commit: 177a1d29a0ce79051323629a9154ca975f3214fc Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> AuthorDate: Sun Mar 26 11:44:19 2023 +0000 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> CommitDate: Sun Mar 26 11:51:47 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=177a1d29
dev-qt/qtsql: Switch to QT5_KDEPATCHSET_REV=6 Contains our big CVE-2023-24607 patch. Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> dev-qt/qtsql/Manifest | 2 +- .../qtsql/files/qtsql-5.15.8-CVE-2023-24607.patch | 341 --------------------- dev-qt/qtsql/qtsql-5.15.8-r1.ebuild | 4 +- 3 files changed, 2 insertions(+), 345 deletions(-) diff --git a/dev-qt/qtsql/Manifest b/dev-qt/qtsql/Manifest index db6cd834f163..2acd6e73513c 100644 --- a/dev-qt/qtsql/Manifest +++ b/dev-qt/qtsql/Manifest @@ -1,3 +1,3 @@ DIST qtbase-5.15-gentoo-patchset-3.tar.xz 3856 BLAKE2B 0752426f9bc2dfa1ab2bc246b29f5d00305df05175a7801d7d5eddacfa46fcb605d9a317547edc01d3ef339f6effc2fcee7549cb7aecced37f0098166c70dbe2 SHA512 2515bea53232e76ca3e40bdaf1dd52fdf452052a2f40002ee91360d1fcceea3c5c2f5a8d2a3bfc0f9c2bacd61460a632c5b351accd73fd37b64985593219148e -DIST qtbase-5.15.8-gentoo-kde-5.tar.xz 793372 BLAKE2B f486a0275fdf4da28a88ba40b7e6f227267fa05e8f466f734f720e792de1796501d5f1fb4427a84ca2d709bfa07abd695ad59210f7fd11227b1bf465484736b8 SHA512 f51d7ee2d121acda1141b9816197afc57ac0176a12acc08a93c2a793694afb734f8f1ad280a5bf95170cf912e32edb4a6612befeb4198fec78a7e50bbb6a61cd +DIST qtbase-5.15.8-gentoo-kde-6.tar.xz 796880 BLAKE2B 014fd9c9693fe1a5adc54f1d147db4bbb4bf6f5fbde5950a9586a6868d16b63b83cf24821c33fd2a325d6b70a1fa655b0fc0da7ef74ae175e278ebda1f8c9aa4 SHA512 910a7e42e13f33b53984b4f61c58e53c1cf0accfa9eb1e143cc011882fff6cab14fa7c66562396b3a929f5ec6ecf56724d74df34ac15f32cc4d8ae6cb8da797b DIST qtbase-everywhere-opensource-src-5.15.8.tar.xz 50259432 BLAKE2B cb1b790a384a5cad9a95fdc448e275d48a68c6ee2addf08b40f9963cc5762fd7ab15852dea8392dc76da39f1565c1e23ddb5875c280f0177e802082f4b4f7f2b SHA512 29e8877bafdbc908072209f1b27a5040b022e2b71f17f4ab4cecd570adeae21597f9af7f1d38758760f3cb30376eeb15c5f066bf02c6e9a9e3a4d07f967046ce diff --git a/dev-qt/qtsql/files/qtsql-5.15.8-CVE-2023-24607.patch b/dev-qt/qtsql/files/qtsql-5.15.8-CVE-2023-24607.patch deleted file mode 100644 index 3cdb9116465b..000000000000 --- a/dev-qt/qtsql/files/qtsql-5.15.8-CVE-2023-24607.patch +++ /dev/null @@ -1,341 +0,0 @@ -From ec1c9c116a16f2cd15587dc861e5d178010b3f99 Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid <[email protected]> -Date: Wed, 8 Feb 2023 18:16:58 +0100 -Subject: [PATCH] Apply CVE-2023-24607-qtbase-5.15.diff - -Change-Id: Ic77ce0e279a8ed6d7aac3bf4f0d1a56ad9dde40c ---- - src/plugins/sqldrivers/odbc/qsql_odbc.cpp | 206 +++++++++++++--------- - 1 file changed, 118 insertions(+), 88 deletions(-) - -diff --git a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp -index 5f51de3843..6cac60d03d 100644 ---- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp -+++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp -@@ -92,23 +92,39 @@ inline static QString fromSQLTCHAR(const QVarLengthArray<SQLTCHAR>& input, int s - return result; - } - -+template <size_t SizeOfChar = sizeof(SQLTCHAR)> -+void toSQLTCHARImpl(QVarLengthArray<SQLTCHAR> &result, const QString &input); // primary template undefined -+ -+template <typename Container> -+void do_append(QVarLengthArray<SQLTCHAR> &result, const Container &c) -+{ -+ result.append(reinterpret_cast<const SQLTCHAR *>(c.data()), c.size()); -+} -+ -+template <> -+void toSQLTCHARImpl<1>(QVarLengthArray<SQLTCHAR> &result, const QString &input) -+{ -+ const auto u8 = input.toUtf8(); -+ do_append(result, u8); -+} -+ -+template <> -+void toSQLTCHARImpl<2>(QVarLengthArray<SQLTCHAR> &result, const QString &input) -+{ -+ do_append(result, input); -+} -+ -+template <> -+void toSQLTCHARImpl<4>(QVarLengthArray<SQLTCHAR> &result, const QString &input) -+{ -+ const auto u32 = input.toUcs4(); -+ do_append(result, u32); -+} -+ - inline static QVarLengthArray<SQLTCHAR> toSQLTCHAR(const QString &input) - { - QVarLengthArray<SQLTCHAR> result; -- result.resize(input.size()); -- switch(sizeof(SQLTCHAR)) { -- case 1: -- memcpy(result.data(), input.toUtf8().data(), input.size()); -- break; -- case 2: -- memcpy(result.data(), input.unicode(), input.size() * 2); -- break; -- case 4: -- memcpy(result.data(), input.toUcs4().data(), input.size() * 4); -- break; -- default: -- qCritical("sizeof(SQLTCHAR) is %d. Don't know how to handle this.", int(sizeof(SQLTCHAR))); -- } -+ toSQLTCHARImpl(result, input); - result.append(0); // make sure it's null terminated, doesn't matter if it already is, it does if it isn't. - return result; - } -@@ -763,6 +779,14 @@ QChar QODBCDriverPrivate::quoteChar() - return quote; - } - -+static SQLRETURN qt_string_SQLSetConnectAttr(SQLHDBC handle, SQLINTEGER attr, const QString &val) -+{ -+ auto encoded = toSQLTCHAR(val); -+ return SQLSetConnectAttr(handle, attr, -+ encoded.data(), -+ SQLINTEGER(encoded.size() * sizeof(SQLTCHAR))); // size in bytes -+} -+ - - bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) - { -@@ -798,10 +822,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) - v = val.toUInt(); - r = SQLSetConnectAttr(hDbc, SQL_ATTR_LOGIN_TIMEOUT, (SQLPOINTER) size_t(v), 0); - } else if (opt.toUpper() == QLatin1String("SQL_ATTR_CURRENT_CATALOG")) { -- val.utf16(); // 0 terminate -- r = SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG, -- toSQLTCHAR(val).data(), -- val.length()*sizeof(SQLTCHAR)); -+ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG, val); - } else if (opt.toUpper() == QLatin1String("SQL_ATTR_METADATA_ID")) { - if (val.toUpper() == QLatin1String("SQL_TRUE")) { - v = SQL_TRUE; -@@ -816,10 +837,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) - v = val.toUInt(); - r = SQLSetConnectAttr(hDbc, SQL_ATTR_PACKET_SIZE, (SQLPOINTER) size_t(v), 0); - } else if (opt.toUpper() == QLatin1String("SQL_ATTR_TRACEFILE")) { -- val.utf16(); // 0 terminate -- r = SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, -- toSQLTCHAR(val).data(), -- val.length()*sizeof(SQLTCHAR)); -+ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, val); - } else if (opt.toUpper() == QLatin1String("SQL_ATTR_TRACE")) { - if (val.toUpper() == QLatin1String("SQL_OPT_TRACE_OFF")) { - v = SQL_OPT_TRACE_OFF; -@@ -1022,9 +1040,12 @@ bool QODBCResult::reset (const QString& query) - return false; - } - -- r = SQLExecDirect(d->hStmt, -- toSQLTCHAR(query).data(), -- (SQLINTEGER) query.length()); -+ { -+ auto encoded = toSQLTCHAR(query); -+ r = SQLExecDirect(d->hStmt, -+ encoded.data(), -+ SQLINTEGER(encoded.size())); -+ } - if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO && r!= SQL_NO_DATA) { - setLastError(qMakeError(QCoreApplication::translate("QODBCResult", - "Unable to execute statement"), QSqlError::StatementError, d)); -@@ -1371,9 +1392,12 @@ bool QODBCResult::prepare(const QString& query) - return false; - } - -- r = SQLPrepare(d->hStmt, -- toSQLTCHAR(query).data(), -- (SQLINTEGER) query.length()); -+ { -+ auto encoded = toSQLTCHAR(query); -+ r = SQLPrepare(d->hStmt, -+ encoded.data(), -+ SQLINTEGER(encoded.size())); -+ } - - if (r != SQL_SUCCESS) { - setLastError(qMakeError(QCoreApplication::translate("QODBCResult", -@@ -1401,7 +1425,7 @@ bool QODBCResult::exec() - SQLCloseCursor(d->hStmt); - - QVector<QVariant>& values = boundValues(); -- QVector<QByteArray> tmpStorage(values.count(), QByteArray()); // holds temporary buffers -+ QVector<QByteArray> tmpStorage(values.count(), QByteArray()); // targets for SQLBindParameter() - QVarLengthArray<SQLLEN, 32> indicators(values.count()); - memset(indicators.data(), 0, indicators.size() * sizeof(SQLLEN)); - -@@ -1580,35 +1604,36 @@ bool QODBCResult::exec() - case QVariant::String: - if (d->unicode) { - QByteArray &ba = tmpStorage[i]; -- QString str = val.toString(); -+ { -+ const auto encoded = toSQLTCHAR(val.toString()); -+ ba = QByteArray(reinterpret_cast<const char *>(encoded.data()), -+ encoded.size() * sizeof(SQLTCHAR)); -+ } -+ - if (*ind != SQL_NULL_DATA) -- *ind = str.length() * sizeof(SQLTCHAR); -- int strSize = str.length() * sizeof(SQLTCHAR); -+ *ind = ba.size(); - - if (bindValueType(i) & QSql::Out) { -- const QVarLengthArray<SQLTCHAR> a(toSQLTCHAR(str)); -- ba = QByteArray((const char *)a.constData(), a.size() * sizeof(SQLTCHAR)); - r = SQLBindParameter(d->hStmt, - i + 1, - qParamType[bindValueType(i) & QSql::InOut], - SQL_C_TCHAR, -- strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, -+ ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, - 0, // god knows... don't change this! - 0, -- ba.data(), -+ const_cast<char *>(ba.constData()), // don't detach - ba.size(), - ind); - break; - } -- ba = QByteArray ((const char *)toSQLTCHAR(str).constData(), str.size()*sizeof(SQLTCHAR)); - r = SQLBindParameter(d->hStmt, - i + 1, - qParamType[bindValueType(i) & QSql::InOut], - SQL_C_TCHAR, -- strSize > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, -- strSize, -+ ba.size() > 254 ? SQL_WLONGVARCHAR : SQL_WVARCHAR, -+ ba.size(), - 0, -- const_cast<char *>(ba.constData()), -+ const_cast<char *>(ba.constData()), // don't detach - ba.size(), - ind); - break; -@@ -1716,10 +1741,11 @@ bool QODBCResult::exec() - case QVariant::String: - if (d->unicode) { - if (bindValueType(i) & QSql::Out) { -- const QByteArray &first = tmpStorage.at(i); -- QVarLengthArray<SQLTCHAR> array; -- array.append((const SQLTCHAR *)first.constData(), first.size()); -- values[i] = fromSQLTCHAR(array, first.size()/sizeof(SQLTCHAR)); -+ const QByteArray &bytes = tmpStorage.at(i); -+ const auto strSize = bytes.size() / int(sizeof(SQLTCHAR)); -+ QVarLengthArray<SQLTCHAR> string(strSize); -+ memcpy(string.data(), bytes.data(), strSize * sizeof(SQLTCHAR)); -+ values[i] = fromSQLTCHAR(string); - } - break; - } -@@ -1966,14 +1992,16 @@ bool QODBCDriver::open(const QString & db, - SQLSMALLINT cb; - QVarLengthArray<SQLTCHAR> connOut(1024); - memset(connOut.data(), 0, connOut.size() * sizeof(SQLTCHAR)); -- r = SQLDriverConnect(d->hDbc, -- NULL, -- toSQLTCHAR(connQStr).data(), -- (SQLSMALLINT)connQStr.length(), -- connOut.data(), -- 1024, -- &cb, -- /*SQL_DRIVER_NOPROMPT*/0); -+ { -+ auto encoded = toSQLTCHAR(connQStr); -+ r = SQLDriverConnect(d->hDbc, -+ nullptr, -+ encoded.data(), SQLSMALLINT(encoded.size()), -+ connOut.data(), -+ 1024, -+ &cb, -+ /*SQL_DRIVER_NOPROMPT*/0); -+ } - - if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO) { - setLastError(qMakeError(tr("Unable to connect"), QSqlError::ConnectionError, d)); -@@ -2352,17 +2380,15 @@ QStringList QODBCDriver::tables(QSql::TableType type) const - if (tableType.isEmpty()) - return tl; - -- QString joinedTableTypeString = tableType.join(QLatin1Char(',')); -+ { -+ auto joinedTableTypeString = toSQLTCHAR(tableType.join(u',')); - -- r = SQLTables(hStmt, -- NULL, -- 0, -- NULL, -- 0, -- NULL, -- 0, -- toSQLTCHAR(joinedTableTypeString).data(), -- joinedTableTypeString.length() /* characters, not bytes */); -+ r = SQLTables(hStmt, -+ nullptr, 0, -+ nullptr, 0, -+ nullptr, 0, -+ joinedTableTypeString.data(), joinedTableTypeString.size()); -+ } - - if (r != SQL_SUCCESS) - qSqlWarning(QLatin1String("QODBCDriver::tables Unable to execute table list"), d); -@@ -2436,28 +2462,30 @@ QSqlIndex QODBCDriver::primaryIndex(const QString& tablename) const - SQL_ATTR_CURSOR_TYPE, - (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, - SQL_IS_UINTEGER); -- r = SQLPrimaryKeys(hStmt, -- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), -- catalog.length(), -- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), -- schema.length(), -- toSQLTCHAR(table).data(), -- table.length() /* in characters, not in bytes */); -+ { -+ auto c = toSQLTCHAR(catalog); -+ auto s = toSQLTCHAR(schema); -+ auto t = toSQLTCHAR(table); -+ r = SQLPrimaryKeys(hStmt, -+ catalog.isEmpty() ? nullptr : c.data(), c.size(), -+ schema.isEmpty() ? nullptr : s.data(), s.size(), -+ t.data(), t.size()); -+ } - - // if the SQLPrimaryKeys() call does not succeed (e.g the driver - // does not support it) - try an alternative method to get hold of - // the primary index (e.g MS Access and FoxPro) - if (r != SQL_SUCCESS) { -- r = SQLSpecialColumns(hStmt, -- SQL_BEST_ROWID, -- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), -- catalog.length(), -- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), -- schema.length(), -- toSQLTCHAR(table).data(), -- table.length(), -- SQL_SCOPE_CURROW, -- SQL_NULLABLE); -+ auto c = toSQLTCHAR(catalog); -+ auto s = toSQLTCHAR(schema); -+ auto t = toSQLTCHAR(table); -+ r = SQLSpecialColumns(hStmt, -+ SQL_BEST_ROWID, -+ catalog.isEmpty() ? nullptr : c.data(), c.size(), -+ schema.isEmpty() ? nullptr : s.data(), s.size(), -+ t.data(), t.size(), -+ SQL_SCOPE_CURROW, -+ SQL_NULLABLE); - - if (r != SQL_SUCCESS) { - qSqlWarning(QLatin1String("QODBCDriver::primaryIndex: Unable to execute primary key list"), d); -@@ -2538,15 +2566,17 @@ QSqlRecord QODBCDriver::record(const QString& tablename) const - SQL_ATTR_CURSOR_TYPE, - (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, - SQL_IS_UINTEGER); -- r = SQLColumns(hStmt, -- catalog.length() == 0 ? NULL : toSQLTCHAR(catalog).data(), -- catalog.length(), -- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(), -- schema.length(), -- toSQLTCHAR(table).data(), -- table.length(), -- NULL, -- 0); -+ { -+ auto c = toSQLTCHAR(catalog); -+ auto s = toSQLTCHAR(schema); -+ auto t = toSQLTCHAR(table); -+ r = SQLColumns(hStmt, -+ catalog.isEmpty() ? nullptr : c.data(), c.size(), -+ schema.isEmpty() ? nullptr : s.data(), s.size(), -+ t.data(), t.size(), -+ nullptr, -+ 0); -+ } - if (r != SQL_SUCCESS) - qSqlWarning(QLatin1String("QODBCDriver::record: Unable to execute column list"), d); - --- -GitLab - diff --git a/dev-qt/qtsql/qtsql-5.15.8-r1.ebuild b/dev-qt/qtsql/qtsql-5.15.8-r1.ebuild index 6ef89508857d..450028984ede 100644 --- a/dev-qt/qtsql/qtsql-5.15.8-r1.ebuild +++ b/dev-qt/qtsql/qtsql-5.15.8-r1.ebuild @@ -4,7 +4,7 @@ EAPI=8 if [[ ${PV} != *9999* ]]; then - QT5_KDEPATCHSET_REV=5 + QT5_KDEPATCHSET_REV=6 KEYWORDS="amd64 arm arm64 ~hppa ~loong ppc ppc64 ~riscv ~sparc x86" fi @@ -39,8 +39,6 @@ QT5_GENTOO_PRIVATE_CONFIG=( :sql ) -PATCHES=( "${FILESDIR}/${P}-CVE-2023-24607.patch" ) - src_configure() { local myconf=( $(qt_use freetds sql-tds plugin)
