From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 5DE9559CB2 for ; Tue, 19 Apr 2016 01:21:40 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DAEB121C0A9; Tue, 19 Apr 2016 01:21:36 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 5A76B21C0A3 for ; Tue, 19 Apr 2016 01:21:36 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 8876D3408A6 for ; Tue, 19 Apr 2016 01:21:34 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 0087C13FE for ; Tue, 19 Apr 2016 01:21:30 +0000 (UTC) From: "Davide Pesavento" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Davide Pesavento" Message-ID: <1460994927.ce4f746b119b08789e7e52e7758a6a3ee599b970.pesa@gentoo> Subject: [gentoo-commits] proj/qt:master commit in: dev-qt/qtwebengine/files/, dev-qt/qtwebengine/ X-VCS-Repository: proj/qt X-VCS-Files: dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-01.patch dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-02.patch dev-qt/qtwebengine/qtwebengine-5.6.0.ebuild X-VCS-Directories: dev-qt/qtwebengine/files/ dev-qt/qtwebengine/ X-VCS-Committer: pesa X-VCS-Committer-Name: Davide Pesavento X-VCS-Revision: ce4f746b119b08789e7e52e7758a6a3ee599b970 X-VCS-Branch: master Date: Tue, 19 Apr 2016 01:21:30 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 4f799472-ce14-44b8-a90b-33a588b4abf4 X-Archives-Hash: 0d11ed577afaea2119f35075f4ee346e commit: ce4f746b119b08789e7e52e7758a6a3ee599b970 Author: Andreas Sturmlechner gmail com> AuthorDate: Mon Apr 18 15:26:56 2016 +0000 Commit: Davide Pesavento gentoo org> CommitDate: Mon Apr 18 15:55:27 2016 +0000 URL: https://gitweb.gentoo.org/proj/qt.git/commit/?id=ce4f746b dev-qt/qtwebengine: Fix 5.6.0 build with system-nss Gentoo-bug: 577676 Both patches taken from upstream 5.6 branch Package-Manager: portage-2.2.28 .../files/qtwebengine-5.6.0-nss-3.23-01.patch | 59 ++++++++++++++++++ .../files/qtwebengine-5.6.0-nss-3.23-02.patch | 69 ++++++++++++++++++++++ dev-qt/qtwebengine/qtwebengine-5.6.0.ebuild | 6 +- 3 files changed, 133 insertions(+), 1 deletion(-) diff --git a/dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-01.patch b/dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-01.patch new file mode 100644 index 0000000..8d192b6 --- /dev/null +++ b/dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-01.patch @@ -0,0 +1,59 @@ +From 0a385bb01d9cf060fae4c9d350ee98561654df96 Mon Sep 17 00:00:00 2001 +From: Kai Koehne +Date: Thu, 24 Mar 2016 12:34:25 +0100 +Subject: [PATCH] [backport] Call EnsureNSSHttpIOInit in the chimera build. + +Otherwise we end up using the default NSS client and not +SystemURLRequestContext. + +This is a minimal fix to be merged onto release branches. +A follow-up will revise this to be somewhat less error-prone. + +BUG=539520 +TEST=Open about:net-internals on Linux or Chrome OS + Visit https://incomplete-chain.badssl.com/ in a new tab + The Events tab of about:net-internals should show a fetch for http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt + +Review URL: https://codereview.chromium.org/1384343002 + +Task-number: QTBUG-51890 +Task-number: QTBUG-52068 +Change-Id: I567d5cd5e6d4e53b833699e67c45f3bdfc52953d +Reviewed-by: Joerg Bornemann +Reviewed-by: Allan Sandfeld Jensen +--- + chromium/net/socket/ssl_client_socket_openssl.cc | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc b/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc +index 5489ead..dc9b3ff 100644 +--- a/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc ++++ b/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc +@@ -57,6 +57,10 @@ + #include "net/ssl/ssl_platform_key.h" + #endif + ++#if defined(USE_NSS_CERTS) || defined(OS_IOS) ++#include "net/cert_net/nss_ocsp.h" ++#endif ++ + namespace net { + + namespace { +@@ -795,6 +799,14 @@ int SSLClientSocketOpenSSL::Init() { + DCHECK(!ssl_); + DCHECK(!transport_bio_); + ++#if defined(USE_NSS_CERTS) || defined(OS_IOS) ++ if (ssl_config_.cert_io_enabled) { ++ // TODO(davidben): Move this out of SSLClientSocket. See ++ // https://crbug.com/539520. ++ EnsureNSSHttpIOInit(); ++ } ++#endif ++ + SSLContext* context = SSLContext::GetInstance(); + crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); + +-- +2.7.4 diff --git a/dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-02.patch b/dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-02.patch new file mode 100644 index 0000000..a194650 --- /dev/null +++ b/dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-02.patch @@ -0,0 +1,69 @@ +From 82900c7b96b2a6fb42fe3841df7685b820edd588 Mon Sep 17 00:00:00 2001 +From: Kai Koehne +Date: Thu, 24 Mar 2016 13:55:28 +0100 +Subject: [PATCH] Use system NSS only for certificate handling + +Compiling against NSS 3.23 fails with current Chromium. Also, with NSS +3.21 there are failures connecting to e.g. google.com. + +Fix this by adapting the setup endorsed by upstream Chromium: BoringSSL +is always used for cryptography, and NSS only for certificate handlng. + +Patches included in 3rdparty update: + +0a385bb [backport] Call EnsureNSSHttpIOInit in the chimera build. +0472123 Fix build against newer NSS +90c62c4 [Backport] update to libpng 1.2.56 +34857b8 [Backport] Stop large iCCP chunks causing delays and "Aw Snap!" + +Task-number: QTBUG-52193 +Task-number: QTBUG-51890 +Task-number: QTBUG-52068 +Change-Id: If8aaed9b9a09475c5ed0dfec64d31f45ce9670f5 +Reviewed-by: Allan Sandfeld Jensen +--- + src/core/config/linux.pri | 9 ++++++--- + tools/qmake/mkspecs/features/configure.prf | 4 ++-- + 3 files changed, 9 insertions(+), 6 deletions(-) + +diff --git a/src/core/config/linux.pri b/src/core/config/linux.pri +index 88c1a41..39eeb2a 100644 +--- a/src/core/config/linux.pri ++++ b/src/core/config/linux.pri +@@ -18,11 +18,14 @@ GYP_CONFIG += \ + use_gio=0 \ + use_gnome_keyring=0 \ + use_kerberos=0 \ +- use_pango=0 ++ use_pango=0 \ ++ use_openssl=1 + +-!use?(nss) { ++use?(nss) { ++ GYP_CONFIG += use_nss_certs=1 \ ++ use_openssl_certs=0 ++} else { + GYP_CONFIG += use_nss_certs=0 \ +- use_openssl=1 \ + use_openssl_certs=1 + } + +diff --git a/tools/qmake/mkspecs/features/configure.prf b/tools/qmake/mkspecs/features/configure.prf +index 4cb4600..953572d 100644 +--- a/tools/qmake/mkspecs/features/configure.prf ++++ b/tools/qmake/mkspecs/features/configure.prf +@@ -72,9 +72,9 @@ defineTest(runConfigure) { + defineTest(finalizeConfigure) { + linux { + use?(nss) { +- log("SSL............................... Using system NSS$${EOL}") ++ log("Certificate handling.............. Using system NSS$${EOL}") + } else { +- log("SSL............................... Using bundled BoringSSL$${EOL}") ++ log("Certificate handling.............. Using bundled BoringSSL$${EOL}") + } + use?(system_icu) { + packagesExist("icu-uc icu-i18n") { +-- +2.7.4 + diff --git a/dev-qt/qtwebengine/qtwebengine-5.6.0.ebuild b/dev-qt/qtwebengine/qtwebengine-5.6.0.ebuild index 34ca7d3..0edd6dd 100644 --- a/dev-qt/qtwebengine/qtwebengine-5.6.0.ebuild +++ b/dev-qt/qtwebengine/qtwebengine-5.6.0.ebuild @@ -68,7 +68,11 @@ DEPEND="${RDEPEND} sys-devel/bison " -PATCHES=( "${FILESDIR}/${PN}-5.6.0-icu.patch" ) +PATCHES=( + "${FILESDIR}/${PN}-5.6.0-icu.patch" + "${FILESDIR}/${PN}-5.6.0-nss-3.23-01.patch" + "${FILESDIR}/${PN}-5.6.0-nss-3.23-02.patch" +) src_prepare() { qt_use_disable_mod geolocation positioning \