From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id BAB79138359 for ; Thu, 16 Jul 2020 07:58:13 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7BD2BE0849; Thu, 16 Jul 2020 07:58:11 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 53A27E0849 for ; Thu, 16 Jul 2020 07:58:11 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 1A22F34EF28 for ; Thu, 16 Jul 2020 07:58:08 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 7C6D69C for ; Thu, 16 Jul 2020 07:58:06 +0000 (UTC) From: "Stefan Strogin" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Stefan Strogin" Message-ID: <1594886009.40e2ec24a753a94dbac9b2719ddee998c908563c.steils@gentoo> Subject: [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/ X-VCS-Repository: repo/proj/libressl X-VCS-Files: dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild X-VCS-Directories: dev-qt/qtnetwork/files/ dev-qt/qtnetwork/ X-VCS-Committer: steils X-VCS-Committer-Name: Stefan Strogin X-VCS-Revision: 40e2ec24a753a94dbac9b2719ddee998c908563c X-VCS-Branch: master Date: Thu, 16 Jul 2020 07:58:06 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 3d36153a-f89f-4bdf-8a09-363fef924b0a X-Archives-Hash: 4ab0a8b8af41a965321d9ed69edb5811 commit: 40e2ec24a753a94dbac9b2719ddee998c908563c Author: Stefan Strogin gentoo org> AuthorDate: Thu Jul 16 07:53:29 2020 +0000 Commit: Stefan Strogin gentoo org> CommitDate: Thu Jul 16 07:53:29 2020 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=40e2ec24 dev-qt/qtnetwork: add patch to fix CVE-2020-13962 in 5.14.2 Closes: https://github.com/gentoo/libressl/issues/321 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Stefan Strogin gentoo.org> .../files/qtnetwork-5.14.2-CVE-2020-13962.patch | 172 +++++++++++++++++++++ ...rk-5.14.2.ebuild => qtnetwork-5.14.2-r1.ebuild} | 1 + 2 files changed, 173 insertions(+) diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch new file mode 100644 index 0000000..9bbdda6 --- /dev/null +++ b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch @@ -0,0 +1,172 @@ +From 8ddffc6ba4f38bb8dbeb0cf61b6b10ee73505bbb Mon Sep 17 00:00:00 2001 +From: Timur Pocheptsov +Date: Mon, 13 Apr 2020 20:31:34 +0200 +Subject: [PATCH] OpenSSL: handle SSL_shutdown's errors properly +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Do not call SSL_shutdown on a session that is in handshake state (SSL_in_init(s) +returns 1). Also, do not call SSL_shutdown if a session encountered a fatal +error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown +was unsuccessful (returned code != 1), we have to clear the error(s) it queued. +Unfortunately, SSL_in_init was a macro in OpenSSL 1.0.x. We have to +resolve SSL_state to implement SSL_in_init. + +Fixes: QTBUG-83450 +Change-Id: I6326119f4e79605429263045ac20605c30dccca3 +Reviewed-by: MÃ¥rten Nordheim +(cherry picked from commit 8907635da59c2ae0e8db01f27b24a841b830e655) +--- + src/network/ssl/qsslsocket.cpp | 2 +- + src/network/ssl/qsslsocket_openssl.cpp | 23 ++++++++++++++++------ + src/network/ssl/qsslsocket_openssl11_symbols_p.h | 7 +++++++ + src/network/ssl/qsslsocket_openssl_symbols.cpp | 8 ++++++++ + .../ssl/qsslsocket_opensslpre11_symbols_p.h | 2 ++ + src/network/ssl/qsslsocket_p.h | 1 + + 6 files changed, 36 insertions(+), 7 deletions(-) + +diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp +index 4e9e9472631..5c9e589ec39 100644 +--- a/src/network/ssl/qsslsocket.cpp ++++ b/src/network/ssl/qsslsocket.cpp +@@ -2166,7 +2166,7 @@ void QSslSocketPrivate::init() + pendingClose = false; + flushTriggered = false; + ocspResponses.clear(); +- ++ systemOrSslErrorDetected = false; + // we don't want to clear the ignoreErrorsList, so + // that it is possible setting it before connecting + // ignoreErrorsList.clear(); +diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +index 51510f1c60b..855865209bc 100644 +--- a/src/network/ssl/qsslsocket_openssl.cpp ++++ b/src/network/ssl/qsslsocket_openssl.cpp +@@ -648,10 +648,16 @@ bool QSslSocketBackendPrivate::initSslContext() + void QSslSocketBackendPrivate::destroySslContext() + { + if (ssl) { +- // We do not send a shutdown alert here. Just mark the session as +- // resumable for qhttpnetworkconnection's "optimization", otherwise +- // OpenSSL won't start a session resumption. +- q_SSL_shutdown(ssl); ++ if (!q_SSL_in_init(ssl) && !systemOrSslErrorDetected) { ++ // We do not send a shutdown alert here. Just mark the session as ++ // resumable for qhttpnetworkconnection's "optimization", otherwise ++ // OpenSSL won't start a session resumption. ++ if (q_SSL_shutdown(ssl) != 1) { ++ // Some error may be queued, clear it. ++ const auto errors = getErrorsFromOpenSsl(); ++ Q_UNUSED(errors); ++ } ++ } + q_SSL_free(ssl); + ssl = nullptr; + } +@@ -1084,6 +1090,7 @@ void QSslSocketBackendPrivate::transmit() + case SSL_ERROR_SSL: // error in the SSL library + // we do not know exactly what the error is, nor whether we can recover from it, + // so just return to prevent an endless loop in the outer "while" statement ++ systemOrSslErrorDetected = true; + { + const ScopedBool bg(inSetAndEmitError, true); + setErrorAndEmit(QAbstractSocket::SslInternalError, +@@ -1681,8 +1688,12 @@ bool QSslSocketBackendPrivate::checkOcspStatus() + void QSslSocketBackendPrivate::disconnectFromHost() + { + if (ssl) { +- if (!shutdown) { +- q_SSL_shutdown(ssl); ++ if (!shutdown && !q_SSL_in_init(ssl) && !systemOrSslErrorDetected) { ++ if (q_SSL_shutdown(ssl) != 1) { ++ // Some error may be queued, clear it. ++ const auto errors = getErrorsFromOpenSsl(); ++ Q_UNUSED(errors); ++ } + shutdown = true; + transmit(); + } +diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h +index 0fe0899d4fd..b7193ad1807 100644 +--- a/src/network/ssl/qsslsocket_openssl11_symbols_p.h ++++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h +@@ -192,4 +192,11 @@ typedef int (*q_SSL_psk_use_session_cb_func_t)(SSL *, const EVP_MD *, const unsi + } + void q_SSL_set_psk_use_session_callback(SSL *s, q_SSL_psk_use_session_cb_func_t); + ++#if OPENSSL_VERSION_NUMBER < 0x10101000L ++// What a mess! ++int q_SSL_in_init(SSL *s); ++#else ++int q_SSL_in_init(const SSL *s); ++#endif // 1.1.1 or 1.1.0 ++ + #endif +diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp +index 85029a6ff3f..d1bd84cf25f 100644 +--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp ++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp +@@ -160,6 +160,11 @@ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) + DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) + DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) + DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return) ++#if OPENSSL_VERSION_NUMBER < 0x10101000L ++DEFINEFUNC(int, SSL_in_init, SSL *a, a, return 0, return) ++#else ++DEFINEFUNC(int, SSL_in_init, const SSL *a, a, return 0, return) ++#endif + #ifdef TLS1_3_VERSION + DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return) + DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG) +@@ -242,6 +247,7 @@ DEFINEFUNC2(void, BIO_set_shutdown, BIO *a, a, int shut, shut, return, DUMMYARG) + // Functions below are either deprecated or removed in OpenSSL >= 1.1: + + DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return nullptr, return) ++DEFINEFUNC(int, SSL_state, const SSL *a, a, return 0, return) + + #ifdef SSLEAY_MACROS + DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return nullptr, return) +@@ -971,6 +977,7 @@ bool q_resolveOpenSslSymbols() + #if QT_CONFIG(opensslv11) + + RESOLVEFUNC(OPENSSL_init_ssl) ++ RESOLVEFUNC(SSL_in_init) + RESOLVEFUNC(OPENSSL_init_crypto) + RESOLVEFUNC(ASN1_STRING_get0_data) + RESOLVEFUNC(EVP_CIPHER_CTX_reset) +@@ -1066,6 +1073,7 @@ bool q_resolveOpenSslSymbols() + #else // !opensslv11 + + RESOLVEFUNC(ASN1_STRING_data) ++ RESOLVEFUNC(SSL_state) + + #ifdef SSLEAY_MACROS + RESOLVEFUNC(ASN1_dup) +diff --git a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h +index f5626d5d164..92841017793 100644 +--- a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h ++++ b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h +@@ -121,6 +121,8 @@ SSL_CTX *q_SSL_CTX_new(const SSL_METHOD *a); + + int q_SSL_library_init(); + void q_SSL_load_error_strings(); ++int q_SSL_state(const SSL *a); ++#define q_SSL_in_init(a) (q_SSL_state(a) & SSL_ST_INIT) + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L + int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h +index daa9be23f4a..350b1f1fc18 100644 +--- a/src/network/ssl/qsslsocket_p.h ++++ b/src/network/ssl/qsslsocket_p.h +@@ -208,6 +208,7 @@ protected: + bool verifyErrorsHaveBeenIgnored(); + bool paused; + bool flushTriggered; ++ bool systemOrSslErrorDetected = false; + QVector ocspResponses; + }; + +-- +2.16.3 diff --git a/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild b/dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild similarity index 95% rename from dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild rename to dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild index b470bcd..fec0386 100644 --- a/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild +++ b/dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild @@ -32,6 +32,7 @@ RDEPEND="${DEPEND} " PATCHES=( + "${FILESDIR}/${P}-CVE-2020-13962.patch" # bug 727604, QTBUG-83450 "${FILESDIR}"/${PN}-5.12.1-libressl.patch "${FILESDIR}"/${PN}-5.12.4-libressl.patch )