echangelog

Package-Manager: portage-2.1.9.42/cvs/Linux x86_64

3 files changed, 100 insertions, 96 deletions

diff --git a/x11-libs/qt-core/ChangeLog b/x11-libs/qt-core/ChangeLog
index bcd102b214c1..ae03ca330ccb 100644
--- a/x11-libs/qt-core/ChangeLog
+++ b/x11-libs/qt-core/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for x11-libs/qt-core
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/qt-core/ChangeLog,v 1.119 2011/03/31 01:10:23 chiiph Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/qt-core/ChangeLog,v 1.120 2011/03/31 10:11:01 xmw Exp $
+
+  31 Mar 2011; Michael Weber <xmw@gentoo.org> files/blacklist_ssl.patch:
+  Fix line breaks, thanks to all reporters on bug 361415 and tampakrap for
+  permission
 
 *qt-core-4.7.2-r1 (31 Mar 2011)
 *qt-core-4.6.3-r1 (31 Mar 2011)
diff --git a/x11-libs/qt-core/Manifest b/x11-libs/qt-core/Manifest
index 4d99765bf894..060955c585a7 100644
--- a/x11-libs/qt-core/Manifest
+++ b/x11-libs/qt-core/Manifest
@@ -1,7 +1,7 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+Hash: SHA256
 
-AUX blacklist_ssl.patch 3928 RMD160 c6905ca09465d1da3a1549f21c1d9f7a1285103d SHA1 8e382011bce8fea81f5ad1e760bcd59217cb003c SHA256 3f57e59ddcbdf5ee46fa1d6e724237cb868a65a996dcc61ef95e34ca49ec4092
+AUX blacklist_ssl.patch 3839 RMD160 769b5652df6d626ef4436afcdae8fc6f927c4c47 SHA1 1301a6f353ab1eda382ab9dd3fdc7134a30a1884 SHA256 33800ce89fe0d62ba08a8fad515df048f78f481ebc8726b1244f27895a84193b
 AUX moc.pro 2769 RMD160 42bd282eb8e24cf291a512766270e7afed6e56be SHA1 941513c6c83813992bb91f4584d3e015295baa07 SHA256 e0898c630e079db9693fe494bf37f6b395c291373ed7edbd0827ed7d1e085a2e
 AUX qt-4.5-nolibx11.diff 1167 RMD160 da983a70bd436d35e325203dfe9390b2aee925ae SHA1 ee916596e422e91179458778b013fb103dc97cac SHA256 c6c686c1cfc07caefafe697eb8b02b6806f3845f20d3fd3839301d8a94259b0b
 AUX qt-4.6-nolibx11.patch 1037 RMD160 a32338fa24ca2f99b0f3b679b1fabb88ac9b0ec1 SHA1 b7b2a430147a746a6a52f05a495be6262f2925ef SHA256 2b1d4e7df4918cafa50476e911f4c8e3e79e09fa702d756236ad2308e1c9bc69
@@ -20,12 +20,12 @@ EBUILD qt-core-4.6.3.ebuild 5100 RMD160 3f9e08774345467f07cd41b6a63d7d0f45d9fc21
 EBUILD qt-core-4.7.0.ebuild 5033 RMD160 2c5d4fcd080ea7214feb6eb92bf554ad0f74849a SHA1 f6890c538592534239bce32b1a5441f37ca9e52f SHA256 0d4d673b233c026c43f15965d9198b1c661a62b2b45031d46577c2c88ab8dc4d
 EBUILD qt-core-4.7.1-r1.ebuild 5073 RMD160 82fa110f7f737f50cc040fde4521fd0e5cbbafea SHA1 617293a38f97f81b7b93a5cc0a2d53c7b6c96407 SHA256 25142adaf04596bd2ffe51fdd6856e6e30e5a2efc4aea5bf67d109bce4bd0d88
 EBUILD qt-core-4.7.2-r1.ebuild 5121 RMD160 3bc5351c002c895051d3fe5ddd4d826c70b4cdaf SHA1 66d58dc9db6ec70934fa1a2216c7c3f523131d28 SHA256 1ff9cb577ed7f0af8cb3a8f4dfd4723640ce0c66e3c1ec61147493110c7641e3
-MISC ChangeLog 16138 RMD160 e4bbd03d30878c386aa76938dda261a4a8e69342 SHA1 a7e99a8665b5e553a4fdf567f3485e6fc6029b3c SHA256 f8fd9152c8e18cafa3fa3e35c6d677b6083853547cf0f7e67ec4df40e55e2a39
+MISC ChangeLog 16297 RMD160 b9ecf72281780d5079cb85d7465bf16436e43172 SHA1 64ef830153299891100a4ab771ea2875f33b848e SHA256 2d33b849d2b01132071ff3795f8ff9b905130662b86f143699c836b6cfb60e64
 MISC metadata.xml 802 RMD160 0341afae262322299759a5a33bae9a42e5b7801c SHA1 b564551c1b4a7902e09200255c6c0a6ede646a23 SHA256 a84f88402ece782e8ac52ad0b90eea94e5bd563ca0a7956e1d89f1263d7f2925
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.17 (GNU/Linux)
 
-iEYEARECAAYFAk2T1IoACgkQleOIHZp1OmtYegCeMfzdqGdrfzchtQ1NMk0nyanH
-+UsAnjZPNCloPJ5QxXIbPJLtNDK4fHR0
-=JaoY
+iF4EAREIAAYFAk2UUzsACgkQknrdDGLu8JC/qwEAlfQwugze8T7kdB8pQ8Mg22LB
+s9i5jA+NuIzN89XkHO0A/jhWVInJbYbj7xSPCrEZaNrHqYvyKIMb4EUFr9c16CV1
+=FgrQ
 -----END PGP SIGNATURE-----
diff --git a/x11-libs/qt-core/files/blacklist_ssl.patch b/x11-libs/qt-core/files/blacklist_ssl.patch
index bd2da5bb3dcf..abefeff8fc69 100644
--- a/x11-libs/qt-core/files/blacklist_ssl.patch
+++ b/x11-libs/qt-core/files/blacklist_ssl.patch
@@ -1,89 +1,89 @@
-diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp

-index 618ac79..a5cdf01 100644

---- a/src/network/ssl/qsslcertificate.cpp

-+++ b/src/network/ssl/qsslcertificate.cpp

-@@ -219,17 +219,19 @@ bool QSslCertificate::isNull() const

-     Returns true if this certificate is valid; otherwise returns

-     false.

- 

--    Note: Currently, this function only checks that the current

-+    Note: Currently, this function checks that the current

-     data-time is within the date-time range during which the

--    certificate is considered valid. No other checks are

--    currently performed.

-+    certificate is considered valid, and checks that the

-+    certificate is not in a blacklist of fraudulent certificates.

- 

-     \sa isNull()

- */

- bool QSslCertificate::isValid() const

- {

-     const QDateTime currentTime = QDateTime::currentDateTime();

--    return currentTime >= d->notValidBefore && currentTime <= d->notValidAfter;

-+    return currentTime >= d->notValidBefore &&

-+            currentTime <= d->notValidAfter &&

-+            ! QSslCertificatePrivate::isBlacklisted(*this);

- }

- 

- /*!

-@@ -798,6 +800,30 @@ QList<QSslCertificate> QSslCertificatePrivate::certificatesFromDer(const QByteAr

-     return certificates;

- }

- 

-+// These certificates are known to be fraudulent and were created during the comodo

-+// compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

-+static const char *certificate_blacklist[] = {

-+    "04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e",

-+    "f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06",

-+    "d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3",

-+    "39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29",

-+    "3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71",

-+    "e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47",

-+    "92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43",

-+    "b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0",

-+    "d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0",

-+    0

-+};

-+

-+bool QSslCertificatePrivate::isBlacklisted(const QSslCertificate &certificate)

-+{

-+    for (int a = 0; certificate_blacklist[a] != 0; a++) {

-+        if (certificate.serialNumber() == certificate_blacklist[a])

-+            return true;

-+    }

-+    return false;

-+}

-+

- #ifndef QT_NO_DEBUG_STREAM

- QDebug operator<<(QDebug debug, const QSslCertificate &certificate)

- {

-diff --git a/src/network/ssl/qsslcertificate_p.h b/src/network/ssl/qsslcertificate_p.h

-index cdceb0f..1ce33d3 100644

---- a/src/network/ssl/qsslcertificate_p.h

-+++ b/src/network/ssl/qsslcertificate_p.h

-@@ -96,6 +96,7 @@ public:

-     static QSslCertificate QSslCertificate_from_X509(X509 *x509);

-     static QList<QSslCertificate> certificatesFromPem(const QByteArray &pem, int count = -1);

-     static QList<QSslCertificate> certificatesFromDer(const QByteArray &der, int count = -1);

-+    static bool isBlacklisted(const QSslCertificate &certificate);

- 

-     friend class QSslSocketBackendPrivate;

- 

-diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp

-index 0866534..2427193 100644

---- a/src/network/ssl/qsslsocket_openssl.cpp

-+++ b/src/network/ssl/qsslsocket_openssl.cpp

-@@ -1193,6 +1193,13 @@ bool QSslSocketBackendPrivate::startHandshake()

-     X509 *x509 = q_SSL_get_peer_certificate(ssl);

-     configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);

-     q_X509_free(x509);

-+    if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) {

-+        q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted"));

-+        q->setSocketError(QAbstractSocket::SslHandshakeFailedError);

-+        emit q->error(QAbstractSocket::SslHandshakeFailedError);

-+        plainSocket->disconnectFromHost();

-+        return false;

-+    }

- 

-     // Start translating errors.

-     QList<QSslError> errors;

+diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
+index 618ac79..a5cdf01 100644
+--- a/src/network/ssl/qsslcertificate.cpp
++++ b/src/network/ssl/qsslcertificate.cpp
+@@ -219,17 +219,19 @@ bool QSslCertificate::isNull() const
+     Returns true if this certificate is valid; otherwise returns
+     false.
+ 
+-    Note: Currently, this function only checks that the current
++    Note: Currently, this function checks that the current
+     data-time is within the date-time range during which the
+-    certificate is considered valid. No other checks are
+-    currently performed.
++    certificate is considered valid, and checks that the
++    certificate is not in a blacklist of fraudulent certificates.
+ 
+     \sa isNull()
+ */
+ bool QSslCertificate::isValid() const
+ {
+     const QDateTime currentTime = QDateTime::currentDateTime();
+-    return currentTime >= d->notValidBefore && currentTime <= d->notValidAfter;
++    return currentTime >= d->notValidBefore &&
++            currentTime <= d->notValidAfter &&
++            ! QSslCertificatePrivate::isBlacklisted(*this);
+ }
+ 
+ /*!
+@@ -798,6 +800,30 @@ QList<QSslCertificate> QSslCertificatePrivate::certificatesFromDer(const QByteAr
+     return certificates;
+ }
+ 
++// These certificates are known to be fraudulent and were created during the comodo
++// compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
++static const char *certificate_blacklist[] = {
++    "04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e",
++    "f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06",
++    "d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3",
++    "39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29",
++    "3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71",
++    "e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47",
++    "92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43",
++    "b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0",
++    "d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0",
++    0
++};
++
++bool QSslCertificatePrivate::isBlacklisted(const QSslCertificate &certificate)
++{
++    for (int a = 0; certificate_blacklist[a] != 0; a++) {
++        if (certificate.serialNumber() == certificate_blacklist[a])
++            return true;
++    }
++    return false;
++}
++
+ #ifndef QT_NO_DEBUG_STREAM
+ QDebug operator<<(QDebug debug, const QSslCertificate &certificate)
+ {
+diff --git a/src/network/ssl/qsslcertificate_p.h b/src/network/ssl/qsslcertificate_p.h
+index cdceb0f..1ce33d3 100644
+--- a/src/network/ssl/qsslcertificate_p.h
++++ b/src/network/ssl/qsslcertificate_p.h
+@@ -96,6 +96,7 @@ public:
+     static QSslCertificate QSslCertificate_from_X509(X509 *x509);
+     static QList<QSslCertificate> certificatesFromPem(const QByteArray &pem, int count = -1);
+     static QList<QSslCertificate> certificatesFromDer(const QByteArray &der, int count = -1);
++    static bool isBlacklisted(const QSslCertificate &certificate);
+ 
+     friend class QSslSocketBackendPrivate;
+ 
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index 0866534..2427193 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -1193,6 +1193,13 @@ bool QSslSocketBackendPrivate::startHandshake()
+     X509 *x509 = q_SSL_get_peer_certificate(ssl);
+     configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);
+     q_X509_free(x509);
++    if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) {
++        q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted"));
++        q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
++        emit q->error(QAbstractSocket::SslHandshakeFailedError);
++        plainSocket->disconnectFromHost();
++        return false;
++    }
+ 
+     // Start translating errors.
+     QList<QSslError> errors;