[SCM] Qt 4 packaging branch, master, updated. debian/4.8.7+dfsg-4-2-g38396e7
Lisandro Damián Nicanor Pérez
lisandro at moszumanska.debian.org
Mon Nov 30 18:04:41 UTC 2015
Gitweb-URL: http://git.debian.org/?p=pkg-kde/qt/qt4-x11.git;a=commitdiff;h=38396e7
The following commit has been merged in the master branch:
commit 38396e7cf348378a87604d61617eb9f49135b52c
Author: Lisandro Damián Nicanor Pérez Meyer <perezmeyer at gmail.com>
Date: Mon Nov 30 15:04:27 2015 -0300
Do not use SSLv3 methods in Qt4
---
debian/changelog | 4 +++
debian/patches/no-ssl3.patch | 66 ++++++++++++++++++++++++++++++++++++++++++++
debian/patches/series | 3 +-
3 files changed, 72 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index c7d72c6..b730194 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,9 @@
qt4-x11 (4:4.8.7+dfsg-5) UNRELEASED; urgency=medium
+ [ Lisandro Damián Nicanor Pérez Meyer ]
+ * Add no-ssl3.patch to avoid calling SSLv3 functions as they have been removed
+ from Debian's packaging (Closes: #806505).
+
-- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Mon, 30 Nov 2015 13:25:41 -0300
qt4-x11 (4:4.8.7+dfsg-4) unstable; urgency=medium
diff --git a/debian/patches/no-ssl3.patch b/debian/patches/no-ssl3.patch
new file mode 100644
index 0000000..e418815
--- /dev/null
+++ b/debian/patches/no-ssl3.patch
@@ -0,0 +1,66 @@
+Description: Do not use SSLv3 methods in Qt4
+ This patch makes the use of SSLv3 methods optional at compile time.
+ On Debian this means they will not be used and will return a null ctx
+ if the SSLv3 method is deliberately selected.
+Author: Jon DeVree <nuxi at vault24.org>
+Origin: other, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806505
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806505
+Forwarded: not-needed
+Reviewed-by: Lisandro Damián Nicanor Pérez Meyer <lisandro at debian.org>
+Last-Update: 2015-11-30
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+diff -Nru qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl.cpp qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl.cpp
+--- qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl.cpp 2015-05-07 10:14:44.000000000 -0400
++++ qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl.cpp 2015-11-27 20:49:36.768826857 -0500
+@@ -267,7 +267,11 @@
+ #endif
+ break;
+ case QSsl::SslV3:
++#ifndef OPENSSL_NO_SSL3_METHOD
+ ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
++#else
++ ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error
++#endif
+ break;
+ case QSsl::SecureProtocols: // SslV2 will be disabled below
+ case QSsl::TlsV1SslV3: // SslV2 will be disabled below
+diff -Nru qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl_symbols.cpp qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl_symbols.cpp
+--- qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl_symbols.cpp 2015-05-07 10:14:44.000000000 -0400
++++ qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl_symbols.cpp 2015-11-27 20:49:48.061023402 -0500
+@@ -228,13 +228,17 @@
+ #ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ #endif
++#ifndef OPENSSL_NO_SSL3_METHOD
+ DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ #ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ #endif
++#ifndef OPENSSL_NO_SSL3_METHOD
+ DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ #else
+@@ -822,13 +826,17 @@
+ #ifndef OPENSSL_NO_SSL2
+ RESOLVEFUNC(SSLv2_client_method)
+ #endif
++#ifndef OPENSSL_NO_SSL3_METHOD
+ RESOLVEFUNC(SSLv3_client_method)
++#endif
+ RESOLVEFUNC(SSLv23_client_method)
+ RESOLVEFUNC(TLSv1_client_method)
+ #ifndef OPENSSL_NO_SSL2
+ RESOLVEFUNC(SSLv2_server_method)
+ #endif
++#ifndef OPENSSL_NO_SSL3_METHOD
+ RESOLVEFUNC(SSLv3_server_method)
++#endif
+ RESOLVEFUNC(SSLv23_server_method)
+ RESOLVEFUNC(TLSv1_server_method)
+ RESOLVEFUNC(X509_NAME_entry_count)
diff --git a/debian/patches/series b/debian/patches/series
index 01417d6..123cfe7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -54,4 +54,5 @@ qtdoc-build-offline-docs.patch
remove_addsense.patch
parisc-atomic.patch
QtScript_x32_config.diff
-x32.diff
+ix32.diff
+no-ssl3.patch
--
Qt 4 packaging
More information about the pkg-kde-commits
mailing list