995b540d9e6abb5fedc9620a69042d8ba64fa72f3c03728a084e04cf8bf6256ba02dde8236060de9bfa79
 AUX qtbase-6.5.0-setActiveWindow-deprecated-version.patch 1237 BLAKE2B 5a0dee47bded6460d4643964b54bcccde2a286b6d8ffe6201781814fe6a19f2ec5d07c91bdda68004cc5a516e74a7437fba4959326d150d93ece9e834756d2ba SHA512 019d88b27295a62087f27c655afced7f59576bcb2faa8c791a303f8254d359fa006f6a2aafd665812c646c535665783cc2b1a0dfa26043407122ef462b260d06
 DIST qtbase-everywhere-src-6.5.0.tar.xz 48020636 BLAKE2B 234000eeb6e1b57a1c7561613bf437453fc2db0d23d5ddd61c38961311a7de5263c086864554aff7a0bc1e5a406af78ef8342eed3c8a5f48b9237912614f380b SHA512 29f70b9a9650afdd8e34703a7a8191feab4c3a25d0bc3a41010ea842389335b24e2685721fdb4a03653475ebd9bf8a8e4f4a77bf5d64b1289590b5ca0e4623f3
-EBUILD qtbase-6.5.0-r1.ebuild 5044 BLAKE2B af7406aeac945bcf34e592fb78a076c10f1aff39aa35e884663ce9dbd6fbb3b561ae1371da7a40d3c260d736094425722e0fc4625671d659b700743b22f39d43 SHA512 2bba32f0ee1ed272729505b7d6d466492398f1a2432eb9a8be9cd7f9409101147077af1d8a4eaf43af6d9038eee0d2dfbd196f7765489e836afb7cde8d27de74
+EBUILD qtbase-6.5.0-r2.ebuild 5093 BLAKE2B 236c60ab4f4bf61adfc6f40ce1886f97d81cd498e663f3d7027fb2562e6fbb52e5035b436090ac91577a307647c43728a8910bd21b7cc1138338f862d67f6121 SHA512 5c946ad6284c87ff8546717e9782e1a7436e1009f72069a448284f29ed54009987cc0e7d65cd8f8f8d3beb3472a2c925d2158820fac5da9b425b45d3aa846493
 MISC metadata.xml 1762 BLAKE2B fd53799e4a3668fb8d32798f1d128df86aaa7181563655ffb71d6c15a7bab33e5fb08f3c5b41695e8fee4a46f5a5216030d0aeb0927eaeec387136ec66964a8f SHA512 6e05599e981d07f7a6d79eda9e1ef9e41383e05aec5442fed8a46be87245b6e9a77fb9b469fe656f9fdd29ffb69767136c0922baed3c5448ca8c58ee70ad713d
diff --git a/dev-qt/qtbase/files/qtbase-6.5.0-CVE-2023-32762.patch b/dev-qt/qtbase/files/qtbase-6.5.0-CVE-2023-32762.patch
new file mode 100644
index 000000000000..3574706fcd85
--- /dev/null
+++ b/dev-qt/qtbase/files/qtbase-6.5.0-CVE-2023-32762.patch
@@ -0,0 +1,54 @@
+From eae7c36d681acfb82572b56e24bbb2cd42242e57 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
+Date: Fri, 5 May 2023 11:07:26 +0200
+Subject: [PATCH] Hsts: match header names case insensitively
+
+Header field names are always considered to be case-insensitive.
+
+Fixes: QTBUG-113392
+Change-Id: Ifb4def4bb7f2ac070416cdc76581a769f1e52b43
+Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
+Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
+Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
+(cherry picked from commit 1b736a815be0222f4b24289cf17575fc15707305)
+Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
+---
+ src/network/access/qhsts.cpp                 | 4 ++--
+ tests/auto/network/access/hsts/tst_qhsts.cpp | 6 ++++++
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp
+index 39905f354807..82deede17298 100644
+--- a/src/network/access/qhsts.cpp
++++ b/src/network/access/qhsts.cpp
+@@ -327,8 +327,8 @@ quoted-pair    = "\" CHAR
+ bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers)
+ {
+     for (const auto &h : headers) {
+-        // We use '==' since header name was already 'trimmed' for us:
+-        if (h.first == "Strict-Transport-Security") {
++        // We compare directly because header name was already 'trimmed' for us:
++        if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
+             header = h.second;
+             // RFC6797, 8.1:
+             //
+diff --git a/tests/auto/network/access/hsts/tst_qhsts.cpp b/tests/auto/network/access/hsts/tst_qhsts.cpp
+index 252f5e8f5792..97a2d2889e57 100644
+--- a/tests/auto/network/access/hsts/tst_qhsts.cpp
++++ b/tests/auto/network/access/hsts/tst_qhsts.cpp
+@@ -216,6 +216,12 @@ void tst_QHsts::testSTSHeaderParser()
+     QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc());
+     QVERIFY(parser.includeSubDomains());
+ 
++    list.pop_back();
++    list << Header("strict-transport-security", "includeSubDomains;max-age=1000");
++    QVERIFY(parser.parse(list));
++    QVERIFY(parser.expirationDate() > QDateTime::currentDateTimeUtc());
++    QVERIFY(parser.includeSubDomains());
++
+     list.pop_back();
+     // Invalid (includeSubDomains twice):
+     list << Header("Strict-Transport-Security", "max-age = 1000 ; includeSubDomains;includeSubDomains");
+-- 
+2.16.3
+
diff --git a/dev-qt/qtbase/qtbase-6.5.0-r1.ebuild b/dev-qt/qtbase/qtbase-6.5.0-r2.ebuild
index b99943b6b2db..afcd30dfe9f6 100644
--- a/dev-qt/qtbase/qtbase-6.5.0-r1.ebuild
+++ b/dev-qt/qtbase/qtbase-6.5.0-r2.ebuild
@@ -103,7 +103,10 @@ DEPEND="
 "
 RDEPEND="${DEPEND}"
 
-PATCHES=( "${FILESDIR}/${PN}-6.5.0-setActiveWindow-deprecated-version.patch" )
+PATCHES=(
+	"${FILESDIR}/${PN}-6.5.0-setActiveWindow-deprecated-version.patch"
+	"${FILESDIR}/${PN}-6.5.0-CVE-2023-32762.patch"
+)
 
 src_configure() {
 	local mycmakeargs=(