gentoo resync : 13.06.2020

4 files changed, 185 insertions, 7 deletions

diff --git a/dev-qt/qtnetwork/Manifest b/dev-qt/qtnetwork/Manifest
index 18e94aabe1e4..670358e4eb16 100644
--- a/dev-qt/qtnetwork/Manifest
+++ b/dev-qt/qtnetwork/Manifest
@@ -1,8 +1,8 @@
+AUX qtnetwork-5.14.2-CVE-2020-13962.patch 7797 BLAKE2B ad7f5fbbbafe784c7f88877f8537f847f58cdf082abb2a60674447aef6c1e1043530b85bd487add8b4a81e366728ea9a8076968910ec82c1e3e4de991b216c97 SHA512 dff8c492c99fa18653af663d1e6766c10c5788f3e0fef95a246b5d8a8a95413105fb6b9ea5945a4f400fddb09701852fa046e14bdb1ad2e31b8a3c78743b3b9d
 AUX qtnetwork-5.15.0-libressl.patch 15934 BLAKE2B c4e3a48a345245150994f4edbac1b5289373518245eebbda34767d54a22d07890e0e44338647b42cb240ea42901226b5077170cdd84243ad1a8bcb34e492424c SHA512 e4c7dffb665ee1b0a64631a64abf5aa06d188983e30102e8ebaafdfb66db77f4dd116ee62665fee588dbf0c6ae33abe7a940bab3cbcb6f14c5bc9c0decd3076f
-DIST qtbase-everywhere-src-5.14.1.tar.xz 49828188 BLAKE2B d5641df96a90ec4f3f85e47444c151b2090161330df9684703883865ddc84bed507295b67953c0a8cad9c104a10727ac9fb26d7f3ec4bf2052294c843f108491 SHA512 964777323d0e3f9d355218c3493bb3b61d2750d9cb5ba71fce72cae3cd362acce88e39360f1fac0011f1b74d529a23621a7281191c622cc034ce78a77afa296b
 DIST qtbase-everywhere-src-5.14.2.tar.xz 49865752 BLAKE2B ed8eb18dfc79e9983248655eb62e8305ef8b79f96c7880c88533250fef8f0d187cf576082d41df08314711b4c007b94686486abd77bf9bc201336caa02ced300 SHA512 8c83e06d58b56e9f288e83d6c3dd4ad6cc9f1eb1a32c7b44fb912fda34ed7255766fd9fa60cd740ee001df7d6172f25df05f1f95e986c3e793fbcd9bf4f18de9
 DIST qtbase-everywhere-src-5.15.0.tar.xz 49931940 BLAKE2B f6675ddb8c6fcfe4d12f92b0c93d09ec160e65bb214694550c82c1ba1acea41c86064910cf76267815bd860b071a322bbbad19e994be52f0bf1450a73d09a1bf SHA512 c584d69e49f4959d9b8541f820f5ff1e6d1599697ad16976b47cbaaa902fc83e1ca4ae57d56d13574e42e5f602d4420245ad7fcfc13e224e10d4bbad6a537d1a
-EBUILD qtnetwork-5.14.1.ebuild 1306 BLAKE2B d37589fa1ae053eb05d8371563636c06b873119b9b0bb3f186371424cdfb49420a9e1f3b32b0d329307e61b2c91ef531c4d821f914c46009689035fadb2b6c16 SHA512 dd4855a70afa1f21ef95f98f9d8a038d115d2ff106e9b6a136c0a225457e47889116473e3dfe3f26b91ae05c6a0d64d28b68d08d224710948545297a1a66a6bf
-EBUILD qtnetwork-5.14.2.ebuild 1394 BLAKE2B 8ccf7432bc9a86aa5965b76cd4d39aeb6a5179e00730adc11f024dd37c59af39b1c9f30ab06c6d30caf94420ce46ceaeb012611b301d05b778ea60bf09df33f3 SHA512 7322ae3af1fb7304fa1cb82c2c019463131acbd4b284cd1a7ef8020389899140fcc4b8265d3a526626680b4aa0f62162142d559ef28be52bcfbb6b3835aa6e1a
+EBUILD qtnetwork-5.14.2-r1.ebuild 1479 BLAKE2B 325dea7024852aa45c65a2f4162ff7918e297f5664ee3efcdc6b05eadfc15c55c6cf3af9de38eb71f63aead207f03fac03541af14da1e1c1c6852571cd59b97b SHA512 bc2e56e2bfa2d7dc89dcb838358f1eafe78f4e6d65c30ca41e66cf1944cadb8959b655fda9afff7d257ffd3b0e017bdd4ff219acfd2b643bb00c340e17ed9098
+EBUILD qtnetwork-5.14.2.ebuild 1393 BLAKE2B aa17c38a93c91e1d11be0c6f5731a010a4984d1b01c2e33ba9cc670db0b57cb0286fa594801182f8febd52e653b6dc8b5848e94ed18446d9c9451faa6bf9dab9 SHA512 408505f59f2c0d49780f832eeb1c1264e70ebdc3ae84e0c9a3c7e730dfdd1235e5cf545133f2e376e3c8ea4add9d2601388a492ad658b1b1856900acbe787386
 EBUILD qtnetwork-5.15.0.ebuild 1549 BLAKE2B 7e3344b37988416d12b6cca4fac784589ae65adbc64165fd96d7e8c9d166b10acd2a5f95f59ed4bd877a9245b6ed5ff438aa6e648634b358ae043d668e352bb4 SHA512 e227aa30bbe97b8b303c858b42e83890cd0731faf9c518971d27687ae71246ac53035b3371d3ff9d4e6cff9496cdc5b6d33bfd98edac830f5b0096bfb4e2c705
 MISC metadata.xml 957 BLAKE2B 5c888322d402a3f037e194bd13001ff3a7e449fe423b8b4661c4b1365263a63e105be92ab0bd6a99ae79e7e8062c65e52e9e04763f9c15c50cb28c1215a06b0d SHA512 aa07869c984c4c2d7653820213b94fa4db247e4e30f0efad8df64c09b2578cd2143ab81890584521e1f561953312abb36d8e049dabd42893fecefea4182f176a
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch
new file mode 100644
index 000000000000..9bbdda61a25a
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch
@@ -0,0 +1,172 @@
+From 8ddffc6ba4f38bb8dbeb0cf61b6b10ee73505bbb Mon Sep 17 00:00:00 2001
+From: Timur Pocheptsov <timur.pocheptsov@qt.io>
+Date: Mon, 13 Apr 2020 20:31:34 +0200
+Subject: [PATCH] OpenSSL: handle SSL_shutdown's errors properly
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+Do not call SSL_shutdown on a session that is in handshake state (SSL_in_init(s)
+returns 1). Also, do not call SSL_shutdown if a session encountered a fatal
+error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown
+was unsuccessful (returned code != 1), we have to clear the error(s) it queued.
+Unfortunately, SSL_in_init was a macro in OpenSSL 1.0.x. We have to
+resolve SSL_state to implement SSL_in_init.
+
+Fixes: QTBUG-83450
+Change-Id: I6326119f4e79605429263045ac20605c30dccca3
+Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
+(cherry picked from commit 8907635da59c2ae0e8db01f27b24a841b830e655)
+---
+ src/network/ssl/qsslsocket.cpp                     |  2 +-
+ src/network/ssl/qsslsocket_openssl.cpp             | 23 ++++++++++++++++------
+ src/network/ssl/qsslsocket_openssl11_symbols_p.h   |  7 +++++++
+ src/network/ssl/qsslsocket_openssl_symbols.cpp     |  8 ++++++++
+ .../ssl/qsslsocket_opensslpre11_symbols_p.h        |  2 ++
+ src/network/ssl/qsslsocket_p.h                     |  1 +
+ 6 files changed, 36 insertions(+), 7 deletions(-)
+
+diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
+index 4e9e9472631..5c9e589ec39 100644
+--- a/src/network/ssl/qsslsocket.cpp
++++ b/src/network/ssl/qsslsocket.cpp
+@@ -2166,7 +2166,7 @@ void QSslSocketPrivate::init()
+     pendingClose = false;
+     flushTriggered = false;
+     ocspResponses.clear();
+-
++    systemOrSslErrorDetected = false;
+     // we don't want to clear the ignoreErrorsList, so
+     // that it is possible setting it before connecting
+ //    ignoreErrorsList.clear();
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index 51510f1c60b..855865209bc 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -648,10 +648,16 @@ bool QSslSocketBackendPrivate::initSslContext()
+ void QSslSocketBackendPrivate::destroySslContext()
+ {
+     if (ssl) {
+-        // We do not send a shutdown alert here. Just mark the session as
+-        // resumable for qhttpnetworkconnection's "optimization", otherwise
+-        // OpenSSL won't start a session resumption.
+-        q_SSL_shutdown(ssl);
++        if (!q_SSL_in_init(ssl) && !systemOrSslErrorDetected) {
++            // We do not send a shutdown alert here. Just mark the session as
++            // resumable for qhttpnetworkconnection's "optimization", otherwise
++            // OpenSSL won't start a session resumption.
++            if (q_SSL_shutdown(ssl) != 1) {
++                // Some error may be queued, clear it.
++                const auto errors = getErrorsFromOpenSsl();
++                Q_UNUSED(errors);
++            }
++        }
+         q_SSL_free(ssl);
+         ssl = nullptr;
+     }
+@@ -1084,6 +1090,7 @@ void QSslSocketBackendPrivate::transmit()
+             case SSL_ERROR_SSL: // error in the SSL library
+                 // we do not know exactly what the error is, nor whether we can recover from it,
+                 // so just return to prevent an endless loop in the outer "while" statement
++                systemOrSslErrorDetected = true;
+                 {
+                     const ScopedBool bg(inSetAndEmitError, true);
+                     setErrorAndEmit(QAbstractSocket::SslInternalError,
+@@ -1681,8 +1688,12 @@ bool QSslSocketBackendPrivate::checkOcspStatus()
+ void QSslSocketBackendPrivate::disconnectFromHost()
+ {
+     if (ssl) {
+-        if (!shutdown) {
+-            q_SSL_shutdown(ssl);
++        if (!shutdown && !q_SSL_in_init(ssl) && !systemOrSslErrorDetected) {
++            if (q_SSL_shutdown(ssl) != 1) {
++                // Some error may be queued, clear it.
++                const auto errors = getErrorsFromOpenSsl();
++                Q_UNUSED(errors);
++            }
+             shutdown = true;
+             transmit();
+         }
+diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
+index 0fe0899d4fd..b7193ad1807 100644
+--- a/src/network/ssl/qsslsocket_openssl11_symbols_p.h
++++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
+@@ -192,4 +192,11 @@ typedef int (*q_SSL_psk_use_session_cb_func_t)(SSL *, const EVP_MD *, const unsi
+ }
+ void q_SSL_set_psk_use_session_callback(SSL *s, q_SSL_psk_use_session_cb_func_t);
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10101000L
++// What a mess!
++int q_SSL_in_init(SSL *s);
++#else
++int q_SSL_in_init(const SSL *s);
++#endif // 1.1.1 or 1.1.0
++
+ #endif
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+index 85029a6ff3f..d1bd84cf25f 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+@@ -160,6 +160,11 @@ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
+ DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
+ DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
+ DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
++#if OPENSSL_VERSION_NUMBER < 0x10101000L
++DEFINEFUNC(int, SSL_in_init, SSL *a, a, return 0, return)
++#else
++DEFINEFUNC(int, SSL_in_init, const SSL *a, a, return 0, return)
++#endif
+ #ifdef TLS1_3_VERSION
+ DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
+ DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
+@@ -242,6 +247,7 @@ DEFINEFUNC2(void, BIO_set_shutdown, BIO *a, a, int shut, shut, return, DUMMYARG)
+ // Functions below are either deprecated or removed in OpenSSL >= 1.1:
+ 
+ DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return nullptr, return)
++DEFINEFUNC(int, SSL_state, const SSL *a, a, return 0, return)
+ 
+ #ifdef SSLEAY_MACROS
+ DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return nullptr, return)
+@@ -971,6 +977,7 @@ bool q_resolveOpenSslSymbols()
+ #if QT_CONFIG(opensslv11)
+ 
+     RESOLVEFUNC(OPENSSL_init_ssl)
++    RESOLVEFUNC(SSL_in_init)
+     RESOLVEFUNC(OPENSSL_init_crypto)
+     RESOLVEFUNC(ASN1_STRING_get0_data)
+     RESOLVEFUNC(EVP_CIPHER_CTX_reset)
+@@ -1066,6 +1073,7 @@ bool q_resolveOpenSslSymbols()
+ #else // !opensslv11
+ 
+     RESOLVEFUNC(ASN1_STRING_data)
++    RESOLVEFUNC(SSL_state)
+ 
+ #ifdef SSLEAY_MACROS
+     RESOLVEFUNC(ASN1_dup)
+diff --git a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
+index f5626d5d164..92841017793 100644
+--- a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
++++ b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
+@@ -121,6 +121,8 @@ SSL_CTX *q_SSL_CTX_new(const SSL_METHOD *a);
+ 
+ int q_SSL_library_init();
+ void q_SSL_load_error_strings();
++int q_SSL_state(const SSL *a);
++#define q_SSL_in_init(a) (q_SSL_state(a) & SSL_ST_INIT)
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x10001000L
+ int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
+index daa9be23f4a..350b1f1fc18 100644
+--- a/src/network/ssl/qsslsocket_p.h
++++ b/src/network/ssl/qsslsocket_p.h
+@@ -208,6 +208,7 @@ protected:
+     bool verifyErrorsHaveBeenIgnored();
+     bool paused;
+     bool flushTriggered;
++    bool systemOrSslErrorDetected = false;
+     QVector<QOcspResponse> ocspResponses;
+ };
+ 
+-- 
+2.16.3
diff --git a/dev-qt/qtnetwork/qtnetwork-5.14.1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild
index c041860cc9ea..dcb5a062aade 100644
--- a/dev-qt/qtnetwork/qtnetwork-5.14.1.ebuild
+++ b/dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild
@@ -8,15 +8,16 @@ inherit qt5-build
 DESCRIPTION="Network abstraction library for the Qt5 framework"
 
 if [[ ${QT5_BUILD_TYPE} == release ]]; then
-	KEYWORDS="amd64 ~arm arm64 ~hppa ppc ppc64 ~sparc x86"
+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
 fi
 
-IUSE="bindist connman libproxy networkmanager sctp +ssl"
+IUSE="bindist connman gssapi libproxy networkmanager sctp +ssl"
 
 DEPEND="
-	~dev-qt/qtcore-${PV}
+	~dev-qt/qtcore-${PV}:5=
 	sys-libs/zlib:=
 	connman? ( ~dev-qt/qtdbus-${PV} )
+	gssapi? ( virtual/krb5 )
 	libproxy? ( net-libs/libproxy )
 	networkmanager? ( ~dev-qt/qtdbus-${PV} )
 	sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
@@ -43,6 +44,10 @@ QT5_GENTOO_PRIVATE_CONFIG=(
 	:network
 )
 
+PATCHES=(
+	"${FILESDIR}/${P}-CVE-2020-13962.patch" # bug 727604, QTBUG-83450
+)
+
 pkg_setup() {
 	use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
 	use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
@@ -51,6 +56,7 @@ pkg_setup() {
 src_configure() {
 	local myconf=(
 		$(usex connman -dbus-linked '')
+		$(usex gssapi -feature-gssapi -no-feature-gssapi)
 		$(qt_use libproxy)
 		$(usex networkmanager -dbus-linked '')
 		$(qt_use sctp)
diff --git a/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild b/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild
index ba2747249930..88dfeb7a1579 100644
--- a/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild
+++ b/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild
@@ -8,7 +8,7 @@ inherit qt5-build
 DESCRIPTION="Network abstraction library for the Qt5 framework"
 
 if [[ ${QT5_BUILD_TYPE} == release ]]; then
-	KEYWORDS="amd64 arm arm64 ~hppa ~ppc ppc64 ~sparc x86"
+	KEYWORDS="amd64 arm arm64 ~hppa ppc ppc64 ~sparc x86"
 fi
 
 IUSE="bindist connman gssapi libproxy networkmanager sctp +ssl"