FreeBSD Bugzilla – Attachment 180274 Details for
Bug 217220
net/qt5-network update to 5.7.1 fails
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
svn-diff_qt5-network
svn-diff_qt5_network (text/plain), 15.91 KB, created by
Walter Schwarzenfeld
on 2017-02-24 22:51:44 UTC
(
hide
)
Description:
svn-diff_qt5-network
Filename:
MIME Type:
Creator:
Walter Schwarzenfeld
Created:
2017-02-24 22:51:44 UTC
Size:
15.91 KB
patch
obsolete
>Index: files/patch-libressl >=================================================================== >--- files/patch-libressl (nonexistent) >+++ files/patch-libressl (working copy) >@@ -0,0 +1,163 @@ >+diff -Naur qtbase-opensource-src-5.7.1.orig/src/network/ssl/qsslcontext_openssl.cpp qtbase-opensource-src-5.7.1/src/network/ssl/qsslcontext_openssl.cpp >+--- src/network/ssl/qsslcontext_openssl.cpp 2017-02-05 11:52:45.100394264 -0800 >++++ src/network/ssl/qsslcontext_openssl.cpp 2017-02-05 11:57:21.159178021 -0800 >+@@ -71,6 +71,15 @@ >+ return dh; >+ } >+ >++static bool q_enableECSetCurves() { >++ // The ability to select elliptic curves is >++ // present in OpenSSL 1.0.2+ and in LibreSSL 2.5.1+ >++ // RFC4492 Section 5.1.1 "Supported Elliptic Curves Extension" >++ return (q_SSLeay() >= 0x10002000L && !q_LibreSSL()) || >++ q_LibreSSL_version() >= 0x2050100fL; >++} >++ >++ >+ QSslContext::QSslContext() >+ : ctx(0), >+ pkey(0), >+@@ -347,23 +356,20 @@ >+ >+ const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); >+ if (!qcurves.isEmpty()) { >+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) >++#if defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) >+ // Set the curves to be used >+- if (q_SSLeay() >= 0x10002000L) { >+- // SSL_CTX_ctrl wants a non-const pointer as last argument, >+- // but let's avoid a copy into a temporary array >+- if (!q_SSL_CTX_ctrl(sslContext->ctx, >+- SSL_CTRL_SET_CURVES, >+- qcurves.size(), >+- const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) { >++ if (q_enableECSetCurves()) { >++ if (!q_SSL_CTX_set1_groups(sslContext->ctx, >++ reinterpret_cast<const int *>(qcurves.data()), >++ qcurves.size())) { >+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); >+ sslContext->errorCode = QSslError::UnspecifiedError; >+ } >+ } else >+-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) >++#endif // defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) >+ { >+ // specific curves requested, but not possible to set -> error >+- sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); >++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("This version of OpenSSL lacks support for selecting specific elliptic curves.")); >+ sslContext->errorCode = QSslError::UnspecifiedError; >+ } >+ } >+diff -Naur qtbase-opensource-src-5.7.1.orig/src/network/ssl/qsslsocket_openssl.cpp qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl.cpp >+--- src/network/ssl/qsslsocket_openssl.cpp 2017-02-05 11:52:45.098394244 -0800 >++++ src/network/ssl/qsslsocket_openssl.cpp 2017-02-05 11:52:58.870533121 -0800 >+@@ -98,6 +98,14 @@ >+ int QSslSocketBackendPrivate::s_indexForSSLExtraData = -1; >+ #endif >+ >++static bool q_enableGetServerTmpKey() { >++ // The ability to get the ephemeral server key is >++ // present in OpenSSL 1.0.2+ and in LibreSSL 2.5.1+ >++ // RFC4492 Section 5.4 "Server Key Exchange" >++ return (q_SSLeay() >= 0x10002000L && !q_LibreSSL()) || >++ q_LibreSSL_version() >= 0x2050100fL; >++} >++ >+ /* \internal >+ >+ From OpenSSL's thread(3) manual page: >+@@ -1587,13 +1595,13 @@ >+ } >+ #endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... >+ >+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L >+- if (q_SSLeay() >= 0x10002000L && mode == QSslSocket::SslClientMode) { >++#if defined(SSL_CTRL_GET_SERVER_TMP_KEY) >++ if (q_enableGetServerTmpKey() && mode == QSslSocket::SslClientMode) { >+ EVP_PKEY *key; >+ if (q_SSL_get_server_tmp_key(ssl, &key)) >+ configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); >+ } >+-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... >++#endif // defined(SSL_CTRL_GET_SERVER_TMP_KEY) >+ >+ connectionEncrypted = true; >+ emit q->encrypted(); >+diff -Naur qtbase-opensource-src-5.7.1.orig/src/network/ssl/qsslsocket_openssl_symbols.cpp qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols.cpp >+--- src/network/ssl/qsslsocket_openssl_symbols.cpp 2017-02-05 11:52:45.102394284 -0800 >++++ network/ssl/qsslsocket_openssl_symbols.cpp 2017-02-05 11:56:53.848902627 -0800 >+@@ -247,6 +247,7 @@ >+ DEFINEFUNC(int, SSL_connect, SSL *a, a, return -1, return) >+ DEFINEFUNC(int, SSL_CTX_check_private_key, const SSL_CTX *a, a, return -1, return) >+ DEFINEFUNC4(long, SSL_CTX_ctrl, SSL_CTX *a, a, int b, b, long c, c, void *d, d, return -1, return) >++DEFINEFUNC3(int, SSL_CTX_set1_groups, SSL_CTX *a, a, const int* b, b, size_t c, c, return 0, return) >+ DEFINEFUNC(void, SSL_CTX_free, SSL_CTX *a, a, return, DUMMYARG) >+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L >+ DEFINEFUNC(SSL_CTX *, SSL_CTX_new, const SSL_METHOD *a, a, return 0, return) >+@@ -846,6 +847,7 @@ >+ RESOLVEFUNC(SSL_CIPHER_get_bits) >+ RESOLVEFUNC(SSL_CTX_check_private_key) >+ RESOLVEFUNC(SSL_CTX_ctrl) >++ RESOLVEFUNC(SSL_CTX_set1_groups) >+ RESOLVEFUNC(SSL_CTX_free) >+ RESOLVEFUNC(SSL_CTX_new) >+ RESOLVEFUNC(SSL_CTX_set_cipher_list) >+@@ -1006,6 +1008,20 @@ >+ #endif >+ return true; >+ } >++ >++bool q_LibreSSL() >++{ >++ return strncmp(q_SSLeay_version(SSLEAY_VERSION), "LibreSSL", 8) == 0; >++} >++ >++long q_LibreSSL_version() >++{ >++#ifdef LIBRESSL_VERSION_NUMBER >++ return LIBRESSL_VERSION_NUMBER; >++#else >++ return 0L; >++#endif >++} >+ #endif // !defined QT_LINKED_OPENSSL >+ >+ //============================================================================== >+diff -Naur qtbase-opensource-src-5.7.1.orig/src/network/ssl/qsslsocket_openssl_symbols_p.h qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols_p.h >+--- src/network/ssl/qsslsocket_openssl_symbols_p.h 2017-02-05 11:52:45.100394264 -0800 >++++ src/network/ssl/qsslsocket_openssl_symbols_p.h 2017-02-05 11:52:58.871533131 -0800 >+@@ -215,6 +215,8 @@ >+ #endif // !defined QT_LINKED_OPENSSL >+ >+ bool q_resolveOpenSslSymbols(); >++bool q_LibreSSL(); >++long q_LibreSSL_version(); >+ long q_ASN1_INTEGER_get(ASN1_INTEGER *a); >+ unsigned char * q_ASN1_STRING_data(ASN1_STRING *a); >+ int q_ASN1_STRING_length(ASN1_STRING *a); >+@@ -327,6 +329,7 @@ >+ int q_SSL_connect(SSL *a); >+ int q_SSL_CTX_check_private_key(const SSL_CTX *a); >+ long q_SSL_CTX_ctrl(SSL_CTX *a, int b, long c, void *d); >++int q_SSL_CTX_set1_groups(SSL_CTX *a, const int* b, size_t c); >+ void q_SSL_CTX_free(SSL_CTX *a); >+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L >+ SSL_CTX *q_SSL_CTX_new(const SSL_METHOD *a); >+@@ -489,9 +492,9 @@ >+ int q_EC_curve_nist2nid(const char *name); >+ #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L >+ #endif // OPENSSL_NO_EC >+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L >++#if defined(SSL_CTRL_GET_SERVER_TMP_KEY) >+ #define q_SSL_get_server_tmp_key(ssl, key) q_SSL_ctrl((ssl), SSL_CTRL_GET_SERVER_TMP_KEY, 0, (char *)key) >+-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L >++#endif // defined(SSL_CTRL_GET_SERVER_TMP_KEY) >+ >+ // PKCS#12 support >+ int q_PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); >+ >+ Contact GitHub API Training Shop Blog About >+ >+ >+:: >+ > >Property changes on: files/patch-libressl >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: files/patch-src_network_ssl_qsslcontext__openssl.cpp >=================================================================== >--- files/patch-src_network_ssl_qsslcontext__openssl.cpp (revision 434754) >+++ files/patch-src_network_ssl_qsslcontext__openssl.cpp (nonexistent) >@@ -1,43 +0,0 @@ >-* Instead of using the SSL_CTRL_SET_CURVES macros which only exists in OpenSSL, >-* call the SSL_CTX_set1_curves functions as suggested by BoringSSL porting docs >-* and which is the function in OpenSSL that is called through the replaced macro. >-* LibreSSL has a SSL_CTX_set1_groups functions and provides a compat macro. >-* Unfortunately, since Qt resolves the symbols at runtime, we cannot call through >-* that macro and must instead explicitly call SSL_CTX_set1_groups if the library >-* doesn't export a function called SSL_CTX_set1_curves, as in the case of LibreSSL. >-* >---- src/network/ssl/qsslcontext_openssl.cpp.orig 2016-12-01 08:17:04 UTC >-+++ src/network/ssl/qsslcontext_openssl.cpp >-@@ -350,14 +350,24 @@ init_context: >- #if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) >- // Set the curves to be used >- if (q_SSLeay() >= 0x10002000L) { >-- // SSL_CTX_ctrl wants a non-const pointer as last argument, >-- // but let's avoid a copy into a temporary array >-- if (!q_SSL_CTX_ctrl(sslContext->ctx, >-- SSL_CTRL_SET_CURVES, >-- qcurves.size(), >-- const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) { >-- sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); >-- sslContext->errorCode = QSslError::UnspecifiedError; >-+ switch (q_SSL_CTX_set1_curves(sslContext->ctx, >-+ const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())), >-+ qcurves.size())) { >-+ case 1: >-+ default: >-+ break; >-+ case 0: >-+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); >-+ sslContext->errorCode = QSslError::UnspecifiedError; >-+ break; >-+ case -1: >-+ if (q_SSL_CTX_set1_groups(sslContext->ctx, >-+ reinterpret_cast<const int *>(qcurves.data()), >-+ qcurves.size()) < 1) { >-+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); >-+ sslContext->errorCode = QSslError::UnspecifiedError; >-+ } >-+ break; >- } >- } else >- #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) > >Property changes on: files/patch-src_network_ssl_qsslcontext__openssl.cpp >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp >=================================================================== >--- files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp (revision 434754) >+++ files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp (nonexistent) >@@ -1,51 +0,0 @@ >-* Boilerplate for SSL_CTX_set1_curves/groups() used in qsslcontext_openssl.cpp >-* >-* Prepend the path of the SSL libraries used for building so the same libraries are >-* found and loaded at runtime. Normal search finds base SSL libraries before ports. >-* >---- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2016-09-16 05:49:42 UTC >-+++ src/network/ssl/qsslsocket_openssl_symbols.cpp >-@@ -424,6 +424,8 @@ DEFINEFUNC(void, EC_KEY_free, EC_KEY *ec >- DEFINEFUNC2(size_t, EC_get_builtin_curves, EC_builtin_curve * r, r, size_t nitems, nitems, return 0, return) >- #if OPENSSL_VERSION_NUMBER >= 0x10002000L >- DEFINEFUNC(int, EC_curve_nist2nid, const char *name, name, return 0, return) >-+DEFINEFUNC3(int, SSL_CTX_set1_curves, SSL_CTX *a, a, int *b, b, int c, c, return -1, return) >-+DEFINEFUNC3(int, SSL_CTX_set1_groups, SSL_CTX *a, a, const int *b, b, size_t c, c, return -1, return) >- #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L >- #endif // OPENSSL_NO_EC >- >-@@ -652,8 +654,8 @@ static QPair<QLibrary*, QLibrary*> loadO >- #endif >- #if defined(SHLIB_VERSION_NUMBER) && !defined(Q_OS_QNX) // on QNX, the libs are always libssl.so and libcrypto.so >- // first attempt: the canonical name is libssl.so.<SHLIB_VERSION_NUMBER> >-- libssl->setFileNameAndVersion(QLatin1String("ssl"), QLatin1String(SHLIB_VERSION_NUMBER)); >-- libcrypto->setFileNameAndVersion(QLatin1String("crypto"), QLatin1String(SHLIB_VERSION_NUMBER)); >-+ libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), QLatin1String(SHLIB_VERSION_NUMBER)); >-+ libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER)); >- if (libcrypto->load() && libssl->load()) { >- // libssl.so.<SHLIB_VERSION_NUMBER> and libcrypto.so.<SHLIB_VERSION_NUMBER> found >- return pair; >-@@ -670,8 +672,8 @@ static QPair<QLibrary*, QLibrary*> loadO >- // OS X's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third >- // attempt, _after_ <bundle>/Contents/Frameworks has been searched. >- // iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place. >-- libssl->setFileNameAndVersion(QLatin1String("ssl"), -1); >-- libcrypto->setFileNameAndVersion(QLatin1String("crypto"), -1); >-+ libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), -1); >-+ libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), -1); >- if (libcrypto->load() && libssl->load()) { >- // libssl.so.0 and libcrypto.so.0 found >- return pair; >-@@ -976,8 +978,11 @@ bool q_resolveOpenSslSymbols() >- RESOLVEFUNC(EC_KEY_free) >- RESOLVEFUNC(EC_get_builtin_curves) >- #if OPENSSL_VERSION_NUMBER >= 0x10002000L >-- if (q_SSLeay() >= 0x10002000L) >-+ if (q_SSLeay() >= 0x10002000L) { >- RESOLVEFUNC(EC_curve_nist2nid) >-+ RESOLVEFUNC(SSL_CTX_set1_curves) >-+ RESOLVEFUNC(SSL_CTX_set1_groups) >-+ } >- #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L >- #endif // OPENSSL_NO_EC >- RESOLVEFUNC(PKCS12_parse) > >Property changes on: files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h >=================================================================== >--- files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h (revision 434754) >+++ files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h (nonexistent) >@@ -1,13 +0,0 @@ >-* Boilerplate for SSL_CTX_set1_curves/groups() used in qsslcontext_openssl.cpp >-* >---- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2016-09-16 05:49:42 UTC >-+++ src/network/ssl/qsslsocket_openssl_symbols_p.h >-@@ -481,6 +481,8 @@ void q_EC_KEY_free(EC_KEY *ecdh); >- size_t q_EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); >- #if OPENSSL_VERSION_NUMBER >= 0x10002000L >- int q_EC_curve_nist2nid(const char *name); >-+int q_SSL_CTX_set1_curves(SSL_CTX *a, int *b, int c); >-+int q_SSL_CTX_set1_groups(SSL_CTX *a, const int *b, size_t c); >- #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L >- #endif // OPENSSL_NO_EC >- > >Property changes on: files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=180274">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 217220
:
180153
|
180210
|
180236
| 180274