qt4: security advisory - blacklist fraudulent comodo certificates

Security advisory: Blacklist fraudulent certificates. More info is in the patch and at the following links: http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html http://qt.nokia.com/files/qt-patches/blacklist-fraudulent-comodo-certificates-patch.diff/view (Imported from OE rev 61eeeec1224c4f974f9185c2b93eeb19d13938af) (From OE-Core rev: 14419f4a4bc629b171281d46750c6abfa84bf83b) Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Denys Dmytriyenko <denys@ti.com> 2011-03-30 17:19:55 -0400
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2011-04-06 12:10:52 -0700
commit: e5a40cd6f8c6a8c3d40cbaf29bffe5e201056dad (patch)
tree: 9581543c8decaab7b904839b644a7be0e51e6735 /meta/recipes-qt
parent: ea738ee3d3999b1696d70ce7684b96cf4a26e9e6 (diff)
download: poky-e5a40cd6f8c6a8c3d40cbaf29bffe5e201056dad.tar.gz
7 files changed, 140 insertions, 4 deletions
diff --git a/meta/recipes-qt/qt4/files/blacklist-fraudulent-comodo-certificates-patch.diff b/meta/recipes-qt/qt4/files/blacklist-fraudulent-comodo-certificates-patch.diff
new file mode 100644
index 0000000000..00faf75932
--- /dev/null
+++ b/meta/recipes-qt/qt4/files/blacklist-fraudulent-comodo-certificates-patch.diff
@@ -0,0 +1,134 @@
+Security advisory: Fraudulent certificates
+Background:
+Recently a group of people managed to get fraudulent SSL certificates signed
+by a Certificate Authority (CA).
+These certificates potentially enable their owners to pretend to be other
+entities on the Web; the attackers can present valid certificates for e.g.
+mail.google.com, login.yahoo.com and login.live.com, among others.
+The patch below solves this problem by blacklisting those fake certificates
+and aborting an SSL handshake with entities that present these certificates.
+The patch applies to all 4.6 and 4.7 versions, and should be applied to all Qt
+4.6.x and 4.7.x versions; upcoming Qt releases will contain a fix for this
+problem.
+More technical background:
+In order to trick a user into establishing an SSL connection to a site using
+one of those fake certificates, in addition to controlling the certificate, an
+attacker would need to either control the DNS server used by the victim, or
+have control over a proxy that the victim uses. That way, the attacker could
+trick the victim to connect to the attacker?s site and then present the user
+with a valid certificate.
+One obvious question now is: Should those certificates not just be revoked,
+which would solve the problem?
+First, they have been revoked by the affected Certificate Authority (see above
+link).
+However, the problem in this case, and probably part of the reason why most
+browser vendors release new versions blacklisting those certificates, is that
+by default browsers do not treat invalid responses from an OCSP server (a
+server used for checking the revocation status of a certificate) as fatal, and
+will allow the SSL connection to proceed anyway. Qt itself does not support
+OCSP yet, which makes blacklisting the certificates the only valid option (now
+would be a good moment to vote on the task for implementing OCSP in Qt); since
+Qt is relying on the system root certificates since version 4.7, it cannot
+control the root certificates that Qt trusts automatically anymore.
+http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
+http://qt.nokia.com/files/qt-patches/blacklist-fraudulent-comodo-certificates-patch.diff/view
+diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
+index 618ac79..a5cdf01 100644
+--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
+@@ -219,17 +219,19 @@ bool QSslCertificate::isNull() const
+     Returns true if this certificate is valid; otherwise returns
+     false.
+ 
+-    Note: Currently, this function only checks that the current
+    Note: Currently, this function checks that the current
+     data-time is within the date-time range during which the
+-    certificate is considered valid. No other checks are
+-    currently performed.
+    certificate is considered valid, and checks that the
+    certificate is not in a blacklist of fraudulent certificates.
+ 
+     \sa isNull()
+ */
+ bool QSslCertificate::isValid() const
+ {
+     const QDateTime currentTime = QDateTime::currentDateTime();
+-    return currentTime >= d->notValidBefore && currentTime <= d->notValidAfter;
+    return currentTime >= d->notValidBefore &&
+            currentTime <= d->notValidAfter &&
+            ! QSslCertificatePrivate::isBlacklisted(*this);
+ }
+ 
+ /*!
+@@ -798,6 +800,30 @@ QList<QSslCertificate> QSslCertificatePrivate::certificatesFromDer(const QByteAr
+     return certificates;
+ }
+ 
+// These certificates are known to be fraudulent and were created during the comodo
+// compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
+static const char *certificate_blacklist[] = {
+    "04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e",
+    "f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06",
+    "d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3",
+    "39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29",
+    "3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71",
+    "e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47",
+    "92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43",
+    "b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0",
+    "d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0",
+    0
+};
+
+bool QSslCertificatePrivate::isBlacklisted(const QSslCertificate &certificate)
+{
+    for (int a = 0; certificate_blacklist[a] != 0; a++) {
+        if (certificate.serialNumber() == certificate_blacklist[a])
+            return true;
+    }
+    return false;
+}
+
+ #ifndef QT_NO_DEBUG_STREAM
+ QDebug operator<<(QDebug debug, const QSslCertificate &certificate)
+ {
+diff --git a/src/network/ssl/qsslcertificate_p.h b/src/network/ssl/qsslcertificate_p.h
+index cdceb0f..1ce33d3 100644
+--- a/src/network/ssl/qsslcertificate_p.h
+++ b/src/network/ssl/qsslcertificate_p.h
+@@ -96,6 +96,7 @@ public:
+     static QSslCertificate QSslCertificate_from_X509(X509 *x509);
+     static QList<QSslCertificate> certificatesFromPem(const QByteArray &pem, int count = -1);
+     static QList<QSslCertificate> certificatesFromDer(const QByteArray &der, int count = -1);
+    static bool isBlacklisted(const QSslCertificate &certificate);
+ 
+     friend class QSslSocketBackendPrivate;
+ 
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index 0866534..2427193 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -1193,6 +1193,13 @@ bool QSslSocketBackendPrivate::startHandshake()
+     X509 *x509 = q_SSL_get_peer_certificate(ssl);
+     configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);
+     q_X509_free(x509);
+    if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) {
+        q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted"));
+        q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
+        emit q->error(QAbstractSocket::SslHandshakeFailedError);
+        plainSocket->disconnectFromHost();
+        return false;
+    }
+ 
+     // Start translating errors.
+     QList<QSslError> errors;
diff --git a/meta/recipes-qt/qt4/qt-4.6.3.inc b/meta/recipes-qt/qt4/qt-4.6.3.inc
index ec2c9208d5..37a15f1c1e 100644
--- a/meta/recipes-qt/qt4/qt-4.6.3.inc
+++ b/meta/recipes-qt/qt4/qt-4.6.3.inc
@@ -4,6 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.LGPL;md5=fbc093901857fcd118f065f900982c24 \
                    file://LGPL_EXCEPTION.txt;md5=411080a56ff917a5a1aa08c98acae354"
 SRC_URI = "http://get.qt.nokia.com/qt/source/qt-everywhere-opensource-src-${PV}.tar.gz \
+           file://blacklist-fraudulent-comodo-certificates-patch.diff \
           file://0001-cross-compile.patch \
           file://0002-fix-resinit-declaration.patch \
           file://0004-no-qmake.patch \
diff --git a/meta/recipes-qt/qt4/qt-4.7.2.inc b/meta/recipes-qt/qt4/qt-4.7.2.inc
index ed62bd3c01..0f75a4682d 100644
--- a/meta/recipes-qt/qt4/qt-4.7.2.inc
+++ b/meta/recipes-qt/qt4/qt-4.7.2.inc
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.LGPL;md5=fbc093901857fcd118f065f900982c24 \
 FILESPATH =. "${FILE_DIRNAME}/qt-${PV}:"
 SRC_URI = "http://get.qt.nokia.com/qt/source/qt-everywhere-opensource-src-${PV}.tar.gz \
+           file://blacklist-fraudulent-comodo-certificates-patch.diff \
           file://0004-no-qmake.patch \
           file://hack-out-pg2-4.7.0.patch \
           file://0006-freetype-host-includes.patch \
diff --git a/meta/recipes-qt/qt4/qt4-embedded_4.6.3.bb b/meta/recipes-qt/qt4/qt4-embedded_4.6.3.bb
index dd662aa3d8..5e289d2727 100644
--- a/meta/recipes-qt/qt4/qt4-embedded_4.6.3.bb
+++ b/meta/recipes-qt/qt4/qt4-embedded_4.6.3.bb
@@ -3,7 +3,7 @@ require qt4-embedded.inc
 SRC_URI += "file://qthelp-lib-qtclucene.patch"
-PR = "${INC_PR}.1"
+PR = "${INC_PR}.2"
 QT_CONFIG_FLAGS_append_armv6 = " -no-neon "
diff --git a/meta/recipes-qt/qt4/qt4-embedded_4.7.2.bb b/meta/recipes-qt/qt4/qt4-embedded_4.7.2.bb
index b88b1e9498..c3f6713199 100644
--- a/meta/recipes-qt/qt4/qt4-embedded_4.7.2.bb
+++ b/meta/recipes-qt/qt4/qt4-embedded_4.7.2.bb
@@ -1,7 +1,7 @@
 require qt-${PV}.inc
 require qt4-embedded.inc
-PR = "${INC_PR}.0"
+PR = "${INC_PR}.1"
 QT_CONFIG_FLAGS_append_armv6 = " -no-neon "
diff --git a/meta/recipes-qt/qt4/qt4-x11-free_4.6.3.bb b/meta/recipes-qt/qt4/qt4-x11-free_4.6.3.bb
index 8cf5449254..9126284b2e 100644
--- a/meta/recipes-qt/qt4/qt4-x11-free_4.6.3.bb
+++ b/meta/recipes-qt/qt4/qt4-x11-free_4.6.3.bb
@@ -1,6 +1,6 @@
 require qt-${PV}.inc
 require qt4-x11-free.inc
-PR = "${INC_PR}.0"
+PR = "${INC_PR}.1"
 QT_CONFIG_FLAGS += " -xrandr "
diff --git a/meta/recipes-qt/qt4/qt4-x11-free_4.7.2.bb b/meta/recipes-qt/qt4/qt4-x11-free_4.7.2.bb
index 359a7561d3..75c6314e7f 100644
--- a/meta/recipes-qt/qt4/qt4-x11-free_4.7.2.bb
+++ b/meta/recipes-qt/qt4/qt4-x11-free_4.7.2.bb
@@ -1,7 +1,7 @@
 require qt4-x11-free.inc
 require qt-${PV}.inc
-PR = "${INC_PR}.0"
+PR = "${INC_PR}.1"
 QT_CONFIG_FLAGS_append_armv6 = " -no-neon "
author	Denys Dmytriyenko <denys@ti.com>	2011-03-30 17:19:55 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2011-04-06 12:10:52 -0700
commit	e5a40cd6f8c6a8c3d40cbaf29bffe5e201056dad (patch)
tree	9581543c8decaab7b904839b644a7be0e51e6735 /meta/recipes-qt
parent	ea738ee3d3999b1696d70ce7684b96cf4a26e9e6 (diff)
download	poky-e5a40cd6f8c6a8c3d40cbaf29bffe5e201056dad.tar.gz

diff --git a/meta/recipes-qt/qt4/files/blacklist-fraudulent-comodo-certificates-patch.diff b/meta/recipes-qt/qt4/files/blacklist-fraudulent-comodo-certificates-patch.diff new file mode 100644 index 0000000000..00faf75932 --- /dev/null +++ b/meta/recipes-qt/qt4/files/blacklist-fraudulent-comodo-certificates-patch.diff
@@ -0,0 +1,134 @@
		1	Security advisory: Fraudulent certificates
		2
		3	Background:
		4
		5	Recently a group of people managed to get fraudulent SSL certificates signed
		6	by a Certificate Authority (CA).
		7
		8	These certificates potentially enable their owners to pretend to be other
		9	entities on the Web; the attackers can present valid certificates for e.g.
		10	mail.google.com, login.yahoo.com and login.live.com, among others.
		11
		12	The patch below solves this problem by blacklisting those fake certificates
		13	and aborting an SSL handshake with entities that present these certificates.
		14	The patch applies to all 4.6 and 4.7 versions, and should be applied to all Qt
		15	4.6.x and 4.7.x versions; upcoming Qt releases will contain a fix for this
		16	problem.
		17
		18	More technical background:
		19
		20	In order to trick a user into establishing an SSL connection to a site using
		21	one of those fake certificates, in addition to controlling the certificate, an
		22	attacker would need to either control the DNS server used by the victim, or
		23	have control over a proxy that the victim uses. That way, the attacker could
		24	trick the victim to connect to the attacker?s site and then present the user
		25	with a valid certificate.
		26
		27	One obvious question now is: Should those certificates not just be revoked,
		28	which would solve the problem?
		29
		30	First, they have been revoked by the affected Certificate Authority (see above
		31	link).
		32
		33	However, the problem in this case, and probably part of the reason why most
		34	browser vendors release new versions blacklisting those certificates, is that
		35	by default browsers do not treat invalid responses from an OCSP server (a
		36	server used for checking the revocation status of a certificate) as fatal, and
		37	will allow the SSL connection to proceed anyway. Qt itself does not support
		38	OCSP yet, which makes blacklisting the certificates the only valid option (now
		39	would be a good moment to vote on the task for implementing OCSP in Qt); since
		40	Qt is relying on the system root certificates since version 4.7, it cannot
		41	control the root certificates that Qt trusts automatically anymore.
		42
		43	http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
		44	http://qt.nokia.com/files/qt-patches/blacklist-fraudulent-comodo-certificates-patch.diff/view
		45
		46	diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
		47	index 618ac79..a5cdf01 100644
		48	--- a/src/network/ssl/qsslcertificate.cpp
		49	+++ b/src/network/ssl/qsslcertificate.cpp
		50	@@ -219,17 +219,19 @@ bool QSslCertificate::isNull() const
		51	Returns true if this certificate is valid; otherwise returns
		52	false.
		53
		54	- Note: Currently, this function only checks that the current
		55	+ Note: Currently, this function checks that the current
		56	data-time is within the date-time range during which the
		57	- certificate is considered valid. No other checks are
		58	- currently performed.
		59	+ certificate is considered valid, and checks that the
		60	+ certificate is not in a blacklist of fraudulent certificates.
		61
		62	\sa isNull()
		63	*/
		64	bool QSslCertificate::isValid() const
		65	{
		66	const QDateTime currentTime = QDateTime::currentDateTime();
		67	- return currentTime >= d->notValidBefore && currentTime <= d->notValidAfter;
		68	+ return currentTime >= d->notValidBefore &&
		69	+ currentTime <= d->notValidAfter &&
		70	+ ! QSslCertificatePrivate::isBlacklisted(*this);
		71	}
		72
		73	/*!
		74	@@ -798,6 +800,30 @@ QList<QSslCertificate> QSslCertificatePrivate::certificatesFromDer(const QByteAr
		75	return certificates;
		76	}
		77
		78	+// These certificates are known to be fraudulent and were created during the comodo
		79	+// compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
		80	+static const char *certificate_blacklist[] = {
		81	+ "04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e",
		82	+ "f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06",
		83	+ "d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3",
		84	+ "39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29",
		85	+ "3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71",
		86	+ "e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47",
		87	+ "92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43",
		88	+ "b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0",
		89	+ "d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0",
		90	+ 0
		91	+};
		92	+
		93	+bool QSslCertificatePrivate::isBlacklisted(const QSslCertificate &certificate)
		94	+{
		95	+ for (int a = 0; certificate_blacklist[a] != 0; a++) {
		96	+ if (certificate.serialNumber() == certificate_blacklist[a])
		97	+ return true;
		98	+ }
		99	+ return false;
		100	+}
		101	+
		102	#ifndef QT_NO_DEBUG_STREAM
		103	QDebug operator<<(QDebug debug, const QSslCertificate &certificate)
		104	{
		105	diff --git a/src/network/ssl/qsslcertificate_p.h b/src/network/ssl/qsslcertificate_p.h
		106	index cdceb0f..1ce33d3 100644
		107	--- a/src/network/ssl/qsslcertificate_p.h
		108	+++ b/src/network/ssl/qsslcertificate_p.h
		109	@@ -96,6 +96,7 @@ public:
		110	static QSslCertificate QSslCertificate_from_X509(X509 *x509);
		111	static QList<QSslCertificate> certificatesFromPem(const QByteArray &pem, int count = -1);
		112	static QList<QSslCertificate> certificatesFromDer(const QByteArray &der, int count = -1);
		113	+ static bool isBlacklisted(const QSslCertificate &certificate);
		114
		115	friend class QSslSocketBackendPrivate;
		116
		117	diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
		118	index 0866534..2427193 100644
		119	--- a/src/network/ssl/qsslsocket_openssl.cpp
		120	+++ b/src/network/ssl/qsslsocket_openssl.cpp
		121	@@ -1193,6 +1193,13 @@ bool QSslSocketBackendPrivate::startHandshake()
		122	X509 *x509 = q_SSL_get_peer_certificate(ssl);
		123	configuration.peerCertificate = QSslCertificatePrivate::QSslCertificate_from_X509(x509);
		124	q_X509_free(x509);
		125	+ if (QSslCertificatePrivate::isBlacklisted(configuration.peerCertificate)) {
		126	+ q->setErrorString(QSslSocket::tr("The peer certificate is blacklisted"));
		127	+ q->setSocketError(QAbstractSocket::SslHandshakeFailedError);
		128	+ emit q->error(QAbstractSocket::SslHandshakeFailedError);
		129	+ plainSocket->disconnectFromHost();
		130	+ return false;
		131	+ }
		132
		133	// Start translating errors.
		134	QList<QSslError> errors;


diff --git a/meta/recipes-qt/qt4/qt-4.6.3.inc b/meta/recipes-qt/qt4/qt-4.6.3.inc index ec2c9208d5..37a15f1c1e 100644 --- a/meta/recipes-qt/qt4/qt-4.6.3.inc +++ b/meta/recipes-qt/qt4/qt-4.6.3.inc
@@ -4,6 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.LGPL;md5=fbc093901857fcd118f065f900982c24 \
4	file://LGPL_EXCEPTION.txt;md5=411080a56ff917a5a1aa08c98acae354"	4	file://LGPL_EXCEPTION.txt;md5=411080a56ff917a5a1aa08c98acae354"
5		5
6	SRC_URI = "http://get.qt.nokia.com/qt/source/qt-everywhere-opensource-src-${PV}.tar.gz \	6	SRC_URI = "http://get.qt.nokia.com/qt/source/qt-everywhere-opensource-src-${PV}.tar.gz \
		7	file://blacklist-fraudulent-comodo-certificates-patch.diff \
7	file://0001-cross-compile.patch \	8	file://0001-cross-compile.patch \
8	file://0002-fix-resinit-declaration.patch \	9	file://0002-fix-resinit-declaration.patch \
9	file://0004-no-qmake.patch \	10	file://0004-no-qmake.patch \


diff --git a/meta/recipes-qt/qt4/qt-4.7.2.inc b/meta/recipes-qt/qt4/qt-4.7.2.inc index ed62bd3c01..0f75a4682d 100644 --- a/meta/recipes-qt/qt4/qt-4.7.2.inc +++ b/meta/recipes-qt/qt4/qt-4.7.2.inc
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.LGPL;md5=fbc093901857fcd118f065f900982c24 \
6	FILESPATH =. "${FILE_DIRNAME}/qt-${PV}:"	6	FILESPATH =. "${FILE_DIRNAME}/qt-${PV}:"
7		7
8	SRC_URI = "http://get.qt.nokia.com/qt/source/qt-everywhere-opensource-src-${PV}.tar.gz \	8	SRC_URI = "http://get.qt.nokia.com/qt/source/qt-everywhere-opensource-src-${PV}.tar.gz \
		9	file://blacklist-fraudulent-comodo-certificates-patch.diff \
9	file://0004-no-qmake.patch \	10	file://0004-no-qmake.patch \
10	file://hack-out-pg2-4.7.0.patch \	11	file://hack-out-pg2-4.7.0.patch \
11	file://0006-freetype-host-includes.patch \	12	file://0006-freetype-host-includes.patch \


diff --git a/meta/recipes-qt/qt4/qt4-embedded_4.6.3.bb b/meta/recipes-qt/qt4/qt4-embedded_4.6.3.bb index dd662aa3d8..5e289d2727 100644 --- a/meta/recipes-qt/qt4/qt4-embedded_4.6.3.bb +++ b/meta/recipes-qt/qt4/qt4-embedded_4.6.3.bb
@@ -3,7 +3,7 @@ require qt4-embedded.inc
3		3
4	SRC_URI += "file://qthelp-lib-qtclucene.patch"	4	SRC_URI += "file://qthelp-lib-qtclucene.patch"
5		5
6	PR = "${INC_PR}.1"	6	PR = "${INC_PR}.2"
7		7
8	QT_CONFIG_FLAGS_append_armv6 = " -no-neon "	8	QT_CONFIG_FLAGS_append_armv6 = " -no-neon "
9		9


diff --git a/meta/recipes-qt/qt4/qt4-embedded_4.7.2.bb b/meta/recipes-qt/qt4/qt4-embedded_4.7.2.bb index b88b1e9498..c3f6713199 100644 --- a/meta/recipes-qt/qt4/qt4-embedded_4.7.2.bb +++ b/meta/recipes-qt/qt4/qt4-embedded_4.7.2.bb
@@ -1,7 +1,7 @@
1	require qt-${PV}.inc	1	require qt-${PV}.inc
2	require qt4-embedded.inc	2	require qt4-embedded.inc
3		3
4	PR = "${INC_PR}.0"	4	PR = "${INC_PR}.1"
5		5
6	QT_CONFIG_FLAGS_append_armv6 = " -no-neon "	6	QT_CONFIG_FLAGS_append_armv6 = " -no-neon "
7		7


diff --git a/meta/recipes-qt/qt4/qt4-x11-free_4.6.3.bb b/meta/recipes-qt/qt4/qt4-x11-free_4.6.3.bb index 8cf5449254..9126284b2e 100644 --- a/meta/recipes-qt/qt4/qt4-x11-free_4.6.3.bb +++ b/meta/recipes-qt/qt4/qt4-x11-free_4.6.3.bb
@@ -1,6 +1,6 @@
1	require qt-${PV}.inc	1	require qt-${PV}.inc
2	require qt4-x11-free.inc	2	require qt4-x11-free.inc
3		3
4	PR = "${INC_PR}.0"	4	PR = "${INC_PR}.1"
5		5
6	QT_CONFIG_FLAGS += " -xrandr "	6	QT_CONFIG_FLAGS += " -xrandr "


diff --git a/meta/recipes-qt/qt4/qt4-x11-free_4.7.2.bb b/meta/recipes-qt/qt4/qt4-x11-free_4.7.2.bb index 359a7561d3..75c6314e7f 100644 --- a/meta/recipes-qt/qt4/qt4-x11-free_4.7.2.bb +++ b/meta/recipes-qt/qt4/qt4-x11-free_4.7.2.bb
@@ -1,7 +1,7 @@
1	require qt4-x11-free.inc	1	require qt4-x11-free.inc
2	require qt-${PV}.inc	2	require qt-${PV}.inc
3		3
4	PR = "${INC_PR}.0"	4	PR = "${INC_PR}.1"
5		5
6	QT_CONFIG_FLAGS_append_armv6 = " -no-neon "	6	QT_CONFIG_FLAGS_append_armv6 = " -no-neon "
7		7