[Pkg-owncloud-commits] [owncloud-client] 414/484: Add more Qt patches
Sandro Knauß
hefee-guest at moszumanska.debian.org
Wed Dec 16 00:38:14 UTC 2015
This is an automated email from the git hooks/post-receive script.
hefee-guest pushed a commit to branch master
in repository owncloud-client.
commit 60a51f808525d426126c54b2c6e1d5007b75c9fd
Author: Daniel Molkentin <danimo at owncloud.com>
Date: Wed Nov 25 10:40:13 2015 +0100
Add more Qt patches
---
...-TlsV1_0OrLater-TlsV1_1OrLater-and-TlsV1_.patch | 38 +++
...cy-platform-code-in-QSslSocket-for-OS-X-1.patch | 152 +++++++++++
...t-evaluate-CAs-in-all-keychain-categories.patch | 284 +++++++++++++++++++++
admin/qt/patches/README.md | 7 +-
4 files changed, 480 insertions(+), 1 deletion(-)
diff --git a/admin/qt/patches/0014-Fix-SNI-for-TlsV1_0OrLater-TlsV1_1OrLater-and-TlsV1_.patch b/admin/qt/patches/0014-Fix-SNI-for-TlsV1_0OrLater-TlsV1_1OrLater-and-TlsV1_.patch
new file mode 100644
index 0000000..b58bacd
--- /dev/null
+++ b/admin/qt/patches/0014-Fix-SNI-for-TlsV1_0OrLater-TlsV1_1OrLater-and-TlsV1_.patch
@@ -0,0 +1,38 @@
+From 0d3c8feeeb3c49d01bcfbca63b672e20ab29aa9f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= <aklitzing at gmail.com>
+Date: Thu, 30 Jul 2015 10:08:36 +0200
+Subject: [PATCH] Fix SNI for TlsV1_0OrLater, TlsV1_1OrLater and TlsV1_2OrLater
+
+Since SslV3, SslV2 and UnknownProtocol do not support it we can
+invert the IF clause here.
+
+Change-Id: I42e942337d01f3a8c97885b268bffa568e40d335
+Task-number: QTBUG-47528
+Reviewed-by: Mikkel Krautz <mikkel at krautz.dk>
+Reviewed-by: Richard J. Moore <rich at kde.org>
+---
+ src/network/ssl/qsslsocket_openssl.cpp | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index 049666b..bc1df81 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -377,12 +377,9 @@ bool QSslSocketBackendPrivate::initSslContext()
+ return false;
+ }
+
+- if ((configuration.protocol == QSsl::TlsV1SslV3 ||
+- configuration.protocol == QSsl::TlsV1_0 ||
+- configuration.protocol == QSsl::TlsV1_1 ||
+- configuration.protocol == QSsl::TlsV1_2 ||
+- configuration.protocol == QSsl::SecureProtocols ||
+- configuration.protocol == QSsl::AnyProtocol) &&
++ if (configuration.protocol != QSsl::SslV2 &&
++ configuration.protocol != QSsl::SslV3 &&
++ configuration.protocol != QSsl::UnknownProtocol &&
+ mode == QSslSocket::SslClientMode && q_SSLeay() >= 0x00090806fL) {
+ // Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format.
+ QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName;
+--
+1.9.1
diff --git a/admin/qt/patches/0015-Remove-legacy-platform-code-in-QSslSocket-for-OS-X-1.patch b/admin/qt/patches/0015-Remove-legacy-platform-code-in-QSslSocket-for-OS-X-1.patch
new file mode 100644
index 0000000..d4e707e
--- /dev/null
+++ b/admin/qt/patches/0015-Remove-legacy-platform-code-in-QSslSocket-for-OS-X-1.patch
@@ -0,0 +1,152 @@
+From aeac76810efc01a94a9102fc8da88c6b9257703a Mon Sep 17 00:00:00 2001
+From: Daniel Molkentin <daniel at molkentin.de>
+Date: Mon, 16 Nov 2015 15:02:37 +0100
+Subject: [PATCH 1/2] Remove legacy platform code in QSslSocket for OS X < 10.5
+
+This avoids manual symbol lookups and makes the code more readable.
+Mark identical code.
+
+Also use smart pointers instead of manual memory management.
+
+(Backport of d42d7781f1cd62c3c7c008859507f24a1ff5bb2a to Qt 5.4)
+
+Change-Id: I62820313dce87de6623cdc87b6e1361200ed7822
+Reviewed-by: Markus Goetz (Woboq GmbH) <markus at woboq.com>
+
+Conflicts:
+ src/network/ssl/qsslsocket_openssl.cpp
+---
+ src/network/ssl/qsslsocket_openssl.cpp | 83 +++++++++++-----------------------
+ src/network/ssl/qsslsocket_p.h | 6 +--
+ 2 files changed, 28 insertions(+), 61 deletions(-)
+
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index 13fc534..9d13301 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -69,14 +69,19 @@
+ #include <QtCore/qvarlengtharray.h>
+ #include <QLibrary> // for loading the security lib for the CA store
+
++#include <string.h>
++
++#ifdef Q_OS_DARWIN
++# include <private/qcore_mac_p.h>
++#endif
++
++#ifdef Q_OS_OSX
++# include <Security/Security.h>
++#endif
++
+ QT_BEGIN_NAMESPACE
+
+-#if defined(Q_OS_MACX)
+-#define kSecTrustSettingsDomainSystem 2 // so we do not need to include the header file
+- PtrSecCertificateCopyData QSslSocketPrivate::ptrSecCertificateCopyData = 0;
+- PtrSecTrustSettingsCopyCertificates QSslSocketPrivate::ptrSecTrustSettingsCopyCertificates = 0;
+- PtrSecTrustCopyAnchorCertificates QSslSocketPrivate::ptrSecTrustCopyAnchorCertificates = 0;
+-#elif defined(Q_OS_WIN)
++#if defined(Q_OS_WIN)
+ PtrCertOpenSystemStoreW QSslSocketPrivate::ptrCertOpenSystemStoreW = 0;
+ PtrCertFindCertificateInStore QSslSocketPrivate::ptrCertFindCertificateInStore = 0;
+ PtrCertCloseStore QSslSocketPrivate::ptrCertCloseStore = 0;
+@@ -482,23 +487,7 @@ void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
+
+ #ifndef QT_NO_LIBRARY
+ //load symbols needed to receive certificates from system store
+-#if defined(Q_OS_MACX)
+- QLibrary securityLib("/System/Library/Frameworks/Security.framework/Versions/Current/Security");
+- if (securityLib.load()) {
+- ptrSecCertificateCopyData = (PtrSecCertificateCopyData) securityLib.resolve("SecCertificateCopyData");
+- if (!ptrSecCertificateCopyData)
+- qWarning("could not resolve symbols in security library"); // should never happen
+-
+- ptrSecTrustSettingsCopyCertificates = (PtrSecTrustSettingsCopyCertificates) securityLib.resolve("SecTrustSettingsCopyCertificates");
+- if (!ptrSecTrustSettingsCopyCertificates) { // method was introduced in Leopard, use legacy method if it's not there
+- ptrSecTrustCopyAnchorCertificates = (PtrSecTrustCopyAnchorCertificates) securityLib.resolve("SecTrustCopyAnchorCertificates");
+- if (!ptrSecTrustCopyAnchorCertificates)
+- qWarning("could not resolve symbols in security library"); // should never happen
+- }
+- } else {
+- qWarning("could not load security library");
+- }
+-#elif defined(Q_OS_WIN)
++#if defined(Q_OS_WIN)
+ HINSTANCE hLib = LoadLibraryW(L"Crypt32");
+ if (hLib) {
+ #if defined(Q_OS_WINCE)
+@@ -635,40 +624,22 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
+ timer.start();
+ #endif
+ QList<QSslCertificate> systemCerts;
+-#if defined(Q_OS_MACX)
+- CFArrayRef cfCerts;
+- OSStatus status = 1;
+-
+- CFDataRef SecCertificateCopyData (
+- SecCertificateRef certificate
+- );
+-
+- if (ptrSecCertificateCopyData) {
+- if (ptrSecTrustSettingsCopyCertificates)
+- status = ptrSecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts);
+- else if (ptrSecTrustCopyAnchorCertificates)
+- status = ptrSecTrustCopyAnchorCertificates(&cfCerts);
+- if (!status) {
+- CFIndex size = CFArrayGetCount(cfCerts);
+- for (CFIndex i = 0; i < size; ++i) {
+- SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
+- CFDataRef data;
+-
+- data = ptrSecCertificateCopyData(cfCert);
+-
+- if (data == NULL) {
+- qWarning("error retrieving a CA certificate from the system store");
+- } else {
+- QByteArray rawCert = QByteArray::fromRawData((const char *)CFDataGetBytePtr(data), CFDataGetLength(data));
+- systemCerts.append(QSslCertificate::fromData(rawCert, QSsl::Der));
+- CFRelease(data);
+- }
++ // note: also check implementation in openssl_mac.cpp
++#if defined(Q_OS_OSX)
++ // SecTrustSettingsCopyCertificates is not defined on iOS.
++ QCFType<CFArrayRef> cfCerts;
++
++ OSStatus status = SecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts);
++ if (status == noErr ) {
++ const CFIndex size = CFArrayGetCount(cfCerts);
++ for (CFIndex i = 0; i < size; ++i) {
++ SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
++ QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert);
++ if (derData == NULL) {
++ qCWarning(lcSsl, "error retrieving a CA certificate from the system store");
++ } else {
++ systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der);
+ }
+- CFRelease(cfCerts);
+- }
+- else {
+- // no detailed error handling here
+- qWarning("could not retrieve system CA certificates");
+ }
+ }
+ #elif defined(Q_OS_WIN)
+diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
+index 6e7a2c5..c1a6f05 100644
+--- a/src/network/ssl/qsslsocket_p.h
++++ b/src/network/ssl/qsslsocket_p.h
+@@ -145,11 +145,7 @@ public:
+ static bool isMatchingHostname(const QSslCertificate &cert, const QString &peerName);
+ Q_AUTOTEST_EXPORT static bool isMatchingHostname(const QString &cn, const QString &hostname);
+
+-#if defined(Q_OS_MACX)
+- static PtrSecCertificateCopyData ptrSecCertificateCopyData;
+- static PtrSecTrustSettingsCopyCertificates ptrSecTrustSettingsCopyCertificates;
+- static PtrSecTrustCopyAnchorCertificates ptrSecTrustCopyAnchorCertificates;
+-#elif defined(Q_OS_WIN) && !defined(Q_OS_WINRT)
++#if defined(Q_OS_WIN) && !defined(Q_OS_WINRT)
+ static PtrCertOpenSystemStoreW ptrCertOpenSystemStoreW;
+ static PtrCertFindCertificateInStore ptrCertFindCertificateInStore;
+ static PtrCertCloseStore ptrCertCloseStore;
+--
+1.9.1
diff --git a/admin/qt/patches/0016-QSslSocket-evaluate-CAs-in-all-keychain-categories.patch b/admin/qt/patches/0016-QSslSocket-evaluate-CAs-in-all-keychain-categories.patch
new file mode 100644
index 0000000..3aa9e9c
--- /dev/null
+++ b/admin/qt/patches/0016-QSslSocket-evaluate-CAs-in-all-keychain-categories.patch
@@ -0,0 +1,284 @@
+From ff10adae4d0e0c1158a2ec582154ce00fbcf10e8 Mon Sep 17 00:00:00 2001
+From: Daniel Molkentin <daniel at molkentin.de>
+Date: Mon, 16 Nov 2015 15:06:15 +0100
+Subject: [PATCH 2/2] QSslSocket: evaluate CAs in all keychain categories
+
+This will make sure that certs in the domainUser (login),
+and domainAdmin (per machine) keychain are being picked up
+in systemCaCertificates() in addition to the (usually immutable)
+DomainSystem keychain.
+
+Also consider the trust settings on OS X: If a certificate
+is either fully trusted or trusted for the purpose of SSL,
+it will be accepted.
+
+[ChangeLog][Platform Specific Changes] OS X now accepts trusted
+ certificates from the login and system keychains.
+
+(Backport of fe3a84138e266c425f11353f7d8dc28a588af89e to Qt 5.4)
+
+Task-number: QTBUG-32898
+Change-Id: Ia23083d5af74388eeee31ba07239735cbbe64368
+Reviewed-by: Markus Goetz (Woboq GmbH) <markus at woboq.com>
+
+Conflicts:
+ src/network/ssl/qsslsocket_mac.cpp
+ src/network/ssl/qsslsocket_openssl.cpp
+ src/network/ssl/ssl.pri
+---
+ src/network/ssl/qsslsocket.cpp | 4 +
+ src/network/ssl/qsslsocket_mac_shared.cpp | 149 ++++++++++++++++++++++++++++++
+ src/network/ssl/qsslsocket_openssl.cpp | 30 +-----
+ src/network/ssl/ssl.pri | 4 +-
+ 4 files changed, 159 insertions(+), 28 deletions(-)
+ create mode 100644 src/network/ssl/qsslsocket_mac_shared.cpp
+
+diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
+index 8887f47..6347c20 100644
+--- a/src/network/ssl/qsslsocket.cpp
++++ b/src/network/ssl/qsslsocket.cpp
+@@ -1446,6 +1446,10 @@ QList<QSslCertificate> QSslSocket::defaultCaCertificates()
+ returned by defaultCaCertificates(). You can replace that database
+ with your own with setDefaultCaCertificates().
+
++ \note: On OS X, only certificates that are either trusted for all
++ purposes or trusted for the purpose of SSL in the keychain will be
++ returned.
++
+ \sa caCertificates(), defaultCaCertificates(), setDefaultCaCertificates()
+ */
+ QList<QSslCertificate> QSslSocket::systemCaCertificates()
+diff --git a/src/network/ssl/qsslsocket_mac_shared.cpp b/src/network/ssl/qsslsocket_mac_shared.cpp
+new file mode 100644
+index 0000000..b9ffd51
+--- /dev/null
++++ b/src/network/ssl/qsslsocket_mac_shared.cpp
+@@ -0,0 +1,149 @@
++/****************************************************************************
++**
++** Copyright (C) 2015 The Qt Company Ltd.
++** Copyright (C) 2015 ownCloud Inc
++** Contact: http://www.qt.io/licensing/
++**
++** This file is part of the QtNetwork module of the Qt Toolkit.
++**
++** $QT_BEGIN_LICENSE:LGPL21$
++** Commercial License Usage
++** Licensees holding valid commercial Qt licenses may use this file in
++** accordance with the commercial license agreement provided with the
++** Software or, alternatively, in accordance with the terms contained in
++** a written agreement between you and The Qt Company. For licensing terms
++** and conditions see http://www.qt.io/terms-conditions. For further
++** information use the contact form at http://www.qt.io/contact-us.
++**
++** GNU Lesser General Public License Usage
++** Alternatively, this file may be used under the terms of the GNU Lesser
++** General Public License version 2.1 or version 3 as published by the Free
++** Software Foundation and appearing in the file LICENSE.LGPLv21 and
++** LICENSE.LGPLv3 included in the packaging of this file. Please review the
++** following information to ensure the GNU Lesser General Public License
++** requirements will be met: https://www.gnu.org/licenses/lgpl.html and
++** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
++**
++** As a special exception, The Qt Company gives you certain additional
++** rights. These rights are described in The Qt Company LGPL Exception
++** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
++**
++** $QT_END_LICENSE$
++**
++****************************************************************************/
++
++//#define QSSLSOCKET_DEBUG
++//#define QT_DECRYPT_SSL_TRAFFIC
++
++#include "qssl_p.h"
++#include "qsslsocket.h"
++
++#ifndef QT_NO_OPENSSL
++# include "qsslsocket_openssl_p.h"
++# include "qsslsocket_openssl_symbols_p.h"
++#endif
++
++#include "qsslcertificate_p.h"
++
++#ifdef Q_OS_DARWIN
++# include <private/qcore_mac_p.h>
++#endif
++
++#include <QtCore/qdebug.h>
++
++#ifdef Q_OS_OSX
++# include <Security/Security.h>
++#endif
++
++
++QT_BEGIN_NAMESPACE
++
++#ifdef Q_OS_OSX
++namespace {
++
++bool hasTrustedSslServerPolicy(SecPolicyRef policy, CFDictionaryRef props) {
++ QCFType<CFDictionaryRef> policyProps = SecPolicyCopyProperties(policy);
++ // only accept certificates with policies for SSL server validation for now
++ if (CFEqual(CFDictionaryGetValue(policyProps, kSecPolicyOid), kSecPolicyAppleSSL)) {
++ CFBooleanRef policyClient;
++ if (CFDictionaryGetValueIfPresent(policyProps, kSecPolicyClient, reinterpret_cast<const void**>(&policyClient)) &&
++ CFEqual(policyClient, kCFBooleanTrue)) {
++ return false; // no client certs
++ }
++ if (!CFDictionaryContainsKey(props, kSecTrustSettingsResult)) {
++ // as per the docs, no trust settings result implies full trust
++ return true;
++ }
++ CFNumberRef number = static_cast<CFNumberRef>(CFDictionaryGetValue(props, kSecTrustSettingsResult));
++ SecTrustSettingsResult settingsResult;
++ CFNumberGetValue(number, kCFNumberSInt32Type, &settingsResult);
++ switch (settingsResult) {
++ case kSecTrustSettingsResultTrustRoot:
++ case kSecTrustSettingsResultTrustAsRoot:
++ return true;
++ default:
++ return false;
++ }
++ }
++ return false;
++}
++
++bool isCaCertificateTrusted(SecCertificateRef cfCert, int domain)
++{
++ QCFType<CFArrayRef> cfTrustSettings;
++ OSStatus status = SecTrustSettingsCopyTrustSettings(cfCert, domain, &cfTrustSettings);
++ if (status == noErr) {
++ CFIndex size = CFArrayGetCount(cfTrustSettings);
++ // if empty, trust for everything (as per the Security Framework documentation)
++ if (size == 0) {
++ return true;
++ } else {
++ for (CFIndex i = 0; i < size; ++i) {
++ CFDictionaryRef props = static_cast<CFDictionaryRef>(CFArrayGetValueAtIndex(cfTrustSettings, i));
++ if (CFDictionaryContainsKey(props, kSecTrustSettingsPolicy)) {
++ if (hasTrustedSslServerPolicy((SecPolicyRef)CFDictionaryGetValue(props, kSecTrustSettingsPolicy), props))
++ return true;
++ }
++ }
++ }
++ } else {
++ qCWarning(lcSsl, "Error receiving trust for a CA certificate");
++ }
++ return false;
++}
++
++} // anon namespace
++#endif // Q_OS_OSX
++
++QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
++{
++ ensureInitialized();
++
++ QList<QSslCertificate> systemCerts;
++ // SecTrustSettingsCopyCertificates is not defined on iOS.
++#ifdef Q_OS_OSX
++ QCFType<CFArrayRef> cfCerts;
++ // iterate through all enum members, order:
++ // kSecTrustSettingsDomainUser, kSecTrustSettingsDomainAdmin, kSecTrustSettingsDomainSystem
++ for (int dom = kSecTrustSettingsDomainUser; dom <= kSecTrustSettingsDomainSystem; dom++) {
++ OSStatus status = SecTrustSettingsCopyCertificates(dom, &cfCerts);
++ if (status == noErr) {
++ const CFIndex size = CFArrayGetCount(cfCerts);
++ for (CFIndex i = 0; i < size; ++i) {
++ SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
++ QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert);
++ if (::isCaCertificateTrusted(cfCert, dom)) {
++ if (derData == NULL) {
++ qCWarning(lcSsl, "Error retrieving a CA certificate from the system store");
++ } else {
++ systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der);
++ }
++ }
++ }
++ }
++ }
++#endif
++ return systemCerts;
++}
++
++QT_END_NAMESPACE
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index 9d13301..7415e32 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -71,14 +71,6 @@
+
+ #include <string.h>
+
+-#ifdef Q_OS_DARWIN
+-# include <private/qcore_mac_p.h>
+-#endif
+-
+-#ifdef Q_OS_OSX
+-# include <Security/Security.h>
+-#endif
+-
+ QT_BEGIN_NAMESPACE
+
+ #if defined(Q_OS_WIN)
+@@ -616,6 +608,7 @@ void QSslSocketPrivate::resetDefaultCiphers()
+ setDefaultCiphers(defaultCiphers);
+ }
+
++#ifndef Q_OS_DARWIN // Apple implementation in qsslsocket_mac_shared.cpp
+ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
+ {
+ ensureInitialized();
+@@ -624,25 +617,7 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
+ timer.start();
+ #endif
+ QList<QSslCertificate> systemCerts;
+- // note: also check implementation in openssl_mac.cpp
+-#if defined(Q_OS_OSX)
+- // SecTrustSettingsCopyCertificates is not defined on iOS.
+- QCFType<CFArrayRef> cfCerts;
+-
+- OSStatus status = SecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts);
+- if (status == noErr ) {
+- const CFIndex size = CFArrayGetCount(cfCerts);
+- for (CFIndex i = 0; i < size; ++i) {
+- SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
+- QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert);
+- if (derData == NULL) {
+- qCWarning(lcSsl, "error retrieving a CA certificate from the system store");
+- } else {
+- systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der);
+- }
+- }
+- }
+-#elif defined(Q_OS_WIN)
++#if defined(Q_OS_WIN)
+ if (ptrCertOpenSystemStoreW && ptrCertFindCertificateInStore && ptrCertCloseStore) {
+ HCERTSTORE hSystemStore;
+ #if defined(Q_OS_WINCE)
+@@ -719,6 +694,7 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
+
+ return systemCerts;
+ }
++#endif // Q_OS_DARWIN
+
+ void QSslSocketBackendPrivate::startClientEncryption()
+ {
+diff --git a/src/network/ssl/ssl.pri b/src/network/ssl/ssl.pri
+index 384e149..9546f18 100644
+--- a/src/network/ssl/ssl.pri
++++ b/src/network/ssl/ssl.pri
+@@ -45,7 +45,9 @@ contains(QT_CONFIG, openssl) | contains(QT_CONFIG, openssl-linked) {
+ ssl/qsslsocket_openssl.cpp \
+ ssl/qsslsocket_openssl_symbols.cpp
+
+-android:!android-no-sdk: SOURCES += ssl/qsslsocket_openssl_android.cpp
++ darwin:SOURCES += ssl/qsslsocket_mac_shared.cpp
++
++ android:!android-no-sdk: SOURCES += ssl/qsslsocket_openssl_android.cpp
+
+ # Add optional SSL libs
+ # Static linking of OpenSSL with msvc:
+--
+1.9.1
diff --git a/admin/qt/patches/README.md b/admin/qt/patches/README.md
index c2327cf..f41bcd6 100644
--- a/admin/qt/patches/README.md
+++ b/admin/qt/patches/README.md
@@ -24,14 +24,19 @@ purpose is outlined in each patches' front matter.
### Part of Qt v5.5.1 and later
* 0008-QNAM-Fix-reply-deadlocks-on-server-closing-connectio.patch
(TODO: actual patch has different name)
+* 0014-Fix-SNI-for-TlsV1_0OrLater-TlsV1_1OrLater-and-TlsV1_.patch
### Upstreamed but not in any release yet (as of 2015-11-16)
* 0009-QNAM-Assign-proper-channel-before-sslErrors-emission.patch
* 0011-Make-sure-to-report-correct-NetworkAccessibility.patch
* 0012-Make-sure-networkAccessibilityChanged-is-emitted.patch
* 0013-Make-UnknownAccessibility-not-block-requests.patch
+* 0015-Remove-legacy-platform-code-in-QSslSocket-for-OS-X-1.patch
+* 0016-Fix-possible-crash-when-passing-an-invalid-PAC-URL.patch
### Not submitted to be part of any release:
-0005-Fix-force-debug-info-with-macx-clang_NOUPSTREAM.patch
+* 0005-Fix-force-debug-info-with-macx-clang_NOUPSTREAM.patch
+This is only needed if you intent to harvest debugging symbols
+for breakpad.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud-client.git
More information about the Pkg-owncloud-commits
mailing list