[arch-commits] Commit in lib32-qt4/trunk (PKGBUILD disable-sslv3.patch)

Bartłomiej Piotrowski bpiotrowski at archlinux.org
Fri Mar 4 21:21:21 UTC 2016 

    Date: Friday, March 4, 2016 @ 22:21:20
  Author: bpiotrowski
Revision: 164854

Disable SSLv3

Added:
  lib32-qt4/trunk/disable-sslv3.patch
Modified:
  lib32-qt4/trunk/PKGBUILD

---------------------+
 PKGBUILD            |   10 +++++++--
 disable-sslv3.patch |   54 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+), 2 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2016-03-04 21:16:25 UTC (rev 164853)
+++ PKGBUILD	2016-03-04 21:21:20 UTC (rev 164854)
@@ -24,12 +24,15 @@
 conflicts=(lib32-qtwebkit lib32-qt)
 _pkgfqn="qt-everywhere-opensource-src-${pkgver}"
 source=("http://download.qt-project.org/official_releases/qt/4.8/${pkgver}/${_pkgfqn}.tar.gz"
-        "kubuntu_14_systemtrayicon.diff")
+        "kubuntu_14_systemtrayicon.diff"
+        "disable-sslv3.patch")
 md5sums=('d990ee66bf7ab0c785589776f35ba6ad'
-         'a523644faa8f98a73f55c4aa23c114a6')
+         'a523644faa8f98a73f55c4aa23c114a6'
+         '1803ab6313df762d807678e58fc85f53')
 
 export CC='clang'
 export CXX='clang++'
+
 prepare() {
   cd $srcdir/$_pkgfqn
 
@@ -40,6 +43,9 @@
   # http://blog.martin-graesslin.com/blog/2014/06/where-are-my-systray-icons/
   patch -p1 -i "${srcdir}"/kubuntu_14_systemtrayicon.diff
 
+  # disable SSLv3
+  patch -p1 -i "${srcdir}"/disable-sslv3.patch
+
   # some of those are likely unnecessary, but I'm too lazy to find and remove them
   sed -i "/^QMAKE_LINK\s/s|g++|g++ -m32|g" mkspecs/common/g++-base.conf
   sed -i "s|-O2|${CXXFLAGS} -m32|" mkspecs/common/g++-base.conf

Added: disable-sslv3.patch
===================================================================
--- disable-sslv3.patch	                        (rev 0)
+++ disable-sslv3.patch	2016-03-04 21:21:20 UTC (rev 164854)
@@ -0,0 +1,54 @@
+diff -u -r qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl.cpp qt-everywhere-opensource-src-4.8.7-nossl3/src/network/ssl/qsslsocket_openssl.cpp
+--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl.cpp	2015-05-07 16:14:44.000000000 +0200
++++ qt-everywhere-opensource-src-4.8.7-nossl3/src/network/ssl/qsslsocket_openssl.cpp	2016-03-04 11:29:17.119300898 +0100
+@@ -267,7 +267,11 @@
+ #endif
+         break;
+     case QSsl::SslV3:
++#ifndef OPENSSL_NO_SSL3
+         ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
++#else
++        ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error
++#endif
+         break;
+     case QSsl::SecureProtocols: // SslV2 will be disabled below
+     case QSsl::TlsV1SslV3: // SslV2 will be disabled below
+diff -u -r qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp qt-everywhere-opensource-src-4.8.7-nossl3/src/network/ssl/qsslsocket_openssl_symbols.cpp
+--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp	2015-05-07 16:14:44.000000000 +0200
++++ qt-everywhere-opensource-src-4.8.7-nossl3/src/network/ssl/qsslsocket_openssl_symbols.cpp	2016-03-04 11:28:52.806050135 +0100
+@@ -228,13 +228,17 @@
+ #ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ #endif
++#ifndef OPENSSL_NO_SSL3
+ DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ #ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ #endif
++#ifndef OPENSSL_NO_SSL3
+ DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ #else
+@@ -822,13 +826,17 @@
+ #ifndef OPENSSL_NO_SSL2
+     RESOLVEFUNC(SSLv2_client_method)
+ #endif
++#ifndef OPENSSL_NO_SSL3
+     RESOLVEFUNC(SSLv3_client_method)
++#endif
+     RESOLVEFUNC(SSLv23_client_method)
+     RESOLVEFUNC(TLSv1_client_method)
+ #ifndef OPENSSL_NO_SSL2
+     RESOLVEFUNC(SSLv2_server_method)
+ #endif
++#ifndef OPENSSL_NO_SSL3
+     RESOLVEFUNC(SSLv3_server_method)
++#endif
+     RESOLVEFUNC(SSLv23_server_method)
+     RESOLVEFUNC(TLSv1_server_method)
+     RESOLVEFUNC(X509_NAME_entry_count)

More information about the arch-commits mailing list