[SCM] Qt 4 packaging branch, master, updated. debian/4.8.7+dfsg-11-2-ga4f456e
Lisandro Damián Nicanor Pérez
lisandro at moszumanska.debian.org
Mon Aug 14 17:53:41 UTC 2017
Gitweb-URL: http://git.debian.org/?p=pkg-kde/qt/qt4-x11.git;a=commitdiff;h=a4f456e
The following commit has been merged in the master branch:
commit a4f456e3427239c1233b7ae782f82f1b3083016d
Author: Lisandro Damián Nicanor Pérez Meyer <perezmeyer at gmail.com>
Date: Mon Aug 14 14:52:57 2017 -0300
Add openssl_1.1.patch to let Qt4 use OpenSSL 1.1.
---
debian/changelog | 3 +
debian/patches/openssl_1.1.patch | 299 +++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 303 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 0a85f24..67d29e3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,8 @@
qt4-x11 (4:4.8.7+dfsg-12) UNRELEASED; urgency=medium
+ [ Lisandro Damián Nicanor Pérez Meyer ]
+ * Add openssl_1.1.patch to let Qt4 use OpenSSL 1.1 (Closes: #828522).
+
-- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Mon, 14 Aug 2017 14:48:26 -0300
qt4-x11 (4:4.8.7+dfsg-11) unstable; urgency=medium
diff --git a/debian/patches/openssl_1.1.patch b/debian/patches/openssl_1.1.patch
new file mode 100644
index 0000000..9137c69
--- /dev/null
+++ b/debian/patches/openssl_1.1.patch
@@ -0,0 +1,299 @@
+Description: Compile with openssl-1.1.0
+ * Most changes are related to openssl structures are now opaque.
+ * The network/ssl threading setup has been disabled because the
+ old openssl threading model has been removed and is apparently
+ no longer needed.
+ * A number of new functions had to be imported (see changes to
+ src/network/ssl/qsslsocket_openssl_symbols.cpp)
+Author: Gert Wollny <gw.fossdev at gmail.com>
+Last-Update: 2016-06-28
+Bug-Debian: http://bugs.debian.org/828522
+
+--- a/src/network/ssl/qsslcertificate.cpp
++++ b/src/network/ssl/qsslcertificate.cpp
+@@ -259,10 +259,10 @@
+ QByteArray QSslCertificate::version() const
+ {
+ QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
+- if (d->versionString.isEmpty() && d->x509)
++ if (d->versionString.isEmpty() && d->x509) {
+ d->versionString =
+- QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
+-
++ QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1);
++ }
+ return d->versionString;
+ }
+
+@@ -276,7 +276,7 @@
+ {
+ QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
+ if (d->serialNumberString.isEmpty() && d->x509) {
+- ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
++ ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509);
+ // if we cannot convert to a long, just output the hexadecimal number
+ if (serialNumber->length > 4) {
+ QByteArray hexString;
+@@ -489,24 +489,33 @@
+ QSslKey key;
+
+ key.d->type = QSsl::PublicKey;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ X509_PUBKEY *xkey = d->x509->cert_info->key;
++#else
++ X509_PUBKEY *xkey = q_X509_get_X509_PUBKEY(d->x509);
++#endif
+ EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);
+ Q_ASSERT(pkey);
+
+- if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {
++ int key_id;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ key_id = q_EVP_PKEY_type(pkey->type);
++#else
++ key_id = q_EVP_PKEY_base_id(pkey);
++#endif
++ if (key_id == EVP_PKEY_RSA) {
+ key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);
+ key.d->algorithm = QSsl::Rsa;
+ key.d->isNull = false;
+- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
++ } else if (key_id == EVP_PKEY_DSA) {
+ key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);
+ key.d->algorithm = QSsl::Dsa;
+ key.d->isNull = false;
+- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {
++ } else if (key_id == EVP_PKEY_DH) {
+ // DH unsupported
+ } else {
+ // error?
+ }
+-
+ q_EVP_PKEY_free(pkey);
+ return key;
+ }
+--- a/src/network/ssl/qsslkey.cpp
++++ b/src/network/ssl/qsslkey.cpp
+@@ -321,8 +321,19 @@
+ {
+ if (d->isNull)
+ return -1;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ return (d->algorithm == QSsl::Rsa)
+ ? q_BN_num_bits(d->rsa->n) : q_BN_num_bits(d->dsa->p);
++#else
++ if (d->algorithm == QSsl::Rsa) {
++ return q_RSA_bits(d->rsa);
++ }else{
++ BIGNUM *p = NULL;
++ q_DSA_get0_pqg(d->dsa, &p, NULL, NULL);
++ return q_BN_num_bits(p);
++ }
++#endif
++
+ }
+
+ /*!
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -93,6 +93,7 @@
+ bool QSslSocketPrivate::s_loadedCiphersAndCerts = false;
+ bool QSslSocketPrivate::s_loadRootCertsOnDemand = false;
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ /* \internal
+
+ From OpenSSL's thread(3) manual page:
+@@ -174,6 +175,8 @@
+ }
+ } // extern "C"
+
++#endif //OPENSSL_VERSION_NUMBER >= 0x10100000L
++
+ QSslSocketBackendPrivate::QSslSocketBackendPrivate()
+ : ssl(0),
+ ctx(0),
+@@ -222,9 +225,12 @@
+ ciph.d->encryptionMethod = descriptionList.at(4).mid(4);
+ ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export"));
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ ciph.d->bits = cipher->strength_bits;
+ ciph.d->supportedBits = cipher->alg_bits;
+-
++#else
++ ciph.d->bits = q_SSL_CIPHER_get_bits(cipher, &ciph.d->supportedBits);
++#endif
+ }
+ return ciph;
+ }
+@@ -367,7 +373,7 @@
+ //
+ // See also: QSslContext::fromConfiguration()
+ if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) {
+- q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle());
++ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509 *)caCertificate.handle());
+ }
+ }
+
+@@ -504,8 +510,10 @@
+ */
+ void QSslSocketPrivate::deinitialize()
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ q_CRYPTO_set_id_callback(0);
+ q_CRYPTO_set_locking_callback(0);
++#endif
+ }
+
+ /*!
+@@ -526,13 +534,17 @@
+ return false;
+
+ // Check if the library itself needs to be initialized.
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ QMutexLocker locker(openssl_locks()->initLock());
++#endif
+ if (!s_libraryLoaded) {
+ s_libraryLoaded = true;
+
+ // Initialize OpenSSL.
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ q_CRYPTO_set_id_callback(id_function);
+ q_CRYPTO_set_locking_callback(locking_function);
++#endif
+ if (q_SSL_library_init() != 1)
+ return false;
+ q_SSL_load_error_strings();
+@@ -571,7 +583,9 @@
+
+ void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
+ {
+- QMutexLocker locker(openssl_locks()->initLock());
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ QMutexLocker locker(openssl_locks()->initLock());
++#endif
+ if (s_loadedCiphersAndCerts)
+ return;
+ s_loadedCiphersAndCerts = true;
+@@ -663,13 +677,18 @@
+ STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl);
+ for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) {
+ if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
+- if (cipher->valid) {
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ if (cipher->valid) {
++#endif
+ QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
+ if (!ciph.isNull()) {
+ if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
+ ciphers << ciph;
+ }
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ }
++#endif
+ }
+ }
+
+--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
++++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+@@ -399,7 +399,25 @@
+ PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\
+ bp,(char *)x,enc,kstr,klen,cb,u)
+ #endif
++
++X509_STORE * q_SSL_CTX_get_cert_store(const SSL_CTX *ctx);
++ASN1_INTEGER * q_X509_get_serialNumber(X509 *x);
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
++#define q_X509_get_version(x) X509_get_version(x)
++#else
++int q_EVP_PKEY_id(const EVP_PKEY *pkey);
++int q_EVP_PKEY_base_id(const EVP_PKEY *pkey);
++int q_SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
++long q_SSL_CTX_set_options(SSL_CTX *ctx, long options);
++long q_X509_get_version(X509 *x);
++X509_PUBKEY * q_X509_get_X509_PUBKEY(X509 *x);
++int q_RSA_bits(const RSA *rsa);
++int q_DSA_security_bits(const DSA *dsa);
++void q_DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g);
++#endif
++
+ #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
+ #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
+ #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st))
+@@ -410,8 +428,15 @@
+ #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i))
+ #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \
+ q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #define q_X509_get_notAfter(x) X509_get_notAfter(x)
+ #define q_X509_get_notBefore(x) X509_get_notBefore(x)
++#else
++ASN1_TIME *q_X509_get_notAfter(X509 *x);
++ASN1_TIME *q_X509_get_notBefore(X509 *x);
++#endif
++
+ #define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
+ (char *)(rsa))
+ #define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
+--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+@@ -290,6 +290,22 @@
+ DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG)
+ DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return)
+ DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return)
++DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *ctx, ctx, return 0, return)
++
++DEFINEFUNC(ASN1_INTEGER *, X509_get_serialNumber, X509 *x, x, return 0, return)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++DEFINEFUNC(int, EVP_PKEY_id, const EVP_PKEY *pkey, pkey, return 0, return)
++DEFINEFUNC(int, EVP_PKEY_base_id, const EVP_PKEY *pkey, pkey, return 0, return)
++DEFINEFUNC2(int, SSL_CIPHER_get_bits, const SSL_CIPHER *cipher, cipher, int *alg_bits, alg_bits, return 0, return)
++DEFINEFUNC2(long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, long options, options, return 0, return)
++DEFINEFUNC(long, X509_get_version, X509 *x, x, return 0, return)
++DEFINEFUNC(X509_PUBKEY *, X509_get_X509_PUBKEY, X509 *x, x, return 0, return)
++DEFINEFUNC(int, RSA_bits, const RSA *rsa, rsa, return 0, return)
++DEFINEFUNC(int, DSA_security_bits, const DSA *dsa, dsa, return 0, return)
++DEFINEFUNC(ASN1_TIME *, X509_get_notAfter, X509 *x, x, return 0, return)
++DEFINEFUNC(ASN1_TIME *, X509_get_notBefore, X509 *x, x, return 0, return)
++DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, BIGNUM **p, p, BIGNUM **q, q, BIGNUM **g, g, return, return)
++#endif
+
+ #ifdef Q_OS_SYMBIAN
+ #define RESOLVEFUNC(func, ordinal, lib) \
+@@ -801,6 +817,7 @@
+ RESOLVEFUNC(SSL_CTX_use_PrivateKey)
+ RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
+ RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
++ RESOLVEFUNC(SSL_CTX_get_cert_store)
+ RESOLVEFUNC(SSL_accept)
+ RESOLVEFUNC(SSL_clear)
+ RESOLVEFUNC(SSL_connect)
+@@ -823,6 +840,23 @@
+ RESOLVEFUNC(SSL_set_connect_state)
+ RESOLVEFUNC(SSL_shutdown)
+ RESOLVEFUNC(SSL_write)
++
++ RESOLVEFUNC(X509_get_serialNumber)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ RESOLVEFUNC(SSL_CTX_ctrl)
++ RESOLVEFUNC(EVP_PKEY_id)
++ RESOLVEFUNC(EVP_PKEY_base_id)
++ RESOLVEFUNC(SSL_CIPHER_get_bits)
++ RESOLVEFUNC(SSL_CTX_set_options)
++ RESOLVEFUNC(X509_get_version)
++ RESOLVEFUNC(X509_get_X509_PUBKEY)
++ RESOLVEFUNC(RSA_bits)
++ RESOLVEFUNC(DSA_security_bits)
++ RESOLVEFUNC(DSA_get0_pqg)
++ RESOLVEFUNC(X509_get_notAfter)
++ RESOLVEFUNC(X509_get_notBefore)
++#endif
++
+ #ifndef OPENSSL_NO_SSL2
+ RESOLVEFUNC(SSLv2_client_method)
+ #endif
diff --git a/debian/patches/series b/debian/patches/series
index 4858f9e..bc3b5e5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -63,3 +63,4 @@ no-ssl3.patch
qt-everywhere-opensource-src-4.8.7-gcc6.patch
add-mate-support.patch
add-lxde-support.patch
+openssl_1.1.patch
--
Qt 4 packaging
More information about the pkg-kde-commits
mailing list