diff options
Diffstat (limited to 'extra/qt')
| -rw-r--r-- | extra/qt/PKGBUILD | 13 | ||||
| -rw-r--r-- | extra/qt/disable-ssl-compression.patch | 68 |
2 files changed, 77 insertions, 4 deletions
diff --git a/extra/qt/PKGBUILD b/extra/qt/PKGBUILD index 680247643..f2f20250a 100644 --- a/extra/qt/PKGBUILD +++ b/extra/qt/PKGBUILD @@ -1,11 +1,11 @@ -# $Id: PKGBUILD 166954 2012-09-23 09:22:55Z andrea $ +# $Id: PKGBUILD 167191 2012-09-27 12:38:07Z andrea $ # Maintainer: Andrea Scarpino <andrea@archlinux.org> # Contributor: Pierre Schmitz <pierre@archlinux.de> pkgbase=qt pkgname=('qt' 'qt-private-headers') pkgver=4.8.3 -pkgrel=3 +pkgrel=4 arch=('i686' 'x86_64' 'mips64el') url='http://qt-project.org/' license=('GPL3' 'LGPL') @@ -21,7 +21,8 @@ source=("http://releases.qt-project.org/qt4/source/${_pkgfqn}.tar.gz" 'qtconfig.desktop' 'improve-cups-support.patch' 'fix-crash-in-assistant.patch' - 'undo-fix-jit-crash-on-x86_64.patch') + 'undo-fix-jit-crash-on-x86_64.patch' + 'disable-ssl-compression.patch') md5sums=('a663b6c875f8d7caa8ac9c30e4a4ec3b' 'fc211414130ab2764132e7370f8e5caa' '85179f5e0437514f8639957e1d8baf62' @@ -29,7 +30,8 @@ md5sums=('a663b6c875f8d7caa8ac9c30e4a4ec3b' '6b771c8a81dd90b45e8a79afa0e5bbfd' 'c439c7731c25387352d8453ca7574971' '57590084078b6379f0501f7728b02ae2' - '094e5a4e30e52423c77daa4a9c782df5') + '094e5a4e30e52423c77daa4a9c782df5' + '94e9e433342018bf35e8d6d968b7432c') build() { cd "${srcdir}"/${_pkgfqn} @@ -45,6 +47,9 @@ build() { # (FS#31654) patch -Rp1 -i "${srcdir}"/undo-fix-jit-crash-on-x86_64.patch + + # Security fix + patch -p1 -i "${srcdir}"/disable-ssl-compression.patch export QT4DIR="${srcdir}"/${_pkgfqn} export LD_LIBRARY_PATH=${QT4DIR}/lib:${LD_LIBRARY_PATH} diff --git a/extra/qt/disable-ssl-compression.patch b/extra/qt/disable-ssl-compression.patch new file mode 100644 index 000000000..443af57f3 --- /dev/null +++ b/extra/qt/disable-ssl-compression.patch @@ -0,0 +1,68 @@ +From d41dc3e101a694dec98d7bbb582d428d209e5401 Mon Sep 17 00:00:00 2001 +From: Richard Moore <rich@kde.org> +Date: Fri, 14 Sep 2012 00:13:08 +0100 +Subject: [PATCH] Disable SSL compression by default. + +Disable SSL compression by default since this appears to be the a likely +cause of the currently hyped CRIME attack. + +This is a backport of 5ea896fbc63593f424a7dfbb11387599c0025c74 + +Change-Id: I6eeefb23c6b140a9633b28ed85879459c474348a +Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> +Reviewed-by: Peter Hartmann <phartmann@rim.com> +--- + src/network/ssl/qssl.cpp | 5 +++-- + src/network/ssl/qsslconfiguration.cpp | 4 +++- + src/network/ssl/qsslconfiguration_p.h | 4 +++- + 3 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp +index 49e086f..9578178 100644 +--- a/src/network/ssl/qssl.cpp ++++ b/src/network/ssl/qssl.cpp +@@ -148,8 +148,9 @@ QT_BEGIN_NAMESPACE + + By default, SslOptionDisableEmptyFragments is turned on since this causes + problems with a large number of servers. SslOptionDisableLegacyRenegotiation +- is also turned on, since it introduces a security risk. The other options +- are turned off. ++ is also turned on, since it introduces a security risk. ++ SslOptionDisableCompression is turned on to prevent the attack publicised by ++ CRIME. The other options are turned off. + + Note: Availability of above options depends on the version of the SSL + backend in use. +diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp +index 24c7b77..3a05f54 100644 +--- a/src/network/ssl/qsslconfiguration.cpp ++++ b/src/network/ssl/qsslconfiguration.cpp +@@ -201,7 +201,9 @@ bool QSslConfiguration::isNull() const + d->privateKey.isNull() && + d->peerCertificate.isNull() && + d->peerCertificateChain.count() == 0 && +- d->sslOptions == (QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation)); ++ d->sslOptions == ( QSsl::SslOptionDisableEmptyFragments ++ |QSsl::SslOptionDisableLegacyRenegotiation ++ |QSsl::SslOptionDisableCompression)); + } + + /*! +diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h +index 74f17cd..c36b651 100644 +--- a/src/network/ssl/qsslconfiguration_p.h ++++ b/src/network/ssl/qsslconfiguration_p.h +@@ -83,7 +83,9 @@ public: + : protocol(QSsl::SecureProtocols), + peerVerifyMode(QSslSocket::AutoVerifyPeer), + peerVerifyDepth(0), +- sslOptions(QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation) ++ sslOptions(QSsl::SslOptionDisableEmptyFragments ++ |QSsl::SslOptionDisableLegacyRenegotiation ++ |QSsl::SslOptionDisableCompression) + { } + + QSslCertificate peerCertificate; +-- +1.7.10 + |