Debian Bug report logs - #828522
qt4-x11: FTBFS with openssl 1.1.0

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: submit@bugs.debian.org

Subject: qt4-x11: FTBFS with openssl 1.1.0

Date: Sun, 26 Jun 2016 12:23:53 +0200

Source: qt4-x11
Version: 4.8.7+dfsg-7
Severity: important
Control: block 827061 by -1

Hi,

OpenSSL 1.1.0 is about to released.  During a rebuild of all packages using
OpenSSL this package fail to build.  A log of that build can be found at:
https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/qt4-x11_4.8.7+dfsg-7_amd64-20160529-1519

On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the
reasons why it might fail.  There are also updated man pages at
https://www.openssl.org/docs/manmaster/ that should contain useful information.

There is a libssl-dev package available in experimental that contains a recent
snapshot, I suggest you try building against that to see if everything works.

If you have problems making things work, feel free to contact us.


Kurt

Message #12 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

To: debian-devel@lists.debian.org

Cc: 828522@bugs.debian.org, 828523@bugs.debian.org

Subject: Re: OpenSSL 1.1.0

Date: Mon, 27 Jun 2016 10:04:24 -0300

[Message part 1 (text/plain, inline)]

On sábado, 11 de junio de 2016 2:30:37 P. M. ART Kurt Roeckx wrote:
> Hi,
> 
> The release of OpenSSL 1.1.0 is getting nearer.  Some packages
> will no longer build with the new version without changes.  Most
> of those changes should be trivial, like you can't allocate some
> structures on the stack anymore and need to use the correct _new()
> and _free() function.
[snip] 

>    qt4-x11 (U)
>    qtbase-opensource-src (U)

I'm afraid this are not good news from the Qt side.

= Qt 4

Qt 4 is dead upstream, so we have two choices:

- Someone to come up with a patch.
- Remove libSSL usage, causing a nightmare for many Qt4-based apps that are 
still in the archive.

I have learned the Qt does a heavy usage of libSSL, so porting might not be 
trivial. For whatever of the two possible choices above I would not mind going 
ahead with them for Buster, but for Stretch I think it's too late. Even if we 
had a patch I would really want some time to let users check everything works 
as expected, and we are currently have less than 6 months already :-/

= Qt 5

The Qt 5 situation is similar, except releasing Qt5 without ssl support is, 
I'm afraid, a non-go. The Qt upstream in charge of the ssl code said he 
*might* probably have libssl 1.1.0 support ready for 5.8 [note] which will 
happen too [late] for releasing Stretch. Having a non-official patch might be 
doable, but we still need someone to code it and time to test it. Again, with 
the current Stretch time frame, I don't think that's doable.

[note] It's worth to note that he is not working on simply adapting the new 
code but a complete rewrite of the SSL usage in Qt, so even if we had a patch 
I don't think we could have him reviewing it in the short time.

[late] End of year as early.

Thanks to Sune Vuorela for asking upstream about this :)

-- 
Evite los parámetros estáticos. Si son inevitables, haga que el emisor
y el receptor negocien un valor.
  Andrew S. Tanenbaum, de su libro "Computer Networks"

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/

[signature.asc (application/pgp-signature, inline)]

Message #17 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Gert Wollny <gw.fossdev@gmail.com>

To: debian-devel@lists.debian.org

Cc: 828522@bugs.debian.org

Subject: Re: OpenSSL 1.1.0

Date: Mon, 27 Jun 2016 16:01:05 +0200

Hello, 


> = Qt 4
> 
> Qt 4 is dead upstream, so we have two choices:
> 
> - Someone to come up with a patch.

I volunteer to look into this. From what I've seen in DCMTK, the
changes are not too intrusive, most of the time it is just replacing
direct access to member variables with access functions because the
structures are now opaque.  

Best, 
Gert 

Message #22 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Gert Wollny <gw.fossdev@gmail.com>

To: 828522@bugs.debian.org

Subject: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Mon, 27 Jun 2016 17:06:48 +0200

Hi, 

while there was a little section about what breaks with QT on [1] it
didn't mention that the threading model was changed completely without
any compatibility layer, and QT4 uses this old threading model in their
network/ssl layer - or at least they provide and set the locking
callbacks.

So unless openssl upstream (or someone else knowledgeable) gives an
clear indication how to replace the old threading model with the new
one, I'd rather not touch this part of the code. 

I'll see, however, whether I can provide a patch for the other compile
errors. 

best, 
Gert 

[1] https://wiki.openssl.org/index.php/1.1_API_Changes

Message #27 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

To: Gert Wollny <gw.fossdev@gmail.com>, 828522@bugs.debian.org

Cc: debian-devel@lists.debian.org

Subject: Re: Bug#828522: OpenSSL 1.1.0

Date: Mon, 27 Jun 2016 12:41:45 -0300

[Message part 1 (text/plain, inline)]

On lunes, 27 de junio de 2016 4:01:05 P. M. ART Gert Wollny wrote:
> Hello, 
> 
> > = Qt 4
> > 
> > Qt 4 is dead upstream, so we have two choices:
> > 
> > - Someone to come up with a patch.
> 
> I volunteer to look into this. From what I've seen in DCMTK, the
> changes are not too intrusive, most of the time it is just replacing
> direct access to member variables with access functions because the
> structures are now opaque.  

That's very appreciated, thanks!



-- 
18: Como se pueden evitar los problemas de alimentacion electrica
    * No coma cerca de un enchufe
    Damian Nadales
    http://mx.grulic.org.ar/lurker/message/20080307.141449.a70fb2fc.es.html

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/

[signature.asc (application/pgp-signature, inline)]

Message #32 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

To: debian-qt-kde@lists.debian.org, Gert Wollny <gw.fossdev@gmail.com>, 828522@bugs.debian.org, 828522-submitter@bugs.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Mon, 27 Jun 2016 13:34:02 -0300

[Message part 1 (text/plain, inline)]

On lunes, 27 de junio de 2016 5:06:48 P. M. ART Gert Wollny wrote:
> Hi, 
> 
> while there was a little section about what breaks with QT on [1] it
> didn't mention that the threading model was changed completely without
> any compatibility layer, and QT4 uses this old threading model in their
> network/ssl layer - or at least they provide and set the locking
> callbacks.
> 
> So unless openssl upstream (or someone else knowledgeable) gives an
> clear indication how to replace the old threading model with the new
> one, I'd rather not touch this part of the code. 
> 
> I'll see, however, whether I can provide a patch for the other compile
> errors. 

Ah, right, upstream also mentioned that, although for Qt 5. So this is even 
more complicated than what I first assumed.

CC-ing Kurt here to both let him know and maybe sugest something.

Thanks Gert for looking into this!


-- 
"Hola, soy su amigo Chespirito. Cuando estaba yo en el vientre de mi madre,
ella sufrió un accidente que la puso al borde de la muerte. El médico le
dijo: -Tendrás que abortar. Y ella respondió: -¿Abortar yo? Jamás.
Es decir, defendió la vida, mi vida. Y gracias a ello estoy aquí."
  Roberto "Chespirito" Gómez Bolaños
  http://es.wikipedia.org/wiki/Chespirito

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/

[signature.asc (application/pgp-signature, inline)]

Message #40 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, 828522-quiet@bugs.debian.org

Cc: debian-qt-kde@lists.debian.org, Gert Wollny <gw.fossdev@gmail.com>, 828522@bugs.debian.org, 828522-submitter@bugs.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Mon, 27 Jun 2016 20:25:44 +0200

On Mon, Jun 27, 2016 at 01:34:02PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote:
> On lunes, 27 de junio de 2016 5:06:48 P. M. ART Gert Wollny wrote:
> > Hi, 
> > 
> > while there was a little section about what breaks with QT on [1] it
> > didn't mention that the threading model was changed completely without
> > any compatibility layer, and QT4 uses this old threading model in their
> > network/ssl layer - or at least they provide and set the locking
> > callbacks.
> > 
> > So unless openssl upstream (or someone else knowledgeable) gives an
> > clear indication how to replace the old threading model with the new
> > one, I'd rather not touch this part of the code. 
> > 
> > I'll see, however, whether I can provide a patch for the other compile
> > errors. 
> 
> Ah, right, upstream also mentioned that, although for Qt 5. So this is even 
> more complicated than what I first assumed.
> 
> CC-ing Kurt here to both let him know and maybe sugest something.
> 
> Thanks Gert for looking into this!

From what I understand, you don't need to the the thread callbacks
anymore, the old functions are macro's that don't do a thing.  It
should set up threading support and locking internally.

So can you clarify what kind of things you see as issue?


Kurt

Message #53 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Gert Wollny <gw.fossdev@gmail.com>

To: Kurt Roeckx <kurt@roeckx.be>, Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, 828522-quiet@bugs.debian.org

Cc: debian-qt-kde@lists.debian.org, 828522@bugs.debian.org, 828522-submitter@bugs.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Mon, 27 Jun 2016 22:49:44 +0200

> From what I understand, you don't need to the the thread callbacks
> anymore, the old functions are macro's that don't do a thing.  It
> should set up threading support and locking internally.
> 
> So can you clarify what kind of things you see as issue?
This was essentially the clarification regarding the threads that I
needed. 

So far I've identified all the places that need to be fixes. It seems
however, that libopenssl is no linked directly, so I either have to add
the defines for resolving the new functions and adding that q_* wrapper
thing for the newly used access functions, or we change the package
build rules to link openssl directly.

best, 
Gert 

Message #66 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

To: Gert Wollny <gw.fossdev@gmail.com>

Cc: "Debian Qt/KDE Maintainers" <debian-qt-kde@lists.debian.org>, 828522-submitter@bugs.debian.org, Kurt Roeckx <kurt@roeckx.be>, 828522@bugs.debian.org, 828522-quiet@bugs.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Mon, 27 Jun 2016 19:00:59 -0300

[Message part 1 (text/plain, inline)]

You can't link to it directly due to licensing issues.

-- 
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/
El jun 27, 2016 5:49 PM, "Gert Wollny" <gw.fossdev@gmail.com> escribió:

>
>
>
> > From what I understand, you don't need to the the thread callbacks
> > anymore, the old functions are macro's that don't do a thing.  It
> > should set up threading support and locking internally.
> >
> > So can you clarify what kind of things you see as issue?
> This was essentially the clarification regarding the threads that I
> needed.
>
> So far I've identified all the places that need to be fixes. It seems
> however, that libopenssl is no linked directly, so I either have to add
> the defines for resolving the new functions and adding that q_* wrapper
> thing for the newly used access functions, or we change the package
> build rules to link openssl directly.
>
> best,
> Gert
>

[Message part 2 (text/html, inline)]

Message #77 received at 828522-submitter@bugs.debian.org (full text, mbox, reply):

From: Gert Wollny <gw.fossdev@gmail.com>

To: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

Cc: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>, 828522-submitter@bugs.debian.org, Kurt Roeckx <kurt@roeckx.be>

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Tue, 28 Jun 2016 12:46:17 +0200

[Message part 1 (text/plain, inline)]

Control: tags -1 patch 

Hi, 

attached is the patch that I have come up with. 

I think that most of the changes are quite straightforward, but I'm not
quite sure whether "DSA_security_bits" is really a proper replacement
for "BN_num_bits(d->dsa->p)", likewise RSA_bits versus 
BN_num_bits(d->rsa->n). 

The package builds against openssl-1.1.0 (haven't tested the old
version yet). I don't know whether the test suite actually covers this
or whether is it even run (there is a ".PHONY: override_dh_auto_test"
in the d/rules file but no override_dh_auto_test target defined. 

Obviously the patch will need some review by people who are more
knowledgeable then me with respect to Qt and openssl. 

Best,
Gert 

PS: Applying this patch to qt5 mostly fails.

[qt4-openssl-1.1.0pre.patch (text/x-patch, attachment)]

Message #82 received at 828522-submitter@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Gert Wollny <gw.fossdev@gmail.com>

Cc: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>, 828522-submitter@bugs.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Tue, 28 Jun 2016 17:11:15 +0200

On Tue, Jun 28, 2016 at 12:46:17PM +0200, Gert Wollny wrote:
> Control: tags -1 patch 
> 
> Hi, 
> 
> attached is the patch that I have come up with. 
> 
> I think that most of the changes are quite straightforward, but I'm not
> quite sure whether "DSA_security_bits" is really a proper replacement
> for "BN_num_bits(d->dsa->p)", likewise RSA_bits versus 
> BN_num_bits(d->rsa->n). 

DSA_security_bits probably doesn't what you expect, it's clearly
not a replacement for the old code.  It gives an equivalent number
as if it was a symmetric cipher.  For a 2048 bit DSA key it would
return 112.  That's also the difference between RSA_bits and
RSA_security_bits.

You could to use DSA_get0_pqg(), and then use BN_num_bits
on p if you want the same.

You probably also want to add support for EC keys.

There are also the functions EVP_PKEY_bits() and
EVP_PKEY_security_bits(), which should work for any EVP_PKEY,
and I suggest you use that API instead.


Kurt

Message #85 received at 828522-submitter@bugs.debian.org (full text, mbox, reply):

From: Gert Wollny <gw.fossdev@gmail.com>

To: Kurt Roeckx <kurt@roeckx.be>

Cc: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>, 828522-submitter@bugs.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Tue, 28 Jun 2016 19:36:27 +0200

[Message part 1 (text/plain, inline)]

Am Dienstag, den 28.06.2016, 17:11 +0200 schrieb Kurt Roeckx:
> DSA_security_bits probably doesn't what you expect, it's clearly
> not a replacement for the old code.  It gives an equivalent number
> as if it was a symmetric cipher.  For a 2048 bit DSA key it would
> return 112.  That's also the difference between RSA_bits and
> RSA_security_bits.

Thanks, for the comments. I've now also looked up what is going on
there in the openssl code, and you are certainly right. 


> You could to use DSA_get0_pqg(), and then use BN_num_bits
> on p if you want the same.
Okay, the attached patch corrects this. 


> You probably also want to add support for EC keys.
>
> There are also the functions EVP_PKEY_bits() and
> EVP_PKEY_security_bits(), which should work for any EVP_PKEY,
> and I suggest you use that API instead.

Well, since I don't have any background in this area I'd rather not
make any changes to the code beyond translating the existing
functionality to the new interface. 

Best, 
Gert 

[qt4-openssl-1.1.0pre-2.patch (text/x-patch, attachment)]

Message #88 received at 828522-submitter@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Gert Wollny <gw.fossdev@gmail.com>

Cc: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>, 828522-submitter@bugs.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Tue, 28 Jun 2016 20:45:18 +0200

On Tue, Jun 28, 2016 at 07:36:27PM +0200, Gert Wollny wrote:
> Okay, the attached patch corrects this. 

I had a quick look at the patch and have some comments.

> --- a/src/network/ssl/qsslcertificate.cpp
> +++ b/src/network/ssl/qsslcertificate.cpp
> @@ -259,10 +259,15 @@
>  QByteArray QSslCertificate::version() const
>  {
>      QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
> -    if (d->versionString.isEmpty() && d->x509)
> +    if (d->versionString.isEmpty() && d->x509) {
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
>          d->versionString =
> -            QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
> -
> +	    QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
> +#else
> +        d->versionString =
> +	    QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1);
> +#endif

X509_get_version() exist in old versions (as macro), there is no
reason to have the version check, just always use it.

> @@ -276,7 +281,11 @@
>  {
>      QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
>      if (d->serialNumberString.isEmpty() && d->x509) {
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
>          ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
> +#else
> +        ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509);
> +#endif

Same as above.


> @@ -489,24 +498,33 @@
>      QSslKey key;
>  
>      key.d->type = QSsl::PublicKey;
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
>      X509_PUBKEY *xkey = d->x509->cert_info->key;
> +#else
> +    X509_PUBKEY *xkey = q_X509_get_X509_PUBKEY(d->x509);
> +#endif
>      EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);
>      Q_ASSERT(pkey);
>  
> -    if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {
> +    int key_id;
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +    key_id = q_EVP_PKEY_type(pkey->type);
> +#else
> +    key_id = q_EVP_PKEY_id(pkey);
> +#endif

You probably want EVP_PKEY_base_id here, look at the manpage.

> +    if (key_id == EVP_PKEY_RSA) {
>          key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);
>          key.d->algorithm = QSsl::Rsa;
>          key.d->isNull = false;
> -    } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
> +    } else if (key_id == EVP_PKEY_DSA) {
>          key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);
>          key.d->algorithm = QSsl::Dsa;
>          key.d->isNull = false;
> -    } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {
> +    } else if (key_id == EVP_PKEY_DH) {
>          // DH unsupported
>      } else {
>          // error?
>      }

As already explain, you want to have EC support.

>  
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +	  q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle());
> +#else
> +	  q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509 *)caCertificate.handle());
> +#endif

SSL_CTX_get_cert_store should exist in old version.


Kurt

Message #91 received at 828522-submitter@bugs.debian.org (full text, mbox, reply):

From: Gert Wollny <gw.fossdev@gmail.com>

To: Kurt Roeckx <kurt@roeckx.be>

Cc: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>, 828522-submitter@bugs.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Tue, 28 Jun 2016 21:53:20 +0200

[Message part 1 (text/plain, inline)]

Thanks for the review. 

Am Dienstag, den 28.06.2016, 20:45 +0200 schrieb Kurt Roeckx:
> On Tue, Jun 28, 2016 at 07:36:27PM +0200, Gert Wollny wrote:
> > 
> > 
> X509_get_version() exist in old versions (as macro), there is no
> reason to have the version check, just always use it.
Done.  

> 
> > 
> > @@ -276,7 +281,11 @@
> >  {
> >      QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
> >      if (d->serialNumberString.isEmpty() && d->x509) {
> > +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> >          ASN1_INTEGER *serialNumber = d->x509->cert_info-
> > >serialNumber;
> > +#else
> > +        ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d-
> > >x509);
> > +#endif
> Same as above.
Done (it is actually a function). 

> 
> You probably want EVP_PKEY_base_id here, look at the manpage.
Corrected. 

> As already explain, you want to have EC support.
Well, I know C/C++ and think that I am able to adapt the existing code
to the new interface, but I really don't want to implement additional
functionality that I don't have any knowledge of, especially in a
security related area like here. So if this EC support is really of
interest then I kindly ask that someone steps up who knows what this is
and how it should be properly be implemented.

In fact I think that this should probably be handled in another
(whishlist) bug.

> SSL_CTX_get_cert_store should exist in old version.
Also done. 

best, 
Gert

[qt4-openssl-1.1.0pre-3.patch (text/x-patch, attachment)]

Message #96 received at 828522-quiet@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Gert Wollny <gw.fossdev@gmail.com>, 828522-quiet@bugs.debian.org

Cc: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>, 828522-submitter@bugs.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Tue, 30 Aug 2016 08:51:23 +0200

On Tue, Jun 28, 2016 at 09:53:20PM +0200, Gert Wollny wrote:
> Thanks for the review. 

Can I ask what the current state of this is?


Kurt

Message #104 received at 828522-quiet@bugs.debian.org (full text, mbox, reply):

From: Gert Wollny <gw.fossdev@gmail.com>

To: Kurt Roeckx <kurt@roeckx.be>, 828522-quiet@bugs.debian.org

Cc: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>, 828522-submitter@bugs.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Tue, 30 Aug 2016 12:40:12 +0200

Am Dienstag, den 30.08.2016, 08:51 +0200 schrieb Kurt Roeckx:
> On Tue, Jun 28, 2016 at 09:53:20PM +0200, Gert Wollny wrote:
> > 
> > Thanks for the review. 
> Can I ask what the current state of this is?

IIRC the last patch applies properly and compiles with openssl 1.0 and
1.1, but since the package doesn't run a test suite at build time I
have no Idea whether it breaks functionality or not.

As I pointed out before, I'm neither anopenssl nor a Qt expert, so
additional reviews of the patch would probably be sensible. 

Best, 
Gert 

Message #112 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

To: Gert Wollny <gw.fossdev@gmail.com>, 828522@bugs.debian.org, 828522-submitter@bugs.debian.org, 828523@bugs.debian.org

Cc: Kurt Roeckx <kurt@roeckx.be>

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Tue, 30 Aug 2016 08:42:07 -0300

[Message part 1 (text/plain, inline)]

Hi! I'm CCing the Qt5 bug too because this concerns both versions.

On martes, 30 de agosto de 2016 12:40:12 P. M. ART Gert Wollny wrote:
> Am Dienstag, den 30.08.2016, 08:51 +0200 schrieb Kurt Roeckx:
> > On Tue, Jun 28, 2016 at 09:53:20PM +0200, Gert Wollny wrote:
> > > Thanks for the review. 
> > 
> > Can I ask what the current state of this is?
> 
> IIRC the last patch applies properly and compiles with openssl 1.0 and
> 1.1, but since the package doesn't run a test suite at build time I
> have no Idea whether it breaks functionality or not.
> 
> As I pointed out before, I'm neither anopenssl nor a Qt expert, so
> additional reviews of the patch would probably be sensible. 

Even if I could check the "Qt side" of the patch I would also not be able to 
asser the correctnes of the openssl side. But on the other hand Qt4 is dead 
upstream, so we could push it to the archive and see what happens... Not the 
best idea around, but a compromise solution. And we only have less than three 
months before freeze :-/

But even if we could do that with Qt4 we would still have to fix Qt5 too. 
OpenSSL final was released a couple of days ago, so upstream will probably 
start to work on this soon.We want upstream to do this change because they 
know much better than us what's around the code. But this also means that this 
won't be ready for stretch.

I do *really* understand that, much in the same way I would like to support 
only Qt5, it would be preferable to support only one openssl version in 
stretch, but I think we are already too late for this from the Qt side.

I would be perfectly happy to push the Qt4 patch once we get stretch released, 
and we will probably have a compatible Qt5 version around that time too.

Kinds regards, Lisandro.

-- 

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/

[signature.asc (application/pgp-signature, inline)]

Message #120 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

To: 828522@bugs.debian.org

Cc: Gert Wollny <gw.fossdev@gmail.com>, 828522-submitter@bugs.debian.org, 828523@bugs.debian.org, Kurt Roeckx <kurt@roeckx.be>

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Thu, 1 Sep 2016 22:04:26 +0200

On 2016-08-30 08:42:07 [-0300], Lisandro Damián Nicanor Pérez Meyer wrote:
> Hi! I'm CCing the Qt5 bug too because this concerns both versions.

Could someone please comment if whatever happens in
	https://bugreports.qt.io/browse/QTBUG-52905
is related to what happens here?

Sebastian

Message #128 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

To: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>, 828522@bugs.debian.org

Cc: Gert Wollny <gw.fossdev@gmail.com>, Kurt Roeckx <kurt@roeckx.be>, 828522-submitter@bugs.debian.org, 828523@bugs.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Thu, 1 Sep 2016 18:13:20 -0300

[Message part 1 (text/plain, inline)]

Totally  and it seems it's targeted at 5.9. That's next year

-- 
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/

[Message part 2 (text/html, inline)]

Message #138 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

To: debian-qt-kde@lists.debian.org, Sebastian Andrzej Siewior <sebastian@breakpoint.cc>, 828522@bugs.debian.org

Cc: Gert Wollny <gw.fossdev@gmail.com>, 828522-submitter@bugs.debian.org, 828523@bugs.debian.org, Kurt Roeckx <kurt@roeckx.be>, pkg-kde-talk@lists.alioth.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Wed, 26 Oct 2016 19:06:46 -0300

[Message part 1 (text/plain, inline)]

I have just noted that this bug has been marked as RC. As I have wrote before: 
we have a patch that has *not* been tested with time and will not be ACKed by 
upstream. Moreover few weeks before the freeze is *not* the moment to do such 
a change because we have no time to really test the changes are really 
functional.

I won't personally go any further with this until stretch+1, so if you plan to 
continue with this be ready to remove qt4 and all it's reverse dependencies 
from the archive.

Regards, Lisandro.


-- 
You know it's love when you memorize her IP number to skip DNS overhead.
  Anonymous

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/

[signature.asc (application/pgp-signature, inline)]

Message #148 received at 828522-quiet@bugs.debian.org (full text, mbox, reply):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

To: Gert Wollny <gw.fossdev@gmail.com>

Cc: Kurt Roeckx <kurt@roeckx.be>, 828522-quiet@bugs.debian.org, Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>, 828522-submitter@bugs.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Sat, 29 Oct 2016 22:32:34 +0200

On 2016-08-30 12:40:12 [+0200], Gert Wollny wrote:
> 
> Am Dienstag, den 30.08.2016, 08:51 +0200 schrieb Kurt Roeckx:
> > On Tue, Jun 28, 2016 at 09:53:20PM +0200, Gert Wollny wrote:
> > > 
> > > Thanks for the review. 
> > Can I ask what the current state of this is?
> 
> IIRC the last patch applies properly and compiles with openssl 1.0 and
> 1.1, but since the package doesn't run a test suite at build time I
> have no Idea whether it breaks functionality or not.
> 
> As I pointed out before, I'm neither anopenssl nor a Qt expert, so
> additional reviews of the patch would probably be sensible. 

I've been looking at the patch [0]. It all looks good to me. Most of the
stuff is 1:1 replacement for the accessors. The locking stuff is gone
because the new pthread model that is used renders it unnecessary.
cipher->valid check in resetDefaultCiphers() can be skipped because
openssl returns only valid ciphers not alias ciphers (those have ->valid
set to 0 and are ciphers like "ECDHE" which contain all ciphers that
have something to do with ECDHE but is not an actuall cipher).
So it all looks good to me.

resetDefaultCiphers() tries to add all "openssl DEFAULT" ciphers to its
internal list except for the anonymous DH cipher. Those are not part of
the DEFAULT suite (atleast for 1.0.2 & 1.1.0).

abigail reports no ABI change. One thing that confuses me: Why has none
of the libraries a dependency on libssl?

[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828522#91

> Best, 
> Gert 

Sebastian

Message #156 received at 828522-quiet@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>, 828522-quiet@bugs.debian.org

Cc: Gert Wollny <gw.fossdev@gmail.com>, Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>, 828522-submitter@bugs.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Sat, 29 Oct 2016 23:26:49 +0200

On Sat, Oct 29, 2016 at 10:32:34PM +0200, Sebastian Andrzej Siewior wrote:
> One thing that confuses me: Why has none
> of the libraries a dependency on libssl?

From what I understand they use dlopen() and this would allow GPL
applications to use QT when they don't use OpenSSL. (QT itself
being LGPL)

This is of course potentionally problematic if we have 2 versions
of openssl that get linked into the same application.


Kurt

Message #164 received at 828522-quiet@bugs.debian.org (full text, mbox, reply):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

To: Kurt Roeckx <kurt@roeckx.be>

Cc: 828522-quiet@bugs.debian.org, Gert Wollny <gw.fossdev@gmail.com>, Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>, 828522-submitter@bugs.debian.org

Subject: Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

Date: Sat, 29 Oct 2016 23:46:08 +0200

On 2016-10-29 23:26:49 [+0200], Kurt Roeckx wrote:
> On Sat, Oct 29, 2016 at 10:32:34PM +0200, Sebastian Andrzej Siewior wrote:
> > One thing that confuses me: Why has none
> > of the libraries a dependency on libssl?
> 
> From what I understand they use dlopen() and this would allow GPL
> applications to use QT when they don't use OpenSSL. (QT itself
> being LGPL)

Ach right. I though they do some strange symbol hinding with their
define and the q_ prefix but this makes sense. So drom looking at the
code they do only dlopen() so it should all good.

> This is of course potentionally problematic if we have 2 versions
> of openssl that get linked into the same application.

Now that you mention this, #804487 is a proof of something related.

> Kurt

Sebastian

Message #172 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

To: 828522@bugs.debian.org

Cc: 828522-submitter@bugs.debian.org

Subject: Reducing severity

Date: Thu, 03 Nov 2016 10:47:09 -0300

[Message part 1 (text/plain, inline)]

severity 828522 important
thanks

Qt4 has been uploaded with it's dependency on libssl-dev switched to 
libssl1.0-dev so I'm downgrading this bug.

We will happily push the patch when the Buster cycle starts.

Kinds regards, Lisandro.


-- 
http://xkcd.com/150/
Personas como ésta no se encuentran todos los días. Y cuando uno las
encuentra, suelen no estar disponibles.
Si encontrás una, no la pierdas.

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/

[signature.asc (application/pgp-signature, inline)]

Message #190 received at 828522-close@bugs.debian.org (full text, mbox, reply):

From: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>

To: 828522-close@bugs.debian.org

Subject: Bug#828522: fixed in qt4-x11 4:4.8.7+dfsg-12

Date: Tue, 15 Aug 2017 18:09:48 +0000

Source: qt4-x11
Source-Version: 4:4.8.7+dfsg-12

We believe that the bug you reported is fixed in the latest version of
qt4-x11, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 828522@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org> (supplier of updated qt4-x11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 15 Aug 2017 13:25:00 -0300
Source: qt4-x11
Binary: libqtcore4 qtcore4-l10n libqtgui4 libqt4-network libqt4-opengl libqt4-script libqt4-scripttools libqt4-sql libqt4-sql-ibase libqt4-sql-mysql libqt4-sql-odbc libqt4-sql-psql libqt4-sql-sqlite libqt4-sql-sqlite2 libqt4-sql-tds libqt4-svg libqt4-xml libqt4-xmlpatterns libqt4-dbus libqtdbus4 libqt4-qt3support libqt4-designer libqt4-help libqt4-test libqt4-phonon libqt4-declarative libqt4-declarative-folderlistmodel libqt4-declarative-gestures libqt4-declarative-particles libqt4-declarative-shaders libqt4-dev libqt4-dev-bin libqt4-opengl-dev libqt4-dbg libqt4-designer-dbg libqt4-qt3support-dbg libqt4-script-dbg libqt4-xmlpatterns-dbg qt4-bin-dbg qt4-demos-dbg qt4-designer qt4-dev-tools qt4-qmake qt4-qtconfig qt4-demos qt4-qmlviewer qt4-linguist-tools qdbus qt4-doc qt4-doc-html qt4-default
Architecture: all source
Version: 4:4.8.7+dfsg-12
Distribution: experimental
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Closes: 828522
Description: 
 libqt4-dbg - Qt 4 library debugging symbols
 libqt4-dbus - Qt 4 D-Bus module
 libqt4-declarative-folderlistmodel - Qt 4 folderlistmodel QML plugin
 libqt4-declarative-gestures - Qt 4 gestures QML plugin
 libqt4-declarative-particles - Qt 4 particles QML plugin
 libqt4-declarative - Qt 4 Declarative module
 libqt4-declarative-shaders - Qt 4 shaders QML plugin
 libqt4-designer-dbg - Qt 4 designer library debugging symbols
 libqt4-designer - Qt 4 designer module
 libqt4-dev-bin - Qt 4 development programs
 libqt4-dev - Qt 4 development files
 libqt4-help - Qt 4 help module
 libqt4-network - Qt 4 network module
 libqt4-opengl-dev - Qt 4 OpenGL library development files
 libqt4-opengl - Qt 4 OpenGL module
 libqt4-phonon - Qt 4 Phonon module
 libqt4-qt3support-dbg - Qt 3 compatibility library for Qt 4 debugging symbols
 libqt4-qt3support - Qt 3 compatibility library for Qt 4
 libqt4-script-dbg - Qt 4 script library debugging symbols
 libqt4-script - Qt 4 script module
 libqt4-scripttools - Qt 4 script tools module
 libqt4-sql-ibase - Qt 4 InterBase/FireBird database driver
 libqt4-sql-mysql - Qt 4 MySQL database driver
 libqt4-sql-odbc - Qt 4 ODBC database driver
 libqt4-sql-psql - Qt 4 PostgreSQL database driver
 libqt4-sql - Qt 4 SQL module
 libqt4-sql-sqlite2 - Qt 4 SQLite 2 database driver
 libqt4-sql-sqlite - Qt 4 SQLite 3 database driver
 libqt4-sql-tds - Qt 4 FreeTDS database driver
 libqt4-svg - Qt 4 SVG module
 libqt4-test - Qt 4 test module
 libqt4-xmlpatterns-dbg - Qt 4 XML patterns library debugging symbols
 libqt4-xmlpatterns - Qt 4 XML patterns module
 libqt4-xml - Qt 4 XML module
 libqtcore4 - Qt 4 core module
 libqtdbus4 - Qt 4 D-Bus module library
 libqtgui4  - Qt 4 GUI module
 qdbus      - Qt 4 D-Bus tool
 qt4-bin-dbg - Qt 4 binaries debugging symbols
 qt4-default - Qt 4 development defaults package
 qt4-demos-dbg - Qt 4 examples and demos debugging symbols
 qt4-demos  - Qt 4 examples and demos
 qt4-designer - graphical designer for Qt 4 applications
 qt4-dev-tools - Qt 4 development tools
 qt4-doc-html - Qt 4 API documentation (HTML format)
 qt4-doc    - Qt 4 API documentation
 qt4-linguist-tools - Qt 4 Linguist tools
 qt4-qmake  - Qt 4 qmake Makefile generator tool
 qt4-qmlviewer - Qt 4 QML viewer
 qt4-qtconfig - Qt 4 configuration tool
 qtcore4-l10n - Qt 4 core module translations
Changes:
 qt4-x11 (4:4.8.7+dfsg-12) experimental; urgency=medium
 .
   * Add openssl_1.1.patch to let Qt4 use OpenSSL 1.1 (Closes: #828522).
     - Switch libssl-1.0-dev to libssl-dev to use OpenSSL 1.1.
   * Update symbols files with current build log.
Checksums-Sha1: 
 ab7a76a2964b6baa75de27b9d04573409f802366 5959 qt4-x11_4.8.7+dfsg-12.dsc
 9b7fdac862287101c289c2f59b2849a65c64135e 322656 qt4-x11_4.8.7+dfsg-12.debian.tar.xz
 d8e925671c8645e2cef13c5c8393c4a42ab09a0a 44291556 qt4-doc-html_4.8.7+dfsg-12_all.deb
 29d848b908378388ec2f99e06c387259f24649bd 96248504 qt4-doc_4.8.7+dfsg-12_all.deb
 2d0adce41fc44e93e84d0701a5a20155c2cb132e 664944 qtcore4-l10n_4.8.7+dfsg-12_all.deb
Checksums-Sha256: 
 0884f0900bf9a362073bdbb42b82a6f93915742574ff9a4228f988f43166224a 5959 qt4-x11_4.8.7+dfsg-12.dsc
 b6cc9fd5bdd6d367a08d948400ec008c7b6977ac3734ffaef721bdd96f9e4210 322656 qt4-x11_4.8.7+dfsg-12.debian.tar.xz
 922a43a67d49ec05c49577ca804d7a59716ca6758d29bdf9bf4247ea5283b661 44291556 qt4-doc-html_4.8.7+dfsg-12_all.deb
 baf6d341fdb9ad9b9abed2b3811d3eaa0f6f3306b1597ab2069ca980ff87eddb 96248504 qt4-doc_4.8.7+dfsg-12_all.deb
 e7e9254fbef9fe8efda9e55e9c9801fb70014a235c774103e7818219d220e5fe 664944 qtcore4-l10n_4.8.7+dfsg-12_all.deb
Files: 
 9fd0c9ee4bf0acb027064cfd670a2a31 5959 libs optional qt4-x11_4.8.7+dfsg-12.dsc
 241714cce4f7803bdaaf1db8154f344d 322656 libs optional qt4-x11_4.8.7+dfsg-12.debian.tar.xz
 0095b516f2281c4d2d9fd57b09554f99 44291556 doc optional qt4-doc-html_4.8.7+dfsg-12_all.deb
 2ea1bfb3964ab9d3ceef82311deb6b00 96248504 doc optional qt4-doc_4.8.7+dfsg-12_all.deb
 f986bec17ce061156253358786ea34fd 664944 libs optional qtcore4-l10n_4.8.7+dfsg-12_all.deb

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEEt36hKwjsrvwSzE8q2RfQGKGp9AFAlmTMdcUHGxpc2FuZHJv
QGRlYmlhbi5vcmcACgkQq2RfQGKGp9BNFhAAiPMEQ1SXoYnqUPMK1cXeU9UwfZJ0
TzWANdVdhqthV7F+0VuCujc8iLBN0QXVks12wAeDeayZjZDfvR2LRfujXFKEmHAE
rvzzWgLJHgtnjnuUJ9c5zA08vTLashroutsdwyD5MWXXv5NXcXvHebifJLTLJch0
8l8kDkidRiW7SgtfCC4To4toNUO6j2/0CCXpfqHWrePtQMCuG0oNPhRbRe54HZG6
KUkbHosudOHw6Rqx20gf7Dv3uAeKPCCIHBShQs2hse8FL0tLWFASEbQ7kVgw0b4E
29r1iSF3Bg7ihyzjQb+dw8AsYXpP+J4q6mmLprLSEqH27vjl0QDvBWqeLcarwL9k
MYl55CpghETdYcL8v1kTzdPwAjf9brTsvTEXd1+CwE/r2n0BNJZrh9w22DndDABz
VciggR88/S/8MSsiNV6flcTL+mnNlBRGh2xlswtT87yuDvvJzEa7cdhCr8IVxdFA
Tjz7xPIGvms1R1wQgTrSpY7dmSHqo9Q6ALdDXIda8VGIA+fV6PeWF2NfcRO/0Gfu
7eGnuQoHCTSfl0G4dyk/1NhKrnqaWKdx7CYivBuRth/MerTCxxybuUJJ34ZBzfMO
G5/CmsjPbbEGUuRJL/fbCb0gDNw0vhS8N9wxc6MexNVsUn+4+XTe5gP71Cw3eRR2
3rj+SLcUtbyAH2U=
=AR5U
-----END PGP SIGNATURE-----

Message #195 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

To: control@bugs.debian.org

Cc: 828522@bugs.debian.org

Subject: Reopening

Date: Sat, 26 Aug 2017 10:15:59 -0300

[Message part 1 (text/plain, inline)]

reopen 828522
tag 828522 - patch
thanks

Looking at [bug] it seems that the proposed patch is not enough.

[bug] <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873275#5>

It seems that Qt4 is still wanting to access OpenSSL 1.0's functions.

-- 
Without us [Free Software developers], people would study computer science
and programming without ever having seen a real program in its entirety.
That's like becoming writers without ever having read a complete book.
  Matthias Ettrich, founder of the KDE project.
  http://www.efytimes.com/efytimes/25412/news.htm

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/

[signature.asc (application/pgp-signature, inline)]

Message #206 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

To: 828522@bugs.debian.org

Subject: qt4-x11: FTBFS with openssl 1.1.0

Date: Thu, 12 Oct 2017 23:44:13 +0200

Hi,

this is a remainder about the openssl transition [0]. We really want to
remove libssl1.0-dev from unstable for Buster. I will raise the severity
of this bug to serious in a month. Please react before that happens.

[0] https://bugs.debian.org/871056#55

Sebastian

Message #211 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

To: Debian Bug Tracking System <828522@bugs.debian.org>

Subject: Re: qt4-x11: FTBFS with openssl 1.1.0

Date: Sat, 14 Oct 2017 03:43:23 +0300

[Message part 1 (text/plain, inline)]

Source: qt4-x11
Version: 4:4.8.7+dfsg-11
Followup-For: Bug #828522

Hello,

Please try adding the attached patch, which should fix the rest of
incompatibilities between qt4-x11 and OpenSSL 1.1.0. With this patch I'm
able to successfully use Psi jabber client together with Qt4 built
against OpenSSL 1.1.0.

Also please note, that I had to apply two more fixes to build Qt4
properly (see second attachment):

- In debian/rules define DEB_HOST_ARCH

- In qt4-x11-4.8.7+dfsg/config.tests/unix/alsa/alsatest.cpp support
  libasound2 >= 1.1.0

-- 
With best wishes
Dmitry

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

[openssl_1.1_add.patch (text/plain, attachment)]

[misc.patch (text/plain, attachment)]

Message #216 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

To: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>, 828522@bugs.debian.org

Subject: Re: Bug#828522: qt4-x11: FTBFS with openssl 1.1.0

Date: Tue, 7 Nov 2017 15:23:53 -0300

Hi Dmitry!

On 13 October 2017 at 21:43, Dmitry Eremin-Solenikov
<dbaryshkov@gmail.com> wrote:
> Source: qt4-x11
> Version: 4:4.8.7+dfsg-11
> Followup-For: Bug #828522
>
> Hello,
>
> Please try adding the attached patch, which should fix the rest of
> incompatibilities between qt4-x11 and OpenSSL 1.1.0. With this patch I'm
> able to successfully use Psi jabber client together with Qt4 built
> against OpenSSL 1.1.0.

I will try it.

> Also please note, that I had to apply two more fixes to build Qt4
> properly (see second attachment):
>
> - In debian/rules define DEB_HOST_ARCH
>
> - In qt4-x11-4.8.7+dfsg/config.tests/unix/alsa/alsatest.cpp support
>   libasound2 >= 1.1.0

I haven't seen the need for this (maybe because the last time I've
built qt4 this was not a problem). Did you try your builds on a clen
chroot?

Message #221 received at 828522@bugs.debian.org (full text, mbox, reply):

From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

To: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

Cc: Debian Bug Tracking System <828522@bugs.debian.org>

Subject: Re: Bug#828522: qt4-x11: FTBFS with openssl 1.1.0

Date: Sat, 11 Nov 2017 12:40:37 +0300

2017-11-07 21:23 GMT+03:00 Lisandro Damián Nicanor Pérez Meyer
<perezmeyer@gmail.com>:
> Hi Dmitry!
>
> On 13 October 2017 at 21:43, Dmitry Eremin-Solenikov
>> Also please note, that I had to apply two more fixes to build Qt4
>> properly (see second attachment):
>>
>> - In debian/rules define DEB_HOST_ARCH
>>
>> - In qt4-x11-4.8.7+dfsg/config.tests/unix/alsa/alsatest.cpp support
>>   libasound2 >= 1.1.0
>
> I haven't seen the need for this (maybe because the last time I've
> built qt4 this was not a problem). Did you try your builds on a clen
> chroot?

I don't remember about DEB_HOST_ARCH at this moment.
alsatest.cpp fix is required, because original test validated that
ALSA version is 1.0.x, which is no longer the case.

-- 
With best wishes
Dmitry

Message #228 received at 828522-done@bugs.debian.org (full text, mbox, reply):

From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>

To: 828522-done@bugs.debian.org

Subject: Done

Date: Mon, 13 Nov 2017 16:47:27 -0300

Version: 4:4.8.7+dfsg-13

This seems fixed in experimental, but still needs checking.

-- 
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/

Send a report that this bug log contains spam.