Disable SSLv3 by default in Qt4.

okay espie@ (MAINTAINER), went through a couple of KDE4 builds. This should been committed a while ago. Even more, I was thinking that this patch *was* committed at Oct 22... It's probably better late than never.
2014-11-13 18:33:24 +00:00 · 2014-11-13 18:33:24 +00:00 · 207a81481b
commit 207a81481b
parent 514e2867bb
3 changed files with 29 additions and 6 deletions
--- a/x11/qt4/Makefile
+++ b/x11/qt4/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.124 2014/09/13 18:09:22 brad Exp $
+# $OpenBSD: Makefile,v 1.125 2014/11/13 18:33:24 zhuk Exp $

 ONLY_FOR_ARCHS =	${GCC4_ARCHS}
 SHARED_ONLY =		Yes
@ -24,6 +24,7 @@ PKGNAME-main =		qt4-${PKGVERSION}
 PKGNAME-debug =		qt4-debug-${PKGVERSION}
 FULLPKGNAME-html =	qt4-html-${PKGVERSION}
 FULLPKGPATH-html =	${BASE_PKGPATH},-html
+REVISION-main =		0

 REVISION-mysql =	0

@ -35,7 +36,7 @@ SHARED_LIBS =	Qt3Support 8.0 \
 		QtDesigner 7.0 \
 		QtDesignerComponents 7.0 \
 		QtGui 10.1 \
-		QtNetwork 9.1 \
+		QtNetwork 10.0 \
 		QtOpenGL 7.0 \
 		QtSql 8.0 \
 		QtXml 8.0 \
@ -48,7 +49,7 @@ SHARED_LIBS =	Qt3Support 8.0 \
 		QtHelp 1.0 \
 		QtXmlPatterns 0.0 \
 		QtScriptTools 0.0 \
-		QtWebKit 3.0 \
+		QtWebKit 4.0 \
 		phonon 4.1 \
 		QtDeclarative 0.0

--- a/x11/qt4/patches/patch-src_network_ssl_qsslsocket_cpp
+++ b/x11/qt4/patches/patch-src_network_ssl_qsslsocket_cpp
@ -1,6 +1,7 @@
-$OpenBSD: patch-src_network_ssl_qsslsocket_cpp,v 1.2 2013/10/04 13:15:41 dcoppa Exp $
--- src/network/ssl/qsslsocket.cpp.orig	Fri Jun  7 07:17:00 2013
-+++ src/network/ssl/qsslsocket.cpp	Fri Sep 27 10:13:05 2013
+$OpenBSD: patch-src_network_ssl_qsslsocket_cpp,v 1.3 2014/11/13 18:33:24 zhuk Exp $
+Enable picking up certs from /etc/ssl/certs.pem and its neighbors.
+--- src/network/ssl/qsslsocket.cpp.orig	Thu Apr 10 22:37:12 2014
+++ src/network/ssl/qsslsocket.cpp	Tue Oct 21 12:36:11 2014
@@ -2325,7 +2325,8 @@ QList<QByteArray> QSslSocketPrivate::unixRootCertDirec
                                << "/var/ssl/certs/" // AIX
                                << "/usr/local/ssl/certs/" // Solaris
--- a/x11/qt4/patches/patch-src_network_ssl_qsslsocket_openssl_cpp
+++ b/x11/qt4/patches/patch-src_network_ssl_qsslsocket_openssl_cpp
@ -0,0 +1,21 @@
+$OpenBSD: patch-src_network_ssl_qsslsocket_openssl_cpp,v 1.1 2014/11/13 18:33:24 zhuk Exp $
+Disable SSLv3 by default.
+--- src/network/ssl/qsslsocket_openssl.cpp.orig	Tue Oct 21 12:38:17 2014
+++ src/network/ssl/qsslsocket_openssl.cpp	Tue Oct 21 12:39:14 2014
+@@ -265,13 +265,13 @@ init_context:
+     case QSsl::SslV3:
+         ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
+         break;
+-    case QSsl::SecureProtocols: // SslV2 will be disabled below
+-    case QSsl::TlsV1SslV3: // SslV2 will be disabled below
+     case QSsl::AnyProtocol:
+-    default:
+         ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method());
+         break;
+     case QSsl::TlsV1:
+    case QSsl::SecureProtocols:
+    case QSsl::TlsV1SslV3:
+    default:
+         ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method());
+         break;
+     }