diff options
author | Maximilian Weiss | 2018-09-26 18:27:47 -0700 |
---|---|---|
committer | Maximilian Weiss | 2018-09-26 18:27:47 -0700 |
commit | 70cfb0f13db92ca284de91f74df8c8bb799050cd (patch) | |
tree | 4011c4a2c4eef2b826e49b18640803ebc26521a0 | |
parent | 8e11cd3edc2156bc4537ca64fb1dc80b351e6af0 (diff) | |
download | aur-70cfb0f13db92ca284de91f74df8c8bb799050cd.tar.gz |
Implemented fix method which still allows forced SSL upgrade to TLS
-rw-r--r-- | .SRCINFO | 6 | ||||
-rw-r--r-- | PKGBUILD | 27 | ||||
-rw-r--r-- | patch.diff | 26 |
3 files changed, 27 insertions, 32 deletions
@@ -1,8 +1,8 @@ pkgbase = namecoin-core-wallet pkgdesc = This package provides the Namecoin Core GUI client and CLI daemon. This package does not create a systemd service. pkgver = v0.16.3 - pkgrel = 1 - epoch = 1537619664 + pkgrel = 2 + epoch = 1538009445 url = https://namecoin.org/ arch = i686 arch = x86_64 @@ -36,7 +36,7 @@ pkgbase = namecoin-core-wallet sha256sums = SKIP sha256sums = 0226f5a570bbbde63f332d43d9d712287b316c726280f2ae9e21b1b365b3f0dc sha256sums = f1e0593b872e18e0aebbf399bb5d77be255cb0aa160964c0528698a33f89ba04 - sha256sums = 64b7d902b422653569917aedac04ea6e7519e81b52dead52fd0f105730c23e66 + sha256sums = 59367280936748c3f10fdea0eb7c21e2407b522617a9856dcd43ce7417e8d6a8 pkgname = namecoin-core-wallet @@ -7,12 +7,12 @@ pkgname=namecoin-core-wallet pkgver=v0.16.3 -pkgrel=1 +pkgrel=2 # Epoch is always set to the most recent PKGBUILD update time. # This allows for a forced downgrade without messing up versioning. -epoch=1537619664 +epoch=1538009445 # Release commit for 0.16.3 @@ -38,7 +38,7 @@ source=('git://github.com/namecoin/namecoin-core' sha256sums=('SKIP' '0226f5a570bbbde63f332d43d9d712287b316c726280f2ae9e21b1b365b3f0dc' 'f1e0593b872e18e0aebbf399bb5d77be255cb0aa160964c0528698a33f89ba04' - '64b7d902b422653569917aedac04ea6e7519e81b52dead52fd0f105730c23e66') + '59367280936748c3f10fdea0eb7c21e2407b522617a9856dcd43ce7417e8d6a8') prepare() { @@ -46,8 +46,8 @@ prepare() { cd "$srcdir/namecoin-core/" git checkout "$_commit" - # Disable forced upgrade from SSLv3 to TSL, due to upstream Qt5 bug - # which causes namecoin-qt to freeze on startup. See comment in build() + # Fix Qt GUI start freeze bug + # https://bbs.archlinux.org/viewtopic.php?id=240553 cd "$srcdir" patch -p0 -i patch.diff } @@ -58,22 +58,11 @@ build() { cd "$srcdir/namecoin-core/" ./autogen.sh - - # Note: added --disable-bip70 option to disable BIP 70, because the only - # fix for the upstream libQt5Network.so bug is to disable the - # the forced upgrade from SSL to TLS. Therefore, BIP 70 payments - # may be at higher risk due to the SSLv3 POODLE attack. Hence, they - # have been disabled. - # - # See https://bbs.archlinux.org/viewtopic.php?id=240553 - # and https://github.com/bitcoin/bitcoin/issues/14273 - - # I have not tested the static build process on 32 bit machines yet, # so I'm leaving i686 with the normal dynamic build. if [ "$CARCH" == i686 ]; then ./configure --prefix=/usr --enable-upnp-default --enable-hardening \ - --with-gui=qt5 --disable-tests --disable-bip70 + --with-gui=qt5 --disable-tests # This should produce a static build that doesn't brick every time Arch # rolls out updates to the system libraries. @@ -85,8 +74,7 @@ build() { --enable-upnp-default \ --enable-hardening \ --with-gui=qt5 \ - --disable-tests \ - --disable-bip70 + --disable-tests fi make DESTDIR="$srcdir/tmp" @@ -111,4 +99,3 @@ package() { ln -s "libnamecoinconsensus.so.0.0.0" "libnamecoinconsensus.so.0" ln -s "libnamecoinconsensus.so.0.0.0" "libnamecoinconsensus.so" } - diff --git a/patch.diff b/patch.diff index bfa03d579900..5a41a728e296 100644 --- a/patch.diff +++ b/patch.diff @@ -1,17 +1,25 @@ --- ./namecoin-core/src/qt/bitcoin.cpp +++ ./namecoin-core/src/qt/bitcoin.cpp -@@ -573,13 +573,6 @@ int main(int argc, char *argv[]) +@@ -573,14 +573,22 @@ #ifdef Q_OS_MAC QApplication::setAttribute(Qt::AA_DontShowIconsInMenus); #endif --#if QT_VERSION >= 0x050500 -- // Because of the POODLE attack it is recommended to disable SSLv3 (https://disablessl3.com/), -- // so set SSL protocols to TLS1.0+. -- QSslConfiguration sslconf = QSslConfiguration::defaultConfiguration(); -- sslconf.setProtocol(QSsl::TlsV1_0OrLater); -- QSslConfiguration::setDefaultConfiguration(sslconf); --#endif ++ ++// Includes fixes proposed by eserlxl in post #7 on https://bbs.archlinux.org/viewtopic.php?id=240553 + #if QT_VERSION >= 0x050500 ++ QSslSocket::sslLibraryVersionString(); ++ Q_ASSERT( QSslSocket::supportsSsl() ); ++ + // Because of the POODLE attack it is recommended to disable SSLv3 (https://disablessl3.com/), + // so set SSL protocols to TLS1.0+. + QSslConfiguration sslconf = QSslConfiguration::defaultConfiguration(); + sslconf.setProtocol(QSsl::TlsV1_0OrLater); + QSslConfiguration::setDefaultConfiguration(sslconf); ++ ++ Q_ASSERT(QSslConfiguration::defaultConfiguration().protocol() == QSsl::TlsV1_0OrLater); + #endif ++ // Register meta types used for QMetaObject::invokeMethod qRegisterMetaType< bool* >(); - + // Need to pass name here as CAmount is a typedef (see http://qt-project.org/doc/qt-5/qmetatype.html#qRegisterMetaType) |