From: tobtoht Date: Wed, 24 May 2023 16:03:00 +0000 (+0200) Subject: Revert "depends: update qt to 6.5.1" X-Git-Url: https://git.nutra.tk/v2?a=commitdiff_plain;h=a2e0499a29c30746de0cf99f848ed84fb9c627ae;p=gamesguru%2Ffeather.git Revert "depends: update qt to 6.5.1" This reverts commit 120add421e8736c58f9a12f7b0461587d4dfef64. --- diff --git a/contrib/depends/packages/native_qt.mk b/contrib/depends/packages/native_qt.mk index b429c810..93b35b46 100644 --- a/contrib/depends/packages/native_qt.mk +++ b/contrib/depends/packages/native_qt.mk @@ -1,9 +1,9 @@ package=native_qt -$(package)_version=6.5.1 +$(package)_version=6.5.0 $(package)_download_path=https://download.qt.io/official_releases/qt/6.5/$($(package)_version)/submodules $(package)_suffix=everywhere-src-$($(package)_version).tar.xz $(package)_file_name=qtbase-$($(package)_suffix) -$(package)_sha256_hash=db56fa1f4303a1189fe33418d25d1924931c7aef237f89eea9de58e858eebfed +$(package)_sha256_hash=fde1aa7b4fbe64ec1b4fc576a57f4688ad1453d2fab59cbadd948a10a6eaf5ef $(package)_dependencies=native_libxcb native_libxkbcommon $(package)_qt_libs=corelib network widgets gui plugins testlib $(package)_linguist_tools = lrelease lupdate lconvert @@ -19,16 +19,16 @@ $(package)_patches += rcc_hardcode_timestamp.patch $(package)_patches += root_CMakeLists.txt $(package)_qttools_file_name=qttools-$($(package)_suffix) -$(package)_qttools_sha256_hash=5744df9e84b2a86f7f932ffc00341c7d7209e741fd1c0679a32b855fcceb2329 +$(package)_qttools_sha256_hash=49c33d96b0a44988be954269b8ce3d1a495b439726e03a6be7c0d50a686369c4 $(package)_qtsvg_file_name=qtsvg-$($(package)_suffix) -$(package)_qtsvg_sha256_hash=d58d29491d44f0f59b684686a9898fec0e6c4fb7c09d9393b4e9c211fe9608ef +$(package)_qtsvg_sha256_hash=64ca7e61f44d51e28bcbb4e0509299b53a9a7e38879e00a7fe91643196067a4f $(package)_qtmultimedia_file_name=qtmultimedia-$($(package)_suffix) -$(package)_qtmultimedia_sha256_hash=0b1fc560e1c8cdda1ddb13db832c3b595f7e4079118d4847d8de18d82464e1cc +$(package)_qtmultimedia_sha256_hash=9480d0c73abdd01aec4899e340938cec046a3f404b9f9ed945288be574dca146 $(package)_qtshadertools_file_name=qtshadertools-$($(package)_suffix) -$(package)_qtshadertools_sha256_hash=e5806761835944ef91d5aee0679e0c8231bf7a981e064480e65c751ebdf65052 +$(package)_qtshadertools_sha256_hash=86618d037f3071f1f7ac5eb7ab76ae4e6f51cfddded0a402bb9aa7f3f79f5775 $(package)_extra_sources += $($(package)_qttools_file_name) $(package)_extra_sources += $($(package)_qtsvg_file_name) diff --git a/contrib/depends/packages/qt.mk b/contrib/depends/packages/qt.mk index f4d80ccf..35e4473b 100644 --- a/contrib/depends/packages/qt.mk +++ b/contrib/depends/packages/qt.mk @@ -1,9 +1,9 @@ package=qt -$(package)_version=6.5.1 +$(package)_version=6.5.0 $(package)_download_path=https://download.qt.io/official_releases/qt/6.5/$($(package)_version)/submodules $(package)_suffix=everywhere-src-$($(package)_version).tar.xz $(package)_file_name=qtbase-$($(package)_suffix) -$(package)_sha256_hash=db56fa1f4303a1189fe33418d25d1924931c7aef237f89eea9de58e858eebfed +$(package)_sha256_hash=fde1aa7b4fbe64ec1b4fc576a57f4688ad1453d2fab59cbadd948a10a6eaf5ef $(package)_darwin_dependencies=native_cctools native_qt openssl $(package)_mingw32_dependencies=openssl native_qt native_libxkbcommon $(package)_linux_dependencies=openssl native_qt freetype fontconfig libxcb libxkbcommon libxcb_util libxcb_util_render libxcb_util_keysyms libxcb_util_image libxcb_util_wm libxcb_util_cursor @@ -29,20 +29,25 @@ $(package)_patches += v4l2.patch $(package)_patches += windows_func_fix.patch $(package)_patches += WindowsToolchain.cmake +# Remove >= 6.5.1 +$(package)_patches += CVE-2023-32573-qtsvg-6.5.diff +$(package)_patches += CVE-2023-32762-qtbase-6.5.diff +$(package)_patches += CVE-2023-32763-qtbase-6.5.diff + $(package)_qttools_file_name=qttools-$($(package)_suffix) -$(package)_qttools_sha256_hash=5744df9e84b2a86f7f932ffc00341c7d7209e741fd1c0679a32b855fcceb2329 +$(package)_qttools_sha256_hash=49c33d96b0a44988be954269b8ce3d1a495b439726e03a6be7c0d50a686369c4 $(package)_qtsvg_file_name=qtsvg-$($(package)_suffix) -$(package)_qtsvg_sha256_hash=d58d29491d44f0f59b684686a9898fec0e6c4fb7c09d9393b4e9c211fe9608ef +$(package)_qtsvg_sha256_hash=64ca7e61f44d51e28bcbb4e0509299b53a9a7e38879e00a7fe91643196067a4f $(package)_qtwebsockets_file_name=qtwebsockets-$($(package)_suffix) -$(package)_qtwebsockets_sha256_hash=6b8f66b250a675117aae35b48dbfc589619be2810a759ad1712a9cd20561da19 +$(package)_qtwebsockets_sha256_hash=bc087bd656bb34da120ccab6e927036a219f75fd88f1543744c426bfca616308 $(package)_qtmultimedia_file_name=qtmultimedia-$($(package)_suffix) -$(package)_qtmultimedia_sha256_hash=0b1fc560e1c8cdda1ddb13db832c3b595f7e4079118d4847d8de18d82464e1cc +$(package)_qtmultimedia_sha256_hash=9480d0c73abdd01aec4899e340938cec046a3f404b9f9ed945288be574dca146 $(package)_qtshadertools_file_name=qtshadertools-$($(package)_suffix) -$(package)_qtshadertools_sha256_hash=e5806761835944ef91d5aee0679e0c8231bf7a981e064480e65c751ebdf65052 +$(package)_qtshadertools_sha256_hash=86618d037f3071f1f7ac5eb7ab76ae4e6f51cfddded0a402bb9aa7f3f79f5775 $(package)_extra_sources += $($(package)_qttools_file_name) $(package)_extra_sources += $($(package)_qtsvg_file_name) @@ -255,7 +260,12 @@ define $(package)_preprocess_cmds mv $($(package)_patch_dir)/arm64-apple-toolchain.cmake . && \ mv $($(package)_patch_dir)/gnueabihfToolchain.cmake . && \ mv $($(package)_patch_dir)/riscvToolchain.cmake . && \ - cd qtmultimedia && \ + cd qtbase && \ + patch -p1 -i $($(package)_patch_dir)/CVE-2023-32762-qtbase-6.5.diff && \ + patch -p1 -i $($(package)_patch_dir)/CVE-2023-32763-qtbase-6.5.diff && \ + cd ../qtsvg && \ + patch -p1 -i $($(package)_patch_dir)/CVE-2023-32573-qtsvg-6.5.diff && \ + cd ../qtmultimedia && \ patch -p1 -i $($(package)_patch_dir)/qtmultimedia-fixes.patch && \ patch -p1 -i $($(package)_patch_dir)/v4l2.patch endef diff --git a/contrib/depends/patches/qt/CVE-2023-32573-qtsvg-6.5.diff b/contrib/depends/patches/qt/CVE-2023-32573-qtsvg-6.5.diff new file mode 100644 index 00000000..aa86f2a7 --- /dev/null +++ b/contrib/depends/patches/qt/CVE-2023-32573-qtsvg-6.5.diff @@ -0,0 +1,36 @@ +--- a/src/svg/qsvgfont_p.h ++++ b/src/svg/qsvgfont_p.h +@@ -38,6 +38,7 @@ public: + class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted + { + public: ++ static constexpr qreal DEFAULT_UNITS_PER_EM = 1000; + QSvgFont(qreal horizAdvX); + + void setFamilyName(const QString &name); +@@ -50,9 +51,7 @@ public: + void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const; + public: + QString m_familyName; +- qreal m_unitsPerEm; +- qreal m_ascent; +- qreal m_descent; ++ qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM; + qreal m_horizAdvX; + QHash m_glyphs; + }; + + +--- a/src/svg/qsvghandler.cpp ++++ b/src/svg/qsvghandler.cpp +@@ -2622,7 +2622,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent, + + qreal unitsPerEm = toDouble(unitsPerEmStr); + if (!unitsPerEm) +- unitsPerEm = 1000; ++ unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM; + + if (!name.isEmpty()) + font->setFamilyName(name); + + diff --git a/contrib/depends/patches/qt/CVE-2023-32762-qtbase-6.5.diff b/contrib/depends/patches/qt/CVE-2023-32762-qtbase-6.5.diff new file mode 100644 index 00000000..616b096c --- /dev/null +++ b/contrib/depends/patches/qt/CVE-2023-32762-qtbase-6.5.diff @@ -0,0 +1,13 @@ +--- a/src/network/access/qhsts.cpp ++++ b/src/network/access/qhsts.cpp +@@ -327,8 +327,8 @@ quoted-pair = "\" CHAR + bool QHstsHeaderParser::parse(const QList> &headers) + { + for (const auto &h : headers) { +- // We use '==' since header name was already 'trimmed' for us: +- if (h.first == "Strict-Transport-Security") { ++ // We compare directly because header name was already 'trimmed' for us: ++ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) { + header = h.second; + // RFC6797, 8.1: + // diff --git a/contrib/depends/patches/qt/CVE-2023-32763-qtbase-6.5.diff b/contrib/depends/patches/qt/CVE-2023-32763-qtbase-6.5.diff new file mode 100644 index 00000000..bdb18de1 --- /dev/null +++ b/contrib/depends/patches/qt/CVE-2023-32763-qtbase-6.5.diff @@ -0,0 +1,53 @@ +--- a/src/gui/painting/qfixed_p.h ++++ b/src/gui/painting/qfixed_p.h +@@ -18,6 +18,7 @@ + #include + #include "QtCore/qdebug.h" + #include "QtCore/qpoint.h" ++#include "QtCore/qnumeric.h" + #include "QtCore/qsize.h" + + QT_BEGIN_NAMESPACE +@@ -136,6 +137,22 @@ constexpr inline QFixed operator+(uint i, QFixed d) { return d+i; } + constexpr inline QFixed operator-(uint i, QFixed d) { return -(d-i); } + // constexpr inline QFixed operator*(qreal d, QFixed d2) { return d2*d; } + ++inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r) ++{ ++ int val; ++ bool result = qAddOverflow(v1.value(), v2.value(), &val); ++ r->setValue(val); ++ return result; ++} ++ ++inline bool qMulOverflow(QFixed v1, QFixed v2, QFixed *r) ++{ ++ int val; ++ bool result = qMulOverflow(v1.value(), v2.value(), &val); ++ r->setValue(val); ++ return result; ++} ++ + #ifndef QT_NO_DEBUG_STREAM + inline QDebug &operator<<(QDebug &dbg, QFixed f) + { return dbg << f.toReal(); } + + +--- a/src/gui/text/qtextlayout.cpp ++++ b/src/gui/text/qtextlayout.cpp +@@ -2164,9 +2164,12 @@ found: + eng->maxWidth = qMax(eng->maxWidth, line.textWidth); + } else { + eng->minWidth = qMax(eng->minWidth, lbh.minw); +- eng->layoutData->currentMaxWidth += line.textWidth; +- if (!manuallyWrapped) +- eng->layoutData->currentMaxWidth += lbh.spaceData.textWidth; ++ if (qAddOverflow(eng->layoutData->currentMaxWidth, line.textWidth, &eng->layoutData->currentMaxWidth)) ++ eng->layoutData->currentMaxWidth = QFIXED_MAX; ++ if (!manuallyWrapped) { ++ if (qAddOverflow(eng->layoutData->currentMaxWidth, lbh.spaceData.textWidth, &eng->layoutData->currentMaxWidth)) ++ eng->layoutData->currentMaxWidth = QFIXED_MAX; ++ } + eng->maxWidth = qMax(eng->maxWidth, eng->layoutData->currentMaxWidth); + if (manuallyWrapped) + eng->layoutData->currentMaxWidth = 0; \ No newline at end of file