dev-qt/qtgui: fix CVE-2020-17507

Upstream commit: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=1616c719

Reported-by: John Helmert III (ajak) <jchelmert3@posteo.net>
Bug: https://bugs.gentoo.org/736924
Package-Manager: Portage-3.0.4, Repoman-3.0.1
Signed-off-by: Jimi Huotari <chiitoo@gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/17183
Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

3 files changed, 409 insertions, 0 deletions

diff --git a/dev-qt/qtgui/files/qtgui-5.14.2-CVE-2020-17507.patch b/dev-qt/qtgui/files/qtgui-5.14.2-CVE-2020-17507.patch
new file mode 100644
index 000000000000..cad9aa4b682c
--- /dev/null
+++ b/dev-qt/qtgui/files/qtgui-5.14.2-CVE-2020-17507.patch
@@ -0,0 +1,39 @@
+From 1616c71921b73b227f56ccb3f2c49a994ec23440 Mon Sep 17 00:00:00 2001
+From: Allan Sandfeld Jensen <allan.jensen@qt.io>
+Date: Thu, 23 Jul 2020 11:48:48 +0200
+Subject: Fix buffer overflow in XBM parser
+
+Avoid parsing over the buffer limit, or interpreting non-hex
+as hex.
+
+This still leaves parsing of lines longer than 300 chars
+unreliable
+
+Change-Id: I1c57a7e530c4380f6f9040b2ec729ccd7dc7a5fb
+Reviewed-by: Robert Loehning <robert.loehning@qt.io>
+Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
+(cherry picked from commit c562c1fc19629fb505acd0f6380604840b634211)
+Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
+---
+ src/gui/image/qxbmhandler.cpp                      |  4 ++-
+ .../gui/image/qimagereader/tst_qimagereader.cpp    | 38 ++++++++++++++++++++++
+ 2 files changed, 41 insertions(+), 1 deletion(-)
+
+diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp
+index f06561690c..72ce7f7ecd 100644
+--- a/src/gui/image/qxbmhandler.cpp
++++ b/src/gui/image/qxbmhandler.cpp
+@@ -159,7 +159,9 @@ static bool read_xbm_body(QIODevice *device, int w, int h, QImage *outImage)
+     w = (w+7)/8;                                // byte width
+ 
+     while (y < h) {                                // for all encoded bytes...
+-        if (p) {                                // p = "0x.."
++        if (p && p < (buf + readBytes - 3)) {      // p = "0x.."
++            if (!isxdigit(p[2]) || !isxdigit(p[3]))
++                return false;
+             *b++ = hex2byte(p+2);
+             p += 2;
+             if (++x == w && ++y < h) {
+-- 
+cgit v1.2.1
+
diff --git a/dev-qt/qtgui/qtgui-5.14.2-r1.ebuild b/dev-qt/qtgui/qtgui-5.14.2-r1.ebuild
new file mode 100644
index 000000000000..a676219df351
--- /dev/null
+++ b/dev-qt/qtgui/qtgui-5.14.2-r1.ebuild
@@ -0,0 +1,185 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="The GUI module and platform plugins for the Qt5 framework"
+SLOT=5/$(ver_cut 1-3) # bug 707658
+
+if [[ ${QT5_BUILD_TYPE} == release ]]; then
+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+# TODO: linuxfb
+
+IUSE="accessibility dbus egl eglfs evdev +gif gles2-only ibus jpeg
+	+libinput +png tslib tuio +udev vnc vulkan wayland +X"
+REQUIRED_USE="
+	|| ( eglfs X )
+	accessibility? ( dbus X )
+	eglfs? ( egl )
+	ibus? ( dbus )
+	libinput? ( udev )
+	X? ( gles2-only? ( egl ) )
+"
+
+RDEPEND="
+	dev-libs/glib:2
+	~dev-qt/qtcore-${PV}:5=
+	dev-util/gtk-update-icon-cache
+	media-libs/fontconfig
+	>=media-libs/freetype-2.6.1:2
+	>=media-libs/harfbuzz-1.6.0:=
+	sys-libs/zlib:=
+	virtual/opengl
+	dbus? ( ~dev-qt/qtdbus-${PV} )
+	egl? ( media-libs/mesa[egl] )
+	eglfs? (
+		media-libs/mesa[gbm]
+		x11-libs/libdrm
+	)
+	evdev? ( sys-libs/mtdev )
+	gles2-only? ( media-libs/mesa[gles2] )
+	jpeg? ( virtual/jpeg:0 )
+	libinput? (
+		dev-libs/libinput:=
+		>=x11-libs/libxkbcommon-0.5.0
+	)
+	png? ( media-libs/libpng:0= )
+	tslib? ( >=x11-libs/tslib-1.21 )
+	tuio? ( ~dev-qt/qtnetwork-${PV} )
+	udev? ( virtual/libudev:= )
+	vnc? ( ~dev-qt/qtnetwork-${PV} )
+	vulkan? ( dev-util/vulkan-headers )
+	X? (
+		x11-libs/libICE
+		x11-libs/libSM
+		x11-libs/libX11
+		>=x11-libs/libxcb-1.12:=[xkb]
+		>=x11-libs/libxkbcommon-0.5.0[X]
+		x11-libs/xcb-util-image
+		x11-libs/xcb-util-keysyms
+		x11-libs/xcb-util-renderutil
+		x11-libs/xcb-util-wm
+	)
+"
+DEPEND="${RDEPEND}
+	evdev? ( sys-kernel/linux-headers )
+	udev? ( sys-kernel/linux-headers )
+"
+PDEPEND="
+	ibus? ( app-i18n/ibus )
+	wayland? ( ~dev-qt/qtwayland-${PV} )
+"
+
+QT5_TARGET_SUBDIRS=(
+	src/tools/qvkgen
+	src/gui
+	src/openglextensions
+	src/platformheaders
+	src/platformsupport
+	src/plugins/generic
+	src/plugins/imageformats
+	src/plugins/platforms
+	src/plugins/platforminputcontexts
+)
+
+QT5_GENTOO_CONFIG=(
+	accessibility:accessibility-atspi-bridge
+	egl:egl:
+	eglfs:eglfs:
+	eglfs:eglfs_egldevice:
+	eglfs:eglfs_gbm:
+	evdev:evdev:
+	evdev:mtdev:
+	:fontconfig:
+	:system-freetype:FREETYPE
+	!:no-freetype:
+	!gif:no-gif:
+	gles2-only::OPENGL_ES
+	gles2-only:opengles2:OPENGL_ES_2
+	!:no-gui:
+	:system-harfbuzz:
+	!:no-harfbuzz:
+	jpeg:system-jpeg:IMAGEFORMAT_JPEG
+	!jpeg:no-jpeg:
+	libinput
+	libinput:xkbcommon:
+	:opengl
+	png:png:
+	png:system-png:IMAGEFORMAT_PNG
+	!png:no-png:
+	tslib:tslib:
+	udev:libudev:
+	vulkan:vulkan:
+	X:xcb:
+	X:xcb-glx:
+	X:xcb-plugin:
+	X:xcb-render:
+	X:xcb-sm:
+	X:xcb-xlib:
+	X:xcb-xinput:
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+	:gui
+)
+
+PATCHES=(
+	"${FILESDIR}/qt-5.12-gcc-avx2.patch" # bug 672946
+	"${FILESDIR}/${PN}-5.14.1-cmake-macro-backward-compat.patch" # bug 703306
+	"${FILESDIR}/${PN}-5.14.2-CVE-2020-17507.patch" # bug 736924
+)
+
+src_prepare() {
+	# don't add -O3 to CXXFLAGS, bug 549140
+	sed -i -e '/CONFIG\s*+=/s/optimize_full//' src/gui/gui.pro || die
+
+	# egl_x11 is activated when both egl and X are enabled
+	use egl && QT5_GENTOO_CONFIG+=(X:egl_x11:) || QT5_GENTOO_CONFIG+=(egl:egl_x11:)
+
+	qt_use_disable_config dbus dbus \
+		src/platformsupport/themes/genericunix/genericunix.pri
+
+	qt_use_disable_config tuio tuiotouch src/plugins/generic/generic.pro
+
+	qt_use_disable_mod ibus dbus \
+		src/plugins/platforminputcontexts/platforminputcontexts.pro
+
+	use vnc || sed -i -e '/SUBDIRS += vnc/d' \
+		src/plugins/platforms/platforms.pro || die
+
+	qt5-build_src_prepare
+}
+
+src_configure() {
+	local myconf=(
+		$(usex dbus -dbus-linked '')
+		$(qt_use egl)
+		$(qt_use eglfs)
+		$(usex eglfs '-gbm -kms' '')
+		$(qt_use evdev)
+		$(qt_use evdev mtdev)
+		-fontconfig
+		-system-freetype
+		$(usex gif '' -no-gif)
+		-gui
+		-system-harfbuzz
+		$(qt_use jpeg libjpeg system)
+		$(qt_use libinput)
+		-opengl $(usex gles2-only es2 desktop)
+		$(qt_use png libpng system)
+		$(qt_use tslib)
+		$(qt_use udev libudev)
+		$(qt_use vulkan)
+		$(qt_use X xcb system)
+		$(usex X '-xcb-xlib -xcb-xinput -xkb' '')
+	)
+	if use libinput || use X; then
+		myconf+=( -xkbcommon )
+	fi
+	qt5-build_src_configure
+}
diff --git a/dev-qt/qtgui/qtgui-5.15.0-r1.ebuild b/dev-qt/qtgui/qtgui-5.15.0-r1.ebuild
new file mode 100644
index 000000000000..850f329c65a8
--- /dev/null
+++ b/dev-qt/qtgui/qtgui-5.15.0-r1.ebuild
@@ -0,0 +1,185 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="The GUI module and platform plugins for the Qt5 framework"
+SLOT=5/$(ver_cut 1-3) # bug 707658
+
+if [[ ${QT5_BUILD_TYPE} == release ]]; then
+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+# TODO: linuxfb
+
+IUSE="accessibility dbus egl eglfs evdev +gif gles2-only ibus jpeg
+	+libinput +png tslib tuio +udev vnc vulkan wayland +X"
+REQUIRED_USE="
+	|| ( eglfs X )
+	accessibility? ( dbus X )
+	eglfs? ( egl )
+	ibus? ( dbus )
+	libinput? ( udev )
+	X? ( gles2-only? ( egl ) )
+"
+
+RDEPEND="
+	dev-libs/glib:2
+	~dev-qt/qtcore-${PV}:5=
+	dev-util/gtk-update-icon-cache
+	media-libs/fontconfig
+	>=media-libs/freetype-2.6.1:2
+	>=media-libs/harfbuzz-1.6.0:=
+	sys-libs/zlib:=
+	virtual/opengl
+	dbus? ( ~dev-qt/qtdbus-${PV} )
+	egl? ( media-libs/mesa[egl] )
+	eglfs? (
+		media-libs/mesa[gbm]
+		x11-libs/libdrm
+	)
+	evdev? ( sys-libs/mtdev )
+	gles2-only? ( media-libs/mesa[gles2] )
+	jpeg? ( virtual/jpeg:0 )
+	libinput? (
+		dev-libs/libinput:=
+		>=x11-libs/libxkbcommon-0.5.0
+	)
+	png? ( media-libs/libpng:0= )
+	tslib? ( >=x11-libs/tslib-1.21 )
+	tuio? ( ~dev-qt/qtnetwork-${PV} )
+	udev? ( virtual/libudev:= )
+	vnc? ( ~dev-qt/qtnetwork-${PV} )
+	vulkan? ( dev-util/vulkan-headers )
+	X? (
+		x11-libs/libICE
+		x11-libs/libSM
+		x11-libs/libX11
+		>=x11-libs/libxcb-1.12:=[xkb]
+		>=x11-libs/libxkbcommon-0.5.0[X]
+		x11-libs/xcb-util-image
+		x11-libs/xcb-util-keysyms
+		x11-libs/xcb-util-renderutil
+		x11-libs/xcb-util-wm
+	)
+"
+DEPEND="${RDEPEND}
+	evdev? ( sys-kernel/linux-headers )
+	udev? ( sys-kernel/linux-headers )
+"
+PDEPEND="
+	ibus? ( app-i18n/ibus )
+	wayland? ( ~dev-qt/qtwayland-${PV} )
+"
+
+QT5_TARGET_SUBDIRS=(
+	src/tools/qvkgen
+	src/gui
+	src/openglextensions
+	src/platformheaders
+	src/platformsupport
+	src/plugins/generic
+	src/plugins/imageformats
+	src/plugins/platforms
+	src/plugins/platforminputcontexts
+)
+
+QT5_GENTOO_CONFIG=(
+	accessibility:accessibility-atspi-bridge
+	egl:egl:
+	eglfs:eglfs:
+	eglfs:eglfs_egldevice:
+	eglfs:eglfs_gbm:
+	evdev:evdev:
+	evdev:mtdev:
+	:fontconfig:
+	:system-freetype:FREETYPE
+	!:no-freetype:
+	!gif:no-gif:
+	gles2-only::OPENGL_ES
+	gles2-only:opengles2:OPENGL_ES_2
+	!:no-gui:
+	:system-harfbuzz:
+	!:no-harfbuzz:
+	jpeg:system-jpeg:IMAGEFORMAT_JPEG
+	!jpeg:no-jpeg:
+	libinput
+	libinput:xkbcommon:
+	:opengl
+	png:png:
+	png:system-png:IMAGEFORMAT_PNG
+	!png:no-png:
+	tslib:tslib:
+	udev:libudev:
+	vulkan:vulkan:
+	X:xcb:
+	X:xcb-glx:
+	X:xcb-plugin:
+	X:xcb-render:
+	X:xcb-sm:
+	X:xcb-xlib:
+	X:xcb-xinput:
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+	:gui
+)
+
+PATCHES=(
+	"${FILESDIR}/qt-5.12-gcc-avx2.patch" # bug 672946
+	"${FILESDIR}/${PN}-5.14.1-cmake-macro-backward-compat.patch" # bug 703306
+	"${FILESDIR}/${PN}-5.14.2-CVE-2020-17507.patch" # bug 736924
+)
+
+src_prepare() {
+	# don't add -O3 to CXXFLAGS, bug 549140
+	sed -i -e '/CONFIG\s*+=/s/optimize_full//' src/gui/gui.pro || die
+
+	# egl_x11 is activated when both egl and X are enabled
+	use egl && QT5_GENTOO_CONFIG+=(X:egl_x11:) || QT5_GENTOO_CONFIG+=(egl:egl_x11:)
+
+	qt_use_disable_config dbus dbus \
+		src/platformsupport/themes/genericunix/genericunix.pri
+
+	qt_use_disable_config tuio tuiotouch src/plugins/generic/generic.pro
+
+	qt_use_disable_mod ibus dbus \
+		src/plugins/platforminputcontexts/platforminputcontexts.pro
+
+	use vnc || sed -i -e '/SUBDIRS += vnc/d' \
+		src/plugins/platforms/platforms.pro || die
+
+	qt5-build_src_prepare
+}
+
+src_configure() {
+	local myconf=(
+		$(usex dbus -dbus-linked '')
+		$(qt_use egl)
+		$(qt_use eglfs)
+		$(usex eglfs '-gbm -kms' '')
+		$(qt_use evdev)
+		$(qt_use evdev mtdev)
+		-fontconfig
+		-system-freetype
+		$(usex gif '' -no-gif)
+		-gui
+		-system-harfbuzz
+		$(qt_use jpeg libjpeg system)
+		$(qt_use libinput)
+		-opengl $(usex gles2-only es2 desktop)
+		$(qt_use png libpng system)
+		$(qt_use tslib)
+		$(qt_use udev libudev)
+		$(qt_use vulkan)
+		$(qt_use X xcb)
+		$(usex X '-xcb-xlib' '')
+	)
+	if use libinput || use X; then
+		myconf+=( -xkbcommon )
+	fi
+	qt5-build_src_configure
+}