From owner-svn-ports-all@freebsd.org Wed Feb 22 19:29:58 2017 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 53F44CE9AC7; Wed, 22 Feb 2017 19:29:58 +0000 (UTC) (envelope-from rezny@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1372F180C; Wed, 22 Feb 2017 19:29:58 +0000 (UTC) (envelope-from rezny@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v1MJTvph031170; Wed, 22 Feb 2017 19:29:57 GMT (envelope-from rezny@FreeBSD.org) Received: (from rezny@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v1MJTuRO031165; Wed, 22 Feb 2017 19:29:56 GMT (envelope-from rezny@FreeBSD.org) Message-Id: <201702221929.v1MJTuRO031165@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rezny set sender to rezny@FreeBSD.org using -f From: Matthew Rezny Date: Wed, 22 Feb 2017 19:29:56 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r434633 - in head/net/qt5-network: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2017 19:29:58 -0000 Author: rezny Date: Wed Feb 22 19:29:56 2017 New Revision: 434633 URL: https://svnweb.freebsd.org/changeset/ports/434633 Log: Fix build with libressl-devel by implementing portable curve control. Correct the path used for loading SSL libraries at runtime. PR: 216781 Approved by: swills (mentor) Differential Revision: https://reviews.freebsd.org/D9726 Added: head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h (contents, props changed) Modified: head/net/qt5-network/Makefile head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp Modified: head/net/qt5-network/Makefile ============================================================================== --- head/net/qt5-network/Makefile Wed Feb 22 19:10:26 2017 (r434632) +++ head/net/qt5-network/Makefile Wed Feb 22 19:29:56 2017 (r434633) @@ -26,7 +26,8 @@ QT_CONFIG= libproxy openssl post-patch: @${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|g' \ - ${BUILD_WRKSRC}/ssl/qsslsocket_openssl.cpp \ + ${BUILD_WRKSRC}/ssl/qsslsocket_openssl.cpp + @${REINPLACE_CMD} -e 's|%%OPENSSLLIB%%|${OPENSSLLIB}|g' \ ${BUILD_WRKSRC}/ssl/qsslsocket_openssl_symbols.cpp post-build: Modified: head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp ============================================================================== --- head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp Wed Feb 22 19:10:26 2017 (r434632) +++ head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp Wed Feb 22 19:29:56 2017 (r434633) @@ -1,29 +1,43 @@ -Obtained from: https://github.com/libressl-portable/openbsd/issues/33 - -From 81494e67eccba04fc3fe554d76a9ca6fe7f2250e Mon Sep 17 00:00:00 2001 -From: hasufell -Date: Sat, 10 Oct 2015 01:15:01 +0200 -Subject: [PATCH] Fix compilation with libressl - -By additionally checking for defined(SSL_CTRL_SET_CURVES), which -is defined in openssl, but not in libressl. ---- src/network/ssl/qsslcontext_openssl.cpp.orig 2015-10-13 04:35:28 UTC +* Instead of using the SSL_CTRL_SET_CURVES macros which only exists in OpenSSL, +* call the SSL_CTX_set1_curves functions as suggested by BoringSSL porting docs +* and which is the function in OpenSSL that is called through the replaced macro. +* LibreSSL has a SSL_CTX_set1_groups functions and provides a compat macro. +* Unfortunately, since Qt resolves the symbols at runtime, we cannot call through +* that macro and must instead explicitly call SSL_CTX_set1_groups if the library +* doesn't export a function called SSL_CTX_set1_curves, as in the case of LibreSSL. +* +--- src/network/ssl/qsslcontext_openssl.cpp.orig 2016-12-01 08:17:04 UTC +++ src/network/ssl/qsslcontext_openssl.cpp -@@ -338,7 +338,7 @@ init_context: - - const QVector qcurves = sslContext->sslConfiguration.ellipticCurves(); - if (!qcurves.isEmpty()) { --#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) -+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) +@@ -350,14 +350,24 @@ init_context: + #if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) // Set the curves to be used if (q_SSLeay() >= 0x10002000L) { - // SSL_CTX_ctrl wants a non-const pointer as last argument, -@@ -352,7 +352,7 @@ init_context: - return sslContext; +- // SSL_CTX_ctrl wants a non-const pointer as last argument, +- // but let's avoid a copy into a temporary array +- if (!q_SSL_CTX_ctrl(sslContext->ctx, +- SSL_CTRL_SET_CURVES, +- qcurves.size(), +- const_cast(reinterpret_cast(qcurves.data())))) { +- sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; ++ switch (q_SSL_CTX_set1_curves(sslContext->ctx, ++ const_cast(reinterpret_cast(qcurves.data())), ++ qcurves.size())) { ++ case 1: ++ default: ++ break; ++ case 0: ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ break; ++ case -1: ++ if (q_SSL_CTX_set1_groups(sslContext->ctx, ++ reinterpret_cast(qcurves.data()), ++ qcurves.size()) < 1) { ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ } ++ break; } } else --#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) -+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) - { - // specific curves requested, but not possible to set -> error - sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); + #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) Modified: head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp ============================================================================== --- head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp Wed Feb 22 19:10:26 2017 (r434632) +++ head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp Wed Feb 22 19:29:56 2017 (r434633) @@ -1,24 +1,51 @@ ---- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2015-02-17 04:56:38 UTC +* Boilerplate for SSL_CTX_set1_curves/groups() used in qsslcontext_openssl.cpp +* +* Prepend the path of the SSL libraries used for building so the same libraries are +* found and loaded at runtime. Normal search finds base SSL libraries before ports. +* +--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2016-09-16 05:49:42 UTC +++ src/network/ssl/qsslsocket_openssl_symbols.cpp -@@ -611,8 +611,8 @@ static QPair loadO +@@ -424,6 +424,8 @@ DEFINEFUNC(void, EC_KEY_free, EC_KEY *ec + DEFINEFUNC2(size_t, EC_get_builtin_curves, EC_builtin_curve * r, r, size_t nitems, nitems, return 0, return) + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + DEFINEFUNC(int, EC_curve_nist2nid, const char *name, name, return 0, return) ++DEFINEFUNC3(int, SSL_CTX_set1_curves, SSL_CTX *a, a, int *b, b, int c, c, return -1, return) ++DEFINEFUNC3(int, SSL_CTX_set1_groups, SSL_CTX *a, a, const int *b, b, size_t c, c, return -1, return) + #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L + #endif // OPENSSL_NO_EC + +@@ -652,8 +654,8 @@ static QPair loadO #endif #if defined(SHLIB_VERSION_NUMBER) && !defined(Q_OS_QNX) // on QNX, the libs are always libssl.so and libcrypto.so // first attempt: the canonical name is libssl.so. - libssl->setFileNameAndVersion(QLatin1String("ssl"), QLatin1String(SHLIB_VERSION_NUMBER)); - libcrypto->setFileNameAndVersion(QLatin1String("crypto"), QLatin1String(SHLIB_VERSION_NUMBER)); -+ libssl->setFileNameAndVersion(QLatin1String("/usr/local/libssl"), QLatin1String(SHLIB_VERSION_NUMBER)); -+ libcrypto->setFileNameAndVersion(QLatin1String("/usr/local/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER)); ++ libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), QLatin1String(SHLIB_VERSION_NUMBER)); ++ libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER)); if (libcrypto->load() && libssl->load()) { // libssl.so. and libcrypto.so. found return pair; -@@ -629,8 +629,8 @@ static QPair loadO +@@ -670,8 +672,8 @@ static QPair loadO // OS X's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third // attempt, _after_ /Contents/Frameworks has been searched. // iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place. - libssl->setFileNameAndVersion(QLatin1String("ssl"), -1); - libcrypto->setFileNameAndVersion(QLatin1String("crypto"), -1); -+ libssl->setFileNameAndVersion(QLatin1String("/usr/local/lib/libssl"), -1); -+ libcrypto->setFileNameAndVersion(QLatin1String("/usr/local/lib/libcrypto"), -1); ++ libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), -1); ++ libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), -1); if (libcrypto->load() && libssl->load()) { // libssl.so.0 and libcrypto.so.0 found return pair; +@@ -976,8 +978,11 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(EC_KEY_free) + RESOLVEFUNC(EC_get_builtin_curves) + #if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L) ++ if (q_SSLeay() >= 0x10002000L) { + RESOLVEFUNC(EC_curve_nist2nid) ++ RESOLVEFUNC(SSL_CTX_set1_curves) ++ RESOLVEFUNC(SSL_CTX_set1_groups) ++ } + #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L + #endif // OPENSSL_NO_EC + RESOLVEFUNC(PKCS12_parse) Added: head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h Wed Feb 22 19:29:56 2017 (r434633) @@ -0,0 +1,13 @@ +* Boilerplate for SSL_CTX_set1_curves/groups() used in qsslcontext_openssl.cpp +* +--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2016-09-16 05:49:42 UTC ++++ src/network/ssl/qsslsocket_openssl_symbols_p.h +@@ -481,6 +481,8 @@ void q_EC_KEY_free(EC_KEY *ecdh); + size_t q_EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + int q_EC_curve_nist2nid(const char *name); ++int q_SSL_CTX_set1_curves(SSL_CTX *a, int *b, int c); ++int q_SSL_CTX_set1_groups(SSL_CTX *a, const int *b, size_t c); + #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L + #endif // OPENSSL_NO_EC +