[gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
commit: 44d3661b4981baaa12699edc40dfe06858f911f7 Author: Andreas Sturmlechner gentoo org> AuthorDate: Sat May 20 17:59:01 2023 + Commit: Andreas Sturmlechner gentoo org> CommitDate: Sat May 20 18:02:35 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44d3661b dev-qt/qtnetwork: QDnsLookup: make sure we don't overflow the buffer Signed-off-by: Andreas Sturmlechner gentoo.org> 15.9-QDnsLookup-dont-overflow-the-buffer.patch | 103 + dev-qt/qtnetwork/qtnetwork-5.15.9-r1.ebuild| 76 +++ 2 files changed, 179 insertions(+) diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch new file mode 100644 index ..433dc678ad2d --- /dev/null +++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch @@ -0,0 +1,103 @@ +From 2103f2487f709dd9546c503820d9ad509e9a63b3 Mon Sep 17 00:00:00 2001 +From: Thiago Macieira +Date: Thu, 11 May 2023 21:40:15 -0700 +Subject: [PATCH] QDnsLookup/Unix: make sure we don't overflow the buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The DNS Records are variable length and encode their size in 16 bits +before the Record Data (RDATA). Ensure that both the RDATA and the +Record header fields before it fall inside the buffer we have. + +Additionally reject any replies containing more than one query records. + +[ChangeLog][QtNetwork][QDnsLookup] Fixed a bug that could cause a buffer +overflow in Unix systems while parsing corrupt, malicious, or truncated +replies. + +Pick-to: 5.15 6.2 6.5 6.5.1 +Change-Id: I3e3bfef633af4130a03afffd175e4b9547654b95 +Reviewed-by: Mårten Nordheim +Reviewed-by: Jani Heikkinen +(cherry picked from commit 7dba2c87619d558a61a30eb30cc1d9c3fe6df94c) + +* asturmlechner 2023-05-18: Resolve conflict with dev branch commit + 68b625901f9eb7c34e3d7aa302e1c0a454d3190b +--- + src/network/kernel/qdnslookup_unix.cpp | 31 +- + 1 file changed, 25 insertions(+), 6 deletions(-) + +diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp +index 12b40fc35dd..99e999d436c 100644 +--- a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp +@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray + // responseLength in case of error, we still can extract the + // exact error code from the response. + HEADER *header = (HEADER*)response; +-const int answerCount = ntohs(header->ancount); + switch (header->rcode) { + case NOERROR: + break; +@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray + return; + } + +-// Skip the query host, type (2 bytes) and class (2 bytes). + char host[PACKETSZ], answer[PACKETSZ]; + unsigned char *p = response + sizeof(HEADER); +-int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host)); +-if (status < 0) { ++int status; ++ ++if (ntohs(header->qdcount) == 1) { ++// Skip the query host, type (2 bytes) and class (2 bytes). ++status = local_dn_expand(response, response + responseLength, p, host, sizeof(host)); ++if (status < 0) { ++reply->error = QDnsLookup::InvalidReplyError; ++reply->errorString = tr("Could not expand domain name"); ++return; ++} ++if ((p - response) + status + 4 >= responseLength) ++header->qdcount = 0x; // invalid reply below ++else ++p += status + 4; ++} ++if (ntohs(header->qdcount) > 1) { + reply->error = QDnsLookup::InvalidReplyError; +-reply->errorString = tr("Could not expand domain name"); ++reply->errorString = tr("Invalid reply received"); + return; + } +-p += status + 4; + + // Extract results. ++const int answerCount = ntohs(header->ancount); + int answerIndex = 0; + while ((p < response + responseLength) && (answerIndex < answerCount)) { + status = local_dn_expand(response, response + responseLength, p, host, sizeof(host)); +@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray + const QString name = QUrl::fromAce(host); + + p += status; ++ ++if ((p - response) + 10 > responseLength) { ++// probably just a truncated reply, return what we have ++return; ++} + const quint16 type = (p[0] << 8) | p[1]; + p += 2; // RR type + p += 2; // RR class +@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray + p += 4; + const quint16 size = (p[0] << 8) | p[1]; + p += 2; ++if ((p - response)
[gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
commit: 217fc6b64c5569a44e0f2d370cebc37e53b5 Author: Stefan Strogin steils org> AuthorDate: Sat Nov 28 19:37:21 2020 + Commit: Andreas Sturmlechner gentoo org> CommitDate: Sat Nov 28 20:21:14 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=217fc6b6 dev-qt/qtnetwork: update (5.15.2) patch for LibreSSL Closes: https://bugs.gentoo.org/757147 Package-Manager: Portage-3.0.10, Repoman-3.0.2 Signed-off-by: Stefan Strogin gentoo.org> Closes: https://github.com/gentoo/qt/pull/230 Signed-off-by: Andreas Sturmlechner gentoo.org> .../files/qtnetwork-5.15.2-libressl.patch | 377 + dev-qt/qtnetwork/qtnetwork-5.15.2.ebuild | 2 +- 2 files changed, 378 insertions(+), 1 deletion(-) diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.2-libressl.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-libressl.patch new file mode 100644 index 000..f7fe32f06e4 --- /dev/null +++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-libressl.patch @@ -0,0 +1,377 @@ +From 07a00f9c6d87f1fa5360cfb8f086670f3fa5bd3f Mon Sep 17 00:00:00 2001 +From: Stefan Strogin +Date: Sat, 28 Nov 2020 06:12:22 +0200 +Subject: [PATCH] QSslSocket: add LibreSSL support + +Upstream-Status: Inappropriate +[Upstream is not willing to accept any patches for LibreSSL support] +Signed-off-by: Stefan Strogin +--- + src/network/ssl/qsslcertificate_openssl.cpp | 2 +- + src/network/ssl/qsslcontext_openssl.cpp | 19 +++- + src/network/ssl/qsslcontext_openssl_p.h | 7 +++ + src/network/ssl/qsslsocket_openssl.cpp| 2 +- + .../ssl/qsslsocket_openssl_symbols.cpp| 31 + + .../ssl/qsslsocket_openssl_symbols_p.h| 45 +++ + 6 files changed, 103 insertions(+), 3 deletions(-) + +diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp +index ca9d61cc..19774432 100644 +--- a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp +@@ -661,7 +661,7 @@ static QMultiMap _q_mapFromX509Name(X509_NAME *name) + unsigned char *data = nullptr; + int size = q_ASN1_STRING_to_UTF8(, q_X509_NAME_ENTRY_get_data(e)); + info.insert(name, QString::fromUtf8((char*)data, size)); +-#if QT_CONFIG(opensslv11) ++#if QT_CONFIG(opensslv11) && !defined(LIBRESSL_VERSION_NUMBER) + q_CRYPTO_free(data, nullptr, 0); + #else + q_CRYPTO_free(data); +diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp +index c9f202f5..d3626cab 100644 +--- a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp +@@ -351,9 +351,11 @@ init_context: + return; + } + ++#ifndef LIBRESSL_VERSION_NUMBER + // A nasty hacked OpenSSL using a level that will make our auto-tests fail: + if (q_SSL_CTX_get_security_level(sslContext->ctx) > 1 && *forceSecurityLevel()) + q_SSL_CTX_set_security_level(sslContext->ctx, 1); ++#endif // LIBRESSL_VERSION_NUMBER + + const long anyVersion = + #if QT_CONFIG(dtls) +@@ -408,16 +410,28 @@ init_context: + maxVersion = DTLS1_VERSION; + break; + case QSsl::DtlsV1_0OrLater: ++#ifdef DTLS_MAX_VERSION + minVersion = DTLS1_VERSION; + maxVersion = DTLS_MAX_VERSION; ++#else ++Q_UNREACHABLE(); ++#endif // DTLS_MAX_VERSION + break; + case QSsl::DtlsV1_2: ++#ifdef DTLS1_2_VERSION + minVersion = DTLS1_2_VERSION; + maxVersion = DTLS1_2_VERSION; ++#else ++Q_UNREACHABLE(); ++#endif // DTLS1_2_VERSION + break; + case QSsl::DtlsV1_2OrLater: ++#if defined(DTLS1_2_VERSION) && defined(DTLS_MAX_VERSION) + minVersion = DTLS1_2_VERSION; + maxVersion = DTLS_MAX_VERSION; ++#else ++Q_UNREACHABLE(); ++#endif // DTLS1_2_VERSION && DTLS_MAX_VERSION + break; + case QSsl::TlsV1_3OrLater: + #ifdef TLS1_3_VERSION +@@ -722,6 +736,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext) + } + #endif // ocsp + ++#ifndef LIBRESSL_VERSION_NUMBER + QSharedPointer cctx(q_SSL_CONF_CTX_new(), _SSL_CONF_CTX_free); + if (cctx) { + q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx); +@@ -768,7 +783,9 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext) + sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_finish() failed")); + sslContext->errorCode = QSslError::UnspecifiedError; + } +-} else { ++} else ++#endif // LIBRESSL_VERSION_NUMBER ++{ + sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_CTX_new() failed")); + sslContext->errorCode = QSslError::UnspecifiedError; + } +diff --git a/src/network/ssl/qsslcontext_openssl_p.h b/src/network/ssl/qsslcontext_openssl_p.h +index 70cb97aa..01a61cf5 100644 +--- a/src/network/ssl/qsslcontext_openssl_p.h
[gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
commit: 8ededff26ca832ef16f40e986c3cf85062de3428 Author: Andreas Sturmlechner gentoo org> AuthorDate: Tue Jun 9 19:05:03 2020 + Commit: Andreas Sturmlechner gentoo org> CommitDate: Wed Jun 10 17:52:29 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ededff2 dev-qt/qtnetwork: Fix CVE-2020-13962 Tested-by: Sam James (sam_c) cmpct.info Closes: https://bugs.gentoo.org/727604 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Andreas Sturmlechner gentoo.org> .../files/qtnetwork-5.14.2-CVE-2020-13962.patch| 172 + dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild| 66 2 files changed, 238 insertions(+) diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch new file mode 100644 index 000..9bbdda61a25 --- /dev/null +++ b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch @@ -0,0 +1,172 @@ +From 8ddffc6ba4f38bb8dbeb0cf61b6b10ee73505bbb Mon Sep 17 00:00:00 2001 +From: Timur Pocheptsov +Date: Mon, 13 Apr 2020 20:31:34 +0200 +Subject: [PATCH] OpenSSL: handle SSL_shutdown's errors properly +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Do not call SSL_shutdown on a session that is in handshake state (SSL_in_init(s) +returns 1). Also, do not call SSL_shutdown if a session encountered a fatal +error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown +was unsuccessful (returned code != 1), we have to clear the error(s) it queued. +Unfortunately, SSL_in_init was a macro in OpenSSL 1.0.x. We have to +resolve SSL_state to implement SSL_in_init. + +Fixes: QTBUG-83450 +Change-Id: I6326119f4e79605429263045ac20605c30dccca3 +Reviewed-by: MÃ¥rten Nordheim +(cherry picked from commit 8907635da59c2ae0e8db01f27b24a841b830e655) +--- + src/network/ssl/qsslsocket.cpp | 2 +- + src/network/ssl/qsslsocket_openssl.cpp | 23 -- + src/network/ssl/qsslsocket_openssl11_symbols_p.h | 7 +++ + src/network/ssl/qsslsocket_openssl_symbols.cpp | 8 + .../ssl/qsslsocket_opensslpre11_symbols_p.h| 2 ++ + src/network/ssl/qsslsocket_p.h | 1 + + 6 files changed, 36 insertions(+), 7 deletions(-) + +diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp +index 4e9e9472631..5c9e589ec39 100644 +--- a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp +@@ -2166,7 +2166,7 @@ void QSslSocketPrivate::init() + pendingClose = false; + flushTriggered = false; + ocspResponses.clear(); +- ++systemOrSslErrorDetected = false; + // we don't want to clear the ignoreErrorsList, so + // that it is possible setting it before connecting + //ignoreErrorsList.clear(); +diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +index 51510f1c60b..855865209bc 100644 +--- a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +@@ -648,10 +648,16 @@ bool QSslSocketBackendPrivate::initSslContext() + void QSslSocketBackendPrivate::destroySslContext() + { + if (ssl) { +-// We do not send a shutdown alert here. Just mark the session as +-// resumable for qhttpnetworkconnection's "optimization", otherwise +-// OpenSSL won't start a session resumption. +-q_SSL_shutdown(ssl); ++if (!q_SSL_in_init(ssl) && !systemOrSslErrorDetected) { ++// We do not send a shutdown alert here. Just mark the session as ++// resumable for qhttpnetworkconnection's "optimization", otherwise ++// OpenSSL won't start a session resumption. ++if (q_SSL_shutdown(ssl) != 1) { ++// Some error may be queued, clear it. ++const auto errors = getErrorsFromOpenSsl(); ++Q_UNUSED(errors); ++} ++} + q_SSL_free(ssl); + ssl = nullptr; + } +@@ -1084,6 +1090,7 @@ void QSslSocketBackendPrivate::transmit() + case SSL_ERROR_SSL: // error in the SSL library + // we do not know exactly what the error is, nor whether we can recover from it, + // so just return to prevent an endless loop in the outer "while" statement ++systemOrSslErrorDetected = true; + { + const ScopedBool bg(inSetAndEmitError, true); + setErrorAndEmit(QAbstractSocket::SslInternalError, +@@ -1681,8 +1688,12 @@ bool QSslSocketBackendPrivate::checkOcspStatus() + void QSslSocketBackendPrivate::disconnectFromHost() + { + if (ssl) { +-if (!shutdown) { +-q_SSL_shutdown(ssl); ++if (!shutdown && !q_SSL_in_init(ssl) && !systemOrSslErrorDetected) { ++if (q_SSL_shutdown(ssl) != 1) { ++// Some error may be queued, clear it.
[gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
commit: 568a924b3f62d0acff635b2379aedd85ebbc0b99 Author: Stefan Strogin gentoo org> AuthorDate: Wed May 27 08:26:20 2020 + Commit: Stefan Strogin gentoo org> CommitDate: Thu May 28 05:50:22 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=568a924b dev-qt/qtnetwork: add patch for LibreSSL Closes: https://bugs.gentoo.org/562050 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Stefan Strogin gentoo.org> .../files/qtnetwork-5.15.0-libressl.patch | 340 + dev-qt/qtnetwork/qtnetwork-5.15.0.ebuild | 9 +- 2 files changed, 347 insertions(+), 2 deletions(-) diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.0-libressl.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.0-libressl.patch new file mode 100644 index 000..d0a4796639b --- /dev/null +++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.0-libressl.patch @@ -0,0 +1,340 @@ +From 4774fcd31a49f6f193bf10990601ad494fab2013 Mon Sep 17 00:00:00 2001 +From: Stefan Strogin +Date: Wed, 5 Feb 2020 03:49:35 +0200 +Subject: [PATCH] QSslSocket - add LibreSSL support + +Upstream-Status: Inappropriate +[Upstream is not willing to accept any patches for LibreSSL support] +Signed-off-by: Stefan Strogin +--- + src/network/ssl/qsslcertificate_openssl.cpp | 2 +- + src/network/ssl/qsslcontext_openssl.cpp | 17 +++- + src/network/ssl/qsslcontext_openssl_p.h | 7 +++ + src/network/ssl/qsslsocket_openssl.cpp| 2 +- + .../ssl/qsslsocket_openssl_symbols.cpp| 25 +++ + .../ssl/qsslsocket_openssl_symbols_p.h| 43 +++ + 6 files changed, 93 insertions(+), 3 deletions(-) + +diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp +index 6f1fb26a..eba5a729 100644 +--- a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp +@@ -658,7 +658,7 @@ static QMultiMap _q_mapFromX509Name(X509_NAME *name) + unsigned char *data = nullptr; + int size = q_ASN1_STRING_to_UTF8(, q_X509_NAME_ENTRY_get_data(e)); + info.insert(name, QString::fromUtf8((char*)data, size)); +-#if QT_CONFIG(opensslv11) ++#if QT_CONFIG(opensslv11) && !defined(LIBRESSL_VERSION_NUMBER) + q_CRYPTO_free(data, nullptr, 0); + #else + q_CRYPTO_free(data); +diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp +index 0aa8a4f4..f161af8a 100644 +--- a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp +@@ -397,16 +397,28 @@ init_context: + maxVersion = DTLS1_VERSION; + break; + case QSsl::DtlsV1_0OrLater: ++#ifdef DTLS_MAX_VERSION + minVersion = DTLS1_VERSION; + maxVersion = DTLS_MAX_VERSION; ++#else ++Q_UNREACHABLE(); ++#endif // DTLS_MAX_VERSION + break; + case QSsl::DtlsV1_2: ++#ifdef DTLS1_2_VERSION + minVersion = DTLS1_2_VERSION; + maxVersion = DTLS1_2_VERSION; ++#else ++Q_UNREACHABLE(); ++#endif // DTLS1_2_VERSION + break; + case QSsl::DtlsV1_2OrLater: ++#if defined(DTLS1_2_VERSION) && defined(DTLS_MAX_VERSION) + minVersion = DTLS1_2_VERSION; + maxVersion = DTLS_MAX_VERSION; ++#else ++Q_UNREACHABLE(); ++#endif // DTLS1_2_VERSION && DTLS_MAX_VERSION + break; + case QSsl::TlsV1_3OrLater: + #ifdef TLS1_3_VERSION +@@ -696,6 +708,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext) + } + #endif // ocsp + ++#ifndef LIBRESSL_VERSION_NUMBER + QSharedPointer cctx(q_SSL_CONF_CTX_new(), _SSL_CONF_CTX_free); + if (cctx) { + q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx); +@@ -742,7 +755,9 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext) + sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_finish() failed")); + sslContext->errorCode = QSslError::UnspecifiedError; + } +-} else { ++} else ++#endif // LIBRESSL_VERSION_NUMBER ++{ + sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_CTX_new() failed")); + sslContext->errorCode = QSslError::UnspecifiedError; + } +diff --git a/src/network/ssl/qsslcontext_openssl_p.h b/src/network/ssl/qsslcontext_openssl_p.h +index 70cb97aa..01a61cf5 100644 +--- a/src/network/ssl/qsslcontext_openssl_p.h b/src/network/ssl/qsslcontext_openssl_p.h +@@ -61,6 +61,13 @@ + + QT_BEGIN_NAMESPACE + ++#ifndef DTLS_ANY_VERSION ++#define DTLS_ANY_VERSION 0x1 ++#endif ++#ifndef TLS_ANY_VERSION ++#define TLS_ANY_VERSION 0x1 ++#endif ++ + #ifndef QT_NO_SSL + + class QSslContextPrivate; +diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +index 4be27aff..1f33911e 100644 +--- a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +@@ -598,7 +598,7 @@ bool