[gentoo-commits] repo/gentoo:master commit in: dev-qt/qtbase/files/, dev-qt/qtbase/

["Jimi Huotari" <chiitoo@gentoo.org>]

commit:     14516d8afc141ef1bb025e3e5fc83226136d9394
Author:     Jimi Huotari <chiitoo <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 26 13:23:21 2023 +0000
Commit:     Jimi Huotari <chiitoo <AT> gentoo <DOT> org>
CommitDate: Wed Jul 26 13:30:57 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=14516d8a

dev-qt/qtbase: drop 6.5.1-r1

Closes: https://bugs.gentoo.org/908384
Signed-off-by: Jimi Huotari <chiitoo <AT> gentoo.org>

 dev-qt/qtbase/Manifest                             |   1 -
 .../qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch |  54 ------
 dev-qt/qtbase/qtbase-6.5.1-r1.ebuild               | 190 ---------------------
 3 files changed, 245 deletions(-)

diff --git a/dev-qt/qtbase/Manifest b/dev-qt/qtbase/Manifest
index f18d34b4b586..9476478fb0bf 100644
--- a/dev-qt/qtbase/Manifest
+++ b/dev-qt/qtbase/Manifest
@@ -1,2 +1 @@
-DIST qtbase-everywhere-src-6.5.1.tar.xz 48287392 BLAKE2B 47872492f21a936d980891c28df61591380bc236adc66b57a90fbb87dd292cdeb3c632fb1159231ba40142d25e02944e4c5e8568153f1286e0a1abc8c5b26699 SHA512 7f7b20bbc25cda65266d6067cdd68e3e077636988d67dbf5783f79a61186135fb3a36d57ac72cfe4501012035b630ab1f5849148e4817726d4f459fa1937e91a
 DIST qtbase-everywhere-src-6.5.2.tar.xz 48410716 BLAKE2B 578c69ede6f45a8b21cba0a24674d5d8801722503d13ab9578b06b2446ce15e6a84bcdbd0c5d2c9aa868ec70862f0845406c959ed79b695f82bb398ecf299c63 SHA512 8d97029aae5b73a3e03624c9a8495dbf2fe54a4f5e992071c06f3d93935e64c80f2121b33eeb60a92d96ceb288cb25d74906a5bf47b45bb018d859d4a2d13f20

diff --git a/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch b/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch
deleted file mode 100644
index 6f1264709e01..000000000000
--- a/dev-qt/qtbase/files/qtbase-6.5.1-CVE-2023-34410.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From: https://lists.qt-project.org/pipermail/development/2023-June/044031.html
-
---- a/src/plugins/tls/schannel/qtls_schannel.cpp
-+++ b/src/plugins/tls/schannel/qtls_schannel.cpp
-@@ -2106,6 +2106,27 @@ bool TlsCryptographSchannel::verifyCertContext(CERT_CONTEXT *certContext)
-         verifyDepth = DWORD(q->peerVerifyDepth());
-
-     const auto &caCertificates = q->sslConfiguration().caCertificates();
-+
-+    if (!rootCertOnDemandLoadingAllowed()
-+            && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN)
-+            && (q->peerVerifyMode() == QSslSocket::VerifyPeer
-+                    || (isClient && q->peerVerifyMode() == QSslSocket::AutoVerifyPeer))) {
-+        // When verifying a peer Windows "helpfully" builds a chain that
-+        // may include roots from the system store. But we don't want that if
-+        // the user has set their own CA certificates.
-+        // Since Windows claims this is not a partial chain the root is included
-+        // and we have to check that it is one of our configured CAs.
-+        CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1];
-+        QSslCertificate certificate = getCertificateFromChainElement(element);
-+        if (!caCertificates.contains(certificate)) {
-+            auto error = QSslError(QSslError::CertificateUntrusted, certificate);
-+            sslErrors += error;
-+            emit q->peerVerifyError(error);
-+            if (q->state() != QAbstractSocket::ConnectedState)
-+                return false;
-+        }
-+    }
-+
-     QList<QSslCertificate> peerCertificateChain;
-     for (DWORD i = 0; i < verifyDepth; i++) {
-         CERT_CHAIN_ELEMENT *element = chain->rgpElement[i];
-
---- a/src/network/ssl/qsslsocket.cpp
-+++ b/src/network/ssl/qsslsocket.cpp
-@@ -1973,6 +1973,10 @@ QSslSocketPrivate::QSslSocketPrivate()
-     , flushTriggered(false)
- {
-     QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
-+    // If the global configuration doesn't allow root certificates to be loaded
-+    // on demand then we have to disable it for this socket as well.
-+    if (!configuration.allowRootCertOnDemandLoading)
-+        allowRootCertOnDemandLoading = false;
-
-     const auto *tlsBackend = tlsBackendInUse();
-     if (!tlsBackend) {
-@@ -2281,6 +2285,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
-     ptr->sessionProtocol = global->sessionProtocol;
-     ptr->ciphers = global->ciphers;
-     ptr->caCertificates = global->caCertificates;
-+    ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
-     ptr->protocol = global->protocol;
-     ptr->peerVerifyMode = global->peerVerifyMode;
-     ptr->peerVerifyDepth = global->peerVerifyDepth;

diff --git a/dev-qt/qtbase/qtbase-6.5.1-r1.ebuild b/dev-qt/qtbase/qtbase-6.5.1-r1.ebuild
deleted file mode 100644
index 4bcdc55ce530..000000000000
--- a/dev-qt/qtbase/qtbase-6.5.1-r1.ebuild
+++ /dev/null
@@ -1,190 +0,0 @@
-# Copyright 2021-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit qt6-build
-
-DESCRIPTION="Cross-platform application development framework"
-
-if [[ ${QT6_BUILD_TYPE} == release ]]; then
-	KEYWORDS="~amd64"
-fi
-
-# Qt Modules
-IUSE="+concurrent +dbus +gui +network +sql opengl +widgets +xml zstd"
-REQUIRED_USE="
-	opengl? ( gui )
-	widgets? ( gui )
-	X? ( || ( evdev libinput ) )
-"
-
-QTGUI_IUSE="accessibility egl eglfs evdev gles2-only +jpeg +libinput tslib tuio vulkan +X"
-QTNETWORK_IUSE="brotli gssapi libproxy sctp +ssl vnc"
-QTSQL_IUSE="freetds mysql oci8 odbc postgres +sqlite"
-IUSE+=" ${QTGUI_IUSE} ${QTNETWORK_IUSE} ${QTSQL_IUSE} cups gtk icu systemd +udev wayland"
-# QtPrintSupport = QtGui + QtWidgets enabled.
-# ibus = xkbcommon + dbus, and xkbcommon needs either libinput or X
-REQUIRED_USE+="
-	$(printf '%s? ( gui ) ' ${QTGUI_IUSE//+/})
-	$(printf '%s? ( network ) ' ${QTNETWORK_IUSE//+/})
-	$(printf '%s? ( sql ) ' ${QTSQL_IUSE//+/})
-	accessibility? ( dbus X )
-	cups? ( gui widgets )
-	eglfs? ( egl )
-	gtk? ( widgets )
-	gui? ( || ( eglfs X ) || ( libinput X ) )
-	libinput? ( udev )
-	sql? ( || ( freetds mysql oci8 odbc postgres sqlite ) )
-	vnc? ( gui )
-	X? ( gles2-only? ( egl ) )
-"
-
-# TODO:
-# qtimageformats: mng not done yet, qtimageformats.git upstream commit 9443239c
-# qtnetwork: connman, networkmanager
-DEPEND="
-	app-crypt/libb2
-	dev-libs/double-conversion:=
-	dev-libs/glib:2
-	dev-libs/libpcre2:=[pcre16,unicode]
-	dev-util/gtk-update-icon-cache
-	media-libs/fontconfig
-	>=media-libs/freetype-2.6.1:2
-	>=media-libs/harfbuzz-1.6.0:=
-	media-libs/tiff:=
-	>=sys-apps/dbus-1.4.20
-	sys-libs/zlib:=
-	brotli? ( app-arch/brotli:= )
-	evdev? ( sys-libs/mtdev )
-	freetds? ( dev-db/freetds )
-	gles2-only? ( media-libs/libglvnd )
-	!gles2-only? ( media-libs/libglvnd[X] )
-	gssapi? ( virtual/krb5 )
-	gtk? (
-		x11-libs/gtk+:3
-		x11-libs/libX11
-		x11-libs/pango
-	)
-	gui? ( media-libs/libpng:= )
-	icu? ( dev-libs/icu:= )
-	!icu? ( virtual/libiconv )
-	jpeg? ( media-libs/libjpeg-turbo:= )
-	libinput? (
-		dev-libs/libinput:=
-		>=x11-libs/libxkbcommon-0.5.0
-	)
-	libproxy? ( net-libs/libproxy )
-	mysql? ( dev-db/mysql-connector-c:= )
-	oci8? ( dev-db/oracle-instantclient:=[sdk] )
-	odbc? ( dev-db/unixODBC )
-	postgres? ( dev-db/postgresql:* )
-	sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
-	sqlite? ( dev-db/sqlite:3 )
-	ssl? ( dev-libs/openssl:= )
-	systemd? ( sys-apps/systemd:= )
-	tslib? ( >=x11-libs/tslib-1.21 )
-	udev? ( virtual/libudev:= )
-	vulkan? ( dev-util/vulkan-headers )
-	X? (
-		x11-libs/libdrm
-		x11-libs/libICE
-		x11-libs/libSM
-		x11-libs/libX11
-		>=x11-libs/libxcb-1.12:=
-		>=x11-libs/libxkbcommon-0.5.0[X]
-		x11-libs/xcb-util-cursor
-		x11-libs/xcb-util-image
-		x11-libs/xcb-util-keysyms
-		x11-libs/xcb-util-renderutil
-		x11-libs/xcb-util-wm
-	)
-	zstd? ( app-arch/zstd:= )
-"
-RDEPEND="${DEPEND}"
-PDEPEND="wayland? ( =dev-qt/qtwayland-${PV}* )"
-
-PATCHES=( "${FILESDIR}/${PN}-6.5.1-CVE-2023-34410.patch" )
-
-src_configure() {
-	local mycmakeargs=(
-		-DINSTALL_ARCHDATADIR=${QT6_ARCHDATADIR}
-		-DINSTALL_BINDIR=${QT6_BINDIR}
-		-DINSTALL_DATADIR=${QT6_DATADIR}
-		-DINSTALL_DOCDIR=${QT6_DOCDIR}
-		-DINSTALL_EXAMPLESDIR=${QT6_EXAMPLESDIR}
-		-DINSTALL_INCLUDEDIR=${QT6_HEADERDIR}
-		-DINSTALL_LIBDIR=${QT6_LIBDIR}
-		-DINSTALL_LIBEXECDIR=${QT6_LIBEXECDIR}
-		-DINSTALL_MKSPECSDIR=${QT6_ARCHDATADIR}/mkspecs
-		-DINSTALL_PLUGINSDIR=${QT6_PLUGINDIR}
-		-DINSTALL_QMLDIR=${QT6_QMLDIR}
-		-DINSTALL_SYSCONFDIR=${QT6_SYSCONFDIR}
-		-DINSTALL_TRANSLATIONSDIR=${QT6_TRANSLATIONDIR}
-		-DQT_FEATURE_androiddeployqt=OFF
-		$(qt_feature concurrent)
-		$(qt_feature dbus)
-		$(qt_feature gui)
-		$(qt_feature gui testlib)
-		$(qt_feature icu)
-		$(qt_feature network)
-		$(qt_feature sql)
-		$(qt_feature systemd journald)
-		$(qt_feature udev libudev)
-		$(qt_feature xml)
-		$(qt_feature zstd)
-	)
-	use gui && mycmakeargs+=(
-		$(qt_feature accessibility accessibility_atspi_bridge)
-		$(qt_feature egl)
-		$(qt_feature egl xcb_egl_plugin)
-		$(qt_feature eglfs eglfs_egldevice)
-		$(qt_feature eglfs eglfs_gbm)
-		$(qt_feature evdev)
-		$(qt_feature evdev mtdev)
-		-DQT_FEATURE_gif=ON
-		$(qt_feature jpeg)
-		$(qt_feature opengl)
-		$(qt_feature gles2-only opengles2)
-		$(qt_feature libinput)
-		$(qt_feature tslib)
-		$(qt_feature tuio tuiotouch)
-		$(qt_feature vulkan)
-		$(qt_feature widgets)
-		$(qt_feature X xcb)
-		$(qt_feature X xcb_xlib)
-	)
-	use widgets && mycmakeargs+=(
-		$(qt_feature cups)
-		$(qt_feature gtk gtk3)
-	)
-	if use libinput || use X; then
-		mycmakeargs+=( -DQT_FEATURE_xkbcommon=ON )
-	fi
-	use network && mycmakeargs+=(
-		$(qt_feature brotli)
-		$(qt_feature gssapi)
-		$(qt_feature libproxy)
-		$(qt_feature sctp)
-		$(qt_feature ssl openssl)
-		$(qt_feature vnc)
-	)
-	use sql && mycmakeargs+=(
-		$(qt_feature freetds sql_tds)
-		$(qt_feature mysql sql_mysql)
-		$(qt_feature oci8 sql_oci)
-		$(qt_feature odbc sql_odbc)
-		$(qt_feature postgres sql_psql)
-		$(qt_feature sqlite sql_sqlite)
-		$(qt_feature sqlite system_sqlite)
-	)
-
-	qt6-build_src_configure
-}
-
-src_install() {
-	qt6-build_src_install
-
-	# https://bugs.gentoo.org/863395
-	qt6_symlink_binary_to_path qmake 6
-}