Control: user debian-rele...@lists.debian.org
Control: usertag -1 +bsp-2018-12-ch-bern
Control: tags -1 +patch +pending
On Fri, 16 Nov 2018 10:07:08 +0100 Emilio Pozuelo Monfort wrote:
> > this is a remainder about the openssl transition [0]. We really want to
> > remove libssl1.0-dev from unstable for Buster. I will raise the severity
> > of this bug to serious in a month. Please react before that happens.
>
> This is the last blocker for the openssl 1.0 removal from testing.
>
> There is a patch at [1], could you look into using it?
>
> [1]
> https://src.fedoraproject.org/rpms/kdelibs/blob/
d68bdeabf80bf618b085bfb914c17153115e7e36/f/kdelibs-4.14.38-openssl-1.1.patch
Jumping in from Bern's BSP. :-)
I've imported the patch from Emilio's link; which:
- is originally from upstream's kde4libs4support repository (by Daniel Vrátil
, on 2017-10-17):
https://cgit.kde.org/kdelibs4support.git/commit/?
id=9a990c69c606126bcd60cd7718462aec2a92460d
- was backported to Fedora by Wolfgang Bauer on 2017-10-25,
and integrated there by Kevin Kofler on 2018-01-05:
https://src.fedoraproject.org/rpms/kdelibs/c/
a4a16201d5f09c6aeb443eeeb823c4e44896014a?branch=master
It is integrated since their 4.14.38-2 kdelibs package.
So; to get the ball rolling on this RC bug:
* I've prepared a Debian patch with it and pushed it to my salsa fork:
https://salsa.debian.org/qt-kde-team/kde/kde4libs/merge_requests/1/commits
* Hereattached is the debdiff I propose;
* I have uploaded this update to DELAYED/5.
Thanks for your consideration!
Cheers,
OdyXdiff -Nru kde4libs-4.14.38/debian/changelog kde4libs-4.14.38/debian/changelog
--- kde4libs-4.14.38/debian/changelog 2018-07-28 10:39:03.0 +0200
+++ kde4libs-4.14.38/debian/changelog 2018-12-01 14:29:23.0 +0100
@@ -1,3 +1,12 @@
+kde4libs (4:4.14.38-3) unstable; urgency=medium
+
+ * Team upload
+ * Build against OpenSSL 1.1 (Closes: #858937)
+- use Fedora-provided patch backport by Daniel Vrátil and Wolfgang Bauer
+- In Build-Depends, replace libssl1.0-dev by "libssl-dev (>= 1.1)"
+
+ -- Didier Raboud Sat, 01 Dec 2018 14:29:23 +0100
+
kde4libs (4:4.14.38-2) unstable; urgency=medium
* Team upload.
diff -Nru kde4libs-4.14.38/debian/control kde4libs-4.14.38/debian/control
--- kde4libs-4.14.38/debian/control 2018-07-28 10:39:03.0 +0200
+++ kde4libs-4.14.38/debian/control 2018-12-01 14:29:07.0 +0100
@@ -39,7 +39,7 @@
libqt4-opengl-dev (>= 4:4.8.0),
libqtwebkit-dev,
libsm-dev,
- libssl1.0-dev,
+ libssl-dev (>= 1.1),
libudev-dev [linux-any],
libutempter-dev,
libxml2-dev,
diff -Nru kde4libs-4.14.38/debian/patches/kdelibs-4.14.38-openssl-1.1.patch kde4libs-4.14.38/debian/patches/kdelibs-4.14.38-openssl-1.1.patch
--- kde4libs-4.14.38/debian/patches/kdelibs-4.14.38-openssl-1.1.patch 1970-01-01 01:00:00.0 +0100
+++ kde4libs-4.14.38/debian/patches/kdelibs-4.14.38-openssl-1.1.patch 2018-12-01 14:25:25.0 +0100
@@ -0,0 +1,984 @@
+From a015996bb55bbd63d94b227a2c82d0d97cd86ae8 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bauer
+Date: Wed, 25 Oct 2017 07:49:32 +0200
+Subject: [PATCH] Make kssl compile against OpenSSL 1.1.0
+
+OpenSSL 1.1.0 contains some source-incompatible changes, most notably
+making most of the structures opaque and introducing new getter/setter
+functions to modify the structures. This patch adds some of the newly
+introduced functions to the KOpenSSL class and modifies the code to
+call them. The implementation of those newly introduced methods
+contains both OpenSSL < 1.1 compatible code (direct structure member
+access) and calls to real functions resolved from OpenSSL>= 1.1
+library. Which implementation is used is decided at compile time. Some
+of the existing methods were renamed to match the OpenSSL 1.1 naming
+and to avoid conflicts with backward-compatibility names provided by
+OpenSSL 1.1.
+
+KSSLCertificate::toNetscape() returns empty result when built against
+OpenSSL 1.1 since I wasn't able to find a proper equivalent in OpenSSL
+1.1 API (and there does not seem to be any).
+
+(Backport of commit 9a990c69c606126bcd60cd7718462aec2a92460d from
+kdelibs4support)
+---
+ kio/kssl/kopenssl.cpp| 250 ++-
+ kio/kssl/kopenssl.h | 80 --
+ kio/kssl/kssl.cpp| 4 -
+ kio/kssl/ksslcallback.c | 6 +-
+ kio/kssl/ksslcertchain.cpp | 53 +++--
+ kio/kssl/ksslcertificate.cpp | 68 +++-
+ 6 files changed, 351 insertions(+), 110 deletions(-)
+
+--- a/kio/kssl/kopenssl.cpp
b/kio/kssl/kopenssl.cpp
+@@ -75,18 +75,26 @@
+ static int (*K_X509_verify_cert) (X509_STORE_CTX *) = 0L;
+ static X509_STORE_CTX *(*K_X509_STORE_CTX_new) (void) = 0L;
+ static void (*K_X509_STORE_free) (X509_STORE *) = 0L;
++static void (*K_X509_STORE_set_verify_cb)(X509_STORE *, int (*)(int, X50