--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package pantomime1.2, it fixes RC bug #756852 by using
the GNUstep NSFileHandle extensions instead of the OpenSSL library
(the patch was tested extensively with gnumail).
pantomime1.2 (1.2.2~r289+dfsg-2) unstable; urgency=medium
* debian/patches/gnutls.patch: New; use GnuTLS via gnustep-base instead
of OpenSSL to avoid licensing issues with lusernet.app and gnumail
(Closes: #756852).
* debian/patches/series: Update.
* debian/control (Build-Depends): Require gnustep-base (>= 1.24.6) for
proper GSTLS support. Remove libssl-dev.
-- Yavor Doganov <yavor@gnu.org> Thu, 30 Oct 2014 17:35:36 +0200
Debdiff attached.
unblock pantomime1.2/1.2.2~r289+dfsg-2
diff --git a/debian/changelog b/debian/changelog
index b552335..f5a74eb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+pantomime1.2 (1.2.2~r289+dfsg-2) unstable; urgency=medium
+
+ * debian/patches/gnutls.patch: New; use GnuTLS via gnustep-base instead
+ of OpenSSL to avoid licensing issues with lusernet.app and gnumail
+ (Closes: #756852).
+ * debian/patches/series: Update.
+ * debian/control (Build-Depends): Require gnustep-base (>= 1.24.6) for
+ proper GSTLS support. Remove libssl-dev.
+
+ -- Yavor Doganov <yavor@gnu.org> Thu, 30 Oct 2014 17:35:36 +0200
+
pantomime1.2 (1.2.2~r289+dfsg-1) unstable; urgency=medium
* New upstream release:
diff --git a/debian/control b/debian/control
index 74b34a8..16359ae 100644
--- a/debian/control
+++ b/debian/control
@@ -5,8 +5,7 @@ Maintainer: Debian GNUstep maintainers <pkg-gnustep-maintainers@lists.alioth.deb
Uploaders: Yavor Doganov <yavor@gnu.org>
Build-Depends: cdbs,
debhelper (>= 7),
- libgnustep-base-dev,
- libssl-dev
+ libgnustep-base-dev (>= 1.24.6)
Standards-Version: 3.9.5
Vcs-Git: git://anonscm.debian.org/pkg-gnustep/pantomime.git
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-gnustep/pantomime.git
diff --git a/debian/patches/gnutls.patch b/debian/patches/gnutls.patch
new file mode 100644
index 0000000..0ee2e5d
--- /dev/null
+++ b/debian/patches/gnutls.patch
@@ -0,0 +1,207 @@
+Description: Use GnuTLS instead of OpenSSL to avoid licensing issues.
+Author: Yavor Doganov <yavor@gnu.org>
+Bug-Debian: https://bugs.debian.org/756852
+Forwarded: http://lists.nongnu.org/archive/html/gap-dev-discuss/2014-08/msg00000.html
+Last-Update: 2014-10-30
+---
+
+--- pantomime.orig/Framework/Pantomime/CWTCPConnection.h
++++ pantomime/Framework/Pantomime/CWTCPConnection.h
+@@ -24,13 +24,6 @@
+ #define _Pantomime_H_CWTCPConnection
+
+ #include <Pantomime/CWConnection.h>
+-
+-#define id openssl_id
+-#define MD5 MDFIVE
+-#include <openssl/ssl.h>
+-#undef MD5
+-#undef id
+-
+ #import <Foundation/NSObject.h>
+
+ /*!
+@@ -56,8 +49,8 @@
+
+ BOOL _dns_resolution_completed;
+
+- SSL_CTX *_ctx;
+- SSL *_ssl;
++ void *_ctx;
++ void *_ssl;
+ }
+
+ /*!
+--- pantomime.orig/Framework/Pantomime/CWTCPConnection.m
++++ pantomime/Framework/Pantomime/CWTCPConnection.m
+@@ -26,8 +26,7 @@
+ #include <Pantomime/CWConstants.h>
+ #include <Pantomime/CWDNSManager.h>
+
+-#include <Foundation/NSException.h>
+-#include <Foundation/NSRunLoop.h> //test
++#import <Foundation/Foundation.h>
+
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -53,6 +52,14 @@
+ #include <sys/filio.h> // For FIONBIO on Solaris
+ #endif
+
++#if WITH_OPENSSL
++#define id openssl_id
++#define MD5 MDFIVE
++#include <openssl/ssl.h>
++#undef MD5
++#undef id
++#endif
++
+ #define DEFAULT_TIMEOUT 60
+
+ //
+@@ -65,6 +72,13 @@
+
+ @end
+
++#if !WITH_OPENSSL
++/* Private GSFileHandle methods... */
++@interface NSFileHandle (UglyHack)
++- (NSInteger) read: (void*)buf length: (NSUInteger)len;
++- (NSInteger) write: (const void*)buf length: (NSUInteger)len;
++@end
++#endif
+
+ //
+ //
+@@ -73,8 +87,18 @@
+
+ + (void) initialize
+ {
++#if WITH_OPENSSL
+ SSL_library_init();
+ SSL_load_error_strings();
++#else
++ if (![NSFileHandle respondsToSelector: @selector(sslClass)])
++ [NSException raise: NSInternalInconsistencyException
++ format: @"Apparently running on Mac OS X - building "
++ @"`with-openssl=yes' is mandatory"];
++ if (![NSFileHandle sslClass])
++ [NSException raise: NSInternalInconsistencyException
++ format: @"GNUstep Base built without GnuTLS/OpenSSL support"];
++#endif
+ }
+
+ //
+@@ -201,6 +225,7 @@
+ [[NSNotificationCenter defaultCenter] removeObserver: self];
+ RELEASE(_name);
+
++#if WITH_OPENSSL
+ if (_ssl)
+ {
+ SSL_free(_ssl);
+@@ -210,7 +235,11 @@
+ {
+ SSL_CTX_free(_ctx);
+ }
+-
++#else
++ if (_ssl)
++ RELEASE((NSFileHandle *)_ssl);
++#endif
++
+ [super dealloc];
+ }
+
+@@ -309,7 +338,11 @@
+
+ if (_ssl)
+ {
++#if WITH_OPENSSL
+ SSL_shutdown(_ssl);
++#else
++ [(NSFileHandle *)_ssl sslDisconnect];
++#endif
+ }
+
+ safe_close(_fd);
+@@ -330,7 +363,11 @@
+
+ if (_ssl)
+ {
++#if WITH_OPENSSL
+ return SSL_read(_ssl, buf, len);
++#else
++ return [(NSFileHandle *)_ssl read: buf length: len];
++#endif
+ }
+
+ return safe_recv(_fd, buf, len, 0);
+@@ -350,7 +387,11 @@
+
+ if (_ssl)
+ {
++#if WITH_OPENSSL
+ return SSL_write(_ssl, buf, len);
++#else
++ return [(NSFileHandle *)_ssl write: buf length: len];
++#endif
+ }
+
+ return send(_fd, buf, len, 0);
+@@ -364,6 +405,7 @@
+ //
+ - (int) startSSL
+ {
++#if WITH_OPENSSL
+ int ret;
+
+ // For now, we do not verify the certificates...
+@@ -433,7 +475,24 @@
+ ssl_handshaking = NO;
+ }
+ }
++#else
++ _ssl = (NSFileHandle *)[[[NSFileHandle sslClass] alloc]
++ initWithFileDescriptor: _fd];
+
++ [(NSFileHandle *)_ssl retain];
++ ssl_handshaking = YES;
++
++ if (![(NSFileHandle *)_ssl sslConnect])
++ {
++ NSLog(@"TLS/SSL connection failed...");
++ ssl_handshaking = NO;
++ RELEASE((NSFileHandle *)_ssl);
++ _ssl = NULL;
++ return -2;
++ }
++
++ ssl_handshaking = NO;
++#endif
+ // Everything went all right, let's tell our caller.
+ return 0;
+ }
+--- pantomime.orig/Framework/Pantomime/GNUmakefile
++++ pantomime/Framework/Pantomime/GNUmakefile
+@@ -183,9 +183,18 @@
+ ADDITIONAL_INCLUDE_DIRS = -I..
+ ADDITIONAL_OBJCFLAGS += -DHAVE_ICONV -Wall -Wno-import
+ ifeq ($(GNUSTEP_TARGET_OS),mingw32)
+-ADDITIONAL_GUI_LIBS += -lregex -liconv -lssl -lcrypto
++ADDITIONAL_GUI_LIBS += -lregex -liconv -lcrypto
+ else
+-LIBRARIES_DEPEND_UPON := $(FND_LIBS) $(OBJC_LIBS) -lssl
++LIBRARIES_DEPEND_UPON := $(FND_LIBS) $(OBJC_LIBS)
++endif
++
++ifneq (,$(findstring darwin,$(GNUSTEP_TARGET_OS)))
++with-openssl := yes
++endif
++
++ifeq ($(with-openssl),yes)
++ADDITIONAL_CPPFLAGS += -DWITH_OPENSSL
++LIBRARIES_DEPEND_UPON += -lssl
+ endif
+
+ # Under Solaris, we include SSL headers / libraries
diff --git a/debian/patches/series b/debian/patches/series
index e8d133f..60334ed 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
link-libs.patch
compilation-warnings.patch
check-return-result.patch
+gnutls.patch
--- End Message ---