diff options
Diffstat (limited to 'source/l/qt')
-rw-r--r-- | source/l/qt/README | 1 | ||||
-rw-r--r--[-rwxr-xr-x] | source/l/qt/profile.d/qt4.csh | 0 | ||||
-rw-r--r--[-rwxr-xr-x] | source/l/qt/profile.d/qt4.sh | 0 | ||||
-rw-r--r-- | source/l/qt/qt.QSortFilterProxyModel.reformatted.diff | 92 | ||||
-rwxr-xr-x | source/l/qt/qt.SlackBuild | 20 | ||||
-rw-r--r-- | source/l/qt/qt.blacklist.bad.certs.diff | 67 | ||||
-rw-r--r-- | source/l/qt/qt.blacklist.bad.certs.patch02.diff | 35 |
7 files changed, 212 insertions, 3 deletions
diff --git a/source/l/qt/README b/source/l/qt/README index bdf9be99..9bbcb346 100644 --- a/source/l/qt/README +++ b/source/l/qt/README @@ -6,3 +6,4 @@ repository with this command: git clone git://gitorious.org/+kde-developers/qt/kde-qt.git +(see the SlackBuild for more details) diff --git a/source/l/qt/profile.d/qt4.csh b/source/l/qt/profile.d/qt4.csh index 6e2c726c..6e2c726c 100755..100644 --- a/source/l/qt/profile.d/qt4.csh +++ b/source/l/qt/profile.d/qt4.csh diff --git a/source/l/qt/profile.d/qt4.sh b/source/l/qt/profile.d/qt4.sh index 5b4b830a..5b4b830a 100755..100644 --- a/source/l/qt/profile.d/qt4.sh +++ b/source/l/qt/profile.d/qt4.sh diff --git a/source/l/qt/qt.QSortFilterProxyModel.reformatted.diff b/source/l/qt/qt.QSortFilterProxyModel.reformatted.diff new file mode 100644 index 00000000..0ab94b31 --- /dev/null +++ b/source/l/qt/qt.QSortFilterProxyModel.reformatted.diff @@ -0,0 +1,92 @@ +--- ./src/gui/itemviews/qsortfilterproxymodel.cpp.orig 2010-11-20 17:54:23.000000000 -0600 ++++ ./src/gui/itemviews/qsortfilterproxymodel.cpp 2011-01-07 00:40:04.000000000 -0600 +@@ -782,14 +782,14 @@ + if (orthogonal_source_to_proxy.isEmpty()) { + const int ortho_end = (orient == Qt::Horizontal) ? model->rowCount(source_parent) : model->columnCount(source_parent); + ++ orthogonal_source_to_proxy.resize(ortho_end); ++ + for (int ortho_item = 0; ortho_item < ortho_end; ++ortho_item) { + if ((orient == Qt::Horizontal) ? q->filterAcceptsRow(ortho_item, source_parent) + : q->filterAcceptsColumn(ortho_item, source_parent)) { + orthogonal_proxy_to_source.append(ortho_item); + } + } +- orthogonal_source_to_proxy.resize(orthogonal_proxy_to_source.size()); +- + if (orient == Qt::Horizontal) { + // We're reacting to columnsInserted, but we've just inserted new rows. Sort them. + sort_source_rows(orthogonal_proxy_to_source, source_parent); +--- ./tests/auto/qsortfilterproxymodel/qsortfilterproxymodel.pro.orig 2010-11-20 17:54:28.000000000 -0600 ++++ ./tests/auto/qsortfilterproxymodel/qsortfilterproxymodel.pro 2011-01-07 00:40:04.000000000 -0600 +@@ -1,6 +1,7 @@ + load(qttest_p4) + +-SOURCES += tst_qsortfilterproxymodel.cpp +- ++INCLUDEPATH += $$PWD/../modeltest + ++SOURCES += tst_qsortfilterproxymodel.cpp ../modeltest/dynamictreemodel.cpp ../modeltest/modeltest.cpp ++HEADERS += ../modeltest/dynamictreemodel.h ../modeltest/modeltest.h + +--- ./tests/auto/qsortfilterproxymodel/tst_qsortfilterproxymodel.cpp.orig 2010-11-20 17:54:28.000000000 -0600 ++++ ./tests/auto/qsortfilterproxymodel/tst_qsortfilterproxymodel.cpp 2011-01-07 00:41:02.000000000 -0600 +@@ -43,6 +43,9 @@ + #include <QtTest/QtTest> + #include "../../shared/util.h" + ++#include "dynamictreemodel.h" ++#include "modeltest.h" ++ + #include <QtCore> + #include <QtGui> + +@@ -143,6 +146,7 @@ + void taskQTBUG_10287_unnecessaryMapCreation(); + + void testMultipleProxiesWithSelection(); ++ void filteredColumns(); + + protected: + void buildHierarchy(const QStringList &data, QAbstractItemModel *model); +@@ -3135,5 +3139,40 @@ + // No assert failure, it passes. + } + ++class FilteredColumnProxyModel : public QSortFilterProxyModel ++{ ++ Q_OBJECT ++public: ++ FilteredColumnProxyModel(QObject *parent = 0) ++ : QSortFilterProxyModel(parent) ++ { ++ ++ } ++ ++protected: ++ bool filterAcceptsColumn(int column, const QModelIndex &source_parent) const ++ { ++ return column % 2 != 0; ++ } ++}; ++ ++void tst_QSortFilterProxyModel::filteredColumns() ++{ ++ DynamicTreeModel *model = new DynamicTreeModel(this); ++ ++ FilteredColumnProxyModel *proxy = new FilteredColumnProxyModel(this); ++ proxy->setSourceModel(model); ++ ++ new ModelTest(proxy, this); ++ ++ ModelInsertCommand *insertCommand = new ModelInsertCommand(model, this); ++ insertCommand->setNumCols(2); ++ insertCommand->setStartRow(0); ++ insertCommand->setEndRow(0); ++ // Parent is QModelIndex() ++ insertCommand->doCommand(); ++ ++} ++ + QTEST_MAIN(tst_QSortFilterProxyModel) + #include "tst_qsortfilterproxymodel.moc" diff --git a/source/l/qt/qt.SlackBuild b/source/l/qt/qt.SlackBuild index c04221c3..f79d2c2a 100755 --- a/source/l/qt/qt.SlackBuild +++ b/source/l/qt/qt.SlackBuild @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright 2006, 2007, 2008, 2009, 2010 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2006, 2007, 2008, 2009, 2010, 2011 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -31,11 +31,14 @@ # git checkout origin/4.5.3-patched # git checkout origin/4.6.0-stable-patched # git checkout origin/4.6.1-patched +# git checkout origin/4.7.0-patched +# +# Alternate method (we don't use this): # wget http://qt.gitorious.org/qt/kde-qt/archive-tarball/4.6.2-patched PKGNAM=qt VERSION=$(ls qt-*.tar.?z* | cut -d - -f 2 | rev | cut -f 3- -d . | rev) -BUILD=${BUILD:-1} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -109,7 +112,14 @@ if [ $ARCH = "i486" ]; then fi # Fix path to mysql header -zcat $CWD/qt.mysql.h.diff.gz | patch -p1 || exit 1 +zcat $CWD/qt.mysql.h.diff.gz | patch -p1 --verbose || exit 1 + +# Upstream patch required for upcoming kdepim-4.6.x: +zcat $CWD/qt.QSortFilterProxyModel.reformatted.diff.gz | patch -p1 --verbose || exit 1 + +# Blacklist compromised certificates: +zcat $CWD/qt.blacklist.bad.certs.diff.gz | patch -p1 --verbose || exit 1 +zcat $CWD/qt.blacklist.bad.certs.patch02.diff.gz | patch -p1 --verbose || exit 1 export CFLAGS="$SLKCFLAGS" export CXXFLAGS="$SLKCFLAGS" @@ -142,6 +152,10 @@ make install INSTALL_ROOT=$PKG || exit 1 # The infamous qt -> qt-${VERSION} link that keeps the full path out of .la files: ( cd $PKG/usr/lib${LIBDIRSUFFIX} ; ln -sf qt qt-${VERSION} ) +# libjscore is used internally. Prevent a false dependency on this in the .la files: +sed -i "s,-ljscore,,g" $PKG/usr/lib${LIBDIRSUFFIX}/qt/lib/*.la $PKG/usr/lib${LIBDIRSUFFIX}/qt/lib/pkgconfig/*.pc +sed -i "s,-L../JavaScriptCore/release,,g" $PKG/usr/lib${LIBDIRSUFFIX}/qt/lib/*.la $PKG/usr/lib${LIBDIRSUFFIX}/qt/lib/pkgconfig/*.pc + # Link the shared libraries into /usr/lib: ( cd $PKG/usr/lib${LIBDIRSUFFIX} for file in qt/lib/*.so* ; do diff --git a/source/l/qt/qt.blacklist.bad.certs.diff b/source/l/qt/qt.blacklist.bad.certs.diff new file mode 100644 index 00000000..38b6d369 --- /dev/null +++ b/source/l/qt/qt.blacklist.bad.certs.diff @@ -0,0 +1,67 @@ +--- ./src/network/ssl/qsslcertificate_p.h.orig 2010-11-20 17:54:24.000000000 -0600 ++++ ./src/network/ssl/qsslcertificate_p.h 2011-03-24 18:08:59.000000000 -0500 +@@ -96,6 +96,7 @@ + static QSslCertificate QSslCertificate_from_X509(X509 *x509); + static QList<QSslCertificate> certificatesFromPem(const QByteArray &pem, int count = -1); + static QList<QSslCertificate> certificatesFromDer(const QByteArray &der, int count = -1); ++ static bool isBlacklisted(const QSslCertificate &certificate); + + friend class QSslSocketBackendPrivate; + +--- ./src/network/ssl/qsslcertificate.cpp.orig 2010-11-20 17:54:24.000000000 -0600 ++++ ./src/network/ssl/qsslcertificate.cpp 2011-03-24 18:08:59.000000000 -0500 +@@ -219,17 +219,19 @@ + Returns true if this certificate is valid; otherwise returns + false. + +- Note: Currently, this function only checks that the current ++ Note: Currently, this function checks that the current + data-time is within the date-time range during which the +- certificate is considered valid. No other checks are +- currently performed. ++ certificate is considered valid, and checks that the ++ certificate is not in a blacklist of fraudulent certificates. + + \sa isNull() + */ + bool QSslCertificate::isValid() const + { + const QDateTime currentTime = QDateTime::currentDateTime(); +- return currentTime >= d->notValidBefore && currentTime <= d->notValidAfter; ++ return currentTime >= d->notValidBefore && ++ currentTime <= d->notValidAfter && ++ ! QSslCertificatePrivate::isBlacklisted(*this); + } + + /*! +@@ -798,6 +800,30 @@ + return certificates; + } + ++// These certificates are known to be fraudulent and were created during the comodo ++// compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html ++static const char *certificate_blacklist[] = { ++ "04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e", ++ "f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06", ++ "d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3", ++ "39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29", ++ "3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71", ++ "e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47", ++ "92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43", ++ "b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0", ++ "d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0", ++ 0 ++}; ++ ++bool QSslCertificatePrivate::isBlacklisted(const QSslCertificate &certificate) ++{ ++ for (int a = 0; certificate_blacklist[a] != 0; a++) { ++ if (certificate.serialNumber() == certificate_blacklist[a]) ++ return true; ++ } ++ return false; ++} ++ + #ifndef QT_NO_DEBUG_STREAM + QDebug operator<<(QDebug debug, const QSslCertificate &certificate) + { diff --git a/source/l/qt/qt.blacklist.bad.certs.patch02.diff b/source/l/qt/qt.blacklist.bad.certs.patch02.diff new file mode 100644 index 00000000..b8bb1e4e --- /dev/null +++ b/source/l/qt/qt.blacklist.bad.certs.patch02.diff @@ -0,0 +1,35 @@ +From b87528a71b66e786c11804d7b79e408aae612748 Mon Sep 17 00:00:00 2001 +From: Peter Hartmann <peter.hartmann@nokia.com> +Date: Fri, 25 Mar 2011 13:45:24 +0100 +Subject: [PATCH] QSslSocket internals: abort on encountering blacklisted certificates + +tested manually with "openssl s_server -cert blacklisted.pem -key +key.pem" and connecting a QSslSocket. + +Reviewed-by: Markus Goetz +Task-number: QTBUG-18338 +--- + src/network/ssl/qsslsocket_openssl.cpp | 7 +++++++ + 1 files changed, 7 insertions(+), 0 deletions(-) + +diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +index 0866534..2427193 100644 +--- a/src/network/ssl/qsslsocket_openssl.cpp ++++ b/src/network/ssl/qsslsocket_openssl.cpp +@@ -1193,6 +1193,13 @@ bool QSslSocketBackendPrivate::startHandshake() + X509 *x509 = q_SSL_get_peer_certificate(ssl); + configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509); + q_X509_free(x509); ++ if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) { ++ q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted")); ++ q->setSocketError(QAbstractSocket::SslHandshakeFailedError); ++ emit q->error(QAbstractSocket::SslHandshakeFailedError); ++ plainSocket->disconnectFromHost(); ++ return false; ++ } + + // Start translating errors. + QList<QSslError> errors; +-- +1.6.1 + |