[gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
commit: 44d3661b4981baaa12699edc40dfe06858f911f7
Author: Andreas Sturmlechner gentoo org>
AuthorDate: Sat May 20 17:59:01 2023 +
Commit: Andreas Sturmlechner gentoo org>
CommitDate: Sat May 20 18:02:35 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44d3661b
dev-qt/qtnetwork: QDnsLookup: make sure we don't overflow the buffer
Signed-off-by: Andreas Sturmlechner gentoo.org>
15.9-QDnsLookup-dont-overflow-the-buffer.patch | 103 +
dev-qt/qtnetwork/qtnetwork-5.15.9-r1.ebuild| 76 +++
2 files changed, 179 insertions(+)
diff --git
a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch
b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch
new file mode 100644
index ..433dc678ad2d
--- /dev/null
+++
b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch
@@ -0,0 +1,103 @@
+From 2103f2487f709dd9546c503820d9ad509e9a63b3 Mon Sep 17 00:00:00 2001
+From: Thiago Macieira
+Date: Thu, 11 May 2023 21:40:15 -0700
+Subject: [PATCH] QDnsLookup/Unix: make sure we don't overflow the buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The DNS Records are variable length and encode their size in 16 bits
+before the Record Data (RDATA). Ensure that both the RDATA and the
+Record header fields before it fall inside the buffer we have.
+
+Additionally reject any replies containing more than one query records.
+
+[ChangeLog][QtNetwork][QDnsLookup] Fixed a bug that could cause a buffer
+overflow in Unix systems while parsing corrupt, malicious, or truncated
+replies.
+
+Pick-to: 5.15 6.2 6.5 6.5.1
+Change-Id: I3e3bfef633af4130a03afffd175e4b9547654b95
+Reviewed-by: Mårten Nordheim
+Reviewed-by: Jani Heikkinen
+(cherry picked from commit 7dba2c87619d558a61a30eb30cc1d9c3fe6df94c)
+
+* asturmlechner 2023-05-18: Resolve conflict with dev branch commit
+ 68b625901f9eb7c34e3d7aa302e1c0a454d3190b
+---
+ src/network/kernel/qdnslookup_unix.cpp | 31 +-
+ 1 file changed, 25 insertions(+), 6 deletions(-)
+
+diff --git a/src/network/kernel/qdnslookup_unix.cpp
b/src/network/kernel/qdnslookup_unix.cpp
+index 12b40fc35dd..99e999d436c 100644
+--- a/src/network/kernel/qdnslookup_unix.cpp
b/src/network/kernel/qdnslookup_unix.cpp
+@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType,
const QByteArray
+ // responseLength in case of error, we still can extract the
+ // exact error code from the response.
+ HEADER *header = (HEADER*)response;
+-const int answerCount = ntohs(header->ancount);
+ switch (header->rcode) {
+ case NOERROR:
+ break;
+@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType,
const QByteArray
+ return;
+ }
+
+-// Skip the query host, type (2 bytes) and class (2 bytes).
+ char host[PACKETSZ], answer[PACKETSZ];
+ unsigned char *p = response + sizeof(HEADER);
+-int status = local_dn_expand(response, response + responseLength, p,
host, sizeof(host));
+-if (status < 0) {
++int status;
++
++if (ntohs(header->qdcount) == 1) {
++// Skip the query host, type (2 bytes) and class (2 bytes).
++status = local_dn_expand(response, response + responseLength, p,
host, sizeof(host));
++if (status < 0) {
++reply->error = QDnsLookup::InvalidReplyError;
++reply->errorString = tr("Could not expand domain name");
++return;
++}
++if ((p - response) + status + 4 >= responseLength)
++header->qdcount = 0x; // invalid reply below
++else
++p += status + 4;
++}
++if (ntohs(header->qdcount) > 1) {
+ reply->error = QDnsLookup::InvalidReplyError;
+-reply->errorString = tr("Could not expand domain name");
++reply->errorString = tr("Invalid reply received");
+ return;
+ }
+-p += status + 4;
+
+ // Extract results.
++const int answerCount = ntohs(header->ancount);
+ int answerIndex = 0;
+ while ((p < response + responseLength) && (answerIndex < answerCount)) {
+ status = local_dn_expand(response, response + responseLength, p,
host, sizeof(host));
+@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType,
const QByteArray
+ const QString name = QUrl::fromAce(host);
+
+ p += status;
++
++if ((p - response) + 10 > responseLength) {
++// probably just a truncated reply, return what we have
++return;
++}
+ const quint16 type = (p[0] << 8) | p[1];
+ p += 2; // RR type
+ p += 2; // RR class
+@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType,
const QByteArray
+ p += 4;
+ const quint16 size = (p[0] << 8) | p[1];
+ p += 2;
++if ((p - response)
[gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
commit: 217fc6b64c5569a44e0f2d370cebc37e53b5
Author: Stefan Strogin steils org>
AuthorDate: Sat Nov 28 19:37:21 2020 +
Commit: Andreas Sturmlechner gentoo org>
CommitDate: Sat Nov 28 20:21:14 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=217fc6b6
dev-qt/qtnetwork: update (5.15.2) patch for LibreSSL
Closes: https://bugs.gentoo.org/757147
Package-Manager: Portage-3.0.10, Repoman-3.0.2
Signed-off-by: Stefan Strogin gentoo.org>
Closes: https://github.com/gentoo/qt/pull/230
Signed-off-by: Andreas Sturmlechner gentoo.org>
.../files/qtnetwork-5.15.2-libressl.patch | 377 +
dev-qt/qtnetwork/qtnetwork-5.15.2.ebuild | 2 +-
2 files changed, 378 insertions(+), 1 deletion(-)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.2-libressl.patch
b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-libressl.patch
new file mode 100644
index 000..f7fe32f06e4
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-libressl.patch
@@ -0,0 +1,377 @@
+From 07a00f9c6d87f1fa5360cfb8f086670f3fa5bd3f Mon Sep 17 00:00:00 2001
+From: Stefan Strogin
+Date: Sat, 28 Nov 2020 06:12:22 +0200
+Subject: [PATCH] QSslSocket: add LibreSSL support
+
+Upstream-Status: Inappropriate
+[Upstream is not willing to accept any patches for LibreSSL support]
+Signed-off-by: Stefan Strogin
+---
+ src/network/ssl/qsslcertificate_openssl.cpp | 2 +-
+ src/network/ssl/qsslcontext_openssl.cpp | 19 +++-
+ src/network/ssl/qsslcontext_openssl_p.h | 7 +++
+ src/network/ssl/qsslsocket_openssl.cpp| 2 +-
+ .../ssl/qsslsocket_openssl_symbols.cpp| 31 +
+ .../ssl/qsslsocket_openssl_symbols_p.h| 45 +++
+ 6 files changed, 103 insertions(+), 3 deletions(-)
+
+diff --git a/src/network/ssl/qsslcertificate_openssl.cpp
b/src/network/ssl/qsslcertificate_openssl.cpp
+index ca9d61cc..19774432 100644
+--- a/src/network/ssl/qsslcertificate_openssl.cpp
b/src/network/ssl/qsslcertificate_openssl.cpp
+@@ -661,7 +661,7 @@ static QMultiMap
_q_mapFromX509Name(X509_NAME *name)
+ unsigned char *data = nullptr;
+ int size = q_ASN1_STRING_to_UTF8(,
q_X509_NAME_ENTRY_get_data(e));
+ info.insert(name, QString::fromUtf8((char*)data, size));
+-#if QT_CONFIG(opensslv11)
++#if QT_CONFIG(opensslv11) && !defined(LIBRESSL_VERSION_NUMBER)
+ q_CRYPTO_free(data, nullptr, 0);
+ #else
+ q_CRYPTO_free(data);
+diff --git a/src/network/ssl/qsslcontext_openssl.cpp
b/src/network/ssl/qsslcontext_openssl.cpp
+index c9f202f5..d3626cab 100644
+--- a/src/network/ssl/qsslcontext_openssl.cpp
b/src/network/ssl/qsslcontext_openssl.cpp
+@@ -351,9 +351,11 @@ init_context:
+ return;
+ }
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ // A nasty hacked OpenSSL using a level that will make our auto-tests
fail:
+ if (q_SSL_CTX_get_security_level(sslContext->ctx) > 1 &&
*forceSecurityLevel())
+ q_SSL_CTX_set_security_level(sslContext->ctx, 1);
++#endif // LIBRESSL_VERSION_NUMBER
+
+ const long anyVersion =
+ #if QT_CONFIG(dtls)
+@@ -408,16 +410,28 @@ init_context:
+ maxVersion = DTLS1_VERSION;
+ break;
+ case QSsl::DtlsV1_0OrLater:
++#ifdef DTLS_MAX_VERSION
+ minVersion = DTLS1_VERSION;
+ maxVersion = DTLS_MAX_VERSION;
++#else
++Q_UNREACHABLE();
++#endif // DTLS_MAX_VERSION
+ break;
+ case QSsl::DtlsV1_2:
++#ifdef DTLS1_2_VERSION
+ minVersion = DTLS1_2_VERSION;
+ maxVersion = DTLS1_2_VERSION;
++#else
++Q_UNREACHABLE();
++#endif // DTLS1_2_VERSION
+ break;
+ case QSsl::DtlsV1_2OrLater:
++#if defined(DTLS1_2_VERSION) && defined(DTLS_MAX_VERSION)
+ minVersion = DTLS1_2_VERSION;
+ maxVersion = DTLS_MAX_VERSION;
++#else
++Q_UNREACHABLE();
++#endif // DTLS1_2_VERSION && DTLS_MAX_VERSION
+ break;
+ case QSsl::TlsV1_3OrLater:
+ #ifdef TLS1_3_VERSION
+@@ -722,6 +736,7 @@ void QSslContext::applyBackendConfig(QSslContext
*sslContext)
+ }
+ #endif // ocsp
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ QSharedPointer cctx(q_SSL_CONF_CTX_new(),
_SSL_CONF_CTX_free);
+ if (cctx) {
+ q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx);
+@@ -768,7 +783,9 @@ void QSslContext::applyBackendConfig(QSslContext
*sslContext)
+ sslContext->errorStr =
msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_finish() failed"));
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+-} else {
++} else
++#endif // LIBRESSL_VERSION_NUMBER
++{
+ sslContext->errorStr =
msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_CTX_new() failed"));
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+diff --git a/src/network/ssl/qsslcontext_openssl_p.h
b/src/network/ssl/qsslcontext_openssl_p.h
+index 70cb97aa..01a61cf5 100644
+--- a/src/network/ssl/qsslcontext_openssl_p.h
[gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
commit: 8ededff26ca832ef16f40e986c3cf85062de3428
Author: Andreas Sturmlechner gentoo org>
AuthorDate: Tue Jun 9 19:05:03 2020 +
Commit: Andreas Sturmlechner gentoo org>
CommitDate: Wed Jun 10 17:52:29 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ededff2
dev-qt/qtnetwork: Fix CVE-2020-13962
Tested-by: Sam James (sam_c) cmpct.info
Closes: https://bugs.gentoo.org/727604
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Andreas Sturmlechner gentoo.org>
.../files/qtnetwork-5.14.2-CVE-2020-13962.patch| 172 +
dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild| 66
2 files changed, 238 insertions(+)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch
b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch
new file mode 100644
index 000..9bbdda61a25
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch
@@ -0,0 +1,172 @@
+From 8ddffc6ba4f38bb8dbeb0cf61b6b10ee73505bbb Mon Sep 17 00:00:00 2001
+From: Timur Pocheptsov
+Date: Mon, 13 Apr 2020 20:31:34 +0200
+Subject: [PATCH] OpenSSL: handle SSL_shutdown's errors properly
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+Do not call SSL_shutdown on a session that is in handshake state
(SSL_in_init(s)
+returns 1). Also, do not call SSL_shutdown if a session encountered a fatal
+error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown
+was unsuccessful (returned code != 1), we have to clear the error(s) it queued.
+Unfortunately, SSL_in_init was a macro in OpenSSL 1.0.x. We have to
+resolve SSL_state to implement SSL_in_init.
+
+Fixes: QTBUG-83450
+Change-Id: I6326119f4e79605429263045ac20605c30dccca3
+Reviewed-by: MÃ¥rten Nordheim
+(cherry picked from commit 8907635da59c2ae0e8db01f27b24a841b830e655)
+---
+ src/network/ssl/qsslsocket.cpp | 2 +-
+ src/network/ssl/qsslsocket_openssl.cpp | 23 --
+ src/network/ssl/qsslsocket_openssl11_symbols_p.h | 7 +++
+ src/network/ssl/qsslsocket_openssl_symbols.cpp | 8
+ .../ssl/qsslsocket_opensslpre11_symbols_p.h| 2 ++
+ src/network/ssl/qsslsocket_p.h | 1 +
+ 6 files changed, 36 insertions(+), 7 deletions(-)
+
+diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
+index 4e9e9472631..5c9e589ec39 100644
+--- a/src/network/ssl/qsslsocket.cpp
b/src/network/ssl/qsslsocket.cpp
+@@ -2166,7 +2166,7 @@ void QSslSocketPrivate::init()
+ pendingClose = false;
+ flushTriggered = false;
+ ocspResponses.clear();
+-
++systemOrSslErrorDetected = false;
+ // we don't want to clear the ignoreErrorsList, so
+ // that it is possible setting it before connecting
+ //ignoreErrorsList.clear();
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp
b/src/network/ssl/qsslsocket_openssl.cpp
+index 51510f1c60b..855865209bc 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -648,10 +648,16 @@ bool QSslSocketBackendPrivate::initSslContext()
+ void QSslSocketBackendPrivate::destroySslContext()
+ {
+ if (ssl) {
+-// We do not send a shutdown alert here. Just mark the session as
+-// resumable for qhttpnetworkconnection's "optimization", otherwise
+-// OpenSSL won't start a session resumption.
+-q_SSL_shutdown(ssl);
++if (!q_SSL_in_init(ssl) && !systemOrSslErrorDetected) {
++// We do not send a shutdown alert here. Just mark the session as
++// resumable for qhttpnetworkconnection's "optimization",
otherwise
++// OpenSSL won't start a session resumption.
++if (q_SSL_shutdown(ssl) != 1) {
++// Some error may be queued, clear it.
++const auto errors = getErrorsFromOpenSsl();
++Q_UNUSED(errors);
++}
++}
+ q_SSL_free(ssl);
+ ssl = nullptr;
+ }
+@@ -1084,6 +1090,7 @@ void QSslSocketBackendPrivate::transmit()
+ case SSL_ERROR_SSL: // error in the SSL library
+ // we do not know exactly what the error is, nor whether we
can recover from it,
+ // so just return to prevent an endless loop in the outer
"while" statement
++systemOrSslErrorDetected = true;
+ {
+ const ScopedBool bg(inSetAndEmitError, true);
+ setErrorAndEmit(QAbstractSocket::SslInternalError,
+@@ -1681,8 +1688,12 @@ bool QSslSocketBackendPrivate::checkOcspStatus()
+ void QSslSocketBackendPrivate::disconnectFromHost()
+ {
+ if (ssl) {
+-if (!shutdown) {
+-q_SSL_shutdown(ssl);
++if (!shutdown && !q_SSL_in_init(ssl) && !systemOrSslErrorDetected) {
++if (q_SSL_shutdown(ssl) != 1) {
++// Some error may be queued, clear it.
[gentoo-commits] repo/gentoo:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
commit: 568a924b3f62d0acff635b2379aedd85ebbc0b99
Author: Stefan Strogin gentoo org>
AuthorDate: Wed May 27 08:26:20 2020 +
Commit: Stefan Strogin gentoo org>
CommitDate: Thu May 28 05:50:22 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=568a924b
dev-qt/qtnetwork: add patch for LibreSSL
Closes: https://bugs.gentoo.org/562050
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Stefan Strogin gentoo.org>
.../files/qtnetwork-5.15.0-libressl.patch | 340 +
dev-qt/qtnetwork/qtnetwork-5.15.0.ebuild | 9 +-
2 files changed, 347 insertions(+), 2 deletions(-)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.0-libressl.patch
b/dev-qt/qtnetwork/files/qtnetwork-5.15.0-libressl.patch
new file mode 100644
index 000..d0a4796639b
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.0-libressl.patch
@@ -0,0 +1,340 @@
+From 4774fcd31a49f6f193bf10990601ad494fab2013 Mon Sep 17 00:00:00 2001
+From: Stefan Strogin
+Date: Wed, 5 Feb 2020 03:49:35 +0200
+Subject: [PATCH] QSslSocket - add LibreSSL support
+
+Upstream-Status: Inappropriate
+[Upstream is not willing to accept any patches for LibreSSL support]
+Signed-off-by: Stefan Strogin
+---
+ src/network/ssl/qsslcertificate_openssl.cpp | 2 +-
+ src/network/ssl/qsslcontext_openssl.cpp | 17 +++-
+ src/network/ssl/qsslcontext_openssl_p.h | 7 +++
+ src/network/ssl/qsslsocket_openssl.cpp| 2 +-
+ .../ssl/qsslsocket_openssl_symbols.cpp| 25 +++
+ .../ssl/qsslsocket_openssl_symbols_p.h| 43 +++
+ 6 files changed, 93 insertions(+), 3 deletions(-)
+
+diff --git a/src/network/ssl/qsslcertificate_openssl.cpp
b/src/network/ssl/qsslcertificate_openssl.cpp
+index 6f1fb26a..eba5a729 100644
+--- a/src/network/ssl/qsslcertificate_openssl.cpp
b/src/network/ssl/qsslcertificate_openssl.cpp
+@@ -658,7 +658,7 @@ static QMultiMap
_q_mapFromX509Name(X509_NAME *name)
+ unsigned char *data = nullptr;
+ int size = q_ASN1_STRING_to_UTF8(,
q_X509_NAME_ENTRY_get_data(e));
+ info.insert(name, QString::fromUtf8((char*)data, size));
+-#if QT_CONFIG(opensslv11)
++#if QT_CONFIG(opensslv11) && !defined(LIBRESSL_VERSION_NUMBER)
+ q_CRYPTO_free(data, nullptr, 0);
+ #else
+ q_CRYPTO_free(data);
+diff --git a/src/network/ssl/qsslcontext_openssl.cpp
b/src/network/ssl/qsslcontext_openssl.cpp
+index 0aa8a4f4..f161af8a 100644
+--- a/src/network/ssl/qsslcontext_openssl.cpp
b/src/network/ssl/qsslcontext_openssl.cpp
+@@ -397,16 +397,28 @@ init_context:
+ maxVersion = DTLS1_VERSION;
+ break;
+ case QSsl::DtlsV1_0OrLater:
++#ifdef DTLS_MAX_VERSION
+ minVersion = DTLS1_VERSION;
+ maxVersion = DTLS_MAX_VERSION;
++#else
++Q_UNREACHABLE();
++#endif // DTLS_MAX_VERSION
+ break;
+ case QSsl::DtlsV1_2:
++#ifdef DTLS1_2_VERSION
+ minVersion = DTLS1_2_VERSION;
+ maxVersion = DTLS1_2_VERSION;
++#else
++Q_UNREACHABLE();
++#endif // DTLS1_2_VERSION
+ break;
+ case QSsl::DtlsV1_2OrLater:
++#if defined(DTLS1_2_VERSION) && defined(DTLS_MAX_VERSION)
+ minVersion = DTLS1_2_VERSION;
+ maxVersion = DTLS_MAX_VERSION;
++#else
++Q_UNREACHABLE();
++#endif // DTLS1_2_VERSION && DTLS_MAX_VERSION
+ break;
+ case QSsl::TlsV1_3OrLater:
+ #ifdef TLS1_3_VERSION
+@@ -696,6 +708,7 @@ void QSslContext::applyBackendConfig(QSslContext
*sslContext)
+ }
+ #endif // ocsp
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ QSharedPointer cctx(q_SSL_CONF_CTX_new(),
_SSL_CONF_CTX_free);
+ if (cctx) {
+ q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx);
+@@ -742,7 +755,9 @@ void QSslContext::applyBackendConfig(QSslContext
*sslContext)
+ sslContext->errorStr =
msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_finish() failed"));
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+-} else {
++} else
++#endif // LIBRESSL_VERSION_NUMBER
++{
+ sslContext->errorStr =
msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_CTX_new() failed"));
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+diff --git a/src/network/ssl/qsslcontext_openssl_p.h
b/src/network/ssl/qsslcontext_openssl_p.h
+index 70cb97aa..01a61cf5 100644
+--- a/src/network/ssl/qsslcontext_openssl_p.h
b/src/network/ssl/qsslcontext_openssl_p.h
+@@ -61,6 +61,13 @@
+
+ QT_BEGIN_NAMESPACE
+
++#ifndef DTLS_ANY_VERSION
++#define DTLS_ANY_VERSION 0x1
++#endif
++#ifndef TLS_ANY_VERSION
++#define TLS_ANY_VERSION 0x1
++#endif
++
+ #ifndef QT_NO_SSL
+
+ class QSslContextPrivate;
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp
b/src/network/ssl/qsslsocket_openssl.cpp
+index 4be27aff..1f33911e 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -598,7 +598,7 @@ bool
