Bug#858937: kde4libs: Please migrate to openssl1.1 in buster

2018-12-03 Thread Sebastian Andrzej Siewior 
On 2018-12-03 12:30:53 [+0100], Didier 'OdyX' Raboud wrote:
> > If you switch to openssl-dev with this upload, please make it depend on
> > libssl1.1 (which does not happen because it does not depend on any symbols)
> > and the you could also close
> > 
> > #913959 [S|  |  ] [src:kde4libs] kde4libs: Build-Depends on libssl1.0-dev
> 
> I've checked thoroughly, and didn't find any package from src:kde4libs which 
> has a relationship with libssl*; so I think this upload at least is no 
> regression in that regard.

The package loads libssl's symbols dynamically and has to dependencies
on libssl1.1 / libssl1.0.2 and I miss it on  a regular basis during
testing.

> Cheers,
> OdyX

Sebastian

Bug#858937: kde4libs: Please migrate to openssl1.1 in buster

2018-12-03 Thread Didier 'OdyX' Raboud 
Le samedi, 1 décembre 2018, 15.33:37 h CET Sebastian Andrzej Siewior a écrit :
> On December 1, 2018 2:02:42 PM UTC, Didier 'OdyX' Raboud  
wrote:
> >So; to get the ball rolling on this RC bug:
> >
> >* I've prepared a Debian patch with it
> 
> If you switch to openssl-dev with this upload, please make it depend on
> libssl1.1 (which does not happen because it does not depend on any symbols)
> and the you could also close
> 
> #913959 [S|  |  ] [src:kde4libs] kde4libs: Build-Depends on libssl1.0-dev

I've checked thoroughly, and didn't find any package from src:kde4libs which 
has a relationship with libssl*; so I think this upload at least is no 
regression in that regard.

Cheers,
OdyX

signature.asc
Description: This is a digitally signed message part.

Bug#858937: kde4libs: Please migrate to openssl1.1 in buster

2018-12-01 Thread Sebastian Andrzej Siewior 
On December 1, 2018 2:02:42 PM UTC, Didier 'OdyX' Raboud  
wrote:

>So; to get the ball rolling on this RC bug:
>
>* I've prepared a Debian patch with it 

If you switch to openssl-dev with this upload, please make it depend on 
libssl1.1 (which does not happen because it does not depend on any symbols) and 
the you could also close

#913959 [S|  |  ] [src:kde4libs] kde4libs: Build-Depends on libssl1.0-dev

Thank you for work. Greetings to Bern's BSP team.

>Cheers,
>   OdyX


-- 
Sebastian

Bug#858937: kde4libs: Please migrate to openssl1.1 in buster

2018-12-01 Thread Didier 'OdyX' Raboud 
Control: user debian-rele...@lists.debian.org
Control: usertag -1 +bsp-2018-12-ch-bern
Control: tags -1 +patch +pending

On Fri, 16 Nov 2018 10:07:08 +0100 Emilio Pozuelo Monfort  wrote:
> > this is a remainder about the openssl transition [0]. We really want to
> > remove libssl1.0-dev from unstable for Buster. I will raise the severity
> > of this bug to serious in a month. Please react before that happens.
> 
> This is the last blocker for the openssl 1.0 removal from testing.
> 
> There is a patch at [1], could you look into using it?
>
> [1]
> https://src.fedoraproject.org/rpms/kdelibs/blob/
d68bdeabf80bf618b085bfb914c17153115e7e36/f/kdelibs-4.14.38-openssl-1.1.patch

Jumping in from Bern's BSP. :-)

I've imported the patch from Emilio's link; which:
- is originally from upstream's kde4libs4support repository (by Daniel Vrátil 
  , on 2017-10-17):

https://cgit.kde.org/kdelibs4support.git/commit/?
id=9a990c69c606126bcd60cd7718462aec2a92460d

- was backported to Fedora by Wolfgang Bauer  on 2017-10-25,
  and integrated there by Kevin Kofler  on 2018-01-05:

https://src.fedoraproject.org/rpms/kdelibs/c/
a4a16201d5f09c6aeb443eeeb823c4e44896014a?branch=master

  It is integrated since their 4.14.38-2 kdelibs package.

So; to get the ball rolling on this RC bug:

* I've prepared a Debian patch with it and pushed it to my salsa fork:

https://salsa.debian.org/qt-kde-team/kde/kde4libs/merge_requests/1/commits
* Hereattached is the debdiff I propose;
* I have uploaded this update to DELAYED/5.

Thanks for your consideration!

Cheers,
OdyXdiff -Nru kde4libs-4.14.38/debian/changelog kde4libs-4.14.38/debian/changelog
--- kde4libs-4.14.38/debian/changelog	2018-07-28 10:39:03.0 +0200
+++ kde4libs-4.14.38/debian/changelog	2018-12-01 14:29:23.0 +0100
@@ -1,3 +1,12 @@
+kde4libs (4:4.14.38-3) unstable; urgency=medium
+
+  * Team upload
+  * Build against OpenSSL 1.1 (Closes: #858937)
+- use Fedora-provided patch backport by Daniel Vrátil and Wolfgang Bauer
+- In Build-Depends, replace libssl1.0-dev by "libssl-dev (>= 1.1)"
+
+ -- Didier Raboud   Sat, 01 Dec 2018 14:29:23 +0100
+
 kde4libs (4:4.14.38-2) unstable; urgency=medium
 
   * Team upload.
diff -Nru kde4libs-4.14.38/debian/control kde4libs-4.14.38/debian/control
--- kde4libs-4.14.38/debian/control	2018-07-28 10:39:03.0 +0200
+++ kde4libs-4.14.38/debian/control	2018-12-01 14:29:07.0 +0100
@@ -39,7 +39,7 @@
libqt4-opengl-dev (>= 4:4.8.0),
libqtwebkit-dev,
libsm-dev,
-   libssl1.0-dev,
+   libssl-dev (>= 1.1),
libudev-dev [linux-any],
libutempter-dev,
libxml2-dev,
diff -Nru kde4libs-4.14.38/debian/patches/kdelibs-4.14.38-openssl-1.1.patch kde4libs-4.14.38/debian/patches/kdelibs-4.14.38-openssl-1.1.patch
--- kde4libs-4.14.38/debian/patches/kdelibs-4.14.38-openssl-1.1.patch	1970-01-01 01:00:00.0 +0100
+++ kde4libs-4.14.38/debian/patches/kdelibs-4.14.38-openssl-1.1.patch	2018-12-01 14:25:25.0 +0100
@@ -0,0 +1,984 @@
+From a015996bb55bbd63d94b227a2c82d0d97cd86ae8 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bauer 
+Date: Wed, 25 Oct 2017 07:49:32 +0200
+Subject: [PATCH] Make kssl compile against OpenSSL 1.1.0
+
+OpenSSL 1.1.0 contains some source-incompatible changes, most notably
+making most of the structures opaque and introducing new getter/setter
+functions to modify the structures. This patch adds some of the newly
+introduced functions to the KOpenSSL class and modifies the code to
+call them. The implementation of those newly introduced methods
+contains both OpenSSL < 1.1 compatible code (direct structure member
+access) and calls to real functions resolved from OpenSSL>= 1.1
+library. Which implementation is used is decided at compile time. Some
+of the existing methods were renamed to match the OpenSSL 1.1 naming
+and to avoid conflicts with backward-compatibility names provided by
+OpenSSL 1.1.
+
+KSSLCertificate::toNetscape() returns empty result when built against
+OpenSSL 1.1 since I wasn't able to find a proper equivalent in OpenSSL
+1.1 API (and there does not seem to be any).
+
+(Backport of commit 9a990c69c606126bcd60cd7718462aec2a92460d from
+kdelibs4support)
+---
+ kio/kssl/kopenssl.cpp| 250 ++-
+ kio/kssl/kopenssl.h  |  80 --
+ kio/kssl/kssl.cpp|   4 -
+ kio/kssl/ksslcallback.c  |   6 +-
+ kio/kssl/ksslcertchain.cpp   |  53 +++--
+ kio/kssl/ksslcertificate.cpp |  68 +++-
+ 6 files changed, 351 insertions(+), 110 deletions(-)
+
+--- a/kio/kssl/kopenssl.cpp
 b/kio/kssl/kopenssl.cpp
+@@ -75,18 +75,26 @@
+ static int (*K_X509_verify_cert) (X509_STORE_CTX *) = 0L;
+ static X509_STORE_CTX *(*K_X509_STORE_CTX_new) (void) = 0L;
+ static void (*K_X509_STORE_free) (X509_STORE *) = 0L;
++static void (*K_X509_STORE_set_verify_cb)(X509_STORE *, int (*)(int, X50

Bug#858937: kde4libs: Please migrate to openssl1.1 in buster

2018-11-16 Thread Emilio Pozuelo Monfort 
On Thu, 12 Oct 2017 23:44:27 +0200 Sebastian Andrzej Siewior
 wrote:
> Hi,
> 
> this is a remainder about the openssl transition [0]. We really want to
> remove libssl1.0-dev from unstable for Buster. I will raise the severity> of 
> this bug to serious in a month. Please react before that happens.

This is the last blocker for the openssl 1.0 removal from testing.

There is a patch at [1], could you look into using it?

Thanks,
Emilio

[1]
https://src.fedoraproject.org/rpms/kdelibs/blob/d68bdeabf80bf618b085bfb914c17153115e7e36/f/kdelibs-4.14.38-openssl-1.1.patch

Bug#858937: kde4libs: Please migrate to openssl1.1 in buster

2017-10-12 Thread Sebastian Andrzej Siewior 
Hi,

this is a remainder about the openssl transition [0]. We really want to
remove libssl1.0-dev from unstable for Buster. I will raise the severity
of this bug to serious in a month. Please react before that happens.

[0] https://bugs.debian.org/871056#55

Sebastian