Date: Sun, 3 Jul 2016 12:10:18 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r417968 - in head/devel/qca: . files Message-ID: <201607031210.u63CAIJi036836@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Sun Jul 3 12:10:18 2016 New Revision: 417968 URL: https://svnweb.freebsd.org/changeset/ports/417968 Log: devel/qca: Fix building without SSLv3 and SHA-0 - Add 2 patches from upstream project - Fix building when libssl does not have SSLv3 - Fix building when libcrypto does not have SHA-0 - Replace USE_OPENSSL with USES= ssl - Rework files/patch-libressl with `make makepatch` Tested with devel/qca and devel/qca-qt5 PR: 210053 Approved by: Maintainer time-out Obtained from: KDE Differential Revision: D6885 Added: head/devel/qca/files/patch-plugins_qca-ossl_CMakeLists.txt (contents, props changed) head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp - copied, changed from r417960, head/devel/qca/files/patch-libressl Deleted: head/devel/qca/files/patch-libressl Modified: head/devel/qca/Makefile Modified: head/devel/qca/Makefile ============================================================================== --- head/devel/qca/Makefile Sun Jul 3 11:29:57 2016 (r417967) +++ head/devel/qca/Makefile Sun Jul 3 12:10:18 2016 (r417968) @@ -38,7 +38,7 @@ GNUPG_CMAKE_ON= -DWITH_gnupg_PLUGIN=yes GNUPG_RUN_DEPENDS= gpg2:security/gnupg OPENSSL_CMAKE_ON= -DWITH_ossl_PLUGIN=yes -OPENSSL_USE= OPENSSL=yes +OPENSSL_USES= ssl SASL_CMAKE_ON= -DWITH_cyrus-sasl_PLUGIN=yes SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2 Added: head/devel/qca/files/patch-plugins_qca-ossl_CMakeLists.txt ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/devel/qca/files/patch-plugins_qca-ossl_CMakeLists.txt Sun Jul 3 12:10:18 2016 (r417968) @@ -0,0 +1,28 @@ +qca-ossl: Fix build without support for SHA-0 +https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156 + +LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha +anymore. +Wikipedia says about SHA-0: "160-bit hash function published in 1993 +under the name SHA. It was withdrawn shortly after publication due to +an undisclosed "significant flaw" and replaced by the slightly revised +version SHA-1.' + +REVIEW: 125387 + +--- plugins/qca-ossl/CMakeLists.txt.orig ++++ plugins/qca-ossl/CMakeLists.txt +@@ -24,6 +24,13 @@ + else(HAVE_OPENSSL_AES_CTR) + message(WARNING "qca-ossl will be compiled without AES CTR mode encryption support") + endif(HAVE_OPENSSL_AES_CTR) ++ ++ check_function_exists(EVP_sha HAVE_OPENSSL_SHA0) ++ if(HAVE_OPENSSL_SHA0) ++ add_definitions(-DHAVE_OPENSSL_SHA0) ++ else(HAVE_OPENSSL_SHA0) ++ message(WARNING "qca-ossl will be compiled without SHA-0 digest algorithm support") ++ endif(HAVE_OPENSSL_SHA0) + + set(QCA_OSSL_SOURCES qca-ossl.cpp) + Copied and modified: head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp (from r417960, head/devel/qca/files/patch-libressl) ============================================================================== --- head/devel/qca/files/patch-libressl Sun Jul 3 08:15:25 2016 (r417960, copy source) +++ head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp Sun Jul 3 12:10:18 2016 (r417968) @@ -1,15 +1,46 @@ ---- plugins/qca-ossl/qca-ossl.cpp.orig 2015-10-02 09:39:21 UTC +qca-ossl: Fix build without SSLv3 +http://quickgit.kde.org/?p=qca.git&a=commit&h=20a587d77636186edb044cd2b71d6d90fe98d232 + +This fixes building with LibreSSL >= 2.3.0 which has removed support +for SSLv3 completely. As far as I know OpenSSL can be configured to +build without it, so it might be helpful there as well. + +REVIEW: 125386 + +qca-ossl: Fix build without support for SHA-0 +https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156 + +LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha +anymore. +Wikipedia says about SHA-0: "160-bit hash function published in 1993 +under the name SHA. It was withdrawn shortly after publication due to +an undisclosed "significant flaw" and replaced by the slightly revised +version SHA-1.' + +REVIEW: 125387 + +--- plugins/qca-ossl/qca-ossl.cpp.orig 2016-07-03 11:34:48 UTC +++ plugins/qca-ossl/qca-ossl.cpp -@@ -5805,7 +5805,11 @@ public: - { - SessionInfo sessInfo; - -- sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session)); -+#ifndef OPENSSL_NO_COMP -+ sessInfo.isCompressed = (0 != ssl->session->compress_meth); -+#else -+ sessInfo.isCompressed = 0; +@@ -5403,9 +5403,11 @@ + ctx = SSL_CTX_new(SSLv2_client_method()); + break; + #endif ++#ifndef OPENSSL_NO_SSL3_METHOD + case TLS::SSL_v3: + ctx = SSL_CTX_new(SSLv3_client_method()); + break; +#endif - - if (ssl->version == TLS1_VERSION) - sessInfo.version = TLS::TLS_v1; + case TLS::TLS_v1: + ctx = SSL_CTX_new(TLSv1_client_method()); + break; +@@ -7135,8 +7135,10 @@ + return new opensslInfoContext(this); + else if ( type == "sha1" ) + return new opensslHashContext( EVP_sha1(), this, type); ++#ifdef HAVE_OPENSSL_SHA0 + else if ( type == "sha0" ) + return new opensslHashContext( EVP_sha(), this, type); ++#endif + else if ( type == "ripemd160" ) + return new opensslHashContext( EVP_ripemd160(), this, type); + #ifdef HAVE_OPENSSL_MD2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607031210.u63CAIJi036836>