diff --git a/devel/qt5-core/Makefile b/devel/qt5-core/Makefile index d2b938e1f768..32440f6a5882 100644 --- a/devel/qt5-core/Makefile +++ b/devel/qt5-core/Makefile @@ -1,80 +1,81 @@ PORTNAME= core PORTVERSION= ${QT5_VERSION}${QT5_KDE_PATCH} +PORTREVISION= 1 CATEGORIES= devel PKGNAMEPREFIX= qt5- MAINTAINER= kde@FreeBSD.org COMMENT= Qt core non-graphical module LIB_DEPENDS= libdouble-conversion.so:devel/double-conversion \ libicui18n.so:devel/icu \ libpcre2-posix.so:devel/pcre2 \ libzstd.so:archivers/zstd USES= compiler:c++11-lang gnome perl5 qmake:no_env qt-dist:5,base USE_GNOME= glib20 USE_PERL5= extract USE_QT= qmake_build buildtools_build HAS_CONFIGURE= yes # Disable (almost) everything to install minimal qconfig.h. # -no-feature-* adds QT_NO_* (for features which have no switch or # that need to be detected). CONFIGURE_ARGS= -no-accessibility -no-gif -no-libpng -no-libjpeg \ -no-openssl -no-gui -no-widgets -no-cups \ -no-iconv -no-dbus -no-opengl \ -no-egl -no-evdev \ -no-fontconfig -no-freetype -no-gtk -no-harfbuzz \ -no-libudev -no-xcb -no-xcb-xlib \ -no-xkbcommon -no-libinput USE_LDCONFIG= ${PREFIX}/${QT_LIBDIR_REL} BUILD_WRKSRC= ${WRKSRC}/src/corelib INSTALL_WRKSRC= ${BUILD_WRKSRC} QT_BINARIES= yes QT_DEFINES= GLIB QT_CONFIG= glib icu MORE_WRKSRCS= src/tools/bootstrap src/corelib src/tools/qlalr .include # FreeBSD base gained an os-release in r354922, but that does not exist # always (see Synth bug 191, or PR 255354). Be a little more forgiving: # assume sufficiently recent base "will have it", and check otherwise # because 12.2 does, others like 12.1 do not have it. .if !exists(/etc/rc.d/os-release) && (${OSVERSION} < 1300060) RUN_DEPENDS+= etc_os-release>0:sysutils/etc_os-release post-patch: ${REINPLACE_CMD} -e '/readEtcFile/s|/etc/os-release|${LOCALBASE}/etc/os-release|g' \ ${WRKSRC}/src/corelib/global/qglobal.cpp .endif post-configure: .for d in ${MORE_WRKSRCS} ${MKDIR} ${WRKSRC}/${d} cd ${WRKSRC}/${d} && ${SETENV} ${QMAKE_ENV} ${_QMAKE} ${QMAKE_ARGS} ${WRKSRC}/${d} .endfor pre-build: .for d in ${MORE_WRKSRCS} ${MKDIR} ${WRKSRC}/${d} cd ${WRKSRC}/${d} && \ ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} \ ${_MAKE_JOBS} ${MAKE_ARGS} ${ALL_TARGET} .endfor post-install: # Allow qconfig.h to be customized by single ports. ${AWK} 'BEGIN{print "#include "}{print}' \ ${STAGEDIR}${PREFIX}/${QT_INCDIR_REL}/QtCore/qconfig.h > ${WRKDIR}/qconfig.h # Manually install qlalr cd ${WRKSRC}/src/tools/qlalr && \ ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} \ ${MAKE_ARGS} ${INSTALL_TARGET} # Cleanup qconfig.h and remove stray '#define QT_NO_FOO' ${REINPLACE_CMD} "/#define QT_NO_/d" ${WRKDIR}/qconfig.h ${MV} ${WRKDIR}/qconfig.h ${STAGEDIR}${PREFIX}/${QT_INCDIR_REL}/QtCore/qconfig.h .include diff --git a/devel/qt5-core/files/patch-CVE-2022-25255-qprocess5-15.diff b/devel/qt5-core/files/patch-CVE-2022-25255-qprocess5-15.diff new file mode 100644 index 000000000000..538ab4ead6db --- /dev/null +++ b/devel/qt5-core/files/patch-CVE-2022-25255-qprocess5-15.diff @@ -0,0 +1,63 @@ +This is the patch linked from the announcement + https://lists.qt-project.org/pipermail/announce/2022-February/000333.html +with two changes: in our sources, the copyright year for the +Qt Company is 2016, the upstream patch says 2021. Changed that +to make the patch apply. The upstream patch is fetched with +CRLF line-endings, changed to plain LF. + +--- src/corelib/io/qprocess_unix.cpp ++++ src/corelib/io/qprocess_unix.cpp +@@ -1,7 +1,7 @@ + /**************************************************************************** + ** + ** Copyright (C) 2016 The Qt Company Ltd. +-** Copyright (C) 2016 Intel Corporation. ++** Copyright (C) 2022 Intel Corporation. + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtCore module of the Qt Toolkit. +@@ -422,14 +422,15 @@ void QProcessPrivate::startProcess() + // Add the program name to the argument list. + argv[0] = nullptr; + if (!program.contains(QLatin1Char('/'))) { ++ // findExecutable() returns its argument if it's an absolute path, ++ // otherwise it searches $PATH; returns empty if not found (we handle ++ // that case much later) + const QString &exeFilePath = QStandardPaths::findExecutable(program); +- if (!exeFilePath.isEmpty()) { +- const QByteArray &tmp = QFile::encodeName(exeFilePath); +- argv[0] = ::strdup(tmp.constData()); +- } +- } +- if (!argv[0]) ++ const QByteArray &tmp = QFile::encodeName(exeFilePath); ++ argv[0] = ::strdup(tmp.constData()); ++ } else { + argv[0] = ::strdup(encodedProgramName.constData()); ++ } + + // Add every argument to the list + for (int i = 0; i < arguments.count(); ++i) +@@ -983,15 +984,16 @@ bool QProcessPrivate::startDetached(qint64 *pid) + envp = _q_dupEnvironment(environment.d.constData()->vars, &envc); + } + +- QByteArray tmp; + if (!program.contains(QLatin1Char('/'))) { ++ // findExecutable() returns its argument if it's an absolute path, ++ // otherwise it searches $PATH; returns empty if not found (we handle ++ // that case much later) + const QString &exeFilePath = QStandardPaths::findExecutable(program); +- if (!exeFilePath.isEmpty()) +- tmp = QFile::encodeName(exeFilePath); ++ const QByteArray &tmp = QFile::encodeName(exeFilePath); ++ argv[0] = ::strdup(tmp.constData()); ++ } else { ++ argv[0] = ::strdup(QFile::encodeName(program)); + } +- if (tmp.isEmpty()) +- tmp = QFile::encodeName(program); +- argv[0] = tmp.data(); + + if (envp) + qt_safe_execve(argv[0], argv, envp);