[SCM] Qt 4 packaging branch, wheezy, updated. debian/4.8.2+dfsg-9-3-gc798f37

Lisandro Damián Nicanor Pérez lisandro at alioth.debian.org
Fri Jan 18 18:59:51 UTC 2013 

Gitweb-URL: http://git.debian.org/?p=pkg-kde/qt/qt4-x11.git;a=commitdiff;h=c798f37

The following commit has been merged in the wheezy branch:
commit c798f373149896d243154cea8705ed263ce37048
Author: Lisandro Damián Nicanor Pérez Meyer <perezmeyer at gmail.com>
Date:   Fri Jan 18 15:59:22 2013 -0300

    Fix binary incompatibility between openssl versions.
---
 debian/changelog                                   |    4 +
 ..._incompatibility_between_openssl_versions.patch |   80 ++++++++++++++++++++
 debian/patches/series                              |    1 +
 3 files changed, 85 insertions(+), 0 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 09a447f..6e009a6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,10 @@ qt4-x11 (4:4.8.2+dfsg-10) UNRELEASED; urgency=medium
     miss issued certificates from Turktrust.
     - Patch taken from upstream.
     - Set urgency to medium.
+  * Add Fix_binary_incompatibility_between_openssl_versions.patch to avoid a
+    bug that would cause certificate verification problems if a different
+    version of openssl is loaded at runtime to the headers Qt was compiled
+    against (Closes: #697582).
 
  -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Fri, 18 Jan 2013 15:47:43 -0300
 
diff --git a/debian/patches/Fix_binary_incompatibility_between_openssl_versions.patch b/debian/patches/Fix_binary_incompatibility_between_openssl_versions.patch
new file mode 100644
index 0000000..af17e96
--- /dev/null
+++ b/debian/patches/Fix_binary_incompatibility_between_openssl_versions.patch
@@ -0,0 +1,80 @@
+From 9a3b663c64ee74c1efb3d85249cc0aa53f2e5358 Mon Sep 17 00:00:00 2001
+From: Shane Kearns <dbgshane at gmail.com>
+Date: Thu, 6 Dec 2012 17:03:18 +0000
+Subject: [PATCH] Fix binary incompatibility between openssl versions
+
+OpenSSL changed the layout of X509_STORE_CTX between 0.9 and 1.0
+So we have to consider this struct as private implementation, and use
+the access functions instead.
+
+This bug would cause certificate verification problems if a different
+version of openssl is loaded at runtime to the headers Qt was compiled
+against.
+
+Task-number: QTBUG-28343
+Change-Id: I47fc24336f7d9c80f08f9c8ba6debc51a5591258
+Reviewed-by: Richard J. Moore <rich at kde.org>
+(cherry picked from commit eb2688c4c4f257d0a4d978ba4bf57d6347b15252)
+---
+ src/network/ssl/qsslsocket_openssl.cpp         |    2 +-
+ src/network/ssl/qsslsocket_openssl_symbols.cpp |    8 ++++++++
+ src/network/ssl/qsslsocket_openssl_symbols_p.h |    4 ++++
+ 3 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index b7ca290..e912abac 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -236,7 +236,7 @@ static int q_X509Callback(int ok, X509_STORE_CTX *ctx)
+ {
+     if (!ok) {
+         // Store the error and at which depth the error was detected.
+-        _q_sslErrorList()->errors << qMakePair<int, int>(ctx->error, ctx->error_depth);
++        _q_sslErrorList()->errors << qMakePair<int, int>(q_X509_STORE_CTX_get_error(ctx), q_X509_STORE_CTX_get_error_depth(ctx));
+     }
+     // Always return OK to allow verification to continue. We're handle the
+     // errors gracefully after collecting all errors, after verification has
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+index 2d6a25b..2e6ccd0 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+@@ -267,6 +267,10 @@ DEFINEFUNC2(int, X509_STORE_add_cert, X509_STORE *a, a, X509 *b, b, return 0, re
+ DEFINEFUNC(void, X509_STORE_CTX_free, X509_STORE_CTX *a, a, return, DUMMYARG)
+ DEFINEFUNC4(int, X509_STORE_CTX_init, X509_STORE_CTX *a, a, X509_STORE *b, b, X509 *c, c, STACK_OF(X509) *d, d, return -1, return)
+ DEFINEFUNC2(int, X509_STORE_CTX_set_purpose, X509_STORE_CTX *a, a, int b, b, return -1, return)
++DEFINEFUNC(int, X509_STORE_CTX_get_error, X509_STORE_CTX *a, a, return -1, return)
++DEFINEFUNC(int, X509_STORE_CTX_get_error_depth, X509_STORE_CTX *a, a, return -1, return)
++DEFINEFUNC(X509 *, X509_STORE_CTX_get_current_cert, X509_STORE_CTX *a, a, return 0, return)
++DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get_chain, X509_STORE_CTX *a, a, return 0, return)
+ DEFINEFUNC(X509_STORE_CTX *, X509_STORE_CTX_new, DUMMYARG, DUMMYARG, return 0, return)
+ #ifdef SSLEAY_MACROS
+ DEFINEFUNC2(int, i2d_DSAPrivateKey, const DSA *a, a, unsigned char **b, b, return -1, return)
+@@ -832,6 +836,10 @@ bool q_resolveOpenSslSymbols()
+     RESOLVEFUNC(X509_STORE_CTX_init)
+     RESOLVEFUNC(X509_STORE_CTX_new)
+     RESOLVEFUNC(X509_STORE_CTX_set_purpose)
++    RESOLVEFUNC(X509_STORE_CTX_get_error)
++    RESOLVEFUNC(X509_STORE_CTX_get_error_depth)
++    RESOLVEFUNC(X509_STORE_CTX_get_current_cert)
++    RESOLVEFUNC(X509_STORE_CTX_get_chain)
+     RESOLVEFUNC(X509_cmp)
+ #ifndef SSLEAY_MACROS
+     RESOLVEFUNC(X509_dup)
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+index fa9a157..87f3697 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
++++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+@@ -374,6 +374,10 @@ int q_X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                           X509 *x509, STACK_OF(X509) *chain);
+ X509_STORE_CTX *q_X509_STORE_CTX_new();
+ int q_X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
++int q_X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
++int q_X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
++X509 *q_X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
++STACK_OF(X509) *q_X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+ 
+ #define q_BIO_get_mem_data(b, pp) (int)q_BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
+ #define q_BIO_pending(b) (int)q_BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
+-- 
+1.7.10.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 5a991ee..f8cac92 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,6 +9,7 @@ fix_jit_crash_on_x86_64.patch
 add_missing_map_noreserve.patch
 make_rules_for_redirect_stricter.patch
 SSL-certificates-blacklist-mis-issued-Turktrust-cert.patch
+Fix_binary_incompatibility_between_openssl_versions.patch
 
 # qt-copy patches
 0195-compositing-properties.diff

-- 
Qt 4 packaging

More information about the pkg-kde-commits mailing list