Apply workaround for newer boost headers (bug 454080 by Flameeyes).

Blacklist mis-issued Türktrust SSL certs.

(Portage version: 2.2.0_alpha163/cvs/Linux x86_64, signed Manifest commit with key 17A85C72)

4 files changed, 135 insertions, 3 deletions

diff --git a/x11-libs/qt-core/ChangeLog b/x11-libs/qt-core/ChangeLog
index 085df18f491e..d128015ae29b 100644
--- a/x11-libs/qt-core/ChangeLog
+++ b/x11-libs/qt-core/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for x11-libs/qt-core
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/qt-core/ChangeLog,v 1.214 2013/02/13 10:08:50 pesa Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/qt-core/ChangeLog,v 1.215 2013/02/15 10:20:02 pesa Exp $
+
+*qt-core-4.8.4-r4 (15 Feb 2013)
+
+  15 Feb 2013; Davide Pesavento <pesa@gentoo.org>
+  +files/blacklist-mis-issued-Turktrust-certs.patch,
+  +files/moc-workaround-for-BOOST_JOIN.patch, +qt-core-4.8.4-r4.ebuild,
+  -qt-core-4.8.4-r3.ebuild:
+  Apply workaround for newer boost headers (bug 454080 by Flameeyes). Blacklist
+  mis-issued Türktrust SSL certs.
 
 *qt-core-4.8.4-r3 (13 Feb 2013)
 
diff --git a/x11-libs/qt-core/files/blacklist-mis-issued-Turktrust-certs.patch b/x11-libs/qt-core/files/blacklist-mis-issued-Turktrust-certs.patch
new file mode 100644
index 000000000000..c2245ccce0a0
--- /dev/null
+++ b/x11-libs/qt-core/files/blacklist-mis-issued-Turktrust-certs.patch
@@ -0,0 +1,107 @@
+From 451462b1e0304e0cb6c2872e4f5688bc2e556dca Mon Sep 17 00:00:00 2001
+From: Peter Hartmann <phartmann@rim.com>
+Date: Fri, 4 Jan 2013 11:06:14 +0100
+Subject: [PATCH 80/90] SSL certificates: blacklist mis-issued Turktrust
+ certificates
+
+Those certificates have erroneously set the CA attribute to true,
+meaning everybody in possesion of their keys can issue certificates on
+their own.
+
+backport of bf5e7fb2652669599a508e049b46ebd5cd3206e5 from qtbase
+
+Task-number: QTBUG-28937
+Change-Id: Iee57c6f983fee61c13c3b66ed874300ef8e80c23
+Reviewed-by: Richard J. Moore <rich@kde.org>
+---
+ src/network/ssl/qsslcertificate.cpp                |  3 +++
+ ...ted-turktrust-e-islem.kktcmerkezbankasi.org.pem | 24 +++++++++++++++++
+ .../blacklisted-turktrust-ego.gov.tr.pem           | 31 ++++++++++++++++++++++
+ 3 files changed, 58 insertions(+)
+ create mode 100644 tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-e-islem.kktcmerkezbankasi.org.pem
+ create mode 100644 tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-ego.gov.tr.pem
+
+diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
+index 038187f..37799d1 100644
+--- a/src/network/ssl/qsslcertificate.cpp
++++ b/src/network/ssl/qsslcertificate.cpp
+@@ -825,6 +825,9 @@ static const char *certificate_blacklist[] = {
+ 
+     "120001705", "Digisign Server ID (Enrich)", // (Malaysian) Digicert Sdn. Bhd. cross-signed by Verizon CyberTrust
+     "1276011370", "Digisign Server ID - (Enrich)", // (Malaysian) Digicert Sdn. Bhd. cross-signed by Entrust
++
++    "2087",                                            "*.EGO.GOV.TR", // Turktrust mis-issued intermediate certificate
++    "2148",                                            "e-islem.kktcmerkezbankasi.org", // Turktrust mis-issued intermediate certificate
+     0
+ };
+ 
+diff --git a/tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-e-islem.kktcmerkezbankasi.org.pem b/tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-e-islem.kktcmerkezbankasi.org.pem
+new file mode 100644
+index 0000000..33f2ef4
+--- /dev/null
++++ b/tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-e-islem.kktcmerkezbankasi.org.pem
+@@ -0,0 +1,24 @@
++-----BEGIN CERTIFICATE-----
++MIID8DCCAtigAwIBAgICCGQwDQYJKoZIhvcNAQEFBQAwgawxPTA7BgNVBAMMNFTD
++nFJLVFJVU1QgRWxla3Ryb25payBTdW51Y3UgU2VydGlmaWthc8SxIEhpem1ldGxl
++cmkxCzAJBgNVBAYTAlRSMV4wXAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0
++acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAo
++YykgS2FzxLFtICAyMDA1MB4XDTExMDgwODA3MDc1MVoXDTIxMDgwNTA3MDc1MVow
++gaMxCzAJBgNVBAYTAlRSMRAwDgYDVQQIEwdMZWZrb3NhMRAwDgYDVQQHEwdMZWZr
++b3NhMRwwGgYDVQQKExNLS1RDIE1lcmtleiBCYW5rYXNpMSYwJAYDVQQDEx1lLWlz
++bGVtLmtrdGNtZXJrZXpiYW5rYXNpLm9yZzEqMCgGCSqGSIb3DQEJARYbaWxldGlA
++a2t0Y21lcmtlemJhbmthc2kub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
++CgKCAQEAw1hUpuRFY67NsZ6C9rzRAPCb9RVpi4nZzJIA1TvIfr4hMPM0X5jseMf5
++GvgJQ+cBMZtooDd7BbZNy2z7O5A+8PYFaMDdokCENx2ePIqAVuO6C5UAqM7J3n6R
++rhjOvqiw6dTQMbtXhjFao+YMuBVvRuuhGHBDK3Je64T/KLzcmAUlRJEuy+ZMe7Aa
++tUaSDr/jy5DMA5xEYOdsnS5Zo30lRG+9vqbxb8CQi+E97sNjY+W4lEgJKQWMNh5r
++Cxo4Hinkm3CKyKX3PAS+DDVI3LQiCiIQUOMA2+1P5aTPTkpqlbjqhbWTWAPWOKCF
++9d83p3RMXOYt5GahS8rg5u6+toEC1QIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYw
++DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAwjWz5tsUvYORVW8K
++JSK/biHFrAnFotMtoTKEewRmnYaYjwXIr1IPaBqhjkGGviLN2eOH/v97Uli6HC4l
++zhKHfMQUS9KF/f5nGcH8iQBy/gmFsfJQ1KDC6GNM4CfMGIzyxjYhP0VzdUtKX3PA
++l5EqgMUcdqRDy6Ruz55+JkdvCL1nAC7xH+czJcZVwysTdGfLTCh6VtYPgIkeL6U8
++3xQAyMuOHm72exJljYFqIsiNvGE0KufCqCuH1PD97IXMrLlwGmKKg5jP349lySBp
++Jjm6RDqCTT+6dUl2jkVbeNmco99Y7AOdtLsOdXBMCo5x8lK8zwQWFrzEms0joHXC
++pWfGWA==
++-----END CERTIFICATE-----
+diff --git a/tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-ego.gov.tr.pem b/tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-ego.gov.tr.pem
+new file mode 100644
+index 0000000..e9d048f
+--- /dev/null
++++ b/tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-ego.gov.tr.pem
+@@ -0,0 +1,31 @@
++-----BEGIN CERTIFICATE-----
++MIIFPTCCBCWgAwIBAgICCCcwDQYJKoZIhvcNAQEFBQAwgawxPTA7BgNVBAMMNFTD
++nFJLVFJVU1QgRWxla3Ryb25payBTdW51Y3UgU2VydGlmaWthc8SxIEhpem1ldGxl
++cmkxCzAJBgNVBAYTAlRSMV4wXAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0
++acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAo
++YykgS2FzxLFtICAyMDA1MB4XDTExMDgwODA3MDc1MVoXDTIxMDcwNjA3MDc1MVow
++bjELMAkGA1UEBhMCVFIxDzANBgNVBAgMBkFOS0FSQTEPMA0GA1UEBwwGQU5LQVJB
++MQwwCgYDVQQKDANFR08xGDAWBgNVBAsMD0VHTyBCSUxHSSBJU0xFTTEVMBMGA1UE
++AwwMKi5FR08uR09WLlRSMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
++v5zoj2Bpdl7R1M/zF6Qf4su2F8vDqISKvuTuyJhNAHhFGHCsHjaixGMHspuz0l3V
++50kq/ECWbN8kKaeTrB112QOrWTU276iup1Gh+OlEOiR9vlQ4VAP00dWUjD6z9HQF
++Ci8W3EsEtiiHiYOU9BcPpPkaUbECwP4nGVwR8aPwhB5PGBJc98romdvciYkUpSOO
++wkuSRtooA7tRlLFu72QaNpXN1NueB36I3aajPk0YyiXy2w8XlgK7QI4PSSBnSq+Q
++blFocWVmLhF94je7py6lCnllrIFXpR3FWZLD5GcI6HKlBS78AQ+IMBLFHhsEVw5N
++Qj90chSZClfBWBZzIaV9RwIDAQABo4IBpDCCAaAwHwYDVR0jBBgwFoAUq042AzDS
++29UKaL6HpVBs/PZwpSUwHQYDVR0OBBYEFGT7G4Y9uEryRIL5Vj3qJsD047M0MA4G
++A1UdDwEB/wQEAwIBBjBFBgNVHSAEPjA8MDoGCWCGGAMAAwEBATAtMCsGCCsGAQUF
++BwIBFh9odHRwOi8vd3d3LnR1cmt0cnVzdC5jb20udHIvc3VlMA8GA1UdEwEB/wQF
++MAMBAf8wSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL3d3dy50dXJrdHJ1c3QuY29t
++LnRyL3NpbC9UVVJLVFJVU1RfU1NMX1NJTF9zMi5jcmwwgaoGCCsGAQUFBwEBBIGd
++MIGaMG4GCCsGAQUFBzAChmJodHRwOi8vd3d3LnR1cmt0cnVzdC5jb20udHIvc2Vy
++dGlmaWthbGFyL1RVUktUUlVTVF9FbGVrdHJvbmlrX1N1bnVjdV9TZXJ0aWZpa2Fz
++aV9IaXptZXRsZXJpX3MyLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AudHVy
++a3RydXN0LmNvbS50cjANBgkqhkiG9w0BAQUFAAOCAQEAj89QCCyoW0S20EcYDZAn
++vFLFmougK97Bt68iV1OM622+Cyeyf4Sz+1LBk1f9ni3fGT0Q+RWZJYWq5YuSBiLV
++gk3NLcxnwe3wmnvErUgq1QDtAaNlBWMEMklOlWGfJ0eWaillUskJbDd4KwgZHDEj
++7g/jYEQqU1t0zoJdwM/zNsnLHkhwcWZ5PQnnbpff1Ct/1LH/8pdy2eRDmRmqniLU
++h8r2lZfJeudVZG6yIbxsqP3t2JCq5c2P1jDhAGF3g9DiskH0CzsRdbVpoWdr+PY1
++Xz/19G8XEpX9r+IBJhLdbkpVo0Qh0A10mzFP/GUk5f/8nho2HvLaVMhWv1qKcF8I
++hQ==
++-----END CERTIFICATE-----
+-- 
+1.8.1
+
diff --git a/x11-libs/qt-core/files/moc-workaround-for-BOOST_JOIN.patch b/x11-libs/qt-core/files/moc-workaround-for-BOOST_JOIN.patch
new file mode 100644
index 000000000000..fa82334d7d4b
--- /dev/null
+++ b/x11-libs/qt-core/files/moc-workaround-for-BOOST_JOIN.patch
@@ -0,0 +1,15 @@
+diff -up qt-everywhere-opensource-src-4.8.4/src/tools/moc/main.cpp.moc-boost148 qt-everywhere-opensource-src-4.8.4/src/tools/moc/main.cpp
+--- qt-everywhere-opensource-src-4.8.4/src/tools/moc/main.cpp.moc-boost148	2012-11-23 04:09:53.000000000 -0600
++++ qt-everywhere-opensource-src-4.8.4/src/tools/moc/main.cpp	2013-02-11 07:07:18.942748176 -0600
+@@ -187,6 +187,11 @@ int runMoc(int _argc, char **_argv)
+     Moc moc;
+     pp.macros["Q_MOC_RUN"];
+     pp.macros["__cplusplus"];
++
++    // Workaround a bugs while parsing some boost headers. See QTBUG-22829
++    pp.macros["BOOST_TT_HAS_OPERATOR_HPP_INCLUDED"];
++    pp.macros["BOOST_LEXICAL_CAST_INCLUDED"];
++
+     QByteArray filename;
+     QByteArray output;
+     FILE *in = 0;
diff --git a/x11-libs/qt-core/qt-core-4.8.4-r3.ebuild b/x11-libs/qt-core/qt-core-4.8.4-r4.ebuild
index 64931ce6ae3d..975e2f0154cc 100644
--- a/x11-libs/qt-core/qt-core-4.8.4-r3.ebuild
+++ b/x11-libs/qt-core/qt-core-4.8.4-r4.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/qt-core/qt-core-4.8.4-r3.ebuild,v 1.1 2013/02/13 10:08:50 pesa Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/qt-core/qt-core-4.8.4-r4.ebuild,v 1.1 2013/02/15 10:20:02 pesa Exp $
 
 EAPI=5
 
@@ -29,8 +29,9 @@ PDEPEND="
 "
 
 PATCHES=(
-	"${FILESDIR}/moc-workaround-for-boost-1.48.patch"
+	"${FILESDIR}/moc-workaround-for-BOOST_JOIN.patch"
 	"${FILESDIR}/set-pkg-config-locations-directly-to-install-dir.patch"
+	"${FILESDIR}/blacklist-mis-issued-Turktrust-certs.patch"
 	"${FILESDIR}/CVE-2013-0254.patch"
 	"${FILESDIR}/fix-call-to-QMetaObject-metaCall-from-updateProperty.patch"
 )