summaryrefslogtreecommitdiff
path: root/extra/qt
diff options
context:
space:
mode:
Diffstat (limited to 'extra/qt')
-rw-r--r--extra/qt/PKGBUILD13
-rw-r--r--extra/qt/disable-ssl-compression.patch68
2 files changed, 77 insertions, 4 deletions
diff --git a/extra/qt/PKGBUILD b/extra/qt/PKGBUILD
index 680247643..f2f20250a 100644
--- a/extra/qt/PKGBUILD
+++ b/extra/qt/PKGBUILD
@@ -1,11 +1,11 @@
-# $Id: PKGBUILD 166954 2012-09-23 09:22:55Z andrea $
+# $Id: PKGBUILD 167191 2012-09-27 12:38:07Z andrea $
# Maintainer: Andrea Scarpino <andrea@archlinux.org>
# Contributor: Pierre Schmitz <pierre@archlinux.de>
pkgbase=qt
pkgname=('qt' 'qt-private-headers')
pkgver=4.8.3
-pkgrel=3
+pkgrel=4
arch=('i686' 'x86_64' 'mips64el')
url='http://qt-project.org/'
license=('GPL3' 'LGPL')
@@ -21,7 +21,8 @@ source=("http://releases.qt-project.org/qt4/source/${_pkgfqn}.tar.gz"
'qtconfig.desktop'
'improve-cups-support.patch'
'fix-crash-in-assistant.patch'
- 'undo-fix-jit-crash-on-x86_64.patch')
+ 'undo-fix-jit-crash-on-x86_64.patch'
+ 'disable-ssl-compression.patch')
md5sums=('a663b6c875f8d7caa8ac9c30e4a4ec3b'
'fc211414130ab2764132e7370f8e5caa'
'85179f5e0437514f8639957e1d8baf62'
@@ -29,7 +30,8 @@ md5sums=('a663b6c875f8d7caa8ac9c30e4a4ec3b'
'6b771c8a81dd90b45e8a79afa0e5bbfd'
'c439c7731c25387352d8453ca7574971'
'57590084078b6379f0501f7728b02ae2'
- '094e5a4e30e52423c77daa4a9c782df5')
+ '094e5a4e30e52423c77daa4a9c782df5'
+ '94e9e433342018bf35e8d6d968b7432c')
build() {
cd "${srcdir}"/${_pkgfqn}
@@ -45,6 +47,9 @@ build() {
# (FS#31654)
patch -Rp1 -i "${srcdir}"/undo-fix-jit-crash-on-x86_64.patch
+
+ # Security fix
+ patch -p1 -i "${srcdir}"/disable-ssl-compression.patch
export QT4DIR="${srcdir}"/${_pkgfqn}
export LD_LIBRARY_PATH=${QT4DIR}/lib:${LD_LIBRARY_PATH}
diff --git a/extra/qt/disable-ssl-compression.patch b/extra/qt/disable-ssl-compression.patch
new file mode 100644
index 000000000..443af57f3
--- /dev/null
+++ b/extra/qt/disable-ssl-compression.patch
@@ -0,0 +1,68 @@
+From d41dc3e101a694dec98d7bbb582d428d209e5401 Mon Sep 17 00:00:00 2001
+From: Richard Moore <rich@kde.org>
+Date: Fri, 14 Sep 2012 00:13:08 +0100
+Subject: [PATCH] Disable SSL compression by default.
+
+Disable SSL compression by default since this appears to be the a likely
+cause of the currently hyped CRIME attack.
+
+This is a backport of 5ea896fbc63593f424a7dfbb11387599c0025c74
+
+Change-Id: I6eeefb23c6b140a9633b28ed85879459c474348a
+Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
+Reviewed-by: Peter Hartmann <phartmann@rim.com>
+---
+ src/network/ssl/qssl.cpp | 5 +++--
+ src/network/ssl/qsslconfiguration.cpp | 4 +++-
+ src/network/ssl/qsslconfiguration_p.h | 4 +++-
+ 3 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
+index 49e086f..9578178 100644
+--- a/src/network/ssl/qssl.cpp
++++ b/src/network/ssl/qssl.cpp
+@@ -148,8 +148,9 @@ QT_BEGIN_NAMESPACE
+
+ By default, SslOptionDisableEmptyFragments is turned on since this causes
+ problems with a large number of servers. SslOptionDisableLegacyRenegotiation
+- is also turned on, since it introduces a security risk. The other options
+- are turned off.
++ is also turned on, since it introduces a security risk.
++ SslOptionDisableCompression is turned on to prevent the attack publicised by
++ CRIME. The other options are turned off.
+
+ Note: Availability of above options depends on the version of the SSL
+ backend in use.
+diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
+index 24c7b77..3a05f54 100644
+--- a/src/network/ssl/qsslconfiguration.cpp
++++ b/src/network/ssl/qsslconfiguration.cpp
+@@ -201,7 +201,9 @@ bool QSslConfiguration::isNull() const
+ d->privateKey.isNull() &&
+ d->peerCertificate.isNull() &&
+ d->peerCertificateChain.count() == 0 &&
+- d->sslOptions == (QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation));
++ d->sslOptions == ( QSsl::SslOptionDisableEmptyFragments
++ |QSsl::SslOptionDisableLegacyRenegotiation
++ |QSsl::SslOptionDisableCompression));
+ }
+
+ /*!
+diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h
+index 74f17cd..c36b651 100644
+--- a/src/network/ssl/qsslconfiguration_p.h
++++ b/src/network/ssl/qsslconfiguration_p.h
+@@ -83,7 +83,9 @@ public:
+ : protocol(QSsl::SecureProtocols),
+ peerVerifyMode(QSslSocket::AutoVerifyPeer),
+ peerVerifyDepth(0),
+- sslOptions(QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation)
++ sslOptions(QSsl::SslOptionDisableEmptyFragments
++ |QSsl::SslOptionDisableLegacyRenegotiation
++ |QSsl::SslOptionDisableCompression)
+ { }
+
+ QSslCertificate peerCertificate;
+--
+1.7.10
+