gentoo auto-resync : 26:02:2025 - 19:26:07

5 files changed, 8 insertions, 310 deletions

diff --git a/dev-qt/qtconnectivity/Manifest b/dev-qt/qtconnectivity/Manifest
index 0d02466b1d37..4ad40a18beb4 100644
--- a/dev-qt/qtconnectivity/Manifest
+++ b/dev-qt/qtconnectivity/Manifest
@@ -1,9 +1,6 @@
-AUX qtconnectivity-6.8.1-CVE-2025-23050.patch 7780 BLAKE2B edda2d15f8f22ccc590a0fabfa75925be68dcbbc664dabb95780f508ed08e241cc59b4cb2e762e90a6ad3568cc9de1036d3cc98ef9e17e90e463dc7eb4fbca87 SHA512 34b2ff2cf0189d140c576546629e83ac08ffcc3b5aa729fe7d224f2554f5f8e48d03dbe4d136cce3b933495774ee83650f6cdd03fc01de7a3d0c5f567e64e380
-DIST qtconnectivity-everywhere-src-6.8.1.tar.xz 1067952 BLAKE2B d0c1dbc863dbd12041321248f9256d63f03ecf919ac7c60f3e3e87dd4102fa9063dbb3b0896e3f168713e4dd7eccf2deb62109bea39ba8425184aaf9c019dee1 SHA512 61933f37210323cd912ec677322002557dae308228e390f692beb88374f328b2791e3448b14256a570de741ef6f3e935261ab90cfd3ae22725a8919bd304a8fb
 DIST qtconnectivity-everywhere-src-6.8.2.tar.xz 1069068 BLAKE2B fcbb13ff28486586466eafec913fb6504ee6e79787e7bfa6362ea74ee755b70c390a2f2ebf96cdf74c875a33ab1673d296f497085e2b8c3b83d09ed9590b772f SHA512 b1310fc90c7a64a4d89586fd38119377b3b67ead57271c6713897d649b2154cd55bd07c97a53f12e7a9d720a1b8b6b630eeea43e44c6798f6313ea8e70e10767
-EBUILD qtconnectivity-6.8.1-r1.ebuild 1948 BLAKE2B e8deea8fc0cf632f7f473e7421ffdbb9be6c1e223f74623ae1f7a0aa84f537151f1eb5d4e6a9a090bcb5a3faf1bcb31adb7531aa3d5e9c40f871308cd56490a3 SHA512 589dfcefe079823097a98d2a992084ffcbc0e54985ad917b0af441add5005228911532c6f6058dd9890e3e1760a3e7f25d6dbda288f8a462cbc76a6f72000eda
 EBUILD qtconnectivity-6.8.2.ebuild 1894 BLAKE2B 60b010ed8eeac5a815e7f65e35ceea8ca6451a05971681b9f7b8e9257778cc885b94565c1fed3e02e9c75b9971d67a9bf9ab23559c3cefdc353aedcf4441f7ae SHA512 bcf1fe9bfda1622c0edf7d885272e527a9d8e7eef39ea7d0fb6ce3f7a2f1582d552131c4ef3643f3b4be98495ecfc5d9b87ce4fb2572768f7a24ef5f8ec1c007
 EBUILD qtconnectivity-6.8.9999.ebuild 1900 BLAKE2B 793c75a1ad6163c68f41ac12cc4878a490126ac48197de40fb644df49e95299af53f32cd8a734dc2873f2d21528c787c92352db01ea5395ba646312976b517c4 SHA512 8ce94f9e5d17a0a5052e8c7fa84aba0924a275184e6c3630f1a48d13c44abf1980664eafed9e2718ab6553ad110b84ab5ced95a8ef21532fd34d3e3fcebf01fd
-EBUILD qtconnectivity-6.9.9999.ebuild 1900 BLAKE2B 793c75a1ad6163c68f41ac12cc4878a490126ac48197de40fb644df49e95299af53f32cd8a734dc2873f2d21528c787c92352db01ea5395ba646312976b517c4 SHA512 8ce94f9e5d17a0a5052e8c7fa84aba0924a275184e6c3630f1a48d13c44abf1980664eafed9e2718ab6553ad110b84ab5ced95a8ef21532fd34d3e3fcebf01fd
-EBUILD qtconnectivity-6.9999.ebuild 1900 BLAKE2B 793c75a1ad6163c68f41ac12cc4878a490126ac48197de40fb644df49e95299af53f32cd8a734dc2873f2d21528c787c92352db01ea5395ba646312976b517c4 SHA512 8ce94f9e5d17a0a5052e8c7fa84aba0924a275184e6c3630f1a48d13c44abf1980664eafed9e2718ab6553ad110b84ab5ced95a8ef21532fd34d3e3fcebf01fd
+EBUILD qtconnectivity-6.9.9999.ebuild 1899 BLAKE2B 0b25c4e38f4a69fea31e44591fc0f2b75bb7201f4dce731360230f5373d0d91e18e167d9151915e49834a59a918af12bb8f7faad0d119de918350a249a872979 SHA512 8aa2bfad1b368de56a977e9a0778fc99ba7c2348c79c27fe78f7908a1005e87aa919c69df48f9c3a1ee6e48cbe559dfda9d05ffa0837fe4b862953623dc904f3
+EBUILD qtconnectivity-6.9999.ebuild 1899 BLAKE2B 0b25c4e38f4a69fea31e44591fc0f2b75bb7201f4dce731360230f5373d0d91e18e167d9151915e49834a59a918af12bb8f7faad0d119de918350a249a872979 SHA512 8aa2bfad1b368de56a977e9a0778fc99ba7c2348c79c27fe78f7908a1005e87aa919c69df48f9c3a1ee6e48cbe559dfda9d05ffa0837fe4b862953623dc904f3
 MISC metadata.xml 721 BLAKE2B 4c2d1448a532b27910627b3fa1b8912b9048434058ee6f7b14276913ad5d77e55a6f2200002953863aa76ef5d66c04126995e0746cfaf208fa6dbd6e9b622ce1 SHA512 17808c1ab2c7a8e36f6f20801ac288abfd3b390d67ae55212d0d6b890aa7bb49ad8c7d3899cade2d8515faee76a5e02b3cfc582e3f5dde744371592e6d8dfb67
diff --git a/dev-qt/qtconnectivity/files/qtconnectivity-6.8.1-CVE-2025-23050.patch b/dev-qt/qtconnectivity/files/qtconnectivity-6.8.1-CVE-2025-23050.patch
deleted file mode 100644
index 832807a9bb80..000000000000
--- a/dev-qt/qtconnectivity/files/qtconnectivity-6.8.1-CVE-2025-23050.patch
+++ /dev/null
@@ -1,210 +0,0 @@
-https://bugs.gentoo.org/948573
-https://www.qt.io/blog/security-advisory-qlowenergycontroller-on-linux
-https://codereview.qt-project.org/c/qt/qtconnectivity/+/617004
-From: Ivan Solovev <ivan.solovev@qt.io>
-Date: Thu, 02 Jan 2025 16:48:49 +0100
-Subject: [PATCH] QLowEnergyControllerPrivateBluez: guard against malformed replies
-
-The QLowEnergyControllerPrivateBluez::l2cpReadyRead() slot reads the
-data from a Bluetooth L2CAP socket and then tries to process it
-according to ATT protocol specs.
-
-However, the code was missing length and sanity checks at some
-codepaths in processUnsolicitedReply() and processReply() helper
-methods, simply relying on the data to be in the proper format.
-
-This patch adds some minimal checks to make sure that we do not read
-past the end of the received array and do not divide by zero.
-
-This problem was originally pointed out by Marc Mutz in an unrelated
-patch.
---- a/src/bluetooth/qlowenergycontroller_bluez.cpp
-+++ b/src/bluetooth/qlowenergycontroller_bluez.cpp
-@@ -64,14 +64,15 @@
- 
- const int maxPrepareQueueSize = 1024;
- 
--static void dumpErrorInformation(const QByteArray &response)
-+/* returns false if the format is incorrect */
-+static bool dumpErrorInformation(const QByteArray &response)
- {
-     const char *data = response.constData();
-     if (response.size() != 5
-         || (static_cast<QBluezConst::AttCommand>(data[0])
-             != QBluezConst::AttCommand::ATT_OP_ERROR_RESPONSE)) {
-         qCWarning(QT_BT_BLUEZ) << QLatin1String("Not a valid error response");
--        return;
-+        return false;
-     }
- 
-     QBluezConst::AttCommand lastCommand = static_cast<QBluezConst::AttCommand>(data[1]);
-@@ -126,6 +127,8 @@
- 
-     qCDebug(QT_BT_BLUEZ) << "Error:" << errorCode << "Error description:" << errorString
-                          << "last command:" << lastCommand << "handle:" << handle;
-+
-+    return true;
- }
- 
- static int getUuidSize(const QBluetoothUuid &uuid)
-@@ -903,6 +906,7 @@
- {
-     Q_ASSERT(charData);
-     Q_ASSERT(data);
-+    Q_ASSERT(elementLength >= 5);
- 
-     QLowEnergyHandle attributeHandle = bt_get_le16(&data[0]);
-     charData->properties =
-@@ -912,7 +916,7 @@
-     // Bluetooth LE data comes as little endian
-     if (elementLength == 7) // 16 bit uuid
-         charData->uuid = QBluetoothUuid(bt_get_le16(&data[5]));
--    else
-+    else if (elementLength == 21) // 128 bit uuid
-         charData->uuid = QUuid::fromBytes(&data[5], QSysInfo::LittleEndian);
- 
-     qCDebug(QT_BT_BLUEZ) << "Found handle:" << Qt::hex << attributeHandle
-@@ -929,6 +933,7 @@
- {
-     Q_ASSERT(foundServices);
-     Q_ASSERT(data);
-+    Q_ASSERT(elementLength >= 6);
- 
-     QLowEnergyHandle attributeHandle = bt_get_le16(&data[0]);
- 
-@@ -938,9 +943,14 @@
-     // data[2] -> included service start handle
-     // data[4] -> included service end handle
- 
-+    // TODO: Spec v. 5.3, Vol. 3, Part G, 4.5.1 mentions that only
-+    // 16-bit UUID can be returned here. If the UUID is 128-bit,
-+    // then it is omitted from the response, and should be requested
-+    // separately with the ATT_READ_REQ command.
-+
-     if (elementLength == 8) //16 bit uuid
-         foundServices->append(QBluetoothUuid(bt_get_le16(&data[6])));
--    else
-+    else if (elementLength == 22) // 128 bit uuid
-         foundServices->append(QUuid::fromBytes(&data[6], QSysInfo::LittleEndian));
- 
-     qCDebug(QT_BT_BLUEZ) << "Found included service: " << Qt::hex
-@@ -949,17 +959,29 @@
-     return attributeHandle;
- }
- 
-+Q_DECL_COLD_FUNCTION
-+static void reportMalformedData(QBluezConst::AttCommand cmd, const QByteArray &response)
-+{
-+    qCDebug(QT_BT_BLUEZ, "%s malformed data: %s", qt_getEnumName(cmd),
-+            response.toHex().constData());
-+}
-+
- void QLowEnergyControllerPrivateBluez::processReply(
-         const Request &request, const QByteArray &response)
- {
-     Q_Q(QLowEnergyController);
- 
-+    // We already have an isEmpty() check at the only calling site that reads
-+    // incoming data, so Q_ASSERT is enough.
-+    Q_ASSERT(!response.isEmpty());
-+
-     QBluezConst::AttCommand command = static_cast<QBluezConst::AttCommand>(response.constData()[0]);
- 
-     bool isErrorResponse = false;
-     // if error occurred 2. byte is previous request type
-     if (command == QBluezConst::AttCommand::ATT_OP_ERROR_RESPONSE) {
--        dumpErrorInformation(response);
-+        if (!dumpErrorInformation(response))
-+            return;
-         command = static_cast<QBluezConst::AttCommand>(response.constData()[1]);
-         isErrorResponse = true;
-     }
-@@ -972,6 +994,10 @@
-         if (isErrorResponse) {
-             mtuSize = ATT_DEFAULT_LE_MTU;
-         } else {
-+            if (response.size() < 3) {
-+                reportMalformedData(command, response);
-+                break;
-+            }
-             const char *data = response.constData();
-             quint16 mtu = bt_get_le16(&data[1]);
-             mtuSize = mtu;
-@@ -1000,8 +1026,15 @@
-             break;
-         }
- 
-+        // response[1] == elementLength. According to the spec it should be
-+        // at least 4 bytes. See Spec v5.3, Vol 3, Part F, 3.4.4.10
-+        if (response.size() < 2 || response[1] < 4) {
-+            reportMalformedData(command, response);
-+            break;
-+        }
-+
-         QLowEnergyHandle start = 0, end = 0;
--        const quint16 elementLength = response.constData()[1];
-+        const quint16 elementLength = response.constData()[1]; // value checked above
-         const quint16 numElements = (response.size() - 2) / elementLength;
-         quint16 offset = 2;
-         const char *data = response.constData();
-@@ -1077,16 +1110,25 @@
-         }
- 
-         /* packet format:
--         * if GATT_CHARACTERISTIC discovery
-+         * if GATT_CHARACTERISTIC discovery (Spec 5.3, Vol. 3, Part G, 4.6)
-          *      <opcode><elementLength>
-          *          [<handle><property><charHandle><uuid>]+
-+         * The minimum elementLength is 7 bytes (uuid is always included)
-          *
--         * if GATT_INCLUDE discovery
-+         * if GATT_INCLUDE discovery (Spec 5.3, Vol. 3, Part G, 4.5.1)
-          *      <opcode><elementLength>
-          *          [<handle><startHandle_included><endHandle_included><uuid>]+
-+         *  The minimum elementLength is 6 bytes (uuid can be omitted).
-          *
-          *  The uuid can be 16 or 128 bit.
-          */
-+
-+        const quint8 minimumElementLength = attributeType == GATT_CHARACTERISTIC ? 7 : 6;
-+        if (response.size() < 2 || response[1] < minimumElementLength) {
-+            reportMalformedData(command, response);
-+            break;
-+        }
-+
-         QLowEnergyHandle lastHandle;
-         const quint16 elementLength = response.constData()[1];
-         const quint16 numElements = (response.size() - 2) / elementLength;
-@@ -1283,6 +1325,12 @@
-             break;
-         }
- 
-+        // Spec 5.3, Vol. 3, Part F, 3.4.3.2
-+        if (response.size() < 6) {
-+            reportMalformedData(command, response);
-+            break;
-+        }
-+
-         const quint8 format = response[1];
-         quint16 elementLength;
-         switch (format) {
-@@ -1720,9 +1768,18 @@
- 
- void QLowEnergyControllerPrivateBluez::processUnsolicitedReply(const QByteArray &payload)
- {
-+    Q_ASSERT(!payload.isEmpty());
-+
-     const char *data = payload.constData();
--    bool isNotification = (static_cast<QBluezConst::AttCommand>(data[0])
-+    const auto command = static_cast<QBluezConst::AttCommand>(data[0]);
-+    bool isNotification = (command
-                            == QBluezConst::AttCommand::ATT_OP_HANDLE_VAL_NOTIFICATION);
-+
-+    if (payload.size() < 3) {
-+        reportMalformedData(command, payload);
-+        return;
-+    }
-+
-     const QLowEnergyHandle changedHandle = bt_get_le16(&data[1]);
- 
-     if (QT_BT_BLUEZ().isDebugEnabled()) {
diff --git a/dev-qt/qtconnectivity/qtconnectivity-6.8.1-r1.ebuild b/dev-qt/qtconnectivity/qtconnectivity-6.8.1-r1.ebuild
deleted file mode 100644
index 477f27dabac6..000000000000
--- a/dev-qt/qtconnectivity/qtconnectivity-6.8.1-r1.ebuild
+++ /dev/null
@@ -1,89 +0,0 @@
-# Copyright 2023-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit qt6-build
-
-DESCRIPTION="Bluetooth and NFC support library for the Qt6 framework"
-
-if [[ ${QT6_BUILD_TYPE} == release ]]; then
-	KEYWORDS="amd64 arm arm64 ~loong ppc ppc64 ~riscv x86"
-fi
-
-IUSE="+bluetooth neard nfc smartcard"
-REQUIRED_USE="
-	|| ( bluetooth nfc )
-	nfc? ( ?? ( neard smartcard ) )
-"
-
-DEPEND="
-	~dev-qt/qtbase-${PV}:6[network]
-	bluetooth? (
-		~dev-qt/qtbase-${PV}:6[dbus]
-		net-wireless/bluez:=
-	)
-	nfc? (
-		neard? ( ~dev-qt/qtbase-${PV}:6[dbus] )
-		smartcard? ( sys-apps/pcsc-lite )
-	)
-"
-RDEPEND="
-	${DEPEND}
-	nfc? (
-		neard? ( net-wireless/neard )
-	)
-"
-
-PATCHES=(
-	"${FILESDIR}"/${P}-CVE-2025-23050.patch
-)
-
-CMAKE_SKIP_TESTS=(
-	# most hardware tests are auto-skipped, but some still misbehave
-	# if bluez/hardware is available (generally tests here may not be
-	# very relevant without hardware, lists may need to be extended)
-	tst_qbluetoothdevicediscoveryagent #936485
-	tst_qbluetoothlocaldevice
-	tst_qbluetoothserver
-	tst_qbluetoothservicediscoveryagent
-	tst_qbluetoothserviceinfo
-	tst_qlowenergycontroller
-)
-
-src_prepare() {
-	qt6-build_src_prepare
-
-	use bluetooth ||
-		sed -i '/add_subdirectory(bluetooth)/d' src/CMakeLists.txt || die
-	use nfc ||
-		sed -i '/add_subdirectory(nfc)/d' src/CMakeLists.txt || die
-}
-
-src_configure() {
-	local mycmakeargs=(
-		$(usev nfc "
-			$(qt_feature neard)
-			$(qt_feature smartcard pcsclite)
-		")
-	)
-
-	qt6-build_src_configure
-}
-
-src_install() {
-	qt6-build_src_install
-
-	# broken (unnecessary) symlink due to add_app() being used over add_tool()
-	use !bluetooth || rm -- "${ED}"/usr/bin/sdpscanner6 || die
-
-	if use test; then
-		local delete=( # sigh
-			"${D}${QT6_BINDIR}"/bluetoothtestdevice
-			"${D}${QT6_BINDIR}"/bttestui
-			"${D}${QT6_BINDIR}"/qlecontroller-server
-		)
-		# using -f given not tracking which tests may be skipped or not
-		rm -f -- "${delete[@]}" || die
-	fi
-}
diff --git a/dev-qt/qtconnectivity/qtconnectivity-6.9.9999.ebuild b/dev-qt/qtconnectivity/qtconnectivity-6.9.9999.ebuild
index ed26392897ad..32a29b47c968 100644
--- a/dev-qt/qtconnectivity/qtconnectivity-6.9.9999.ebuild
+++ b/dev-qt/qtconnectivity/qtconnectivity-6.9.9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 2023-2024 Gentoo Authors
+# Copyright 2023-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -18,9 +18,9 @@ REQUIRED_USE="
 "
 
 DEPEND="
-	~dev-qt/qtbase-${PV}:6[network]
+	~dev-qt/qtbase-${PV}:6
 	bluetooth? (
-		~dev-qt/qtbase-${PV}:6[dbus]
+		~dev-qt/qtbase-${PV}:6[dbus,network]
 		net-wireless/bluez:=
 	)
 	nfc? (
diff --git a/dev-qt/qtconnectivity/qtconnectivity-6.9999.ebuild b/dev-qt/qtconnectivity/qtconnectivity-6.9999.ebuild
index ed26392897ad..32a29b47c968 100644
--- a/dev-qt/qtconnectivity/qtconnectivity-6.9999.ebuild
+++ b/dev-qt/qtconnectivity/qtconnectivity-6.9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 2023-2024 Gentoo Authors
+# Copyright 2023-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -18,9 +18,9 @@ REQUIRED_USE="
 "
 
 DEPEND="
-	~dev-qt/qtbase-${PV}:6[network]
+	~dev-qt/qtbase-${PV}:6
 	bluetooth? (
-		~dev-qt/qtbase-${PV}:6[dbus]
+		~dev-qt/qtbase-${PV}:6[dbus,network]
 		net-wireless/bluez:=
 	)
 	nfc? (