From bbb295fea48ca560d7362ce9dd3eed37f16fc557 Mon Sep 17 00:00:00 2001 From: Martin Sucha Date: Sun, 1 Sep 2019 11:11:59 +0200 Subject: [PATCH 1/3] Use newer digest algorithms in TLS error dialog MD5 has been broken for a long time now and SHA1 has been deprecated as well. SHA1 is not used when issuing new publicly trusted certificates since 1 January 2016[1] and there are more and more effective attacks[2][3] against it, so display SHA1 fingerprint only for old certificates to encourage use of safer digests by users. So, we display SHA-256 and SHA-512 fingerprints instead in the common case. [1] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.6.5.pdf [2] https://shattered.io/static/shattered.pdf [3] https://eprint.iacr.org/2019/459.pdf Signed-off-by: Martin Sucha --- src/gui/sslerrordialog.cpp | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/gui/sslerrordialog.cpp b/src/gui/sslerrordialog.cpp index 8b6350efa7..814a7b0af0 100644 --- a/src/gui/sslerrordialog.cpp +++ b/src/gui/sslerrordialog.cpp @@ -184,10 +184,15 @@ QString SslErrorDialog::certDiv(QSslCertificate cert) const msg += QL("

"); - QString md5sum = Utility::formatFingerprint(cert.digest(QCryptographicHash::Md5).toHex()); - QString sha1sum = Utility::formatFingerprint(cert.digest(QCryptographicHash::Sha1).toHex()); - msg += tr("Fingerprint (MD5): %1").arg(md5sum) + QL("
"); - msg += tr("Fingerprint (SHA1): %1").arg(sha1sum) + QL("
"); + if (cert.effectiveDate() < QDateTime(QDate(2016, 1, 1), QTime(), Qt::UTC)) { + QString sha1sum = Utility::formatFingerprint(cert.digest(QCryptographicHash::Sha1).toHex()); + msg += tr("Fingerprint (SHA1): %1").arg(sha1sum) + QL("
"); + } + + QString sha256sum = Utility::formatFingerprint(cert.digest(QCryptographicHash::Sha256).toHex()); + QString sha512sum = Utility::formatFingerprint(cert.digest(QCryptographicHash::Sha512).toHex()); + msg += tr("Fingerprint (SHA-256): %1").arg(sha256sum) + QL("
"); + msg += tr("Fingerprint (SHA-512): %1").arg(sha512sum) + QL("
"); msg += QL("
"); msg += tr("Effective Date: %1").arg(cert.effectiveDate().toString()) + QL("
"); msg += tr("Expiration Date: %1").arg(cert.expiryDate().toString()) + QL("

"); From b792a627e22cec62ae8f788483f5f434ffa29594 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Fri, 6 Sep 2019 14:40:54 +0200 Subject: [PATCH 2/3] Qt5.5 compatiblity patch for login flow V2 + UI improvment Removes the right-click function for the "Re-open browser" buttons because they are not intuitive for the user. Adds a dedicated "Copy link" button. Implements Qt 5.5 fixes based on: https://github.com/nextcloud/desktop/pull/1392 Signed-off-by: Michael Schuster --- src/gui/wizard/flow2authcredspage.cpp | 32 ++++++++++++----------- src/gui/wizard/flow2authcredspage.h | 4 +++ src/gui/wizard/flow2authcredspage.ui | 15 ++++++++++- src/gui/wizard/flow2authwidget.cpp | 32 ++++++++++++----------- src/gui/wizard/flow2authwidget.h | 4 +++ src/gui/wizard/flow2authwidget.ui | 15 ++++++++++- src/gui/wizard/owncloudoauthcredspage.cpp | 32 ++++++++++++----------- src/gui/wizard/owncloudoauthcredspage.h | 4 +++ src/gui/wizard/owncloudoauthcredspage.ui | 13 +++++++++ 9 files changed, 104 insertions(+), 47 deletions(-) diff --git a/src/gui/wizard/flow2authcredspage.cpp b/src/gui/wizard/flow2authcredspage.cpp index a368d60438..165752663e 100644 --- a/src/gui/wizard/flow2authcredspage.cpp +++ b/src/gui/wizard/flow2authcredspage.cpp @@ -46,21 +46,8 @@ Flow2AuthCredsPage::Flow2AuthCredsPage() setTitle(WizardCommon::titleTemplate().arg(tr("Connect to %1").arg(Theme::instance()->appNameGUI()))); setSubTitle(WizardCommon::subTitleTemplate().arg(tr("Login in your browser (Login Flow v2)"))); - connect(_ui.openLinkButton, &QCommandLinkButton::clicked, [this] { - _ui.errorLabel->hide(); - if (_asyncAuth) - _asyncAuth->openBrowser(); - }); - _ui.openLinkButton->setContextMenuPolicy(Qt::CustomContextMenu); - QObject::connect(_ui.openLinkButton, &QWidget::customContextMenuRequested, [this](const QPoint &pos) { - auto menu = new QMenu(_ui.openLinkButton); - menu->addAction(tr("Copy link to clipboard"), this, [this] { - if (_asyncAuth) - QApplication::clipboard()->setText(_asyncAuth->authorisationLink().toString(QUrl::FullyEncoded)); - }); - menu->setAttribute(Qt::WA_DeleteOnClose); - menu->popup(_ui.openLinkButton->mapToGlobal(pos)); - }); + connect(_ui.openLinkButton, &QCommandLinkButton::clicked, this, &Flow2AuthCredsPage::slotOpenBrowser); + connect(_ui.copyLinkButton, &QCommandLinkButton::clicked, this, &Flow2AuthCredsPage::slotCopyLinkToClipboard); } void Flow2AuthCredsPage::initializePage() @@ -146,4 +133,19 @@ bool Flow2AuthCredsPage::isComplete() const return false; /* We can never go forward manually */ } +void Flow2AuthCredsPage::slotOpenBrowser() +{ + if (_ui.errorLabel) + _ui.errorLabel->hide(); + + if (_asyncAuth) + _asyncAuth->openBrowser(); +} + +void Flow2AuthCredsPage::slotCopyLinkToClipboard() +{ + if (_asyncAuth) + QApplication::clipboard()->setText(_asyncAuth->authorisationLink().toString(QUrl::FullyEncoded)); +} + } // namespace OCC diff --git a/src/gui/wizard/flow2authcredspage.h b/src/gui/wizard/flow2authcredspage.h index bffcf68b3f..f51d7d7f35 100644 --- a/src/gui/wizard/flow2authcredspage.h +++ b/src/gui/wizard/flow2authcredspage.h @@ -56,6 +56,10 @@ public: QString _appPassword; QScopedPointer _asyncAuth; Ui_Flow2AuthCredsPage _ui; + +protected slots: + void slotOpenBrowser(); + void slotCopyLinkToClipboard(); }; } // namespace OCC diff --git a/src/gui/wizard/flow2authcredspage.ui b/src/gui/wizard/flow2authcredspage.ui index 04c1d72175..37d2b8f530 100644 --- a/src/gui/wizard/flow2authcredspage.ui +++ b/src/gui/wizard/flow2authcredspage.ui @@ -53,7 +53,20 @@ - Re-open Browser (or right-click to copy link) + Re-open Browser + + + + + + + + 50 + false + + + + Copy link diff --git a/src/gui/wizard/flow2authwidget.cpp b/src/gui/wizard/flow2authwidget.cpp index 300b2e83d8..c050a54d03 100644 --- a/src/gui/wizard/flow2authwidget.cpp +++ b/src/gui/wizard/flow2authwidget.cpp @@ -50,21 +50,8 @@ Flow2AuthWidget::Flow2AuthWidget(Account *account, QWidget *parent) WizardCommon::initErrorLabel(_ui.errorLabel); - connect(_ui.openLinkButton, &QCommandLinkButton::clicked, [this] { - _ui.errorLabel->hide(); - if (_asyncAuth) - _asyncAuth->openBrowser(); - }); - _ui.openLinkButton->setContextMenuPolicy(Qt::CustomContextMenu); - QObject::connect(_ui.openLinkButton, &QWidget::customContextMenuRequested, [this](const QPoint &pos) { - auto menu = new QMenu(_ui.openLinkButton); - menu->addAction(tr("Copy link to clipboard"), this, [this] { - if (_asyncAuth) - QApplication::clipboard()->setText(_asyncAuth->authorisationLink().toString(QUrl::FullyEncoded)); - }); - menu->setAttribute(Qt::WA_DeleteOnClose); - menu->popup(_ui.openLinkButton->mapToGlobal(pos)); - }); + connect(_ui.openLinkButton, &QCommandLinkButton::clicked, this, &Flow2AuthWidget::slotOpenBrowser); + connect(_ui.copyLinkButton, &QCommandLinkButton::clicked, this, &Flow2AuthWidget::slotCopyLinkToClipboard); _asyncAuth.reset(new Flow2Auth(_account, this)); connect(_asyncAuth.data(), &Flow2Auth::result, this, &Flow2AuthWidget::asyncAuthResult, Qt::QueuedConnection); @@ -110,4 +97,19 @@ Flow2AuthWidget::~Flow2AuthWidget() { _user.clear(); } +void Flow2AuthWidget::slotOpenBrowser() +{ + if (_ui.errorLabel) + _ui.errorLabel->hide(); + + if (_asyncAuth) + _asyncAuth->openBrowser(); } + +void Flow2AuthWidget::slotCopyLinkToClipboard() +{ + if (_asyncAuth) + QApplication::clipboard()->setText(_asyncAuth->authorisationLink().toString(QUrl::FullyEncoded)); +} + +} // namespace OCC diff --git a/src/gui/wizard/flow2authwidget.h b/src/gui/wizard/flow2authwidget.h index cf04d91935..7fe1844c17 100644 --- a/src/gui/wizard/flow2authwidget.h +++ b/src/gui/wizard/flow2authwidget.h @@ -45,6 +45,10 @@ private: QString _appPassword; QScopedPointer _asyncAuth; Ui_Flow2AuthWidget _ui; + +protected slots: + void slotOpenBrowser(); + void slotCopyLinkToClipboard(); }; } diff --git a/src/gui/wizard/flow2authwidget.ui b/src/gui/wizard/flow2authwidget.ui index e73ae6a1d6..7de44675f7 100644 --- a/src/gui/wizard/flow2authwidget.ui +++ b/src/gui/wizard/flow2authwidget.ui @@ -65,7 +65,20 @@ - Re-open Browser (or right-click to copy link) + Re-open Browser + + + + + + + + 50 + false + + + + Copy link diff --git a/src/gui/wizard/owncloudoauthcredspage.cpp b/src/gui/wizard/owncloudoauthcredspage.cpp index 174aa05c47..0d4c40ea7e 100644 --- a/src/gui/wizard/owncloudoauthcredspage.cpp +++ b/src/gui/wizard/owncloudoauthcredspage.cpp @@ -45,21 +45,8 @@ OwncloudOAuthCredsPage::OwncloudOAuthCredsPage() setTitle(WizardCommon::titleTemplate().arg(tr("Connect to %1").arg(Theme::instance()->appNameGUI()))); setSubTitle(WizardCommon::subTitleTemplate().arg(tr("Login in your browser"))); - connect(_ui.openLinkButton, &QCommandLinkButton::clicked, [this] { - _ui.errorLabel->hide(); - if (_asyncAuth) - _asyncAuth->openBrowser(); - }); - _ui.openLinkButton->setContextMenuPolicy(Qt::CustomContextMenu); - QObject::connect(_ui.openLinkButton, &QWidget::customContextMenuRequested, [this](const QPoint &pos) { - auto menu = new QMenu(_ui.openLinkButton); - menu->addAction(tr("Copy link to clipboard"), this, [this] { - if (_asyncAuth) - QApplication::clipboard()->setText(_asyncAuth->authorisationLink().toString(QUrl::FullyEncoded)); - }); - menu->setAttribute(Qt::WA_DeleteOnClose); - menu->popup(_ui.openLinkButton->mapToGlobal(pos)); - }); + connect(_ui.openLinkButton, &QCommandLinkButton::clicked, this, &OwncloudOAuthCredsPage::slotOpenBrowser); + connect(_ui.copyLinkButton, &QCommandLinkButton::clicked, this, &OwncloudOAuthCredsPage::slotCopyLinkToClipboard); } void OwncloudOAuthCredsPage::initializePage() @@ -133,4 +120,19 @@ bool OwncloudOAuthCredsPage::isComplete() const return false; /* We can never go forward manually */ } +void OwncloudOAuthCredsPage::slotOpenBrowser() +{ + if (_ui.errorLabel) + _ui.errorLabel->hide(); + + if (_asyncAuth) + _asyncAuth->openBrowser(); +} + +void OwncloudOAuthCredsPage::slotCopyLinkToClipboard() +{ + if (_asyncAuth) + QApplication::clipboard()->setText(_asyncAuth->authorisationLink().toString(QUrl::FullyEncoded)); +} + } // namespace OCC diff --git a/src/gui/wizard/owncloudoauthcredspage.h b/src/gui/wizard/owncloudoauthcredspage.h index 32341eb1cd..efbc9a69b3 100644 --- a/src/gui/wizard/owncloudoauthcredspage.h +++ b/src/gui/wizard/owncloudoauthcredspage.h @@ -57,6 +57,10 @@ public: QString _refreshToken; QScopedPointer _asyncAuth; Ui_OwncloudOAuthCredsPage _ui; + +protected slots: + void slotOpenBrowser(); + void slotCopyLinkToClipboard(); }; } // namespace OCC diff --git a/src/gui/wizard/owncloudoauthcredspage.ui b/src/gui/wizard/owncloudoauthcredspage.ui index 2c3a79ed22..03682cae10 100644 --- a/src/gui/wizard/owncloudoauthcredspage.ui +++ b/src/gui/wizard/owncloudoauthcredspage.ui @@ -57,6 +57,19 @@ + + + + + 50 + false + + + + Copy link + + + From 8b2c47cdcb4d1956aad1f642dbbc8d481aee3f07 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Fri, 6 Sep 2019 17:05:18 +0200 Subject: [PATCH 3/3] Remove old Qt 5.5 patch for Xenial Signed-off-by: Michael Schuster --- .../post-patches/qt5.5-compat.patch | 40 ------------------- 1 file changed, 40 deletions(-) diff --git a/admin/linux/debian/debian.xenial/post-patches/qt5.5-compat.patch b/admin/linux/debian/debian.xenial/post-patches/qt5.5-compat.patch index f6475205c0..70c71d4628 100644 --- a/admin/linux/debian/debian.xenial/post-patches/qt5.5-compat.patch +++ b/admin/linux/debian/debian.xenial/post-patches/qt5.5-compat.patch @@ -1,43 +1,3 @@ ---- nextcloud-client-2.4.0.orig/src/gui/wizard/owncloudoauthcredspage.cpp -+++ nextcloud-client-2.4.0/src/gui/wizard/owncloudoauthcredspage.cpp -@@ -53,10 +53,8 @@ OwncloudOAuthCredsPage::OwncloudOAuthCredsPage() - _ui.openLinkButton->setContextMenuPolicy(Qt::CustomContextMenu); - QObject::connect(_ui.openLinkButton, &QWidget::customContextMenuRequested, [this](const QPoint &pos) { - auto menu = new QMenu(_ui.openLinkButton); -- menu->addAction(tr("Copy link to clipboard"), this, [this] { -- if (_asyncAuth) -- QApplication::clipboard()->setText(_asyncAuth->authorisationLink().toString(QUrl::FullyEncoded)); -- }); -+ auto action = menu->addAction(tr("Copy link to clipboard")); -+ connect(action, &QAction::triggered, this, &OwncloudOAuthCredsPage::copyLinkToClipboard); - menu->setAttribute(Qt::WA_DeleteOnClose); - menu->popup(_ui.openLinkButton->mapToGlobal(pos)); - }); -@@ -131,4 +129,11 @@ bool OwncloudOAuthCredsPage::isComplete() const - return false; /* We can never go forward manually */ - } - -+void OwncloudOAuthCredsPage::copyLinkToClipboard() -+{ -+ if (_asyncAuth) -+ QApplication::clipboard()->setText(_asyncAuth->authorisationLink().toString(QUrl::FullyEncoded)); -+} -+ -+ - } // namespace OCC ---- nextcloud-client-2.4.0.orig/src/gui/wizard/owncloudoauthcredspage.h -+++ nextcloud-client-2.4.0/src/gui/wizard/owncloudoauthcredspage.h -@@ -57,6 +57,10 @@ public: - QString _refreshToken; - QScopedPointer _asyncAuth; - Ui_OwncloudOAuthCredsPage _ui; -+ -+protected slots: -+ void copyLinkToClipboard(); -+ - }; - - } // namespace OCC --- nextcloud-client-2.5.3.orig/src/3rdparty/kmessagewidget/kmessagewidget.cpp 2019-07-26 18:40:34.949349387 +0000 +++ nextcloud-client-2.5.3/src/3rdparty/kmessagewidget/kmessagewidget.cpp 2019-07-26 18:41:39.866478051 +0000 @@ -105,6 +105,9 @@