Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: qt6-b...@packages.debian.org, delta...@debian.org,
lisan...@debian.org
Control: affects -1 + src:qt6-base
Please unblock package qt6-base
[ Reason ]
Fixes CVE-2023-32762 and CVE-2023-32763. One prevents a crash with SVG
(not related to the one in qtsvg-opensource-src) and the other one
related to a security heade parsing in the network module.
[ Impact ]
Lack of security fixes.
[ Tests ]
Tested by upstream, do not break API/ABI, seems safe.
[ Risks ]
None that I can think of.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
unblock qt6-base/6.4.2+dfsg-9
diff --git a/debian/changelog b/debian/changelog
index b117abd..85ce31b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+qt6-base (6.4.2+dfsg-9) unstable; urgency=medium
+
+ * Team upload.
+ * Add a patch to fix CVE-2023-32762.
+
+ -- Lisandro Damián Nicanor Pérez Meyer <lisan...@debian.org> Mon, 22 May
2023 11:40:45 -0300
+
+qt6-base (6.4.2+dfsg-8) unstable; urgency=medium
+
+ * Team upload.
+ * Add patch for solving CVE-2023-32763.
+ * Refresh patches.
+
+ -- Lisandro Damián Nicanor Pérez Meyer <lisan...@debian.org> Mon, 22 May
2023 10:42:21 -0300
+
qt6-base (6.4.2+dfsg-7) unstable; urgency=medium
[ Patrick Franz ]
diff --git a/debian/patches/armel-noyield.patch
b/debian/patches/armel-noyield.patch
index 37061fb..74b1ae2 100644
--- a/debian/patches/armel-noyield.patch
+++ b/debian/patches/armel-noyield.patch
@@ -1,8 +1,12 @@
Description: Don't use yield on CPUs that might not support it
+---
+ src/corelib/global/qsimd_p.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
--- a/src/corelib/global/qsimd_p.h
+++ b/src/corelib/global/qsimd_p.h
-@@ -428,7 +428,9 @@ static inline void qYieldCpu()
+@@ -401,7 +401,9 @@ static inline void qYieldCpu()
https://stackoverflow.com/a/70076751/134841
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105416
*/
diff --git
a/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch
b/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch
index 2ab0f5e..bf93bca 100644
--- a/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch
+++ b/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch
@@ -9,22 +9,18 @@ and causes reproducibility issues when built in different
paths.
https://reproducible-builds.org/docs/build-path/
---
- cmake/QtBuildInternalsExtra.cmake.in | 3 ---
+ cmake/QtBuildInternalsExtra.cmake.in | 3 ---
1 file changed, 3 deletions(-)
-diff --git a/cmake/QtBuildInternalsExtra.cmake.in
b/cmake/QtBuildInternalsExtra.cmake.in
-index cbd70b1..23b2391 100644
--- a/cmake/QtBuildInternalsExtra.cmake.in
+++ b/cmake/QtBuildInternalsExtra.cmake.in
-@@ -53,9 +53,6 @@ endif()
+@@ -75,9 +75,6 @@ endif()
set(QT_WILL_INSTALL @QT_WILL_INSTALL@ CACHE BOOL
"Boolean indicating if doing a Qt prefix build (vs non-prefix build)."
FORCE)
-
+
-set(QT_SOURCE_TREE "@QT_SOURCE_TREE@" CACHE PATH
-"A path to the source tree of the previously configured QtBase project."
FORCE)
-
# Propagate decision of building tests and examples to other repositories.
set(QT_BUILD_TESTS @QT_BUILD_TESTS@ CACHE BOOL "Build the testing tree.")
set(QT_BUILD_EXAMPLES @QT_BUILD_EXAMPLES@ CACHE BOOL "Build Qt examples")
---
-2.35.1
diff --git a/debian/patches/cross.patch b/debian/patches/cross.patch
index 1a7ebd3..239c803 100644
--- a/debian/patches/cross.patch
+++ b/debian/patches/cross.patch
@@ -1,6 +1,11 @@
+---
+ cmake/QtBuildInternals/QtBuildInternalsConfig.cmake | 2 --
+ src/tools/configure.cmake | 2 +-
+ 2 files changed, 1 insertion(+), 3 deletions(-)
+
--- a/cmake/QtBuildInternals/QtBuildInternalsConfig.cmake
+++ b/cmake/QtBuildInternals/QtBuildInternalsConfig.cmake
-@@ -146,8 +146,6 @@
+@@ -151,8 +151,6 @@ function(qt_build_internals_disable_pkg_
set(FEATURE_pkg_config "${pkg_config_enabled}" CACHE STRING "Using
pkg-config")
if(NOT pkg_config_enabled)
qt_build_internals_disable_pkg_config()
@@ -11,7 +16,7 @@
--- a/src/tools/configure.cmake
+++ b/src/tools/configure.cmake
-@@ -2,7 +2,7 @@
+@@ -2,7 +2,7 @@ qt_feature("androiddeployqt" PRIVATE
SECTION "Deployment"
LABEL "Android deployment tool"
PURPOSE "The Android deployment tool automates the process of creating
Android packages."
diff --git a/debian/patches/cve-2023-32762.diff
b/debian/patches/cve-2023-32762.diff
new file mode 100644
index 0000000..92b76fa
--- /dev/null
+++ b/debian/patches/cve-2023-32762.diff
@@ -0,0 +1,15 @@
+---
+ src/network/access/qhsts.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/network/access/qhsts.cpp
++++ b/src/network/access/qhsts.cpp
+@@ -328,7 +328,7 @@ bool QHstsHeaderParser::parse(const QLis
+ {
+ for (const auto &h : headers) {
+ // We use '==' since header name was already 'trimmed' for us:
+- if (h.first == "Strict-Transport-Security") {
++ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive)
== 0) {
+ header = h.second;
+ // RFC6797, 8.1:
+ //
diff --git a/debian/patches/cve-2023-32763.diff
b/debian/patches/cve-2023-32763.diff
new file mode 100644
index 0000000..4d0f5f9
--- /dev/null
+++ b/debian/patches/cve-2023-32763.diff
@@ -0,0 +1,58 @@
+---
+ src/gui/painting/qfixed_p.h | 17 +++++++++++++++++
+ src/gui/text/qtextlayout.cpp | 9 ++++++---
+ 2 files changed, 23 insertions(+), 3 deletions(-)
+
+--- a/src/gui/painting/qfixed_p.h
++++ b/src/gui/painting/qfixed_p.h
+@@ -18,6 +18,7 @@
+ #include <QtGui/private/qtguiglobal_p.h>
+ #include "QtCore/qdebug.h"
+ #include "QtCore/qpoint.h"
++#include "QtCore/qnumeric.h"
+ #include "QtCore/qsize.h"
+
+ QT_BEGIN_NAMESPACE
+@@ -136,6 +137,22 @@ constexpr inline QFixed operator+(uint i
+ constexpr inline QFixed operator-(uint i, QFixed d) { return -(d-i); }
+ // constexpr inline QFixed operator*(qreal d, QFixed d2) { return d2*d; }
+
++inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r)
++{
++ int val;
++ bool result = qAddOverflow(v1.value(), v2.value(), &val);
++ r->setValue(val);
++ return result;
++}
++
++inline bool qMulOverflow(QFixed v1, QFixed v2, QFixed *r)
++{
++ int val;
++ bool result = qMulOverflow(v1.value(), v2.value(), &val);
++ r->setValue(val);
++ return result;
++}
++
+ #ifndef QT_NO_DEBUG_STREAM
+ inline QDebug &operator<<(QDebug &dbg, QFixed f)
+ { return dbg << f.toReal(); }
+--- a/src/gui/text/qtextlayout.cpp
++++ b/src/gui/text/qtextlayout.cpp
+@@ -2105,11 +2105,14 @@ found:
+ eng->maxWidth = qMax(eng->maxWidth, line.textWidth);
+ } else {
+ eng->minWidth = qMax(eng->minWidth, lbh.minw);
+- eng->maxWidth += line.textWidth;
++ if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth))
++ eng->maxWidth = QFIXED_MAX;
+ }
+
+- if (line.textWidth > 0 && item < eng->layoutData->items.size())
+- eng->maxWidth += lbh.spaceData.textWidth;
++ if (line.textWidth > 0 && item < eng->layoutData->items.size()) {
++ if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth,
&eng->maxWidth))
++ eng->maxWidth = QFIXED_MAX;
++ }
+
+ line.textWidth += trailingSpace;
+ if (lbh.spaceData.length) {
diff --git a/debian/patches/series b/debian/patches/series
index 9cc6c0b..5403fd0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,6 @@
# fixed in 6.5
+cve-2023-32762.diff
+cve-2023-32763.diff
upstream_Add-HPPA-detection.patch
upstream_Add-M68k-detection.patch
diff --git a/debian/patches/upstream_Add-HPPA-detection.patch
b/debian/patches/upstream_Add-HPPA-detection.patch
index 97acf71..5e3bd79 100644
--- a/debian/patches/upstream_Add-HPPA-detection.patch
+++ b/debian/patches/upstream_Add-HPPA-detection.patch
@@ -9,10 +9,10 @@ Subject: [PATCH] Add HPPA detection
Change-Id: I5214ce64ef1fdd0ecca3d6c1694c5db9b2852a22
Reviewed-by: Thiago Macieira <thiago.macie...@intel.com>
---
- src/corelib/global/archdetect.cpp | 2 ++
- src/corelib/global/qprocessordetection.h | 9 +++++++++
- src/corelib/global/qprocessordetection.qdoc | 9 +++++++++
- src/corelib/plugin/qelfparser_p.cpp | 3 +++
+ src/corelib/global/archdetect.cpp | 2 ++
+ src/corelib/global/qglobal.cpp | 9 +++++++++
+ src/corelib/global/qprocessordetection.h | 9 +++++++++
+ src/corelib/plugin/qelfparser_p.cpp | 3 +++
4 files changed, 23 insertions(+)
--- a/src/corelib/global/archdetect.cpp
@@ -46,7 +46,7 @@ Reviewed-by: Thiago Macieira <thiago.macie...@intel.com>
X86 is little-endian.
--- a/src/corelib/plugin/qelfparser_p.cpp
+++ b/src/corelib/plugin/qelfparser_p.cpp
-@@ -113,6 +113,8 @@ struct ElfMachineCheck
+@@ -118,6 +118,8 @@ struct ElfMachineCheck
EM_AARCH64
#elif defined(Q_PROCESSOR_BLACKFIN)
EM_BLACKFIN
@@ -55,7 +55,7 @@ Reviewed-by: Thiago Macieira <thiago.macie...@intel.com>
#elif defined(Q_PROCESSOR_IA64)
EM_IA_64
#elif defined(Q_PROCESSOR_MIPS)
-@@ -380,6 +382,7 @@ Q_DECL_UNUSED Q_DECL_COLD_FUNCTION stati
+@@ -383,6 +385,7 @@ Q_DECL_UNUSED Q_DECL_COLD_FUNCTION stati
#endif
case EM_IA_64: d << ", IA-64"; break;
case EM_MIPS: d << ", MIPS"; break;
diff --git a/debian/patches/upstream_Add-M68k-detection.patch
b/debian/patches/upstream_Add-M68k-detection.patch
index e595adc..9df96b4 100644
--- a/debian/patches/upstream_Add-M68k-detection.patch
+++ b/debian/patches/upstream_Add-M68k-detection.patch
@@ -10,10 +10,10 @@ Subject: [PATCH] Add M68k detection
Change-Id: Ie5694abbe1ae2bfeb5692defba0ca6062c1d60ac
Reviewed-by: Thiago Macieira <thiago.macie...@intel.com>
---
- src/corelib/global/archdetect.cpp | 2 ++
- src/corelib/global/qprocessordetection.h | 9 +++++++++
- src/corelib/global/qprocessordetection.qdoc | 9 +++++++++
- src/corelib/plugin/qelfparser_p.cpp | 3 +++
+ src/corelib/global/archdetect.cpp | 2 ++
+ src/corelib/global/qglobal.cpp | 9 +++++++++
+ src/corelib/global/qprocessordetection.h | 9 +++++++++
+ src/corelib/plugin/qelfparser_p.cpp | 3 +++
4 files changed, 23 insertions(+)
--- a/src/corelib/global/archdetect.cpp
@@ -47,7 +47,7 @@ Reviewed-by: Thiago Macieira <thiago.macie...@intel.com>
MIPS is bi-endian, use endianness auto-detection implemented below.
--- a/src/corelib/plugin/qelfparser_p.cpp
+++ b/src/corelib/plugin/qelfparser_p.cpp
-@@ -117,6 +117,8 @@ struct ElfMachineCheck
+@@ -122,6 +122,8 @@ struct ElfMachineCheck
EM_PARISC
#elif defined(Q_PROCESSOR_IA64)
EM_IA_64
@@ -56,7 +56,7 @@ Reviewed-by: Thiago Macieira <thiago.macie...@intel.com>
#elif defined(Q_PROCESSOR_MIPS)
EM_MIPS
#elif defined(Q_PROCESSOR_POWER_32)
-@@ -375,6 +377,7 @@ Q_DECL_UNUSED Q_DECL_COLD_FUNCTION stati
+@@ -378,6 +380,7 @@ Q_DECL_UNUSED Q_DECL_COLD_FUNCTION stati
switch (r.machine) {
// list definitely not exhaustive!
case EM_NONE: d << ", no machine"; break;
