summaryrefslogtreecommitdiff
path: root/dev-qt/qtgui
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2024-02-15 23:36:27 +0000
committerV3n3RiX <venerix@koprulu.sector>2024-02-15 23:36:27 +0000
commit31c69c39a3648b52dd931a40b198714249e8a5ec (patch)
treec7bfb4db01cf185b6b8f7bde72d9cc5d14d8db22 /dev-qt/qtgui
parentdce60e5aa0a12ccc07c10a0a2c3f8f063393b32a (diff)
gentoo auto-resync : 15:02:2024 - 23:36:26
Diffstat (limited to 'dev-qt/qtgui')
-rw-r--r--dev-qt/qtgui/Manifest2
-rw-r--r--dev-qt/qtgui/files/qtgui-5.15.12-CVE-2024-25580.patch228
-rw-r--r--dev-qt/qtgui/qtgui-5.15.12-r2.ebuild182
3 files changed, 412 insertions, 0 deletions
diff --git a/dev-qt/qtgui/Manifest b/dev-qt/qtgui/Manifest
index 73e47ed250dc..d75d9077f465 100644
--- a/dev-qt/qtgui/Manifest
+++ b/dev-qt/qtgui/Manifest
@@ -1,7 +1,9 @@
+AUX qtgui-5.15.12-CVE-2024-25580.patch 9098 BLAKE2B 67207358484eecfc765b340f3d7f8861e0d7772f989ebd7fbe0671a731cb1ffeb5cccfd3598990855701a98a24d1c13ab3e9686f5c77768118a7083074ac8b13 SHA512 b0913b8675549dbf002aeedbe110ed72a32943dbbf8c54b6ec8cee0c173afe5ae17c0a6fda5672ce1fc3f2b5e0e4854a343a1c1ce675d5ffef465c94262e58ce
DIST qtbase-5.15-gentoo-patchset-5.tar.xz 9116 BLAKE2B b6318fc7c3ccdbfe85d56797ffaa3b275ce3f324731caca5efb497494837ca00c020494e9f811c0d5e9a460a4d70f16291c637409e7ad72325a36bc55e113c8c SHA512 f0343bf475a86f3f73b98b166ee48b1c5c9200aac9212ad977befe05679d0c351167618b16ae958e6403f33eecdc465b26a0df5d0b83d5d57a8c85ddb8a41c9b
DIST qtbase-5.15.12-gentoo-kde-1.tar.xz 330700 BLAKE2B d58eb3c12e4eaec9087bdf21ead08d4574fb7ce958b8453703f0b00efd27a4624329bbdf53e2c17d548e4791f7180bb3c0f68f0f3da4bc638c03622609d4df37 SHA512 f9519252a4b0451afae454155637f795688a8c9d8d40e03677430a7b887aa52d04996d93665e7068e41c8f7db428fdef933d4b8b342ea05847fffa5ddd82d1de
DIST qtbase-5.15.12-gentoo-kde-3.tar.xz 333328 BLAKE2B f4b281098c142aeff32349a207c312de6b40057768c7732533923ddfc7db393352739a9c8b7af6a562268d2fed0397c5d5eb96a85ad376c97e7b8e51a2b962cb SHA512 6d5a826569793ae7e49f6f789d138290346be94976d3aa2c5526be9ada5dd85ffaa789422f4bedaaa6a76178e87978937be425d5f75fcce41d45726d02912c7a
DIST qtbase-everywhere-opensource-src-5.15.12.tar.xz 50840192 BLAKE2B da758bdc13a63e8856486476733d6e9ed0bd22aa29d0d575f25a7d2ac90d0bae0d789875c747f9b16ec72941101fdf54abb64036c0fc2f0f467811bd32c7f8d9 SHA512 55ed3d73c2486a5f7cc62c0669b6344d1e4566be442bdac5849609f5ecd4fec7b74405952215e4dc018bc48a9dc2305ef50e31b61f3ace20408b5b64a2d5e888
EBUILD qtgui-5.15.12-r1.ebuild 3991 BLAKE2B 93f1bab7cb14c93cbdf8f4b0af2ab4f5b7923a1bf1905affc64cad7f35ae56841512ec8b7735693e8e26101501e1f26976c0787e17f7f29caacb0b681a6b23b8 SHA512 8a25e92b4175d12f120122bee1494105bacfd933f1ebaaaa0048c10fbec95c3e229f923dd059add849fe5779b7346a2d707cfe6095174ecf675860909bcb0c04
+EBUILD qtgui-5.15.12-r2.ebuild 4058 BLAKE2B 895c3da12a66f947980734a2eda75ba30755b0546639b25c6d2e93573aa9314877c42f6ba8c9e1d8fd7764f9f2ecf4f2b640a19efd90a8a354f6431a60849eb4 SHA512 d5a24c657410984a96f949298a3d45d8333bfebd299488aa2c4969d6928ff37e66952f37a47a42858f8317ae3f82aab66bfb03c7e24d1364dc6dadc48a2fa8b9
EBUILD qtgui-5.15.12.ebuild 3986 BLAKE2B 4684e0f9b5971170b81cbc45668057ad6f1dfa595445590d1676e9379b7a8c9bf0e087db79eeaf3257c34e14f4fb64fe67a10c8a20ab9459fa5464d35dd4cdb4 SHA512 fc9b5b6b2b401afc96296e813fa337a093a60c748d9e633bb7b616dac4c7f48f46ce9558f3e7d189dfc5a1f61d74b37c6c80535326eb4fe61db3f7b45f27c91c
MISC metadata.xml 1283 BLAKE2B 2d4873f1b7011f5766810866933cd897a68a89d93183b93c19008b9b956aa10e882ebc061f0a86c81d68308bb267d28f324f2cddc52b55d94c4201a7b97ce889 SHA512 551b643e0dec5fcfd934029e36f35d8e14479e7d426dc74d4b48522c6e06d989ae70db7c4cd0a67594551916ec59036f3d1db91afa929e454614a947464ed19c
diff --git a/dev-qt/qtgui/files/qtgui-5.15.12-CVE-2024-25580.patch b/dev-qt/qtgui/files/qtgui-5.15.12-CVE-2024-25580.patch
new file mode 100644
index 000000000000..41a500c82578
--- /dev/null
+++ b/dev-qt/qtgui/files/qtgui-5.15.12-CVE-2024-25580.patch
@@ -0,0 +1,228 @@
+From c8061284095abebebbcd6fea7167477aef44a00c Mon Sep 17 00:00:00 2001
+From: Jonas Karlsson <jonas.karlsson@qt.io>
+Date: Thu, 8 Feb 2024 17:01:05 +0100
+Subject: [PATCH] Improve KTX file reading memory safety
+
+* Use qAddOverflow/qSubOverflow methods for catching additions and
+ subtractions with overflow and handle these scenarios when reading the
+ file.
+* Add 'safeView' method that checks that the byte array view constructed
+ is not out of bounds.
+* Return error if number of levels is higher than what is reasonable.
+* Return error if number of faces is incorrect.
+* Add unit test with invalid KTX file previously causing a segmentation
+ fault.
+
+This fixes CVE-2024-25580.
+
+Fixes: QTBUG-121918
+Pick-to: 6.7 6.6 6.5 6.2 5.15
+Change-Id: Ie0824c32a5921de30cf07c1fc1b49a084e6d07b2
+Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
+Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
+(cherry picked from commit 28ecb523ce8490bff38b251b3df703c72e057519)
+---
+ src/gui/util/qktxhandler.cpp | 138 +++++++++++++++++++++++++++--------
+ src/gui/util/qktxhandler_p.h | 2 +-
+ 2 files changed, 110 insertions(+), 30 deletions(-)
+
+diff --git a/src/gui/util/qktxhandler.cpp b/src/gui/util/qktxhandler.cpp
+index 7eda4c46fb..2853e46c3d 100644
+--- a/src/gui/util/qktxhandler.cpp
++++ b/src/gui/util/qktxhandler.cpp
+@@ -73,7 +73,7 @@ struct KTXHeader {
+ quint32 bytesOfKeyValueData;
+ };
+
+-static const quint32 headerSize = sizeof(KTXHeader);
++static constexpr quint32 qktxh_headerSize = sizeof(KTXHeader);
+
+ // Currently unused, declared for future reference
+ struct KTXKeyValuePairItem {
+@@ -103,11 +103,36 @@ struct KTXMipmapLevel {
+ */
+ };
+
+-bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block)
++static bool qAddOverflow(quint32 v1, quint32 v2, quint32 *r) {
++ // unsigned additions are well-defined
++ *r = v1 + v2;
++ return v1 > quint32(v1 + v2);
++}
++
++// Returns the nearest multiple of 4 greater than or equal to 'value'
++static bool nearestMultipleOf4(quint32 value, quint32 *result)
++{
++ constexpr quint32 rounding = 4;
++ *result = 0;
++ if (qAddOverflow(value, rounding - 1, result))
++ return true;
++ *result &= ~(rounding - 1);
++ return false;
++}
++
++// Returns a slice with prechecked bounds
++static QByteArray safeSlice(const QByteArray& array, quint32 start, quint32 length)
+ {
+- Q_UNUSED(suffix)
++ quint32 end = 0;
++ if (qAddOverflow(start, length, &end) || end > quint32(array.length()))
++ return {};
++ return QByteArray(array.data() + start, length);
++}
+
+- return (qstrncmp(block.constData(), ktxIdentifier, KTX_IDENTIFIER_LENGTH) == 0);
++bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block)
++{
++ Q_UNUSED(suffix);
++ return block.startsWith(QByteArray::fromRawData(ktxIdentifier, KTX_IDENTIFIER_LENGTH));
+ }
+
+ QTextureFileData QKtxHandler::read()
+@@ -115,42 +140,97 @@ QTextureFileData QKtxHandler::read()
+ if (!device())
+ return QTextureFileData();
+
+- QByteArray buf = device()->readAll();
+- const quint32 dataSize = quint32(buf.size());
+- if (dataSize < headerSize || !canRead(QByteArray(), buf)) {
+- qCDebug(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData());
++ const QByteArray buf = device()->readAll();
++ if (size_t(buf.size()) > std::numeric_limits<quint32>::max()) {
++ qWarning(lcQtGuiTextureIO, "Too big KTX file %s", logName().constData());
++ return QTextureFileData();
++ }
++
++ if (!canRead(QByteArray(), buf)) {
++ qWarning(lcQtGuiTextureIO, "Invalid KTX file %s", logName().constData());
++ return QTextureFileData();
++ }
++
++ if (buf.size() < qsizetype(qktxh_headerSize)) {
++ qWarning(lcQtGuiTextureIO, "Invalid KTX header size in %s", logName().constData());
+ return QTextureFileData();
+ }
+
+- const KTXHeader *header = reinterpret_cast<const KTXHeader *>(buf.constData());
+- if (!checkHeader(*header)) {
+- qCDebug(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData());
++ KTXHeader header;
++ memcpy(&header, buf.data(), qktxh_headerSize);
++ if (!checkHeader(header)) {
++ qWarning(lcQtGuiTextureIO, "Unsupported KTX file format in %s", logName().constData());
+ return QTextureFileData();
+ }
+
+ QTextureFileData texData;
+ texData.setData(buf);
+
+- texData.setSize(QSize(decode(header->pixelWidth), decode(header->pixelHeight)));
+- texData.setGLFormat(decode(header->glFormat));
+- texData.setGLInternalFormat(decode(header->glInternalFormat));
+- texData.setGLBaseInternalFormat(decode(header->glBaseInternalFormat));
+-
+- texData.setNumLevels(decode(header->numberOfMipmapLevels));
+- quint32 offset = headerSize + decode(header->bytesOfKeyValueData);
+- const int maxLevels = qMin(texData.numLevels(), 32); // Cap iterations in case of corrupt file.
+- for (int i = 0; i < maxLevels; i++) {
+- if (offset + sizeof(KTXMipmapLevel) > dataSize) // Corrupt file; avoid oob read
+- break;
+- const KTXMipmapLevel *level = reinterpret_cast<const KTXMipmapLevel *>(buf.constData() + offset);
+- quint32 levelLen = decode(level->imageSize);
+- texData.setDataOffset(offset + sizeof(KTXMipmapLevel::imageSize), i);
+- texData.setDataLength(levelLen, i);
+- offset += sizeof(KTXMipmapLevel::imageSize) + levelLen + (3 - ((levelLen + 3) % 4));
++ texData.setSize(QSize(decode(header.pixelWidth), decode(header.pixelHeight)));
++ texData.setGLFormat(decode(header.glFormat));
++ texData.setGLInternalFormat(decode(header.glInternalFormat));
++ texData.setGLBaseInternalFormat(decode(header.glBaseInternalFormat));
++
++ texData.setNumLevels(decode(header.numberOfMipmapLevels));
++
++ const quint32 bytesOfKeyValueData = decode(header.bytesOfKeyValueData);
++ quint32 headerKeyValueSize;
++ if (qAddOverflow(qktxh_headerSize, bytesOfKeyValueData, &headerKeyValueSize)) {
++ qWarning(lcQtGuiTextureIO, "Overflow in size of key value data in header of KTX file %s",
++ logName().constData());
++ return QTextureFileData();
++ }
++
++ if (headerKeyValueSize >= quint32(buf.size())) {
++ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData());
++ return QTextureFileData();
++ }
++
++ // Technically, any number of levels is allowed but if the value is bigger than
++ // what is possible in KTX V2 (and what makes sense) we return an error.
++ // maxLevels = log2(max(width, height, depth))
++ const int maxLevels = (sizeof(quint32) * 8)
++ - qCountLeadingZeroBits(std::max(
++ { header.pixelWidth, header.pixelHeight, header.pixelDepth }));
++
++ if (texData.numLevels() > maxLevels) {
++ qWarning(lcQtGuiTextureIO, "Too many levels in KTX file %s", logName().constData());
++ return QTextureFileData();
++ }
++
++ quint32 offset = headerKeyValueSize;
++ for (int level = 0; level < texData.numLevels(); level++) {
++ const auto imageSizeSlice = safeSlice(buf, offset, sizeof(quint32));
++ if (imageSizeSlice.isEmpty()) {
++ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData());
++ return QTextureFileData();
++ }
++
++ const quint32 imageSize = decode(qFromUnaligned<quint32>(imageSizeSlice.data()));
++ offset += sizeof(quint32); // overflow checked indirectly above
++
++ texData.setDataOffset(offset, level);
++ texData.setDataLength(imageSize, level);
++
++ // Add image data and padding to offset
++ quint32 padded = 0;
++ if (nearestMultipleOf4(imageSize, &padded)) {
++ qWarning(lcQtGuiTextureIO, "Overflow in KTX file %s", logName().constData());
++ return QTextureFileData();
++ }
++
++ quint32 offsetNext;
++ if (qAddOverflow(offset, padded, &offsetNext)) {
++ qWarning(lcQtGuiTextureIO, "OOB request in KTX file %s", logName().constData());
++ return QTextureFileData();
++ }
++
++ offset = offsetNext;
+ }
+
+ if (!texData.isValid()) {
+- qCDebug(lcQtGuiTextureIO, "Invalid values in header of KTX file %s", logName().constData());
++ qWarning(lcQtGuiTextureIO, "Invalid values in header of KTX file %s",
++ logName().constData());
+ return QTextureFileData();
+ }
+
+@@ -191,7 +271,7 @@ bool QKtxHandler::checkHeader(const KTXHeader &header)
+ (decode(header.numberOfFaces) == 1));
+ }
+
+-quint32 QKtxHandler::decode(quint32 val)
++quint32 QKtxHandler::decode(quint32 val) const
+ {
+ return inverseEndian ? qbswap<quint32>(val) : val;
+ }
+diff --git a/src/gui/util/qktxhandler_p.h b/src/gui/util/qktxhandler_p.h
+index 19f7b0e79a..8da990aaac 100644
+--- a/src/gui/util/qktxhandler_p.h
++++ b/src/gui/util/qktxhandler_p.h
+@@ -68,7 +68,7 @@ public:
+
+ private:
+ bool checkHeader(const KTXHeader &header);
+- quint32 decode(quint32 val);
++ quint32 decode(quint32 val) const;
+
+ bool inverseEndian = false;
+ };
+--
+2.43.0
+
diff --git a/dev-qt/qtgui/qtgui-5.15.12-r2.ebuild b/dev-qt/qtgui/qtgui-5.15.12-r2.ebuild
new file mode 100644
index 000000000000..3ee7968082e2
--- /dev/null
+++ b/dev-qt/qtgui/qtgui-5.15.12-r2.ebuild
@@ -0,0 +1,182 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+if [[ ${PV} != *9999* ]]; then
+ QT5_KDEPATCHSET_REV=3
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="The GUI module and platform plugins for the Qt5 framework"
+
+SLOT=5/${QT5_PV} # bug 707658
+IUSE="accessibility dbus egl eglfs evdev gles2-only ibus jpeg +libinput
+ linuxfb +png tslib tuio +udev vnc vulkan wayland +X"
+REQUIRED_USE="
+ || ( eglfs linuxfb vnc wayland X )
+ accessibility? ( dbus X )
+ eglfs? ( egl )
+ ibus? ( dbus )
+ libinput? ( udev )
+ X? ( gles2-only? ( egl ) )
+"
+
+RDEPEND="
+ dev-libs/glib:2
+ =dev-qt/qtcore-${QT5_PV}*:5=
+ dev-util/gtk-update-icon-cache
+ media-libs/fontconfig
+ media-libs/freetype:2
+ media-libs/harfbuzz:=
+ sys-libs/zlib:=
+ accessibility? ( app-accessibility/at-spi2-core:2 )
+ dbus? ( =dev-qt/qtdbus-${QT5_PV}* )
+ eglfs? (
+ media-libs/mesa[gbm(+)]
+ x11-libs/libdrm
+ )
+ evdev? ( sys-libs/mtdev )
+ jpeg? ( media-libs/libjpeg-turbo:= )
+ gles2-only? ( media-libs/libglvnd )
+ !gles2-only? ( media-libs/libglvnd[X] )
+ libinput? (
+ dev-libs/libinput:=
+ x11-libs/libxkbcommon
+ )
+ png? ( media-libs/libpng:= )
+ tslib? ( >=x11-libs/tslib-1.21 )
+ tuio? ( =dev-qt/qtnetwork-${QT5_PV}* )
+ udev? ( virtual/libudev:= )
+ vnc? ( =dev-qt/qtnetwork-${QT5_PV}* )
+ vulkan? ( dev-util/vulkan-headers )
+ X? (
+ x11-libs/libICE
+ x11-libs/libSM
+ x11-libs/libX11
+ x11-libs/libxcb:=
+ x11-libs/libxkbcommon[X]
+ x11-libs/xcb-util-image
+ x11-libs/xcb-util-keysyms
+ x11-libs/xcb-util-renderutil
+ x11-libs/xcb-util-wm
+ )
+"
+DEPEND="${RDEPEND}
+ evdev? ( sys-kernel/linux-headers )
+ linuxfb? ( sys-kernel/linux-headers )
+ udev? ( sys-kernel/linux-headers )
+ X? ( x11-base/xorg-proto )
+"
+PDEPEND="
+ ibus? ( app-i18n/ibus )
+ wayland? ( =dev-qt/qtwayland-${QT5_PV}* )
+"
+
+QT5_TARGET_SUBDIRS=(
+ src/tools/qvkgen
+ src/gui
+ src/openglextensions
+ src/platformheaders
+ src/platformsupport
+ src/plugins/generic
+ src/plugins/imageformats
+ src/plugins/platforms
+ src/plugins/platforminputcontexts
+)
+
+QT5_GENTOO_CONFIG=(
+ accessibility:accessibility-atspi-bridge
+ egl:egl:
+ eglfs:eglfs:
+ eglfs:eglfs_egldevice:
+ eglfs:eglfs_gbm:
+ evdev:evdev:
+ evdev:mtdev:
+ :fontconfig:
+ :system-freetype:FREETYPE
+ !:no-freetype:
+ gles2-only::OPENGL_ES
+ gles2-only:opengles2:OPENGL_ES_2
+ !:no-gui:
+ :system-harfbuzz:
+ !:no-harfbuzz:
+ jpeg:system-jpeg:IMAGEFORMAT_JPEG
+ !jpeg:no-jpeg:
+ libinput
+ libinput:xkbcommon:
+ :opengl
+ png:png:
+ png:system-png:IMAGEFORMAT_PNG
+ !png:no-png:
+ tslib:tslib:
+ udev:libudev:
+ vulkan:vulkan:
+ X:xcb:
+ X:xcb-glx:
+ X:xcb-plugin:
+ X:xcb-render:
+ X:xcb-sm:
+ X:xcb-xlib:
+ X:xcb-xinput:
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :gui
+)
+
+PATCHES=( "${FILESDIR}/${P}-CVE-2024-25580.patch" ) # bug 924647
+
+src_prepare() {
+ # don't add -O3 to CXXFLAGS, bug 549140
+ sed -i -e '/CONFIG\s*+=/s/optimize_full//' src/gui/gui.pro || die
+
+ # egl_x11 is activated when both egl and X are enabled
+ use egl && QT5_GENTOO_CONFIG+=(X:egl_x11:) || QT5_GENTOO_CONFIG+=(egl:egl_x11:)
+
+ qt_use_disable_config dbus dbus \
+ src/platformsupport/themes/genericunix/genericunix.pri
+
+ qt_use_disable_config tuio tuiotouch src/plugins/generic/generic.pro
+
+ qt_use_disable_mod ibus dbus \
+ src/plugins/platforminputcontexts/platforminputcontexts.pro
+
+ use vnc || sed -i -e '/SUBDIRS += vnc/d' \
+ src/plugins/platforms/platforms.pro || die
+
+ qt5-build_src_prepare
+}
+
+src_configure() {
+ local myconf=(
+ $(qt_use accessibility feature-accessibility-atspi-bridge)
+ $(usev dbus -dbus-linked)
+ $(qt_use egl)
+ $(qt_use eglfs)
+ $(usev eglfs '-gbm -kms')
+ $(qt_use evdev)
+ $(qt_use evdev mtdev)
+ -fontconfig
+ -system-freetype
+ -gui
+ -system-harfbuzz
+ $(qt_use jpeg libjpeg system)
+ $(qt_use libinput)
+ $(qt_use linuxfb)
+ -opengl $(usex gles2-only es2 desktop)
+ $(qt_use png libpng system)
+ $(qt_use tslib)
+ $(qt_use udev libudev)
+ $(qt_use vulkan)
+ $(qt_use X xcb)
+ $(usev X '-xcb-xlib')
+ )
+ if use libinput || use X; then
+ myconf+=( -xkbcommon )
+ fi
+ qt5-build_src_configure
+}