diff options
author | Fathi Boudra <fabo@debian.org> | 2011-09-12 09:46:10 +0300 |
---|---|---|
committer | Fathi Boudra <fabo@debian.org> | 2011-09-12 09:46:10 +0300 |
commit | 438cedd6a0d106895fe682c5bf31b72d75564089 (patch) | |
tree | 5f93f95b0d2068ee95c964eb6e0db34fb87e9e6f /debian | |
parent | b6ac5196b4488756d35c2be7be2167febc0b0386 (diff) | |
download | qt4-x11-438cedd6a0d106895fe682c5bf31b72d75564089.tar.gz |
Resfresh patches
Diffstat (limited to 'debian')
19 files changed, 119 insertions, 118 deletions
diff --git a/debian/patches/0195-compositing-properties.diff b/debian/patches/0195-compositing-properties.diff index 2bee97e..4de741b 100644 --- a/debian/patches/0195-compositing-properties.diff +++ b/debian/patches/0195-compositing-properties.diff @@ -13,7 +13,7 @@ bugs.kde.org number : none --- a/src/gui/kernel/qwidget_x11.cpp +++ b/src/gui/kernel/qwidget_x11.cpp -@@ -762,6 +762,11 @@ void QWidgetPrivate::create_sys(WId wind +@@ -764,6 +764,11 @@ void QWidgetPrivate::create_sys(WId wind Q_ASSERT(id); XChangeWindowAttributes(dpy, id, CWOverrideRedirect | CWSaveUnder, &wsa); @@ -25,7 +25,7 @@ bugs.kde.org number : none } else if (topLevel && !desktop) { // top-level widget if (!X11->wm_client_leader) create_wm_client_leader(); -@@ -815,13 +820,21 @@ void QWidgetPrivate::create_sys(WId wind +@@ -817,13 +822,21 @@ void QWidgetPrivate::create_sys(WId wind // set EWMH window types setNetWmWindowTypes(); @@ -49,7 +49,7 @@ bugs.kde.org number : none // declare the widget's window role if (QTLWExtra *topData = maybeTopData()) { -@@ -837,10 +850,6 @@ void QWidgetPrivate::create_sys(WId wind +@@ -839,10 +852,6 @@ void QWidgetPrivate::create_sys(WId wind XChangeProperty(dpy, id, ATOM(WM_CLIENT_LEADER), XA_WINDOW, 32, PropModeReplace, (unsigned char *)&X11->wm_client_leader, 1); diff --git a/debian/patches/01_debian_append_qt4_suffix.diff b/debian/patches/01_debian_append_qt4_suffix.diff index 5c97c52..6548737 100644 --- a/debian/patches/01_debian_append_qt4_suffix.diff +++ b/debian/patches/01_debian_append_qt4_suffix.diff @@ -92,7 +92,7 @@ Forwarded: not-needed if [ "$VERBOSE" = "yes" ]; then --- a/configure +++ b/configure -@@ -4596,7 +4596,7 @@ END { +@@ -4568,7 +4568,7 @@ END { } # build qmake @@ -101,7 +101,7 @@ Forwarded: not-needed echo "Creating qmake. Please wait..." OLD_QCONFIG_H= -@@ -8033,8 +8033,8 @@ QMAKE_ABSOLUTE_SOURCE_ROOT = \$\$QT_SOUR +@@ -7996,8 +7996,8 @@ QMAKE_ABSOLUTE_SOURCE_ROOT = \$\$QT_SOUR QMAKE_MOC_SRC = \$\$QT_BUILD_TREE/src/moc #local paths that cannot be queried from the QT_INSTALL_* properties while building QTDIR @@ -112,7 +112,7 @@ Forwarded: not-needed QMAKE_UIC3 = \$\$QT_BUILD_TREE/bin/uic3 QMAKE_RCC = \$\$QT_BUILD_TREE/bin/rcc QMAKE_QDBUSXML2CPP = \$\$QT_BUILD_TREE/bin/qdbusxml2cpp -@@ -8435,11 +8435,11 @@ EXEC="" +@@ -8400,11 +8400,11 @@ EXEC="" echo "Finding project files. Please wait..." if [ "$CFG_NOPROCESS" != "yes" ]; then @@ -126,7 +126,7 @@ Forwarded: not-needed fi fi -@@ -8626,7 +8626,7 @@ for file in .projects .projects.3; do +@@ -8591,7 +8591,7 @@ for file in .projects .projects.3; do QMAKE_SPEC_ARGS="-spec $SPEC" echo $ECHO_N " for $a$ECHO_C" @@ -137,7 +137,7 @@ Forwarded: not-needed echo " (fast)" --- a/projects.pro +++ b/projects.pro -@@ -153,7 +153,7 @@ qmake.path=$$[QT_INSTALL_BINS] +@@ -148,7 +148,7 @@ qmake.path=$$[QT_INSTALL_BINS] win32 { qmake.files=$$QT_BUILD_TREE/bin/qmake.exe } else { diff --git a/debian/patches/02_syncqt_sane_timestamp_for_nonexisting_headers.diff b/debian/patches/02_syncqt_sane_timestamp_for_nonexisting_headers.diff index 16b3ddd..4ed2840 100644 --- a/debian/patches/02_syncqt_sane_timestamp_for_nonexisting_headers.diff +++ b/debian/patches/02_syncqt_sane_timestamp_for_nonexisting_headers.diff @@ -15,7 +15,7 @@ GMT.) for the symlink, just use current time(). --- a/bin/syncqt +++ b/bin/syncqt -@@ -830,7 +830,7 @@ foreach my $lib (@modules_to_sync) { +@@ -832,7 +832,7 @@ foreach my $lib (@modules_to_sync) { print "SYMBOL: $_\n"; } } else { diff --git a/debian/patches/08_configure_quilt_compat.diff b/debian/patches/08_configure_quilt_compat.diff index d250f49..047ec17 100644 --- a/debian/patches/08_configure_quilt_compat.diff +++ b/debian/patches/08_configure_quilt_compat.diff @@ -7,7 +7,7 @@ It breaks qmake projects search. --- a/configure +++ b/configure -@@ -8492,7 +8492,7 @@ fi +@@ -8457,7 +8457,7 @@ fi # .projects.3 -> the rest rm -f .projects .projects.1 .projects.2 .projects.3 diff --git a/debian/patches/12_add_nostrip_for_debug_packages.diff b/debian/patches/12_add_nostrip_for_debug_packages.diff index 200f313..23f2d52 100644 --- a/debian/patches/12_add_nostrip_for_debug_packages.diff +++ b/debian/patches/12_add_nostrip_for_debug_packages.diff @@ -10,7 +10,7 @@ let dh_strip do it to generate debug packages. --- a/configure +++ b/configure -@@ -650,6 +650,8 @@ mkdir -p "$outpath/config.tests" +@@ -627,6 +627,8 @@ mkdir -p "$outpath/config.tests" rm -f "$outpath/config.tests/.qmake.cache" cp "$QMAKE_VARS_FILE" "$outpath/config.tests/.qmake.cache" diff --git a/debian/patches/15_fix_qmake_makefile_generation.diff b/debian/patches/15_fix_qmake_makefile_generation.diff index df4f9cb..9860128 100644 --- a/debian/patches/15_fix_qmake_makefile_generation.diff +++ b/debian/patches/15_fix_qmake_makefile_generation.diff @@ -7,7 +7,7 @@ Author: Sune Vuorela <debian@pusling.com> --- a/qmake/generators/makefile.cpp +++ b/qmake/generators/makefile.cpp -@@ -2433,7 +2433,7 @@ MakefileGenerator::writeSubTargets(QText +@@ -2434,7 +2434,7 @@ MakefileGenerator::writeSubTargets(QText QString mkfile = subtarget->makefile; if(!in_directory.isEmpty()) diff --git a/debian/patches/18_enable_qt3support_qtwebkit_debug_info.diff b/debian/patches/18_enable_qt3support_qtwebkit_debug_info.diff index fc643d1..75983d2 100644 --- a/debian/patches/18_enable_qt3support_qtwebkit_debug_info.diff +++ b/debian/patches/18_enable_qt3support_qtwebkit_debug_info.diff @@ -10,7 +10,7 @@ This patch enable them. --- a/src/3rdparty/webkit/WebCore/WebCore.pro +++ b/src/3rdparty/webkit/WebCore/WebCore.pro -@@ -2954,8 +2954,6 @@ HEADERS += $$WEBKIT_API_HEADERS +@@ -2953,8 +2953,6 @@ HEADERS += $$WEBKIT_API_HEADERS !CONFIG(webkit-debug):CONFIG(QTDIR_build) { # Remove the following 2 lines if you want debug information in WebCore diff --git a/debian/patches/40_alpha_ice.diff b/debian/patches/40_alpha_ice.diff index 3eef118..c29a1af 100644 --- a/debian/patches/40_alpha_ice.diff +++ b/debian/patches/40_alpha_ice.diff @@ -11,7 +11,7 @@ Author: Steve Langasek <vorlon@debian.org> --- a/src/corelib/global/qlibraryinfo.cpp +++ b/src/corelib/global/qlibraryinfo.cpp -@@ -89,12 +89,7 @@ class QLibraryInfoPrivate +@@ -85,12 +85,7 @@ class QLibraryInfoPrivate { public: static QSettings *findConfiguration(); @@ -25,7 +25,7 @@ Author: Steve Langasek <vorlon@debian.org> static QSettings *configuration() { QLibrarySettings *ls = qt_library_settings(); -@@ -102,6 +97,13 @@ public: +@@ -98,6 +93,13 @@ public: } }; diff --git a/debian/patches/96_webkit_no_gc_sections.diff b/debian/patches/96_webkit_no_gc_sections.diff index 0e1c83b..29a73c5 100644 --- a/debian/patches/96_webkit_no_gc_sections.diff +++ b/debian/patches/96_webkit_no_gc_sections.diff @@ -13,7 +13,7 @@ Last-Update: 2010-05-31 (mipsel added) --- a/src/3rdparty/webkit/WebCore/WebCore.pro +++ b/src/3rdparty/webkit/WebCore/WebCore.pro -@@ -90,7 +90,7 @@ unix { +@@ -89,7 +89,7 @@ unix { } unix:!mac:*-g++*:QMAKE_CXXFLAGS += -ffunction-sections -fdata-sections diff --git a/debian/patches/Add_support_for_QT_USE_DRAG_DISTANCE_env_var.patch b/debian/patches/Add_support_for_QT_USE_DRAG_DISTANCE_env_var.patch index 1369d03..33c8510 100644 --- a/debian/patches/Add_support_for_QT_USE_DRAG_DISTANCE_env_var.patch +++ b/debian/patches/Add_support_for_QT_USE_DRAG_DISTANCE_env_var.patch @@ -8,8 +8,8 @@ Author: Joonas Tanskanen <joonas.tanskanen@sasken.com> --- a/src/gui/kernel/qapplication.cpp +++ b/src/gui/kernel/qapplication.cpp -@@ -1013,6 +1013,11 @@ void QApplicationPrivate::initialize() - QApplicationPrivate::wheel_scroll_lines = 3; +@@ -1021,6 +1021,11 @@ void QApplicationPrivate::initialize() + q->setAttribute(Qt::AA_S60DisablePartialScreenInputMode); #endif + if(qgetenv("QT_USE_DRAG_DISTANCE").toInt() > 0) { diff --git a/debian/patches/Fix_builds_with_compilers_without_--with-fpu_neon_as_default.patch b/debian/patches/Fix_builds_with_compilers_without_--with-fpu_neon_as_default.patch index db0e7cb..115ca51 100644 --- a/debian/patches/Fix_builds_with_compilers_without_--with-fpu_neon_as_default.patch +++ b/debian/patches/Fix_builds_with_compilers_without_--with-fpu_neon_as_default.patch @@ -22,7 +22,7 @@ Date: Fri Feb 4 12:39:51 2011 +0100 --- a/src/gui/gui.pro +++ b/src/gui/gui.pro -@@ -65,15 +65,14 @@ symbian { +@@ -63,15 +63,14 @@ symbian { neon:*-g++* { DEFINES += QT_HAVE_NEON HEADERS += $$NEON_HEADERS diff --git a/debian/patches/Fix_transformIsSimple_in_QGraphicsScene.patch b/debian/patches/Fix_transformIsSimple_in_QGraphicsScene.patch index 4797d82..d04a8e4 100644 --- a/debian/patches/Fix_transformIsSimple_in_QGraphicsScene.patch +++ b/debian/patches/Fix_transformIsSimple_in_QGraphicsScene.patch @@ -14,7 +14,7 @@ Date: Tue Nov 16 12:45:15 2010 +0100 --- a/src/gui/graphicsview/qgraphicsscene.cpp +++ b/src/gui/graphicsview/qgraphicsscene.cpp -@@ -4367,25 +4367,8 @@ static void _q_paintIntoCache(QPixmap *p +@@ -4369,25 +4369,8 @@ static void _q_paintIntoCache(QPixmap *p static inline bool transformIsSimple(const QTransform& transform) { QTransform::TransformationType type = transform.type(); diff --git a/debian/patches/Fixed_bug_in_X11_backend_when_creating_translucent_windows.patch b/debian/patches/Fixed_bug_in_X11_backend_when_creating_translucent_windows.patch index 95d214f..c47e9e5 100644 --- a/debian/patches/Fixed_bug_in_X11_backend_when_creating_translucent_windows.patch +++ b/debian/patches/Fixed_bug_in_X11_backend_when_creating_translucent_windows.patch @@ -15,7 +15,7 @@ Date: Tue May 3 12:36:08 2011 +0200 --- a/src/gui/kernel/qwidget_x11.cpp +++ b/src/gui/kernel/qwidget_x11.cpp -@@ -937,8 +937,13 @@ static void qt_x11_recreateWidget(QWidge +@@ -939,8 +939,13 @@ static void qt_x11_recreateWidget(QWidge // recreate their GL context, which in turn causes them to choose // their visual again. Now that WA_TranslucentBackground is set, // QGLContext::chooseVisual will select an ARGB visual. diff --git a/debian/patches/Make_use_of_the_fast_image_paths.patch b/debian/patches/Make_use_of_the_fast_image_paths.patch index 156b3f6..e856311 100644 --- a/debian/patches/Make_use_of_the_fast_image_paths.patch +++ b/debian/patches/Make_use_of_the_fast_image_paths.patch @@ -45,7 +45,7 @@ Date: Mon Nov 1 12:49:41 2010 +0100 SrcOverBlendFunc func = qBlendFunctions[d->rasterBuffer->format][img.format()]; if (func) { QPointF pt(r.x() + s->matrix.dx(), r.y() + s->matrix.dy()); -@@ -4289,11 +4288,19 @@ void QRasterPaintEnginePrivate::recalcul +@@ -4304,11 +4303,19 @@ void QRasterPaintEnginePrivate::recalcul QRasterPaintEngineState *s = q->state(); s->flags.fast_images = !(s->renderHints & QPainter::SmoothPixmapTransform) diff --git a/debian/patches/Micro-optimization_for_QSpanData.patch b/debian/patches/Micro-optimization_for_QSpanData.patch index 6d1fe3a..1ec0425 100644 --- a/debian/patches/Micro-optimization_for_QSpanData.patch +++ b/debian/patches/Micro-optimization_for_QSpanData.patch @@ -14,7 +14,7 @@ Date: Mon Dec 20 13:04:23 2010 +0100 --- a/src/gui/painting/qpaintengine_raster.cpp +++ b/src/gui/painting/qpaintengine_raster.cpp -@@ -5139,7 +5139,8 @@ void QSpanData::setup(const QBrush &brus +@@ -5154,7 +5154,8 @@ void QSpanData::setup(const QBrush &brus case Qt::SolidPattern: { type = Solid; QColor c = qbrush_color(brush); diff --git a/debian/patches/blacklist-diginotar-cert.diff b/debian/patches/blacklist-diginotar-cert.diff index 2bae8a8..a79899d 100644 --- a/debian/patches/blacklist-diginotar-cert.diff +++ b/debian/patches/blacklist-diginotar-cert.diff @@ -1,91 +1,92 @@ Taken from upstream. Will be in post 4.7.4 releases.
http://qt.nokia.com/files/qt-patches/blacklist-diginotar-certs.diff/at_download/file
-diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
-index 328c5c2..1ae98f4 100644
---- a/src/network/ssl/qsslcertificate.cpp
-+++ b/src/network/ssl/qsslcertificate.cpp
-@@ -803,22 +803,47 @@ QList<QSslCertificate> QSslCertificatePrivate::certificatesFromDer(const QByteAr
- // These certificates are known to be fraudulent and were created during the comodo
- // compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
- static const char *certificate_blacklist[] = {
-- "04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e",
-- "f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06",
-- "d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3",
-- "39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29",
-- "3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71",
-- "e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47",
-- "92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43",
-- "b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0",
-- "d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0",
-+ "04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e", "mail.google.com", // Comodo
-+ "f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06", "www.google.com", // Comodo
-+ "d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3", "login.yahoo.com", // Comodo
-+ "39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29", "login.yahoo.com", // Comodo
-+ "3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71", "login.yahoo.com", // Comodo
-+ "e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47", "login.skype.com", // Comodo
-+ "92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43", "addons.mozilla.org", // Comodo
-+ "b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0", "login.live.com", // Comodo
-+ "d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0", "global trustee", // Comodo
-+
-+ "05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56", "*.google.com", // leaf certificate issued by DigiNotar
-+ "0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4c", "DigiNotar Root CA", // DigiNotar root
-+ "f1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49", "DigiNotar Services CA", // DigiNotar intermediate signed by DigiNotar Root
-+ "36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38", "DigiNotar Services 1024 CA", // DigiNotar intermediate signed by DigiNotar Root
-+ "0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3e", "DigiNotar Root CA G2", // other DigiNotar Root CA
-+ "a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21", "CertiID Enterprise Certificate Authority", // DigiNotar intermediate signed by "DigiNotar Root CA G2"
-+ "5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41", "DigiNotar Qualified CA", // DigiNotar intermediate signed by DigiNotar Root
-+
-+ "1184640176", "DigiNotar Services 1024 CA", // DigiNotar intermediate cross-signed by Entrust
-+ "120000525", "DigiNotar Cyber CA", // DigiNotar intermediate cross-signed by CyberTrust
-+ "120000505", "DigiNotar Cyber CA", // DigiNotar intermediate cross-signed by CyberTrust
-+ "120000515", "DigiNotar Cyber CA", // DigiNotar intermediate cross-signed by CyberTrust
-+ "20015536", "DigiNotar PKIoverheid CA Overheid en Bedrijven", // DigiNotar intermediate cross-signed by the Dutch government
-+ "20001983", "DigiNotar PKIoverheid CA Organisatie - G2", // DigiNotar intermediate cross-signed by the Dutch government
-+ "d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4", "DigiNotar Extended Validation CA", // DigiNotar intermediate signed by DigiNotar EV Root
-+ "1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04", "DigiNotar Public CA 2025", // DigiNotar intermediate
-+// "(has not been seen in the wild so far)", "DigiNotar Public CA - G2", // DigiNotar intermediate
-+// "(has not been seen in the wild so far)", "Koninklijke Notariele Beroepsorganisatie CA", // compromised during DigiNotar breach
-+// "(has not been seen in the wild so far)", "Stichting TTP Infos CA," // compromised during DigiNotar breach
-+ "1184640175", "DigiNotar Root CA", // DigiNotar intermediate cross-signed by Entrust
-+ "1184644297", "DigiNotar Root CA", // DigiNotar intermediate cross-signed by Entrust
- 0
- };
-
- bool QSslCertificatePrivate::isBlacklisted(const QSslCertificate &certificate)
- {
- for (int a = 0; certificate_blacklist[a] != 0; a++) {
-- if (certificate.serialNumber() == certificate_blacklist[a])
-+ QString blacklistedCommonName = QString::fromUtf8(certificate_blacklist[(a+1)]);
-+ if (certificate.serialNumber() == certificate_blacklist[a++] &&
-+ (certificate.subjectInfo(QSslCertificate::CommonName) == blacklistedCommonName ||
-+ certificate.issuerInfo(QSslCertificate::CommonName) == blacklistedCommonName))
- return true;
- }
- return false;
-diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
-index 141d80a..b8e6c4c 100644
---- a/src/network/ssl/qsslsocket_openssl.cpp
-+++ b/src/network/ssl/qsslsocket_openssl.cpp
-@@ -1193,12 +1193,16 @@ bool QSslSocketBackendPrivate::startHandshake()
- X509 *x509 = q_SSL_get_peer_certificate(ssl);
- configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);
- q_X509_free(x509);
-- if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) {
-- q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted"));
-- q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
-- emit q->error(QAbstractSocket::SslHandshakeFailedError);
-- plainSocket->disconnectFromHost();
-- return false;
-+
-+ // check the whole chain for blacklisting (including root, as we check for subjectInfo and issuer)
-+ foreach (const QSslCertificate &cert, configuration.peerCertificateChain) {
-+ if (QSslCertificatePrivate::isBlacklisted(cert)) {
-+ q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted"));
-+ q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
-+ emit q->error(QAbstractSocket::SslHandshakeFailedError);
-+ plainSocket->disconnectFromHost();
-+ return false;
-+ }
- }
-
- // Start translating errors.
+--- + src/network/ssl/qsslcertificate.cpp | 45 +++++++++++++++++++++++++-------- + src/network/ssl/qsslsocket_openssl.cpp | 16 +++++++---- + 2 files changed, 45 insertions(+), 16 deletions(-) + +--- a/src/network/ssl/qsslcertificate.cpp ++++ b/src/network/ssl/qsslcertificate.cpp +@@ -803,22 +803,47 @@ QList<QSslCertificate> QSslCertificatePr + // These certificates are known to be fraudulent and were created during the comodo + // compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html + static const char *certificate_blacklist[] = { +- "04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e", +- "f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06", +- "d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3", +- "39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29", +- "3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71", +- "e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47", +- "92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43", +- "b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0", +- "d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0", ++ "04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e", "mail.google.com", // Comodo ++ "f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06", "www.google.com", // Comodo ++ "d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3", "login.yahoo.com", // Comodo ++ "39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29", "login.yahoo.com", // Comodo ++ "3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71", "login.yahoo.com", // Comodo ++ "e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47", "login.skype.com", // Comodo ++ "92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43", "addons.mozilla.org", // Comodo ++ "b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0", "login.live.com", // Comodo ++ "d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0", "global trustee", // Comodo ++ ++ "05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56", "*.google.com", // leaf certificate issued by DigiNotar ++ "0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4c", "DigiNotar Root CA", // DigiNotar root ++ "f1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49", "DigiNotar Services CA", // DigiNotar intermediate signed by DigiNotar Root ++ "36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38", "DigiNotar Services 1024 CA", // DigiNotar intermediate signed by DigiNotar Root ++ "0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3e", "DigiNotar Root CA G2", // other DigiNotar Root CA ++ "a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21", "CertiID Enterprise Certificate Authority", // DigiNotar intermediate signed by "DigiNotar Root CA G2" ++ "5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41", "DigiNotar Qualified CA", // DigiNotar intermediate signed by DigiNotar Root ++ ++ "1184640176", "DigiNotar Services 1024 CA", // DigiNotar intermediate cross-signed by Entrust ++ "120000525", "DigiNotar Cyber CA", // DigiNotar intermediate cross-signed by CyberTrust ++ "120000505", "DigiNotar Cyber CA", // DigiNotar intermediate cross-signed by CyberTrust ++ "120000515", "DigiNotar Cyber CA", // DigiNotar intermediate cross-signed by CyberTrust ++ "20015536", "DigiNotar PKIoverheid CA Overheid en Bedrijven", // DigiNotar intermediate cross-signed by the Dutch government ++ "20001983", "DigiNotar PKIoverheid CA Organisatie - G2", // DigiNotar intermediate cross-signed by the Dutch government ++ "d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4", "DigiNotar Extended Validation CA", // DigiNotar intermediate signed by DigiNotar EV Root ++ "1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04", "DigiNotar Public CA 2025", // DigiNotar intermediate ++// "(has not been seen in the wild so far)", "DigiNotar Public CA - G2", // DigiNotar intermediate ++// "(has not been seen in the wild so far)", "Koninklijke Notariele Beroepsorganisatie CA", // compromised during DigiNotar breach ++// "(has not been seen in the wild so far)", "Stichting TTP Infos CA," // compromised during DigiNotar breach ++ "1184640175", "DigiNotar Root CA", // DigiNotar intermediate cross-signed by Entrust ++ "1184644297", "DigiNotar Root CA", // DigiNotar intermediate cross-signed by Entrust + 0 + }; + + bool QSslCertificatePrivate::isBlacklisted(const QSslCertificate &certificate) + { + for (int a = 0; certificate_blacklist[a] != 0; a++) { +- if (certificate.serialNumber() == certificate_blacklist[a]) ++ QString blacklistedCommonName = QString::fromUtf8(certificate_blacklist[(a+1)]); ++ if (certificate.serialNumber() == certificate_blacklist[a++] && ++ (certificate.subjectInfo(QSslCertificate::CommonName) == blacklistedCommonName || ++ certificate.issuerInfo(QSslCertificate::CommonName) == blacklistedCommonName)) + return true; + } + return false; +--- a/src/network/ssl/qsslsocket_openssl.cpp ++++ b/src/network/ssl/qsslsocket_openssl.cpp +@@ -1193,12 +1193,16 @@ bool QSslSocketBackendPrivate::startHand + X509 *x509 = q_SSL_get_peer_certificate(ssl); + configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509); + q_X509_free(x509); +- if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) { +- q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted")); +- q->setSocketError(QAbstractSocket::SslHandshakeFailedError); +- emit q->error(QAbstractSocket::SslHandshakeFailedError); +- plainSocket->disconnectFromHost(); +- return false; ++ ++ // check the whole chain for blacklisting (including root, as we check for subjectInfo and issuer) ++ foreach (const QSslCertificate &cert, configuration.peerCertificateChain) { ++ if (QSslCertificatePrivate::isBlacklisted(cert)) { ++ q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted")); ++ q->setSocketError(QAbstractSocket::SslHandshakeFailedError); ++ emit q->error(QAbstractSocket::SslHandshakeFailedError); ++ plainSocket->disconnectFromHost(); ++ return false; ++ } + } + + // Start translating errors. diff --git a/debian/patches/powerpcspe.diff b/debian/patches/powerpcspe.diff index 3fc55c9..0c312d8 100644 --- a/debian/patches/powerpcspe.diff +++ b/debian/patches/powerpcspe.diff @@ -11,7 +11,7 @@ Last-Update: 2011-04-27 --- a/configure +++ b/configure -@@ -3013,7 +3013,7 @@ if [ -z "${CFG_HOST_ARCH}" ]; then +@@ -2985,7 +2985,7 @@ if [ -z "${CFG_HOST_ARCH}" ]; then CFG_HOST_ARCH=x86_64 fi ;; diff --git a/debian/patches/qtdebug_syslog.patch b/debian/patches/qtdebug_syslog.patch index a35a2d2..761535d 100644 --- a/debian/patches/qtdebug_syslog.patch +++ b/debian/patches/qtdebug_syslog.patch @@ -16,16 +16,16 @@ Author: Thiago Macieira <thiago@kde.org> #endif #include <stdio.h> -@@ -88,6 +89,8 @@ +@@ -87,6 +88,8 @@ + _LIT(qt_S60Filter, "Series60v?.*.sis"); - _LIT(qt_symbianFilter, "Symbianv*.sis"); _LIT(qt_symbianSystemInstallDir, "z:\\system\\install\\"); +#elif defined(Q_OS_UNIX) +#include <syslog.h> #endif QT_BEGIN_NAMESPACE -@@ -2247,6 +2250,27 @@ void qt_message_output(QtMsgType msgType +@@ -2256,6 +2259,27 @@ void qt_message_output(QtMsgType msgType #else fprintf(stderr, "%s\n", buf); fflush(stderr); @@ -55,7 +55,7 @@ Author: Thiago Macieira <thiago@kde.org> --- a/src/corelib/kernel/qcoreapplication_p.h +++ b/src/corelib/kernel/qcoreapplication_p.h -@@ -82,6 +82,8 @@ public: +@@ -85,6 +85,8 @@ public: bool sendThroughObjectEventFilters(QObject *, QEvent *); bool notify_helper(QObject *, QEvent *); diff --git a/debian/patches/sh.diff b/debian/patches/sh.diff index 5032cee..900f93e 100644 --- a/debian/patches/sh.diff +++ b/debian/patches/sh.diff @@ -11,7 +11,7 @@ Last-Update: 2011-04-27 --- a/configure +++ b/configure -@@ -3053,6 +3053,12 @@ if [ -z "${CFG_HOST_ARCH}" ]; then +@@ -3025,6 +3025,12 @@ if [ -z "${CFG_HOST_ARCH}" ]; then ;; esac ;; |