Implemented fix method which still allows forced SSL upgrade to TLS

author: Maximilian Weiss 2018-09-26 18:27:47 -0700
committer: Maximilian Weiss 2018-09-26 18:27:47 -0700
commit: 70cfb0f13db92ca284de91f74df8c8bb799050cd (patch)
tree: 4011c4a2c4eef2b826e49b18640803ebc26521a0
parent: 8e11cd3edc2156bc4537ca64fb1dc80b351e6af0 (diff)
download: aur-70cfb0f13db92ca284de91f74df8c8bb799050cd.tar.gz
3 files changed, 27 insertions, 32 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 3e8e93f4d3a8..804375b63461 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,8 +1,8 @@
 pkgbase = namecoin-core-wallet
 	pkgdesc = This package provides the Namecoin Core GUI client and CLI daemon. This package does not create a systemd service.
 	pkgver = v0.16.3
-	pkgrel = 1
-	epoch = 1537619664
+	pkgrel = 2
+	epoch = 1538009445
 	url = https://namecoin.org/
 	arch = i686
 	arch = x86_64
@@ -36,7 +36,7 @@ pkgbase = namecoin-core-wallet
 	sha256sums = SKIP
 	sha256sums = 0226f5a570bbbde63f332d43d9d712287b316c726280f2ae9e21b1b365b3f0dc
 	sha256sums = f1e0593b872e18e0aebbf399bb5d77be255cb0aa160964c0528698a33f89ba04
-	sha256sums = 64b7d902b422653569917aedac04ea6e7519e81b52dead52fd0f105730c23e66
+	sha256sums = 59367280936748c3f10fdea0eb7c21e2407b522617a9856dcd43ce7417e8d6a8
 
 pkgname = namecoin-core-wallet
 
diff --git a/PKGBUILD b/PKGBUILD
index 0f6bdf21f562..3b3529cb19f1 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -7,12 +7,12 @@
 
 pkgname=namecoin-core-wallet
 pkgver=v0.16.3
-pkgrel=1
+pkgrel=2
 
 
 # Epoch is always set to the most recent PKGBUILD update time.
 # This allows for a forced downgrade without messing up versioning.
-epoch=1537619664
+epoch=1538009445
 
 
 # Release commit for 0.16.3
@@ -38,7 +38,7 @@ source=('git://github.com/namecoin/namecoin-core'
 sha256sums=('SKIP'
             '0226f5a570bbbde63f332d43d9d712287b316c726280f2ae9e21b1b365b3f0dc'
             'f1e0593b872e18e0aebbf399bb5d77be255cb0aa160964c0528698a33f89ba04'
-            '64b7d902b422653569917aedac04ea6e7519e81b52dead52fd0f105730c23e66')
+            '59367280936748c3f10fdea0eb7c21e2407b522617a9856dcd43ce7417e8d6a8')
 
 
 prepare() {
@@ -46,8 +46,8 @@ prepare() {
     cd "$srcdir/namecoin-core/"
     git checkout "$_commit"
 
-    # Disable forced upgrade from SSLv3 to TSL, due to upstream Qt5 bug
-    # which causes namecoin-qt to freeze on startup. See comment in build()
+    # Fix Qt GUI start freeze bug
+    # https://bbs.archlinux.org/viewtopic.php?id=240553
     cd "$srcdir"
     patch -p0 -i patch.diff
 }
@@ -58,22 +58,11 @@ build() {
     cd "$srcdir/namecoin-core/"
     ./autogen.sh
 
-
-    # Note: added --disable-bip70 option to disable BIP 70, because the only
-    #       fix for the upstream libQt5Network.so bug is to disable the
-    #       the forced upgrade from SSL to TLS. Therefore, BIP 70 payments
-    #       may be at higher risk due to the SSLv3 POODLE attack. Hence, they
-    #       have been disabled.
-    #
-    # See https://bbs.archlinux.org/viewtopic.php?id=240553
-    # and https://github.com/bitcoin/bitcoin/issues/14273
-
-
     # I have not tested the static build process on 32 bit machines yet,
     # so I'm leaving i686 with the normal dynamic build.
     if [ "$CARCH" == i686 ]; then
         ./configure --prefix=/usr --enable-upnp-default --enable-hardening \
-                    --with-gui=qt5 --disable-tests --disable-bip70
+                    --with-gui=qt5 --disable-tests
 
     # This should produce a static build that doesn't brick every time Arch
     # rolls out updates to the system libraries.
@@ -85,8 +74,7 @@ build() {
                    --enable-upnp-default \
                    --enable-hardening \
                    --with-gui=qt5 \
-                   --disable-tests \
-                   --disable-bip70
+                   --disable-tests
     fi
 
     make DESTDIR="$srcdir/tmp"
@@ -111,4 +99,3 @@ package() {
     ln -s "libnamecoinconsensus.so.0.0.0" "libnamecoinconsensus.so.0"
     ln -s "libnamecoinconsensus.so.0.0.0" "libnamecoinconsensus.so"
 }
-
diff --git a/patch.diff b/patch.diff
index bfa03d579900..5a41a728e296 100644
--- a/patch.diff
+++ b/patch.diff
@@ -1,17 +1,25 @@
 --- ./namecoin-core/src/qt/bitcoin.cpp
 +++ ./namecoin-core/src/qt/bitcoin.cpp
-@@ -573,13 +573,6 @@ int main(int argc, char *argv[])
+@@ -573,14 +573,22 @@
  #ifdef Q_OS_MAC
      QApplication::setAttribute(Qt::AA_DontShowIconsInMenus);
  #endif
--#if QT_VERSION >= 0x050500
--    // Because of the POODLE attack it is recommended to disable SSLv3 (https://disablessl3.com/),
--    // so set SSL protocols to TLS1.0+.
--    QSslConfiguration sslconf = QSslConfiguration::defaultConfiguration();
--    sslconf.setProtocol(QSsl::TlsV1_0OrLater);
--    QSslConfiguration::setDefaultConfiguration(sslconf);
--#endif
++
++// Includes fixes proposed by eserlxl in post #7 on https://bbs.archlinux.org/viewtopic.php?id=240553
+ #if QT_VERSION >= 0x050500
++    QSslSocket::sslLibraryVersionString();
++    Q_ASSERT( QSslSocket::supportsSsl() );
++
+     // Because of the POODLE attack it is recommended to disable SSLv3 (https://disablessl3.com/),
+     // so set SSL protocols to TLS1.0+.
+     QSslConfiguration sslconf = QSslConfiguration::defaultConfiguration();
+     sslconf.setProtocol(QSsl::TlsV1_0OrLater);
+     QSslConfiguration::setDefaultConfiguration(sslconf);
++
++    Q_ASSERT(QSslConfiguration::defaultConfiguration().protocol() == QSsl::TlsV1_0OrLater);
+ #endif
  
++
      // Register meta types used for QMetaObject::invokeMethod
      qRegisterMetaType< bool* >();
-
+     //   Need to pass name here as CAmount is a typedef (see http://qt-project.org/doc/qt-5/qmetatype.html#qRegisterMetaType)
author	Maximilian Weiss	2018-09-26 18:27:47 -0700
committer	Maximilian Weiss	2018-09-26 18:27:47 -0700
commit	70cfb0f13db92ca284de91f74df8c8bb799050cd (patch)
tree	4011c4a2c4eef2b826e49b18640803ebc26521a0
parent	8e11cd3edc2156bc4537ca64fb1dc80b351e6af0 (diff)
download	aur-70cfb0f13db92ca284de91f74df8c8bb799050cd.tar.gz