Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 24 Jul 2022 08:27:25 GMT
From:      "Tobias C. Berner" <tcberner@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org
Subject:   git: 9173d34fd2ed - 2022Q3 - net/qt5-network: Runtime fixes with libressl
Message-ID:  <202207240827.26O8RPvN023582@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch 2022Q3 has been updated by tcberner:

URL: https://cgit.FreeBSD.org/ports/commit/?id=9173d34fd2ed46d2a305dd4c757e0845ad4477a9

commit 9173d34fd2ed46d2a305dd4c757e0845ad4477a9
Author:     Felix Palmen <felix@palmen-it.de>
AuthorDate: 2022-07-20 20:45:04 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2022-07-24 08:26:59 +0000

    net/qt5-network: Runtime fixes with libressl
    
    Patches updated based on this gentoo patch:
            https://562050.bugs.gentoo.org/attachment.cgi?id=663100
    
    - modified and extended for qt-network 5.15.5
    - modified for libressl 3.5
    
    Differential Revision: https://reviews.freebsd.org/D35729
    
    (cherry picked from commit 49667cdc275e51a3e28e94582e18a6e094ae29c8)
---
 net/qt5-network/Makefile                           |   1 +
 ...ch-src_network_ssl_qsslcertificate__openssl.cpp |  11 ++
 .../patch-src_network_ssl_qsslcontext__openssl.cpp |  70 ++++++--
 ...patch-src_network_ssl_qsslcontext__openssl__p.h |  16 ++
 .../patch-src_network_ssl_qsslsocket__openssl.cpp  |  18 ++-
 ...rc_network_ssl_qsslsocket__openssl__symbols.cpp | 180 ++++++++++++++++++++-
 ...c_network_ssl_qsslsocket__openssl__symbols__p.h | 136 +++++++++++++++-
 7 files changed, 408 insertions(+), 24 deletions(-)

diff --git a/net/qt5-network/Makefile b/net/qt5-network/Makefile
index 959ecb987f0a..0f6cf1e330d5 100644
--- a/net/qt5-network/Makefile
+++ b/net/qt5-network/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	network
 PORTVERSION=	${QT5_VERSION}${QT5_KDE_PATCH}
+PORTREVISION=	1
 CATEGORIES=	net
 PKGNAMEPREFIX=	qt5-
 
diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslcertificate__openssl.cpp b/net/qt5-network/files/patch-src_network_ssl_qsslcertificate__openssl.cpp
new file mode 100644
index 000000000000..47969b82f4b6
--- /dev/null
+++ b/net/qt5-network/files/patch-src_network_ssl_qsslcertificate__openssl.cpp
@@ -0,0 +1,11 @@
+--- src/network/ssl/qsslcertificate_openssl.cpp.orig	2022-06-22 10:58:13 UTC
++++ src/network/ssl/qsslcertificate_openssl.cpp
+@@ -691,7 +691,7 @@ static QMultiMap<QByteArray, QString> _q_mapFromX509Na
+         unsigned char *data = nullptr;
+         int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
+         info.insert(name, QString::fromUtf8((char*)data, size));
+-#if QT_CONFIG(opensslv11)
++#if QT_CONFIG(opensslv11) && !defined(LIBRESSL_VERSION_NUMBER)
+         q_CRYPTO_free(data, nullptr, 0);
+ #else
+         q_CRYPTO_free(data);
diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp b/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp
index 15d7d598ad11..0fc24a49fc2a 100644
--- a/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp
+++ b/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp
@@ -1,22 +1,62 @@
---- src/network/ssl/qsslcontext_openssl.cpp.orig	2022-06-28 10:17:59 UTC
+--- src/network/ssl/qsslcontext_openssl.cpp.orig	2022-06-22 10:58:13 UTC
 +++ src/network/ssl/qsslcontext_openssl.cpp
-@@ -356,11 +356,15 @@ init_context:
+@@ -54,12 +54,14 @@
+ 
+ QT_BEGIN_NAMESPACE
+ 
++#ifdef SSL_SECOP_PEER
+ Q_GLOBAL_STATIC(bool, forceSecurityLevel)
+ 
+ Q_NETWORK_EXPORT void qt_ForceTlsSecurityLevel()
+ {
+     *forceSecurityLevel() = true;
+ }
++#endif //SSL_SECOP_PEER
+ 
+ // defined in qsslsocket_openssl.cpp:
+ extern int q_X509Callback(int ok, X509_STORE_CTX *ctx);
+@@ -351,9 +353,11 @@ init_context:
+         return;
+     }
+ 
++#ifdef SSL_SECOP_PEER
+     // A nasty hacked OpenSSL using a level that will make our auto-tests fail:
+     if (q_SSL_CTX_get_security_level(sslContext->ctx) > 1 && *forceSecurityLevel())
          q_SSL_CTX_set_security_level(sslContext->ctx, 1);
++#endif //SSL_SECOP_PEER
  
      const long anyVersion =
-+#ifndef TLS_ANY_VERSION
-+	    		    0x1000;
-+#else
  #if QT_CONFIG(dtls)
-                             isDtls ? DTLS_ANY_VERSION : TLS_ANY_VERSION;
- #else
-                             TLS_ANY_VERSION;
- #endif // dtls
-+#endif
-     long minVersion = anyVersion;
-     long maxVersion = anyVersion;
- 
-@@ -722,6 +726,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslC
+@@ -408,16 +412,28 @@ init_context:
+         maxVersion = DTLS1_VERSION;
+         break;
+     case QSsl::DtlsV1_0OrLater:
++#ifdef DTLS_MAX_VERSION
+         minVersion = DTLS1_VERSION;
+         maxVersion = 0;
++#else
++        Q_UNREACHABLE();
++#endif // DTLS_MAX_VERSION
+         break;
+     case QSsl::DtlsV1_2:
++#ifdef DTLS1_2_VERSION
+         minVersion = DTLS1_2_VERSION;
+         maxVersion = DTLS1_2_VERSION;
++#else
++        Q_UNREACHABLE();
++#endif // DTLS1_2_VERSION
+         break;
+     case QSsl::DtlsV1_2OrLater:
++#if defined(DTLS1_2_VERSION)
+         minVersion = DTLS1_2_VERSION;
+         maxVersion = 0;
++#else
++        Q_UNREACHABLE();
++#endif // DTLS1_2_VERSION
+         break;
+     case QSsl::TlsV1_3OrLater:
+ #ifdef TLS1_3_VERSION
+@@ -722,6 +738,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslC
      }
  #endif // ocsp
  
@@ -24,7 +64,7 @@
      QSharedPointer<SSL_CONF_CTX> cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free);
      if (cctx) {
          q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx);
-@@ -768,7 +773,9 @@ void QSslContext::applyBackendConfig(QSslContext *sslC
+@@ -768,7 +785,9 @@ void QSslContext::applyBackendConfig(QSslContext *sslC
              sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_finish() failed"));
              sslContext->errorCode = QSslError::UnspecifiedError;
          }
diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl__p.h b/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl__p.h
new file mode 100644
index 000000000000..7b54761a70db
--- /dev/null
+++ b/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl__p.h
@@ -0,0 +1,16 @@
+--- src/network/ssl/qsslcontext_openssl_p.h.orig	2022-06-22 10:58:13 UTC
++++ src/network/ssl/qsslcontext_openssl_p.h
+@@ -61,6 +61,13 @@
+ 
+ QT_BEGIN_NAMESPACE
+ 
++#ifndef DTLS_ANY_VERSION
++#define DTLS_ANY_VERSION 0x1FFFF
++#endif
++#ifndef TLS_ANY_VERSION
++#define TLS_ANY_VERSION 0x10000
++#endif
++
+ #ifndef QT_NO_SSL
+ 
+ class QSslContextPrivate;
diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp
index 22689b3fc546..692bcd61ab0d 100644
--- a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp
+++ b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp
@@ -1,4 +1,4 @@
---- src/network/ssl/qsslsocket_openssl.cpp.orig	2022-06-28 13:46:41 UTC
+--- src/network/ssl/qsslsocket_openssl.cpp.orig	2022-07-05 09:21:21 UTC
 +++ src/network/ssl/qsslsocket_openssl.cpp
 @@ -239,6 +239,12 @@ static int q_ssl_psk_use_session_callback(SSL *ssl, co
      return 1; // need to return 1 or else "the connection setup fails."
@@ -13,14 +13,24 @@
  int q_ssl_sess_set_new_cb(SSL *ssl, SSL_SESSION *session)
  {
      if (!ssl) {
-@@ -254,9 +260,7 @@ int q_ssl_sess_set_new_cb(SSL *ssl, SSL_SESSION *sessi
+@@ -254,10 +260,8 @@ int q_ssl_sess_set_new_cb(SSL *ssl, SSL_SESSION *sessi
                                                                   QSslSocketBackendPrivate::s_indexForSSLExtraData));
      return socketPrivate->handleNewSessionTicket(ssl);
  }
 -#endif // TLS1_3_VERSION
--
--#endif // !OPENSSL_NO_PSK
 +#endif
  
+-#endif // !OPENSSL_NO_PSK
+-
  #if QT_CONFIG(ocsp)
  
+ int qt_OCSP_status_server_callback(SSL *ssl, void *ocspRequest)
+@@ -653,7 +657,7 @@ bool QSslSocketBackendPrivate::initSslContext()
+     else if (mode == QSslSocket::SslServerMode)
+         q_SSL_set_psk_server_callback(ssl, &q_ssl_psk_server_callback);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10101006L
++#if OPENSSL_VERSION_NUMBER >= 0x10101006L && !defined(LIBRESSL_VERSION_NUMBER)
+     // Set the client callback for TLSv1.3 PSK
+     if (mode == QSslSocket::SslClientMode
+         && QSslSocket::sslLibraryBuildVersionNumber() >= 0x10101006L) {
diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp
index 66eca715c9b9..190292096559 100644
--- a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp
+++ b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp
@@ -1,6 +1,76 @@
---- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig	2022-06-28 10:13:07 UTC
+--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig	2022-07-05 09:21:21 UTC
 +++ src/network/ssl/qsslsocket_openssl_symbols.cpp
-@@ -355,12 +355,14 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a
+@@ -142,13 +142,18 @@ DEFINEFUNC2(int, OPENSSL_init_ssl, uint64_t opts, opts
+ DEFINEFUNC2(int, OPENSSL_init_crypto, uint64_t opts, opts, const OPENSSL_INIT_SETTINGS *settings, settings, return 0, return)
+ DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return nullptr, return)
+ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return nullptr, return)
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL
+ DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return)
++#endif
+ DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return)
+ DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return)
++#ifdef OPENSSL_NO_DEPRECATED_3_0
+ DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return)
+ DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return)
+ DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return)
++#endif // OPENSSL_NO_DEPRECATED_3_0
+ DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return)
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL
+ DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return)
+ DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return)
+ DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
+@@ -158,8 +163,18 @@ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a,
+ DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
+ DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
+ DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
++#else
++DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return)
++DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
++DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return)
++DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG)
++DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG)
++DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return nullptr, return)
++#endif // LIBRESSL_VERSION_NUMBER
++#ifdef SSL_SECOP_PEER
+ DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return)
+ DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return)
++#endif //SSL_SECOP_PEER
+ #ifdef TLS1_3_VERSION
+ DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
+ DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
+@@ -169,7 +184,9 @@ DEFINEFUNC(int, SSL_SESSION_is_resumable, const SSL_SE
+ DEFINEFUNC3(size_t, SSL_get_client_random, SSL *a, a, unsigned char *out, out, size_t outlen, outlen, return 0, return)
+ DEFINEFUNC3(size_t, SSL_SESSION_get_master_key, const SSL_SESSION *ses, ses, unsigned char *out, out, size_t outlen, outlen, return 0, return)
+ DEFINEFUNC6(int, CRYPTO_get_ex_new_index, int class_index, class_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC2(unsigned long, SSL_set_options, SSL *ssl, ssl, unsigned long op, op, return 0, return)
++#endif
+ 
+ DEFINEFUNC(const SSL_METHOD *, TLS_method, DUMMYARG, DUMMYARG, return nullptr, return)
+ DEFINEFUNC(const SSL_METHOD *, TLS_client_method, DUMMYARG, DUMMYARG, return nullptr, return)
+@@ -183,7 +200,11 @@ DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE
+ DEFINEFUNC3(int, X509_STORE_set_ex_data, X509_STORE *a, a, int idx, idx, void *data, data, return 0, return)
+ DEFINEFUNC2(void *, X509_STORE_get_ex_data, X509_STORE *r, r, int idx, idx, return nullptr, return)
+ DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return nullptr, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG)
++#else
++DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG)
++#endif
+ DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return)
+ DEFINEFUNC(const char *, OpenSSL_version, int a, a, return nullptr, return)
+ DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return)
+@@ -223,7 +244,9 @@ DEFINEFUNC5(int, OCSP_id_get0_info, ASN1_OCTET_STRING 
+             ASN1_OCTET_STRING **piKeyHash, piKeyHash, ASN1_INTEGER **pserial, pserial, OCSP_CERTID *cid, cid,
+             return 0, return)
+ DEFINEFUNC2(OCSP_RESPONSE *, OCSP_response_create, int status, status, OCSP_BASICRESP *bs, bs, return nullptr, return)
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL
+ DEFINEFUNC(const STACK_OF(X509) *, OCSP_resp_get0_certs, const OCSP_BASICRESP *bs, bs, return nullptr, return)
++#endif
+ DEFINEFUNC2(int, OCSP_id_cmp, OCSP_CERTID *a, a, OCSP_CERTID *b, b, return -1, return)
+ DEFINEFUNC7(OCSP_SINGLERESP *, OCSP_basic_add1_status, OCSP_BASICRESP *r, r, OCSP_CERTID *c, c, int s, s,
+             int re, re, ASN1_TIME *rt, rt, ASN1_TIME *t, t, ASN1_TIME *n, n, return nullptr, return)
+@@ -355,12 +378,14 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a
  DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return)
  DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
  DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return)
@@ -15,7 +85,99 @@
  DEFINEFUNC(void, SSL_free, SSL *a, a, return, DUMMYARG)
  DEFINEFUNC(STACK_OF(SSL_CIPHER) *, SSL_get_ciphers, const SSL *a, a, return nullptr, return)
  DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return nullptr, return)
-@@ -1066,12 +1068,14 @@ bool q_resolveOpenSslSymbols()
+@@ -385,7 +410,11 @@ DEFINEFUNC3(void, SSL_set_bio, SSL *a, a, BIO *b, b, B
+ DEFINEFUNC(void, SSL_set_accept_state, SSL *a, a, return, DUMMYARG)
+ DEFINEFUNC(void, SSL_set_connect_state, SSL *a, a, return, DUMMYARG)
+ DEFINEFUNC(int, SSL_shutdown, SSL *a, a, return -1, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(int, SSL_in_init, const SSL *a, a, return 0, return)
++#else
++DEFINEFUNC(int, SSL_state, const SSL *a, a, return 0, return)
++#endif
+ DEFINEFUNC(int, SSL_get_shutdown, const SSL *ssl, ssl, return 0, return)
+ DEFINEFUNC2(int, SSL_set_session, SSL* to, to, SSL_SESSION *session, session, return -1, return)
+ DEFINEFUNC(void, SSL_SESSION_free, SSL_SESSION *ses, ses, return, DUMMYARG)
+@@ -854,20 +883,35 @@ bool q_resolveOpenSslSymbols()
+     RESOLVEFUNC(ASN1_STRING_get0_data)
+     RESOLVEFUNC(EVP_CIPHER_CTX_reset)
+     RESOLVEFUNC(EVP_PKEY_up_ref)
++#ifdef OPENSSL_NO_DEPRECATED_3_0
+     RESOLVEFUNC(EVP_PKEY_CTX_new)
+     RESOLVEFUNC(EVP_PKEY_param_check)
+     RESOLVEFUNC(EVP_PKEY_CTX_free)
++#endif // OPENSSL_NO_DEPRECATED_3_0
+     RESOLVEFUNC(RSA_bits)
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL
+     RESOLVEFUNC(OPENSSL_sk_new_null)
+     RESOLVEFUNC(OPENSSL_sk_push)
+     RESOLVEFUNC(OPENSSL_sk_free)
+     RESOLVEFUNC(OPENSSL_sk_num)
+     RESOLVEFUNC(OPENSSL_sk_pop_free)
+     RESOLVEFUNC(OPENSSL_sk_value)
++#else
++    RESOLVEFUNC(sk_new_null)
++    RESOLVEFUNC(sk_push)
++    RESOLVEFUNC(sk_free)
++    RESOLVEFUNC(sk_num)
++    RESOLVEFUNC(sk_pop_free)
++    RESOLVEFUNC(sk_value)
++#endif
+     RESOLVEFUNC(DH_get0_pqg)
++#ifndef LIBRESSL_VERSION_NUMBER
+     RESOLVEFUNC(SSL_CTX_set_options)
++#endif
++#ifdef SSL_SECOP_PEER
+     RESOLVEFUNC(SSL_CTX_get_security_level)
+     RESOLVEFUNC(SSL_CTX_set_security_level)
++#endif //SSL_SECOP_PEER
+ #ifdef TLS1_3_VERSION
+     RESOLVEFUNC(SSL_CTX_set_ciphersuites)
+     RESOLVEFUNC(SSL_set_psk_use_session_callback)
+@@ -877,9 +921,13 @@ bool q_resolveOpenSslSymbols()
+ 
+     RESOLVEFUNC(SSL_get_client_random)
+     RESOLVEFUNC(SSL_SESSION_get_master_key)
++#ifndef LIBRESSL_VERSION_NUMBER
+     RESOLVEFUNC(SSL_session_reused)
++#endif
+     RESOLVEFUNC(SSL_get_session)
++#ifndef LIBRESSL_VERSION_NUMBER
+     RESOLVEFUNC(SSL_set_options)
++#endif
+     RESOLVEFUNC(CRYPTO_get_ex_new_index)
+     RESOLVEFUNC(TLS_method)
+     RESOLVEFUNC(TLS_client_method)
+@@ -906,7 +954,9 @@ bool q_resolveOpenSslSymbols()
+ 
+     RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
+     RESOLVEFUNC(DH_bits)
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL
+     RESOLVEFUNC(DSA_bits)
++#endif
+ 
+ #if QT_CONFIG(dtls)
+     RESOLVEFUNC(DTLSv1_listen)
+@@ -936,7 +986,9 @@ bool q_resolveOpenSslSymbols()
+     RESOLVEFUNC(OCSP_check_validity)
+     RESOLVEFUNC(OCSP_cert_to_id)
+     RESOLVEFUNC(OCSP_id_get0_info)
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL
+     RESOLVEFUNC(OCSP_resp_get0_certs)
++#endif
+     RESOLVEFUNC(OCSP_basic_sign)
+     RESOLVEFUNC(OCSP_response_create)
+     RESOLVEFUNC(i2d_OCSP_RESPONSE)
+@@ -973,7 +1025,9 @@ bool q_resolveOpenSslSymbols()
+     RESOLVEFUNC(EC_GROUP_get_degree)
+ #endif
+     RESOLVEFUNC(BN_num_bits)
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL
+     RESOLVEFUNC(BN_is_word)
++#endif
+     RESOLVEFUNC(BN_mod_word)
+     RESOLVEFUNC(DSA_new)
+     RESOLVEFUNC(DSA_free)
+@@ -1066,12 +1120,14 @@ bool q_resolveOpenSslSymbols()
      RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
      RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
      RESOLVEFUNC(SSL_CTX_get_cert_store);
@@ -30,3 +192,15 @@
      RESOLVEFUNC(SSL_accept)
      RESOLVEFUNC(SSL_clear)
      RESOLVEFUNC(SSL_connect)
+@@ -1099,7 +1155,11 @@ bool q_resolveOpenSslSymbols()
+     RESOLVEFUNC(SSL_set_bio)
+     RESOLVEFUNC(SSL_set_connect_state)
+     RESOLVEFUNC(SSL_shutdown)
++#ifndef LIBRESSL_VERSION_NUMBER
+     RESOLVEFUNC(SSL_in_init)
++#else
++    RESOLVEFUNC(SSL_state)
++#endif
+     RESOLVEFUNC(SSL_get_shutdown)
+     RESOLVEFUNC(SSL_set_session)
+     RESOLVEFUNC(SSL_SESSION_free)
diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h
index bea26f610007..6463a08c1d95 100644
--- a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h
+++ b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h
@@ -1,4 +1,4 @@
---- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig	2022-06-28 10:06:55 UTC
+--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig	2022-06-22 10:58:13 UTC
 +++ src/network/ssl/qsslsocket_openssl_symbols_p.h
 @@ -80,6 +80,13 @@ QT_BEGIN_NAMESPACE
  
@@ -14,7 +14,103 @@
  #if !defined QT_LINKED_OPENSSL
  // **************** Shared declarations ******************
  // ret func(arg)
-@@ -496,12 +503,14 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b);
+@@ -230,13 +237,20 @@ const unsigned char * q_ASN1_STRING_get0_data(const AS
+ Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a);
+ Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem();
+ 
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL
+ int q_DSA_bits(DSA *a);
++#else
++#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p)
++#endif
+ int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
+ Q_AUTOTEST_EXPORT int q_EVP_PKEY_up_ref(EVP_PKEY *a);
++#ifdef OPENSSL_NO_DEPRECATED_3_0
+ EVP_PKEY_CTX *q_EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+ void q_EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+ int q_EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
++#endif // OPENSSL_NO_DEPRECATED_3_0
+ int q_RSA_bits(RSA *a);
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL
+ Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a);
+ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *));
+ Q_AUTOTEST_EXPORT OPENSSL_STACK *q_OPENSSL_sk_new_null();
+@@ -245,6 +259,24 @@ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK
+ Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b);
+ int q_SSL_session_reused(SSL *a);
+ unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
++#else // LIBRESSL_VERSION_NUMBER
++int q_sk_num(STACK *a);
++#define q_OPENSSL_sk_num(a) q_sk_num(a)
++void q_sk_pop_free(STACK *a, void (*b)(void *));
++#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b)
++STACK *q_sk_new_null();
++#define q_OPENSSL_sk_new_null() q_sk_new_null()
++void q_sk_push(STACK *st, void *data);
++#define q_OPENSSL_sk_push(st, data) q_sk_push(st, data)
++void q_sk_free(STACK *a);
++#define q_OPENSSL_sk_free q_sk_free
++void *q_sk_value(STACK *a, int b);
++#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b)
++#define q_SSL_session_reused(ssl) \
++	q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)
++#define q_SSL_CTX_set_options(ctx, op) \
++	q_SSL_CTX_ctrl((ctx), SSL_CTRL_OPTIONS, (op), NULL)
++#endif // LIBRESSL_VERSION_NUMBER
+ int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+ size_t q_SSL_get_client_random(SSL *a, unsigned char *out, size_t outlen);
+ size_t q_SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen);
+@@ -268,8 +300,13 @@ int q_DH_bits(DH *dh);
+ # define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
+                                                        | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+ 
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL
+ #define q_SKM_sk_num(st) q_OPENSSL_sk_num((OPENSSL_STACK *)st)
+ #define q_SKM_sk_value(type, st,i) (type *)q_OPENSSL_sk_value((OPENSSL_STACK *)st, i)
++#else
++#define q_SKM_sk_num(st) q_sk_num((OPENSSL_STACK *)st)
++#define q_SKM_sk_value(type, st,i) (type *)q_sk_value((OPENSSL_STACK *)st, i)
++#endif // LIBRESSL_VERSION_NUMBER
+ 
+ #define q_OPENSSL_add_all_algorithms_conf()  q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+                                                                    | OPENSSL_INIT_ADD_ALL_DIGESTS \
+@@ -278,13 +315,22 @@ int q_DH_bits(DH *dh);
+                                                                     | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+ 
+ int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
++#ifndef LIBRESSL_VERSION_NUMBER
+ void q_CRYPTO_free(void *str, const char *file, int line);
++#else
++void q_CRYPTO_free(void *a);
++#endif
+ 
+ long q_OpenSSL_version_num();
+ const char *q_OpenSSL_version(int type);
+ 
+ unsigned long q_SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session);
++#ifndef LIBRESSL_VERSION_NUMBER
+ unsigned long q_SSL_set_options(SSL *s, unsigned long op);
++#else
++#define q_SSL_set_options(ssl, op) \
++	q_SSL_ctrl((ssl), SSL_CTRL_OPTIONS, (op), NULL)
++#endif
+ 
+ #ifdef TLS1_3_VERSION
+ int q_SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);
+@@ -373,7 +419,12 @@ BIO *q_BIO_new_mem_buf(void *a, int b);
+ int q_BIO_read(BIO *a, void *b, int c);
+ Q_AUTOTEST_EXPORT int q_BIO_write(BIO *a, const void *b, int c);
+ int q_BN_num_bits(const BIGNUM *a);
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL
+ int q_BN_is_word(BIGNUM *a, BN_ULONG w);
++#else
++#define q_BN_is_word(a, w) (((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) \
++		|| (((w) == 0) && ((a)->top == 0))) && (!(w) || !(a)->neg))
++#endif
+ BN_ULONG q_BN_mod_word(const BIGNUM *a, BN_ULONG w);
+ 
+ #ifndef OPENSSL_NO_EC
+@@ -496,12 +547,14 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b);
  int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b);
  int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
  X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
@@ -29,3 +125,39 @@
  void q_SSL_free(SSL *a);
  STACK_OF(SSL_CIPHER) *q_SSL_get_ciphers(const SSL *a);
  const SSL_CIPHER *q_SSL_get_current_cipher(SSL *a);
+@@ -517,7 +570,12 @@ void q_SSL_set_bio(SSL *a, BIO *b, BIO *c);
+ void q_SSL_set_accept_state(SSL *a);
+ void q_SSL_set_connect_state(SSL *a);
+ int q_SSL_shutdown(SSL *a);
++#ifndef LIBRESSL_VERSION_NUMBER
+ int q_SSL_in_init(const SSL *s);
++#else
++int q_SSL_state(const SSL *s);
++#define q_SSL_in_init(s) (q_SSL_state((s))&SSL_ST_INIT)
++#endif
+ int q_SSL_get_shutdown(const SSL *ssl);
+ int q_SSL_set_session(SSL *to, SSL_SESSION *session);
+ void q_SSL_SESSION_free(SSL_SESSION *ses);
+@@ -723,7 +781,11 @@ int q_OCSP_check_validity(ASN1_GENERALIZEDTIME *thisup
+ int q_OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, ASN1_OCTET_STRING **pikeyHash,
+                         ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+ 
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL
+ const STACK_OF(X509) *q_OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
++#else
++#define q_OCSP_resp_get0_certs(bs) ((bs)->certs)
++#endif
+ Q_AUTOTEST_EXPORT OCSP_CERTID *q_OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
+ Q_AUTOTEST_EXPORT void q_OCSP_CERTID_free(OCSP_CERTID *cid);
+ int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+@@ -743,8 +805,10 @@ int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+ void *q_CRYPTO_malloc(size_t num, const char *file, int line);
+ #define q_OPENSSL_malloc(num) q_CRYPTO_malloc(num, "", 0)
+ 
++#ifdef SSL_SECOP_PEER
+ int q_SSL_CTX_get_security_level(const SSL_CTX *ctx);
+ void q_SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
++#endif //SSL_SECOP_PEER
+ 
+ // Here we have the ones that make difference between OpenSSL pre/post v3:
+ #if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202207240827.26O8RPvN023582>