diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-07-08 22:23:22 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-07-08 22:23:22 +0100 |
commit | 99b2c44c1425c7b2925846d4c44b2bf2f78dc786 (patch) | |
tree | 9bf7a2d385aace0ea5f3f8d3e3657168b758fdaa /dev-qt/qtnetwork | |
parent | 39bccce90513402ec93bb0fde30678f16b07a9cc (diff) |
gentoo auto-resync : 08:07:2023 - 22:23:22
Diffstat (limited to 'dev-qt/qtnetwork')
-rw-r--r-- | dev-qt/qtnetwork/Manifest | 3 | ||||
-rw-r--r-- | dev-qt/qtnetwork/files/qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch | 101 | ||||
-rw-r--r-- | dev-qt/qtnetwork/qtnetwork-5.15.10-r2.ebuild (renamed from dev-qt/qtnetwork/qtnetwork-5.15.10-r1.ebuild) | 2 |
3 files changed, 105 insertions, 1 deletions
diff --git a/dev-qt/qtnetwork/Manifest b/dev-qt/qtnetwork/Manifest index 64c85dee7cb8..97bbadc936a6 100644 --- a/dev-qt/qtnetwork/Manifest +++ b/dev-qt/qtnetwork/Manifest @@ -1,3 +1,4 @@ +AUX qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch 4618 BLAKE2B 51ca56a407d055533e80c7639d385e959517a1983fddb0635e2441769c29d9b02ea9eb60ad18030185fde7e2babdfd18afb5a17d1a0365c0ff6c564519f44c0f SHA512 1e94f218a3d0e7580900712635a19d3162cadbbc77b62b91d1c195f0cd11ac90be0b90821fb9e48887e2ad3c1f4e49fee1ac33c291a587f595baaa8d72ea6b9d AUX qtnetwork-5.15.9-CVE-2023-32762.patch 1598 BLAKE2B 2d7a37066205b9eb75df0783d49bb36b71e7fe5ee65a391b9d5578c283c6058bec951b9587b27ca63b658254f9c540e54460ea2c4f6a8503fb25da31e8c6d969 SHA512 f89d96bb473e38fc069c8d0afa9c7339647af30948f40de6fc432f55e0d23ba01d0a1ef29145213afd6dbae6992a436baa693dcace982fd0a906d7118e73ad14 AUX qtnetwork-5.15.9-CVE-2023-34410.patch 5162 BLAKE2B d4d268edeecd71972985f52a8f0aa34df9ad5a08e89176d3f368d37d13e889bb71093e7b70f2e32e7ce765fabb4c4b71bf6c7e1cb01d4daffd720070718e2fc9 SHA512 dfad275afee27020588769c71618a930e8e4836bffb2fa9b24a18fdb9724d26715ea5bcab8f9ea6d4484f8bec21fd06664111e37663fbbd5d177665e1a51bc7b AUX qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch 4180 BLAKE2B b85be10b7274322b10eb4ab654aa83621655a495be641dd7d66ebdfc10749fe2aeb333f02b8fa4703e48eefec56e8657375c921320a22e601c9117fe605782e2 SHA512 f6ea5c46c252a3781de1364878692e76950b68f48e51cf042565cb7da0632310e7b85abe52054bb4571638645c2affa6ab20374c6b7c5beaa0b441b85a34956c @@ -7,7 +8,7 @@ DIST qtbase-5.15.10-gentoo-kde-1.tar.xz 725208 BLAKE2B 14e82b0f26d0e0de47e9e3c4c DIST qtbase-5.15.9-gentoo-kde-1.tar.xz 748840 BLAKE2B 6601efaba2bd9f64edec9ab24a562b2850fe85e088acb2913a06a4a97f82fea015ae9cf20908e5044a0170a2f837cf94a67ac6e870da8ea6e7603057b5683c1a SHA512 60e6c338136affc936c776c129fd2d6620f5e36db8ded32970d59e953bf843786a6deea6cb529488dbd58dfc7c8ea9e71580026fdda8b364596f095e8e9b7791 DIST qtbase-everywhere-opensource-src-5.15.10.tar.xz 50422688 BLAKE2B 2a625296967bef17d491a3ec8fbb4a3beaf00180a2cda728e485f796c801241798bd85dd06d57ca9fef26c591fe9910a2fcb83a67bbc17640b7393d280b9ce53 SHA512 94ac739d76dd9fff54cde46e818fee6c6763f8b207b759108455febff84c9dfeb48ea7807451d7248cbfd8af24c2a1263c34dcbd2be055136e39325e32725eef DIST qtbase-everywhere-opensource-src-5.15.9.tar.xz 50389220 BLAKE2B b1692f5907b7a262a8cad33d45935d76f72f2fb78b970b57fba76ef9f6789d1d7a435278a450ff1f3556c0846fa8dd8295707ead6adf21af6cd17fbe7f0d82f8 SHA512 2da78ea043c03fa4ff7c6a39c41a5d1b30af06248764e6f5eef3fe4aeb3f3d20e302fa7c5827112c89b6bc7c5c0c292454d127f9d7bb0d2031175f0f2c937ed3 -EBUILD qtnetwork-5.15.10-r1.ebuild 1190 BLAKE2B 09e826991757356e81e7290dd2ffc1a7ff58e4bb9957f152d2955bb577daf3328f954459d8562edfdd2d418bc6c4a0d1bbc758c3dc380331e09c83f94459ebf0 SHA512 56ef468bd04e9c5e0a1f8c06c355622eea1ee05e5184e490ab26478a69359b7b6113c566853f85771e4803b607008bdb03ea7635b3c4eab26af31b8503a6cbc7 +EBUILD qtnetwork-5.15.10-r2.ebuild 1255 BLAKE2B 66159533d27577432a763456fedb282388030e351e163f7bc2baa82661eb81dbc447acbff044a33dd07c3e4db3b40d955a63a43822cfca876c9a64308e35d57c SHA512 c0a2862585626a78337cb06aa3f859e6b2020b449f6740ce86b5e21022016f952cc5d2cc876b07cda42369c54feadce674703b608c71fd2e232152d6fd437e3f EBUILD qtnetwork-5.15.10.ebuild 1607 BLAKE2B 8c336a9117dd3289b8cc2c91fc6cce82cb9072612b65c5f5df79e402f1b765f20d9ada4e208f0143fe7e40c1f8c830837586104429244706135f02fa11facd63 SHA512 2f0f7f0bb1570e6e4501a29dd0fd6a96d1d44c2e01a354a78364f93a3cdcb7e47262f5f065fc629d3037306dfd8170fe552d677d894f1a507ff71aca47c41d4a EBUILD qtnetwork-5.15.9-r2.ebuild 1771 BLAKE2B f4f979099e47e355ccfae3074652019678e1a96ea0d69432c5b2d387d3e6b6558eff3694fdc955d1b63fe68e05d822e366357d73f1a142bc9f3fad3801244ddb SHA512 4d9178f57bbb24b204bac584af37ea2d3c6fd9296ba0e685e54ef9a8df153138c57ca6c5e0fd08ae9f9fbee8d5505cadfe6e9f7b99c1071a6f8afba390c04fc6 EBUILD qtnetwork-5.15.9-r3.ebuild 1813 BLAKE2B 512e960cb5f65727e2c7de6b9e3bd151a72e71cc0f8b9c339a58c31a4a828cec2995f3cf206b4352004e31d49457fe120e85dfa9a2832f1bbea85ad427bf1cff SHA512 1cf46c222b8724838c28829905aed765a9906c9247aa842e710f906f33fb76df173bc456db38ee38ab36ee10b4bc0053783a8e644736c77f9eca387511ce2295 diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch new file mode 100644 index 000000000000..94f1325070d5 --- /dev/null +++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch @@ -0,0 +1,101 @@ +From 05406c3f5f516d3148254c8294e8883c28a2c95a Mon Sep 17 00:00:00 2001 +From: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> +Date: Wed, 21 Jun 2023 13:30:35 +0200 +Subject: [PATCH] SSL: upgrade the default DH parameters + +We have been using as default DH parameters the 1024-bit MODP group. +This is now considered insecure, and applications should use the +2048-bit at a minimum [1]. This commit therefore replaces the parameters +with the 2048-bit MODP group from [2]. + +To double check the data, use openssl asn1parse to verify that the prime +matches. For instance: + +1) put the encoded string in a `encoded.txt` file (c&p from the source, + removing the double quotes) +2) put the hexadecimal value of the 2048-bit group in a `reference.txt` + file (c&p from [2]) +3) compare the output of openssl asn1parse with the reference. For + instance like this: + + $ diff <(openssl asn1parse < encoded.txt | grep -m 1 INTEGER | perl -pe 's/.*://; s/\n//') <(perl -0777 -pe 's/\s//g' reference.txt) && echo OK + OK + +[1] https://datatracker.ietf.org/doc/html/rfc8247#section-2.4 +[2] https://datatracker.ietf.org/doc/html/rfc3526#section-3 + +[ChangeLog][QtNetwork][QSslDiffieHellmanParameters] The default +Diffie-Hellman parameters are now using the 2048-bit MODP group from +RFC 3526. + +Pick-to: 6.6 6.5 6.2 5.15 +Change-Id: I47133cd78ba0e954b8f93a3da09fa2c760c9f7a8 +Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> +(cherry picked from commit 3ec24e329c9ef6802786a37f30ddd8982e903480) +--- + src/network/ssl/qsslconfiguration.cpp | 12 ++++++++++-- + src/network/ssl/qssldiffiehellmanparameters.cpp | 13 +++++++------ + 2 files changed, 17 insertions(+), 8 deletions(-) + +diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp +index f5ce02807f..84a9187334 100644 +--- a/src/network/ssl/qsslconfiguration.cpp ++++ b/src/network/ssl/qsslconfiguration.cpp +@@ -929,7 +929,11 @@ void QSslConfiguration::setPreSharedKeyIdentityHint(const QByteArray &hint) + Retrieves the current set of Diffie-Hellman parameters. + + If no Diffie-Hellman parameters have been set, the QSslConfiguration object +- defaults to using the 1024-bit MODP group from RFC 2409. ++ defaults to using the 2048-bit MODP group from RFC 3526. ++ ++ \note The default parameters may change in future Qt versions. ++ Please check the documentation of the \e{exact Qt version} that you ++ are using in order to know what defaults that version uses. + */ + QSslDiffieHellmanParameters QSslConfiguration::diffieHellmanParameters() const + { +@@ -943,7 +947,11 @@ QSslDiffieHellmanParameters QSslConfiguration::diffieHellmanParameters() const + a server to \a dhparams. + + If no Diffie-Hellman parameters have been set, the QSslConfiguration object +- defaults to using the 1024-bit MODP group from RFC 2409. ++ defaults to using the 2048-bit MODP group from RFC 3526. ++ ++ \note The default parameters may change in future Qt versions. ++ Please check the documentation of the \e{exact Qt version} that you ++ are using in order to know what defaults that version uses. + */ + void QSslConfiguration::setDiffieHellmanParameters(const QSslDiffieHellmanParameters &dhparams) + { +diff --git a/src/network/ssl/qssldiffiehellmanparameters.cpp b/src/network/ssl/qssldiffiehellmanparameters.cpp +index 7807afaa30..7c2505a0be 100644 +--- a/src/network/ssl/qssldiffiehellmanparameters.cpp ++++ b/src/network/ssl/qssldiffiehellmanparameters.cpp +@@ -68,17 +68,18 @@ + + QT_BEGIN_NAMESPACE + +-// The 1024-bit MODP group from RFC 2459 (Second Oakley Group) ++// The 2048-bit MODP group from RFC 3526 + Q_AUTOTEST_EXPORT const char *qssl_dhparams_default_base64 = +- "MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR" +- "Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL" +- "/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC"; ++ "MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmO" ++ "NATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjftawv/XLb0Brft7jhr" ++ "+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXTmmkWP6j9JM9fg2VdI9yjrZYc" ++ "YvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhghfDKQXkYuNs474553LBgOhgObJ4Oi7Aei" ++ "j7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg=="; + + /*! + Returns the default QSslDiffieHellmanParameters used by QSslSocket. + +- This is currently the 1024-bit MODP group from RFC 2459, also +- known as the Second Oakley Group. ++ This is currently the 2048-bit MODP group from RFC 3526. + */ + QSslDiffieHellmanParameters QSslDiffieHellmanParameters::defaultParameters() + { +-- +2.41.0 + diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.10-r1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.10-r2.ebuild index 148c6d9f133f..39ee0ea09f21 100644 --- a/dev-qt/qtnetwork/qtnetwork-5.15.10-r1.ebuild +++ b/dev-qt/qtnetwork/qtnetwork-5.15.10-r2.ebuild @@ -41,6 +41,8 @@ QT5_GENTOO_PRIVATE_CONFIG=( :network ) +PATCHES=( "${FILESDIR}/${P}-ssl-upgr-default-DH-params.patch" ) + src_configure() { local myconf=( $(qt_use gssapi feature-gssapi) |