Bug#770360: marked as done (unblock: pantomime1.2/1.2.2~r289+dfsg-2)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#770360: marked as done (unblock: pantomime1.2/1.2.2~r289+dfsg-2)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 20 Nov 2014 18:57:23 +0000
Message-id: <[🔎] handler.770360.D770360.141650969221593.ackdone@bugs.debian.org>
References: <1416509684.32355.2.camel@adam-barratt.org.uk> <[🔎] 20141120182907.32649.54758.reportbug@hatch>

Your message dated Thu, 20 Nov 2014 18:54:44 +0000
with message-id <1416509684.32355.2.camel@adam-barratt.org.uk>
and subject line Re: Bug#770360: unblock: pantomime1.2/1.2.2~r289+dfsg-2
has caused the Debian Bug report #770360,
regarding unblock: pantomime1.2/1.2.2~r289+dfsg-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
770360: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770360
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: pantomime1.2/1.2.2~r289+dfsg-2
From: Yavor Doganov <yavor@gnu.org>
Date: Thu, 20 Nov 2014 20:29:07 +0200
Message-id: <[🔎] 20141120182907.32649.54758.reportbug@hatch>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package pantomime1.2, it fixes RC bug #756852 by using
the GNUstep NSFileHandle extensions instead of the OpenSSL library
(the patch was tested extensively with gnumail).

pantomime1.2 (1.2.2~r289+dfsg-2) unstable; urgency=medium

  * debian/patches/gnutls.patch: New; use GnuTLS via gnustep-base instead
    of OpenSSL to avoid licensing issues with lusernet.app and gnumail
    (Closes: #756852).
  * debian/patches/series: Update.
  * debian/control (Build-Depends): Require gnustep-base (>= 1.24.6) for
    proper GSTLS support.  Remove libssl-dev.

 -- Yavor Doganov <yavor@gnu.org>  Thu, 30 Oct 2014 17:35:36 +0200

Debdiff attached.

unblock pantomime1.2/1.2.2~r289+dfsg-2

diff --git a/debian/changelog b/debian/changelog
index b552335..f5a74eb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+pantomime1.2 (1.2.2~r289+dfsg-2) unstable; urgency=medium
+
+  * debian/patches/gnutls.patch: New; use GnuTLS via gnustep-base instead
+    of OpenSSL to avoid licensing issues with lusernet.app and gnumail
+    (Closes: #756852).
+  * debian/patches/series: Update.
+  * debian/control (Build-Depends): Require gnustep-base (>= 1.24.6) for
+    proper GSTLS support.  Remove libssl-dev.
+
+ -- Yavor Doganov <yavor@gnu.org>  Thu, 30 Oct 2014 17:35:36 +0200
+
 pantomime1.2 (1.2.2~r289+dfsg-1) unstable; urgency=medium
 
   * New upstream release:
diff --git a/debian/control b/debian/control
index 74b34a8..16359ae 100644
--- a/debian/control
+++ b/debian/control
@@ -5,8 +5,7 @@ Maintainer: Debian GNUstep maintainers <pkg-gnustep-maintainers@lists.alioth.deb
 Uploaders: Yavor Doganov <yavor@gnu.org>
 Build-Depends: cdbs,
 	       debhelper (>= 7),
-	       libgnustep-base-dev,
-	       libssl-dev
+	       libgnustep-base-dev (>= 1.24.6)
 Standards-Version: 3.9.5
 Vcs-Git: git://anonscm.debian.org/pkg-gnustep/pantomime.git
 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-gnustep/pantomime.git
diff --git a/debian/patches/gnutls.patch b/debian/patches/gnutls.patch
new file mode 100644
index 0000000..0ee2e5d
--- /dev/null
+++ b/debian/patches/gnutls.patch
@@ -0,0 +1,207 @@
+Description: Use GnuTLS instead of OpenSSL to avoid licensing issues.
+Author: Yavor Doganov <yavor@gnu.org>
+Bug-Debian: https://bugs.debian.org/756852
+Forwarded: http://lists.nongnu.org/archive/html/gap-dev-discuss/2014-08/msg00000.html
+Last-Update: 2014-10-30
+---
+
+--- pantomime.orig/Framework/Pantomime/CWTCPConnection.h
++++ pantomime/Framework/Pantomime/CWTCPConnection.h
+@@ -24,13 +24,6 @@
+ #define _Pantomime_H_CWTCPConnection
+ 
+ #include <Pantomime/CWConnection.h>
+-
+-#define id openssl_id
+-#define MD5 MDFIVE
+-#include <openssl/ssl.h>
+-#undef MD5
+-#undef id
+-
+ #import <Foundation/NSObject.h>
+ 
+ /*!
+@@ -56,8 +49,8 @@
+ 
+     BOOL _dns_resolution_completed;
+ 
+-    SSL_CTX *_ctx;
+-    SSL *_ssl;
++    void *_ctx;
++    void *_ssl;
+ }
+ 
+ /*!
+--- pantomime.orig/Framework/Pantomime/CWTCPConnection.m
++++ pantomime/Framework/Pantomime/CWTCPConnection.m
+@@ -26,8 +26,7 @@
+ #include <Pantomime/CWConstants.h>
+ #include <Pantomime/CWDNSManager.h>
+ 
+-#include <Foundation/NSException.h>
+-#include <Foundation/NSRunLoop.h> //test
++#import <Foundation/Foundation.h>
+ 
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -53,6 +52,14 @@
+ #include <sys/filio.h>  // For FIONBIO on Solaris
+ #endif
+ 
++#if WITH_OPENSSL
++#define id openssl_id
++#define MD5 MDFIVE
++#include <openssl/ssl.h>
++#undef MD5
++#undef id
++#endif
++
+ #define DEFAULT_TIMEOUT 60
+ 
+ //
+@@ -65,6 +72,13 @@
+ 
+ @end
+ 
++#if !WITH_OPENSSL
++/* Private GSFileHandle methods...  */
++@interface NSFileHandle (UglyHack)
++- (NSInteger) read: (void*)buf length: (NSUInteger)len;
++- (NSInteger) write: (const void*)buf length: (NSUInteger)len;
++@end
++#endif
+ 
+ //
+ //
+@@ -73,8 +87,18 @@
+ 
+ + (void) initialize
+ {
++#if WITH_OPENSSL
+   SSL_library_init();
+   SSL_load_error_strings();
++#else
++  if (![NSFileHandle respondsToSelector: @selector(sslClass)])
++    [NSException raise: NSInternalInconsistencyException
++		format: @"Apparently running on Mac OS X - building "
++		 @"`with-openssl=yes' is mandatory"];
++  if (![NSFileHandle sslClass])
++    [NSException raise: NSInternalInconsistencyException
++		format: @"GNUstep Base built without GnuTLS/OpenSSL support"];
++#endif
+ }
+ 
+ //
+@@ -201,6 +225,7 @@
+   [[NSNotificationCenter defaultCenter] removeObserver: self];
+   RELEASE(_name);
+ 
++#if WITH_OPENSSL
+   if (_ssl)
+     {
+       SSL_free(_ssl);    
+@@ -210,7 +235,11 @@
+     {
+       SSL_CTX_free(_ctx);
+     }
+-  
++#else
++  if (_ssl)
++    RELEASE((NSFileHandle *)_ssl);
++#endif
++
+   [super dealloc];
+ }
+ 
+@@ -309,7 +338,11 @@
+ 
+   if (_ssl)
+     {
++#if WITH_OPENSSL
+       SSL_shutdown(_ssl);
++#else
++      [(NSFileHandle *)_ssl sslDisconnect];
++#endif
+     }
+ 
+   safe_close(_fd);
+@@ -330,7 +363,11 @@
+ 
+   if (_ssl)
+     {
++#if WITH_OPENSSL
+       return SSL_read(_ssl, buf, len);
++#else
++      return [(NSFileHandle *)_ssl read: buf length: len];
++#endif
+     }
+ 
+   return safe_recv(_fd, buf, len, 0);
+@@ -350,7 +387,11 @@
+ 
+   if (_ssl)
+     {
++#if WITH_OPENSSL
+       return SSL_write(_ssl, buf, len);
++#else
++      return [(NSFileHandle *)_ssl write: buf length: len];
++#endif
+     }
+ 
+   return send(_fd, buf, len, 0);
+@@ -364,6 +405,7 @@
+ //
+ - (int) startSSL
+ {
++#if WITH_OPENSSL
+   int ret;
+   
+   // For now, we do not verify the certificates...
+@@ -433,7 +475,24 @@
+ 	  ssl_handshaking = NO;
+ 	}
+     }
++#else
++  _ssl = (NSFileHandle *)[[[NSFileHandle sslClass] alloc]
++			   initWithFileDescriptor: _fd];
+ 
++  [(NSFileHandle *)_ssl retain];
++  ssl_handshaking = YES;
++
++  if (![(NSFileHandle *)_ssl sslConnect])
++    {
++      NSLog(@"TLS/SSL connection failed...");
++      ssl_handshaking = NO;
++      RELEASE((NSFileHandle *)_ssl);
++      _ssl = NULL;
++      return -2;
++    }
++
++  ssl_handshaking = NO;
++#endif
+   // Everything went all right, let's tell our caller.
+   return 0;
+ }
+--- pantomime.orig/Framework/Pantomime/GNUmakefile
++++ pantomime/Framework/Pantomime/GNUmakefile
+@@ -183,9 +183,18 @@
+ ADDITIONAL_INCLUDE_DIRS = -I..
+ ADDITIONAL_OBJCFLAGS += -DHAVE_ICONV -Wall -Wno-import
+ ifeq ($(GNUSTEP_TARGET_OS),mingw32)
+-ADDITIONAL_GUI_LIBS += -lregex -liconv -lssl -lcrypto
++ADDITIONAL_GUI_LIBS += -lregex -liconv -lcrypto
+ else
+-LIBRARIES_DEPEND_UPON := $(FND_LIBS) $(OBJC_LIBS) -lssl
++LIBRARIES_DEPEND_UPON := $(FND_LIBS) $(OBJC_LIBS)
++endif
++
++ifneq (,$(findstring darwin,$(GNUSTEP_TARGET_OS)))
++with-openssl := yes
++endif
++
++ifeq ($(with-openssl),yes)
++ADDITIONAL_CPPFLAGS += -DWITH_OPENSSL
++LIBRARIES_DEPEND_UPON += -lssl
+ endif
+ 
+ # Under Solaris, we include SSL headers / libraries 
diff --git a/debian/patches/series b/debian/patches/series
index e8d133f..60334ed 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 link-libs.patch
 compilation-warnings.patch
 check-return-result.patch
+gnutls.patch

--- End Message ---

--- Begin Message ---

To: Yavor Doganov <yavor@gnu.org>, 770360-done@bugs.debian.org

Subject: Re: Bug#770360: unblock: pantomime1.2/1.2.2~r289+dfsg-2

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Thu, 20 Nov 2014 18:54:44 +0000

Message-id: <1416509684.32355.2.camel@adam-barratt.org.uk>

In-reply-to: <[🔎] 20141120182907.32649.54758.reportbug@hatch>

References: <[🔎] 20141120182907.32649.54758.reportbug@hatch>
On Thu, 2014-11-20 at 20:29 +0200, Yavor Doganov wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package pantomime1.2, it fixes RC bug #756852 by using
> the GNUstep NSFileHandle extensions instead of the OpenSSL library
> (the patch was tested extensively with gnumail).

Unblocked.

Regards,

Adam
--- End Message ---

Reply to:

References:
- Bug#770360: unblock: pantomime1.2/1.2.2~r289+dfsg-2
  - From: Yavor Doganov <yavor@gnu.org>

Prev by Date: Bug#770346: marked as done (unblock: cfget/0.19-1.1)
Next by Date: Processed: your mail
Previous by thread: Bug#770360: unblock: pantomime1.2/1.2.2~r289+dfsg-2
Next by thread: Bug#770363: pre-approval: unblock: v4l-utils/1.6.0-2
Index(es):
- Date
- Thread