Sun Nov 10 21:12:16 UTC 201920191110211216

a/aaa_elflibs-15.0-x86_64-15.txz:  Rebuilt.
  Upgraded:  libtiff.so.5.5.0, libtiffxx.so.5.5.0.
  Added:  libexiv2.so.26.0.0, libraw.so.16.0.0, libraw_r.so.16.0.0.
a/kernel-generic-4.19.83-x86_64-1.txz:  Upgraded.
a/kernel-huge-4.19.83-x86_64-1.txz:  Upgraded.
a/kernel-modules-4.19.83-x86_64-1.txz:  Upgraded.
d/kernel-headers-4.19.83-x86-1.txz:  Upgraded.
e/emacs-26.3-x86_64-2.txz:  Rebuilt.
  Patched and recompiled against imagemagick-7.0.9_2.
k/kernel-source-4.19.83-noarch-1.txz:  Upgraded.
l/imagemagick-7.0.9_2-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/qt-4.8.7-x86_64-15.txz:  Rebuilt.
  Disallow SSLv3 connections. Thanks to PJ Beers.
xap/xine-lib-1.2.9-x86_64-7.txz:  Rebuilt.
  Patched and recompiled against imagemagick-7.0.9_2.
xap/xlockmore-5.59-x86_64-2.txz:  Rebuilt.
  Recompiled without ImageMagick support.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.

2 files changed, 58 insertions, 1 deletions

diff --git a/source/l/qt/patches/qt-4.8-disable-sslv3.patch b/source/l/qt/patches/qt-4.8-disable-sslv3.patch
new file mode 100644
index 00000000..c9b1996e
--- /dev/null
+++ b/source/l/qt/patches/qt-4.8-disable-sslv3.patch
@@ -0,0 +1,56 @@
+--- ./src/network/ssl/qsslsocket_openssl_symbols.cpp.orig	2019-11-09 12:55:26.646752874 -0600
++++ ./src/network/ssl/qsslsocket_openssl_symbols.cpp	2019-11-09 12:58:22.032754751 -0600
+@@ -253,7 +253,9 @@
+ #ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ #endif
++#ifndef OPENSSL_NO_SSL3
+ DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ #else
+@@ -263,7 +265,9 @@
+ #ifndef OPENSSL_NO_SSL2
+ DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ #endif
++#ifndef OPENSSL_NO_SSL3
+ DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ #else
+@@ -272,7 +276,9 @@
+ DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
+ #else
+ DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#ifndef OPENSSL_NO_SSL3
+ DEFINEFUNC(SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
++#endif
+ DEFINEFUNC(SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
+ DEFINEFUNC(SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
+@@ -756,7 +762,9 @@
+     RESOLVEFUNC(SSL_shutdown, 173, libs.first )
+     RESOLVEFUNC(SSL_write, 188, libs.first )
+     RESOLVEFUNC(SSLv2_client_method, 192, libs.first )
++#ifndef OPENSSL_NO_SSL3
+     RESOLVEFUNC(SSLv3_client_method, 195, libs.first )
++#endif
+     RESOLVEFUNC(SSLv23_client_method, 189, libs.first )
+     RESOLVEFUNC(TLSv1_client_method, 198, libs.first )
+     RESOLVEFUNC(SSLv2_server_method, 194, libs.first )
+--- ./src/network/ssl/qsslsocket_openssl.cpp.orig	2019-11-09 12:55:01.605752606 -0600
++++ ./src/network/ssl/qsslsocket_openssl.cpp	2019-11-09 12:55:26.632752874 -0600
+@@ -273,7 +273,11 @@
+ #endif
+         break;
+     case QSsl::SslV3:
++#ifndef OPENSSL_NO_SSL3
+         ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
++#else
++        ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error
++#endif
+         break;
+     case QSsl::SecureProtocols: // SslV2 will be disabled below
+     case QSsl::TlsV1SslV3: // SslV2 will be disabled below
diff --git a/source/l/qt/qt-nowebkit.SlackBuild b/source/l/qt/qt-nowebkit.SlackBuild
index 28368c6e..1b72d99d 100755
--- a/source/l/qt/qt-nowebkit.SlackBuild
+++ b/source/l/qt/qt-nowebkit.SlackBuild
@@ -43,7 +43,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=qt
 VERSION=$(ls qt-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)
-BUILD=${BUILD:-14}
+BUILD=${BUILD:-15}
 
 NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
 
@@ -164,6 +164,7 @@ zcat $CWD/patches/qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch.gz | patc
 zcat $CWD/patches/qt-everywhere-opensource-src-4.8.6-systemtrayicon.patch.gz | patch -p1 --verbose || exit 1
 #zcat $CWD/patches/qt-everywhere-opensource-src-4.8.0-tp-multilib-optflags.patch.gz | patch -p1 --verbose || exit 1
 zcat $CWD/patches/qt-everywhere-opensource-src-4.8.7-icu59.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/patches/qt-4.8-disable-sslv3.patch.gz | patch -p1 --verbose || exit 1
 
 # All other distros I checked build with -no-webkit. But this has the downside of
 # breaking the build when QtWebKit is present on the build system and some things