[Buildroot] [PATCH v4 01/14] package/qt6: bump version to 6.7.0

From: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
To: buildroot@buildroot.org
Cc: Roy Kollen Svendsen <roy.kollen.svendsen@akersolutions.com>,
	Samuel Martin <s.martin49@gmail.com>,
	Roy Kollen Svendsen <roykollensvendsen@gmail.com>,
	Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
	Zoltan Gyarmati <zgyarmati@zgyarmati.de>,
	Jesse Van Gavere <jesseevg@gmail.com>
Subject: [Buildroot] [PATCH v4 01/14] package/qt6: bump version to 6.7.0
Date: Tue, 14 May 2024 00:03:06 +0200	[thread overview]
Message-ID: <20240513220328.1085629-1-roykollensvendsen@gmail.com> (raw)
In-Reply-To: <1934329>

From: Roy Kollen Svendsen <roy.kollen.svendsen@akersolutions.com>

For details see [1], [2], [3], [4], [5], [6], [7], [8] and [9].

[1] https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.5.0/release-note.md
[2] https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.5.1/release-note.md
[3] https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.5.2/release-note.md
[4] https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.5.3/release-note.md

[5] https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.6.0/release-note.md
[6] https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.6.1/release-note.md
[7] https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.6.2/release-note.md
[8] https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.6.3/release-note.md

[9] https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.7.0/release-note.md

We also apply the associated CVE-2024-33861 patch from:

https://download.qt.io/archive/qt/6.7/

As Jesse Van Gavere noted:

"This is not applicable to 6.4.3, the affected versions are detailed in
the bugzilla report below and it's only 6.5.0+
So this seems perfectly valid to go along with the version bump.

OpenSUSE report:
https://www.suse.com/security/cve/CVE-2024-33861.html
Bugzilla report clarifying affected versions
https://bugzilla.suse.com/show_bug.cgi?id=1223917"

Signed-off-by: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
---
Changes v3 -> v4:
  - Explain why the associated CVE-patch should be part of this series
    (suggested by Thomas)
  - Squash the CVE-patch into this patch.
  - Add CVE-ID to QT6BASE_IGNORE_CVES. (suggested by Thomas)

 package/qt6/qt6.mk                            |  4 +--
 .../0001-Fix-CVE-2024-33861-for-Qt6.7.patch   | 36 +++++++++++++++++++
 package/qt6/qt6base/qt6base.hash              |  4 +--
 package/qt6/qt6base/qt6base.mk                |  2 +-
 .../qt6/qt6core5compat/qt6core5compat.hash    |  4 +--
 package/qt6/qt6serialbus/qt6serialbus.hash    |  4 +--
 package/qt6/qt6serialport/qt6serialport.hash  |  4 +--
 package/qt6/qt6svg/qt6svg.hash                |  4 +--
 8 files changed, 49 insertions(+), 13 deletions(-)
 create mode 100644 package/qt6/qt6base/0001-Fix-CVE-2024-33861-for-Qt6.7.patch

diff --git a/package/qt6/qt6.mk b/package/qt6/qt6.mk
index 1edb252c96..b87cb6748d 100644
--- a/package/qt6/qt6.mk
+++ b/package/qt6/qt6.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-QT6_VERSION_MAJOR = 6.4
-QT6_VERSION = $(QT6_VERSION_MAJOR).3
+QT6_VERSION_MAJOR = 6.7
+QT6_VERSION = $(QT6_VERSION_MAJOR).0
 QT6_SOURCE_TARBALL_PREFIX = everywhere-src
 QT6_SITE = https://download.qt.io/archive/qt/$(QT6_VERSION_MAJOR)/$(QT6_VERSION)/submodules
 
diff --git a/package/qt6/qt6base/0001-Fix-CVE-2024-33861-for-Qt6.7.patch b/package/qt6/qt6base/0001-Fix-CVE-2024-33861-for-Qt6.7.patch
new file mode 100644
index 0000000000..f016788017
--- /dev/null
+++ b/package/qt6/qt6base/0001-Fix-CVE-2024-33861-for-Qt6.7.patch
@@ -0,0 +1,36 @@
+From 7f88945625f560796c86a267086f163e74c1407b Mon Sep 17 00:00:00 2001
+From: Roy Kollen Svendsen <roy.kollen.svendsen@akersolutions.com>
+Date: Sun, 12 May 2024 07:15:32 +0200
+Subject: [PATCH] Fix CVE-2024-33861 for Qt6.7
+
+Signed-off-by: Roy Kollen Svendsen <roy.kollen.svendsen@akersolutions.com>
+Upstream: https://download.qt.io/archive/qt/6.7/CVE-2024-33861-qtbase-6.7.diff
+---
+ src/corelib/text/qstringconverter.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/corelib/text/qstringconverter.cpp b/src/corelib/text/qstringconverter.cpp
+index b5749843..fd45ccf2 100644
+--- a/src/corelib/text/qstringconverter.cpp
++++ b/src/corelib/text/qstringconverter.cpp
+@@ -1954,7 +1954,7 @@ struct QStringConverterICU : QStringConverter
+         const void *context;
+         ucnv_getToUCallBack(icu_conv, &action, &context);
+         if (context != state)
+-             ucnv_setToUCallBack(icu_conv, action, &state, nullptr, nullptr, &err);
++             ucnv_setToUCallBack(icu_conv, action, state, nullptr, nullptr, &err);
+ 
+         ucnv_toUnicode(icu_conv, &target, targetLimit, &source, sourceLimit, nullptr, flush, &err);
+         // We did reserve enough space:
+@@ -1987,7 +1987,7 @@ struct QStringConverterICU : QStringConverter
+         const void *context;
+         ucnv_getFromUCallBack(icu_conv, &action, &context);
+         if (context != state)
+-             ucnv_setFromUCallBack(icu_conv, action, &state, nullptr, nullptr, &err);
++             ucnv_setFromUCallBack(icu_conv, action, state, nullptr, nullptr, &err);
+ 
+         ucnv_fromUnicode(icu_conv, &target, targetLimit, &source, sourceLimit, nullptr, flush, &err);
+         // We did reserve enough space:
+-- 
+2.45.0
+
diff --git a/package/qt6/qt6base/qt6base.hash b/package/qt6/qt6base/qt6base.hash
index cb111bd405..0f45826a45 100644
--- a/package/qt6/qt6base/qt6base.hash
+++ b/package/qt6/qt6base/qt6base.hash
@@ -1,5 +1,5 @@
-# Hash from: https://download.qt.io/official_releases/qt/6.4/6.4.3/submodules/qtbase-everywhere-src-6.4.3.tar.xz.sha256
-sha256  5087c9e5b0165e7bc3c1a4ab176b35d0cd8f52636aea903fa377bdba00891a60  qtbase-everywhere-src-6.4.3.tar.xz
+# Hash from: https://download.qt.io/official_releases/qt/6.7/6.7.0/submodules/qtbase-everywhere-src-6.7.0.tar.xz.sha256
+sha256  11b2e29e2e52fb0e3b453ea13bbe51a10fdff36e1c192d8868c5a40233b8b254  qtbase-everywhere-src-6.7.0.tar.xz
 
 # Hashes for license files
 sha256  e3ba223bb1423f0aad8c3dfce0fe3148db48926d41e6fbc3afbbf5ff9e1c89cb  LICENSES/Apache-2.0.txt
diff --git a/package/qt6/qt6base/qt6base.mk b/package/qt6/qt6base/qt6base.mk
index 6857725ef5..b8040e395b 100644
--- a/package/qt6/qt6base/qt6base.mk
+++ b/package/qt6/qt6base/qt6base.mk
@@ -9,7 +9,7 @@ QT6BASE_SITE = $(QT6_SITE)
 QT6BASE_SOURCE = qtbase-$(QT6_SOURCE_TARBALL_PREFIX)-$(QT6BASE_VERSION).tar.xz
 QT6BASE_CPE_ID_VENDOR = qt
 QT6BASE_CPE_ID_PRODUCT = qt
-
+QT6BASE_IGNORE_CVES = CVE-2024-33861
 QT6BASE_CMAKE_BACKEND = ninja
 
 QT6BASE_LICENSE = \
diff --git a/package/qt6/qt6core5compat/qt6core5compat.hash b/package/qt6/qt6core5compat/qt6core5compat.hash
index 0735df3af2..1eb0b5b460 100644
--- a/package/qt6/qt6core5compat/qt6core5compat.hash
+++ b/package/qt6/qt6core5compat/qt6core5compat.hash
@@ -1,5 +1,5 @@
-# Hash from: https://download.qt.io/official_releases/qt/6.4/6.4.3/submodules/qtserialport-everywhere-src-6.4.3.tar.xz.sha256
-sha256  d4b249abb823d575eee9045c24d924ba8d1276e6be7735b287689991d998aa7a  qt5compat-everywhere-src-6.4.3.tar.xz
+# Hash from: https://download.qt.io/official_releases/qt/6.7/6.7.0/submodules/qt5compat-everywhere-src-6.7.0.tar.xz.sha256
+sha256  9d49d4fd8345d8a40b63e0b65cd49c1d8286e33a7f1409bf1316763f654e19f5  qt5compat-everywhere-src-6.7.0.tar.xz
 
 # Hashes for license files:
 sha256  9f0490f18656c6f2435bd14f603ef0c96434d1825615363dce43abb42ed1dcce  LICENSES/BSD-3-Clause.txt
diff --git a/package/qt6/qt6serialbus/qt6serialbus.hash b/package/qt6/qt6serialbus/qt6serialbus.hash
index 98c8931962..17d5090076 100644
--- a/package/qt6/qt6serialbus/qt6serialbus.hash
+++ b/package/qt6/qt6serialbus/qt6serialbus.hash
@@ -1,5 +1,5 @@
-# Hash from: https://download.qt.io/official_releases/qt/6.4/6.4.3/submodules/qtserialbus-everywhere-src-6.4.3.tar.xz.sha256
-sha256  b6446a7516d1f04e561c00f9c50ce4d39dad72150f067722ba759f00b4b34366  qtserialbus-everywhere-src-6.4.3.tar.xz
+# Hash from: https://download.qt.io/official_releases/qt/6.7/6.7.0/submodules/qtserialbus-everywhere-src-6.7.0.tar.xz.sha256
+sha256  498193a9860664f8a55f676656c45af179ac13d48184af43fc58ddf795bb76dd  qtserialbus-everywhere-src-6.7.0.tar.xz
 
 # Hashes for license files:
 sha256  9f0490f18656c6f2435bd14f603ef0c96434d1825615363dce43abb42ed1dcce  LICENSES/BSD-3-Clause.txt
diff --git a/package/qt6/qt6serialport/qt6serialport.hash b/package/qt6/qt6serialport/qt6serialport.hash
index 9341978d86..cd51fbe435 100644
--- a/package/qt6/qt6serialport/qt6serialport.hash
+++ b/package/qt6/qt6serialport/qt6serialport.hash
@@ -1,5 +1,5 @@
-# Hash from: https://download.qt.io/official_releases/qt/6.4/6.4.3/submodules/qtserialport-everywhere-src-6.4.3.tar.xz.sha256
-sha256  5f97ad9067efa39a8a2a39fbbc1e03d2191f305733d9c2f3060f8017ecfc95de  qtserialport-everywhere-src-6.4.3.tar.xz
+# Hash from: https://download.qt.io/official_releases/qt/6.7/6.7.0/submodules/qtserialport-everywhere-src-6.7.0.tar.xz.sha256
+sha256  b1f02a3d8c9cc8ba2ffa7cca3749f1f147d327e8dfc633fd4ec3cb770d7981c9  qtserialport-everywhere-src-6.7.0.tar.xz
 
 # Hashes for license files:
 sha256  9f0490f18656c6f2435bd14f603ef0c96434d1825615363dce43abb42ed1dcce  LICENSES/BSD-3-Clause.txt
diff --git a/package/qt6/qt6svg/qt6svg.hash b/package/qt6/qt6svg/qt6svg.hash
index bb239cb012..32c1a79a5c 100644
--- a/package/qt6/qt6svg/qt6svg.hash
+++ b/package/qt6/qt6svg/qt6svg.hash
@@ -1,5 +1,5 @@
-# Hash from: https://download.qt.io/official_releases/qt/6.4/6.4.3/submodules/qtsvg-everywhere-src-6.4.3.tar.xz.sha256
-sha256  88315f886cf81898705e487cedba6e6160724359d23c518c92c333c098879a4a  qtsvg-everywhere-src-6.4.3.tar.xz
+# Hash from: https://download.qt.io/official_releases/qt/6.7/6.7.0/submodules/qtsvg-everywhere-src-6.7.0.tar.xz.sha256
+sha256  1518f40e08ff5e6153a6e26e5b95b033413ac143b70795dc1317e7f73ebf922d  qtsvg-everywhere-src-6.7.0.tar.xz
 
 # Hashes for license files:
 sha256  9f0490f18656c6f2435bd14f603ef0c96434d1825615363dce43abb42ed1dcce  LICENSES/BSD-3-Clause.txt
-- 
2.45.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
