diff --git a/srcpkgs/qt/patches/patch-src_network_ssl_qsslsocket_openssl_cpp b/srcpkgs/qt/patches/patch-src_network_ssl_qsslsocket_openssl_cpp new file mode 100644 index 00000000000..c7f7c2e30e2 --- /dev/null +++ b/srcpkgs/qt/patches/patch-src_network_ssl_qsslsocket_openssl_cpp @@ -0,0 +1,34 @@ +$OpenBSD: patch-src_network_ssl_qsslsocket_openssl_cpp,v 1.4 2016/01/06 17:17:32 zhuk Exp $ +1. Disable SSLv3 by default. +2. TLSv1_*_method() are TLSv1.0-only, so default to SSLv23_*_method(), which is + actually TLSv1.* nowadays. +2a. Make QSsl::TlsV1 also use SSLv23_*_method(), noone in good mind would + want to run TLSv1.0-only connections, and too many developers fail + same way due to bad naming. + +--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl.cpp.orig Thu May 7 17:14:44 2015 ++++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl.cpp Wed Jan 6 20:10:23 2016 +@@ -267,16 +267,18 @@ init_context: + #endif + break; + case QSsl::SslV3: ++#ifndef OPENSSL_NO_SSL3 + ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); ++#else ++ ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error ++#endif + break; +- case QSsl::SecureProtocols: // SslV2 will be disabled below +- case QSsl::TlsV1SslV3: // SslV2 will be disabled below + case QSsl::AnyProtocol: ++ case QSsl::SecureProtocols: ++ case QSsl::TlsV1SslV3: ++ case QSsl::TlsV1: // this is TLSv1.0 only case, but misused as TLSv1.x too often + default: + ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); +- break; +- case QSsl::TlsV1: +- ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); + break; + } + if (!ctx) { diff --git a/srcpkgs/qt/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_cpp b/srcpkgs/qt/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_cpp new file mode 100644 index 00000000000..2f8c6777aac --- /dev/null +++ b/srcpkgs/qt/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_cpp @@ -0,0 +1,40 @@ +$OpenBSD: patch-src_network_ssl_qsslsocket_openssl_symbols_cpp,v 1.3 2015/09/17 12:24:42 dcoppa Exp $ + +--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp.orig Wed Sep 16 13:27:39 2015 ++++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp Wed Sep 16 13:33:06 2015 +@@ -228,13 +228,17 @@ DEFINEFUNC(int, SSL_shutdown, SSL *a, a, return -1, re + #ifndef OPENSSL_NO_SSL2 + DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) + #endif ++#ifndef OPENSSL_NO_SSL3 + DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif + DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) + #ifndef OPENSSL_NO_SSL2 + DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) + #endif ++#ifndef OPENSSL_NO_SSL3 + DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif + DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) + #else +@@ -822,13 +826,17 @@ bool q_resolveOpenSslSymbols() + #ifndef OPENSSL_NO_SSL2 + RESOLVEFUNC(SSLv2_client_method) + #endif ++#ifndef OPENSSL_NO_SSL3 + RESOLVEFUNC(SSLv3_client_method) ++#endif + RESOLVEFUNC(SSLv23_client_method) + RESOLVEFUNC(TLSv1_client_method) + #ifndef OPENSSL_NO_SSL2 + RESOLVEFUNC(SSLv2_server_method) + #endif ++#ifndef OPENSSL_NO_SSL3 + RESOLVEFUNC(SSLv3_server_method) ++#endif + RESOLVEFUNC(SSLv23_server_method) + RESOLVEFUNC(TLSv1_server_method) + RESOLVEFUNC(X509_NAME_entry_count) diff --git a/srcpkgs/qt/template b/srcpkgs/qt/template index c24c86991bf..ab3e640874f 100644 --- a/srcpkgs/qt/template +++ b/srcpkgs/qt/template @@ -2,7 +2,6 @@ pkgname=qt version=4.8.7 revision=8 -broken="ssl/qsslsocket_openssl_symbols.cpp:231:73: error: 'SSLv3_client_method' was not declared in this scope" _distname=qt-everywhere-opensource-src patch_args="-Np1" wrksrc=${_distname}-${version}