Bug#1036564: marked as done (unblock: qt6-base/6.4.2+dfsg-9)

Tue, 23 May 2023 03:43:12 -0700 

Your message dated Tue, 23 May 2023 10:38:54 +0000
with message-id <e1q1ppq-00c5rk...@respighi.debian.org>
and subject line unblock qt6-base
has caused the Debian Bug report #1036564,
regarding unblock: qt6-base/6.4.2+dfsg-9
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1036564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036564
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: qt6-b...@packages.debian.org, delta...@debian.org, 
lisan...@debian.org
Control: affects -1 + src:qt6-base

Please unblock package qt6-base

[ Reason ]
Fixes CVE-2023-32762 and CVE-2023-32763. One prevents a crash with SVG
(not related to the one in qtsvg-opensource-src) and the other one
related to a security heade parsing in the network module.

[ Impact ]
Lack of security fixes.

[ Tests ]
Tested by upstream, do not break API/ABI, seems safe.

[ Risks ]
None that I can think of.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock qt6-base/6.4.2+dfsg-9

diff --git a/debian/changelog b/debian/changelog
index b117abd..85ce31b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+qt6-base (6.4.2+dfsg-9) unstable; urgency=medium
+
+  * Team upload.
+  * Add a patch to fix CVE-2023-32762.
+
+ -- Lisandro Damián Nicanor Pérez Meyer <lisan...@debian.org>  Mon, 22 May 
2023 11:40:45 -0300
+
+qt6-base (6.4.2+dfsg-8) unstable; urgency=medium
+
+  * Team upload.
+  * Add patch for solving CVE-2023-32763.
+  * Refresh patches.
+
+ -- Lisandro Damián Nicanor Pérez Meyer <lisan...@debian.org>  Mon, 22 May 
2023 10:42:21 -0300
+
 qt6-base (6.4.2+dfsg-7) unstable; urgency=medium
 
   [ Patrick Franz ]
diff --git a/debian/patches/armel-noyield.patch 
b/debian/patches/armel-noyield.patch
index 37061fb..74b1ae2 100644
--- a/debian/patches/armel-noyield.patch
+++ b/debian/patches/armel-noyield.patch
@@ -1,8 +1,12 @@
 Description: Don't use yield on CPUs that might not support it
 
+---
+ src/corelib/global/qsimd_p.h |    2 ++
+ 1 file changed, 2 insertions(+)
+
 --- a/src/corelib/global/qsimd_p.h
 +++ b/src/corelib/global/qsimd_p.h
-@@ -428,7 +428,9 @@ static inline void qYieldCpu()
+@@ -401,7 +401,9 @@ static inline void qYieldCpu()
           https://stackoverflow.com/a/70076751/134841
           https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105416
      */
diff --git 
a/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch 
b/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch
index 2ab0f5e..bf93bca 100644
--- a/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch
+++ b/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch
@@ -9,22 +9,18 @@ and causes reproducibility issues when built in different 
paths.
 
 https://reproducible-builds.org/docs/build-path/
 ---
- cmake/QtBuildInternalsExtra.cmake.in | 3 ---
+ cmake/QtBuildInternalsExtra.cmake.in |    3 ---
  1 file changed, 3 deletions(-)
 
-diff --git a/cmake/QtBuildInternalsExtra.cmake.in 
b/cmake/QtBuildInternalsExtra.cmake.in
-index cbd70b1..23b2391 100644
 --- a/cmake/QtBuildInternalsExtra.cmake.in
 +++ b/cmake/QtBuildInternalsExtra.cmake.in
-@@ -53,9 +53,6 @@ endif()
+@@ -75,9 +75,6 @@ endif()
  set(QT_WILL_INSTALL @QT_WILL_INSTALL@ CACHE BOOL
      "Boolean indicating if doing a Qt prefix build (vs non-prefix build)." 
FORCE)
-
+ 
 -set(QT_SOURCE_TREE "@QT_SOURCE_TREE@" CACHE PATH
 -"A path to the source tree of the previously configured QtBase project." 
FORCE)
 -
  # Propagate decision of building tests and examples to other repositories.
  set(QT_BUILD_TESTS @QT_BUILD_TESTS@ CACHE BOOL "Build the testing tree.")
  set(QT_BUILD_EXAMPLES @QT_BUILD_EXAMPLES@ CACHE BOOL "Build Qt examples")
---
-2.35.1
diff --git a/debian/patches/cross.patch b/debian/patches/cross.patch
index 1a7ebd3..239c803 100644
--- a/debian/patches/cross.patch
+++ b/debian/patches/cross.patch
@@ -1,6 +1,11 @@
+---
+ cmake/QtBuildInternals/QtBuildInternalsConfig.cmake |    2 --
+ src/tools/configure.cmake                           |    2 +-
+ 2 files changed, 1 insertion(+), 3 deletions(-)
+
 --- a/cmake/QtBuildInternals/QtBuildInternalsConfig.cmake
 +++ b/cmake/QtBuildInternals/QtBuildInternalsConfig.cmake
-@@ -146,8 +146,6 @@
+@@ -151,8 +151,6 @@ function(qt_build_internals_disable_pkg_
      set(FEATURE_pkg_config "${pkg_config_enabled}" CACHE STRING "Using 
pkg-config")
      if(NOT pkg_config_enabled)
          qt_build_internals_disable_pkg_config()
@@ -11,7 +16,7 @@
  
 --- a/src/tools/configure.cmake
 +++ b/src/tools/configure.cmake
-@@ -2,7 +2,7 @@
+@@ -2,7 +2,7 @@ qt_feature("androiddeployqt" PRIVATE
      SECTION "Deployment"
      LABEL "Android deployment tool"
      PURPOSE "The Android deployment tool automates the process of creating 
Android packages."
diff --git a/debian/patches/cve-2023-32762.diff 
b/debian/patches/cve-2023-32762.diff
new file mode 100644
index 0000000..92b76fa
--- /dev/null
+++ b/debian/patches/cve-2023-32762.diff
@@ -0,0 +1,15 @@
+---
+ src/network/access/qhsts.cpp |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/network/access/qhsts.cpp
++++ b/src/network/access/qhsts.cpp
+@@ -328,7 +328,7 @@ bool QHstsHeaderParser::parse(const QLis
+ {
+     for (const auto &h : headers) {
+         // We use '==' since header name was already 'trimmed' for us:
+-        if (h.first == "Strict-Transport-Security") {
++        if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) 
== 0) {
+             header = h.second;
+             // RFC6797, 8.1:
+             //
diff --git a/debian/patches/cve-2023-32763.diff 
b/debian/patches/cve-2023-32763.diff
new file mode 100644
index 0000000..4d0f5f9
--- /dev/null
+++ b/debian/patches/cve-2023-32763.diff
@@ -0,0 +1,58 @@
+---
+ src/gui/painting/qfixed_p.h  |   17 +++++++++++++++++
+ src/gui/text/qtextlayout.cpp |    9 ++++++---
+ 2 files changed, 23 insertions(+), 3 deletions(-)
+
+--- a/src/gui/painting/qfixed_p.h
++++ b/src/gui/painting/qfixed_p.h
+@@ -18,6 +18,7 @@
+ #include <QtGui/private/qtguiglobal_p.h>
+ #include "QtCore/qdebug.h"
+ #include "QtCore/qpoint.h"
++#include "QtCore/qnumeric.h"
+ #include "QtCore/qsize.h"
+ 
+ QT_BEGIN_NAMESPACE
+@@ -136,6 +137,22 @@ constexpr inline QFixed operator+(uint i
+ constexpr inline QFixed operator-(uint i, QFixed d) { return -(d-i); }
+ // constexpr inline QFixed operator*(qreal d, QFixed d2) { return d2*d; }
+ 
++inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r)
++{
++    int val;
++    bool result = qAddOverflow(v1.value(), v2.value(), &val);
++    r->setValue(val);
++    return result;
++}
++
++inline bool qMulOverflow(QFixed v1, QFixed v2, QFixed *r)
++{
++    int val;
++    bool result = qMulOverflow(v1.value(), v2.value(), &val);
++    r->setValue(val);
++    return result;
++}
++
+ #ifndef QT_NO_DEBUG_STREAM
+ inline QDebug &operator<<(QDebug &dbg, QFixed f)
+ { return dbg << f.toReal(); }
+--- a/src/gui/text/qtextlayout.cpp
++++ b/src/gui/text/qtextlayout.cpp
+@@ -2105,11 +2105,14 @@ found:
+         eng->maxWidth = qMax(eng->maxWidth, line.textWidth);
+     } else {
+         eng->minWidth = qMax(eng->minWidth, lbh.minw);
+-        eng->maxWidth += line.textWidth;
++        if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth))
++            eng->maxWidth = QFIXED_MAX;
+     }
+ 
+-    if (line.textWidth > 0 && item < eng->layoutData->items.size())
+-        eng->maxWidth += lbh.spaceData.textWidth;
++    if (line.textWidth > 0 && item < eng->layoutData->items.size()) {
++        if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, 
&eng->maxWidth))
++            eng->maxWidth = QFIXED_MAX;
++    }
+ 
+     line.textWidth += trailingSpace;
+     if (lbh.spaceData.length) {
diff --git a/debian/patches/series b/debian/patches/series
index 9cc6c0b..5403fd0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,6 @@
 # fixed in 6.5
+cve-2023-32762.diff
+cve-2023-32763.diff
 upstream_Add-HPPA-detection.patch
 upstream_Add-M68k-detection.patch
 
diff --git a/debian/patches/upstream_Add-HPPA-detection.patch 
b/debian/patches/upstream_Add-HPPA-detection.patch
index 97acf71..5e3bd79 100644
--- a/debian/patches/upstream_Add-HPPA-detection.patch
+++ b/debian/patches/upstream_Add-HPPA-detection.patch
@@ -9,10 +9,10 @@ Subject: [PATCH] Add HPPA detection
 Change-Id: I5214ce64ef1fdd0ecca3d6c1694c5db9b2852a22
 Reviewed-by: Thiago Macieira <thiago.macie...@intel.com>
 ---
- src/corelib/global/archdetect.cpp           | 2 ++
- src/corelib/global/qprocessordetection.h    | 9 +++++++++
- src/corelib/global/qprocessordetection.qdoc | 9 +++++++++
- src/corelib/plugin/qelfparser_p.cpp         | 3 +++
+ src/corelib/global/archdetect.cpp        |    2 ++
+ src/corelib/global/qglobal.cpp           |    9 +++++++++
+ src/corelib/global/qprocessordetection.h |    9 +++++++++
+ src/corelib/plugin/qelfparser_p.cpp      |    3 +++
  4 files changed, 23 insertions(+)
 
 --- a/src/corelib/global/archdetect.cpp
@@ -46,7 +46,7 @@ Reviewed-by: Thiago Macieira <thiago.macie...@intel.com>
      X86 is little-endian.
 --- a/src/corelib/plugin/qelfparser_p.cpp
 +++ b/src/corelib/plugin/qelfparser_p.cpp
-@@ -113,6 +113,8 @@ struct ElfMachineCheck
+@@ -118,6 +118,8 @@ struct ElfMachineCheck
              EM_AARCH64
  #elif defined(Q_PROCESSOR_BLACKFIN)
              EM_BLACKFIN
@@ -55,7 +55,7 @@ Reviewed-by: Thiago Macieira <thiago.macie...@intel.com>
  #elif defined(Q_PROCESSOR_IA64)
              EM_IA_64
  #elif defined(Q_PROCESSOR_MIPS)
-@@ -380,6 +382,7 @@ Q_DECL_UNUSED Q_DECL_COLD_FUNCTION stati
+@@ -383,6 +385,7 @@ Q_DECL_UNUSED Q_DECL_COLD_FUNCTION stati
  #endif
      case EM_IA_64:      d << ", IA-64"; break;
      case EM_MIPS:       d << ", MIPS"; break;
diff --git a/debian/patches/upstream_Add-M68k-detection.patch 
b/debian/patches/upstream_Add-M68k-detection.patch
index e595adc..9df96b4 100644
--- a/debian/patches/upstream_Add-M68k-detection.patch
+++ b/debian/patches/upstream_Add-M68k-detection.patch
@@ -10,10 +10,10 @@ Subject: [PATCH] Add M68k detection
 Change-Id: Ie5694abbe1ae2bfeb5692defba0ca6062c1d60ac
 Reviewed-by: Thiago Macieira <thiago.macie...@intel.com>
 ---
- src/corelib/global/archdetect.cpp           | 2 ++
- src/corelib/global/qprocessordetection.h    | 9 +++++++++
- src/corelib/global/qprocessordetection.qdoc | 9 +++++++++
- src/corelib/plugin/qelfparser_p.cpp         | 3 +++
+ src/corelib/global/archdetect.cpp        |    2 ++
+ src/corelib/global/qglobal.cpp           |    9 +++++++++
+ src/corelib/global/qprocessordetection.h |    9 +++++++++
+ src/corelib/plugin/qelfparser_p.cpp      |    3 +++
  4 files changed, 23 insertions(+)
 
 --- a/src/corelib/global/archdetect.cpp
@@ -47,7 +47,7 @@ Reviewed-by: Thiago Macieira <thiago.macie...@intel.com>
      MIPS is bi-endian, use endianness auto-detection implemented below.
 --- a/src/corelib/plugin/qelfparser_p.cpp
 +++ b/src/corelib/plugin/qelfparser_p.cpp
-@@ -117,6 +117,8 @@ struct ElfMachineCheck
+@@ -122,6 +122,8 @@ struct ElfMachineCheck
              EM_PARISC
  #elif defined(Q_PROCESSOR_IA64)
              EM_IA_64
@@ -56,7 +56,7 @@ Reviewed-by: Thiago Macieira <thiago.macie...@intel.com>
  #elif defined(Q_PROCESSOR_MIPS)
              EM_MIPS
  #elif defined(Q_PROCESSOR_POWER_32)
-@@ -375,6 +377,7 @@ Q_DECL_UNUSED Q_DECL_COLD_FUNCTION stati
+@@ -378,6 +380,7 @@ Q_DECL_UNUSED Q_DECL_COLD_FUNCTION stati
      switch (r.machine) {
      // list definitely not exhaustive!
      case EM_NONE:       d << ", no machine"; break;

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---

Reply via email to