Bug#770360: unblock: pantomime1.2/1.2.2~r289+dfsg-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#770360: unblock: pantomime1.2/1.2.2~r289+dfsg-2
From: Yavor Doganov <yavor@gnu.org>
Date: Thu, 20 Nov 2014 20:29:07 +0200
Message-id: <[🔎] 20141120182907.32649.54758.reportbug@hatch>
Reply-to: Yavor Doganov <yavor@gnu.org>, 770360@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package pantomime1.2, it fixes RC bug #756852 by using
the GNUstep NSFileHandle extensions instead of the OpenSSL library
(the patch was tested extensively with gnumail).

pantomime1.2 (1.2.2~r289+dfsg-2) unstable; urgency=medium

  * debian/patches/gnutls.patch: New; use GnuTLS via gnustep-base instead
    of OpenSSL to avoid licensing issues with lusernet.app and gnumail
    (Closes: #756852).
  * debian/patches/series: Update.
  * debian/control (Build-Depends): Require gnustep-base (>= 1.24.6) for
    proper GSTLS support.  Remove libssl-dev.

 -- Yavor Doganov <yavor@gnu.org>  Thu, 30 Oct 2014 17:35:36 +0200

Debdiff attached.

unblock pantomime1.2/1.2.2~r289+dfsg-2

diff --git a/debian/changelog b/debian/changelog
index b552335..f5a74eb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+pantomime1.2 (1.2.2~r289+dfsg-2) unstable; urgency=medium
+
+  * debian/patches/gnutls.patch: New; use GnuTLS via gnustep-base instead
+    of OpenSSL to avoid licensing issues with lusernet.app and gnumail
+    (Closes: #756852).
+  * debian/patches/series: Update.
+  * debian/control (Build-Depends): Require gnustep-base (>= 1.24.6) for
+    proper GSTLS support.  Remove libssl-dev.
+
+ -- Yavor Doganov <yavor@gnu.org>  Thu, 30 Oct 2014 17:35:36 +0200
+
 pantomime1.2 (1.2.2~r289+dfsg-1) unstable; urgency=medium
 
   * New upstream release:
diff --git a/debian/control b/debian/control
index 74b34a8..16359ae 100644
--- a/debian/control
+++ b/debian/control
@@ -5,8 +5,7 @@ Maintainer: Debian GNUstep maintainers <pkg-gnustep-maintainers@lists.alioth.deb
 Uploaders: Yavor Doganov <yavor@gnu.org>
 Build-Depends: cdbs,
 	       debhelper (>= 7),
-	       libgnustep-base-dev,
-	       libssl-dev
+	       libgnustep-base-dev (>= 1.24.6)
 Standards-Version: 3.9.5
 Vcs-Git: git://anonscm.debian.org/pkg-gnustep/pantomime.git
 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-gnustep/pantomime.git
diff --git a/debian/patches/gnutls.patch b/debian/patches/gnutls.patch
new file mode 100644
index 0000000..0ee2e5d
--- /dev/null
+++ b/debian/patches/gnutls.patch
@@ -0,0 +1,207 @@
+Description: Use GnuTLS instead of OpenSSL to avoid licensing issues.
+Author: Yavor Doganov <yavor@gnu.org>
+Bug-Debian: https://bugs.debian.org/756852
+Forwarded: http://lists.nongnu.org/archive/html/gap-dev-discuss/2014-08/msg00000.html
+Last-Update: 2014-10-30
+---
+
+--- pantomime.orig/Framework/Pantomime/CWTCPConnection.h
++++ pantomime/Framework/Pantomime/CWTCPConnection.h
+@@ -24,13 +24,6 @@
+ #define _Pantomime_H_CWTCPConnection
+ 
+ #include <Pantomime/CWConnection.h>
+-
+-#define id openssl_id
+-#define MD5 MDFIVE
+-#include <openssl/ssl.h>
+-#undef MD5
+-#undef id
+-
+ #import <Foundation/NSObject.h>
+ 
+ /*!
+@@ -56,8 +49,8 @@
+ 
+     BOOL _dns_resolution_completed;
+ 
+-    SSL_CTX *_ctx;
+-    SSL *_ssl;
++    void *_ctx;
++    void *_ssl;
+ }
+ 
+ /*!
+--- pantomime.orig/Framework/Pantomime/CWTCPConnection.m
++++ pantomime/Framework/Pantomime/CWTCPConnection.m
+@@ -26,8 +26,7 @@
+ #include <Pantomime/CWConstants.h>
+ #include <Pantomime/CWDNSManager.h>
+ 
+-#include <Foundation/NSException.h>
+-#include <Foundation/NSRunLoop.h> //test
++#import <Foundation/Foundation.h>
+ 
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -53,6 +52,14 @@
+ #include <sys/filio.h>  // For FIONBIO on Solaris
+ #endif
+ 
++#if WITH_OPENSSL
++#define id openssl_id
++#define MD5 MDFIVE
++#include <openssl/ssl.h>
++#undef MD5
++#undef id
++#endif
++
+ #define DEFAULT_TIMEOUT 60
+ 
+ //
+@@ -65,6 +72,13 @@
+ 
+ @end
+ 
++#if !WITH_OPENSSL
++/* Private GSFileHandle methods...  */
++@interface NSFileHandle (UglyHack)
++- (NSInteger) read: (void*)buf length: (NSUInteger)len;
++- (NSInteger) write: (const void*)buf length: (NSUInteger)len;
++@end
++#endif
+ 
+ //
+ //
+@@ -73,8 +87,18 @@
+ 
+ + (void) initialize
+ {
++#if WITH_OPENSSL
+   SSL_library_init();
+   SSL_load_error_strings();
++#else
++  if (![NSFileHandle respondsToSelector: @selector(sslClass)])
++    [NSException raise: NSInternalInconsistencyException
++		format: @"Apparently running on Mac OS X - building "
++		 @"`with-openssl=yes' is mandatory"];
++  if (![NSFileHandle sslClass])
++    [NSException raise: NSInternalInconsistencyException
++		format: @"GNUstep Base built without GnuTLS/OpenSSL support"];
++#endif
+ }
+ 
+ //
+@@ -201,6 +225,7 @@
+   [[NSNotificationCenter defaultCenter] removeObserver: self];
+   RELEASE(_name);
+ 
++#if WITH_OPENSSL
+   if (_ssl)
+     {
+       SSL_free(_ssl);    
+@@ -210,7 +235,11 @@
+     {
+       SSL_CTX_free(_ctx);
+     }
+-  
++#else
++  if (_ssl)
++    RELEASE((NSFileHandle *)_ssl);
++#endif
++
+   [super dealloc];
+ }
+ 
+@@ -309,7 +338,11 @@
+ 
+   if (_ssl)
+     {
++#if WITH_OPENSSL
+       SSL_shutdown(_ssl);
++#else
++      [(NSFileHandle *)_ssl sslDisconnect];
++#endif
+     }
+ 
+   safe_close(_fd);
+@@ -330,7 +363,11 @@
+ 
+   if (_ssl)
+     {
++#if WITH_OPENSSL
+       return SSL_read(_ssl, buf, len);
++#else
++      return [(NSFileHandle *)_ssl read: buf length: len];
++#endif
+     }
+ 
+   return safe_recv(_fd, buf, len, 0);
+@@ -350,7 +387,11 @@
+ 
+   if (_ssl)
+     {
++#if WITH_OPENSSL
+       return SSL_write(_ssl, buf, len);
++#else
++      return [(NSFileHandle *)_ssl write: buf length: len];
++#endif
+     }
+ 
+   return send(_fd, buf, len, 0);
+@@ -364,6 +405,7 @@
+ //
+ - (int) startSSL
+ {
++#if WITH_OPENSSL
+   int ret;
+   
+   // For now, we do not verify the certificates...
+@@ -433,7 +475,24 @@
+ 	  ssl_handshaking = NO;
+ 	}
+     }
++#else
++  _ssl = (NSFileHandle *)[[[NSFileHandle sslClass] alloc]
++			   initWithFileDescriptor: _fd];
+ 
++  [(NSFileHandle *)_ssl retain];
++  ssl_handshaking = YES;
++
++  if (![(NSFileHandle *)_ssl sslConnect])
++    {
++      NSLog(@"TLS/SSL connection failed...");
++      ssl_handshaking = NO;
++      RELEASE((NSFileHandle *)_ssl);
++      _ssl = NULL;
++      return -2;
++    }
++
++  ssl_handshaking = NO;
++#endif
+   // Everything went all right, let's tell our caller.
+   return 0;
+ }
+--- pantomime.orig/Framework/Pantomime/GNUmakefile
++++ pantomime/Framework/Pantomime/GNUmakefile
+@@ -183,9 +183,18 @@
+ ADDITIONAL_INCLUDE_DIRS = -I..
+ ADDITIONAL_OBJCFLAGS += -DHAVE_ICONV -Wall -Wno-import
+ ifeq ($(GNUSTEP_TARGET_OS),mingw32)
+-ADDITIONAL_GUI_LIBS += -lregex -liconv -lssl -lcrypto
++ADDITIONAL_GUI_LIBS += -lregex -liconv -lcrypto
+ else
+-LIBRARIES_DEPEND_UPON := $(FND_LIBS) $(OBJC_LIBS) -lssl
++LIBRARIES_DEPEND_UPON := $(FND_LIBS) $(OBJC_LIBS)
++endif
++
++ifneq (,$(findstring darwin,$(GNUSTEP_TARGET_OS)))
++with-openssl := yes
++endif
++
++ifeq ($(with-openssl),yes)
++ADDITIONAL_CPPFLAGS += -DWITH_OPENSSL
++LIBRARIES_DEPEND_UPON += -lssl
+ endif
+ 
+ # Under Solaris, we include SSL headers / libraries 
diff --git a/debian/patches/series b/debian/patches/series
index e8d133f..60334ed 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 link-libs.patch
 compilation-warnings.patch
 check-return-result.patch
+gnutls.patch

Reply to:

Follow-Ups:
- Bug#770360: marked as done (unblock: pantomime1.2/1.2.2~r289+dfsg-2)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#769459: unblock: libmusicbrainz5/5.1.0-1
Next by Date: Bug#770285: unblock: ruby-rails-i18n-inflector-rails/1.0.7-2
Previous by thread: libmarpa-r2-perl FTBFS on i386
Next by thread: Bug#770360: marked as done (unblock: pantomime1.2/1.2.2~r289+dfsg-2)
Index(es):
- Date
- Thread