From owner-svn-ports-all@freebsd.org Sun Oct 7 20:39:13 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9E40F10CBE5B; Sun, 7 Oct 2018 20:39:13 +0000 (UTC) (envelope-from adridg@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 418BB935D3; Sun, 7 Oct 2018 20:39:13 +0000 (UTC) (envelope-from adridg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 36C5418E21; Sun, 7 Oct 2018 20:39:13 +0000 (UTC) (envelope-from adridg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w97KdCr6017337; Sun, 7 Oct 2018 20:39:12 GMT (envelope-from adridg@FreeBSD.org) Received: (from adridg@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w97KdCvr017333; Sun, 7 Oct 2018 20:39:12 GMT (envelope-from adridg@FreeBSD.org) Message-Id: <201810072039.w97KdCvr017333@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: adridg set sender to adridg@FreeBSD.org using -f From: Adriaan de Groot Date: Sun, 7 Oct 2018 20:39:12 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r481493 - in head/net/qt4-network: . files X-SVN-Group: ports-head X-SVN-Commit-Author: adridg X-SVN-Commit-Paths: in head/net/qt4-network: . files X-SVN-Commit-Revision: 481493 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Oct 2018 20:39:14 -0000 Author: adridg Date: Sun Oct 7 20:39:11 2018 New Revision: 481493 URL: https://svnweb.freebsd.org/changeset/ports/481493 Log: Fix build of legacy Qt4-network port with OpenSSL 1.1.1 for future changes in base. (Tested in a 12-CURRENT VM with ^/projects/openssl111 worls, and in an 11-STABLE VM with the old situation). Thanks to brnrd@ for chasing this for a long time, and the original submitter. Specific credits for obtained-from are in the PR. PR: 214691 Submitted by: Melvyn Sopacua Reviewed by: brnrd Obtained from: richmoore Added: head/net/qt4-network/files/patch-src_network_ssl_qsslcertificate.cpp (contents, props changed) head/net/qt4-network/files/patch-src_network_ssl_qsslkey.cpp (contents, props changed) head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h (contents, props changed) Modified: head/net/qt4-network/Makefile head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp Modified: head/net/qt4-network/Makefile ============================================================================== --- head/net/qt4-network/Makefile Sun Oct 7 20:25:16 2018 (r481492) +++ head/net/qt4-network/Makefile Sun Oct 7 20:39:11 2018 (r481493) @@ -3,7 +3,7 @@ PORTNAME= network DISTVERSION= ${QT4_VERSION} -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= net ipv6 PKGNAMEPREFIX= qt4- @@ -12,9 +12,6 @@ COMMENT= Qt network module LICENSE= GPLv3 LGPL21 LGPL3 GFDL LICENSE_COMB= dual - -BROKEN_SSL= openssl-devel -BROKEN_SSL_REASON_openssl-devel= error: member access into incomplete type 'RSA' (aka 'rsa_st') RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss Added: head/net/qt4-network/files/patch-src_network_ssl_qsslcertificate.cpp ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/qt4-network/files/patch-src_network_ssl_qsslcertificate.cpp Sun Oct 7 20:39:11 2018 (r481493) @@ -0,0 +1,80 @@ +--- src/network/ssl/qsslcertificate.cpp.orig 2015-05-07 14:14:44 UTC ++++ src/network/ssl/qsslcertificate.cpp +@@ -260,8 +260,13 @@ QByteArray QSslCertificate::version() co + { + QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); + if (d->versionString.isEmpty() && d->x509) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ d->versionString = ++ QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1); ++#else + d->versionString = + QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1); ++#endif + + return d->versionString; + } +@@ -276,7 +281,11 @@ QByteArray QSslCertificate::serialNumber + { + QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); + if (d->serialNumberString.isEmpty() && d->x509) { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509); ++#else + ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber; ++#endif + // if we cannot convert to a long, just output the hexadecimal number + if (serialNumber->length > 4) { + QByteArray hexString; +@@ -489,19 +498,37 @@ QSslKey QSslCertificate::publicKey() con + QSslKey key; + + key.d->type = QSsl::PublicKey; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_PKEY *pkey = q_X509_get_pubkey(d->x509); ++#else + X509_PUBKEY *xkey = d->x509->cert_info->key; + EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey); ++#endif + Q_ASSERT(pkey); + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ int keyType = q_EVP_PKEY_type(q_EVP_PKEY_base_id(pkey)); ++ ++ if (keyType == EVP_PKEY_RSA) { ++#else + if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) { ++#endif + key.d->rsa = q_EVP_PKEY_get1_RSA(pkey); + key.d->algorithm = QSsl::Rsa; + key.d->isNull = false; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ } else if (keyType == EVP_PKEY_DSA) { ++#else + } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { ++#endif + key.d->dsa = q_EVP_PKEY_get1_DSA(pkey); + key.d->algorithm = QSsl::Dsa; + key.d->isNull = false; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ } else if (keyType == EVP_PKEY_DH) { ++#else + } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) { ++#endif + // DH unsupported + } else { + // error? +@@ -698,8 +725,13 @@ QSslCertificate QSslCertificatePrivate:: + if (!x509 || !QSslSocket::supportsSsl()) + return certificate; + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ const ASN1_TIME *nbef = q_X509_get0_notBefore(x509); ++ const ASN1_TIME *naft = q_X509_get0_notAfter(x509); ++#else + ASN1_TIME *nbef = q_X509_get_notBefore(x509); + ASN1_TIME *naft = q_X509_get_notAfter(x509); ++#endif + certificate.d->notValidBefore = q_getTimeFromASN1(nbef); + certificate.d->notValidAfter = q_getTimeFromASN1(naft); + certificate.d->null = false; Added: head/net/qt4-network/files/patch-src_network_ssl_qsslkey.cpp ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/qt4-network/files/patch-src_network_ssl_qsslkey.cpp Sun Oct 7 20:39:11 2018 (r481493) @@ -0,0 +1,16 @@ +--- src/network/ssl/qsslkey.cpp.orig 2015-05-07 14:14:44 UTC ++++ src/network/ssl/qsslkey.cpp +@@ -321,8 +321,13 @@ int QSslKey::length() const + { + if (d->isNull) + return -1; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++ return (d->algorithm == QSsl::Rsa) ++ ? q_RSA_bits(d->rsa) : q_DSA_bits(d->dsa); ++#else + return (d->algorithm == QSsl::Rsa) + ? q_BN_num_bits(d->rsa->n) : q_BN_num_bits(d->dsa->p); ++#endif + } + + /*! Modified: head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp ============================================================================== --- head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp Sun Oct 7 20:25:16 2018 (r481492) +++ head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp Sun Oct 7 20:39:11 2018 (r481493) @@ -1,8 +1,31 @@ * Make availability of SSLv3 in Qt4 same as in Qt5, i.e. not part of SecureProtocols * + --- src/network/ssl/qsslsocket_openssl.cpp.orig 2015-05-07 14:14:44 UTC +++ src/network/ssl/qsslsocket_openssl.cpp -@@ -267,9 +267,13 @@ init_context: +@@ -222,9 +222,12 @@ QSslCipher QSslSocketBackendPrivate::QSs + ciph.d->encryptionMethod = descriptionList.at(4).mid(4); + ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export")); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + ciph.d->bits = cipher->strength_bits; + ciph.d->supportedBits = cipher->alg_bits; +- ++#else ++ ciph.d->bits = q_SSL_CIPHER_get_bits(cipher, &ciph.d->supportedBits); ++#endif + } + return ciph; + } +@@ -260,16 +263,20 @@ bool QSslSocketBackendPrivate::initSslCo + init_context: + switch (configuration.protocol) { + case QSsl::SslV2: +-#ifndef OPENSSL_NO_SSL2 ++#if OPENSSL_VERSION_NUMBER <= 0x1010000L && !defined(OPENSSL_NO_SSL2) + ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); + #else + ctx = 0; // SSL 2 not supported by the system, but chosen deliberately -> error #endif break; case QSsl::SslV3: @@ -17,7 +40,7 @@ case QSsl::TlsV1SslV3: // SslV2 will be disabled below case QSsl::AnyProtocol: default: -@@ -297,8 +301,10 @@ init_context: +@@ -297,8 +304,10 @@ init_context: // Enable bug workarounds. long options; @@ -28,4 +51,32 @@ + options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3; else options = SSL_OP_ALL; + +@@ -363,7 +372,7 @@ init_context: + // + // See also: QSslContext::fromConfiguration() + if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) { +- q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle()); ++ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509 *)caCertificate.handle()); + } + } + +@@ -659,13 +668,11 @@ void QSslSocketPrivate::resetDefaultCiph + STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl); + for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) { + if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) { +- if (cipher->valid) { +- QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher); +- if (!ciph.isNull()) { +- if (!ciph.name().toLower().startsWith(QLatin1String("adh"))) +- ciphers << ciph; +- } +- } ++ QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher); ++ if (!ciph.isNull()) { ++ if (!ciph.name().toLower().startsWith(QLatin1String("adh"))) ++ ciphers << ciph; ++ } + } + } Added: head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h Sun Oct 7 20:39:11 2018 (r481493) @@ -0,0 +1,95 @@ +--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2015-05-07 14:14:44 UTC ++++ src/network/ssl/qsslsocket_openssl_symbols_p.h +@@ -218,6 +218,9 @@ void q_CRYPTO_set_locking_callback(void + void q_CRYPTO_set_id_callback(unsigned long (*a)()); + void q_CRYPTO_free(void *a); + void q_DSA_free(DSA *a); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++int q_DSA_bits(DSA *a); ++#endif + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + // 0.9.8 broke SC and BC by changing this function's signature. + X509 *q_d2i_X509(X509 **a, const unsigned char **b, long c); +@@ -227,12 +230,18 @@ X509 *q_d2i_X509(X509 **a, unsigned char + char *q_ERR_error_string(unsigned long a, char *b); + unsigned long q_ERR_get_error(); + const EVP_CIPHER *q_EVP_des_ede3_cbc(); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++const EVP_MD *q_EVP_sha1(); ++#endif + int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c); + int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b); + int q_EVP_PKEY_set1_DSA(EVP_PKEY *a, DSA *b); + void q_EVP_PKEY_free(EVP_PKEY *a); + RSA *q_EVP_PKEY_get1_RSA(EVP_PKEY *a); + DSA *q_EVP_PKEY_get1_DSA(EVP_PKEY *a); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++int q_EVP_PKEY_base_id(EVP_PKEY *a); ++#endif + int q_EVP_PKEY_type(int a); + EVP_PKEY *q_EVP_PKEY_new(); + int q_i2d_X509(X509 *a, unsigned char **b); +@@ -258,6 +267,9 @@ int q_PEM_write_bio_RSA_PUBKEY(BIO *a, R + void q_RAND_seed(const void *a, int b); + int q_RAND_status(); + void q_RSA_free(RSA *a); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++int q_RSA_bits(RSA *a); ++#endif + int q_sk_num(STACK *a); + void q_sk_pop_free(STACK *a, void (*b)(void *)); + #if OPENSSL_VERSION_NUMBER >= 0x10000000L +@@ -270,6 +282,9 @@ char * q_sk_value(STACK *a, int b); + int q_SSL_accept(SSL *a); + int q_SSL_clear(SSL *a); + char *q_SSL_CIPHER_description(SSL_CIPHER *a, char *b, int c); ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++int q_SSL_CIPHER_get_bits(SSL_CIPHER *a, int *b); ++#endif + int q_SSL_connect(SSL *a); + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + // 0.9.8 broke SC and BC by changing this function's signature. +@@ -293,6 +308,7 @@ int q_SSL_CTX_use_certificate_file(SSL_C + int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b); + int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b); + int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c); ++X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a); + void q_SSL_free(SSL *a); + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + // 0.9.8 broke SC and BC by changing this function's signature. +@@ -353,6 +369,9 @@ void *q_ASN1_dup(i2d_of_void *i2d, d2i_o + #else + X509 *q_X509_dup(X509 *a); + #endif ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++int q_X509_digest(const X509 *x509, const EVP_MD *type, unsigned char *md, unsigned int *len); ++#endif + ASN1_OBJECT *q_X509_EXTENSION_get_object(X509_EXTENSION *a); + void q_X509_free(X509 *a); + X509_EXTENSION *q_X509_get_ext(X509 *a, int b); +@@ -360,6 +379,13 @@ int q_X509_get_ext_count(X509 *a); + void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d); + X509_NAME *q_X509_get_issuer_name(X509 *a); + X509_NAME *q_X509_get_subject_name(X509 *a); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++long q_X509_get_version(X509 *a); ++ASN1_INTEGER *q_X509_get_serialNumber(X509 *a); ++EVP_PKEY *q_X509_get_pubkey(X509 *a); ++const ASN1_TIME *q_X509_get0_notBefore(X509 *a); ++const ASN1_TIME *q_X509_get0_notAfter(X509 *a); ++#endif + int q_X509_verify_cert(X509_STORE_CTX *ctx); + int q_X509_NAME_entry_count(X509_NAME *a); + X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b); +@@ -399,7 +425,11 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsign + PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\ + bp,(char *)x,enc,kstr,klen,cb,u) + #endif ++#if OPENSSL_VERSION_NUMBER <= 0x10100000L + #define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) ++#else ++unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); ++#endif + #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) + #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i) + #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st))