[SCM] Qt 4 packaging branch, master, updated. debian/4.7.3-8-16-g37e3439
Fathi Boudra
fabo at alioth.debian.org
Thu Sep 15 22:05:35 UTC 2011
The following commit has been merged in the master branch:
commit 37e3439c8fff36956935b6d5e69467b7fe3a1089
Author: Fathi Boudra <fabo at debian.org>
Date: Fri Sep 16 01:03:13 2011 +0300
Add openssl_no_ssl2.patch - OpenSSL in Debian dropped the insecure SSLv2
protocol. (Closes: #640210)
---
debian/changelog | 2 +
debian/patches/openssl_no_ssl2.patch | 129 ++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 132 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 047447c..407d9cf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,6 +17,8 @@ qt4-x11 (4:4.7.4-1) UNRELEASED; urgency=low
plugin path.
- Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
(Closes: #641738)
+ - openssl_no_ssl2.patch - OpenSSL in Debian dropped the insecure SSLv2
+ protocol. (Closes: #640210)
* Break qdbus out into a separate 'qdbus' package and make it a dependency of
libqt4-dbus, because some things will use this at runtime. It makes
libqt4-dbus genuinely multiarch-installable.
diff --git a/debian/patches/openssl_no_ssl2.patch b/debian/patches/openssl_no_ssl2.patch
new file mode 100644
index 0000000..f5d3eda
--- /dev/null
+++ b/debian/patches/openssl_no_ssl2.patch
@@ -0,0 +1,129 @@
+Description: OpenSSL in Debian dropped the insecure SSLv2 protocol. Check OPENSSL_NO_SSL2.
+Author: Fathi Boudra <fabo at debian.org>
+Bug-Debian: http://bugs.debian.org/640210
+
+---
+ src/network/ssl/qsslsocket_openssl.cpp | 4 ++++
+ src/network/ssl/qsslsocket_openssl_symbols.cpp | 16 ++++++++++++++++
+ src/network/ssl/qsslsocket_openssl_symbols_p.h | 8 ++++++++
+ 3 files changed, 28 insertions(+)
+
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -196,8 +196,10 @@ QSslCipher QSslSocketBackendPrivate::QSs
+ ciph.d->protocol = QSsl::UnknownProtocol;
+ if (protoString == QLatin1String("SSLv3"))
+ ciph.d->protocol = QSsl::SslV3;
++#ifndef OPENSSL_NO_SSL2
+ else if (protoString == QLatin1String("SSLv2"))
+ ciph.d->protocol = QSsl::SslV2;
++#endif
+ else if (protoString == QLatin1String("TLSv1"))
+ ciph.d->protocol = QSsl::TlsV1;
+
+@@ -246,9 +248,11 @@ bool QSslSocketBackendPrivate::initSslCo
+ bool reinitialized = false;
+ init_context:
+ switch (configuration.protocol) {
++#ifndef OPENSSL_NO_SSL2
+ case QSsl::SslV2:
+ ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method());
+ break;
++#endif
+ case QSsl::SslV3:
+ ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
+ break;
+--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+@@ -214,20 +214,28 @@ DEFINEFUNC(void, SSL_set_accept_state, S
+ DEFINEFUNC(void, SSL_set_connect_state, SSL *a, a, return, DUMMYARG)
+ DEFINEFUNC(int, SSL_shutdown, SSL *a, a, return -1, return)
+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ #else
++#ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
+@@ -591,11 +599,15 @@ bool q_resolveOpenSslSymbols()
+ RESOLVEFUNC(SSL_set_connect_state, 152, libs.first )
+ RESOLVEFUNC(SSL_shutdown, 173, libs.first )
+ RESOLVEFUNC(SSL_write, 188, libs.first )
++#ifndef OPENSSL_NO_SSL2
+ RESOLVEFUNC(SSLv2_client_method, 192, libs.first )
++#endif
+ RESOLVEFUNC(SSLv3_client_method, 195, libs.first )
+ RESOLVEFUNC(SSLv23_client_method, 189, libs.first )
+ RESOLVEFUNC(TLSv1_client_method, 198, libs.first )
++#ifndef OPENSSL_NO_SSL2
+ RESOLVEFUNC(SSLv2_server_method, 194, libs.first )
++#endif
+ RESOLVEFUNC(SSLv3_server_method, 197, libs.first )
+ RESOLVEFUNC(SSLv23_server_method, 191, libs.first )
+ RESOLVEFUNC(TLSv1_server_method, 200, libs.first )
+@@ -715,11 +727,15 @@ bool q_resolveOpenSslSymbols()
+ RESOLVEFUNC(SSL_set_connect_state)
+ RESOLVEFUNC(SSL_shutdown)
+ RESOLVEFUNC(SSL_write)
++#ifndef OPENSSL_NO_SSL2
+ RESOLVEFUNC(SSLv2_client_method)
++#endif
+ RESOLVEFUNC(SSLv3_client_method)
+ RESOLVEFUNC(SSLv23_client_method)
+ RESOLVEFUNC(TLSv1_client_method)
++#ifndef OPENSSL_NO_SSL2
+ RESOLVEFUNC(SSLv2_server_method)
++#endif
+ RESOLVEFUNC(SSLv3_server_method)
+ RESOLVEFUNC(SSLv23_server_method)
+ RESOLVEFUNC(TLSv1_server_method)
+--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
++++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+@@ -322,20 +322,28 @@ void q_SSL_set_accept_state(SSL *a);
+ void q_SSL_set_connect_state(SSL *a);
+ int q_SSL_shutdown(SSL *a);
+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#ifndef OPENSSL_NO_SSL2
+ const SSL_METHOD *q_SSLv2_client_method();
++#endif
+ const SSL_METHOD *q_SSLv3_client_method();
+ const SSL_METHOD *q_SSLv23_client_method();
+ const SSL_METHOD *q_TLSv1_client_method();
++#ifndef OPENSSL_NO_SSL2
+ const SSL_METHOD *q_SSLv2_server_method();
++#endif
+ const SSL_METHOD *q_SSLv3_server_method();
+ const SSL_METHOD *q_SSLv23_server_method();
+ const SSL_METHOD *q_TLSv1_server_method();
+ #else
++#ifndef OPENSSL_NO_SSL2
+ SSL_METHOD *q_SSLv2_client_method();
++#endif
+ SSL_METHOD *q_SSLv3_client_method();
+ SSL_METHOD *q_SSLv23_client_method();
+ SSL_METHOD *q_TLSv1_client_method();
++#ifndef OPENSSL_NO_SSL2
+ SSL_METHOD *q_SSLv2_server_method();
++#endif
+ SSL_METHOD *q_SSLv3_server_method();
+ SSL_METHOD *q_SSLv23_server_method();
+ SSL_METHOD *q_TLSv1_server_method();
diff --git a/debian/patches/series b/debian/patches/series
index 5594f33..2f9cbb9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -52,3 +52,4 @@ armv6_Add_support_for_ARMv7_atomic_operations.patch
qt-multiarch-plugin-path-compat.diff
s390x_jscore.diff
blacklist-diginotar-cert.diff
+openssl_no_ssl2.patch
--
Qt 4 packaging
More information about the pkg-kde-commits
mailing list