Hello community, here is the log from the commit of package libqt5-qtbase for openSUSE:Factory checked in at 2016-02-17 10:29:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libqt5-qtbase (Old) and /work/SRC/openSUSE:Factory/.libqt5-qtbase.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libqt5-qtbase" Changes: -------- --- /work/SRC/openSUSE:Factory/libqt5-qtbase/libqt5-qtbase.changes 2015-10-30 21:51:04.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libqt5-qtbase.new/libqt5-qtbase.changes 2016-02-17 12:14:41.000000000 +0100 @@ -1,0 +2,15 @@ +Wed Feb 10 12:28:49 UTC 2016 - [email protected] + +- Added 0001-Fix-exclusion-of-anonymous-ciphers.patch from upstream + to disable exp-adh and aecdh ciphers. +- Added disable-rc4-ciphers-bnc865241.diff to disable RC4 based ciphers + which are now considered insecure (bnc#865241) + +------------------------------------------------------------------- +Sat Jan 30 18:14:50 UTC 2016 - [email protected] + +- Added Add-option-to-disable-session-management-by-closing-windows.patch + API adition to QSessionManager as first step in resolving + kde#354724 and boo#955280 + +------------------------------------------------------------------- @@ -10 +25 @@ -- Update to 5.5.1 +- Update to 5.5.1 (boo#954149) New: ---- 0001-Fix-exclusion-of-anonymous-ciphers.patch Add-option-to-disable-session-management-by-closing-windows.patch disable-rc4-ciphers-bnc865241.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libqt5-qtbase.spec ++++++ --- /var/tmp/diff_new_pack.g5xDcr/_old 2016-02-17 12:14:43.000000000 +0100 +++ /var/tmp/diff_new_pack.g5xDcr/_new 2016-02-17 12:14:43.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libqt5-qtbase # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -51,6 +51,10 @@ Patch4: protect-geometry-QTBUG-40584.patch # Patch-FIX-SUSE libqt5-do-not-use-shm-if-display-name-doesnt-look-local.patch -- bnc#888858 Patch5: libqt5-do-not-use-shm-if-display-name-doesnt-look-local.patch +# PATCH-FIX-UPSTREAM 0001-Fix-exclusion-of-anonymous-ciphers.patch -- Exclude more ciphers from being used by default +Patch6: 0001-Fix-exclusion-of-anonymous-ciphers.patch +# PATCH-FIX-OPENSUSE disable-rc4-ciphers-bnc865241.diff bnc#865241-- Exclude rc4 ciphers from being used by default +Patch7: disable-rc4-ciphers-bnc865241.diff # patches 1000-2000 and above from upstream 5.3 branch # # patches 2000-3000 and above from upstream 5.5 branch # Patch2010: 0001-Fix-QWidget-setWindowRole.patch @@ -63,6 +67,7 @@ Patch3005: xcb-fix-yet-another-crash-when-screens-are-disconnected.patch Patch3006: xcb-dont-crash-in-mapToNativemapFromNative-if-the-screen-is-null.patch Patch3007: qtwidgets_do_not-hide_show_via_WA_OutsideWSRange_for_native_widgets.patch +Patch3008: Add-option-to-disable-session-management-by-closing-windows.patch BuildRequires: alsa-devel BuildRequires: cups-devel BuildRequires: gcc-c++ @@ -145,6 +150,8 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 +%patch7 -p1 %patch2010 -p1 %patch2014 -p1 %patch3000 -p1 @@ -155,6 +162,7 @@ %patch3005 -p1 %patch3006 -p1 %patch3007 -p1 +%patch3008 -p1 # be sure not to use them rm -r src/3rdparty/{libjpeg,freetype,libpng,zlib} ++++++ 0001-Fix-exclusion-of-anonymous-ciphers.patch ++++++ >From 479e84dcbd0d7f1333105c495d7931f1bef3e63b Mon Sep 17 00:00:00 2001 From: "Richard J. Moore" <[email protected]> Date: Sat, 18 Apr 2015 12:44:30 +0100 Subject: [PATCH] Fix exclusion of anonymous ciphers. Qt attempted to exclude anonymous ciphers since they offer no MITM protection, but missed export ADH ciphers and AECDH from the exclude list. Change-Id: Icdfa9b31643a0e9927010885c7c1d02c42460d79 Reviewed-by: Peter Hartmann <[email protected]> --- src/network/ssl/qsslsocket_openssl.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 55762c9..00e13e4 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -662,8 +662,10 @@ void QSslSocketPrivate::resetDefaultCiphers() if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) { QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher); if (!ciph.isNull()) { - // Unconditionally exclude ADH ciphers since they offer no MITM protection - if (!ciph.name().toLower().startsWith(QLatin1String("adh"))) + // Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection + if (!ciph.name().toLower().startsWith(QLatin1String("adh")) && + !ciph.name().toLower().startsWith(QLatin1String("exp-adh")) && + !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) ciphers << ciph; if (ciph.usedBits() >= 128) defaultCiphers << ciph; -- 2.6.2 ++++++ Add-option-to-disable-session-management-by-closing-windows.patch ++++++ >From 2722dd7bb544949ff8ca9fe2cfb7b41ceaaddc56 Mon Sep 17 00:00:00 2001 From: Andreas Hartmetz <[email protected]> Date: Tue, 19 Jan 2016 14:30:18 +0100 Subject: [PATCH 1/1] Add option to disable "session management by closing windows". That feature is a poor man's session management for applications that do not implement any specific session management features. It badly interferes with proper session management support, so applications must be able to disable it. This fixes some KDE applications dying too early, before they are enumerated for the list of applications to restart on session restore, thus preventing them from being restored. See https://bugs.kde.org/show_bug.cgi?id=354724 Task-number: QTBUG-49667 Change-Id: Ib22e58c9c64351dea8b7e2a74db91d26dd7ab7aa --- .../code/src_gui_kernel_qguiapplication.cpp | 1 + src/gui/kernel/qguiapplication.cpp | 14 +++++- src/gui/kernel/qsessionmanager.cpp | 55 +++++++++++++++++++++- src/gui/kernel/qsessionmanager.h | 3 ++ src/gui/kernel/qsessionmanager_p.h | 1 + 5 files changed, 71 insertions(+), 3 deletions(-) diff --git a/src/gui/doc/snippets/code/src_gui_kernel_qguiapplication.cpp b/src/gui/doc/snippets/code/src_gui_kernel_qguiapplication.cpp index 4ddf8c8..3006d19 100644 --- a/src/gui/doc/snippets/code/src_gui_kernel_qguiapplication.cpp +++ b/src/gui/doc/snippets/code/src_gui_kernel_qguiapplication.cpp @@ -58,6 +58,7 @@ MyMainWidget::MyMainWidget(QWidget *parent) void MyMainWidget::commitData(QSessionManager& manager) { + manager.setAutoCloseWindowsEnabled(false); if (manager.allowsInteraction()) { int ret = QMessageBox::warning( mainWindow, diff --git a/src/gui/kernel/qguiapplication.cpp b/src/gui/kernel/qguiapplication.cpp index 770f847..40f2d5f 100644 --- a/src/gui/kernel/qguiapplication.cpp +++ b/src/gui/kernel/qguiapplication.cpp @@ -3087,6 +3087,12 @@ void QGuiApplicationPrivate::setApplicationState(Qt::ApplicationState state, boo the session manager may or may not do this afterwards, depending on the context. + When you connect to this signal to ask the user for permission to close + the application and / or commit application data, you should also call + QSessionManager::setAutoCloseWindowsEnabled(false) on \a manager to disable + a feature that helps applications that do not support full session + management, but hurts applications that do. + \warning Within this signal, no user interaction is possible, \e unless you ask the \a manager for explicit permission. See QSessionManager::allowsInteraction() and @@ -3095,7 +3101,8 @@ void QGuiApplicationPrivate::setApplicationState(Qt::ApplicationState state, boo \note You should use Qt::DirectConnection when connecting to this signal. - \sa isSessionRestored(), sessionId(), saveStateRequest(), {Session Management} + \sa QSessionManager::setAutoCloseWindowsEnabled(), isSessionRestored(), + sessionId(), saveStateRequest(), {Session Management} */ /*! @@ -3225,9 +3232,12 @@ void QGuiApplicationPrivate::commitData() { Q_Q(QGuiApplication); is_saving_session = true; + emit q->commitDataRequest(*session_manager); - if (session_manager->allowsInteraction() && !tryCloseAllWindows()) + if (session_manager->autoCloseWindowsEnabled() && session_manager->allowsInteraction() + && !tryCloseAllWindows()) session_manager->cancel(); + is_saving_session = false; } diff --git a/src/gui/kernel/qsessionmanager.cpp b/src/gui/kernel/qsessionmanager.cpp index f4b56fd..4d140f9 100644 --- a/src/gui/kernel/qsessionmanager.cpp +++ b/src/gui/kernel/qsessionmanager.cpp @@ -116,7 +116,8 @@ QT_BEGIN_NAMESPACE QSessionManagerPrivate::QSessionManagerPrivate(const QString &id, const QString &key) - : QObjectPrivate() + : QObjectPrivate(), + autoCloseWindowsEnabled(true) { platformSessionManager = QGuiApplicationPrivate::platformIntegration()->createPlatformSessionManager(id, key); Q_ASSERT_X(platformSessionManager, "Platform session management", @@ -350,6 +351,58 @@ QStringList QSessionManager::discardCommand() const } /*! + \since 5.6 + + Sets whether the session manager will try to close application windows during + session exit to \a enabled. + + \sa autoCloseWindowsEnabled() +*/ +void QSessionManager::setAutoCloseWindowsEnabled(bool enabled) +{ + Q_D(QSessionManager); + d->autoCloseWindowsEnabled = enabled; +} + +/*! + \since 5.6 + + Returns whether the session manager will try to close application windows during + session exit. + + If this is true immediately after QGuiApplication::commitDataRequest() has been + emitted, and allowsInteraction() is true, Qt will send CloseEvent to all + windows of the application. If that fails to close all windows, session exit is + canceled and the application keeps running. + + The purpose of that is to give applications without explicit session management + support a chance to cancel session exit through the common + "are you sure you want to close this window?" feature. + + \warning If all windows \e are closed due to this feature, + that may quit the application before it is explicitly instructed to quit through + the platform's session management protocol - see + QGuiApplication::quitOnLastWindowClosed(). That may in turn prevent the platform + session manager from saving the application's state correctly because the + application broke the protocol. + + If your application implements full session management, you should disable this. + + It is sufficient to set this property once on any instance of QSessionManager + to set its value for the lifetime of the application - it acts like a class + static variable. + + The default is true. + + \sa setAutoCloseWindowsEnabled() +*/ +bool QSessionManager::autoCloseWindowsEnabled() const +{ + Q_D(const QSessionManager); + return d->autoCloseWindowsEnabled; +} + +/*! \overload Low-level write access to the application's identification and state diff --git a/src/gui/kernel/qsessionmanager.h b/src/gui/kernel/qsessionmanager.h index 36aa391..696d9d8 100644 --- a/src/gui/kernel/qsessionmanager.h +++ b/src/gui/kernel/qsessionmanager.h @@ -78,6 +78,9 @@ public: void setDiscardCommand(const QStringList&); QStringList discardCommand() const; + void setAutoCloseWindowsEnabled(bool); + bool autoCloseWindowsEnabled() const; + void setManagerProperty(const QString& name, const QString& value); void setManagerProperty(const QString& name, const QStringList& value); diff --git a/src/gui/kernel/qsessionmanager_p.h b/src/gui/kernel/qsessionmanager_p.h index 8949962..0acf865 100644 --- a/src/gui/kernel/qsessionmanager_p.h +++ b/src/gui/kernel/qsessionmanager_p.h @@ -65,6 +65,7 @@ public: virtual ~QSessionManagerPrivate(); QPlatformSessionManager *platformSessionManager; + bool autoCloseWindowsEnabled; }; QT_END_NAMESPACE -- 2.6.2.2.g1b5ffa3 ++++++ disable-rc4-ciphers-bnc865241.diff ++++++ Index: qtbase-opensource-src-5.5.1/src/network/ssl/qsslsocket_openssl.cpp =================================================================== --- qtbase-opensource-src-5.5.1.orig/src/network/ssl/qsslsocket_openssl.cpp +++ qtbase-opensource-src-5.5.1/src/network/ssl/qsslsocket_openssl.cpp @@ -662,10 +662,13 @@ void QSslSocketPrivate::resetDefaultCiph // Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection if (!ciph.name().toLower().startsWith(QLatin1String("adh")) && !ciph.name().toLower().startsWith(QLatin1String("exp-adh")) && - !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) + !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) { ciphers << ciph; - if (ciph.usedBits() >= 128) - defaultCiphers << ciph; + + if (ciph.usedBits() >= 128 && + !ciph.encryptionMethod().toLower().startsWith(QLatin1String("rc4"))) + defaultCiphers << ciph; + } } } }
