summaryrefslogtreecommitdiff
path: root/dev-qt/qtnetwork
diff options
context:
space:
mode:
Diffstat (limited to 'dev-qt/qtnetwork')
-rw-r--r--dev-qt/qtnetwork/Manifest3
-rw-r--r--dev-qt/qtnetwork/files/qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch101
-rw-r--r--dev-qt/qtnetwork/qtnetwork-5.15.10-r2.ebuild (renamed from dev-qt/qtnetwork/qtnetwork-5.15.10-r1.ebuild)2
3 files changed, 105 insertions, 1 deletions
diff --git a/dev-qt/qtnetwork/Manifest b/dev-qt/qtnetwork/Manifest
index 64c85dee7cb8..97bbadc936a6 100644
--- a/dev-qt/qtnetwork/Manifest
+++ b/dev-qt/qtnetwork/Manifest
@@ -1,3 +1,4 @@
+AUX qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch 4618 BLAKE2B 51ca56a407d055533e80c7639d385e959517a1983fddb0635e2441769c29d9b02ea9eb60ad18030185fde7e2babdfd18afb5a17d1a0365c0ff6c564519f44c0f SHA512 1e94f218a3d0e7580900712635a19d3162cadbbc77b62b91d1c195f0cd11ac90be0b90821fb9e48887e2ad3c1f4e49fee1ac33c291a587f595baaa8d72ea6b9d
AUX qtnetwork-5.15.9-CVE-2023-32762.patch 1598 BLAKE2B 2d7a37066205b9eb75df0783d49bb36b71e7fe5ee65a391b9d5578c283c6058bec951b9587b27ca63b658254f9c540e54460ea2c4f6a8503fb25da31e8c6d969 SHA512 f89d96bb473e38fc069c8d0afa9c7339647af30948f40de6fc432f55e0d23ba01d0a1ef29145213afd6dbae6992a436baa693dcace982fd0a906d7118e73ad14
AUX qtnetwork-5.15.9-CVE-2023-34410.patch 5162 BLAKE2B d4d268edeecd71972985f52a8f0aa34df9ad5a08e89176d3f368d37d13e889bb71093e7b70f2e32e7ce765fabb4c4b71bf6c7e1cb01d4daffd720070718e2fc9 SHA512 dfad275afee27020588769c71618a930e8e4836bffb2fa9b24a18fdb9724d26715ea5bcab8f9ea6d4484f8bec21fd06664111e37663fbbd5d177665e1a51bc7b
AUX qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch 4180 BLAKE2B b85be10b7274322b10eb4ab654aa83621655a495be641dd7d66ebdfc10749fe2aeb333f02b8fa4703e48eefec56e8657375c921320a22e601c9117fe605782e2 SHA512 f6ea5c46c252a3781de1364878692e76950b68f48e51cf042565cb7da0632310e7b85abe52054bb4571638645c2affa6ab20374c6b7c5beaa0b441b85a34956c
@@ -7,7 +8,7 @@ DIST qtbase-5.15.10-gentoo-kde-1.tar.xz 725208 BLAKE2B 14e82b0f26d0e0de47e9e3c4c
DIST qtbase-5.15.9-gentoo-kde-1.tar.xz 748840 BLAKE2B 6601efaba2bd9f64edec9ab24a562b2850fe85e088acb2913a06a4a97f82fea015ae9cf20908e5044a0170a2f837cf94a67ac6e870da8ea6e7603057b5683c1a SHA512 60e6c338136affc936c776c129fd2d6620f5e36db8ded32970d59e953bf843786a6deea6cb529488dbd58dfc7c8ea9e71580026fdda8b364596f095e8e9b7791
DIST qtbase-everywhere-opensource-src-5.15.10.tar.xz 50422688 BLAKE2B 2a625296967bef17d491a3ec8fbb4a3beaf00180a2cda728e485f796c801241798bd85dd06d57ca9fef26c591fe9910a2fcb83a67bbc17640b7393d280b9ce53 SHA512 94ac739d76dd9fff54cde46e818fee6c6763f8b207b759108455febff84c9dfeb48ea7807451d7248cbfd8af24c2a1263c34dcbd2be055136e39325e32725eef
DIST qtbase-everywhere-opensource-src-5.15.9.tar.xz 50389220 BLAKE2B b1692f5907b7a262a8cad33d45935d76f72f2fb78b970b57fba76ef9f6789d1d7a435278a450ff1f3556c0846fa8dd8295707ead6adf21af6cd17fbe7f0d82f8 SHA512 2da78ea043c03fa4ff7c6a39c41a5d1b30af06248764e6f5eef3fe4aeb3f3d20e302fa7c5827112c89b6bc7c5c0c292454d127f9d7bb0d2031175f0f2c937ed3
-EBUILD qtnetwork-5.15.10-r1.ebuild 1190 BLAKE2B 09e826991757356e81e7290dd2ffc1a7ff58e4bb9957f152d2955bb577daf3328f954459d8562edfdd2d418bc6c4a0d1bbc758c3dc380331e09c83f94459ebf0 SHA512 56ef468bd04e9c5e0a1f8c06c355622eea1ee05e5184e490ab26478a69359b7b6113c566853f85771e4803b607008bdb03ea7635b3c4eab26af31b8503a6cbc7
+EBUILD qtnetwork-5.15.10-r2.ebuild 1255 BLAKE2B 66159533d27577432a763456fedb282388030e351e163f7bc2baa82661eb81dbc447acbff044a33dd07c3e4db3b40d955a63a43822cfca876c9a64308e35d57c SHA512 c0a2862585626a78337cb06aa3f859e6b2020b449f6740ce86b5e21022016f952cc5d2cc876b07cda42369c54feadce674703b608c71fd2e232152d6fd437e3f
EBUILD qtnetwork-5.15.10.ebuild 1607 BLAKE2B 8c336a9117dd3289b8cc2c91fc6cce82cb9072612b65c5f5df79e402f1b765f20d9ada4e208f0143fe7e40c1f8c830837586104429244706135f02fa11facd63 SHA512 2f0f7f0bb1570e6e4501a29dd0fd6a96d1d44c2e01a354a78364f93a3cdcb7e47262f5f065fc629d3037306dfd8170fe552d677d894f1a507ff71aca47c41d4a
EBUILD qtnetwork-5.15.9-r2.ebuild 1771 BLAKE2B f4f979099e47e355ccfae3074652019678e1a96ea0d69432c5b2d387d3e6b6558eff3694fdc955d1b63fe68e05d822e366357d73f1a142bc9f3fad3801244ddb SHA512 4d9178f57bbb24b204bac584af37ea2d3c6fd9296ba0e685e54ef9a8df153138c57ca6c5e0fd08ae9f9fbee8d5505cadfe6e9f7b99c1071a6f8afba390c04fc6
EBUILD qtnetwork-5.15.9-r3.ebuild 1813 BLAKE2B 512e960cb5f65727e2c7de6b9e3bd151a72e71cc0f8b9c339a58c31a4a828cec2995f3cf206b4352004e31d49457fe120e85dfa9a2832f1bbea85ad427bf1cff SHA512 1cf46c222b8724838c28829905aed765a9906c9247aa842e710f906f33fb76df173bc456db38ee38ab36ee10b4bc0053783a8e644736c77f9eca387511ce2295
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch
new file mode 100644
index 000000000000..94f1325070d5
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch
@@ -0,0 +1,101 @@
+From 05406c3f5f516d3148254c8294e8883c28a2c95a Mon Sep 17 00:00:00 2001
+From: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
+Date: Wed, 21 Jun 2023 13:30:35 +0200
+Subject: [PATCH] SSL: upgrade the default DH parameters
+
+We have been using as default DH parameters the 1024-bit MODP group.
+This is now considered insecure, and applications should use the
+2048-bit at a minimum [1]. This commit therefore replaces the parameters
+with the 2048-bit MODP group from [2].
+
+To double check the data, use openssl asn1parse to verify that the prime
+matches. For instance:
+
+1) put the encoded string in a `encoded.txt` file (c&p from the source,
+ removing the double quotes)
+2) put the hexadecimal value of the 2048-bit group in a `reference.txt`
+ file (c&p from [2])
+3) compare the output of openssl asn1parse with the reference. For
+ instance like this:
+
+ $ diff <(openssl asn1parse < encoded.txt | grep -m 1 INTEGER | perl -pe 's/.*://; s/\n//') <(perl -0777 -pe 's/\s//g' reference.txt) && echo OK
+ OK
+
+[1] https://datatracker.ietf.org/doc/html/rfc8247#section-2.4
+[2] https://datatracker.ietf.org/doc/html/rfc3526#section-3
+
+[ChangeLog][QtNetwork][QSslDiffieHellmanParameters] The default
+Diffie-Hellman parameters are now using the 2048-bit MODP group from
+RFC 3526.
+
+Pick-to: 6.6 6.5 6.2 5.15
+Change-Id: I47133cd78ba0e954b8f93a3da09fa2c760c9f7a8
+Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
+(cherry picked from commit 3ec24e329c9ef6802786a37f30ddd8982e903480)
+---
+ src/network/ssl/qsslconfiguration.cpp | 12 ++++++++++--
+ src/network/ssl/qssldiffiehellmanparameters.cpp | 13 +++++++------
+ 2 files changed, 17 insertions(+), 8 deletions(-)
+
+diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
+index f5ce02807f..84a9187334 100644
+--- a/src/network/ssl/qsslconfiguration.cpp
++++ b/src/network/ssl/qsslconfiguration.cpp
+@@ -929,7 +929,11 @@ void QSslConfiguration::setPreSharedKeyIdentityHint(const QByteArray &hint)
+ Retrieves the current set of Diffie-Hellman parameters.
+
+ If no Diffie-Hellman parameters have been set, the QSslConfiguration object
+- defaults to using the 1024-bit MODP group from RFC 2409.
++ defaults to using the 2048-bit MODP group from RFC 3526.
++
++ \note The default parameters may change in future Qt versions.
++ Please check the documentation of the \e{exact Qt version} that you
++ are using in order to know what defaults that version uses.
+ */
+ QSslDiffieHellmanParameters QSslConfiguration::diffieHellmanParameters() const
+ {
+@@ -943,7 +947,11 @@ QSslDiffieHellmanParameters QSslConfiguration::diffieHellmanParameters() const
+ a server to \a dhparams.
+
+ If no Diffie-Hellman parameters have been set, the QSslConfiguration object
+- defaults to using the 1024-bit MODP group from RFC 2409.
++ defaults to using the 2048-bit MODP group from RFC 3526.
++
++ \note The default parameters may change in future Qt versions.
++ Please check the documentation of the \e{exact Qt version} that you
++ are using in order to know what defaults that version uses.
+ */
+ void QSslConfiguration::setDiffieHellmanParameters(const QSslDiffieHellmanParameters &dhparams)
+ {
+diff --git a/src/network/ssl/qssldiffiehellmanparameters.cpp b/src/network/ssl/qssldiffiehellmanparameters.cpp
+index 7807afaa30..7c2505a0be 100644
+--- a/src/network/ssl/qssldiffiehellmanparameters.cpp
++++ b/src/network/ssl/qssldiffiehellmanparameters.cpp
+@@ -68,17 +68,18 @@
+
+ QT_BEGIN_NAMESPACE
+
+-// The 1024-bit MODP group from RFC 2459 (Second Oakley Group)
++// The 2048-bit MODP group from RFC 3526
+ Q_AUTOTEST_EXPORT const char *qssl_dhparams_default_base64 =
+- "MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR"
+- "Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL"
+- "/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC";
++ "MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmO"
++ "NATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjftawv/XLb0Brft7jhr"
++ "+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXTmmkWP6j9JM9fg2VdI9yjrZYc"
++ "YvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhghfDKQXkYuNs474553LBgOhgObJ4Oi7Aei"
++ "j7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==";
+
+ /*!
+ Returns the default QSslDiffieHellmanParameters used by QSslSocket.
+
+- This is currently the 1024-bit MODP group from RFC 2459, also
+- known as the Second Oakley Group.
++ This is currently the 2048-bit MODP group from RFC 3526.
+ */
+ QSslDiffieHellmanParameters QSslDiffieHellmanParameters::defaultParameters()
+ {
+--
+2.41.0
+
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.10-r1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.10-r2.ebuild
index 148c6d9f133f..39ee0ea09f21 100644
--- a/dev-qt/qtnetwork/qtnetwork-5.15.10-r1.ebuild
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.10-r2.ebuild
@@ -41,6 +41,8 @@ QT5_GENTOO_PRIVATE_CONFIG=(
:network
)
+PATCHES=( "${FILESDIR}/${P}-ssl-upgr-default-DH-params.patch" )
+
src_configure() {
local myconf=(
$(qt_use gssapi feature-gssapi)
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-08 22:11:34 +0000