diff --git a/0001-Fix-exclusion-of-anonymous-ciphers.patch b/0001-Fix-exclusion-of-anonymous-ciphers.patch new file mode 100644 index 0000000..ad06b0b --- /dev/null +++ b/0001-Fix-exclusion-of-anonymous-ciphers.patch @@ -0,0 +1,35 @@ +From 479e84dcbd0d7f1333105c495d7931f1bef3e63b Mon Sep 17 00:00:00 2001 +From: "Richard J. Moore" +Date: Sat, 18 Apr 2015 12:44:30 +0100 +Subject: [PATCH] Fix exclusion of anonymous ciphers. + +Qt attempted to exclude anonymous ciphers since they offer no MITM +protection, but missed export ADH ciphers and AECDH from the exclude +list. + +Change-Id: Icdfa9b31643a0e9927010885c7c1d02c42460d79 +Reviewed-by: Peter Hartmann +--- + src/network/ssl/qsslsocket_openssl.cpp | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +index 55762c9..00e13e4 100644 +--- a/src/network/ssl/qsslsocket_openssl.cpp ++++ b/src/network/ssl/qsslsocket_openssl.cpp +@@ -662,8 +662,10 @@ void QSslSocketPrivate::resetDefaultCiphers() + if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) { + QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher); + if (!ciph.isNull()) { +- // Unconditionally exclude ADH ciphers since they offer no MITM protection +- if (!ciph.name().toLower().startsWith(QLatin1String("adh"))) ++ // Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection ++ if (!ciph.name().toLower().startsWith(QLatin1String("adh")) && ++ !ciph.name().toLower().startsWith(QLatin1String("exp-adh")) && ++ !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) + ciphers << ciph; + if (ciph.usedBits() >= 128) + defaultCiphers << ciph; +-- +2.6.2 + diff --git a/Add-option-to-disable-session-management-by-closing-windows.patch b/Add-option-to-disable-session-management-by-closing-windows.patch new file mode 100644 index 0000000..331eb78 --- /dev/null +++ b/Add-option-to-disable-session-management-by-closing-windows.patch @@ -0,0 +1,180 @@ +From 2722dd7bb544949ff8ca9fe2cfb7b41ceaaddc56 Mon Sep 17 00:00:00 2001 +From: Andreas Hartmetz +Date: Tue, 19 Jan 2016 14:30:18 +0100 +Subject: [PATCH 1/1] Add option to disable "session management by closing + windows". + +That feature is a poor man's session management for applications +that do not implement any specific session management features. +It badly interferes with proper session management support, so +applications must be able to disable it. + +This fixes some KDE applications dying too early, before they are +enumerated for the list of applications to restart on session +restore, thus preventing them from being restored. See +https://bugs.kde.org/show_bug.cgi?id=354724 + +Task-number: QTBUG-49667 +Change-Id: Ib22e58c9c64351dea8b7e2a74db91d26dd7ab7aa +--- + .../code/src_gui_kernel_qguiapplication.cpp | 1 + + src/gui/kernel/qguiapplication.cpp | 14 +++++- + src/gui/kernel/qsessionmanager.cpp | 55 +++++++++++++++++++++- + src/gui/kernel/qsessionmanager.h | 3 ++ + src/gui/kernel/qsessionmanager_p.h | 1 + + 5 files changed, 71 insertions(+), 3 deletions(-) + +diff --git a/src/gui/doc/snippets/code/src_gui_kernel_qguiapplication.cpp b/src/gui/doc/snippets/code/src_gui_kernel_qguiapplication.cpp +index 4ddf8c8..3006d19 100644 +--- a/src/gui/doc/snippets/code/src_gui_kernel_qguiapplication.cpp ++++ b/src/gui/doc/snippets/code/src_gui_kernel_qguiapplication.cpp +@@ -58,6 +58,7 @@ MyMainWidget::MyMainWidget(QWidget *parent) + + void MyMainWidget::commitData(QSessionManager& manager) + { ++ manager.setAutoCloseWindowsEnabled(false); + if (manager.allowsInteraction()) { + int ret = QMessageBox::warning( + mainWindow, +diff --git a/src/gui/kernel/qguiapplication.cpp b/src/gui/kernel/qguiapplication.cpp +index 770f847..40f2d5f 100644 +--- a/src/gui/kernel/qguiapplication.cpp ++++ b/src/gui/kernel/qguiapplication.cpp +@@ -3087,6 +3087,12 @@ void QGuiApplicationPrivate::setApplicationState(Qt::ApplicationState state, boo + the session manager may or may not do this afterwards, depending on the + context. + ++ When you connect to this signal to ask the user for permission to close ++ the application and / or commit application data, you should also call ++ QSessionManager::setAutoCloseWindowsEnabled(false) on \a manager to disable ++ a feature that helps applications that do not support full session ++ management, but hurts applications that do. ++ + \warning Within this signal, no user interaction is possible, \e + unless you ask the \a manager for explicit permission. See + QSessionManager::allowsInteraction() and +@@ -3095,7 +3101,8 @@ void QGuiApplicationPrivate::setApplicationState(Qt::ApplicationState state, boo + + \note You should use Qt::DirectConnection when connecting to this signal. + +- \sa isSessionRestored(), sessionId(), saveStateRequest(), {Session Management} ++ \sa QSessionManager::setAutoCloseWindowsEnabled(), isSessionRestored(), ++ sessionId(), saveStateRequest(), {Session Management} + */ + + /*! +@@ -3225,9 +3232,12 @@ void QGuiApplicationPrivate::commitData() + { + Q_Q(QGuiApplication); + is_saving_session = true; ++ + emit q->commitDataRequest(*session_manager); +- if (session_manager->allowsInteraction() && !tryCloseAllWindows()) ++ if (session_manager->autoCloseWindowsEnabled() && session_manager->allowsInteraction() ++ && !tryCloseAllWindows()) + session_manager->cancel(); ++ + is_saving_session = false; + } + +diff --git a/src/gui/kernel/qsessionmanager.cpp b/src/gui/kernel/qsessionmanager.cpp +index f4b56fd..4d140f9 100644 +--- a/src/gui/kernel/qsessionmanager.cpp ++++ b/src/gui/kernel/qsessionmanager.cpp +@@ -116,7 +116,8 @@ QT_BEGIN_NAMESPACE + + QSessionManagerPrivate::QSessionManagerPrivate(const QString &id, + const QString &key) +- : QObjectPrivate() ++ : QObjectPrivate(), ++ autoCloseWindowsEnabled(true) + { + platformSessionManager = QGuiApplicationPrivate::platformIntegration()->createPlatformSessionManager(id, key); + Q_ASSERT_X(platformSessionManager, "Platform session management", +@@ -350,6 +351,58 @@ QStringList QSessionManager::discardCommand() const + } + + /*! ++ \since 5.6 ++ ++ Sets whether the session manager will try to close application windows during ++ session exit to \a enabled. ++ ++ \sa autoCloseWindowsEnabled() ++*/ ++void QSessionManager::setAutoCloseWindowsEnabled(bool enabled) ++{ ++ Q_D(QSessionManager); ++ d->autoCloseWindowsEnabled = enabled; ++} ++ ++/*! ++ \since 5.6 ++ ++ Returns whether the session manager will try to close application windows during ++ session exit. ++ ++ If this is true immediately after QGuiApplication::commitDataRequest() has been ++ emitted, and allowsInteraction() is true, Qt will send CloseEvent to all ++ windows of the application. If that fails to close all windows, session exit is ++ canceled and the application keeps running. ++ ++ The purpose of that is to give applications without explicit session management ++ support a chance to cancel session exit through the common ++ "are you sure you want to close this window?" feature. ++ ++ \warning If all windows \e are closed due to this feature, ++ that may quit the application before it is explicitly instructed to quit through ++ the platform's session management protocol - see ++ QGuiApplication::quitOnLastWindowClosed(). That may in turn prevent the platform ++ session manager from saving the application's state correctly because the ++ application broke the protocol. ++ ++ If your application implements full session management, you should disable this. ++ ++ It is sufficient to set this property once on any instance of QSessionManager ++ to set its value for the lifetime of the application - it acts like a class ++ static variable. ++ ++ The default is true. ++ ++ \sa setAutoCloseWindowsEnabled() ++*/ ++bool QSessionManager::autoCloseWindowsEnabled() const ++{ ++ Q_D(const QSessionManager); ++ return d->autoCloseWindowsEnabled; ++} ++ ++/*! + \overload + + Low-level write access to the application's identification and state +diff --git a/src/gui/kernel/qsessionmanager.h b/src/gui/kernel/qsessionmanager.h +index 36aa391..696d9d8 100644 +--- a/src/gui/kernel/qsessionmanager.h ++++ b/src/gui/kernel/qsessionmanager.h +@@ -78,6 +78,9 @@ public: + void setDiscardCommand(const QStringList&); + QStringList discardCommand() const; + ++ void setAutoCloseWindowsEnabled(bool); ++ bool autoCloseWindowsEnabled() const; ++ + void setManagerProperty(const QString& name, const QString& value); + void setManagerProperty(const QString& name, const QStringList& value); + +diff --git a/src/gui/kernel/qsessionmanager_p.h b/src/gui/kernel/qsessionmanager_p.h +index 8949962..0acf865 100644 +--- a/src/gui/kernel/qsessionmanager_p.h ++++ b/src/gui/kernel/qsessionmanager_p.h +@@ -65,6 +65,7 @@ public: + virtual ~QSessionManagerPrivate(); + + QPlatformSessionManager *platformSessionManager; ++ bool autoCloseWindowsEnabled; + }; + + QT_END_NAMESPACE +-- +2.6.2.2.g1b5ffa3 diff --git a/disable-rc4-ciphers-bnc865241.diff b/disable-rc4-ciphers-bnc865241.diff new file mode 100644 index 0000000..443e5be --- /dev/null +++ b/disable-rc4-ciphers-bnc865241.diff @@ -0,0 +1,21 @@ +Index: qtbase-opensource-src-5.5.1/src/network/ssl/qsslsocket_openssl.cpp +=================================================================== +--- qtbase-opensource-src-5.5.1.orig/src/network/ssl/qsslsocket_openssl.cpp ++++ qtbase-opensource-src-5.5.1/src/network/ssl/qsslsocket_openssl.cpp +@@ -662,10 +662,13 @@ void QSslSocketPrivate::resetDefaultCiph + // Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection + if (!ciph.name().toLower().startsWith(QLatin1String("adh")) && + !ciph.name().toLower().startsWith(QLatin1String("exp-adh")) && +- !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) ++ !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) { + ciphers << ciph; +- if (ciph.usedBits() >= 128) +- defaultCiphers << ciph; ++ ++ if (ciph.usedBits() >= 128 && ++ !ciph.encryptionMethod().toLower().startsWith(QLatin1String("rc4"))) ++ defaultCiphers << ciph; ++ } + } + } + } diff --git a/libqt5-qtbase.changes b/libqt5-qtbase.changes index 0dfa057..38f345e 100644 --- a/libqt5-qtbase.changes +++ b/libqt5-qtbase.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Wed Feb 10 12:28:49 UTC 2016 - alarrosa@suse.com + +- Added 0001-Fix-exclusion-of-anonymous-ciphers.patch from upstream + to disable exp-adh and aecdh ciphers. +- Added disable-rc4-ciphers-bnc865241.diff to disable RC4 based ciphers + which are now considered insecure (bnc#865241) + +------------------------------------------------------------------- +Sat Jan 30 18:14:50 UTC 2016 - hrvoje.senjan@gmail.com + +- Added Add-option-to-disable-session-management-by-closing-windows.patch + API adition to QSessionManager as first step in resolving + kde#354724 and boo#955280 + ------------------------------------------------------------------- Wed Oct 28 19:41:36 UTC 2015 - hrvoje.senjan@gmail.com @@ -7,7 +22,7 @@ Wed Oct 28 19:41:36 UTC 2015 - hrvoje.senjan@gmail.com ------------------------------------------------------------------- Fri Oct 16 20:22:25 UTC 2015 - hrvoje.senjan@gmail.com -- Update to 5.5.1 +- Update to 5.5.1 (boo#954149) * For more details please see: http://blog.qt.io/blog/2015/10/15/qt-5-5-1-released/ - Drop patches merged upstream: diff --git a/libqt5-qtbase.spec b/libqt5-qtbase.spec index 6915277..b530c4d 100644 --- a/libqt5-qtbase.spec +++ b/libqt5-qtbase.spec @@ -1,7 +1,7 @@ # # spec file for package libqt5-qtbase # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -51,6 +51,10 @@ Patch3: libqt5-Fix-Gujarati-font.patch Patch4: protect-geometry-QTBUG-40584.patch # Patch-FIX-SUSE libqt5-do-not-use-shm-if-display-name-doesnt-look-local.patch -- bnc#888858 Patch5: libqt5-do-not-use-shm-if-display-name-doesnt-look-local.patch +# PATCH-FIX-UPSTREAM 0001-Fix-exclusion-of-anonymous-ciphers.patch -- Exclude more ciphers from being used by default +Patch6: 0001-Fix-exclusion-of-anonymous-ciphers.patch +# PATCH-FIX-OPENSUSE disable-rc4-ciphers-bnc865241.diff bnc#865241-- Exclude rc4 ciphers from being used by default +Patch7: disable-rc4-ciphers-bnc865241.diff # patches 1000-2000 and above from upstream 5.3 branch # # patches 2000-3000 and above from upstream 5.5 branch # Patch2010: 0001-Fix-QWidget-setWindowRole.patch @@ -63,6 +67,7 @@ Patch3004: Add-an-automatic-use-of-the-ELF-versioned-QtCore-symbol.patch Patch3005: xcb-fix-yet-another-crash-when-screens-are-disconnected.patch Patch3006: xcb-dont-crash-in-mapToNativemapFromNative-if-the-screen-is-null.patch Patch3007: qtwidgets_do_not-hide_show_via_WA_OutsideWSRange_for_native_widgets.patch +Patch3008: Add-option-to-disable-session-management-by-closing-windows.patch BuildRequires: alsa-devel BuildRequires: cups-devel BuildRequires: gcc-c++ @@ -145,6 +150,8 @@ handling. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 +%patch7 -p1 %patch2010 -p1 %patch2014 -p1 %patch3000 -p1 @@ -155,6 +162,7 @@ handling. %patch3005 -p1 %patch3006 -p1 %patch3007 -p1 +%patch3008 -p1 # be sure not to use them rm -r src/3rdparty/{libjpeg,freetype,libpng,zlib}