[arch-commits] Commit in qt4/trunk (PKGBUILD disable-sslv3.patch)

Jan Steffens heftig at archlinux.org
Fri Mar 4 10:31:39 UTC 2016 

    Date: Friday, March 4, 2016 @ 11:31:38
  Author: heftig
Revision: 260789

Disable SSLv3

Added:
  qt4/trunk/disable-sslv3.patch
Modified:
  qt4/trunk/PKGBUILD

---------------------+
 PKGBUILD            |    5 ++++
 disable-sslv3.patch |   54 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2016-03-04 10:30:52 UTC (rev 260788)
+++ PKGBUILD	2016-03-04 10:31:38 UTC (rev 260789)
@@ -37,6 +37,7 @@
         'kubuntu_14_systemtrayicon.diff'
         'kde4-settings.patch'
         'glib-honor-ExcludeSocketNotifiers-flag.diff'
+        'disable-sslv3.patch'
         'l-qclipboard_fix_recursive.patch'
         'l-qclipboard_delay.patch')
 md5sums=('d990ee66bf7ab0c785589776f35ba6ad'
@@ -50,6 +51,7 @@
          'a523644faa8f98a73f55c4aa23c114a6'
          '66dfea63916c8dbf47b23cb012ffdccc'
          '85679531c8a7310317adfb7002d9f99a'
+         '1803ab6313df762d807678e58fc85f53'
          '009de09b4e589a7770fba74405656c99'
          'addc5e88d538ee55e17bd49ba337ca67')
 
@@ -76,6 +78,9 @@
   # https://bugreports.qt.io/browse/QTBUG-38585
   patch -p0 -i "${srcdir}"/l-qclipboard_delay.patch
 
+  # React to OpenSSL's OPENSSL_NO_SSL3 define
+  patch -p1 -i "${srcdir}"/disable-sslv3.patch
+
   sed -i "s|-O2|${CXXFLAGS}|" mkspecs/common/{g++,gcc}-base.conf
   sed -i "/^QMAKE_LFLAGS_RPATH/s| -Wl,-rpath,||g" mkspecs/common/gcc-base-unix.conf
   sed -i "/^QMAKE_LFLAGS\s/s|+=|+= ${LDFLAGS}|g" mkspecs/common/gcc-base.conf

Added: disable-sslv3.patch
===================================================================
--- disable-sslv3.patch	                        (rev 0)
+++ disable-sslv3.patch	2016-03-04 10:31:38 UTC (rev 260789)
@@ -0,0 +1,54 @@
+diff -u -r qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl.cpp qt-everywhere-opensource-src-4.8.7-nossl3/src/network/ssl/qsslsocket_openssl.cpp
+--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl.cpp	2015-05-07 16:14:44.000000000 +0200
++++ qt-everywhere-opensource-src-4.8.7-nossl3/src/network/ssl/qsslsocket_openssl.cpp	2016-03-04 11:29:17.119300898 +0100
+@@ -267,7 +267,11 @@
+ #endif
+         break;
+     case QSsl::SslV3:
++#ifndef OPENSSL_NO_SSL3
+         ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
++#else
++        ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error
++#endif
+         break;
+     case QSsl::SecureProtocols: // SslV2 will be disabled below
+     case QSsl::TlsV1SslV3: // SslV2 will be disabled below
+diff -u -r qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp qt-everywhere-opensource-src-4.8.7-nossl3/src/network/ssl/qsslsocket_openssl_symbols.cpp
+--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp	2015-05-07 16:14:44.000000000 +0200
++++ qt-everywhere-opensource-src-4.8.7-nossl3/src/network/ssl/qsslsocket_openssl_symbols.cpp	2016-03-04 11:28:52.806050135 +0100
+@@ -228,13 +228,17 @@
+ #ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ #endif
++#ifndef OPENSSL_NO_SSL3
+ DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ #ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ #endif
++#ifndef OPENSSL_NO_SSL3
+ DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ #else
+@@ -822,13 +826,17 @@
+ #ifndef OPENSSL_NO_SSL2
+     RESOLVEFUNC(SSLv2_client_method)
+ #endif
++#ifndef OPENSSL_NO_SSL3
+     RESOLVEFUNC(SSLv3_client_method)
++#endif
+     RESOLVEFUNC(SSLv23_client_method)
+     RESOLVEFUNC(TLSv1_client_method)
+ #ifndef OPENSSL_NO_SSL2
+     RESOLVEFUNC(SSLv2_server_method)
+ #endif
++#ifndef OPENSSL_NO_SSL3
+     RESOLVEFUNC(SSLv3_server_method)
++#endif
+     RESOLVEFUNC(SSLv23_server_method)
+     RESOLVEFUNC(TLSv1_server_method)
+     RESOLVEFUNC(X509_NAME_entry_count)

More information about the arch-commits mailing list