diff --git a/net/qt5-network/Makefile b/net/qt5-network/Makefile index c92c8074b1f0..c0ec67874b8c 100644 --- a/net/qt5-network/Makefile +++ b/net/qt5-network/Makefile @@ -1,50 +1,51 @@ PORTNAME= network PORTVERSION= ${QT5_VERSION}${QT5_KDE_PATCH} +PORTREVISION= 1 CATEGORIES= net PKGNAMEPREFIX= qt5- MAINTAINER= kde@FreeBSD.org COMMENT= Qt network module USES= compiler:c++11-lang perl5 qmake:no_env qt-dist:5,base ssl USE_PERL5= extract USE_QT= core buildtools:build HAS_CONFIGURE= yes CONFIGURE_ARGS= -no-gui -no-xcb BUILD_WRKSRC= ${WRKSRC}/src/${PORTNAME} INSTALL_WRKSRC= ${BUILD_WRKSRC} QT_DEFINES= OPENSSL SSL QT_CONFIG= openssl .include # LibreSSL does not currently support BIO_ADDR in DTLSv1_listen() .if ${SSL_DEFAULT:Mlibressl*} CONFIGURE_ARGS+= -no-feature-dtls .endif post-patch: @${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|g' \ ${BUILD_WRKSRC}/ssl/qsslsocket_openssl.cpp @${REINPLACE_CMD} -e 's|%%OPENSSLLIB%%|${OPENSSLLIB}|g' \ ${BUILD_WRKSRC}/ssl/qsslsocket_openssl_symbols.cpp post-configure: .for d in src/network src/plugins/bearer/generic ${MKDIR} ${WRKSRC}/${d} cd ${WRKSRC}/${d} && ${SETENV} ${QMAKE_ENV} ${_QMAKE} ${QMAKE_ARGS} ${WRKSRC}/${d} .endfor post-build: @cd ${WRKSRC}/src/plugins/bearer/generic && \ ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} \ ${_MAKE_JOBS} ${MAKE_ARGS} ${ALL_TARGET} post-install: @cd ${WRKSRC}/src/plugins/bearer/generic && \ ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} \ ${MAKE_ARGS} ${INSTALL_TARGET} .include diff --git a/net/qt5-network/files/patch-security-rollup b/net/qt5-network/files/patch-security-rollup new file mode 100644 index 000000000000..09cf34ef8b34 --- /dev/null +++ b/net/qt5-network/files/patch-security-rollup @@ -0,0 +1,165 @@ +From a4d20b51de320a5da2d5f1bf277af8293adc5398 Mon Sep 17 00:00:00 2001 +From: Marc Mutz +Date: Tue, 12 Dec 2023 20:51:56 +0100 +Subject: [PATCH] HPack: fix a Yoda Condition + +Putting the variable on the LHS of a relational operation makes the +expression easier to read. In this case, we find that the whole +expression is nonsensical as an overflow protection, because if +name.size() + value.size() overflows, the result will exactly _not_ +be > max() - 32, because UB will have happened. + +To be fixed in a follow-up commit. + +As a drive-by, add parentheses around the RHS. + +Change-Id: I35ce598884c37c51b74756b3bd2734b9aad63c09 +Reviewed-by: Allan Sandfeld Jensen +(cherry picked from commit 658607a34ead214fbacbc2cca44915655c318ea9) +Reviewed-by: Qt Cherry-pick Bot +(cherry picked from commit 4f7efd41740107f90960116700e3134f5e433867) +(cherry picked from commit 13c16b756900fe524f6d9534e8a07aa003c05e0c) +(cherry picked from commit 1d4788a39668fb2dc5912a8d9c4272dc40e99f92) +(cherry picked from commit 87de75b5cc946d196decaa6aef4792a6cac0b6db) +--- + src/network/access/http2/hpacktable.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp +index fddb5feca56..3d88cb66f51 100644 +--- src/network/access/http2/hpacktable.cpp.orig ++++ src/network/access/http2/hpacktable.cpp +@@ -63,7 +63,7 @@ HeaderSize entry_size(const QByteArray &name, const QByteArray &value) + // 32 octets of overhead." + + const unsigned sum = unsigned(name.size() + value.size()); +- if (std::numeric_limits::max() - 32 < sum) ++ if (sum > (std::numeric_limits::max() - 32)) + return HeaderSize(); + return HeaderSize(true, quint32(sum + 32)); + } +From c379f4ef587d61c9a5b61b5ada57fdadcc8145eb Mon Sep 17 00:00:00 2001 +From: Marc Mutz +Date: Tue, 12 Dec 2023 22:08:07 +0100 +Subject: [PATCH] HPack: fix incorrect integer overflow check +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This code never worked: + +For the comparison with max() - 32 to trigger, on 32-bit platforms (or +Qt 5) signed interger overflow would have had to happen in the +addition of the two sizes. The compiler can therefore remove the +overflow check as dead code. + +On Qt 6 and 64-bit platforms, the signed integer addition would be +very unlikely to overflow, but the following truncation to uint32 +would yield the correct result only in a narrow 32-value window just +below UINT_MAX, if even that. + +Fix by using the proper tool, qAddOverflow. + +Manual conflict resolutions: + - qAddOverflow doesn't exist in Qt 5, use private add_overflow + predecessor API instead + +Change-Id: I7599f2e75ff7f488077b0c60b81022591005661c +Reviewed-by: Allan Sandfeld Jensen +(cherry picked from commit ee5da1f2eaf8932aeca02ffea6e4c618585e29e3) +Reviewed-by: Qt Cherry-pick Bot +(cherry picked from commit debeb8878da2dc706ead04b6072ecbe7e5313860) +Reviewed-by: Thiago Macieira +Reviewed-by: Marc Mutz +(cherry picked from commit 811b9eef6d08d929af8708adbf2a5effb0eb62d7) +(cherry picked from commit f931facd077ce945f1e42eaa3bead208822d3e00) +(cherry picked from commit 9ef4ca5ecfed771dab890856130e93ef5ceabef5) +Reviewed-by: Mårten Nordheim +--- + src/network/access/http2/hpacktable.cpp | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp +index 3d88cb66f51..315f3e23440 100644 +--- src/network/access/http2/hpacktable.cpp.orig ++++ src/network/access/http2/hpacktable.cpp +@@ -40,6 +40,7 @@ + #include "hpacktable_p.h" + + #include ++#include + + #include + #include +@@ -62,7 +63,9 @@ HeaderSize entry_size(const QByteArray &name, const QByteArray &value) + // for counting the number of references to the name and value would have + // 32 octets of overhead." + +- const unsigned sum = unsigned(name.size() + value.size()); ++ size_t sum; ++ if (add_overflow(size_t(name.size()), size_t(value.size()), &sum)) ++ return HeaderSize(); + if (sum > (std::numeric_limits::max() - 32)) + return HeaderSize(); + return HeaderSize(true, quint32(sum + 32)); +From 8907dedc858cc344d770a2e826d6acc516429540 Mon Sep 17 00:00:00 2001 +From: Marc Mutz +Date: Tue, 19 Dec 2023 14:22:37 +0100 +Subject: [PATCH] Http2: fix potential overflow in assemble_hpack_block() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The function is given a vector of Http2::Frame's and flattens it into +a vector. While each Frame can contain a maximum of 16GiB of +data (24-bit size field), one "only" needs 257 of them to overflow the +quint32 variable's range. + +So make sure any overflow does not go undetected. + +Keep the limited uint32_t range for now, as we don't know whether all +consumers of the result can deal with more than 4GiB of data. + +Since all these frames must be in memory, this cannot overflow in +practice on 32-bit machines. + +Pick-to: 6.7 6.6 6.5 6.2 5.15 +Change-Id: Iafaa7d1c870cba9100e75065db11d95934f86213 +Reviewed-by: Mårten Nordheim +(cherry picked from commit 1e6bb61af3ae29755f93b92f157df026f934ae61) + +* asturmlechner 2024-01-02: Use correct include for 5.15 +--- + src/network/access/qhttp2protocolhandler.cpp | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp +index 39dd460881a..ead88d781ae 100644 +--- src/network/access/qhttp2protocolhandler.cpp.orig ++++ src/network/access/qhttp2protocolhandler.cpp +@@ -46,10 +46,12 @@ + #include + + #include ++ + #include + #include + #include + #include ++#include + #include + + #include +@@ -124,8 +126,10 @@ std::vector assemble_hpack_block(const std::vector &frames) + std::vector hpackBlock; + + quint32 total = 0; +- for (const auto &frame : frames) +- total += frame.hpackBlockSize(); ++ for (const auto &frame : frames) { ++ if (add_overflow(total, frame.hpackBlockSize(), &total)) ++ return hpackBlock; ++ } + + if (!total) + return hpackBlock;