diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-06-13 10:39:22 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-06-13 10:39:22 +0100 |
commit | 9452a6e87b6c2c70513bc47a2470bf9f1168920e (patch) | |
tree | 8ac67e26b45f34d71c5aab3621813b100a0d5f00 /dev-qt/qtnetwork | |
parent | f516638b7fe9592837389826a6152a7e1b251c54 (diff) |
gentoo resync : 13.06.2020
Diffstat (limited to 'dev-qt/qtnetwork')
-rw-r--r-- | dev-qt/qtnetwork/Manifest | 6 | ||||
-rw-r--r-- | dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch | 172 | ||||
-rw-r--r-- | dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild (renamed from dev-qt/qtnetwork/qtnetwork-5.14.1.ebuild) | 12 | ||||
-rw-r--r-- | dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild | 2 |
4 files changed, 185 insertions, 7 deletions
diff --git a/dev-qt/qtnetwork/Manifest b/dev-qt/qtnetwork/Manifest index 18e94aabe1e4..670358e4eb16 100644 --- a/dev-qt/qtnetwork/Manifest +++ b/dev-qt/qtnetwork/Manifest @@ -1,8 +1,8 @@ +AUX qtnetwork-5.14.2-CVE-2020-13962.patch 7797 BLAKE2B ad7f5fbbbafe784c7f88877f8537f847f58cdf082abb2a60674447aef6c1e1043530b85bd487add8b4a81e366728ea9a8076968910ec82c1e3e4de991b216c97 SHA512 dff8c492c99fa18653af663d1e6766c10c5788f3e0fef95a246b5d8a8a95413105fb6b9ea5945a4f400fddb09701852fa046e14bdb1ad2e31b8a3c78743b3b9d AUX qtnetwork-5.15.0-libressl.patch 15934 BLAKE2B c4e3a48a345245150994f4edbac1b5289373518245eebbda34767d54a22d07890e0e44338647b42cb240ea42901226b5077170cdd84243ad1a8bcb34e492424c SHA512 e4c7dffb665ee1b0a64631a64abf5aa06d188983e30102e8ebaafdfb66db77f4dd116ee62665fee588dbf0c6ae33abe7a940bab3cbcb6f14c5bc9c0decd3076f -DIST qtbase-everywhere-src-5.14.1.tar.xz 49828188 BLAKE2B d5641df96a90ec4f3f85e47444c151b2090161330df9684703883865ddc84bed507295b67953c0a8cad9c104a10727ac9fb26d7f3ec4bf2052294c843f108491 SHA512 964777323d0e3f9d355218c3493bb3b61d2750d9cb5ba71fce72cae3cd362acce88e39360f1fac0011f1b74d529a23621a7281191c622cc034ce78a77afa296b DIST qtbase-everywhere-src-5.14.2.tar.xz 49865752 BLAKE2B ed8eb18dfc79e9983248655eb62e8305ef8b79f96c7880c88533250fef8f0d187cf576082d41df08314711b4c007b94686486abd77bf9bc201336caa02ced300 SHA512 8c83e06d58b56e9f288e83d6c3dd4ad6cc9f1eb1a32c7b44fb912fda34ed7255766fd9fa60cd740ee001df7d6172f25df05f1f95e986c3e793fbcd9bf4f18de9 DIST qtbase-everywhere-src-5.15.0.tar.xz 49931940 BLAKE2B f6675ddb8c6fcfe4d12f92b0c93d09ec160e65bb214694550c82c1ba1acea41c86064910cf76267815bd860b071a322bbbad19e994be52f0bf1450a73d09a1bf SHA512 c584d69e49f4959d9b8541f820f5ff1e6d1599697ad16976b47cbaaa902fc83e1ca4ae57d56d13574e42e5f602d4420245ad7fcfc13e224e10d4bbad6a537d1a -EBUILD qtnetwork-5.14.1.ebuild 1306 BLAKE2B d37589fa1ae053eb05d8371563636c06b873119b9b0bb3f186371424cdfb49420a9e1f3b32b0d329307e61b2c91ef531c4d821f914c46009689035fadb2b6c16 SHA512 dd4855a70afa1f21ef95f98f9d8a038d115d2ff106e9b6a136c0a225457e47889116473e3dfe3f26b91ae05c6a0d64d28b68d08d224710948545297a1a66a6bf -EBUILD qtnetwork-5.14.2.ebuild 1394 BLAKE2B 8ccf7432bc9a86aa5965b76cd4d39aeb6a5179e00730adc11f024dd37c59af39b1c9f30ab06c6d30caf94420ce46ceaeb012611b301d05b778ea60bf09df33f3 SHA512 7322ae3af1fb7304fa1cb82c2c019463131acbd4b284cd1a7ef8020389899140fcc4b8265d3a526626680b4aa0f62162142d559ef28be52bcfbb6b3835aa6e1a +EBUILD qtnetwork-5.14.2-r1.ebuild 1479 BLAKE2B 325dea7024852aa45c65a2f4162ff7918e297f5664ee3efcdc6b05eadfc15c55c6cf3af9de38eb71f63aead207f03fac03541af14da1e1c1c6852571cd59b97b SHA512 bc2e56e2bfa2d7dc89dcb838358f1eafe78f4e6d65c30ca41e66cf1944cadb8959b655fda9afff7d257ffd3b0e017bdd4ff219acfd2b643bb00c340e17ed9098 +EBUILD qtnetwork-5.14.2.ebuild 1393 BLAKE2B aa17c38a93c91e1d11be0c6f5731a010a4984d1b01c2e33ba9cc670db0b57cb0286fa594801182f8febd52e653b6dc8b5848e94ed18446d9c9451faa6bf9dab9 SHA512 408505f59f2c0d49780f832eeb1c1264e70ebdc3ae84e0c9a3c7e730dfdd1235e5cf545133f2e376e3c8ea4add9d2601388a492ad658b1b1856900acbe787386 EBUILD qtnetwork-5.15.0.ebuild 1549 BLAKE2B 7e3344b37988416d12b6cca4fac784589ae65adbc64165fd96d7e8c9d166b10acd2a5f95f59ed4bd877a9245b6ed5ff438aa6e648634b358ae043d668e352bb4 SHA512 e227aa30bbe97b8b303c858b42e83890cd0731faf9c518971d27687ae71246ac53035b3371d3ff9d4e6cff9496cdc5b6d33bfd98edac830f5b0096bfb4e2c705 MISC metadata.xml 957 BLAKE2B 5c888322d402a3f037e194bd13001ff3a7e449fe423b8b4661c4b1365263a63e105be92ab0bd6a99ae79e7e8062c65e52e9e04763f9c15c50cb28c1215a06b0d SHA512 aa07869c984c4c2d7653820213b94fa4db247e4e30f0efad8df64c09b2578cd2143ab81890584521e1f561953312abb36d8e049dabd42893fecefea4182f176a diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch new file mode 100644 index 000000000000..9bbdda61a25a --- /dev/null +++ b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch @@ -0,0 +1,172 @@ +From 8ddffc6ba4f38bb8dbeb0cf61b6b10ee73505bbb Mon Sep 17 00:00:00 2001 +From: Timur Pocheptsov <timur.pocheptsov@qt.io> +Date: Mon, 13 Apr 2020 20:31:34 +0200 +Subject: [PATCH] OpenSSL: handle SSL_shutdown's errors properly +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Do not call SSL_shutdown on a session that is in handshake state (SSL_in_init(s) +returns 1). Also, do not call SSL_shutdown if a session encountered a fatal +error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown +was unsuccessful (returned code != 1), we have to clear the error(s) it queued. +Unfortunately, SSL_in_init was a macro in OpenSSL 1.0.x. We have to +resolve SSL_state to implement SSL_in_init. + +Fixes: QTBUG-83450 +Change-Id: I6326119f4e79605429263045ac20605c30dccca3 +Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io> +(cherry picked from commit 8907635da59c2ae0e8db01f27b24a841b830e655) +--- + src/network/ssl/qsslsocket.cpp | 2 +- + src/network/ssl/qsslsocket_openssl.cpp | 23 ++++++++++++++++------ + src/network/ssl/qsslsocket_openssl11_symbols_p.h | 7 +++++++ + src/network/ssl/qsslsocket_openssl_symbols.cpp | 8 ++++++++ + .../ssl/qsslsocket_opensslpre11_symbols_p.h | 2 ++ + src/network/ssl/qsslsocket_p.h | 1 + + 6 files changed, 36 insertions(+), 7 deletions(-) + +diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp +index 4e9e9472631..5c9e589ec39 100644 +--- a/src/network/ssl/qsslsocket.cpp ++++ b/src/network/ssl/qsslsocket.cpp +@@ -2166,7 +2166,7 @@ void QSslSocketPrivate::init() + pendingClose = false; + flushTriggered = false; + ocspResponses.clear(); +- ++ systemOrSslErrorDetected = false; + // we don't want to clear the ignoreErrorsList, so + // that it is possible setting it before connecting + // ignoreErrorsList.clear(); +diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +index 51510f1c60b..855865209bc 100644 +--- a/src/network/ssl/qsslsocket_openssl.cpp ++++ b/src/network/ssl/qsslsocket_openssl.cpp +@@ -648,10 +648,16 @@ bool QSslSocketBackendPrivate::initSslContext() + void QSslSocketBackendPrivate::destroySslContext() + { + if (ssl) { +- // We do not send a shutdown alert here. Just mark the session as +- // resumable for qhttpnetworkconnection's "optimization", otherwise +- // OpenSSL won't start a session resumption. +- q_SSL_shutdown(ssl); ++ if (!q_SSL_in_init(ssl) && !systemOrSslErrorDetected) { ++ // We do not send a shutdown alert here. Just mark the session as ++ // resumable for qhttpnetworkconnection's "optimization", otherwise ++ // OpenSSL won't start a session resumption. ++ if (q_SSL_shutdown(ssl) != 1) { ++ // Some error may be queued, clear it. ++ const auto errors = getErrorsFromOpenSsl(); ++ Q_UNUSED(errors); ++ } ++ } + q_SSL_free(ssl); + ssl = nullptr; + } +@@ -1084,6 +1090,7 @@ void QSslSocketBackendPrivate::transmit() + case SSL_ERROR_SSL: // error in the SSL library + // we do not know exactly what the error is, nor whether we can recover from it, + // so just return to prevent an endless loop in the outer "while" statement ++ systemOrSslErrorDetected = true; + { + const ScopedBool bg(inSetAndEmitError, true); + setErrorAndEmit(QAbstractSocket::SslInternalError, +@@ -1681,8 +1688,12 @@ bool QSslSocketBackendPrivate::checkOcspStatus() + void QSslSocketBackendPrivate::disconnectFromHost() + { + if (ssl) { +- if (!shutdown) { +- q_SSL_shutdown(ssl); ++ if (!shutdown && !q_SSL_in_init(ssl) && !systemOrSslErrorDetected) { ++ if (q_SSL_shutdown(ssl) != 1) { ++ // Some error may be queued, clear it. ++ const auto errors = getErrorsFromOpenSsl(); ++ Q_UNUSED(errors); ++ } + shutdown = true; + transmit(); + } +diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h +index 0fe0899d4fd..b7193ad1807 100644 +--- a/src/network/ssl/qsslsocket_openssl11_symbols_p.h ++++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h +@@ -192,4 +192,11 @@ typedef int (*q_SSL_psk_use_session_cb_func_t)(SSL *, const EVP_MD *, const unsi + } + void q_SSL_set_psk_use_session_callback(SSL *s, q_SSL_psk_use_session_cb_func_t); + ++#if OPENSSL_VERSION_NUMBER < 0x10101000L ++// What a mess! ++int q_SSL_in_init(SSL *s); ++#else ++int q_SSL_in_init(const SSL *s); ++#endif // 1.1.1 or 1.1.0 ++ + #endif +diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp +index 85029a6ff3f..d1bd84cf25f 100644 +--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp ++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp +@@ -160,6 +160,11 @@ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) + DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) + DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) + DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return) ++#if OPENSSL_VERSION_NUMBER < 0x10101000L ++DEFINEFUNC(int, SSL_in_init, SSL *a, a, return 0, return) ++#else ++DEFINEFUNC(int, SSL_in_init, const SSL *a, a, return 0, return) ++#endif + #ifdef TLS1_3_VERSION + DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return) + DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG) +@@ -242,6 +247,7 @@ DEFINEFUNC2(void, BIO_set_shutdown, BIO *a, a, int shut, shut, return, DUMMYARG) + // Functions below are either deprecated or removed in OpenSSL >= 1.1: + + DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return nullptr, return) ++DEFINEFUNC(int, SSL_state, const SSL *a, a, return 0, return) + + #ifdef SSLEAY_MACROS + DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return nullptr, return) +@@ -971,6 +977,7 @@ bool q_resolveOpenSslSymbols() + #if QT_CONFIG(opensslv11) + + RESOLVEFUNC(OPENSSL_init_ssl) ++ RESOLVEFUNC(SSL_in_init) + RESOLVEFUNC(OPENSSL_init_crypto) + RESOLVEFUNC(ASN1_STRING_get0_data) + RESOLVEFUNC(EVP_CIPHER_CTX_reset) +@@ -1066,6 +1073,7 @@ bool q_resolveOpenSslSymbols() + #else // !opensslv11 + + RESOLVEFUNC(ASN1_STRING_data) ++ RESOLVEFUNC(SSL_state) + + #ifdef SSLEAY_MACROS + RESOLVEFUNC(ASN1_dup) +diff --git a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h +index f5626d5d164..92841017793 100644 +--- a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h ++++ b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h +@@ -121,6 +121,8 @@ SSL_CTX *q_SSL_CTX_new(const SSL_METHOD *a); + + int q_SSL_library_init(); + void q_SSL_load_error_strings(); ++int q_SSL_state(const SSL *a); ++#define q_SSL_in_init(a) (q_SSL_state(a) & SSL_ST_INIT) + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L + int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h +index daa9be23f4a..350b1f1fc18 100644 +--- a/src/network/ssl/qsslsocket_p.h ++++ b/src/network/ssl/qsslsocket_p.h +@@ -208,6 +208,7 @@ protected: + bool verifyErrorsHaveBeenIgnored(); + bool paused; + bool flushTriggered; ++ bool systemOrSslErrorDetected = false; + QVector<QOcspResponse> ocspResponses; + }; + +-- +2.16.3 diff --git a/dev-qt/qtnetwork/qtnetwork-5.14.1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild index c041860cc9ea..dcb5a062aade 100644 --- a/dev-qt/qtnetwork/qtnetwork-5.14.1.ebuild +++ b/dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild @@ -8,15 +8,16 @@ inherit qt5-build DESCRIPTION="Network abstraction library for the Qt5 framework" if [[ ${QT5_BUILD_TYPE} == release ]]; then - KEYWORDS="amd64 ~arm arm64 ~hppa ppc ppc64 ~sparc x86" + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86" fi -IUSE="bindist connman libproxy networkmanager sctp +ssl" +IUSE="bindist connman gssapi libproxy networkmanager sctp +ssl" DEPEND=" - ~dev-qt/qtcore-${PV} + ~dev-qt/qtcore-${PV}:5= sys-libs/zlib:= connman? ( ~dev-qt/qtdbus-${PV} ) + gssapi? ( virtual/krb5 ) libproxy? ( net-libs/libproxy ) networkmanager? ( ~dev-qt/qtdbus-${PV} ) sctp? ( kernel_linux? ( net-misc/lksctp-tools ) ) @@ -43,6 +44,10 @@ QT5_GENTOO_PRIVATE_CONFIG=( :network ) +PATCHES=( + "${FILESDIR}/${P}-CVE-2020-13962.patch" # bug 727604, QTBUG-83450 +) + pkg_setup() { use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman) use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager) @@ -51,6 +56,7 @@ pkg_setup() { src_configure() { local myconf=( $(usex connman -dbus-linked '') + $(usex gssapi -feature-gssapi -no-feature-gssapi) $(qt_use libproxy) $(usex networkmanager -dbus-linked '') $(qt_use sctp) diff --git a/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild b/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild index ba2747249930..88dfeb7a1579 100644 --- a/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild +++ b/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild @@ -8,7 +8,7 @@ inherit qt5-build DESCRIPTION="Network abstraction library for the Qt5 framework" if [[ ${QT5_BUILD_TYPE} == release ]]; then - KEYWORDS="amd64 arm arm64 ~hppa ~ppc ppc64 ~sparc x86" + KEYWORDS="amd64 arm arm64 ~hppa ppc ppc64 ~sparc x86" fi IUSE="bindist connman gssapi libproxy networkmanager sctp +ssl" |