commit: 21ff6b5a26c64269d3c9cb1753ed35c74fe5ed7f
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 8 22:00:02 2023 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Wed Feb 8 22:03:06 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21ff6b5a
dev-qt/qtsql: Fix CVE-2023-24607
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
dev-qt/qtsql/Manifest | 1 +
.../qtsql/files/qtsql-5.15.8-CVE-2023-24607.patch | 341 +++++++++++++++++++++
dev-qt/qtsql/qtsql-5.15.8-r1.ebuild | 58 ++++
3 files changed, 400 insertions(+)
diff --git a/dev-qt/qtsql/Manifest b/dev-qt/qtsql/Manifest
index 74c8ba8ae7d8..72012ac9ff90 100644
--- a/dev-qt/qtsql/Manifest
+++ b/dev-qt/qtsql/Manifest
@@ -1,3 +1,4 @@
DIST qtbase-5.15-gentoo-patchset-3.tar.xz 3856 BLAKE2B
0752426f9bc2dfa1ab2bc246b29f5d00305df05175a7801d7d5eddacfa46fcb605d9a317547edc01d3ef339f6effc2fcee7549cb7aecced37f0098166c70dbe2
SHA512
2515bea53232e76ca3e40bdaf1dd52fdf452052a2f40002ee91360d1fcceea3c5c2f5a8d2a3bfc0f9c2bacd61460a632c5b351accd73fd37b64985593219148e
DIST qtbase-5.15.8-gentoo-kde-1.tar.xz 780764 BLAKE2B
6abb00127113595cbb0a0caf58eb6323423ca41cbde6262a63762aded12861b6c051c9548c9ce2d11ab073e8930c11b609c05579eba34d56201fb7187c78ee23
SHA512
8b59ba61e7364c78d5bf728b4d8c9bd0f8e1ed973f1a84cd40330b06195b246e052ec087067336ff5d4e80a12168a25e0bd47fd88d837c00f106d8cdeba0c016
+DIST qtbase-5.15.8-gentoo-kde-5.tar.xz 793372 BLAKE2B
f486a0275fdf4da28a88ba40b7e6f227267fa05e8f466f734f720e792de1796501d5f1fb4427a84ca2d709bfa07abd695ad59210f7fd11227b1bf465484736b8
SHA512
f51d7ee2d121acda1141b9816197afc57ac0176a12acc08a93c2a793694afb734f8f1ad280a5bf95170cf912e32edb4a6612befeb4198fec78a7e50bbb6a61cd
DIST qtbase-everywhere-opensource-src-5.15.8.tar.xz 50259432 BLAKE2B
cb1b790a384a5cad9a95fdc448e275d48a68c6ee2addf08b40f9963cc5762fd7ab15852dea8392dc76da39f1565c1e23ddb5875c280f0177e802082f4b4f7f2b
SHA512
29e8877bafdbc908072209f1b27a5040b022e2b71f17f4ab4cecd570adeae21597f9af7f1d38758760f3cb30376eeb15c5f066bf02c6e9a9e3a4d07f967046ce
diff --git a/dev-qt/qtsql/files/qtsql-5.15.8-CVE-2023-24607.patch
b/dev-qt/qtsql/files/qtsql-5.15.8-CVE-2023-24607.patch
new file mode 100644
index 000000000000..3cdb9116465b
--- /dev/null
+++ b/dev-qt/qtsql/files/qtsql-5.15.8-CVE-2023-24607.patch
@@ -0,0 +1,341 @@
+From ec1c9c116a16f2cd15587dc861e5d178010b3f99 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aa...@kde.org>
+Date: Wed, 8 Feb 2023 18:16:58 +0100
+Subject: [PATCH] Apply CVE-2023-24607-qtbase-5.15.diff
+
+Change-Id: Ic77ce0e279a8ed6d7aac3bf4f0d1a56ad9dde40c
+---
+ src/plugins/sqldrivers/odbc/qsql_odbc.cpp | 206 +++++++++++++---------
+ 1 file changed, 118 insertions(+), 88 deletions(-)
+
+diff --git a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
+index 5f51de3843..6cac60d03d 100644
+--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
++++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
+@@ -92,23 +92,39 @@ inline static QString fromSQLTCHAR(const
QVarLengthArray<SQLTCHAR>& input, int s
+ return result;
+ }
+
++template <size_t SizeOfChar = sizeof(SQLTCHAR)>
++void toSQLTCHARImpl(QVarLengthArray<SQLTCHAR> &result, const QString &input);
// primary template undefined
++
++template <typename Container>
++void do_append(QVarLengthArray<SQLTCHAR> &result, const Container &c)
++{
++ result.append(reinterpret_cast<const SQLTCHAR *>(c.data()), c.size());
++}
++
++template <>
++void toSQLTCHARImpl<1>(QVarLengthArray<SQLTCHAR> &result, const QString
&input)
++{
++ const auto u8 = input.toUtf8();
++ do_append(result, u8);
++}
++
++template <>
++void toSQLTCHARImpl<2>(QVarLengthArray<SQLTCHAR> &result, const QString
&input)
++{
++ do_append(result, input);
++}
++
++template <>
++void toSQLTCHARImpl<4>(QVarLengthArray<SQLTCHAR> &result, const QString
&input)
++{
++ const auto u32 = input.toUcs4();
++ do_append(result, u32);
++}
++
+ inline static QVarLengthArray<SQLTCHAR> toSQLTCHAR(const QString &input)
+ {
+ QVarLengthArray<SQLTCHAR> result;
+- result.resize(input.size());
+- switch(sizeof(SQLTCHAR)) {
+- case 1:
+- memcpy(result.data(), input.toUtf8().data(), input.size());
+- break;
+- case 2:
+- memcpy(result.data(), input.unicode(), input.size() * 2);
+- break;
+- case 4:
+- memcpy(result.data(), input.toUcs4().data(), input.size() * 4);
+- break;
+- default:
+- qCritical("sizeof(SQLTCHAR) is %d. Don't know how to handle
this.", int(sizeof(SQLTCHAR)));
+- }
++ toSQLTCHARImpl(result, input);
+ result.append(0); // make sure it's null terminated, doesn't matter if it
already is, it does if it isn't.
+ return result;
+ }
+@@ -763,6 +779,14 @@ QChar QODBCDriverPrivate::quoteChar()
+ return quote;
+ }
+
++static SQLRETURN qt_string_SQLSetConnectAttr(SQLHDBC handle, SQLINTEGER attr,
const QString &val)
++{
++ auto encoded = toSQLTCHAR(val);
++ return SQLSetConnectAttr(handle, attr,
++ encoded.data(),
++ SQLINTEGER(encoded.size() * sizeof(SQLTCHAR)));
// size in bytes
++}
++
+
+ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
+ {
+@@ -798,10 +822,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const
QString& connOpts)
+ v = val.toUInt();
+ r = SQLSetConnectAttr(hDbc, SQL_ATTR_LOGIN_TIMEOUT, (SQLPOINTER)
size_t(v), 0);
+ } else if (opt.toUpper() ==
QLatin1String("SQL_ATTR_CURRENT_CATALOG")) {
+- val.utf16(); // 0 terminate
+- r = SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG,
+- toSQLTCHAR(val).data(),
+- val.length()*sizeof(SQLTCHAR));
++ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_CURRENT_CATALOG,
val);
+ } else if (opt.toUpper() == QLatin1String("SQL_ATTR_METADATA_ID")) {
+ if (val.toUpper() == QLatin1String("SQL_TRUE")) {
+ v = SQL_TRUE;
+@@ -816,10 +837,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const
QString& connOpts)
+ v = val.toUInt();
+ r = SQLSetConnectAttr(hDbc, SQL_ATTR_PACKET_SIZE, (SQLPOINTER)
size_t(v), 0);
+ } else if (opt.toUpper() == QLatin1String("SQL_ATTR_TRACEFILE")) {
+- val.utf16(); // 0 terminate
+- r = SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE,
+- toSQLTCHAR(val).data(),
+- val.length()*sizeof(SQLTCHAR));
++ r = qt_string_SQLSetConnectAttr(hDbc, SQL_ATTR_TRACEFILE, val);
+ } else if (opt.toUpper() == QLatin1String("SQL_ATTR_TRACE")) {
+ if (val.toUpper() == QLatin1String("SQL_OPT_TRACE_OFF")) {
+ v = SQL_OPT_TRACE_OFF;
+@@ -1022,9 +1040,12 @@ bool QODBCResult::reset (const QString& query)
+ return false;
+ }
+
+- r = SQLExecDirect(d->hStmt,
+- toSQLTCHAR(query).data(),
+- (SQLINTEGER) query.length());
++ {
++ auto encoded = toSQLTCHAR(query);
++ r = SQLExecDirect(d->hStmt,
++ encoded.data(),
++ SQLINTEGER(encoded.size()));
++ }
+ if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO && r!= SQL_NO_DATA) {
+ setLastError(qMakeError(QCoreApplication::translate("QODBCResult",
+ "Unable to execute statement"),
QSqlError::StatementError, d));
+@@ -1371,9 +1392,12 @@ bool QODBCResult::prepare(const QString& query)
+ return false;
+ }
+
+- r = SQLPrepare(d->hStmt,
+- toSQLTCHAR(query).data(),
+- (SQLINTEGER) query.length());
++ {
++ auto encoded = toSQLTCHAR(query);
++ r = SQLPrepare(d->hStmt,
++ encoded.data(),
++ SQLINTEGER(encoded.size()));
++ }
+
+ if (r != SQL_SUCCESS) {
+ setLastError(qMakeError(QCoreApplication::translate("QODBCResult",
+@@ -1401,7 +1425,7 @@ bool QODBCResult::exec()
+ SQLCloseCursor(d->hStmt);
+
+ QVector<QVariant>& values = boundValues();
+- QVector<QByteArray> tmpStorage(values.count(), QByteArray()); // holds
temporary buffers
++ QVector<QByteArray> tmpStorage(values.count(), QByteArray()); // targets
for SQLBindParameter()
+ QVarLengthArray<SQLLEN, 32> indicators(values.count());
+ memset(indicators.data(), 0, indicators.size() * sizeof(SQLLEN));
+
+@@ -1580,35 +1604,36 @@ bool QODBCResult::exec()
+ case QVariant::String:
+ if (d->unicode) {
+ QByteArray &ba = tmpStorage[i];
+- QString str = val.toString();
++ {
++ const auto encoded = toSQLTCHAR(val.toString());
++ ba = QByteArray(reinterpret_cast<const char
*>(encoded.data()),
++ encoded.size() * sizeof(SQLTCHAR));
++ }
++
+ if (*ind != SQL_NULL_DATA)
+- *ind = str.length() * sizeof(SQLTCHAR);
+- int strSize = str.length() * sizeof(SQLTCHAR);
++ *ind = ba.size();
+
+ if (bindValueType(i) & QSql::Out) {
+- const QVarLengthArray<SQLTCHAR> a(toSQLTCHAR(str));
+- ba = QByteArray((const char *)a.constData(), a.size()
* sizeof(SQLTCHAR));
+ r = SQLBindParameter(d->hStmt,
+ i + 1,
+ qParamType[bindValueType(i) &
QSql::InOut],
+ SQL_C_TCHAR,
+- strSize > 254 ? SQL_WLONGVARCHAR
: SQL_WVARCHAR,
++ ba.size() > 254 ?
SQL_WLONGVARCHAR : SQL_WVARCHAR,
+ 0, // god knows... don't change
this!
+ 0,
+- ba.data(),
++ const_cast<char
*>(ba.constData()), // don't detach
+ ba.size(),
+ ind);
+ break;
+ }
+- ba = QByteArray ((const char
*)toSQLTCHAR(str).constData(), str.size()*sizeof(SQLTCHAR));
+ r = SQLBindParameter(d->hStmt,
+ i + 1,
+ qParamType[bindValueType(i) &
QSql::InOut],
+ SQL_C_TCHAR,
+- strSize > 254 ? SQL_WLONGVARCHAR :
SQL_WVARCHAR,
+- strSize,
++ ba.size() > 254 ? SQL_WLONGVARCHAR
: SQL_WVARCHAR,
++ ba.size(),
+ 0,
+- const_cast<char *>(ba.constData()),
++ const_cast<char *>(ba.constData()),
// don't detach
+ ba.size(),
+ ind);
+ break;
+@@ -1716,10 +1741,11 @@ bool QODBCResult::exec()
+ case QVariant::String:
+ if (d->unicode) {
+ if (bindValueType(i) & QSql::Out) {
+- const QByteArray &first = tmpStorage.at(i);
+- QVarLengthArray<SQLTCHAR> array;
+- array.append((const SQLTCHAR *)first.constData(),
first.size());
+- values[i] = fromSQLTCHAR(array,
first.size()/sizeof(SQLTCHAR));
++ const QByteArray &bytes = tmpStorage.at(i);
++ const auto strSize = bytes.size() /
int(sizeof(SQLTCHAR));
++ QVarLengthArray<SQLTCHAR> string(strSize);
++ memcpy(string.data(), bytes.data(), strSize *
sizeof(SQLTCHAR));
++ values[i] = fromSQLTCHAR(string);
+ }
+ break;
+ }
+@@ -1966,14 +1992,16 @@ bool QODBCDriver::open(const QString & db,
+ SQLSMALLINT cb;
+ QVarLengthArray<SQLTCHAR> connOut(1024);
+ memset(connOut.data(), 0, connOut.size() * sizeof(SQLTCHAR));
+- r = SQLDriverConnect(d->hDbc,
+- NULL,
+- toSQLTCHAR(connQStr).data(),
+- (SQLSMALLINT)connQStr.length(),
+- connOut.data(),
+- 1024,
+- &cb,
+- /*SQL_DRIVER_NOPROMPT*/0);
++ {
++ auto encoded = toSQLTCHAR(connQStr);
++ r = SQLDriverConnect(d->hDbc,
++ nullptr,
++ encoded.data(), SQLSMALLINT(encoded.size()),
++ connOut.data(),
++ 1024,
++ &cb,
++ /*SQL_DRIVER_NOPROMPT*/0);
++ }
+
+ if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO) {
+ setLastError(qMakeError(tr("Unable to connect"),
QSqlError::ConnectionError, d));
+@@ -2352,17 +2380,15 @@ QStringList QODBCDriver::tables(QSql::TableType type)
const
+ if (tableType.isEmpty())
+ return tl;
+
+- QString joinedTableTypeString = tableType.join(QLatin1Char(','));
++ {
++ auto joinedTableTypeString = toSQLTCHAR(tableType.join(u','));
+
+- r = SQLTables(hStmt,
+- NULL,
+- 0,
+- NULL,
+- 0,
+- NULL,
+- 0,
+- toSQLTCHAR(joinedTableTypeString).data(),
+- joinedTableTypeString.length() /* characters, not bytes
*/);
++ r = SQLTables(hStmt,
++ nullptr, 0,
++ nullptr, 0,
++ nullptr, 0,
++ joinedTableTypeString.data(),
joinedTableTypeString.size());
++ }
+
+ if (r != SQL_SUCCESS)
+ qSqlWarning(QLatin1String("QODBCDriver::tables Unable to execute
table list"), d);
+@@ -2436,28 +2462,30 @@ QSqlIndex QODBCDriver::primaryIndex(const QString&
tablename) const
+ SQL_ATTR_CURSOR_TYPE,
+ (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY,
+ SQL_IS_UINTEGER);
+- r = SQLPrimaryKeys(hStmt,
+- catalog.length() == 0 ? NULL :
toSQLTCHAR(catalog).data(),
+- catalog.length(),
+- schema.length() == 0 ? NULL :
toSQLTCHAR(schema).data(),
+- schema.length(),
+- toSQLTCHAR(table).data(),
+- table.length() /* in characters, not in bytes */);
++ {
++ auto c = toSQLTCHAR(catalog);
++ auto s = toSQLTCHAR(schema);
++ auto t = toSQLTCHAR(table);
++ r = SQLPrimaryKeys(hStmt,
++ catalog.isEmpty() ? nullptr : c.data(), c.size(),
++ schema.isEmpty() ? nullptr : s.data(), s.size(),
++ t.data(), t.size());
++ }
+
+ // if the SQLPrimaryKeys() call does not succeed (e.g the driver
+ // does not support it) - try an alternative method to get hold of
+ // the primary index (e.g MS Access and FoxPro)
+ if (r != SQL_SUCCESS) {
+- r = SQLSpecialColumns(hStmt,
+- SQL_BEST_ROWID,
+- catalog.length() == 0 ? NULL :
toSQLTCHAR(catalog).data(),
+- catalog.length(),
+- schema.length() == 0 ? NULL :
toSQLTCHAR(schema).data(),
+- schema.length(),
+- toSQLTCHAR(table).data(),
+- table.length(),
+- SQL_SCOPE_CURROW,
+- SQL_NULLABLE);
++ auto c = toSQLTCHAR(catalog);
++ auto s = toSQLTCHAR(schema);
++ auto t = toSQLTCHAR(table);
++ r = SQLSpecialColumns(hStmt,
++ SQL_BEST_ROWID,
++ catalog.isEmpty() ? nullptr : c.data(),
c.size(),
++ schema.isEmpty() ? nullptr : s.data(),
s.size(),
++ t.data(), t.size(),
++ SQL_SCOPE_CURROW,
++ SQL_NULLABLE);
+
+ if (r != SQL_SUCCESS) {
+ qSqlWarning(QLatin1String("QODBCDriver::primaryIndex: Unable
to execute primary key list"), d);
+@@ -2538,15 +2566,17 @@ QSqlRecord QODBCDriver::record(const QString&
tablename) const
+ SQL_ATTR_CURSOR_TYPE,
+ (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY,
+ SQL_IS_UINTEGER);
+- r = SQLColumns(hStmt,
+- catalog.length() == 0 ? NULL :
toSQLTCHAR(catalog).data(),
+- catalog.length(),
+- schema.length() == 0 ? NULL : toSQLTCHAR(schema).data(),
+- schema.length(),
+- toSQLTCHAR(table).data(),
+- table.length(),
+- NULL,
+- 0);
++ {
++ auto c = toSQLTCHAR(catalog);
++ auto s = toSQLTCHAR(schema);
++ auto t = toSQLTCHAR(table);
++ r = SQLColumns(hStmt,
++ catalog.isEmpty() ? nullptr : c.data(), c.size(),
++ schema.isEmpty() ? nullptr : s.data(), s.size(),
++ t.data(), t.size(),
++ nullptr,
++ 0);
++ }
+ if (r != SQL_SUCCESS)
+ qSqlWarning(QLatin1String("QODBCDriver::record: Unable to execute
column list"), d);
+
+--
+GitLab
+
diff --git a/dev-qt/qtsql/qtsql-5.15.8-r1.ebuild
b/dev-qt/qtsql/qtsql-5.15.8-r1.ebuild
new file mode 100644
index 000000000000..28c772953201
--- /dev/null
+++ b/dev-qt/qtsql/qtsql-5.15.8-r1.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+if [[ ${PV} != *9999* ]]; then
+ QT5_KDEPATCHSET_REV=5
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc
~x86"
+fi
+
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="SQL abstraction library for the Qt5 framework"
+
+SLOT=5/${QT5_PV} # bug 639140
+IUSE="freetds mysql oci8 odbc postgres +sqlite"
+REQUIRED_USE="
+ || ( freetds mysql oci8 odbc postgres sqlite )
+"
+
+DEPEND="
+ =dev-qt/qtcore-${QT5_PV}*:5=
+ freetds? ( dev-db/freetds )
+ mysql? ( dev-db/mysql-connector-c:= )
+ oci8? ( dev-db/oracle-instantclient:=[sdk] )
+ odbc? ( dev-db/unixODBC )
+ postgres? ( dev-db/postgresql:* )
+ sqlite? ( dev-db/sqlite:3 )
+"
+RDEPEND="${DEPEND}"
+
+QT5_TARGET_SUBDIRS=(
+ src/sql
+ src/plugins/sqldrivers
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :sql
+)
+
+PATCHES=( "${FILESDIR}/${P}-CVE-2023-24607.patch" )
+
+src_configure() {
+ local myconf=(
+ $(qt_use freetds sql-tds plugin)
+ $(qt_use mysql sql-mysql plugin)
+ $(qt_use oci8 sql-oci plugin)
+ $(qt_use odbc sql-odbc plugin)
+ $(qt_use postgres sql-psql plugin)
+ $(qt_use sqlite sql-sqlite plugin)
+ $(usev sqlite -system-sqlite)
+ )
+
+ use oci8 && myconf+=("-I${ORACLE_HOME}/include"
"-L${ORACLE_HOME}/$(get_libdir)")
+
+ qt5-build_src_configure
+}
