From: "Andreas Sturmlechner" <asturm@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
Date: Wed, 10 Jun 2020 17:53:17 +0000 (UTC) [thread overview]
Message-ID: <1591811549.8ededff26ca832ef16f40e986c3cf85062de3428.asturm@gentoo> (raw)
commit: 8ededff26ca832ef16f40e986c3cf85062de3428
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 9 19:05:03 2020 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Wed Jun 10 17:52:29 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ededff2
dev-qt/qtnetwork: Fix CVE-2020-13962
Tested-by: Sam James (sam_c) <sam <AT> cmpct.info
Closes: https://bugs.gentoo.org/727604
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
.../files/qtnetwork-5.14.2-CVE-2020-13962.patch | 172 +++++++++++++++++++++
dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild | 66 ++++++++
2 files changed, 238 insertions(+)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch
new file mode 100644
index 00000000000..9bbdda61a25
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch
@@ -0,0 +1,172 @@
+From 8ddffc6ba4f38bb8dbeb0cf61b6b10ee73505bbb Mon Sep 17 00:00:00 2001
+From: Timur Pocheptsov <timur.pocheptsov@qt.io>
+Date: Mon, 13 Apr 2020 20:31:34 +0200
+Subject: [PATCH] OpenSSL: handle SSL_shutdown's errors properly
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+Do not call SSL_shutdown on a session that is in handshake state (SSL_in_init(s)
+returns 1). Also, do not call SSL_shutdown if a session encountered a fatal
+error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown
+was unsuccessful (returned code != 1), we have to clear the error(s) it queued.
+Unfortunately, SSL_in_init was a macro in OpenSSL 1.0.x. We have to
+resolve SSL_state to implement SSL_in_init.
+
+Fixes: QTBUG-83450
+Change-Id: I6326119f4e79605429263045ac20605c30dccca3
+Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
+(cherry picked from commit 8907635da59c2ae0e8db01f27b24a841b830e655)
+---
+ src/network/ssl/qsslsocket.cpp | 2 +-
+ src/network/ssl/qsslsocket_openssl.cpp | 23 ++++++++++++++++------
+ src/network/ssl/qsslsocket_openssl11_symbols_p.h | 7 +++++++
+ src/network/ssl/qsslsocket_openssl_symbols.cpp | 8 ++++++++
+ .../ssl/qsslsocket_opensslpre11_symbols_p.h | 2 ++
+ src/network/ssl/qsslsocket_p.h | 1 +
+ 6 files changed, 36 insertions(+), 7 deletions(-)
+
+diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
+index 4e9e9472631..5c9e589ec39 100644
+--- a/src/network/ssl/qsslsocket.cpp
++++ b/src/network/ssl/qsslsocket.cpp
+@@ -2166,7 +2166,7 @@ void QSslSocketPrivate::init()
+ pendingClose = false;
+ flushTriggered = false;
+ ocspResponses.clear();
+-
++ systemOrSslErrorDetected = false;
+ // we don't want to clear the ignoreErrorsList, so
+ // that it is possible setting it before connecting
+ // ignoreErrorsList.clear();
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index 51510f1c60b..855865209bc 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -648,10 +648,16 @@ bool QSslSocketBackendPrivate::initSslContext()
+ void QSslSocketBackendPrivate::destroySslContext()
+ {
+ if (ssl) {
+- // We do not send a shutdown alert here. Just mark the session as
+- // resumable for qhttpnetworkconnection's "optimization", otherwise
+- // OpenSSL won't start a session resumption.
+- q_SSL_shutdown(ssl);
++ if (!q_SSL_in_init(ssl) && !systemOrSslErrorDetected) {
++ // We do not send a shutdown alert here. Just mark the session as
++ // resumable for qhttpnetworkconnection's "optimization", otherwise
++ // OpenSSL won't start a session resumption.
++ if (q_SSL_shutdown(ssl) != 1) {
++ // Some error may be queued, clear it.
++ const auto errors = getErrorsFromOpenSsl();
++ Q_UNUSED(errors);
++ }
++ }
+ q_SSL_free(ssl);
+ ssl = nullptr;
+ }
+@@ -1084,6 +1090,7 @@ void QSslSocketBackendPrivate::transmit()
+ case SSL_ERROR_SSL: // error in the SSL library
+ // we do not know exactly what the error is, nor whether we can recover from it,
+ // so just return to prevent an endless loop in the outer "while" statement
++ systemOrSslErrorDetected = true;
+ {
+ const ScopedBool bg(inSetAndEmitError, true);
+ setErrorAndEmit(QAbstractSocket::SslInternalError,
+@@ -1681,8 +1688,12 @@ bool QSslSocketBackendPrivate::checkOcspStatus()
+ void QSslSocketBackendPrivate::disconnectFromHost()
+ {
+ if (ssl) {
+- if (!shutdown) {
+- q_SSL_shutdown(ssl);
++ if (!shutdown && !q_SSL_in_init(ssl) && !systemOrSslErrorDetected) {
++ if (q_SSL_shutdown(ssl) != 1) {
++ // Some error may be queued, clear it.
++ const auto errors = getErrorsFromOpenSsl();
++ Q_UNUSED(errors);
++ }
+ shutdown = true;
+ transmit();
+ }
+diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
+index 0fe0899d4fd..b7193ad1807 100644
+--- a/src/network/ssl/qsslsocket_openssl11_symbols_p.h
++++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
+@@ -192,4 +192,11 @@ typedef int (*q_SSL_psk_use_session_cb_func_t)(SSL *, const EVP_MD *, const unsi
+ }
+ void q_SSL_set_psk_use_session_callback(SSL *s, q_SSL_psk_use_session_cb_func_t);
+
++#if OPENSSL_VERSION_NUMBER < 0x10101000L
++// What a mess!
++int q_SSL_in_init(SSL *s);
++#else
++int q_SSL_in_init(const SSL *s);
++#endif // 1.1.1 or 1.1.0
++
+ #endif
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+index 85029a6ff3f..d1bd84cf25f 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+@@ -160,6 +160,11 @@ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
+ DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
+ DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
+ DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
++#if OPENSSL_VERSION_NUMBER < 0x10101000L
++DEFINEFUNC(int, SSL_in_init, SSL *a, a, return 0, return)
++#else
++DEFINEFUNC(int, SSL_in_init, const SSL *a, a, return 0, return)
++#endif
+ #ifdef TLS1_3_VERSION
+ DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
+ DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
+@@ -242,6 +247,7 @@ DEFINEFUNC2(void, BIO_set_shutdown, BIO *a, a, int shut, shut, return, DUMMYARG)
+ // Functions below are either deprecated or removed in OpenSSL >= 1.1:
+
+ DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return nullptr, return)
++DEFINEFUNC(int, SSL_state, const SSL *a, a, return 0, return)
+
+ #ifdef SSLEAY_MACROS
+ DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return nullptr, return)
+@@ -971,6 +977,7 @@ bool q_resolveOpenSslSymbols()
+ #if QT_CONFIG(opensslv11)
+
+ RESOLVEFUNC(OPENSSL_init_ssl)
++ RESOLVEFUNC(SSL_in_init)
+ RESOLVEFUNC(OPENSSL_init_crypto)
+ RESOLVEFUNC(ASN1_STRING_get0_data)
+ RESOLVEFUNC(EVP_CIPHER_CTX_reset)
+@@ -1066,6 +1073,7 @@ bool q_resolveOpenSslSymbols()
+ #else // !opensslv11
+
+ RESOLVEFUNC(ASN1_STRING_data)
++ RESOLVEFUNC(SSL_state)
+
+ #ifdef SSLEAY_MACROS
+ RESOLVEFUNC(ASN1_dup)
+diff --git a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
+index f5626d5d164..92841017793 100644
+--- a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
++++ b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
+@@ -121,6 +121,8 @@ SSL_CTX *q_SSL_CTX_new(const SSL_METHOD *a);
+
+ int q_SSL_library_init();
+ void q_SSL_load_error_strings();
++int q_SSL_state(const SSL *a);
++#define q_SSL_in_init(a) (q_SSL_state(a) & SSL_ST_INIT)
+
+ #if OPENSSL_VERSION_NUMBER >= 0x10001000L
+ int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
+index daa9be23f4a..350b1f1fc18 100644
+--- a/src/network/ssl/qsslsocket_p.h
++++ b/src/network/ssl/qsslsocket_p.h
+@@ -208,6 +208,7 @@ protected:
+ bool verifyErrorsHaveBeenIgnored();
+ bool paused;
+ bool flushTriggered;
++ bool systemOrSslErrorDetected = false;
+ QVector<QOcspResponse> ocspResponses;
+ };
+
+--
+2.16.3
diff --git a/dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild
new file mode 100644
index 00000000000..dcb5a062aad
--- /dev/null
+++ b/dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild
@@ -0,0 +1,66 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="Network abstraction library for the Qt5 framework"
+
+if [[ ${QT5_BUILD_TYPE} == release ]]; then
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+IUSE="bindist connman gssapi libproxy networkmanager sctp +ssl"
+
+DEPEND="
+ ~dev-qt/qtcore-${PV}:5=
+ sys-libs/zlib:=
+ connman? ( ~dev-qt/qtdbus-${PV} )
+ gssapi? ( virtual/krb5 )
+ libproxy? ( net-libs/libproxy )
+ networkmanager? ( ~dev-qt/qtdbus-${PV} )
+ sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
+ ssl? ( dev-libs/openssl:0=[bindist=] )
+"
+RDEPEND="${DEPEND}
+ connman? ( net-misc/connman )
+ networkmanager? ( net-misc/networkmanager )
+"
+
+QT5_TARGET_SUBDIRS=(
+ src/network
+ src/plugins/bearer/generic
+)
+
+QT5_GENTOO_CONFIG=(
+ libproxy:libproxy:
+ ssl::SSL
+ ssl::OPENSSL
+ ssl:openssl-linked:LINKED_OPENSSL
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :network
+)
+
+PATCHES=(
+ "${FILESDIR}/${P}-CVE-2020-13962.patch" # bug 727604, QTBUG-83450
+)
+
+pkg_setup() {
+ use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
+ use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
+}
+
+src_configure() {
+ local myconf=(
+ $(usex connman -dbus-linked '')
+ $(usex gssapi -feature-gssapi -no-feature-gssapi)
+ $(qt_use libproxy)
+ $(usex networkmanager -dbus-linked '')
+ $(qt_use sctp)
+ $(usex ssl -openssl-linked '')
+ )
+ qt5-build_src_configure
+}
next reply other threads:[~2020-06-10 17:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-10 17:53 Andreas Sturmlechner [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-05-20 18:03 [gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/ Andreas Sturmlechner
2020-11-28 20:26 Andreas Sturmlechner
2020-05-28 5:52 Stefan Strogin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1591811549.8ededff26ca832ef16f40e986c3cf85062de3428.asturm@gentoo \
--to=asturm@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox