Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Andreas Sturmlechner <asturm@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-qt/qtcore/files/, dev-qt/qtcore/
Date: Sat, 25 Jan 2020 23:56:53
Message-Id: 1579996578.f0f2e0e6f77f988b30bcaeef18e2d4e28708f7b1.asturm@gentoo
1 commit: f0f2e0e6f77f988b30bcaeef18e2d4e28708f7b1
2 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
3 AuthorDate: Sat Jan 25 23:29:54 2020 +0000
4 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
5 CommitDate: Sat Jan 25 23:56:18 2020 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f0f2e0e6
7
8 dev-qt/qtcore: Fix CVE-2019-18281
9
10 Bug: https://bugs.gentoo.org/699226
11 Package-Manager: Portage-2.3.85, Repoman-2.3.20
12 Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
13
14 .../files/qtcore-5.12.3-CVE-2019-18281.patch | 98 ++++++++++++++++++++++
15 dev-qt/qtcore/qtcore-5.12.3-r1.ebuild | 86 +++++++++++++++++++
16 2 files changed, 184 insertions(+)
17
18 diff --git a/dev-qt/qtcore/files/qtcore-5.12.3-CVE-2019-18281.patch b/dev-qt/qtcore/files/qtcore-5.12.3-CVE-2019-18281.patch
19 new file mode 100644
20 index 00000000000..055794b5196
21 --- /dev/null
22 +++ b/dev-qt/qtcore/files/qtcore-5.12.3-CVE-2019-18281.patch
23 @@ -0,0 +1,98 @@
24 +From 1232205e32464d90e871f39eb1e14fcf9b78a163 Mon Sep 17 00:00:00 2001
25 +From: Rainer Keller <Rainer.Keller@××.io>
26 +Date: Tue, 27 Aug 2019 14:44:48 +0200
27 +Subject: [PATCH] Fix crash when text contains too many directional chars
28 +
29 +In case a text to be layouted contains more than 128 directional characters
30 +it causes the application to crash
31 +
32 +The function initScriptAnalysisAndIsolatePairs() collects information of
33 +RTL/LTR chaaracters into vector "isolatePairs". The size of the vector is
34 +capped to 128. Later the function generateDirectionalRuns() iterates
35 +the text again and tries to access items from the previously capped vector
36 +above the upper bound.
37 +
38 +Task-number: QTBUG-77819
39 +Change-Id: Ibb7bf12c12b1db22f43ff46236518da3fdeed26a
40 +Reviewed-by: Simon Hausmann <simon.hausmann@××.io>
41 +---
42 + src/gui/text/qtextengine.cpp | 15 +++++++--------
43 + tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp | 17 +++++++++++++++++
44 + 2 files changed, 24 insertions(+), 8 deletions(-)
45 +
46 +diff --git a/src/gui/text/qtextengine.cpp b/src/gui/text/qtextengine.cpp
47 +index 2da13289bfd..a7834587b1e 100644
48 +--- a/src/gui/text/qtextengine.cpp
49 ++++ b/src/gui/text/qtextengine.cpp
50 +@@ -399,6 +399,7 @@ struct QBidiAlgorithm {
51 + analysis[i].bidiDirection = (level & 1) ? QChar::DirR : QChar::DirL;
52 + runHasContent = true;
53 + lastRunWithContent = -1;
54 ++ ++isolatePairPosition;
55 + }
56 + int runBeforeIsolate = runs.size();
57 + ushort newLevel = isRtl ? ((stack.top().level + 1) | 1) : ((stack.top().level + 2) & ~1);
58 +@@ -440,21 +441,19 @@ struct QBidiAlgorithm {
59 + doEmbed(true, true, false);
60 + break;
61 + case QChar::DirLRI:
62 +- Q_ASSERT(isolatePairs.at(isolatePairPosition).start == i);
63 + doEmbed(false, false, true);
64 +- ++isolatePairPosition;
65 + break;
66 + case QChar::DirRLI:
67 +- Q_ASSERT(isolatePairs.at(isolatePairPosition).start == i);
68 + doEmbed(true, false, true);
69 +- ++isolatePairPosition;
70 + break;
71 + case QChar::DirFSI: {
72 +- const auto &pair = isolatePairs.at(isolatePairPosition);
73 +- Q_ASSERT(pair.start == i);
74 +- bool isRtl = QStringView(text + pair.start + 1, pair.end - pair.start - 1).isRightToLeft();
75 ++ bool isRtl = false;
76 ++ if (isolatePairPosition < isolatePairs.size()) {
77 ++ const auto &pair = isolatePairs.at(isolatePairPosition);
78 ++ Q_ASSERT(pair.start == i);
79 ++ isRtl = QStringView(text + pair.start + 1, pair.end - pair.start - 1).isRightToLeft();
80 ++ }
81 + doEmbed(isRtl, false, true);
82 +- ++isolatePairPosition;
83 + break;
84 + }
85 +
86 +diff --git a/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp b/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp
87 +index 9c477589f93..f0a32c2ed40 100644
88 +--- a/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp
89 ++++ b/tests/auto/gui/text/qtextlayout/tst_qtextlayout.cpp
90 +@@ -138,6 +138,7 @@ private slots:
91 + void noModificationOfInputString();
92 + void superscriptCrash_qtbug53911();
93 + void showLineAndParagraphSeparatorsCrash();
94 ++ void tooManyDirectionalCharctersCrash_qtbug77819();
95 +
96 + private:
97 + QFont testFont;
98 +@@ -2309,5 +2310,21 @@ void tst_QTextLayout::nbspWithFormat()
99 + QCOMPARE(layout.lineAt(1).textLength(), s2.length() + 1 + s3.length());
100 + }
101 +
102 ++void tst_QTextLayout::tooManyDirectionalCharctersCrash_qtbug77819()
103 ++{
104 ++ QString data;
105 ++ data += QString::fromUtf8("\xe2\x81\xa8"); // U+2068 FSI character
106 ++ data += QString::fromUtf8("\xe2\x81\xa7"); // U+2067 RLI character
107 ++
108 ++ // duplicating the text
109 ++ for (int i = 0; i < 10; i++)
110 ++ data += data;
111 ++
112 ++ // Nothing to test. It must not crash in beginLayout().
113 ++ QTextLayout tl(data);
114 ++ tl.beginLayout();
115 ++ tl.endLayout();
116 ++}
117 ++
118 + QTEST_MAIN(tst_QTextLayout)
119 + #include "tst_qtextlayout.moc"
120 +--
121 +2.16.3
122
123 diff --git a/dev-qt/qtcore/qtcore-5.12.3-r1.ebuild b/dev-qt/qtcore/qtcore-5.12.3-r1.ebuild
124 new file mode 100644
125 index 00000000000..ff88ef5f4ec
126 --- /dev/null
127 +++ b/dev-qt/qtcore/qtcore-5.12.3-r1.ebuild
128 @@ -0,0 +1,86 @@
129 +# Copyright 1999-2020 Gentoo Authors
130 +# Distributed under the terms of the GNU General Public License v2
131 +
132 +EAPI=6
133 +QT5_MODULE="qtbase"
134 +inherit qt5-build
135 +
136 +DESCRIPTION="Cross-platform application development framework"
137 +
138 +if [[ ${QT5_BUILD_TYPE} == release ]]; then
139 + KEYWORDS="~arm ~x86"
140 +fi
141 +
142 +IUSE="icu systemd"
143 +
144 +DEPEND="
145 + dev-libs/double-conversion:=
146 + dev-libs/glib:2
147 + dev-libs/libpcre2[pcre16,unicode]
148 + sys-libs/zlib:=
149 + icu? ( dev-libs/icu:= )
150 + !icu? ( virtual/libiconv )
151 + systemd? ( sys-apps/systemd:= )
152 +"
153 +RDEPEND="${DEPEND}
154 + !<dev-qt/qtcore-4.8.7-r4:4
155 +"
156 +
157 +QT5_TARGET_SUBDIRS=(
158 + src/tools/bootstrap
159 + src/tools/moc
160 + src/tools/rcc
161 + src/tools/qfloat16-tables
162 + src/corelib
163 + src/tools/qlalr
164 + doc
165 +)
166 +
167 +QT5_GENTOO_PRIVATE_CONFIG=(
168 + !:network
169 + !:sql
170 + !:testlib
171 + !:xml
172 +)
173 +
174 +PATCHES=( "${FILESDIR}/${P}-CVE-2019-18281.patch" )
175 +
176 +src_prepare() {
177 + # don't add -O3 to CXXFLAGS, bug 549140
178 + sed -i -e '/CONFIG\s*+=/s/optimize_full//' src/corelib/corelib.pro || die
179 +
180 + # fix missing qt_version_tag symbol w/ LTO, bug 674382
181 + sed -i -e 's/^gcc:ltcg/gcc/' src/corelib/global/global.pri || die
182 +
183 + qt5-build_src_prepare
184 +}
185 +
186 +src_configure() {
187 + local myconf=(
188 + -no-feature-statx # bug 672856
189 + $(qt_use icu)
190 + $(qt_use !icu iconv)
191 + $(qt_use systemd journald)
192 + )
193 + qt5-build_src_configure
194 +}
195 +
196 +src_install() {
197 + qt5-build_src_install
198 +
199 + local flags=(
200 + DBUS FREETYPE IMAGEFORMAT_JPEG IMAGEFORMAT_PNG
201 + OPENGL OPENSSL SSL WIDGETS
202 + )
203 +
204 + for flag in ${flags[@]}; do
205 + cat >> "${D%/}"/${QT5_HEADERDIR}/QtCore/qconfig.h <<- _EOF_ || die
206 +
207 + #if defined(QT_NO_${flag}) && defined(QT_${flag})
208 + # undef QT_NO_${flag}
209 + #elif !defined(QT_NO_${flag}) && !defined(QT_${flag})
210 + # define QT_NO_${flag}
211 + #endif
212 + _EOF_
213 + done
214 +}
Report Message
Find on MARC Find on Google Groups