gentoo resync : 12.03.2021

4 files changed, 97 insertions, 2 deletions

diff --git a/app-crypt/qca/Manifest b/app-crypt/qca/Manifest
index 8d65f7b78084..d84734e30259 100644
--- a/app-crypt/qca/Manifest
+++ b/app-crypt/qca/Manifest
@@ -1,7 +1,9 @@
 AUX qca-2.3.1-gcc11.patch 634 BLAKE2B 1bf5bc7404629800ddf120e902fa53c1a5b40afeb0dbc6565eb4249675beb71da52f9cec379c747ecb78c5e1b35113b874c6d31b2f22e97df7de1887956262a8 SHA512 3fb59a882df92f35b77b86892f913cc709cfb8b2d0f9d0002867517e2c8d3b9d5fa04e9eece44b83a8121329ecf3b9be926e75f51be9e66c1cfed80f9e1a4c83
+AUX qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch 1195 BLAKE2B 87f2a73355ccd147db01de639ba9211c3d6169d3fff4f16c52ef4a76e61be47a8769baaa5898265941d3f49bcc9a79579d4150b6d4091aa1414494fcc94bca43 SHA512 65e7925811123da0c886a0a1706f590efce3fe3e969566e3c8446b5fd70498c0603812ae413739d6e7f8c05349af5b2a51af9d72d9b2e28cfcb11980c1cf6704
+AUX qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch 1816 BLAKE2B 80dfcff3a0fc5121cbbe956fe847fb6141a778b0c3e479fefc9c0f26b727bdf7957576f32f38324ac5c465d69f4f19d48a5951daa50ae6a613eeaf6aa5d67d97 SHA512 eda5ec8abba1c4d7f8c455ed65c0a865926a74a909897c01c08d08b33f7033b8de7c8aa91adc6497518936a97cc4d7372947eafea2e67617275611a16d89c8d4
 AUX qca-disable-pgp-test.patch 446 BLAKE2B a98d5951d7b89c65787d7d586a5504949c51271ebe09c5e19b90a2e24f24fb6d03d6c1f76d7ad4234354bc2507cf7031c716b3b2bf8243b8c1d85065079dded4 SHA512 30bb6d31b9392166d6bbae39da2eeb1788ac9cccffb801b074468a3606a6e1a56d6a41ee276d3b8b8d39112bf6aea7025f07f4810bb835102bd00521ee9eb104
 DIST qca-2.3.1.tar.xz 725984 BLAKE2B a99121dd95822ef5e1057dc9ad9250bb14486f42b0571936453644bc7c5649f16cbc918fa04d4a5af2c62bc35cc672159a84e27a86e685cfe320518a42076052 SHA512 092704a8d7c5973f05c82584ea55b4f8f874965aea943277e50fde873913a9bdad6a51ea74fc0036bbb632a13141cb4c030504229c06779890286205929f6021
 DIST qca-2.3.2.tar.xz 735500 BLAKE2B 559b27c48c756f2b4f4f206d2157c90ae4856610f1539b4162a2bffe7fffe19b5c768d3d3f9d0486d2098fb403eb64372515815f49fd428d22dfc0405d99e435 SHA512 da6415a097c99b878f45730c1dd1e0bfc7f96858ad7018918ac7c2ae2eca830cb73e131173b1018ee4caa6c3a504b80c8ad28f8f9448c2fd1593161c2ac8aad4
 EBUILD qca-2.3.1.ebuild 1889 BLAKE2B a3f974d1dfbaf491f215819ff0c82b1c88a3d8945bd5445982cfc8b72f6a9f71a683162004b638f1372b60c58953d61075bdc2300369eb9bc53e615b78e3dec8 SHA512 d4753b751dab9a281d1d33caefc29415f14380145e9026fb76fa31979874cf80c9ca1925e8233beb6f703753ae96aa328b22e2ad3859127f4e5995ae3cc5914c
-EBUILD qca-2.3.2.ebuild 1846 BLAKE2B fc89a014fbc977c3c98a0ca19617a800b51b6f694f0b7aea34a638e6df0e10633d0d73b8a8d89b1add62f90afd86abbb674ccdd7fad160421bc27149ff87c6e0 SHA512 08baceaf008ded01f8b498e1e1cf44f17c05f7830f44d7255d164bd5c2a02224b0aa113f3c81268664f28bdb8efcf250b4800c71ebc3e3d0751e4f5ecca110f7
+EBUILD qca-2.3.2.ebuild 1998 BLAKE2B 6c37a17b1cf25a50d63cd97b36fc14d4ffffb6674512b889db56ce27aca1fb593eaaa75bee1c362e3e9377699b6cb9d06ed3d01b242c70841b47bc78301cc642 SHA512 d1af7d62c9af880f21ad5cc148083836d08856429ba4088b0b84a78abdf8717e14333e745a39877d9963ef227c60e216cf85a0d7af15f3acd9304808cdb7ade7
 MISC metadata.xml 745 BLAKE2B ff8e25b082d3c642fce099df1a218a4936bdc862a96fd237303d040c477544cf6368d23cc5de414d95f021e9c6ec475879225ab201f7c6d6711c04153ac53140 SHA512 6b82494b8dfe0d36da9818a6dcf775252dbb7051430232ccc2519c449cc2877da6478ca98f5b7a982a7660a869a0b8ae7a814fb18108ff42fed9712a9253e867
diff --git a/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch b/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch
new file mode 100644
index 000000000000..af86e4539fba
--- /dev/null
+++ b/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch
@@ -0,0 +1,32 @@
+From ecdd0538dded7d2ba9e73a51f4f52030dd3f5a3b Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 5 Feb 2021 17:43:45 +0100
+Subject: [PATCH] Fix CMSut::signverify_message_invalid failing "randomly"
+
+Once in a blue moon it happens that signedResult1[signedResult1.size() -
+2] is a 0, so setting it to 0 doesn't break the signature validation, so
+   check if it's a 0 and if it is, set it to 1
+---
+ unittest/cms/cms.cpp | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/unittest/cms/cms.cpp b/unittest/cms/cms.cpp
+index 4901221e..9b541789 100644
+--- a/unittest/cms/cms.cpp
++++ b/unittest/cms/cms.cpp
+@@ -499,7 +499,11 @@ void CMSut::signverify_message_invalid()
+ 
+             // This is just to break things
+             // signedResult1[30] = signedResult1[30] + 1;
+-            signedResult1[signedResult1.size() - 2] = 0x00;
++            if (signedResult1.at(signedResult1.size() - 2) != 0) {
++                signedResult1[signedResult1.size() - 2] = 0x00;
++            } else {
++                signedResult1[signedResult1.size() - 2] = 0x01;
++            }
+ 
+             msg.startVerify();
+             msg.update(signedResult1);
+-- 
+GitLab
+
diff --git a/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch b/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch
new file mode 100644
index 000000000000..34258aed1620
--- /dev/null
+++ b/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch
@@ -0,0 +1,57 @@
+From bc94cc08e1d3ea733946861d90a21681d58665ab Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 5 Feb 2021 16:39:11 +0100
+Subject: [PATCH] openssl 1.1.1i made verification of empty messages always
+ succeed
+
+BUGS: 432519
+---
+ unittest/cms/cms.cpp | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/unittest/cms/cms.cpp b/unittest/cms/cms.cpp
+index 37e188d0..4901221e 100644
+--- a/unittest/cms/cms.cpp
++++ b/unittest/cms/cms.cpp
+@@ -30,6 +30,8 @@
+ #include "import_plugins.h"
+ #endif
+ 
++#include <openssl/opensslv.h>
++
+ class CMSut : public QObject
+ {
+     Q_OBJECT
+@@ -252,7 +254,9 @@ void CMSut::signverify()
+             msg.waitForFinished(-1);
+             QVERIFY(msg.wasSigned());
+             QVERIFY(msg.success());
++#if OPENSSL_VERSION_NUMBER < 0x1010109fL
+             QEXPECT_FAIL("empty", "We don't seem to be able to verify signature of a zero length message", Continue);
++#endif
+             QVERIFY(msg.verifySuccess());
+ 
+             msg.reset();
+@@ -264,7 +268,9 @@ void CMSut::signverify()
+             msg.waitForFinished(-1);
+             QVERIFY(msg.wasSigned());
+             QVERIFY(msg.success());
++#if OPENSSL_VERSION_NUMBER < 0x1010109fL
+             QEXPECT_FAIL("empty", "We don't seem to be able to verify signature of a zero length message", Continue);
++#endif
+             QVERIFY(msg.verifySuccess());
+ 
+             msg.reset();
+@@ -277,6 +283,9 @@ void CMSut::signverify()
+             msg.waitForFinished(-1);
+             QVERIFY(msg.wasSigned());
+             QVERIFY(msg.success());
++#if OPENSSL_VERSION_NUMBER >= 0x1010109fL
++            QEXPECT_FAIL("empty", "On newer openssl verifaction of zero length message always succeeds", Continue);
++#endif
+             QCOMPARE(msg.verifySuccess(), false);
+ 
+             msg.reset();
+-- 
+GitLab
+
diff --git a/app-crypt/qca/qca-2.3.2.ebuild b/app-crypt/qca/qca-2.3.2.ebuild
index 9b020b5ca9f0..2d0ade08ff78 100644
--- a/app-crypt/qca/qca-2.3.2.ebuild
+++ b/app-crypt/qca/qca-2.3.2.ebuild
@@ -39,7 +39,11 @@ DEPEND="${RDEPEND}
 	)
 "
 
-PATCHES=( "${FILESDIR}/${PN}-disable-pgp-test.patch" )
+PATCHES=(
+	"${FILESDIR}/${PN}-disable-pgp-test.patch"
+	"${FILESDIR}/${P}-openssl-1.1.1i-empty-msg-verification.patch" # bug 766932
+	"${FILESDIR}/${P}-cmsut-signverify_message_invalid-fails-randomly.patch"
+)
 
 qca_plugin_use() {
 	echo -DWITH_${2:-$1}_PLUGIN=$(usex "$1")