[SCM] Qt 4 packaging branch, master, updated. debian/4.8.7+dfsg-4-2-g38396e7

Lisandro Damián Nicanor Pérez lisandro at moszumanska.debian.org
Mon Nov 30 18:04:41 UTC 2015 

Gitweb-URL: http://git.debian.org/?p=pkg-kde/qt/qt4-x11.git;a=commitdiff;h=38396e7

The following commit has been merged in the master branch:
commit 38396e7cf348378a87604d61617eb9f49135b52c
Author: Lisandro Damián Nicanor Pérez Meyer <perezmeyer at gmail.com>
Date:   Mon Nov 30 15:04:27 2015 -0300

    Do not use SSLv3 methods in Qt4
---
 debian/changelog             |  4 +++
 debian/patches/no-ssl3.patch | 66 ++++++++++++++++++++++++++++++++++++++++++++
 debian/patches/series        |  3 +-
 3 files changed, 72 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index c7d72c6..b730194 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,9 @@
 qt4-x11 (4:4.8.7+dfsg-5) UNRELEASED; urgency=medium
 
+  [ Lisandro Damián Nicanor Pérez Meyer ]
+  * Add no-ssl3.patch to avoid calling SSLv3 functions as they have been removed
+    from Debian's packaging (Closes: #806505).
+
  -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Mon, 30 Nov 2015 13:25:41 -0300
 
 qt4-x11 (4:4.8.7+dfsg-4) unstable; urgency=medium
diff --git a/debian/patches/no-ssl3.patch b/debian/patches/no-ssl3.patch
new file mode 100644
index 0000000..e418815
--- /dev/null
+++ b/debian/patches/no-ssl3.patch
@@ -0,0 +1,66 @@
+Description: Do not use SSLv3 methods in Qt4
+ This patch makes the use of SSLv3 methods optional at compile time.
+ On Debian this means they will not be used and will return a null ctx
+ if the SSLv3 method is deliberately selected.
+Author:	Jon DeVree <nuxi at vault24.org>
+Origin: other, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806505
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806505
+Forwarded: not-needed
+Reviewed-by: Lisandro Damián Nicanor Pérez Meyer <lisandro at debian.org>
+Last-Update: 2015-11-30
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+diff -Nru qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl.cpp qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl.cpp
+--- qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl.cpp	2015-05-07 10:14:44.000000000 -0400
++++ qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl.cpp	2015-11-27 20:49:36.768826857 -0500
+@@ -267,7 +267,11 @@
+ #endif
+         break;
+     case QSsl::SslV3:
++#ifndef OPENSSL_NO_SSL3_METHOD
+         ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
++#else
++        ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error
++#endif
+         break;
+     case QSsl::SecureProtocols: // SslV2 will be disabled below
+     case QSsl::TlsV1SslV3: // SslV2 will be disabled below
+diff -Nru qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl_symbols.cpp qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl_symbols.cpp
+--- qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl_symbols.cpp	2015-05-07 10:14:44.000000000 -0400
++++ qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl_symbols.cpp	2015-11-27 20:49:48.061023402 -0500
+@@ -228,13 +228,17 @@
+ #ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ #endif
++#ifndef OPENSSL_NO_SSL3_METHOD
+ DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ #ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ #endif
++#ifndef OPENSSL_NO_SSL3_METHOD
+ DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ #else
+@@ -822,13 +826,17 @@
+ #ifndef OPENSSL_NO_SSL2
+     RESOLVEFUNC(SSLv2_client_method)
+ #endif
++#ifndef OPENSSL_NO_SSL3_METHOD
+     RESOLVEFUNC(SSLv3_client_method)
++#endif
+     RESOLVEFUNC(SSLv23_client_method)
+     RESOLVEFUNC(TLSv1_client_method)
+ #ifndef OPENSSL_NO_SSL2
+     RESOLVEFUNC(SSLv2_server_method)
+ #endif
++#ifndef OPENSSL_NO_SSL3_METHOD
+     RESOLVEFUNC(SSLv3_server_method)
++#endif
+     RESOLVEFUNC(SSLv23_server_method)
+     RESOLVEFUNC(TLSv1_server_method)
+     RESOLVEFUNC(X509_NAME_entry_count)
diff --git a/debian/patches/series b/debian/patches/series
index 01417d6..123cfe7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -54,4 +54,5 @@ qtdoc-build-offline-docs.patch
 remove_addsense.patch
 parisc-atomic.patch
 QtScript_x32_config.diff
-x32.diff
+ix32.diff
+no-ssl3.patch

-- 
Qt 4 packaging

More information about the pkg-kde-commits mailing list