Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 7 Oct 2018 20:39:12 +0000 (UTC)
From:      Adriaan de Groot <adridg@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r481493 - in head/net/qt4-network: . files
Message-ID:  <201810072039.w97KdCvr017333@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: adridg
Date: Sun Oct  7 20:39:11 2018
New Revision: 481493
URL: https://svnweb.freebsd.org/changeset/ports/481493

Log:
  Fix build of legacy Qt4-network port with OpenSSL 1.1.1 for future
  changes in base. (Tested in a 12-CURRENT VM with ^/projects/openssl111
  worls, and in an 11-STABLE VM with the old situation).
  
  Thanks to brnrd@ for chasing this for a long time, and the original submitter.
  
  Specific credits for obtained-from are in the PR.
  
  PR:		214691
  Submitted by:	Melvyn Sopacua
  Reviewed by:	brnrd
  Obtained from:	richmoore

Added:
  head/net/qt4-network/files/patch-src_network_ssl_qsslcertificate.cpp   (contents, props changed)
  head/net/qt4-network/files/patch-src_network_ssl_qsslkey.cpp   (contents, props changed)
  head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h   (contents, props changed)
Modified:
  head/net/qt4-network/Makefile
  head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp

Modified: head/net/qt4-network/Makefile
==============================================================================
--- head/net/qt4-network/Makefile	Sun Oct  7 20:25:16 2018	(r481492)
+++ head/net/qt4-network/Makefile	Sun Oct  7 20:39:11 2018	(r481493)
@@ -3,7 +3,7 @@
 
 PORTNAME=	network
 DISTVERSION=	${QT4_VERSION}
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	net ipv6
 PKGNAMEPREFIX=	qt4-
 
@@ -12,9 +12,6 @@ COMMENT=	Qt network module
 
 LICENSE=	GPLv3 LGPL21 LGPL3 GFDL
 LICENSE_COMB=	dual
-
-BROKEN_SSL=	openssl-devel
-BROKEN_SSL_REASON_openssl-devel=	error: member access into incomplete type 'RSA' (aka 'rsa_st')
 
 RUN_DEPENDS=	${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss
 

Added: head/net/qt4-network/files/patch-src_network_ssl_qsslcertificate.cpp
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/qt4-network/files/patch-src_network_ssl_qsslcertificate.cpp	Sun Oct  7 20:39:11 2018	(r481493)
@@ -0,0 +1,80 @@
+--- src/network/ssl/qsslcertificate.cpp.orig	2015-05-07 14:14:44 UTC
++++ src/network/ssl/qsslcertificate.cpp
+@@ -260,8 +260,13 @@ QByteArray QSslCertificate::version() co
+ {
+     QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
+     if (d->versionString.isEmpty() && d->x509)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++	d->versionString =
++	    QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1);
++#else
+         d->versionString =
+             QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
++#endif
+ 
+     return d->versionString;
+ }
+@@ -276,7 +281,11 @@ QByteArray QSslCertificate::serialNumber
+ {
+     QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
+     if (d->serialNumberString.isEmpty() && d->x509) {
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++	ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509);
++#else
+         ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
++#endif
+         // if we cannot convert to a long, just output the hexadecimal number
+         if (serialNumber->length > 4) {
+             QByteArray hexString;
+@@ -489,19 +498,37 @@ QSslKey QSslCertificate::publicKey() con
+     QSslKey key;
+ 
+     key.d->type = QSsl::PublicKey;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    EVP_PKEY *pkey = q_X509_get_pubkey(d->x509);
++#else
+     X509_PUBKEY *xkey = d->x509->cert_info->key;
+     EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);
++#endif
+     Q_ASSERT(pkey);
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    int keyType = q_EVP_PKEY_type(q_EVP_PKEY_base_id(pkey));
++
++    if (keyType == EVP_PKEY_RSA) {
++#else
+     if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {
++#endif
+         key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);
+         key.d->algorithm = QSsl::Rsa;
+         key.d->isNull = false;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    } else if (keyType == EVP_PKEY_DSA) {
++#else
+     } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
++#endif
+         key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);
+         key.d->algorithm = QSsl::Dsa;
+         key.d->isNull = false;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    } else if (keyType == EVP_PKEY_DH) {
++#else
+     } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {
++#endif
+         // DH unsupported
+     } else {
+         // error?
+@@ -698,8 +725,13 @@ QSslCertificate QSslCertificatePrivate::
+     if (!x509 || !QSslSocket::supportsSsl())
+         return certificate;
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    const ASN1_TIME *nbef = q_X509_get0_notBefore(x509);
++    const ASN1_TIME *naft = q_X509_get0_notAfter(x509);
++#else
+     ASN1_TIME *nbef = q_X509_get_notBefore(x509);
+     ASN1_TIME *naft = q_X509_get_notAfter(x509);
++#endif
+     certificate.d->notValidBefore = q_getTimeFromASN1(nbef);
+     certificate.d->notValidAfter = q_getTimeFromASN1(naft);
+     certificate.d->null = false;

Added: head/net/qt4-network/files/patch-src_network_ssl_qsslkey.cpp
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/qt4-network/files/patch-src_network_ssl_qsslkey.cpp	Sun Oct  7 20:39:11 2018	(r481493)
@@ -0,0 +1,16 @@
+--- src/network/ssl/qsslkey.cpp.orig	2015-05-07 14:14:44 UTC
++++ src/network/ssl/qsslkey.cpp
+@@ -321,8 +321,13 @@ int QSslKey::length() const
+ {
+     if (d->isNull)
+         return -1;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000
++    return (d->algorithm == QSsl::Rsa)
++	   ? q_RSA_bits(d->rsa) : q_DSA_bits(d->dsa);
++#else
+     return (d->algorithm == QSsl::Rsa)
+            ? q_BN_num_bits(d->rsa->n) : q_BN_num_bits(d->dsa->p);
++#endif
+ }
+ 
+ /*!

Modified: head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp
==============================================================================
--- head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp	Sun Oct  7 20:25:16 2018	(r481492)
+++ head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp	Sun Oct  7 20:39:11 2018	(r481493)
@@ -1,8 +1,31 @@
 * Make availability of SSLv3 in Qt4 same as in Qt5, i.e. not part of SecureProtocols
 *
+ 
 --- src/network/ssl/qsslsocket_openssl.cpp.orig	2015-05-07 14:14:44 UTC
 +++ src/network/ssl/qsslsocket_openssl.cpp
-@@ -267,9 +267,13 @@ init_context:
+@@ -222,9 +222,12 @@ QSslCipher QSslSocketBackendPrivate::QSs
+             ciph.d->encryptionMethod = descriptionList.at(4).mid(4);
+         ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export"));
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+         ciph.d->bits = cipher->strength_bits;
+         ciph.d->supportedBits = cipher->alg_bits;
+-
++#else
++        ciph.d->bits = q_SSL_CIPHER_get_bits(cipher, &ciph.d->supportedBits);
++#endif
+     }
+     return ciph;
+ }
+@@ -260,16 +263,20 @@ bool QSslSocketBackendPrivate::initSslCo
+ init_context:
+     switch (configuration.protocol) {
+     case QSsl::SslV2:
+-#ifndef OPENSSL_NO_SSL2
++#if OPENSSL_VERSION_NUMBER <= 0x1010000L && !defined(OPENSSL_NO_SSL2)
+         ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method());
+ #else
+         ctx = 0; // SSL 2 not supported by the system, but chosen deliberately -> error
  #endif
          break;
      case QSsl::SslV3:
@@ -17,7 +40,7 @@
      case QSsl::TlsV1SslV3: // SslV2 will be disabled below
      case QSsl::AnyProtocol:
      default:
-@@ -297,8 +301,10 @@ init_context:
+@@ -297,8 +304,10 @@ init_context:
  
      // Enable bug workarounds.
      long options;
@@ -28,4 +51,32 @@
 +        options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
      else
          options = SSL_OP_ALL;
+ 
+@@ -363,7 +372,7 @@ init_context:
+         //
+         // See also: QSslContext::fromConfiguration()
+         if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) {
+-            q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle());
++            q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509 *)caCertificate.handle());
+         }
+     }
+ 
+@@ -659,13 +668,11 @@ void QSslSocketPrivate::resetDefaultCiph
+     STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl);
+     for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) {
+         if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
+-            if (cipher->valid) {
+-                QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
+-                if (!ciph.isNull()) {
+-                    if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
+-                        ciphers << ciph;
+-                }
+-            }
++	    QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
++	    if (!ciph.isNull()) {
++               if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
++		    ciphers << ciph;
++	    }
+         }
+     }
  

Added: head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h	Sun Oct  7 20:39:11 2018	(r481493)
@@ -0,0 +1,95 @@
+--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig	2015-05-07 14:14:44 UTC
++++ src/network/ssl/qsslsocket_openssl_symbols_p.h
+@@ -218,6 +218,9 @@ void q_CRYPTO_set_locking_callback(void 
+ void q_CRYPTO_set_id_callback(unsigned long (*a)());
+ void q_CRYPTO_free(void *a);
+ void q_DSA_free(DSA *a);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++int q_DSA_bits(DSA *a);
++#endif
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ // 0.9.8 broke SC and BC by changing this function's signature.
+ X509 *q_d2i_X509(X509 **a, const unsigned char **b, long c);
+@@ -227,12 +230,18 @@ X509 *q_d2i_X509(X509 **a, unsigned char
+ char *q_ERR_error_string(unsigned long a, char *b);
+ unsigned long q_ERR_get_error();
+ const EVP_CIPHER *q_EVP_des_ede3_cbc();
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++const EVP_MD *q_EVP_sha1();
++#endif
+ int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c);
+ int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b);
+ int q_EVP_PKEY_set1_DSA(EVP_PKEY *a, DSA *b);
+ void q_EVP_PKEY_free(EVP_PKEY *a);
+ RSA *q_EVP_PKEY_get1_RSA(EVP_PKEY *a);
+ DSA *q_EVP_PKEY_get1_DSA(EVP_PKEY *a);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++int q_EVP_PKEY_base_id(EVP_PKEY *a);
++#endif
+ int q_EVP_PKEY_type(int a);
+ EVP_PKEY *q_EVP_PKEY_new();
+ int q_i2d_X509(X509 *a, unsigned char **b);
+@@ -258,6 +267,9 @@ int q_PEM_write_bio_RSA_PUBKEY(BIO *a, R
+ void q_RAND_seed(const void *a, int b);
+ int q_RAND_status();
+ void q_RSA_free(RSA *a);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++int q_RSA_bits(RSA *a);
++#endif
+ int q_sk_num(STACK *a);
+ void q_sk_pop_free(STACK *a, void (*b)(void *));
+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L
+@@ -270,6 +282,9 @@ char * q_sk_value(STACK *a, int b);
+ int q_SSL_accept(SSL *a);
+ int q_SSL_clear(SSL *a);
+ char *q_SSL_CIPHER_description(SSL_CIPHER *a, char *b, int c);
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++int q_SSL_CIPHER_get_bits(SSL_CIPHER *a, int *b);
++#endif
+ int q_SSL_connect(SSL *a);
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ // 0.9.8 broke SC and BC by changing this function's signature.
+@@ -293,6 +308,7 @@ int q_SSL_CTX_use_certificate_file(SSL_C
+ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b);
+ int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b);
+ int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
++X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
+ void q_SSL_free(SSL *a);
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ // 0.9.8 broke SC and BC by changing this function's signature.
+@@ -353,6 +369,9 @@ void *q_ASN1_dup(i2d_of_void *i2d, d2i_o
+ #else
+ X509 *q_X509_dup(X509 *a);
+ #endif
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++int q_X509_digest(const X509 *x509, const EVP_MD *type, unsigned char *md, unsigned int *len);
++#endif
+ ASN1_OBJECT *q_X509_EXTENSION_get_object(X509_EXTENSION *a);
+ void q_X509_free(X509 *a);
+ X509_EXTENSION *q_X509_get_ext(X509 *a, int b);
+@@ -360,6 +379,13 @@ int q_X509_get_ext_count(X509 *a);
+ void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d);
+ X509_NAME *q_X509_get_issuer_name(X509 *a);
+ X509_NAME *q_X509_get_subject_name(X509 *a);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++long q_X509_get_version(X509 *a);
++ASN1_INTEGER *q_X509_get_serialNumber(X509 *a);
++EVP_PKEY *q_X509_get_pubkey(X509 *a);
++const ASN1_TIME *q_X509_get0_notBefore(X509 *a);
++const ASN1_TIME *q_X509_get0_notAfter(X509 *a);
++#endif
+ int q_X509_verify_cert(X509_STORE_CTX *ctx);
+ int q_X509_NAME_entry_count(X509_NAME *a);
+ X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b);
+@@ -399,7 +425,11 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsign
+ 		PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\
+ 			bp,(char *)x,enc,kstr,klen,cb,u)
+ #endif
++#if OPENSSL_VERSION_NUMBER <= 0x10100000L
+ #define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
++#else
++unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
++#endif
+ #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
+ #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
+ #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st))



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810072039.w97KdCvr017333>