Add openssl_no_ssl2.patch - OpenSSL in Debian dropped the insecure SSLv2

protocol. (Closes: #640210)
author: Fathi Boudra <fabo@debian.org> 2011-09-16 01:03:13 +0300
committer: Fathi Boudra <fabo@debian.org> 2011-09-16 01:03:13 +0300
commit: 37e3439c8fff36956935b6d5e69467b7fe3a1089 (patch)
tree: 0fa29e54a238f543c7e91778bad78ca6e003dabd /debian
parent: 3bb88ab986d7ed8e1857fdf80d59e77d2663ab59 (diff)
download: qt4-x11-37e3439c8fff36956935b6d5e69467b7fe3a1089.tar.gz
3 files changed, 132 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 047447c..407d9cf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,6 +17,8 @@ qt4-x11 (4:4.7.4-1) UNRELEASED; urgency=low
       plugin path.
     - Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
       (Closes: #641738)
+    - openssl_no_ssl2.patch - OpenSSL in Debian dropped the insecure SSLv2
+      protocol. (Closes: #640210)
   * Break qdbus out into a separate 'qdbus' package and make it a dependency of
     libqt4-dbus, because some things will use this at runtime. It makes
     libqt4-dbus genuinely multiarch-installable.
diff --git a/debian/patches/openssl_no_ssl2.patch b/debian/patches/openssl_no_ssl2.patch
new file mode 100644
index 0000000..f5d3eda
--- /dev/null
+++ b/debian/patches/openssl_no_ssl2.patch
@@ -0,0 +1,129 @@
+Description: OpenSSL in Debian dropped the insecure SSLv2 protocol. Check OPENSSL_NO_SSL2.
+Author: Fathi Boudra <fabo@debian.org>
+Bug-Debian: http://bugs.debian.org/640210
+
+---
+ src/network/ssl/qsslsocket_openssl.cpp         |    4 ++++
+ src/network/ssl/qsslsocket_openssl_symbols.cpp |   16 ++++++++++++++++
+ src/network/ssl/qsslsocket_openssl_symbols_p.h |    8 ++++++++
+ 3 files changed, 28 insertions(+)
+
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -196,8 +196,10 @@ QSslCipher QSslSocketBackendPrivate::QSs
+         ciph.d->protocol = QSsl::UnknownProtocol;
+         if (protoString == QLatin1String("SSLv3"))
+             ciph.d->protocol = QSsl::SslV3;
++#ifndef OPENSSL_NO_SSL2
+         else if (protoString == QLatin1String("SSLv2"))
+             ciph.d->protocol = QSsl::SslV2;
++#endif
+         else if (protoString == QLatin1String("TLSv1"))
+             ciph.d->protocol = QSsl::TlsV1;
+ 
+@@ -246,9 +248,11 @@ bool QSslSocketBackendPrivate::initSslCo
+     bool reinitialized = false;
+ init_context:
+     switch (configuration.protocol) {
++#ifndef OPENSSL_NO_SSL2
+     case QSsl::SslV2:
+         ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method());
+         break;
++#endif
+     case QSsl::SslV3:
+         ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
+         break;
+--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+@@ -214,20 +214,28 @@ DEFINEFUNC(void, SSL_set_accept_state, S
+ DEFINEFUNC(void, SSL_set_connect_state, SSL *a, a, return, DUMMYARG)
+ DEFINEFUNC(int, SSL_shutdown, SSL *a, a, return -1, return)
+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ #else
++#ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
+@@ -591,11 +599,15 @@ bool q_resolveOpenSslSymbols()
+     RESOLVEFUNC(SSL_set_connect_state, 152, libs.first )
+     RESOLVEFUNC(SSL_shutdown, 173, libs.first )
+     RESOLVEFUNC(SSL_write, 188, libs.first )
++#ifndef OPENSSL_NO_SSL2
+     RESOLVEFUNC(SSLv2_client_method, 192, libs.first )
++#endif
+     RESOLVEFUNC(SSLv3_client_method, 195, libs.first )
+     RESOLVEFUNC(SSLv23_client_method, 189, libs.first )
+     RESOLVEFUNC(TLSv1_client_method, 198, libs.first )
++#ifndef OPENSSL_NO_SSL2
+     RESOLVEFUNC(SSLv2_server_method, 194, libs.first )
++#endif
+     RESOLVEFUNC(SSLv3_server_method, 197, libs.first )
+     RESOLVEFUNC(SSLv23_server_method, 191, libs.first )
+     RESOLVEFUNC(TLSv1_server_method, 200, libs.first )
+@@ -715,11 +727,15 @@ bool q_resolveOpenSslSymbols()
+     RESOLVEFUNC(SSL_set_connect_state)
+     RESOLVEFUNC(SSL_shutdown)
+     RESOLVEFUNC(SSL_write)
++#ifndef OPENSSL_NO_SSL2
+     RESOLVEFUNC(SSLv2_client_method)
++#endif
+     RESOLVEFUNC(SSLv3_client_method)
+     RESOLVEFUNC(SSLv23_client_method)
+     RESOLVEFUNC(TLSv1_client_method)
++#ifndef OPENSSL_NO_SSL2
+     RESOLVEFUNC(SSLv2_server_method)
++#endif
+     RESOLVEFUNC(SSLv3_server_method)
+     RESOLVEFUNC(SSLv23_server_method)
+     RESOLVEFUNC(TLSv1_server_method)
+--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
++++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+@@ -322,20 +322,28 @@ void q_SSL_set_accept_state(SSL *a);
+ void q_SSL_set_connect_state(SSL *a);
+ int q_SSL_shutdown(SSL *a);
+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#ifndef OPENSSL_NO_SSL2
+ const SSL_METHOD *q_SSLv2_client_method();
++#endif
+ const SSL_METHOD *q_SSLv3_client_method();
+ const SSL_METHOD *q_SSLv23_client_method();
+ const SSL_METHOD *q_TLSv1_client_method();
++#ifndef OPENSSL_NO_SSL2
+ const SSL_METHOD *q_SSLv2_server_method();
++#endif
+ const SSL_METHOD *q_SSLv3_server_method();
+ const SSL_METHOD *q_SSLv23_server_method();
+ const SSL_METHOD *q_TLSv1_server_method();
+ #else
++#ifndef OPENSSL_NO_SSL2
+ SSL_METHOD *q_SSLv2_client_method();
++#endif
+ SSL_METHOD *q_SSLv3_client_method();
+ SSL_METHOD *q_SSLv23_client_method();
+ SSL_METHOD *q_TLSv1_client_method();
++#ifndef OPENSSL_NO_SSL2
+ SSL_METHOD *q_SSLv2_server_method();
++#endif
+ SSL_METHOD *q_SSLv3_server_method();
+ SSL_METHOD *q_SSLv23_server_method();
+ SSL_METHOD *q_TLSv1_server_method();
diff --git a/debian/patches/series b/debian/patches/series
index 5594f33..2f9cbb9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -52,3 +52,4 @@ armv6_Add_support_for_ARMv7_atomic_operations.patch
 qt-multiarch-plugin-path-compat.diff
 s390x_jscore.diff
 blacklist-diginotar-cert.diff
+openssl_no_ssl2.patch
author	Fathi Boudra <fabo@debian.org>	2011-09-16 01:03:13 +0300
committer	Fathi Boudra <fabo@debian.org>	2011-09-16 01:03:13 +0300
commit	37e3439c8fff36956935b6d5e69467b7fe3a1089 (patch)
tree	0fa29e54a238f543c7e91778bad78ca6e003dabd /debian
parent	3bb88ab986d7ed8e1857fdf80d59e77d2663ab59 (diff)
download	qt4-x11-37e3439c8fff36956935b6d5e69467b7fe3a1089.tar.gz