This bug was fixed in the package qtbase-opensource-src -
5.15.3+dfsg-2ubuntu0.2
---
qtbase-opensource-src (5.15.3+dfsg-2ubuntu0.2) jammy; urgency=medium
* Add a patch to update signature of SSL_CTX_set_options for OpenSSL 3
(LP: #1981807). Thanks Michael Saxl!
-- Dmitry
Marking as verified per comment #23. I also restarted the failed
autopkgtest.
** Tags removed: verification-needed verification-needed-jammy
** Tags added: verification-done verification-done-jammy
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
Just tested the proposed version on two armhf systems. Both server and
client mode now negotiate to tls1.3 if applicable. The other qt
applications do still work. Of corse the test application in this thread
also works (outputs 15)
Package: libqt5network5
Version: 5.15.3+dfsg-2ubuntu0.2
Package:
looking at the regression log, I see that it fails to launch jackd (exec of
JACK server (command = "/usr/bin/jackd") failed: No such file or directory).
Other platforms (amd64) do not have that log output.
I suspect this is because drumkv1_jack was not started yet (and so the test is
flaky).
Hello msaxl, or anyone else affected,
Accepted qtbase-opensource-src into jammy-proposed. The package will
build now and be available at
https://launchpad.net/ubuntu/+source/qtbase-opensource-
src/5.15.3+dfsg-2ubuntu0.2 in a few hours, and then in the -proposed
repository.
Please help us by
In #ubuntu-security just now:
14:44 sarnold: please could we have a definitive nack if you
don't want bug 1981807 in the security pocket? Looking at the previous
IRC conversation, it looks like it was a "decision pending review".
--
You received this bug notification because you are a member
Oops, forgot about that. Done.
Also, ABI is not affected. We have symbols to track ABI, and there are
no symbols changes for libqt5network5.
** Description changed:
+ [Impact]
+
+ Qt 5 Network library does not use TLS 1.3 on armhf, and falls back to
+ less secure protocols.
+
+ [Test Plan]
+
The patch looks reasonable (assuming that it doesn't change ABI, which
seems to be the case). Could you be able to update the bug with the
necessary SRU information (the
https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template can help
here)?
Particularly, the [Test Plan] and [Where problems
A few days ago I asked on #ubuntu-security about it and was told that it's
better to make a non-security SRU upload for it:
https://irclogs.ubuntu.com/2022/08/22/%23ubuntu-security.html#t12:01
So I uploaded it, and now it's waiting in unapproved queue for a release team
member review:
I have a version with the last attached patch in my ppa. This version works for
me.
Is there a change we get a SRU for this? Who would make that request?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to qtbase-opensource-src
I was not able to test it on Ubuntu because I don't have armhf hardware,
but I have just tested it on a Debian porterbox. The only difference
between Debian bookworm and sid versions of Qt is presence of this
patch.
I used this test code and complied it with qmake && make.
mitya57@harris:~/test$
I used your patch from comment #10 with only one minor change: for old
OpenSSL versions I replaced long with unsigned long to match the latest
version of upstream patch. But it doesn't matter for Ubuntu anyway.
I am attaching a debdiff for jammy-security and subscribing ~ubuntu-
This bug was fixed in the package qtbase-opensource-src - 5.15.4+dfsg-5
---
qtbase-opensource-src (5.15.4+dfsg-5) unstable; urgency=medium
* Add a patch to update signature of SSL_CTX_set_options for OpenSSL 3
(LP: #1981807). Thanks Michael Saxl!
-- Dmitry Shachnev Sun, 07
Thank you. I will be offline for a few days, so I will upload this next
week.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1981807
Title:
qt5-network
This is my suggested backport of the upstream patch.
since, as you might know, the file locations changed a bit, lso the file
defining the new datatype moved from qsslsocket_openssl_symbols_p.h to
qsslsocket_openssl_p.h since it is required there (setupOpenSslOptions
is defined there, but
Thank you. Once the patch is accepted upstream, I will backport it to
Debian/Ubuntu packaging.
In Ubuntu we don't care about older OpenSSL versions, but upstream Qt
does care.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
@mitya57 the patch is now submitted to codereview. I am however only
able to submit to the dev branch (took me a while to get this, never
used gerrit before). This also means that the patch I submitted is for
qt6. There is no way i send a codereview for qt5 anymore, so I don't
know who will do the
just a side node on the findings while hunting down this issue in gdb:
on armhf I think the calling convention is that integers are passed on
registers. uint64 is not a (32bit) integer and since the value passed to
SSL_CTX_set_options was not related in any way to the value passed in
https://bugreports.qt.io/browse/QTBUG-105041
this however has priority low.
additionally openssl1.1 and openssl3 are not compatible in this case if libssl
is loaded in runtime
for 32bit this is only solvable if compiletime forces openssl version to
3 OR 1.1, but then the corresponding version
Thank you for the patch!
Qt 6 still uses unsigned long:
https://code.qt.io/cgit/qt/qtbase.git/tree/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp#n126
Can you please submit your patch to codereview.qt-project.org, or at
least file a bug at bugreports.qt.io?
We usually don't add patches
actually the first patch was missing something and did not compile
** Patch added: "openssl3_set_options.diff"
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+attachment/5603782/+files/openssl3_set_options.diff
** Patch removed: "openssl3_set_options.patch"
The attachment "openssl3_set_options.patch" seems to be a patch. If it
isn't, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
this should fix the issue
this however requires openssl3.0, but that should be ok for ubuntu going
forward
** Patch added: "openssl3_set_options.patch"
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+attachment/5603721/+files/openssl3_set_options.patch
--
You
i think I have a trace where the issue is:
openssl3 openssl's options is a uint64_t, but in qsslsocket_openssl.cpp the
method is defined as
long QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SslProtocol protocol,
QSsl::SslOptions sslOptions)
long on 64bit platforms is 64 bit long, but
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1981807
Title:
qt5-network openssl3
25 matches
Mail list logo
