[notify] qt5: various patches and one CVE-2021-3481 Out of bounds read in function QRadialFetchSimd from crafted svg file

8 files changed, 156 insertions, 7 deletions

diff --git a/qt5/.signature b/qt5/.signature
index c479e8602..e5048feb6 100644
--- a/qt5/.signature
+++ b/qt5/.signature
@@ -1,7 +1,13 @@
 untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/W2ZSpNiseAN+1SF8SzENy+XacXlFLIusMXmL//JJNQjcQnsOMQzM2um9WO9vr7VZ/dLLIP/K/R1bdlsks10FgM=
-SHA256 (Pkgfile) = 292e8e91ab37f1396a4f89c7d611bb736615a9797ea50267e9d2f92a8d628085
+RWSE3ohX2g5d/WUvqEglgs19kHuAwlpReMp9CGp4s7BtqrUvbFERZEDh/D+shW/x3wbMLz1Ihb+pbiYY0QT7iHGlOQtk01qeqg4=
+SHA256 (Pkgfile) = a7b960d5d2cd67569969adaa9168d29cc5606068a215fe0709c82dcd8291ea32
 SHA256 (.footprint) = cd747f02bb34a0c1e8ed0edfbda866740d6ab9940824b2c6848ee51bb0ecf64c
 SHA256 (qt-everywhere-src-5.15.2.tar.xz) = 3a530d1b243b5dec00bc54937455471aaa3e56849d2593edb8ded07228202240
 SHA256 (qt5-cflags.patch) = cf707cd970650f8b60f8897692b36708ded9ba116723ec8fcd885576783fe85c
 SHA256 (qt5-logo.png) = ae1335ecd1cd2d17032184895ab298a636cdfa8121b0ed71307c4f2b23ec928e
+SHA256 (qtbase-everywhere-src-5.11.1-python3.patch) = 5218cf7651f21a865fc1d8b18753e0eb0c1c412acbac080cd9d61f95b69589e5
+SHA256 (qtbase-everywhere-src-5.14.2-no_relocatable.patch) = 1fed8b9e4eb5749e70d85d7678f08a5abc881e2a2ecab85fb21f59cb124500e5
+SHA256 (qtbase-everywhere-src-5.15.2-libglvnd.patch) = 6dd54f841127f20c27300874833636105f15e7481f549c007504bb82cf26c177
+SHA256 (qtbase-filechooser-portal-send-window-id-in-hex.patch) = 4aa41d1052b0712aa0ed75dd2fbd5038529a2db1b5c2f03cf9fa5eccd7bf438d
+SHA256 (qtbase-use-wayland-on-gnome.patch) = d62367c679e655a472f2777b9a7a97e17bd1340c0f0b2d40d1621217743122b8
+SHA256 (qt-everywhere-src-5.15.2-CVE-2021-3481-1.patch) = 1a6eee5409bc91bc487c933ed17f9a802eafa514818993493c383c5b0797d623
diff --git a/qt5/Pkgfile b/qt5/Pkgfile
index 2b40ffa53..7675f72d5 100644
--- a/qt5/Pkgfile
+++ b/qt5/Pkgfile
@@ -6,15 +6,27 @@
 
 name=qt5
 version=5.15.2
-release=1
+release=2
 source=(https://download.qt.io/official_releases/qt/${version::4}/$version/single/qt-everywhere-src-$version.tar.xz
 	qt5-cflags.patch
-	qt5-logo.png)
+	qt5-logo.png
+	qtbase-everywhere-src-5.11.1-python3.patch
+	qtbase-everywhere-src-5.14.2-no_relocatable.patch
+	qtbase-everywhere-src-5.15.2-libglvnd.patch
+	qtbase-filechooser-portal-send-window-id-in-hex.patch
+	qtbase-use-wayland-on-gnome.patch
+	qt-everywhere-src-5.15.2-CVE-2021-3481-1.patch)
 
 build() {
 	cd qt-everywhere-src-$version
 
 	patch -d qtbase -p1 -i $SRC/qt5-cflags.patch
+	patch -d qtbase -p1 -i $SRC/qtbase-everywhere-src-5.11.1-python3.patch
+	patch -d qtbase -p1 -i $SRC/qtbase-everywhere-src-5.14.2-no_relocatable.patch
+	patch -d qtbase -p1 -i $SRC/qtbase-everywhere-src-5.15.2-libglvnd.patch
+	patch -d qtbase -p1 -i $SRC/qtbase-filechooser-portal-send-window-id-in-hex.patch
+	patch -d qtbase -p1 -i $SRC/qtbase-use-wayland-on-gnome.patch
+	patch -p1 -i $SRC/qt-everywhere-src-5.15.2-CVE-2021-3481-1.patch
 
 	export PYTHON='/usr/bin/python3'
 	mkdir $SRC/bin
@@ -25,7 +37,13 @@ build() {
 	export LD_LIBRARY_PATH="$QTDIR/qtbase/lib:$QTDIR/qttools/lib:$LD_LIBRARY_PATH"
 	export QT_PLUGIN_PATH="$QTDIR/qtbase/plugins"
 
-	prt-get isinst ccache && PKGMK_QT5+=' -ccache' && PATH="$(echo ${PATH} | awk -v RS=: -v ORS=: '/ccache/ {next} {print}' | sed 's/:*$//')"
+	prt-get isinst ccache && PKGMK_QT5+=' -ccache' && \
+		PATH="$(echo ${PATH} | awk -v RS=: -v ORS=: '/ccache/ {next} {print}' | sed 's/:*$//')"
+
+	sed -i '/utility/a #include <limits>'     qtbase/src/corelib/global/qglobal.h
+	sed -i '/string/a #include <limits>'      qtbase/src/corelib/global/qfloat16.h
+	sed -i '/qbytearray/a #include <limits>'  qtbase/src/corelib/text/qbytearraymatcher.h
+	sed -i '/type_traits/a #include <limits>' qtdeclarative/src/qmldebug/qqmlprofilerevent_p.h
 
 	./configure $PKGMK_QT5 \
 		-prefix /usr/ \
@@ -50,7 +68,6 @@ build() {
 		-opengl desktop \
 		-opensource \
 		-openssl-linked \
-		-optimized-qmake \
 		-reduce-relocations \
 		-release \
 		-shared \
@@ -66,7 +83,7 @@ build() {
 	# Fix paths
 	find "$PKG/usr/lib" -type f -name '*.prl' \
 		-exec sed -e '/^QMAKE_PRL_BUILD_DIR/d' -i {} \;
-        
+
 	sed -e "s|$PWD/qtbase|/usr/lib/qt5|g" \
 		-i $PKG/usr/lib/qt5/mkspecs/modules/qt_lib_bootstrap_private.pri
 
diff --git a/qt5/qt-everywhere-src-5.15.2-CVE-2021-3481-1.patch b/qt5/qt-everywhere-src-5.15.2-CVE-2021-3481-1.patch
new file mode 100644
index 000000000..31b44601b
--- /dev/null
+++ b/qt5/qt-everywhere-src-5.15.2-CVE-2021-3481-1.patch
@@ -0,0 +1,40 @@
+Not yet Submitted By: Ken Moffat <ken at linuxfromscratch dot org>	
+Date: 2021-06-19	
+Initial Package Version: 5.15.2
+Upstream Status: Applied
+Origin: Upstream, found at debian
+Description: Fixes CVE-2021-3401 (out of bounds read) by clamoing
+parsed doubles to float representable values. Upstream commits:
+ https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=aceea78cc05ac8ff
+ https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=bfd6ee0d8cf34b63
+
+diff -Naur a/qtsvg/src/svg/qsvghandler.cpp b/qtsvg/src/svg/qsvghandler.cpp
+--- a/qtsvg/src/svg/qsvghandler.cpp	2020-10-27 08:02:11.000000000 +0000
++++ b/qtsvg/src/svg/qsvghandler.cpp	2021-06-18 23:16:47.263564883 +0100
+@@ -65,6 +65,7 @@
+ #include "private/qmath_p.h"
+ 
+ #include "float.h"
++#include <cmath>
+ 
+ QT_BEGIN_NAMESPACE
+ 
+@@ -672,6 +673,9 @@
+             val = -val;
+     } else {
+         val = QByteArray::fromRawData(temp, pos).toDouble();
++        // Do not tolerate values too wild to be represented normally by floats
++        if (qFpClassify(float(val)) != FP_NORMAL)
++            val = 0;
+     }
+     return val;
+ 
+@@ -3043,6 +3047,8 @@
+         ncy = toDouble(cy);
+     if (!r.isEmpty())
+         nr = toDouble(r);
++    if (nr < 0.5)
++        nr = 0.5;
+ 
+     qreal nfx = ncx;
+     if (!fx.isEmpty())
diff --git a/qt5/qtbase-everywhere-src-5.11.1-python3.patch b/qt5/qtbase-everywhere-src-5.11.1-python3.patch
new file mode 100644
index 000000000..40dfd4790
--- /dev/null
+++ b/qt5/qtbase-everywhere-src-5.11.1-python3.patch
@@ -0,0 +1,9 @@
+diff -up qtbase-everywhere-src-5.11.1/mkspecs/features/uikit/devices.py.me qtbase-everywhere-src-5.11.1/mkspecs/features/uikit/devices.py
+--- qtbase-everywhere-src-5.11.1/mkspecs/features/uikit/devices.py.me	2018-06-23 11:29:21.750066271 +0200
++++ qtbase-everywhere-src-5.11.1/mkspecs/features/uikit/devices.py	2018-06-23 11:30:07.457292033 +0200
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/python3
+ 
+ #############################################################################
+ ##
diff --git a/qt5/qtbase-everywhere-src-5.14.2-no_relocatable.patch b/qt5/qtbase-everywhere-src-5.14.2-no_relocatable.patch
new file mode 100644
index 000000000..56b9db8a7
--- /dev/null
+++ b/qt5/qtbase-everywhere-src-5.14.2-no_relocatable.patch
@@ -0,0 +1,16 @@
+diff -up qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp.no_relocatable qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp
+--- qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp.no_relocatable	2020-03-27 04:49:31.000000000 -0500
++++ qtbase-everywhere-src-5.14.2/src/corelib/global/qlibraryinfo.cpp	2020-04-13 15:13:44.075705226 -0500
+@@ -671,8 +671,11 @@ static QString getPrefix(
+ #  if QT_CONFIGURE_CROSSBUILD
+     if (group == QLibraryInfo::DevicePaths)
+         return QString::fromLocal8Bit(QT_CONFIGURE_PREFIX_PATH);
+-#  endif
++#  elif 0 //QT_CONFIG(relocatable)
+     return getExtPrefixFromHostBinDir();
++#  else
++    return QString::fromLocal8Bit(QT_CONFIGURE_PREFIX_PATH);
++#  endif
+ #elif QT_CONFIG(relocatable)
+     return getRelocatablePrefix();
+ #else
diff --git a/qt5/qtbase-everywhere-src-5.15.2-libglvnd.patch b/qt5/qtbase-everywhere-src-5.15.2-libglvnd.patch
new file mode 100644
index 000000000..e819f8df3
--- /dev/null
+++ b/qt5/qtbase-everywhere-src-5.15.2-libglvnd.patch
@@ -0,0 +1,15 @@
+diff -up qtbase-everywhere-src-5.15.2/src/gui/configure.json.libglvnd qtbase-everywhere-src-5.15.2/src/gui/configure.json
+--- qtbase-everywhere-src-5.15.2/src/gui/configure.json.libglvnd	2020-10-27 03:02:11.000000000 -0500
++++ qtbase-everywhere-src-5.15.2/src/gui/configure.json	2021-09-10 10:05:53.610312223 -0500
+@@ -847,9 +847,9 @@
+                 ],
+                 "include": [ "EGL/egl.h", "X11/Xlib.h" ],
+                 "main": [
+-                    "Display *dpy = EGL_DEFAULT_DISPLAY;",
++                    "Display *dpy = reinterpret_cast<Display *>(EGL_DEFAULT_DISPLAY);",
+                     "EGLNativeDisplayType egldpy = XOpenDisplay(\"\");",
+-                    "dpy = egldpy;",
++                    "dpy = reinterpret_cast<Display *>(egldpy);",
+                     "EGLNativeWindowType w = XCreateWindow(dpy, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);",
+                     "XDestroyWindow(dpy, w);",
+                     "XCloseDisplay(dpy);"
diff --git a/qt5/qtbase-filechooser-portal-send-window-id-in-hex.patch b/qt5/qtbase-filechooser-portal-send-window-id-in-hex.patch
new file mode 100644
index 000000000..42030364b
--- /dev/null
+++ b/qt5/qtbase-filechooser-portal-send-window-id-in-hex.patch
@@ -0,0 +1,26 @@
+From acaabc9108dfe75530960cf8e3ec4f3602cd82e0 Mon Sep 17 00:00:00 2001
+From: Jan Grulich <jgrulich@redhat.com>
+Date: Mon, 08 Mar 2021 12:29:21 +0100
+Subject: [PATCH] FileChooser portal: send window id in hex
+
+We send window id in decimal, however, it is expected to be send in hex.
+This causes a mismatch and makes portal dialog to show in background.
+
+Pick-to: 5.15 6.0 6.1
+Change-Id: Ibd77199bbb4a2ad4782a0457ddc5506c6b5608fe
+Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
+---
+
+diff --git a/src/plugins/platformthemes/xdgdesktopportal/qxdgdesktopportalfiledialog.cpp b/src/plugins/platformthemes/xdgdesktopportal/qxdgdesktopportalfiledialog.cpp
+index ec153f6..85bdd1a 100644
+--- a/src/plugins/platformthemes/xdgdesktopportal/qxdgdesktopportalfiledialog.cpp
++++ b/src/plugins/platformthemes/xdgdesktopportal/qxdgdesktopportalfiledialog.cpp
+@@ -185,7 +185,7 @@
+                                                           QLatin1String("/org/freedesktop/portal/desktop"),
+                                                           QLatin1String("org.freedesktop.portal.FileChooser"),
+                                                           d->saveFile ? QLatin1String("SaveFile") : QLatin1String("OpenFile"));
+-    QString parentWindowId = QLatin1String("x11:") + QString::number(d->winId);
++    QString parentWindowId = QLatin1String("x11:") + QString::number(d->winId, 16);
+ 
+     QVariantMap options;
+     if (!d->acceptLabel.isEmpty())
diff --git a/qt5/qtbase-use-wayland-on-gnome.patch b/qt5/qtbase-use-wayland-on-gnome.patch
new file mode 100644
index 000000000..526963cbf
--- /dev/null
+++ b/qt5/qtbase-use-wayland-on-gnome.patch
@@ -0,0 +1,20 @@
+diff --git a/src/gui/kernel/qguiapplication.cpp b/src/gui/kernel/qguiapplication.cpp
+index b8bfad4f16..676fdfad5e 100644
+--- a/src/gui/kernel/qguiapplication.cpp
++++ b/src/gui/kernel/qguiapplication.cpp
+@@ -1376,14 +1376,7 @@ void QGuiApplicationPrivate::createPlatformIntegration()
+         if (sessionType == QByteArrayLiteral("x11") && !platformName.contains(QByteArrayLiteral("xcb"))) {
+             platformName = QByteArrayLiteral("xcb");
+         } else if (sessionType == QByteArrayLiteral("wayland") && !platformName.contains(QByteArrayLiteral("wayland"))) {
+-            QByteArray currentDesktop = qgetenv("XDG_CURRENT_DESKTOP").toLower();
+-            QByteArray sessionDesktop = qgetenv("XDG_SESSION_DESKTOP").toLower();
+-            if (currentDesktop.contains("gnome") || sessionDesktop.contains("gnome")) {
+-                qInfo() << "Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome."
+-                        << "Use QT_QPA_PLATFORM=wayland to run on Wayland anyway.";
+-            } else {
+-                platformName = QByteArrayLiteral("wayland");
+-            }
++            platformName = QByteArrayLiteral("wayland");
+         }
+     }
+ #ifdef QT_QPA_DEFAULT_PLATFORM_NAME