* [gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/files/, dev-qt/qtnetwork/
@ 2021-01-02 1:23 Andreas Sturmlechner
0 siblings, 0 replies; 6+ messages in thread
From: Andreas Sturmlechner @ 2021-01-02 1:23 UTC (permalink / raw
To: gentoo-commits
commit: 68426bc06c976362ef7cc51e57a676535e7e310e
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 1 16:56:08 2021 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sat Jan 2 01:22:33 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68426bc0
dev-qt/qtnetwork: Fix memleak in QNetworkAccessManager
See also: https://bugreports.qt.io/browse/QTBUG-88063
Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
...work-5.15.2-QNetworkAccessManager-memleak.patch | 41 +++++++++++
dev-qt/qtnetwork/qtnetwork-5.15.2-r1.ebuild | 80 ++++++++++++++++++++++
2 files changed, 121 insertions(+)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.2-QNetworkAccessManager-memleak.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-QNetworkAccessManager-memleak.patch
new file mode 100644
index 00000000000..be2c1f6e1a0
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-QNetworkAccessManager-memleak.patch
@@ -0,0 +1,41 @@
+From 0807f16eb407eaf8a5b34b67602d0a97778d945d Mon Sep 17 00:00:00 2001
+From: =?utf8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
+Date: Fri, 6 Nov 2020 12:51:42 +0100
+Subject: [PATCH] QNAM: Work around QObject finicky orphan cleanup details
+
+Details described in a comment.
+
+Task-number: QTBUG-88063
+Change-Id: I763ecfedf518de97615e04a8eaae0fe1fd784f52
+Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
+(cherry picked from commit 1c6d6cbb62c5e93cbcad2d740c3b0ed01095618c)
+Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
+---
+ src/network/access/qnetworkreplyhttpimpl.cpp | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/network/access/qnetworkreplyhttpimpl.cpp b/src/network/access/qnetworkreplyhttpimpl.cpp
+index 21916f53f15..727c1a0316d 100644
+--- a/src/network/access/qnetworkreplyhttpimpl.cpp
++++ b/src/network/access/qnetworkreplyhttpimpl.cpp
+@@ -808,7 +808,17 @@ void QNetworkReplyHttpImplPrivate::postRequest(const QNetworkRequest &newHttpReq
+
+ // For the synchronous HTTP, this is the normal way the delegate gets deleted
+ // For the asynchronous HTTP this is a safety measure, the delegate deletes itself when HTTP is finished
+- QObject::connect(thread, SIGNAL(finished()), delegate, SLOT(deleteLater()));
++ QMetaObject::Connection threadFinishedConnection =
++ QObject::connect(thread, SIGNAL(finished()), delegate, SLOT(deleteLater()));
++
++ // QTBUG-88063: When 'delegate' is deleted the connection will be added to 'thread''s orphaned
++ // connections list. This orphaned list will be cleaned up next time 'thread' emits a signal,
++ // unfortunately that's the finished signal. It leads to a soft-leak so we do this to disconnect
++ // it on deletion so that it cleans up the orphan immediately.
++ QObject::connect(delegate, &QObject::destroyed, delegate, [threadFinishedConnection]() {
++ if (bool(threadFinishedConnection))
++ QObject::disconnect(threadFinishedConnection);
++ });
+
+ // Set the properties it needs
+ delegate->httpRequest = httpRequest;
+--
+2.16.3
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.2-r1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.2-r1.ebuild
new file mode 100644
index 00000000000..9d366649d1c
--- /dev/null
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.2-r1.ebuild
@@ -0,0 +1,80 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="Network abstraction library for the Qt5 framework"
+
+if [[ ${QT5_BUILD_TYPE} == release ]]; then
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+IUSE="bindist connman gssapi libressl libproxy networkmanager sctp +ssl"
+
+DEPEND="
+ ~dev-qt/qtcore-${PV}:5=
+ sys-libs/zlib:=
+ connman? ( ~dev-qt/qtdbus-${PV} )
+ gssapi? ( virtual/krb5 )
+ libproxy? ( net-libs/libproxy )
+ networkmanager? ( ~dev-qt/qtdbus-${PV} )
+ sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
+ ssl? (
+ !libressl? ( >=dev-libs/openssl-1.1.1:0=[bindist=] )
+ libressl? ( dev-libs/libressl:0= )
+ )
+"
+RDEPEND="${DEPEND}
+ connman? ( net-misc/connman )
+ networkmanager? ( net-misc/networkmanager )
+"
+
+QT5_TARGET_SUBDIRS=(
+ src/network
+ src/plugins/bearer/generic
+)
+
+QT5_GENTOO_CONFIG=(
+ libproxy:libproxy:
+ ssl::SSL
+ ssl::OPENSSL
+ ssl:openssl-linked:LINKED_OPENSSL
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :network
+)
+
+PATCHES=(
+ "${FILESDIR}"/${P}-QNetworkAccessManager-memleak.patch # QTBUG-88063
+ "${FILESDIR}"/${PN}-5.15.2-libressl.patch # Bug 562050, not upstreamable
+)
+
+pkg_setup() {
+ use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
+ use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
+}
+
+src_configure() {
+ local myconf=(
+ $(usex connman -dbus-linked '')
+ $(usex gssapi -feature-gssapi -no-feature-gssapi)
+ $(qt_use libproxy)
+ $(usex networkmanager -dbus-linked '')
+ $(qt_use sctp)
+ $(usex ssl -openssl-linked '')
+ )
+ qt5-build_src_configure
+}
+
+src_install() {
+ qt5-build_src_install
+ # workaround for bug 652650
+ if use ssl; then
+ sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
+ -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
+ fi
+}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/files/, dev-qt/qtnetwork/
@ 2021-05-01 18:07 Sam James
0 siblings, 0 replies; 6+ messages in thread
From: Sam James @ 2021-05-01 18:07 UTC (permalink / raw
To: gentoo-commits
commit: 84319c889c967447a38c60c46ca9acb1ec2599ac
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 1 17:31:06 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 1 18:06:24 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84319c88
dev-qt/qtnetwork: drop obsolete LibreSSL patch
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/qtnetwork-5.15.2-libressl.patch | 377 ---------------------
dev-qt/qtnetwork/qtnetwork-5.15.2-r1.ebuild | 1 -
2 files changed, 378 deletions(-)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.2-libressl.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-libressl.patch
deleted file mode 100644
index f7fe32f06e4..00000000000
--- a/dev-qt/qtnetwork/files/qtnetwork-5.15.2-libressl.patch
+++ /dev/null
@@ -1,377 +0,0 @@
-From 07a00f9c6d87f1fa5360cfb8f086670f3fa5bd3f Mon Sep 17 00:00:00 2001
-From: Stefan Strogin <steils@gentoo.org>
-Date: Sat, 28 Nov 2020 06:12:22 +0200
-Subject: [PATCH] QSslSocket: add LibreSSL support
-
-Upstream-Status: Inappropriate
-[Upstream is not willing to accept any patches for LibreSSL support]
-Signed-off-by: Stefan Strogin <steils@gentoo.org>
----
- src/network/ssl/qsslcertificate_openssl.cpp | 2 +-
- src/network/ssl/qsslcontext_openssl.cpp | 19 +++++++-
- src/network/ssl/qsslcontext_openssl_p.h | 7 +++
- src/network/ssl/qsslsocket_openssl.cpp | 2 +-
- .../ssl/qsslsocket_openssl_symbols.cpp | 31 +++++++++++++
- .../ssl/qsslsocket_openssl_symbols_p.h | 45 +++++++++++++++++++
- 6 files changed, 103 insertions(+), 3 deletions(-)
-
-diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp
-index ca9d61cc..19774432 100644
---- a/src/network/ssl/qsslcertificate_openssl.cpp
-+++ b/src/network/ssl/qsslcertificate_openssl.cpp
-@@ -661,7 +661,7 @@ static QMultiMap<QByteArray, QString> _q_mapFromX509Name(X509_NAME *name)
- unsigned char *data = nullptr;
- int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
- info.insert(name, QString::fromUtf8((char*)data, size));
--#if QT_CONFIG(opensslv11)
-+#if QT_CONFIG(opensslv11) && !defined(LIBRESSL_VERSION_NUMBER)
- q_CRYPTO_free(data, nullptr, 0);
- #else
- q_CRYPTO_free(data);
-diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp
-index c9f202f5..d3626cab 100644
---- a/src/network/ssl/qsslcontext_openssl.cpp
-+++ b/src/network/ssl/qsslcontext_openssl.cpp
-@@ -351,9 +351,11 @@ init_context:
- return;
- }
-
-+#ifndef LIBRESSL_VERSION_NUMBER
- // A nasty hacked OpenSSL using a level that will make our auto-tests fail:
- if (q_SSL_CTX_get_security_level(sslContext->ctx) > 1 && *forceSecurityLevel())
- q_SSL_CTX_set_security_level(sslContext->ctx, 1);
-+#endif // LIBRESSL_VERSION_NUMBER
-
- const long anyVersion =
- #if QT_CONFIG(dtls)
-@@ -408,16 +410,28 @@ init_context:
- maxVersion = DTLS1_VERSION;
- break;
- case QSsl::DtlsV1_0OrLater:
-+#ifdef DTLS_MAX_VERSION
- minVersion = DTLS1_VERSION;
- maxVersion = DTLS_MAX_VERSION;
-+#else
-+ Q_UNREACHABLE();
-+#endif // DTLS_MAX_VERSION
- break;
- case QSsl::DtlsV1_2:
-+#ifdef DTLS1_2_VERSION
- minVersion = DTLS1_2_VERSION;
- maxVersion = DTLS1_2_VERSION;
-+#else
-+ Q_UNREACHABLE();
-+#endif // DTLS1_2_VERSION
- break;
- case QSsl::DtlsV1_2OrLater:
-+#if defined(DTLS1_2_VERSION) && defined(DTLS_MAX_VERSION)
- minVersion = DTLS1_2_VERSION;
- maxVersion = DTLS_MAX_VERSION;
-+#else
-+ Q_UNREACHABLE();
-+#endif // DTLS1_2_VERSION && DTLS_MAX_VERSION
- break;
- case QSsl::TlsV1_3OrLater:
- #ifdef TLS1_3_VERSION
-@@ -722,6 +736,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext)
- }
- #endif // ocsp
-
-+#ifndef LIBRESSL_VERSION_NUMBER
- QSharedPointer<SSL_CONF_CTX> cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free);
- if (cctx) {
- q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx);
-@@ -768,7 +783,9 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext)
- sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_finish() failed"));
- sslContext->errorCode = QSslError::UnspecifiedError;
- }
-- } else {
-+ } else
-+#endif // LIBRESSL_VERSION_NUMBER
-+ {
- sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_CTX_new() failed"));
- sslContext->errorCode = QSslError::UnspecifiedError;
- }
-diff --git a/src/network/ssl/qsslcontext_openssl_p.h b/src/network/ssl/qsslcontext_openssl_p.h
-index 70cb97aa..01a61cf5 100644
---- a/src/network/ssl/qsslcontext_openssl_p.h
-+++ b/src/network/ssl/qsslcontext_openssl_p.h
-@@ -61,6 +61,13 @@
-
- QT_BEGIN_NAMESPACE
-
-+#ifndef DTLS_ANY_VERSION
-+#define DTLS_ANY_VERSION 0x1FFFF
-+#endif
-+#ifndef TLS_ANY_VERSION
-+#define TLS_ANY_VERSION 0x10000
-+#endif
-+
- #ifndef QT_NO_SSL
-
- class QSslContextPrivate;
-diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
-index 277037e5..f599498d 100644
---- a/src/network/ssl/qsslsocket_openssl.cpp
-+++ b/src/network/ssl/qsslsocket_openssl.cpp
-@@ -653,7 +653,7 @@ bool QSslSocketBackendPrivate::initSslContext()
- else if (mode == QSslSocket::SslServerMode)
- q_SSL_set_psk_server_callback(ssl, &q_ssl_psk_server_callback);
-
--#if OPENSSL_VERSION_NUMBER >= 0x10101006L
-+#if OPENSSL_VERSION_NUMBER >= 0x10101006L && !defined(LIBRESSL_VERSION_NUMBER)
- // Set the client callback for TLSv1.3 PSK
- if (mode == QSslSocket::SslClientMode
- && QSslSocket::sslLibraryBuildVersionNumber() >= 0x10101006L) {
-diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
-index ed80fc14..6941b4db 100644
---- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
-+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
-@@ -145,11 +145,14 @@ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return nullptr, return
- DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return)
- DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return)
- DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return)
-+#ifdef OPENSSL_NO_DEPRECATED_3_0
- DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return)
- DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return)
- DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return)
-+#endif // OPENSSL_NO_DEPRECATED_3_0
- DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return)
- DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return)
- DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return)
- DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
-@@ -157,10 +160,20 @@ DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return null
- DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG)
- DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
- DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
-+#else
-+DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return)
-+DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
-+DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return)
-+DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG)
-+DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG)
-+DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return nullptr, return)
-+#endif // LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
- DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return)
- DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return)
-+#endif // LIBRESSL_VERSION_NUMBER
- #ifdef TLS1_3_VERSION
- DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
- DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
-@@ -184,7 +197,11 @@ DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_ver
- DEFINEFUNC3(int, X509_STORE_set_ex_data, X509_STORE *a, a, int idx, idx, void *data, data, return 0, return)
- DEFINEFUNC2(void *, X509_STORE_get_ex_data, X509_STORE *r, r, int idx, idx, return nullptr, return)
- DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return nullptr, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG)
-+#else
-+DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG)
-+#endif
- DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return)
- DEFINEFUNC(const char *, OpenSSL_version, int a, a, return nullptr, return)
- DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return)
-@@ -224,7 +241,9 @@ DEFINEFUNC5(int, OCSP_id_get0_info, ASN1_OCTET_STRING **piNameHash, piNameHash,
- ASN1_OCTET_STRING **piKeyHash, piKeyHash, ASN1_INTEGER **pserial, pserial, OCSP_CERTID *cid, cid,
- return 0, return)
- DEFINEFUNC2(OCSP_RESPONSE *, OCSP_response_create, int status, status, OCSP_BASICRESP *bs, bs, return nullptr, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(const STACK_OF(X509) *, OCSP_resp_get0_certs, const OCSP_BASICRESP *bs, bs, return nullptr, return)
-+#endif
- DEFINEFUNC2(int, OCSP_id_cmp, OCSP_CERTID *a, a, OCSP_CERTID *b, b, return -1, return)
- DEFINEFUNC7(OCSP_SINGLERESP *, OCSP_basic_add1_status, OCSP_BASICRESP *r, r, OCSP_CERTID *c, c, int s, s,
- int re, re, ASN1_TIME *rt, rt, ASN1_TIME *t, t, ASN1_TIME *n, n, return nullptr, return)
-@@ -356,12 +375,14 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a, EVP_PKEY *b, b, return -
- DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return)
- DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
- DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return);
- DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return);
- DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return);
- DEFINEFUNC2(unsigned int, SSL_CONF_CTX_set_flags, SSL_CONF_CTX *a, a, unsigned int b, b, return 0, return);
- DEFINEFUNC(int, SSL_CONF_CTX_finish, SSL_CONF_CTX *a, a, return 0, return);
- DEFINEFUNC3(int, SSL_CONF_cmd, SSL_CONF_CTX *a, a, const char *b, b, const char *c, c, return 0, return);
-+#endif
- DEFINEFUNC(void, SSL_free, SSL *a, a, return, DUMMYARG)
- DEFINEFUNC(STACK_OF(SSL_CIPHER) *, SSL_get_ciphers, const SSL *a, a, return nullptr, return)
- DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return nullptr, return)
-@@ -845,17 +866,21 @@ bool q_resolveOpenSslSymbols()
- RESOLVEFUNC(ASN1_STRING_get0_data)
- RESOLVEFUNC(EVP_CIPHER_CTX_reset)
- RESOLVEFUNC(EVP_PKEY_up_ref)
-+#ifdef OPENSSL_NO_DEPRECATED_3_0
- RESOLVEFUNC(EVP_PKEY_CTX_new)
- RESOLVEFUNC(EVP_PKEY_param_check)
- RESOLVEFUNC(EVP_PKEY_CTX_free)
-+#endif // OPENSSL_NO_DEPRECATED_3_0
- RESOLVEFUNC(EVP_PKEY_base_id)
- RESOLVEFUNC(RSA_bits)
-+#ifndef LIBRESSL_VERSION_NUMBER
- RESOLVEFUNC(OPENSSL_sk_new_null)
- RESOLVEFUNC(OPENSSL_sk_push)
- RESOLVEFUNC(OPENSSL_sk_free)
- RESOLVEFUNC(OPENSSL_sk_num)
- RESOLVEFUNC(OPENSSL_sk_pop_free)
- RESOLVEFUNC(OPENSSL_sk_value)
-+#endif
- RESOLVEFUNC(DH_get0_pqg)
- RESOLVEFUNC(SSL_CTX_set_options)
- RESOLVEFUNC(SSL_CTX_get_security_level)
-@@ -898,7 +923,9 @@ bool q_resolveOpenSslSymbols()
-
- RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
- RESOLVEFUNC(DH_bits)
-+#ifndef LIBRESSL_VERSION_NUMBER
- RESOLVEFUNC(DSA_bits)
-+#endif
-
- #if QT_CONFIG(dtls)
- RESOLVEFUNC(DTLSv1_listen)
-@@ -928,7 +955,9 @@ bool q_resolveOpenSslSymbols()
- RESOLVEFUNC(OCSP_check_validity)
- RESOLVEFUNC(OCSP_cert_to_id)
- RESOLVEFUNC(OCSP_id_get0_info)
-+#ifndef LIBRESSL_VERSION_NUMBER
- RESOLVEFUNC(OCSP_resp_get0_certs)
-+#endif
- RESOLVEFUNC(OCSP_basic_sign)
- RESOLVEFUNC(OCSP_response_create)
- RESOLVEFUNC(i2d_OCSP_RESPONSE)
-@@ -1058,12 +1087,14 @@ bool q_resolveOpenSslSymbols()
- RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
- RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
- RESOLVEFUNC(SSL_CTX_get_cert_store);
-+#ifndef LIBRESSL_VERSION_NUMBER
- RESOLVEFUNC(SSL_CONF_CTX_new);
- RESOLVEFUNC(SSL_CONF_CTX_free);
- RESOLVEFUNC(SSL_CONF_CTX_set_ssl_ctx);
- RESOLVEFUNC(SSL_CONF_CTX_set_flags);
- RESOLVEFUNC(SSL_CONF_CTX_finish);
- RESOLVEFUNC(SSL_CONF_cmd);
-+#endif
- RESOLVEFUNC(SSL_accept)
- RESOLVEFUNC(SSL_clear)
- RESOLVEFUNC(SSL_connect)
-diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
-index c46afcf5..42a31119 100644
---- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
-+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
-@@ -80,6 +80,13 @@ QT_BEGIN_NAMESPACE
-
- #define DUMMYARG
-
-+#ifdef LIBRESSL_VERSION_NUMBER
-+typedef _STACK STACK;
-+typedef STACK OPENSSL_STACK;
-+typedef void OPENSSL_INIT_SETTINGS;
-+typedef int (*X509_STORE_CTX_verify_cb)(int ok,X509_STORE_CTX *ctx);
-+#endif
-+
- #if !defined QT_LINKED_OPENSSL
- // **************** Shared declarations ******************
- // ret func(arg)
-@@ -230,20 +237,43 @@ const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x);
- Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a);
- Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem();
-
-+#ifndef LIBRESSL_VERSION_NUMBER
- int q_DSA_bits(DSA *a);
-+#else
-+#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p)
-+#endif
- int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
- Q_AUTOTEST_EXPORT int q_EVP_PKEY_up_ref(EVP_PKEY *a);
-+#ifdef OPENSSL_NO_DEPRECATED_3_0
- EVP_PKEY_CTX *q_EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
- void q_EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
- int q_EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
-+#endif // OPENSSL_NO_DEPRECATED_3_0
- int q_EVP_PKEY_base_id(EVP_PKEY *a);
- int q_RSA_bits(RSA *a);
-+
-+#ifndef LIBRESSL_VERSION_NUMBER
- Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a);
- Q_AUTOTEST_EXPORT void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *));
- Q_AUTOTEST_EXPORT OPENSSL_STACK *q_OPENSSL_sk_new_null();
- Q_AUTOTEST_EXPORT void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data);
- Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK *a);
- Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b);
-+#else // LIBRESSL_VERSION_NUMBER
-+int q_sk_num(STACK *a);
-+#define q_OPENSSL_sk_num(a) q_sk_num(a)
-+void q_sk_pop_free(STACK *a, void (*b)(void *));
-+#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b)
-+STACK *q_sk_new_null();
-+#define q_OPENSSL_sk_new_null() q_sk_new_null()
-+void q_sk_push(STACK *st, void *data);
-+#define q_OPENSSL_sk_push(st, data) q_sk_push(st, data)
-+void q_sk_free(STACK *a);
-+#define q_OPENSSL_sk_free q_sk_free
-+void *q_sk_value(STACK *a, int b);
-+#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b)
-+#endif // LIBRESSL_VERSION_NUMBER
-+
- int q_SSL_session_reused(SSL *a);
- unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
- int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
-@@ -269,8 +299,13 @@ int q_DH_bits(DH *dh);
- # define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
-
-+#ifndef LIBRESSL_VERSION_NUMBER
- #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st)
- #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i)
-+#else
-+#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
-+#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
-+#endif // LIBRESSL_VERSION_NUMBER
-
- #define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
- | OPENSSL_INIT_ADD_ALL_DIGESTS \
-@@ -279,7 +314,11 @@ int q_DH_bits(DH *dh);
- | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
-
- int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
-+#ifndef LIBRESSL_VERSION_NUMBER
- void q_CRYPTO_free(void *str, const char *file, int line);
-+#else
-+void q_CRYPTO_free(void *a);
-+#endif
-
- long q_OpenSSL_version_num();
- const char *q_OpenSSL_version(int type);
-@@ -497,12 +536,14 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b);
- int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b);
- int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
- X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
-+#ifndef LIBRESSL_VERSION_NUMBER
- SSL_CONF_CTX *q_SSL_CONF_CTX_new();
- void q_SSL_CONF_CTX_free(SSL_CONF_CTX *a);
- void q_SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *a, SSL_CTX *b);
- unsigned int q_SSL_CONF_CTX_set_flags(SSL_CONF_CTX *a, unsigned int b);
- int q_SSL_CONF_CTX_finish(SSL_CONF_CTX *a);
- int q_SSL_CONF_cmd(SSL_CONF_CTX *a, const char *b, const char *c);
-+#endif
- void q_SSL_free(SSL *a);
- STACK_OF(SSL_CIPHER) *q_SSL_get_ciphers(const SSL *a);
- const SSL_CIPHER *q_SSL_get_current_cipher(SSL *a);
-@@ -728,7 +769,11 @@ int q_OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *n
- int q_OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, ASN1_OCTET_STRING **pikeyHash,
- ASN1_INTEGER **pserial, OCSP_CERTID *cid);
-
-+#ifndef LIBRESSL_VERSION_NUMBER
- const STACK_OF(X509) *q_OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
-+#else
-+#define q_OCSP_resp_get0_certs(bs) ((bs)->certs)
-+#endif
- Q_AUTOTEST_EXPORT OCSP_CERTID *q_OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
- Q_AUTOTEST_EXPORT void q_OCSP_CERTID_free(OCSP_CERTID *cid);
- int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
---
-2.29.2
-
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.2-r1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.2-r1.ebuild
index 0db48711372..598505d38d7 100644
--- a/dev-qt/qtnetwork/qtnetwork-5.15.2-r1.ebuild
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.2-r1.ebuild
@@ -50,7 +50,6 @@ QT5_GENTOO_PRIVATE_CONFIG=(
PATCHES=(
"${FILESDIR}"/${P}-QNetworkAccessManager-memleak.patch # QTBUG-88063
- "${FILESDIR}"/${PN}-5.15.2-libressl.patch # Bug 562050, not upstreamable
"${WORKDIR}"/qtbase-${PV}-gcc11.patch # bug 752012
)
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/files/, dev-qt/qtnetwork/
@ 2023-05-23 21:19 Andreas Sturmlechner
0 siblings, 0 replies; 6+ messages in thread
From: Andreas Sturmlechner @ 2023-05-23 21:19 UTC (permalink / raw
To: gentoo-commits
commit: ba6c4d6df5c342444c0ae7c9f640a91a2c8caced
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Tue May 23 21:17:08 2023 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Tue May 23 21:19:23 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba6c4d6d
dev-qt/qtnetwork: Fix CVE-2023-32762
See also: https://www.qt.io/blog/security-advisory-qt-network
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
.../files/qtnetwork-5.15.9-CVE-2023-32762.patch | 39 +++++++++++
dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild | 79 ++++++++++++++++++++++
2 files changed, 118 insertions(+)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch
new file mode 100644
index 000000000000..7509414bd317
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch
@@ -0,0 +1,39 @@
+From a196623892558623e467f20b67edb78794252a09 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
+Date: Fri, 5 May 2023 11:07:26 +0200
+Subject: [PATCH] Hsts: match header names case insensitively (CVE-2023-32762)
+
+Header field names are always considered to be case-insensitive.
+
+Pick-to: 6.5 6.5.1 6.2 5.15
+Fixes: QTBUG-113392
+Change-Id: Ifb4def4bb7f2ac070416cdc76581a769f1e52b43
+Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
+Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
+Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
+(cherry picked from commit 1b736a815be0222f4b24289cf17575fc15707305)
+
+* asturmlechner 2023-05-23: Upstream backport to 5.15 taken from
+ https://www.qt.io/blog/security-advisory-qt-network
+---
+ src/network/access/qhsts.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp
+index 0cef0ad3dc..be7ef7ff58 100644
+--- a/src/network/access/qhsts.cpp
++++ b/src/network/access/qhsts.cpp
+@@ -364,8 +364,8 @@ quoted-pair = "\" CHAR
+ bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers)
+ {
+ for (const auto &h : headers) {
+- // We use '==' since header name was already 'trimmed' for us:
+- if (h.first == "Strict-Transport-Security") {
++ // We compare directly because header name was already 'trimmed' for us:
++ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
+ header = h.second;
+ // RFC6797, 8.1:
+ //
+--
+2.40.1
+
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild
new file mode 100644
index 000000000000..e3f87517c129
--- /dev/null
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild
@@ -0,0 +1,79 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+if [[ ${PV} != *9999* ]]; then
+ QT5_KDEPATCHSET_REV=1
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="Network abstraction library for the Qt5 framework"
+
+IUSE="connman gssapi libproxy networkmanager sctp +ssl"
+
+DEPEND="
+ =dev-qt/qtcore-${QT5_PV}*:5=
+ sys-libs/zlib:=
+ connman? ( =dev-qt/qtdbus-${QT5_PV}* )
+ gssapi? ( virtual/krb5 )
+ libproxy? ( net-libs/libproxy )
+ networkmanager? ( =dev-qt/qtdbus-${QT5_PV}* )
+ sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
+ ssl? ( >=dev-libs/openssl-1.1.1:0= )
+"
+RDEPEND="${DEPEND}
+ connman? ( net-misc/connman )
+ networkmanager? ( net-misc/networkmanager )
+"
+
+PATCHES=(
+ "${FILESDIR}/${P}-QDnsLookup-dont-overflow-the-buffer.patch"
+ "${FILESDIR}/${P}-CVE-2023-32762.patch"
+)
+
+QT5_TARGET_SUBDIRS=(
+ src/network
+ src/plugins/bearer/generic
+)
+
+QT5_GENTOO_CONFIG=(
+ libproxy:libproxy:
+ ssl::SSL
+ ssl::OPENSSL
+ ssl:openssl-linked:LINKED_OPENSSL
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :network
+)
+
+pkg_setup() {
+ use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
+ use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
+}
+
+src_configure() {
+ local myconf=(
+ $(usev connman -dbus-linked)
+ $(qt_use gssapi feature-gssapi)
+ $(qt_use libproxy)
+ $(usev networkmanager -dbus-linked)
+ $(qt_use sctp)
+ $(usev ssl -openssl-linked)
+ )
+ qt5-build_src_configure
+}
+
+src_install() {
+ qt5-build_src_install
+
+ # workaround for bug 652650
+ if use ssl; then
+ sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
+ -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
+ fi
+}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/files/, dev-qt/qtnetwork/
@ 2023-06-10 9:34 Andreas Sturmlechner
0 siblings, 0 replies; 6+ messages in thread
From: Andreas Sturmlechner @ 2023-06-10 9:34 UTC (permalink / raw
To: gentoo-commits
commit: 524acfede1f643d6c8d7ff0c96e977cb2cd18378
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 10 09:31:26 2023 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sat Jun 10 09:32:58 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=524acfed
dev-qt/qtnetwork: Fix CVE-2023-34410
CVE-2023-33285 already fixed in dev-qt/qtnetwork-5.15.9-r2.
Bug: https://bugs.gentoo.org/908085
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
.../files/qtnetwork-5.15.9-CVE-2023-34410.patch | 113 +++++++++++++++++++++
dev-qt/qtnetwork/qtnetwork-5.15.9-r3.ebuild | 81 +++++++++++++++
2 files changed, 194 insertions(+)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-34410.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-34410.patch
new file mode 100644
index 000000000000..3c9145256328
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-34410.patch
@@ -0,0 +1,113 @@
+From 51a3c8d7b8140f0bf6912d14a58bcd0092b868a1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
+Date: Wed, 10 May 2023 16:43:41 +0200
+Subject: [PATCH 1/2] Schannel: Reject certificate not signed by a configured
+ CA certificate
+
+Not entirely clear why, but when building the certificate chain for a
+peer the system certificate store is searched for root certificates.
+General expectation is that after calling
+`sslConfiguration.setCaCertificates()` the system certificates will
+not be taken into consideration.
+
+To work around this behavior, we do a manual check that the root of the
+chain is part of the configured CA certificates.
+
+Pick-to: 6.5 6.2 5.15
+Change-Id: I03666a4d9b0eac39ae97e150b4743120611a11b3
+Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
+Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
+(cherry picked from commit ada2c573c1a25f8d96577734968fe317ddfa292a)
+---
+ src/network/ssl/qsslsocket_schannel.cpp | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/src/network/ssl/qsslsocket_schannel.cpp b/src/network/ssl/qsslsocket_schannel.cpp
+index c956ce3c2b..d1b23af29b 100644
+--- a/src/network/ssl/qsslsocket_schannel.cpp
++++ b/src/network/ssl/qsslsocket_schannel.cpp
+@@ -1880,6 +1880,28 @@ bool QSslSocketBackendPrivate::verifyCertContext(CERT_CONTEXT *certContext)
+ if (configuration.peerVerifyDepth > 0 && DWORD(configuration.peerVerifyDepth) < verifyDepth)
+ verifyDepth = DWORD(configuration.peerVerifyDepth);
+
++ const auto &caCertificates = q->sslConfiguration().caCertificates();
++
++ if (!rootCertOnDemandLoadingAllowed()
++ && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN)
++ && (q->peerVerifyMode() == QSslSocket::VerifyPeer
++ || (isClient && q->peerVerifyMode() == QSslSocket::AutoVerifyPeer))) {
++ // When verifying a peer Windows "helpfully" builds a chain that
++ // may include roots from the system store. But we don't want that if
++ // the user has set their own CA certificates.
++ // Since Windows claims this is not a partial chain the root is included
++ // and we have to check that it is one of our configured CAs.
++ CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1];
++ QSslCertificate certificate = getCertificateFromChainElement(element);
++ if (!caCertificates.contains(certificate)) {
++ auto error = QSslError(QSslError::CertificateUntrusted, certificate);
++ sslErrors += error;
++ emit q->peerVerifyError(error);
++ if (q->state() != QAbstractSocket::ConnectedState)
++ return false;
++ }
++ }
++
+ for (DWORD i = 0; i < verifyDepth; i++) {
+ CERT_CHAIN_ELEMENT *element = chain->rgpElement[i];
+ QSslCertificate certificate = getCertificateFromChainElement(element);
+--
+2.41.0
+
+
+From a933f89e1f69b97ccb9d1e5f82d9a619c02afcd2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
+Date: Thu, 25 May 2023 14:40:29 +0200
+Subject: [PATCH 2/2] Ssl: Copy the on-demand cert loading bool from default
+ config
+
+Otherwise individual sockets will still load system certificates when
+a chain doesn't match against the configured CA certificates.
+That's not intended behavior, since specifically setting the CA
+certificates means you don't want the system certificates to be used.
+
+Follow-up to/amends ada2c573c1a25f8d96577734968fe317ddfa292a
+
+This is potentially a breaking change because now, if you ever add a
+CA to the default config, it will disable loading system certificates
+on demand for all sockets. And the only way to re-enable it is to
+create a null-QSslConfiguration and set it as the new default.
+
+Pick-to: 6.5 6.2 5.15
+Change-Id: Ic3b2ab125c0cdd58ad654af1cb36173960ce2d1e
+Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
+(cherry picked from commit 57ba6260c0801055b7188fdaa1818b940590f5f1)
+---
+ src/network/ssl/qsslsocket.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
+index 5bb6e7ee4a..2a0b3a4f1d 100644
+--- a/src/network/ssl/qsslsocket.cpp
++++ b/src/network/ssl/qsslsocket.cpp
+@@ -2221,6 +2221,10 @@ QSslSocketPrivate::QSslSocketPrivate()
+ , flushTriggered(false)
+ {
+ QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
++ // If the global configuration doesn't allow root certificates to be loaded
++ // on demand then we have to disable it for this socket as well.
++ if (!configuration.allowRootCertOnDemandLoading)
++ allowRootCertOnDemandLoading = false;
+ }
+
+ /*!
+@@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
+ ptr->sessionProtocol = global->sessionProtocol;
+ ptr->ciphers = global->ciphers;
+ ptr->caCertificates = global->caCertificates;
++ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
+ ptr->protocol = global->protocol;
+ ptr->peerVerifyMode = global->peerVerifyMode;
+ ptr->peerVerifyDepth = global->peerVerifyDepth;
+--
+2.41.0
+
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.9-r3.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.9-r3.ebuild
new file mode 100644
index 000000000000..5415787d1d2d
--- /dev/null
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.9-r3.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+if [[ ${PV} != *9999* ]]; then
+ QT5_KDEPATCHSET_REV=1
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="Network abstraction library for the Qt5 framework"
+
+IUSE="connman gssapi libproxy networkmanager sctp +ssl"
+
+DEPEND="
+ =dev-qt/qtcore-${QT5_PV}*:5=
+ sys-libs/zlib:=
+ connman? ( =dev-qt/qtdbus-${QT5_PV}* )
+ gssapi? ( virtual/krb5 )
+ libproxy? ( net-libs/libproxy )
+ networkmanager? ( =dev-qt/qtdbus-${QT5_PV}* )
+ sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
+ ssl? ( >=dev-libs/openssl-1.1.1:0= )
+"
+RDEPEND="${DEPEND}
+ connman? ( net-misc/connman )
+ networkmanager? ( net-misc/networkmanager )
+"
+
+PATCHES=(
+ "${FILESDIR}/${P}-QDnsLookup-dont-overflow-the-buffer.patch"
+ "${FILESDIR}/${P}-CVE-2023-32762.patch"
+ "${FILESDIR}/${P}-libproxy-0.5-pkgconfig.patch"
+ "${FILESDIR}/${P}-CVE-2023-34410.patch"
+)
+
+QT5_TARGET_SUBDIRS=(
+ src/network
+ src/plugins/bearer/generic
+)
+
+QT5_GENTOO_CONFIG=(
+ libproxy:libproxy:
+ ssl::SSL
+ ssl::OPENSSL
+ ssl:openssl-linked:LINKED_OPENSSL
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :network
+)
+
+pkg_setup() {
+ use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
+ use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
+}
+
+src_configure() {
+ local myconf=(
+ $(usev connman -dbus-linked)
+ $(qt_use gssapi feature-gssapi)
+ $(qt_use libproxy)
+ $(usev networkmanager -dbus-linked)
+ $(qt_use sctp)
+ $(usev ssl -openssl-linked)
+ )
+ qt5-build_src_configure
+}
+
+src_install() {
+ qt5-build_src_install
+
+ # workaround for bug 652650
+ if use ssl; then
+ sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
+ -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
+ fi
+}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/files/, dev-qt/qtnetwork/
@ 2023-08-16 16:31 Andreas Sturmlechner
0 siblings, 0 replies; 6+ messages in thread
From: Andreas Sturmlechner @ 2023-08-16 16:31 UTC (permalink / raw
To: gentoo-commits
commit: 0dea04942291e82e6df9cdb1c12688a07e59bfed
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 16 15:30:00 2023 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Wed Aug 16 16:03:34 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0dea0494
dev-qt/qtnetwork: drop 5.15.10-r2
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
...etwork-5.15.10-ssl-upgr-default-DH-params.patch | 101 ---------------------
dev-qt/qtnetwork/qtnetwork-5.15.10-r2.ebuild | 64 -------------
2 files changed, 165 deletions(-)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch
deleted file mode 100644
index 94f1325070d5..000000000000
--- a/dev-qt/qtnetwork/files/qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From 05406c3f5f516d3148254c8294e8883c28a2c95a Mon Sep 17 00:00:00 2001
-From: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
-Date: Wed, 21 Jun 2023 13:30:35 +0200
-Subject: [PATCH] SSL: upgrade the default DH parameters
-
-We have been using as default DH parameters the 1024-bit MODP group.
-This is now considered insecure, and applications should use the
-2048-bit at a minimum [1]. This commit therefore replaces the parameters
-with the 2048-bit MODP group from [2].
-
-To double check the data, use openssl asn1parse to verify that the prime
-matches. For instance:
-
-1) put the encoded string in a `encoded.txt` file (c&p from the source,
- removing the double quotes)
-2) put the hexadecimal value of the 2048-bit group in a `reference.txt`
- file (c&p from [2])
-3) compare the output of openssl asn1parse with the reference. For
- instance like this:
-
- $ diff <(openssl asn1parse < encoded.txt | grep -m 1 INTEGER | perl -pe 's/.*://; s/\n//') <(perl -0777 -pe 's/\s//g' reference.txt) && echo OK
- OK
-
-[1] https://datatracker.ietf.org/doc/html/rfc8247#section-2.4
-[2] https://datatracker.ietf.org/doc/html/rfc3526#section-3
-
-[ChangeLog][QtNetwork][QSslDiffieHellmanParameters] The default
-Diffie-Hellman parameters are now using the 2048-bit MODP group from
-RFC 3526.
-
-Pick-to: 6.6 6.5 6.2 5.15
-Change-Id: I47133cd78ba0e954b8f93a3da09fa2c760c9f7a8
-Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
-(cherry picked from commit 3ec24e329c9ef6802786a37f30ddd8982e903480)
----
- src/network/ssl/qsslconfiguration.cpp | 12 ++++++++++--
- src/network/ssl/qssldiffiehellmanparameters.cpp | 13 +++++++------
- 2 files changed, 17 insertions(+), 8 deletions(-)
-
-diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
-index f5ce02807f..84a9187334 100644
---- a/src/network/ssl/qsslconfiguration.cpp
-+++ b/src/network/ssl/qsslconfiguration.cpp
-@@ -929,7 +929,11 @@ void QSslConfiguration::setPreSharedKeyIdentityHint(const QByteArray &hint)
- Retrieves the current set of Diffie-Hellman parameters.
-
- If no Diffie-Hellman parameters have been set, the QSslConfiguration object
-- defaults to using the 1024-bit MODP group from RFC 2409.
-+ defaults to using the 2048-bit MODP group from RFC 3526.
-+
-+ \note The default parameters may change in future Qt versions.
-+ Please check the documentation of the \e{exact Qt version} that you
-+ are using in order to know what defaults that version uses.
- */
- QSslDiffieHellmanParameters QSslConfiguration::diffieHellmanParameters() const
- {
-@@ -943,7 +947,11 @@ QSslDiffieHellmanParameters QSslConfiguration::diffieHellmanParameters() const
- a server to \a dhparams.
-
- If no Diffie-Hellman parameters have been set, the QSslConfiguration object
-- defaults to using the 1024-bit MODP group from RFC 2409.
-+ defaults to using the 2048-bit MODP group from RFC 3526.
-+
-+ \note The default parameters may change in future Qt versions.
-+ Please check the documentation of the \e{exact Qt version} that you
-+ are using in order to know what defaults that version uses.
- */
- void QSslConfiguration::setDiffieHellmanParameters(const QSslDiffieHellmanParameters &dhparams)
- {
-diff --git a/src/network/ssl/qssldiffiehellmanparameters.cpp b/src/network/ssl/qssldiffiehellmanparameters.cpp
-index 7807afaa30..7c2505a0be 100644
---- a/src/network/ssl/qssldiffiehellmanparameters.cpp
-+++ b/src/network/ssl/qssldiffiehellmanparameters.cpp
-@@ -68,17 +68,18 @@
-
- QT_BEGIN_NAMESPACE
-
--// The 1024-bit MODP group from RFC 2459 (Second Oakley Group)
-+// The 2048-bit MODP group from RFC 3526
- Q_AUTOTEST_EXPORT const char *qssl_dhparams_default_base64 =
-- "MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR"
-- "Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL"
-- "/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC";
-+ "MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmO"
-+ "NATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjftawv/XLb0Brft7jhr"
-+ "+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXTmmkWP6j9JM9fg2VdI9yjrZYc"
-+ "YvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhghfDKQXkYuNs474553LBgOhgObJ4Oi7Aei"
-+ "j7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==";
-
- /*!
- Returns the default QSslDiffieHellmanParameters used by QSslSocket.
-
-- This is currently the 1024-bit MODP group from RFC 2459, also
-- known as the Second Oakley Group.
-+ This is currently the 2048-bit MODP group from RFC 3526.
- */
- QSslDiffieHellmanParameters QSslDiffieHellmanParameters::defaultParameters()
- {
---
-2.41.0
-
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.10-r2.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.10-r2.ebuild
deleted file mode 100644
index af527a8bcd60..000000000000
--- a/dev-qt/qtnetwork/qtnetwork-5.15.10-r2.ebuild
+++ /dev/null
@@ -1,64 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-if [[ ${PV} != *9999* ]]; then
- QT5_KDEPATCHSET_REV=1
- KEYWORDS="amd64 arm arm64 ~hppa ~loong ppc ppc64 ~riscv ~sparc x86"
-fi
-
-QT5_MODULE="qtbase"
-inherit qt5-build
-
-DESCRIPTION="Network abstraction library for the Qt5 framework"
-
-IUSE="gssapi libproxy sctp +ssl"
-
-DEPEND="
- =dev-qt/qtcore-${QT5_PV}*:5=
- sys-libs/zlib:=
- gssapi? ( virtual/krb5 )
- libproxy? ( net-libs/libproxy )
- sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
- ssl? ( >=dev-libs/openssl-1.1.1:0= )
-"
-RDEPEND="${DEPEND}"
-
-QT5_TARGET_SUBDIRS=(
- src/network
- src/plugins/bearer/generic
-)
-
-QT5_GENTOO_CONFIG=(
- libproxy:libproxy:
- ssl::SSL
- ssl::OPENSSL
- ssl:openssl-linked:LINKED_OPENSSL
-)
-
-QT5_GENTOO_PRIVATE_CONFIG=(
- :network
-)
-
-PATCHES=( "${FILESDIR}/${P}-ssl-upgr-default-DH-params.patch" )
-
-src_configure() {
- local myconf=(
- $(qt_use gssapi feature-gssapi)
- $(qt_use libproxy)
- $(qt_use sctp)
- $(usev ssl -openssl-linked)
- )
- qt5-build_src_configure
-}
-
-src_install() {
- qt5-build_src_install
-
- # workaround for bug 652650
- if use ssl; then
- sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
- -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
- fi
-}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/files/, dev-qt/qtnetwork/
@ 2024-07-16 21:41 Andreas Sturmlechner
0 siblings, 0 replies; 6+ messages in thread
From: Andreas Sturmlechner @ 2024-07-16 21:41 UTC (permalink / raw
To: gentoo-commits
commit: 69cfa9cc226d2c4195132da0c4a0373a080b7d9d
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 16 21:39:56 2024 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Tue Jul 16 21:40:22 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69cfa9cc
dev-qt/qtnetwork: Fix CVE-2024-39936
Bug: https://bugs.gentoo.org/935869
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
.../files/qtnetwork-5.15.14-CVE-2024-39936.patch | 178 +++++++++++++++++++++
dev-qt/qtnetwork/qtnetwork-5.15.14-r1.ebuild | 64 ++++++++
2 files changed, 242 insertions(+)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.14-CVE-2024-39936.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.14-CVE-2024-39936.patch
new file mode 100644
index 000000000000..c4445b2a72e8
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.14-CVE-2024-39936.patch
@@ -0,0 +1,178 @@
+From 9f9a56d750caff8b4459e7e9bf82f1f4d725f72f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
+Date: Tue, 25 Jun 2024 17:09:35 +0200
+Subject: [PATCH] HTTP2: Delay any communication until encrypted() can be
+ responded to
+
+We have the encrypted() signal that lets users do extra checks on the
+established connection. It is emitted as BlockingQueued, so the HTTP
+thread stalls until it is done emitting. Users can potentially call
+abort() on the QNetworkReply at that point, which is passed as a Queued
+call back to the HTTP thread. That means that any currently queued
+signal emission will be processed before the abort() call is processed.
+
+In the case of HTTP2 it is a little special since it is multiplexed and
+the code is built to start requests as they are available. This means
+that, while the code worked fine for HTTP1, since one connection only
+has one request, it is not working for HTTP2, since we try to send more
+requests in-between the encrypted() signal and the abort() call.
+
+This patch changes the code to delay any communication until the
+encrypted() signal has been emitted and processed, for HTTP2 only.
+It's done by adding a few booleans, both to know that we have to return
+early and so we can keep track of what events arose and what we need to
+resume once enough time has passed that any abort() call must have been
+processed.
+
+Fixes: QTBUG-126610
+Pick-to: 6.8 6.7 6.5 6.2 5.15 5.12
+Change-Id: Ic25a600c278203256e35f541026f34a8783235ae
+Reviewed-by: Marc Mutz <marc.mutz@qt.io>
+Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
+(cherry picked from commit b1e75376cc3adfc7da5502a277dfe9711f3e0536)
+(but really taken from upstream CVE-2024-39936-qtbase-5.15.patch)
+---
+ src/network/access/qhttp2protocolhandler.cpp | 6 +--
+ .../access/qhttpnetworkconnectionchannel.cpp | 46 ++++++++++++++++++-
+ .../access/qhttpnetworkconnectionchannel_p.h | 6 +++
+ 3 files changed, 53 insertions(+), 5 deletions(-)
+
+diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp
+index ead88d781ae..926f3134a0e 100644
+--- a/src/network/access/qhttp2protocolhandler.cpp
++++ b/src/network/access/qhttp2protocolhandler.cpp
+@@ -375,12 +375,12 @@ bool QHttp2ProtocolHandler::sendRequest()
+ }
+ }
+
+- if (!prefaceSent && !sendClientPreface())
+- return false;
+-
+ if (!requests.size())
+ return true;
+
++ if (!prefaceSent && !sendClientPreface())
++ return false;
++
+ m_channel->state = QHttpNetworkConnectionChannel::WritingState;
+ // Check what was promised/pushed, maybe we do not have to send a request
+ // and have a response already?
+diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp
+index 7620ca16470..13f9630c658 100644
+--- a/src/network/access/qhttpnetworkconnectionchannel.cpp
++++ b/src/network/access/qhttpnetworkconnectionchannel.cpp
+@@ -255,6 +255,10 @@ void QHttpNetworkConnectionChannel::abort()
+ bool QHttpNetworkConnectionChannel::sendRequest()
+ {
+ Q_ASSERT(!protocolHandler.isNull());
++ if (waitingForPotentialAbort) {
++ needInvokeSendRequest = true;
++ return false; // this return value is unused
++ }
+ return protocolHandler->sendRequest();
+ }
+
+@@ -267,21 +271,28 @@ bool QHttpNetworkConnectionChannel::sendRequest()
+ void QHttpNetworkConnectionChannel::sendRequestDelayed()
+ {
+ QMetaObject::invokeMethod(this, [this] {
+- Q_ASSERT(!protocolHandler.isNull());
+ if (reply)
+- protocolHandler->sendRequest();
++ sendRequest();
+ }, Qt::ConnectionType::QueuedConnection);
+ }
+
+ void QHttpNetworkConnectionChannel::_q_receiveReply()
+ {
+ Q_ASSERT(!protocolHandler.isNull());
++ if (waitingForPotentialAbort) {
++ needInvokeReceiveReply = true;
++ return;
++ }
+ protocolHandler->_q_receiveReply();
+ }
+
+ void QHttpNetworkConnectionChannel::_q_readyRead()
+ {
+ Q_ASSERT(!protocolHandler.isNull());
++ if (waitingForPotentialAbort) {
++ needInvokeReadyRead = true;
++ return;
++ }
+ protocolHandler->_q_readyRead();
+ }
+
+@@ -1289,7 +1300,18 @@ void QHttpNetworkConnectionChannel::_q_encrypted()
+ // Similar to HTTP/1.1 counterpart below:
+ const auto &pairs = spdyRequestsToSend.values(); // (request, reply)
+ const auto &pair = pairs.first();
++ waitingForPotentialAbort = true;
+ emit pair.second->encrypted();
++
++ // We don't send or handle any received data until any effects from
++ // emitting encrypted() have been processed. This is necessary
++ // because the user may have called abort(). We may also abort the
++ // whole connection if the request has been aborted and there is
++ // no more requests to send.
++ QMetaObject::invokeMethod(this,
++ &QHttpNetworkConnectionChannel::checkAndResumeCommunication,
++ Qt::QueuedConnection);
++
+ // In case our peer has sent us its settings (window size, max concurrent streams etc.)
+ // let's give _q_receiveReply a chance to read them first ('invokeMethod', QueuedConnection).
+ QMetaObject::invokeMethod(connection, "_q_startNextRequest", Qt::QueuedConnection);
+@@ -1307,6 +1329,26 @@ void QHttpNetworkConnectionChannel::_q_encrypted()
+ }
+ }
+
++void QHttpNetworkConnectionChannel::checkAndResumeCommunication()
++{
++ Q_ASSERT(connection->connectionType() > QHttpNetworkConnection::ConnectionTypeHTTP);
++
++ // Because HTTP/2 requires that we send a SETTINGS frame as the first thing we do, and respond
++ // to a SETTINGS frame with an ACK, we need to delay any handling until we can ensure that any
++ // effects from emitting encrypted() have been processed.
++ // This function is called after encrypted() was emitted, so check for changes.
++
++ if (!reply && spdyRequestsToSend.isEmpty())
++ abort();
++ waitingForPotentialAbort = false;
++ if (needInvokeReadyRead)
++ _q_readyRead();
++ if (needInvokeReceiveReply)
++ _q_receiveReply();
++ if (needInvokeSendRequest)
++ sendRequest();
++}
++
+ void QHttpNetworkConnectionChannel::requeueSpdyRequests()
+ {
+ QList<HttpMessagePair> spdyPairs = spdyRequestsToSend.values();
+diff --git a/src/network/access/qhttpnetworkconnectionchannel_p.h b/src/network/access/qhttpnetworkconnectionchannel_p.h
+index d8ac3979d19..eac44464926 100644
+--- a/src/network/access/qhttpnetworkconnectionchannel_p.h
++++ b/src/network/access/qhttpnetworkconnectionchannel_p.h
+@@ -107,6 +107,10 @@ public:
+ QAbstractSocket *socket;
+ bool ssl;
+ bool isInitialized;
++ bool waitingForPotentialAbort = false;
++ bool needInvokeReceiveReply = false;
++ bool needInvokeReadyRead = false;
++ bool needInvokeSendRequest = false;
+ ChannelState state;
+ QHttpNetworkRequest request; // current request, only used for HTTP
+ QHttpNetworkReply *reply; // current reply for this request, only used for HTTP
+@@ -187,6 +191,8 @@ public:
+ void closeAndResendCurrentRequest();
+ void resendCurrentRequest();
+
++ void checkAndResumeCommunication();
++
+ bool isSocketBusy() const;
+ bool isSocketWriting() const;
+ bool isSocketWaiting() const;
+--
+2.45.2
+
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.14-r1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.14-r1.ebuild
new file mode 100644
index 000000000000..b28dc1384dcf
--- /dev/null
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.14-r1.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+if [[ ${PV} != *9999* ]]; then
+ QT5_KDEPATCHSET_REV=1
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="Network abstraction library for the Qt5 framework"
+
+IUSE="gssapi libproxy sctp +ssl"
+
+DEPEND="
+ =dev-qt/qtcore-${QT5_PV}*:5=
+ sys-libs/zlib:=
+ gssapi? ( virtual/krb5 )
+ libproxy? ( net-libs/libproxy )
+ sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
+ ssl? ( >=dev-libs/openssl-1.1.1:0= )
+"
+RDEPEND="${DEPEND}"
+
+PATCHES=( "${FILESDIR}/${P}-CVE-2024-39936.patch" ) # bug 935869
+
+QT5_TARGET_SUBDIRS=(
+ src/network
+ src/plugins/bearer/generic
+)
+
+QT5_GENTOO_CONFIG=(
+ libproxy:libproxy:
+ ssl::SSL
+ ssl::OPENSSL
+ ssl:openssl-linked:LINKED_OPENSSL
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :network
+)
+
+src_configure() {
+ local myconf=(
+ $(qt_use gssapi feature-gssapi)
+ $(qt_use libproxy)
+ $(qt_use sctp)
+ $(usev ssl -openssl-linked)
+ )
+ qt5-build_src_configure
+}
+
+src_install() {
+ qt5-build_src_install
+
+ # workaround for bug 652650
+ if use ssl; then
+ sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
+ -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
+ fi
+}
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-07-16 21:42 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-10 9:34 [gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/files/, dev-qt/qtnetwork/ Andreas Sturmlechner
-- strict thread matches above, loose matches on Subject: below --
2024-07-16 21:41 Andreas Sturmlechner
2023-08-16 16:31 Andreas Sturmlechner
2023-05-23 21:19 Andreas Sturmlechner
2021-05-01 18:07 Sam James
2021-01-02 1:23 Andreas Sturmlechner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox