From 40e2ec24a753a94dbac9b2719ddee998c908563c Mon Sep 17 00:00:00 2001 From: Stefan Strogin Date: Thu, 16 Jul 2020 10:53:29 +0300 Subject: dev-qt/qtnetwork: add patch to fix CVE-2020-13962 in 5.14.2 Closes: https://github.com/gentoo/libressl/issues/321 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Stefan Strogin --- .../files/qtnetwork-5.14.2-CVE-2020-13962.patch | 172 +++++++++++++++++++++ dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild | 71 +++++++++ dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild | 70 --------- 3 files changed, 243 insertions(+), 70 deletions(-) create mode 100644 dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch create mode 100644 dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild delete mode 100644 dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch new file mode 100644 index 0000000..9bbdda6 --- /dev/null +++ b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch @@ -0,0 +1,172 @@ +From 8ddffc6ba4f38bb8dbeb0cf61b6b10ee73505bbb Mon Sep 17 00:00:00 2001 +From: Timur Pocheptsov +Date: Mon, 13 Apr 2020 20:31:34 +0200 +Subject: [PATCH] OpenSSL: handle SSL_shutdown's errors properly +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Do not call SSL_shutdown on a session that is in handshake state (SSL_in_init(s) +returns 1). Also, do not call SSL_shutdown if a session encountered a fatal +error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown +was unsuccessful (returned code != 1), we have to clear the error(s) it queued. +Unfortunately, SSL_in_init was a macro in OpenSSL 1.0.x. We have to +resolve SSL_state to implement SSL_in_init. + +Fixes: QTBUG-83450 +Change-Id: I6326119f4e79605429263045ac20605c30dccca3 +Reviewed-by: MÃ¥rten Nordheim +(cherry picked from commit 8907635da59c2ae0e8db01f27b24a841b830e655) +--- + src/network/ssl/qsslsocket.cpp | 2 +- + src/network/ssl/qsslsocket_openssl.cpp | 23 ++++++++++++++++------ + src/network/ssl/qsslsocket_openssl11_symbols_p.h | 7 +++++++ + src/network/ssl/qsslsocket_openssl_symbols.cpp | 8 ++++++++ + .../ssl/qsslsocket_opensslpre11_symbols_p.h | 2 ++ + src/network/ssl/qsslsocket_p.h | 1 + + 6 files changed, 36 insertions(+), 7 deletions(-) + +diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp +index 4e9e9472631..5c9e589ec39 100644 +--- a/src/network/ssl/qsslsocket.cpp ++++ b/src/network/ssl/qsslsocket.cpp +@@ -2166,7 +2166,7 @@ void QSslSocketPrivate::init() + pendingClose = false; + flushTriggered = false; + ocspResponses.clear(); +- ++ systemOrSslErrorDetected = false; + // we don't want to clear the ignoreErrorsList, so + // that it is possible setting it before connecting + // ignoreErrorsList.clear(); +diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +index 51510f1c60b..855865209bc 100644 +--- a/src/network/ssl/qsslsocket_openssl.cpp ++++ b/src/network/ssl/qsslsocket_openssl.cpp +@@ -648,10 +648,16 @@ bool QSslSocketBackendPrivate::initSslContext() + void QSslSocketBackendPrivate::destroySslContext() + { + if (ssl) { +- // We do not send a shutdown alert here. Just mark the session as +- // resumable for qhttpnetworkconnection's "optimization", otherwise +- // OpenSSL won't start a session resumption. +- q_SSL_shutdown(ssl); ++ if (!q_SSL_in_init(ssl) && !systemOrSslErrorDetected) { ++ // We do not send a shutdown alert here. Just mark the session as ++ // resumable for qhttpnetworkconnection's "optimization", otherwise ++ // OpenSSL won't start a session resumption. ++ if (q_SSL_shutdown(ssl) != 1) { ++ // Some error may be queued, clear it. ++ const auto errors = getErrorsFromOpenSsl(); ++ Q_UNUSED(errors); ++ } ++ } + q_SSL_free(ssl); + ssl = nullptr; + } +@@ -1084,6 +1090,7 @@ void QSslSocketBackendPrivate::transmit() + case SSL_ERROR_SSL: // error in the SSL library + // we do not know exactly what the error is, nor whether we can recover from it, + // so just return to prevent an endless loop in the outer "while" statement ++ systemOrSslErrorDetected = true; + { + const ScopedBool bg(inSetAndEmitError, true); + setErrorAndEmit(QAbstractSocket::SslInternalError, +@@ -1681,8 +1688,12 @@ bool QSslSocketBackendPrivate::checkOcspStatus() + void QSslSocketBackendPrivate::disconnectFromHost() + { + if (ssl) { +- if (!shutdown) { +- q_SSL_shutdown(ssl); ++ if (!shutdown && !q_SSL_in_init(ssl) && !systemOrSslErrorDetected) { ++ if (q_SSL_shutdown(ssl) != 1) { ++ // Some error may be queued, clear it. ++ const auto errors = getErrorsFromOpenSsl(); ++ Q_UNUSED(errors); ++ } + shutdown = true; + transmit(); + } +diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h +index 0fe0899d4fd..b7193ad1807 100644 +--- a/src/network/ssl/qsslsocket_openssl11_symbols_p.h ++++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h +@@ -192,4 +192,11 @@ typedef int (*q_SSL_psk_use_session_cb_func_t)(SSL *, const EVP_MD *, const unsi + } + void q_SSL_set_psk_use_session_callback(SSL *s, q_SSL_psk_use_session_cb_func_t); + ++#if OPENSSL_VERSION_NUMBER < 0x10101000L ++// What a mess! ++int q_SSL_in_init(SSL *s); ++#else ++int q_SSL_in_init(const SSL *s); ++#endif // 1.1.1 or 1.1.0 ++ + #endif +diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp +index 85029a6ff3f..d1bd84cf25f 100644 +--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp ++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp +@@ -160,6 +160,11 @@ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) + DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) + DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) + DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return) ++#if OPENSSL_VERSION_NUMBER < 0x10101000L ++DEFINEFUNC(int, SSL_in_init, SSL *a, a, return 0, return) ++#else ++DEFINEFUNC(int, SSL_in_init, const SSL *a, a, return 0, return) ++#endif + #ifdef TLS1_3_VERSION + DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return) + DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG) +@@ -242,6 +247,7 @@ DEFINEFUNC2(void, BIO_set_shutdown, BIO *a, a, int shut, shut, return, DUMMYARG) + // Functions below are either deprecated or removed in OpenSSL >= 1.1: + + DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return nullptr, return) ++DEFINEFUNC(int, SSL_state, const SSL *a, a, return 0, return) + + #ifdef SSLEAY_MACROS + DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return nullptr, return) +@@ -971,6 +977,7 @@ bool q_resolveOpenSslSymbols() + #if QT_CONFIG(opensslv11) + + RESOLVEFUNC(OPENSSL_init_ssl) ++ RESOLVEFUNC(SSL_in_init) + RESOLVEFUNC(OPENSSL_init_crypto) + RESOLVEFUNC(ASN1_STRING_get0_data) + RESOLVEFUNC(EVP_CIPHER_CTX_reset) +@@ -1066,6 +1073,7 @@ bool q_resolveOpenSslSymbols() + #else // !opensslv11 + + RESOLVEFUNC(ASN1_STRING_data) ++ RESOLVEFUNC(SSL_state) + + #ifdef SSLEAY_MACROS + RESOLVEFUNC(ASN1_dup) +diff --git a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h +index f5626d5d164..92841017793 100644 +--- a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h ++++ b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h +@@ -121,6 +121,8 @@ SSL_CTX *q_SSL_CTX_new(const SSL_METHOD *a); + + int q_SSL_library_init(); + void q_SSL_load_error_strings(); ++int q_SSL_state(const SSL *a); ++#define q_SSL_in_init(a) (q_SSL_state(a) & SSL_ST_INIT) + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L + int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h +index daa9be23f4a..350b1f1fc18 100644 +--- a/src/network/ssl/qsslsocket_p.h ++++ b/src/network/ssl/qsslsocket_p.h +@@ -208,6 +208,7 @@ protected: + bool verifyErrorsHaveBeenIgnored(); + bool paused; + bool flushTriggered; ++ bool systemOrSslErrorDetected = false; + QVector ocspResponses; + }; + +-- +2.16.3 diff --git a/dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild new file mode 100644 index 0000000..fec0386 --- /dev/null +++ b/dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +QT5_MODULE="qtbase" +inherit qt5-build + +DESCRIPTION="Network abstraction library for the Qt5 framework" + +if [[ ${QT5_BUILD_TYPE} == release ]]; then + KEYWORDS="amd64 arm arm64 ~hppa ppc ppc64 ~sparc x86" +fi + +IUSE="bindist connman gssapi libproxy libressl networkmanager sctp +ssl" + +DEPEND=" + ~dev-qt/qtcore-${PV}:5= + sys-libs/zlib:= + connman? ( ~dev-qt/qtdbus-${PV} ) + gssapi? ( virtual/krb5 ) + libproxy? ( net-libs/libproxy ) + networkmanager? ( ~dev-qt/qtdbus-${PV} ) + sctp? ( kernel_linux? ( net-misc/lksctp-tools ) ) + ssl? ( + !libressl? ( dev-libs/openssl:0=[bindist=] ) + libressl? ( dev-libs/libressl:0= ) + ) +" +RDEPEND="${DEPEND} + connman? ( net-misc/connman ) + networkmanager? ( net-misc/networkmanager ) +" + +PATCHES=( + "${FILESDIR}/${P}-CVE-2020-13962.patch" # bug 727604, QTBUG-83450 + "${FILESDIR}"/${PN}-5.12.1-libressl.patch + "${FILESDIR}"/${PN}-5.12.4-libressl.patch +) + +QT5_TARGET_SUBDIRS=( + src/network + src/plugins/bearer/generic +) + +QT5_GENTOO_CONFIG=( + libproxy:libproxy: + ssl::SSL + ssl::OPENSSL + ssl:openssl-linked:LINKED_OPENSSL +) + +QT5_GENTOO_PRIVATE_CONFIG=( + :network +) + +pkg_setup() { + use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman) + use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager) +} + +src_configure() { + local myconf=( + $(usex connman -dbus-linked '') + $(usex gssapi -feature-gssapi -no-feature-gssapi) + $(qt_use libproxy) + $(usex networkmanager -dbus-linked '') + $(qt_use sctp) + $(usex ssl -openssl-linked '') + ) + qt5-build_src_configure +} diff --git a/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild b/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild deleted file mode 100644 index b470bcd..0000000 --- a/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -QT5_MODULE="qtbase" -inherit qt5-build - -DESCRIPTION="Network abstraction library for the Qt5 framework" - -if [[ ${QT5_BUILD_TYPE} == release ]]; then - KEYWORDS="amd64 arm arm64 ~hppa ppc ppc64 ~sparc x86" -fi - -IUSE="bindist connman gssapi libproxy libressl networkmanager sctp +ssl" - -DEPEND=" - ~dev-qt/qtcore-${PV}:5= - sys-libs/zlib:= - connman? ( ~dev-qt/qtdbus-${PV} ) - gssapi? ( virtual/krb5 ) - libproxy? ( net-libs/libproxy ) - networkmanager? ( ~dev-qt/qtdbus-${PV} ) - sctp? ( kernel_linux? ( net-misc/lksctp-tools ) ) - ssl? ( - !libressl? ( dev-libs/openssl:0=[bindist=] ) - libressl? ( dev-libs/libressl:0= ) - ) -" -RDEPEND="${DEPEND} - connman? ( net-misc/connman ) - networkmanager? ( net-misc/networkmanager ) -" - -PATCHES=( - "${FILESDIR}"/${PN}-5.12.1-libressl.patch - "${FILESDIR}"/${PN}-5.12.4-libressl.patch -) - -QT5_TARGET_SUBDIRS=( - src/network - src/plugins/bearer/generic -) - -QT5_GENTOO_CONFIG=( - libproxy:libproxy: - ssl::SSL - ssl::OPENSSL - ssl:openssl-linked:LINKED_OPENSSL -) - -QT5_GENTOO_PRIVATE_CONFIG=( - :network -) - -pkg_setup() { - use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman) - use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager) -} - -src_configure() { - local myconf=( - $(usex connman -dbus-linked '') - $(usex gssapi -feature-gssapi -no-feature-gssapi) - $(qt_use libproxy) - $(usex networkmanager -dbus-linked '') - $(qt_use sctp) - $(usex ssl -openssl-linked '') - ) - qt5-build_src_configure -} -- cgit v1.2.3-18-g5258