diff options
author | orbea <orbea@riseup.net> | 2023-05-24 10:38:43 -0700 |
---|---|---|
committer | orbea <orbea@riseup.net> | 2023-05-24 10:38:43 -0700 |
commit | 6e0c7e3a9d7ecbb28cfd62c7fef56f9a4aea5fd1 (patch) | |
tree | 2fa40b1668b9e8969d1138b6bc3faaf53cadf356 /dev-qt | |
parent | dev-qt/qtbase: add 6.5.0-r2 (diff) | |
download | libressl-6e0c7e3a9d7ecbb28cfd62c7fef56f9a4aea5fd1.tar.gz libressl-6e0c7e3a9d7ecbb28cfd62c7fef56f9a4aea5fd1.tar.bz2 libressl-6e0c7e3a9d7ecbb28cfd62c7fef56f9a4aea5fd1.zip |
dev-qt/qtnetwork: add 5.15.9-r2
Signed-off-by: orbea <orbea@riseup.net>
Diffstat (limited to 'dev-qt')
-rw-r--r-- | dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch | 39 | ||||
-rw-r--r-- | dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild (renamed from dev-qt/qtnetwork/qtnetwork-5.15.9-r1.ebuild) | 3 |
2 files changed, 41 insertions, 1 deletions
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch new file mode 100644 index 0000000..7509414 --- /dev/null +++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch @@ -0,0 +1,39 @@ +From a196623892558623e467f20b67edb78794252a09 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io> +Date: Fri, 5 May 2023 11:07:26 +0200 +Subject: [PATCH] Hsts: match header names case insensitively (CVE-2023-32762) + +Header field names are always considered to be case-insensitive. + +Pick-to: 6.5 6.5.1 6.2 5.15 +Fixes: QTBUG-113392 +Change-Id: Ifb4def4bb7f2ac070416cdc76581a769f1e52b43 +Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> +Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> +Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> +(cherry picked from commit 1b736a815be0222f4b24289cf17575fc15707305) + +* asturmlechner 2023-05-23: Upstream backport to 5.15 taken from + https://www.qt.io/blog/security-advisory-qt-network +--- + src/network/access/qhsts.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp +index 0cef0ad3dc..be7ef7ff58 100644 +--- a/src/network/access/qhsts.cpp ++++ b/src/network/access/qhsts.cpp +@@ -364,8 +364,8 @@ quoted-pair = "\" CHAR + bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers) + { + for (const auto &h : headers) { +- // We use '==' since header name was already 'trimmed' for us: +- if (h.first == "Strict-Transport-Security") { ++ // We compare directly because header name was already 'trimmed' for us: ++ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) { + header = h.second; + // RFC6797, 8.1: + // +-- +2.40.1 + diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.9-r1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild index 3e96f6c..45eeceb 100644 --- a/dev-qt/qtnetwork/qtnetwork-5.15.9-r1.ebuild +++ b/dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild @@ -31,8 +31,9 @@ RDEPEND="${DEPEND} " PATCHES=( - "${FILESDIR}"/${PN}-5.15.7-libressl.patch # Bug 562050, not upstreamable + "${FILESDIR}/${PN}-5.15.7-libressl.patch" #562050 "${FILESDIR}/${P}-QDnsLookup-dont-overflow-the-buffer.patch" + "${FILESDIR}/${P}-CVE-2023-32762.patch" ) QT5_TARGET_SUBDIRS=( |