From 3edc42216fee4bb8237aa128510c32ceb77dfd8f Mon Sep 17 00:00:00 2001 From: root Date: Fri, 28 Sep 2012 01:39:44 -0700 Subject: Fri Sep 28 01:39:41 PDT 2012 --- extra/cppunit/PKGBUILD | 6 +-- extra/feh/PKGBUILD | 6 +-- extra/gnutls/PKGBUILD | 8 ++-- extra/imagemagick/PKGBUILD | 6 +-- extra/libtasn1/PKGBUILD | 8 ++-- extra/live-media/PKGBUILD | 6 +-- extra/qt/PKGBUILD | 13 +++++-- extra/qt/disable-ssl-compression.patch | 68 ++++++++++++++++++++++++++++++++++ extra/quota-tools/PKGBUILD | 15 ++++---- 9 files changed, 104 insertions(+), 32 deletions(-) create mode 100644 extra/qt/disable-ssl-compression.patch (limited to 'extra') diff --git a/extra/cppunit/PKGBUILD b/extra/cppunit/PKGBUILD index 988124454..6fcb3d40d 100644 --- a/extra/cppunit/PKGBUILD +++ b/extra/cppunit/PKGBUILD @@ -1,11 +1,11 @@ -# $Id: PKGBUILD 163110 2012-07-07 09:30:05Z andyrtr $ +# $Id: PKGBUILD 167193 2012-09-27 15:30:04Z andyrtr $ # Maintainer: Stéphane Gaudreault # Contributor: Jeff 'codemac' Mickey pkgname=cppunit -pkgver=1.13.0 +pkgver=1.13.1 pkgrel=1 -_hash=0c65c839854edd43d9294d1431a2b292 +_hash=fa9aa839145cdf860bf596532bb8af97 pkgdesc="A C++ unit testing framework" arch=('i686' 'x86_64') url="http://www.freedesktop.org/wiki/Software/cppunit" diff --git a/extra/feh/PKGBUILD b/extra/feh/PKGBUILD index 1274c5c59..5098feb65 100644 --- a/extra/feh/PKGBUILD +++ b/extra/feh/PKGBUILD @@ -1,11 +1,11 @@ -# $Id: PKGBUILD 167159 2012-09-26 17:14:45Z bisson $ +# $Id: PKGBUILD 167203 2012-09-27 22:43:39Z bisson $ # Maintainer: Gaetan Bisson # Contributor: Andrea Scarpino # Contributor: dorphell # Contributor: Tom Newsom pkgname=feh -pkgver=2.6.2 +pkgver=2.6.3 pkgrel=1 pkgdesc='Fast and light imlib2-based image viewer' url='http://feh.finalrewind.org/' @@ -16,7 +16,7 @@ optdepends=('perl: feh-cam, webcam wrapper for feh' 'imagemagick: support more file formats') makedepends=('libxt') source=("${url}${pkgname}-${pkgver}.tar.bz2") -sha1sums=('a2c6cf99ef2128834d14c0367cb5a9a11957ba6c') +sha1sums=('3aa991b1596d5bc1fb35e8a1b356b5f1a8a9c04e') build() { cd "${srcdir}/${pkgname}-${pkgver}" diff --git a/extra/gnutls/PKGBUILD b/extra/gnutls/PKGBUILD index f35e89e63..ad28fdfc6 100644 --- a/extra/gnutls/PKGBUILD +++ b/extra/gnutls/PKGBUILD @@ -1,8 +1,8 @@ -# $Id: PKGBUILD 165900 2012-09-03 09:49:29Z andyrtr $ +# $Id: PKGBUILD 167195 2012-09-27 15:45:57Z andyrtr $ # Maintainer: Jan de Groot pkgname=gnutls -pkgver=3.1.1 +pkgver=3.1.2 pkgrel=1 pkgdesc="A library which provides a secure layer over a reliable transport layer" arch=('i686' 'x86_64') @@ -13,8 +13,8 @@ options=('!libtool' '!zipman') depends=('gcc-libs>=4.7.1-5' 'libtasn1' 'readline' 'zlib' 'nettle>=2.4' 'p11-kit>=0.12') makedepends=('valgrind' 'strace') source=(http://ftp.gnu.org/gnu/gnutls/${pkgname}-${pkgver}.tar.xz{,.sig}) -md5sums=('59c432df79108c74c34a4582c7d7e7e7' - '00d354ec9ac8ca4329b35ea397589b6c') +md5sums=('5d722e5850d79269ba413b0e69b9e14f' + '2764135bac008654a0b2fdd9fc6e62d1') build() { cd "${srcdir}/${pkgname}-${pkgver}" diff --git a/extra/imagemagick/PKGBUILD b/extra/imagemagick/PKGBUILD index d7e3ab964..b3a717d40 100644 --- a/extra/imagemagick/PKGBUILD +++ b/extra/imagemagick/PKGBUILD @@ -1,9 +1,9 @@ -# $Id: PKGBUILD 166610 2012-09-13 02:13:20Z eric $ +# $Id: PKGBUILD 167199 2012-09-27 17:38:29Z eric $ # Maintainer: Eric Bélanger pkgbase=imagemagick pkgname=('imagemagick' 'imagemagick-doc') -pkgver=6.7.9.4 +pkgver=6.7.9.8 pkgrel=1 arch=('i686' 'x86_64') url="http://www.imagemagick.org/" @@ -12,7 +12,7 @@ makedepends=('libltdl' 'lcms2' 'libxt' 'fontconfig' 'libxext' 'ghostscript' \ 'openexr' 'libwmf' 'librsvg' 'libxml2' 'jasper' 'liblqr') source=(ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-${pkgver%.*}-${pkgver##*.}.tar.xz \ perlmagick.rpath.patch) -sha1sums=('6fa1a160c85f9119047a94ad1c8d3f49d9a84492' +sha1sums=('dc61335f931ea637e7bd2e711b520d221bfe464c' '23405f80904b1de94ebd7bd6fe2a332471b8c283') build() { diff --git a/extra/libtasn1/PKGBUILD b/extra/libtasn1/PKGBUILD index 20d5bf4cc..ffcdb9bb9 100644 --- a/extra/libtasn1/PKGBUILD +++ b/extra/libtasn1/PKGBUILD @@ -1,9 +1,9 @@ -# $Id: PKGBUILD 160686 2012-06-03 18:36:06Z andyrtr $ +# $Id: PKGBUILD 167197 2012-09-27 15:53:17Z andyrtr $ # Maintainer: Jan de Groot # Contributor: judd pkgname=libtasn1 -pkgver=2.13 +pkgver=2.14 pkgrel=1 pkgdesc="The ASN.1 library used in GNUTLS" arch=('i686' 'x86_64') @@ -13,8 +13,8 @@ depends=('glibc' 'texinfo') options=('!libtool') install=libtasn1.install source=(http://ftp.gnu.org/gnu/libtasn1/${pkgname}-${pkgver}.tar.gz{,.sig}) -sha1sums=('89120584bfedd244dab92df99e955a174c481851' - '2f9ce2aef6c1bd78f462e95de531b2b61f59d13c') +sha1sums=('22f9e0b15f870c8e03ac9cc1ead969d4d84eb931' + 'cd6fdde4f59f7c24eb738896904034f17ab490f2') build() { cd "${srcdir}/${pkgname}-${pkgver}" diff --git a/extra/live-media/PKGBUILD b/extra/live-media/PKGBUILD index 709eb00c7..0a69ffbc8 100644 --- a/extra/live-media/PKGBUILD +++ b/extra/live-media/PKGBUILD @@ -1,9 +1,9 @@ -# $Id: PKGBUILD 166690 2012-09-15 17:24:11Z giovanni $ +# $Id: PKGBUILD 167205 2012-09-27 23:00:52Z giovanni $ # Maintainer: Giovanni Scafora # Contributor: Gilles CHAUVIN pkgname=live-media -pkgver=2012.09.13 +pkgver=2012.09.27 pkgrel=1 pkgdesc="A set of C++ libraries for multimedia streaming" arch=('i686' 'x86_64') @@ -11,7 +11,7 @@ license=('LGPL') url="http://live555.com/liveMedia" depends=('gcc-libs') source=("http://live555.com/liveMedia/public/live.${pkgver}.tar.gz") -md5sums=('33ffc8df7f07a6db0e923d73dfdc0547') +md5sums=('a587166b7830f1be4b829c2bf84ac195') build() { cd ${srcdir}/live diff --git a/extra/qt/PKGBUILD b/extra/qt/PKGBUILD index a29c185e7..c2002dea7 100644 --- a/extra/qt/PKGBUILD +++ b/extra/qt/PKGBUILD @@ -1,11 +1,11 @@ -# $Id: PKGBUILD 166954 2012-09-23 09:22:55Z andrea $ +# $Id: PKGBUILD 167191 2012-09-27 12:38:07Z andrea $ # Maintainer: Andrea Scarpino # Contributor: Pierre Schmitz pkgbase=qt pkgname=('qt' 'qt-private-headers') pkgver=4.8.3 -pkgrel=3 +pkgrel=4 arch=('i686' 'x86_64') url='http://qt-project.org/' license=('GPL3' 'LGPL') @@ -20,7 +20,8 @@ source=("http://releases.qt-project.org/qt4/source/${_pkgfqn}.tar.gz" 'qtconfig.desktop' 'improve-cups-support.patch' 'fix-crash-in-assistant.patch' - 'undo-fix-jit-crash-on-x86_64.patch') + 'undo-fix-jit-crash-on-x86_64.patch' + 'disable-ssl-compression.patch') md5sums=('a663b6c875f8d7caa8ac9c30e4a4ec3b' 'fc211414130ab2764132e7370f8e5caa' '85179f5e0437514f8639957e1d8baf62' @@ -28,7 +29,8 @@ md5sums=('a663b6c875f8d7caa8ac9c30e4a4ec3b' '6b771c8a81dd90b45e8a79afa0e5bbfd' 'c439c7731c25387352d8453ca7574971' '57590084078b6379f0501f7728b02ae2' - '094e5a4e30e52423c77daa4a9c782df5') + '094e5a4e30e52423c77daa4a9c782df5' + '94e9e433342018bf35e8d6d968b7432c') build() { cd "${srcdir}"/${_pkgfqn} @@ -41,6 +43,9 @@ build() { # (FS#31654) patch -Rp1 -i "${srcdir}"/undo-fix-jit-crash-on-x86_64.patch + + # Security fix + patch -p1 -i "${srcdir}"/disable-ssl-compression.patch export QT4DIR="${srcdir}"/${_pkgfqn} export LD_LIBRARY_PATH=${QT4DIR}/lib:${LD_LIBRARY_PATH} diff --git a/extra/qt/disable-ssl-compression.patch b/extra/qt/disable-ssl-compression.patch new file mode 100644 index 000000000..443af57f3 --- /dev/null +++ b/extra/qt/disable-ssl-compression.patch @@ -0,0 +1,68 @@ +From d41dc3e101a694dec98d7bbb582d428d209e5401 Mon Sep 17 00:00:00 2001 +From: Richard Moore +Date: Fri, 14 Sep 2012 00:13:08 +0100 +Subject: [PATCH] Disable SSL compression by default. + +Disable SSL compression by default since this appears to be the a likely +cause of the currently hyped CRIME attack. + +This is a backport of 5ea896fbc63593f424a7dfbb11387599c0025c74 + +Change-Id: I6eeefb23c6b140a9633b28ed85879459c474348a +Reviewed-by: Thiago Macieira +Reviewed-by: Peter Hartmann +--- + src/network/ssl/qssl.cpp | 5 +++-- + src/network/ssl/qsslconfiguration.cpp | 4 +++- + src/network/ssl/qsslconfiguration_p.h | 4 +++- + 3 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp +index 49e086f..9578178 100644 +--- a/src/network/ssl/qssl.cpp ++++ b/src/network/ssl/qssl.cpp +@@ -148,8 +148,9 @@ QT_BEGIN_NAMESPACE + + By default, SslOptionDisableEmptyFragments is turned on since this causes + problems with a large number of servers. SslOptionDisableLegacyRenegotiation +- is also turned on, since it introduces a security risk. The other options +- are turned off. ++ is also turned on, since it introduces a security risk. ++ SslOptionDisableCompression is turned on to prevent the attack publicised by ++ CRIME. The other options are turned off. + + Note: Availability of above options depends on the version of the SSL + backend in use. +diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp +index 24c7b77..3a05f54 100644 +--- a/src/network/ssl/qsslconfiguration.cpp ++++ b/src/network/ssl/qsslconfiguration.cpp +@@ -201,7 +201,9 @@ bool QSslConfiguration::isNull() const + d->privateKey.isNull() && + d->peerCertificate.isNull() && + d->peerCertificateChain.count() == 0 && +- d->sslOptions == (QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation)); ++ d->sslOptions == ( QSsl::SslOptionDisableEmptyFragments ++ |QSsl::SslOptionDisableLegacyRenegotiation ++ |QSsl::SslOptionDisableCompression)); + } + + /*! +diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h +index 74f17cd..c36b651 100644 +--- a/src/network/ssl/qsslconfiguration_p.h ++++ b/src/network/ssl/qsslconfiguration_p.h +@@ -83,7 +83,9 @@ public: + : protocol(QSsl::SecureProtocols), + peerVerifyMode(QSslSocket::AutoVerifyPeer), + peerVerifyDepth(0), +- sslOptions(QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation) ++ sslOptions(QSsl::SslOptionDisableEmptyFragments ++ |QSsl::SslOptionDisableLegacyRenegotiation ++ |QSsl::SslOptionDisableCompression) + { } + + QSslCertificate peerCertificate; +-- +1.7.10 + diff --git a/extra/quota-tools/PKGBUILD b/extra/quota-tools/PKGBUILD index 33474d7e9..41bb7f216 100644 --- a/extra/quota-tools/PKGBUILD +++ b/extra/quota-tools/PKGBUILD @@ -1,8 +1,8 @@ -# $Id: PKGBUILD 163746 2012-07-18 22:38:58Z eric $ +# $Id: PKGBUILD 167201 2012-09-27 19:22:41Z eric $ # Maintainer: Eric Bélanger pkgname=quota-tools -pkgver=4.00 +pkgver=4.01 pkgrel=1 epoch=1 pkgdesc="Tools to manage kernel-level quotas in Linux" @@ -12,21 +12,20 @@ license=('GPL' 'BSD') depends=('e2fsprogs') backup=('etc/warnquota.conf' 'etc/quotatab' 'etc/quotagrpadmins') options=('!emptydirs') -source=(http://downloads.sourceforge.net/sourceforge/linuxquota/quota-${pkgver}.tar.gz \ - LICENSE) -sha1sums=('9ef79933bebfd80f007600fd422616ad161c5fd0' - '57297bdc9e638c500506169bbbe12eb89bcf7d07') +source=(http://downloads.sourceforge.net/sourceforge/linuxquota/quota-${pkgver}.tar.gz) +sha1sums=('64d2ab8b039cfea1aa4bd9e77e8c373488a7f0bf') build() { cd "${srcdir}/${pkgname}" ./configure --prefix=/usr --sysconfdir=/etc - make RPCGEN="rpcgen -Y /usr/bin" + make } package() { cd "${srcdir}/${pkgname}" make ROOTDIR="${pkgdir}" install - install -D -m644 "${srcdir}/LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" + install -d "${pkgdir}/usr/share/licenses/${pkgname}" + head -33 quota.c > "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" # remove conflicts with glibc rm "${pkgdir}"/usr/include/rpcsvc/rquota.{h,x} -- cgit v1.2.3-54-g00ecf