head 1.3; access; symbols pkgsrc-2026Q2:1.3.0.68 pkgsrc-2026Q2-base:1.3 pkgsrc-2026Q1:1.3.0.66 pkgsrc-2026Q1-base:1.3 pkgsrc-2025Q4:1.3.0.64 pkgsrc-2025Q4-base:1.3 pkgsrc-2025Q3:1.3.0.62 pkgsrc-2025Q3-base:1.3 pkgsrc-2025Q2:1.3.0.60 pkgsrc-2025Q2-base:1.3 pkgsrc-2025Q1:1.3.0.58 pkgsrc-2025Q1-base:1.3 pkgsrc-2024Q4:1.3.0.56 pkgsrc-2024Q4-base:1.3 pkgsrc-2024Q3:1.3.0.54 pkgsrc-2024Q3-base:1.3 pkgsrc-2024Q2:1.3.0.52 pkgsrc-2024Q2-base:1.3 pkgsrc-2024Q1:1.3.0.50 pkgsrc-2024Q1-base:1.3 pkgsrc-2023Q4:1.3.0.48 pkgsrc-2023Q4-base:1.3 pkgsrc-2023Q3:1.3.0.46 pkgsrc-2023Q3-base:1.3 pkgsrc-2023Q2:1.3.0.44 pkgsrc-2023Q2-base:1.3 pkgsrc-2023Q1:1.3.0.42 pkgsrc-2023Q1-base:1.3 pkgsrc-2022Q4:1.3.0.40 pkgsrc-2022Q4-base:1.3 pkgsrc-2022Q3:1.3.0.38 pkgsrc-2022Q3-base:1.3 pkgsrc-2022Q2:1.3.0.36 pkgsrc-2022Q2-base:1.3 pkgsrc-2022Q1:1.3.0.34 pkgsrc-2022Q1-base:1.3 pkgsrc-2021Q4:1.3.0.32 pkgsrc-2021Q4-base:1.3 pkgsrc-2021Q3:1.3.0.30 pkgsrc-2021Q3-base:1.3 pkgsrc-2021Q2:1.3.0.28 pkgsrc-2021Q2-base:1.3 pkgsrc-2021Q1:1.3.0.26 pkgsrc-2021Q1-base:1.3 pkgsrc-2020Q4:1.3.0.24 pkgsrc-2020Q4-base:1.3 pkgsrc-2020Q3:1.3.0.22 pkgsrc-2020Q3-base:1.3 pkgsrc-2020Q2:1.3.0.20 pkgsrc-2020Q2-base:1.3 pkgsrc-2020Q1:1.3.0.16 pkgsrc-2020Q1-base:1.3 pkgsrc-2019Q4:1.3.0.18 pkgsrc-2019Q4-base:1.3 pkgsrc-2019Q3:1.3.0.14 pkgsrc-2019Q3-base:1.3 pkgsrc-2019Q2:1.3.0.12 pkgsrc-2019Q2-base:1.3 pkgsrc-2019Q1:1.3.0.10 pkgsrc-2019Q1-base:1.3 pkgsrc-2018Q4:1.3.0.8 pkgsrc-2018Q4-base:1.3 pkgsrc-2018Q3:1.3.0.6 pkgsrc-2018Q3-base:1.3 pkgsrc-2018Q2:1.3.0.4 pkgsrc-2018Q2-base:1.3 pkgsrc-2018Q1:1.3.0.2 pkgsrc-2018Q1-base:1.3 pkgsrc-2013Q2:1.2.0.8 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.6 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.4 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.2 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.1.0.2 pkgsrc-2011Q1-base:1.1; locks; strict; comment @// @; 1.3 date 2018.01.17.18.37.34; author markd; state Exp; branches; next 1.2; commitid q0VUPpiP65EQ7gnA; 1.2 date 2011.05.05.12.38.05; author adam; state dead; branches; next 1.1; 1.1 date 2011.04.01.20.53.55; author markd; state Exp; branches; next ; desc @@ 1.3 log @qt4-libs: Compile with openssl-1.1.0 @ text @$NetBSD$ Compile with openssl-1.1.0 http://bugs.debian.org/828522 via archlinux --- src/network/ssl/qsslcertificate.cpp.orig 2015-05-07 14:14:44.000000000 +0000 +++ src/network/ssl/qsslcertificate.cpp @@@@ -259,10 +259,10 @@@@ void QSslCertificate::clear() QByteArray QSslCertificate::version() const { QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); - if (d->versionString.isEmpty() && d->x509) + if (d->versionString.isEmpty() && d->x509) { d->versionString = - QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1); - + QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1); + } return d->versionString; } @@@@ -276,7 +276,7 @@@@ QByteArray QSslCertificate::serialNumber { QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); if (d->serialNumberString.isEmpty() && d->x509) { - ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber; + ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509); // if we cannot convert to a long, just output the hexadecimal number if (serialNumber->length > 4) { QByteArray hexString; @@@@ -489,24 +489,33 @@@@ QSslKey QSslCertificate::publicKey() con QSslKey key; key.d->type = QSsl::PublicKey; +#if OPENSSL_VERSION_NUMBER < 0x10100000L X509_PUBKEY *xkey = d->x509->cert_info->key; +#else + X509_PUBKEY *xkey = q_X509_get_X509_PUBKEY(d->x509); +#endif EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey); Q_ASSERT(pkey); - if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) { + int key_id; +#if OPENSSL_VERSION_NUMBER < 0x10100000L + key_id = q_EVP_PKEY_type(pkey->type); +#else + key_id = q_EVP_PKEY_base_id(pkey); +#endif + if (key_id == EVP_PKEY_RSA) { key.d->rsa = q_EVP_PKEY_get1_RSA(pkey); key.d->algorithm = QSsl::Rsa; key.d->isNull = false; - } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { + } else if (key_id == EVP_PKEY_DSA) { key.d->dsa = q_EVP_PKEY_get1_DSA(pkey); key.d->algorithm = QSsl::Dsa; key.d->isNull = false; - } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) { + } else if (key_id == EVP_PKEY_DH) { // DH unsupported } else { // error? } - q_EVP_PKEY_free(pkey); return key; } @@@@ -687,7 +696,7 @@@@ static QMap _q_mapFrom unsigned char *data = 0; int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); info[QString::fromUtf8(obj)] = QString::fromUtf8((char*)data, size); - q_CRYPTO_free(data); + q_OPENSSL_free(data); } return info; } @ 1.2 log @Changes 4.7.3: QtNetwork - SSL * [QTBUG-18338] blacklist fraudulent SSL certificates Qt for Symbian - Bearer Management * [QTBUG-15108] Deadlock between SymbianEngine mutex and QNetworkConfigurationPrivate mutex in the symbian bearer code * [QTBUG-17627] qnetworksession.h Q_DECLARE_METATYPE breaks building QtMobility QtBearer depending applications - GraphicsView * [QTBUG-17966] Major regression in QGraphicsView OpenVG backend - Declarative * [QTBUG-17503] Export qml debugging symbols on Symbian - Widgets * [QTBUG-17786] BC between Qt 4.7.3 and 4.6.3 QTreeView::indexRowSizeHint doesn't return correct value on Symbian for row when QPushButton widget is inserted in the treeview * [QTBUG-4953] QMessageBox can not be closed/dismissed on touch phones if any widget is fullscreen - Painting * [QTBUG-17907] tst_QGraphicsTransform::rotation3d test case from tests/auto/qgraphicstransfor is failed for some rotation angle on Symbian^3 devices * [QTBUG-18154] Symbian's QPixmap::logicalDpi[X\Y]() incorrectly returns MAXINT @ text @d1 1 a1 1 $NetBSD: patch-src_network_ssl_qsslcertificate.cpp,v 1.1 2011/04/01 20:53:55 markd Exp $ d3 1 a3 4 From 04e074e8d7c097295505e63565abdc7ca2b49f7b Mon Sep 17 00:00:00 2001 From: Peter Hartmann Date: Thu, 24 Mar 2011 14:42:22 +0100 Subject: [PATCH] QSslCertificate: report fraudulent certificates as invalid d5 1 a5 12 There are some fraudulent certificates in the wild that are not valid; this patch introduces a blacklist of serial numbers of those certificates. Reviewed-by: Richard J. Moore Reviewed-by: Markus Goetz Task-number: QTBUG-18338 --- diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 618ac79..a5cdf01 100644 --- src/network/ssl/qsslcertificate.cpp d7 25 a31 3 @@@@ -219,17 +219,19 @@@@ bool QSslCertificate::isNull() const Returns true if this certificate is valid; otherwise returns false. d33 8 a40 7 - Note: Currently, this function only checks that the current + Note: Currently, this function checks that the current data-time is within the date-time range during which the - certificate is considered valid. No other checks are - currently performed. + certificate is considered valid, and checks that the + certificate is not in a blacklist of fraudulent certificates. d42 25 a66 9 \sa isNull() */ bool QSslCertificate::isValid() const { const QDateTime currentTime = QDateTime::currentDateTime(); - return currentTime >= d->notValidBefore && currentTime <= d->notValidAfter; + return currentTime >= d->notValidBefore && + currentTime <= d->notValidAfter && + ! QSslCertificatePrivate::isBlacklisted(*this); d68 8 a75 4 /*! @@@@ -798,6 +800,30 @@@@ QList QSslCertificatePrivate::certificatesFromDer(const QByteAr return certificates; a76 28 +// These certificates are known to be fraudulent and were created during the comodo +// compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html +static const char *certificate_blacklist[] = { + "04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e", + "f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06", + "d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3", + "39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29", + "3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71", + "e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47", + "92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43", + "b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0", + "d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0", + 0 +}; + +bool QSslCertificatePrivate::isBlacklisted(const QSslCertificate &certificate) +{ + for (int a = 0; certificate_blacklist[a] != 0; a++) { + if (certificate.serialNumber() == certificate_blacklist[a]) + return true; + } + return false; +} + #ifndef QT_NO_DEBUG_STREAM QDebug operator<<(QDebug debug, const QSslCertificate &certificate) { @ 1.1 log @Add blacklist of fraudulent certificates. Patch from upstream. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @