Attachment #190660 for bug #225929

Lines 2-9 Link Here

(-)b/devel/qca/Makefile (-2 / +1 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= qca	4	PORTNAME= qca
5	PORTVERSION= 2.1.1	5	PORTVERSION= 2.1.3
6	PORTREVISION= 1
7	CATEGORIES= devel	6	CATEGORIES= devel
8	MASTER_SITES= KDE/stable/qca/${PORTVERSION}/src	7	MASTER_SITES= KDE/stable/qca/${PORTVERSION}/src
9		8

From 601fd3a05141c614ae48a3ddac44194d669eaae1 Mon Sep 17 00:00:00 2001
From: Rolf Eike Beer <eb@emlix.com>
Date: Mon, 27 Jun 2016 12:55:51 +0200
Subject: fix base64 decoding on ARM

This code was broken on ARM and other architectures where "char" is unsigned by
default.

First, it breaks with newer compilers with errors like:

  .../src/qca_textfilter.cpp:314:2: error: narrowing conversion of '-1' from 'int' to 'char' inside { } [-Wnarrowing]

Second, if the compiler would just allow this conversion then the unsigned char
would hold 255, which would not be sign extended when cast to an int later, so
all the checks "< 0" will never trigger, and so invalid input characters cannot
be detected.

REVIEW:128295
BUG:364495
---
 src/qca_textfilter.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qca_textfilter.cpp b/src/qca_textfilter.cpp
index 9889a24..3baf511 100644
--- src/qca_textfilter.cpp
+++ src/qca_textfilter.cpp
@@ -293,7 +293,7 @@ static QByteArray b64decode(const QByteArray &s, bool *ok)
 	// 64 specifies eof
 	// everything else specifies data

-	static char tbl[] =
+	static signed char tbl[] =
 	{
 		-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
 		-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-- 
cgit v0.11.2




qca-ossl: Fix build without support for SHA-0 
https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156

LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha 
anymore. 
Wikipedia says about SHA-0: "160-bit hash function published in 1993 
under the name SHA. It was withdrawn shortly after publication due to 
an undisclosed "significant flaw" and replaced by the slightly revised 
version SHA-1.' 

REVIEW: 125387 

--- plugins/qca-ossl/CMakeLists.txt.orig
+++ plugins/qca-ossl/CMakeLists.txt
@@ -24,6 +24,13 @@
   else(HAVE_OPENSSL_AES_CTR)
     message(WARNING "qca-ossl will be compiled without AES CTR mode encryption support")
   endif(HAVE_OPENSSL_AES_CTR)
+
+  check_function_exists(EVP_sha HAVE_OPENSSL_SHA0)
+  if(HAVE_OPENSSL_SHA0)
+    add_definitions(-DHAVE_OPENSSL_SHA0)
+  else(HAVE_OPENSSL_SHA0)
+    message(WARNING "qca-ossl will be compiled without SHA-0 digest algorithm support")
+  endif(HAVE_OPENSSL_SHA0)
 
   set(QCA_OSSL_SOURCES qca-ossl.cpp)
 




qca-ossl: Fix build without SSLv3
http://quickgit.kde.org/?p=qca.git&a=commit&h=20a587d77636186edb044cd2b71d6d90fe98d232

This fixes building with LibreSSL >= 2.3.0 which has removed support
for SSLv3 completely. As far as I know OpenSSL can be configured to
build without it, so it might be helpful there as well.

REVIEW: 125386

qca-ossl: Fix build without support for SHA-0
https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156

LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha
anymore.
Wikipedia says about SHA-0: "160-bit hash function published in 1993
under the name SHA. It was withdrawn shortly after publication due to
an undisclosed "significant flaw" and replaced by the slightly revised
version SHA-1.'

REVIEW: 125387

Also includes:
qca-ossl: Remove SHA0 from all_hash_types() when it is not available.
https://git.reviewboard.kde.org/r/128700/

--- plugins/qca-ossl/qca-ossl.cpp.orig	2015-10-02 09:39:21 UTC
+++ plugins/qca-ossl/qca-ossl.cpp
@@ -5403,9 +5403,11 @@ public:
 			ctx = SSL_CTX_new(SSLv2_client_method());
 			break;
 #endif
+#ifndef OPENSSL_NO_SSL3_METHOD
 		case TLS::SSL_v3:
 			ctx = SSL_CTX_new(SSLv3_client_method());
 			break;
+#endif
 		case TLS::TLS_v1:
 			ctx = SSL_CTX_new(TLSv1_client_method());
 			break;
@@ -5805,7 +5807,11 @@ public:
 	{
 		SessionInfo sessInfo;
 
-		sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session));
+#ifndef OPENSSL_NO_COMP
+		sessInfo.isCompressed = (0 != ssl->session->compress_meth);
+#else
+		sessInfo.isCompressed = 0;
+#endif
 
 		if (ssl->version == TLS1_VERSION)
 			sessInfo.version = TLS::TLS_v1;
@@ -6880,7 +6886,9 @@ static QStringList all_hash_types()
 {
 	QStringList list;
 	list += "sha1";
+#ifdef HAVE_OPENSSL_SHA0
 	list += "sha0";
+#endif
 	list += "ripemd160";
 #ifdef HAVE_OPENSSL_MD2
 	list += "md2";
@@ -7133,8 +7141,10 @@ public:
 			return new opensslInfoContext(this);
 		else if ( type == "sha1" )
 			return new opensslHashContext( EVP_sha1(), this, type);
+#ifdef HAVE_OPENSSL_SHA0
 		else if ( type == "sha0" )
 			return new opensslHashContext( EVP_sha(), this, type);
+#endif
 		else if ( type == "ripemd160" )
 			return new opensslHashContext( EVP_ripemd160(), this, type);
 #ifdef HAVE_OPENSSL_MD2

Return to bug 225929

Removed Link Here

(-)a/devel/qca/files/patch-git_601fd3 (-39 lines)
1	From 601fd3a05141c614ae48a3ddac44194d669eaae1 Mon Sep 17 00:00:00 2001
2	From: Rolf Eike Beer <eb@emlix.com>
3	Date: Mon, 27 Jun 2016 12:55:51 +0200
4	Subject: fix base64 decoding on ARM
5
6	This code was broken on ARM and other architectures where "char" is unsigned by
7	default.
8
9	First, it breaks with newer compilers with errors like:
10
11	.../src/qca_textfilter.cpp:314:2: error: narrowing conversion of '-1' from 'int' to 'char' inside { } [-Wnarrowing]
12
13	Second, if the compiler would just allow this conversion then the unsigned char
14	would hold 255, which would not be sign extended when cast to an int later, so
15	all the checks "< 0" will never trigger, and so invalid input characters cannot
16	be detected.
17
18	REVIEW:128295
19	BUG:364495
20	---
21	src/qca_textfilter.cpp \| 2 +-
22	1 file changed, 1 insertion(+), 1 deletion(-)
23
24	diff --git a/src/qca_textfilter.cpp b/src/qca_textfilter.cpp
25	index 9889a24..3baf511 100644
26	--- src/qca_textfilter.cpp
27	+++ src/qca_textfilter.cpp
28	@@ -293,7 +293,7 @@ static QByteArray b64decode(const QByteArray &s, bool *ok)
29	// 64 specifies eof
30	// everything else specifies data
31
32	- static char tbl[] =
33	+ static signed char tbl[] =
34	{
35	-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
36	-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
37	--
38	cgit v0.11.2
39

Removed Link Here

(-)a/devel/qca/files/patch-plugins_qca-ossl_CMakeLists.txt (-28 lines)
1	qca-ossl: Fix build without support for SHA-0
2	https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156
3
4	LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha
5	anymore.
6	Wikipedia says about SHA-0: "160-bit hash function published in 1993
7	under the name SHA. It was withdrawn shortly after publication due to
8	an undisclosed "significant flaw" and replaced by the slightly revised
9	version SHA-1.'
10
11	REVIEW: 125387
12
13	--- plugins/qca-ossl/CMakeLists.txt.orig
14	+++ plugins/qca-ossl/CMakeLists.txt
15	@@ -24,6 +24,13 @@
16	else(HAVE_OPENSSL_AES_CTR)
17	message(WARNING "qca-ossl will be compiled without AES CTR mode encryption support")
18	endif(HAVE_OPENSSL_AES_CTR)
19	+
20	+ check_function_exists(EVP_sha HAVE_OPENSSL_SHA0)
21	+ if(HAVE_OPENSSL_SHA0)
22	+ add_definitions(-DHAVE_OPENSSL_SHA0)
23	+ else(HAVE_OPENSSL_SHA0)
24	+ message(WARNING "qca-ossl will be compiled without SHA-0 digest algorithm support")
25	+ endif(HAVE_OPENSSL_SHA0)
26
27	set(QCA_OSSL_SOURCES qca-ossl.cpp)
28

Removed Link Here

(-)a/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp (-73 lines)
1	qca-ossl: Fix build without SSLv3
2	http://quickgit.kde.org/?p=qca.git&a=commit&h=20a587d77636186edb044cd2b71d6d90fe98d232
3
4	This fixes building with LibreSSL >= 2.3.0 which has removed support
5	for SSLv3 completely. As far as I know OpenSSL can be configured to
6	build without it, so it might be helpful there as well.
7
8	REVIEW: 125386
9
10	qca-ossl: Fix build without support for SHA-0
11	https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156
12
13	LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha
14	anymore.
15	Wikipedia says about SHA-0: "160-bit hash function published in 1993
16	under the name SHA. It was withdrawn shortly after publication due to
17	an undisclosed "significant flaw" and replaced by the slightly revised
18	version SHA-1.'
19
20	REVIEW: 125387
21
22	Also includes:
23	qca-ossl: Remove SHA0 from all_hash_types() when it is not available.
24	https://git.reviewboard.kde.org/r/128700/
25
26	--- plugins/qca-ossl/qca-ossl.cpp.orig 2015-10-02 09:39:21 UTC
27	+++ plugins/qca-ossl/qca-ossl.cpp
28	@@ -5403,9 +5403,11 @@ public:
29	ctx = SSL_CTX_new(SSLv2_client_method());
30	break;
31	#endif
32	+#ifndef OPENSSL_NO_SSL3_METHOD
33	case TLS::SSL_v3:
34	ctx = SSL_CTX_new(SSLv3_client_method());
35	break;
36	+#endif
37	case TLS::TLS_v1:
38	ctx = SSL_CTX_new(TLSv1_client_method());
39	break;
40	@@ -5805,7 +5807,11 @@ public:
41	{
42	SessionInfo sessInfo;
43
44	- sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session));
45	+#ifndef OPENSSL_NO_COMP
46	+ sessInfo.isCompressed = (0 != ssl->session->compress_meth);
47	+#else
48	+ sessInfo.isCompressed = 0;
49	+#endif
50
51	if (ssl->version == TLS1_VERSION)
52	sessInfo.version = TLS::TLS_v1;
53	@@ -6880,7 +6886,9 @@ static QStringList all_hash_types()
54	{
55	QStringList list;
56	list += "sha1";
57	+#ifdef HAVE_OPENSSL_SHA0
58	list += "sha0";
59	+#endif
60	list += "ripemd160";
61	#ifdef HAVE_OPENSSL_MD2
62	list += "md2";
63	@@ -7133,8 +7141,10 @@ public:
64	return new opensslInfoContext(this);
65	else if ( type == "sha1" )
66	return new opensslHashContext( EVP_sha1(), this, type);
67	+#ifdef HAVE_OPENSSL_SHA0
68	else if ( type == "sha0" )
69	return new opensslHashContext( EVP_sha(), this, type);
70	+#endif
71	else if ( type == "ripemd160" )
72	return new opensslHashContext( EVP_ripemd160(), this, type);
73	#ifdef HAVE_OPENSSL_MD2