* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
@ 2019-07-20 0:19 Stefan Strogin
0 siblings, 0 replies; 14+ messages in thread
From: Stefan Strogin @ 2019-07-20 0:19 UTC (permalink / raw
To: gentoo-commits
commit: b5e619354bc10456fbbda75bbbc02cf9a2a98834
Author: Aidan Harris <mail <AT> aidanharris <DOT> io>
AuthorDate: Fri Jun 21 16:59:58 2019 +0000
Commit: Stefan Strogin <steils <AT> gentoo <DOT> org>
CommitDate: Sat Jun 22 13:11:13 2019 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=b5e61935
dev-qt/qtnetwork-5.12.4: Add 5.12.4
Signed-off-by: Aidan Harris <mail <AT> aidanharris.io>
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>
.../files/qtnetwork-5.12.4-libressl.patch | 14 +++++
dev-qt/qtnetwork/qtnetwork-5.12.4.ebuild | 68 ++++++++++++++++++++++
2 files changed, 82 insertions(+)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.12.4-libressl.patch b/dev-qt/qtnetwork/files/qtnetwork-5.12.4-libressl.patch
new file mode 100644
index 0000000..b200efa
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.12.4-libressl.patch
@@ -0,0 +1,14 @@
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index c8bc6e06..76324ea5 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -460,7 +460,7 @@ bool QSslSocketBackendPrivate::initSslContext()
+ q_SSL_set_psk_server_callback(ssl, &q_ssl_psk_server_callback);
+ }
+ #endif
+-#if OPENSSL_VERSION_NUMBER >= 0x10101006L
++#if OPENSSL_VERSION_NUMBER >= 0x10101006L && !defined(LIBRESSL_VERSION_NUMBER)
+ // Set the client callback for TLSv1.3 PSK
+ if (mode == QSslSocket::SslClientMode
+ && QSslSocket::sslLibraryBuildVersionNumber() >= 0x10101006L) {
+
diff --git a/dev-qt/qtnetwork/qtnetwork-5.12.4.ebuild b/dev-qt/qtnetwork/qtnetwork-5.12.4.ebuild
new file mode 100644
index 0000000..7778da7
--- /dev/null
+++ b/dev-qt/qtnetwork/qtnetwork-5.12.4.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="Network abstraction library for the Qt5 framework"
+
+if [[ ${QT5_BUILD_TYPE} == release ]]; then
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd"
+fi
+
+IUSE="bindist connman libproxy libressl networkmanager sctp +ssl"
+
+DEPEND="
+ ~dev-qt/qtcore-${PV}
+ sys-libs/zlib:=
+ connman? ( ~dev-qt/qtdbus-${PV} )
+ libproxy? ( net-libs/libproxy )
+ networkmanager? ( ~dev-qt/qtdbus-${PV} )
+ sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0=[bindist=] )
+ libressl? ( dev-libs/libressl:0= )
+ )
+"
+RDEPEND="${DEPEND}
+ connman? ( net-misc/connman )
+ networkmanager? ( net-misc/networkmanager )
+"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-5.12.1-libressl.patch
+ "${FILESDIR}"/${PN}-5.12.4-libressl.patch
+)
+
+QT5_TARGET_SUBDIRS=(
+ src/network
+ src/plugins/bearer/generic
+)
+
+QT5_GENTOO_CONFIG=(
+ libproxy:libproxy:
+ ssl::SSL
+ ssl::OPENSSL
+ ssl:openssl-linked:LINKED_OPENSSL
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :network
+)
+
+pkg_setup() {
+ use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
+ use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
+}
+
+src_configure() {
+ local myconf=(
+ $(usex connman -dbus-linked '')
+ $(qt_use libproxy)
+ $(usex networkmanager -dbus-linked '')
+ $(qt_use sctp)
+ $(usex ssl -openssl-linked '')
+ )
+ qt5-build_src_configure
+}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
@ 2019-07-20 0:19 Stefan Strogin
0 siblings, 0 replies; 14+ messages in thread
From: Stefan Strogin @ 2019-07-20 0:19 UTC (permalink / raw
To: gentoo-commits
commit: b61ba94129f03f1f4b982cdab1f71838fbbd51c9
Author: Aidan Harris <me <AT> aidanharr <DOT> is>
AuthorDate: Sun Jul 7 22:11:40 2019 +0000
Commit: Stefan Strogin <steils <AT> gentoo <DOT> org>
CommitDate: Mon Jul 8 18:03:49 2019 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=b61ba941
dev-qt/qtnetwork: Drop old Qt versions no longer present in the main Gentoo tree
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>
dev-qt/qtnetwork/Manifest | 2 +-
.../files/qtnetwork-5.11.3-libressl-2.6.patch | 48 --------------
.../files/qtnetwork-5.11.3-libressl-2.8.patch | 74 ----------------------
dev-qt/qtnetwork/qtnetwork-5.11.3.ebuild | 70 --------------------
4 files changed, 1 insertion(+), 193 deletions(-)
diff --git a/dev-qt/qtnetwork/Manifest b/dev-qt/qtnetwork/Manifest
index 2fb521e..83c7984 100644
--- a/dev-qt/qtnetwork/Manifest
+++ b/dev-qt/qtnetwork/Manifest
@@ -1,2 +1,2 @@
-DIST qtbase-everywhere-src-5.11.3.tar.xz 46997676 BLAKE2B a70089be5530dec0eedcd5ba990140b375261dea5c85ea7d1dbb5b0bd09ee23edbb4917851127686b5f3cac6969a284eb91ab075ebe53326e69e99e81b257da0 SHA512 93865e41c994211456a575b085c2e7491b7975a1c3b4deb48e9616b51104eb990c1fcfd53d5fb2146ba22457cb134e6254e9077ba73c8b4c4b4d1d525e66fb65
DIST qtbase-everywhere-src-5.12.3.tar.xz 48382148 BLAKE2B 779c43a75403e0f21357a90228bbcc3f216495613f4f17a2f442c7aa93f277a79cc7addf5ae44e22964069580f4932cfd14ba4773aa0ab30405d5587577a545c SHA512 1dab927573eb22b1ae772de3a418f7d3999ea78d6e667a7f2494390dd1f0981ea93f4f892cb6e124ac18812c780ee71da3021b485c61eaf1ef2234a5c12b7fe2
+DIST qtbase-everywhere-src-5.12.4.tar.xz 48431020 BLAKE2B 7eeb3f6698984343ec14d03b8ad66ab23d81cd7a25c590316f7300c868ab869a9c96b125d56bba149ee116dff44bf47c751cce06f2cdd2d3121e5448708c5f6b SHA512 28b029a0d3621477f625d474b8bc38ddcc7173df6adb274b438e290b6c50bd0891e5b62c04b566a281781acee3a353a6a3b0bc88228e996994f92900448d7946
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.11.3-libressl-2.6.patch b/dev-qt/qtnetwork/files/qtnetwork-5.11.3-libressl-2.6.patch
deleted file mode 100644
index 5621934..0000000
--- a/dev-qt/qtnetwork/files/qtnetwork-5.11.3-libressl-2.6.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-diff -Naurp old_qt/config.tests/unix/openssl11/openssl.cpp new_qt/config.tests/unix/openssl11/openssl.cpp
---- old_qt/config.tests/unix/openssl11/openssl.cpp 2018-09-13 13:25:10.000000000 +0900
-+++ new_qt/config.tests/unix/openssl11/openssl.cpp 2018-10-20 08:31:20.497180387 +0900
-@@ -39,7 +39,7 @@
-
- #include <openssl/opensslv.h>
-
--#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x10100000L
-+#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- # error "OpenSSL >= 1.1 is required"
- #endif
-
-diff -Naurp old_qt/src/network/ssl/qsslcontext_openssl.cpp new_qt/src/network/ssl/qsslcontext_openssl.cpp
---- old_qt/src/network/ssl/qsslcontext_openssl.cpp 2018-09-13 13:25:10.000000000 +0900
-+++ new_qt/src/network/ssl/qsslcontext_openssl.cpp 2018-10-20 08:34:24.613169930 +0900
-@@ -248,7 +248,7 @@ void QSslContext::applyBackendConfig(QSs
- if (sslContext->sslConfiguration.backendConfiguration().isEmpty())
- return;
-
--#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- if (QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) {
- QSharedPointer<SSL_CONF_CTX> cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free);
- if (cctx) {
-diff -Naurp old_qt/src/network/ssl/qsslsocket_openssl_symbols.cpp new_qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
---- old_qt/src/network/ssl/qsslsocket_openssl_symbols.cpp 2018-09-13 13:25:10.000000000 +0900
-+++ new_qt/src/network/ssl/qsslsocket_openssl_symbols.cpp 2018-10-20 08:37:48.682266708 +0900
-@@ -406,7 +406,7 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey,
- DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return)
- DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
- DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return 0, return)
--#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return 0, return);
- DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return);
- DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return);
-diff -Naurp old_qt/src/network/ssl/qsslsocket_openssl_symbols_p.h new_qt/src/network/ssl/qsslsocket_openssl_symbols_p.h
---- old_qt/src/network/ssl/qsslsocket_openssl_symbols_p.h 2018-09-13 13:25:10.000000000 +0900
-+++ new_qt/src/network/ssl/qsslsocket_openssl_symbols_p.h 2018-10-20 08:39:53.219936039 +0900
-@@ -356,7 +356,7 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a,
- int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b);
- int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
- X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
--#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- SSL_CONF_CTX *q_SSL_CONF_CTX_new();
- void q_SSL_CONF_CTX_free(SSL_CONF_CTX *a);
- void q_SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *a, SSL_CTX *b);
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.11.3-libressl-2.8.patch b/dev-qt/qtnetwork/files/qtnetwork-5.11.3-libressl-2.8.patch
deleted file mode 100644
index 191c31c..0000000
--- a/dev-qt/qtnetwork/files/qtnetwork-5.11.3-libressl-2.8.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-diff -Naurp old_qt/config.tests/unix/openssl11/openssl.cpp new_qt/config.tests/unix/openssl11/openssl.cpp
---- old_qt/config.tests/unix/openssl11/openssl.cpp 2018-09-13 13:25:10.000000000 +0900
-+++ new_qt/config.tests/unix/openssl11/openssl.cpp 2018-10-20 08:31:20.497180387 +0900
-@@ -39,7 +39,7 @@
-
- #include <openssl/opensslv.h>
-
--#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x10100000L
-+#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- # error "OpenSSL >= 1.1 is required"
- #endif
-
-diff -Naurp old_qt/src/network/ssl/qsslcontext_openssl.cpp new_qt/src/network/ssl/qsslcontext_openssl.cpp
---- old_qt/src/network/ssl/qsslcontext_openssl.cpp 2018-09-13 13:25:10.000000000 +0900
-+++ new_qt/src/network/ssl/qsslcontext_openssl.cpp 2018-10-20 08:34:24.613169930 +0900
-@@ -248,7 +248,7 @@ void QSslContext::applyBackendConfig(QSs
- if (sslContext->sslConfiguration.backendConfiguration().isEmpty())
- return;
-
--#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- if (QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) {
- QSharedPointer<SSL_CONF_CTX> cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free);
- if (cctx) {
-diff -Naurp old_qt/src/network/ssl/qsslsocket_openssl_symbols.cpp new_qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
---- old_qt/src/network/ssl/qsslsocket_openssl_symbols.cpp 2018-09-13 13:25:10.000000000 +0900
-+++ new_qt/src/network/ssl/qsslsocket_openssl_symbols.cpp 2018-10-20 08:37:48.682266708 +0900
-@@ -406,7 +406,7 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey,
- DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return)
- DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
- DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return 0, return)
--#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return 0, return);
- DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return);
- DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return);
-diff -Naurp old_qt/src/network/ssl/qsslsocket_openssl_symbols_p.h new_qt/src/network/ssl/qsslsocket_openssl_symbols_p.h
---- old_qt/src/network/ssl/qsslsocket_openssl_symbols_p.h 2018-09-13 13:25:10.000000000 +0900
-+++ new_qt/src/network/ssl/qsslsocket_openssl_symbols_p.h 2018-10-20 08:39:53.219936039 +0900
-@@ -356,7 +356,7 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a,
- int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b);
- int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
- X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
--#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- SSL_CONF_CTX *q_SSL_CONF_CTX_new();
- void q_SSL_CONF_CTX_free(SSL_CONF_CTX *a);
- void q_SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *a, SSL_CTX *b);
---- old_qt/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h 2018-11-07 21:44:50.366794902 -0500
-+++ new_qt/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h 2018-11-07 21:46:55.736431477 -0500
-@@ -78,8 +78,8 @@
- unsigned char * q_ASN1_STRING_data(ASN1_STRING *a);
- BIO *q_BIO_new_file(const char *filename, const char *mode);
- void q_ERR_clear_error();
--Q_AUTOTEST_EXPORT BIO *q_BIO_new(BIO_METHOD *a);
--Q_AUTOTEST_EXPORT BIO_METHOD *q_BIO_s_mem();
-+Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a);
-+Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem();
- int q_CRYPTO_num_locks();
- void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int));
- void q_CRYPTO_set_id_callback(unsigned long (*a)());
---- old_qt/src/network/ssl/qsslsocket_openssl_symbols.cpp 2018-11-07 21:37:09.688810659 -0500
-+++ new_qt/src/network/ssl/qsslsocket_openssl_symbols.cpp 2018-11-07 21:48:12.575595832 -0500
-@@ -190,8 +190,8 @@
- #endif
- DEFINEFUNC2(BIO *, BIO_new_file, const char *filename, filename, const char *mode, mode, return 0, return)
- DEFINEFUNC(void, ERR_clear_error, DUMMYARG, DUMMYARG, return, DUMMYARG)
--DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return)
--DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
-+DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return 0, return)
-+DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
- DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return)
- DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG)
- DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG)
diff --git a/dev-qt/qtnetwork/qtnetwork-5.11.3.ebuild b/dev-qt/qtnetwork/qtnetwork-5.11.3.ebuild
deleted file mode 100644
index 66abb62..0000000
--- a/dev-qt/qtnetwork/qtnetwork-5.11.3.ebuild
+++ /dev/null
@@ -1,70 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-QT5_MODULE="qtbase"
-inherit qt5-build
-
-DESCRIPTION="Network abstraction library for the Qt5 framework"
-
-if [[ ${QT5_BUILD_TYPE} == release ]]; then
- KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd"
-fi
-
-IUSE="bindist connman libproxy libressl networkmanager +ssl"
-
-DEPEND="
- ~dev-qt/qtcore-${PV}
- >=sys-libs/zlib-1.2.5
- connman? ( ~dev-qt/qtdbus-${PV} )
- libproxy? ( net-libs/libproxy )
- networkmanager? ( ~dev-qt/qtdbus-${PV} )
- ssl? (
- !libressl? ( dev-libs/openssl:0=[bindist=] )
- libressl? ( dev-libs/libressl:0= )
- )
-"
-RDEPEND="${DEPEND}
- connman? ( net-misc/connman )
- networkmanager? ( net-misc/networkmanager )
-"
-
-QT5_TARGET_SUBDIRS=(
- src/network
- src/plugins/bearer/generic
-)
-
-QT5_GENTOO_CONFIG=(
- libproxy
- ssl::SSL
- ssl::OPENSSL
- ssl:openssl-linked:LINKED_OPENSSL
-)
-
-QT5_GENTOO_PRIVATE_CONFIG=(
- :network
-)
-
-pkg_setup() {
- use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
- use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
-}
-
-src_prepare() {
- has_version '>=dev-libs/libressl-2.8.0' && \
- eapply "${FILESDIR}/${P}-libressl-2.8.patch"
-
- has_version '<dev-libs/libressl-2.8.0' && \
- eapply "${FILESDIR}/${P}-libressl-2.6.patch"
-
- qt5-build_src_prepare
-}
-
-src_configure() {
- local myconf=(
- $(use connman || use networkmanager && echo -dbus-linked)
- $(qt_use libproxy)
- $(usex ssl -openssl-linked '')
- )
- qt5-build_src_configure
-}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
@ 2020-07-16 7:58 Stefan Strogin
0 siblings, 0 replies; 14+ messages in thread
From: Stefan Strogin @ 2020-07-16 7:58 UTC (permalink / raw
To: gentoo-commits
commit: 40e2ec24a753a94dbac9b2719ddee998c908563c
Author: Stefan Strogin <steils <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 16 07:53:29 2020 +0000
Commit: Stefan Strogin <steils <AT> gentoo <DOT> org>
CommitDate: Thu Jul 16 07:53:29 2020 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=40e2ec24
dev-qt/qtnetwork: add patch to fix CVE-2020-13962 in 5.14.2
Closes: https://github.com/gentoo/libressl/issues/321
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Stefan Strogin <steils <AT> gentoo.org>
.../files/qtnetwork-5.14.2-CVE-2020-13962.patch | 172 +++++++++++++++++++++
...rk-5.14.2.ebuild => qtnetwork-5.14.2-r1.ebuild} | 1 +
2 files changed, 173 insertions(+)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch
new file mode 100644
index 0000000..9bbdda6
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.14.2-CVE-2020-13962.patch
@@ -0,0 +1,172 @@
+From 8ddffc6ba4f38bb8dbeb0cf61b6b10ee73505bbb Mon Sep 17 00:00:00 2001
+From: Timur Pocheptsov <timur.pocheptsov@qt.io>
+Date: Mon, 13 Apr 2020 20:31:34 +0200
+Subject: [PATCH] OpenSSL: handle SSL_shutdown's errors properly
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+Do not call SSL_shutdown on a session that is in handshake state (SSL_in_init(s)
+returns 1). Also, do not call SSL_shutdown if a session encountered a fatal
+error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown
+was unsuccessful (returned code != 1), we have to clear the error(s) it queued.
+Unfortunately, SSL_in_init was a macro in OpenSSL 1.0.x. We have to
+resolve SSL_state to implement SSL_in_init.
+
+Fixes: QTBUG-83450
+Change-Id: I6326119f4e79605429263045ac20605c30dccca3
+Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
+(cherry picked from commit 8907635da59c2ae0e8db01f27b24a841b830e655)
+---
+ src/network/ssl/qsslsocket.cpp | 2 +-
+ src/network/ssl/qsslsocket_openssl.cpp | 23 ++++++++++++++++------
+ src/network/ssl/qsslsocket_openssl11_symbols_p.h | 7 +++++++
+ src/network/ssl/qsslsocket_openssl_symbols.cpp | 8 ++++++++
+ .../ssl/qsslsocket_opensslpre11_symbols_p.h | 2 ++
+ src/network/ssl/qsslsocket_p.h | 1 +
+ 6 files changed, 36 insertions(+), 7 deletions(-)
+
+diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
+index 4e9e9472631..5c9e589ec39 100644
+--- a/src/network/ssl/qsslsocket.cpp
++++ b/src/network/ssl/qsslsocket.cpp
+@@ -2166,7 +2166,7 @@ void QSslSocketPrivate::init()
+ pendingClose = false;
+ flushTriggered = false;
+ ocspResponses.clear();
+-
++ systemOrSslErrorDetected = false;
+ // we don't want to clear the ignoreErrorsList, so
+ // that it is possible setting it before connecting
+ // ignoreErrorsList.clear();
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index 51510f1c60b..855865209bc 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -648,10 +648,16 @@ bool QSslSocketBackendPrivate::initSslContext()
+ void QSslSocketBackendPrivate::destroySslContext()
+ {
+ if (ssl) {
+- // We do not send a shutdown alert here. Just mark the session as
+- // resumable for qhttpnetworkconnection's "optimization", otherwise
+- // OpenSSL won't start a session resumption.
+- q_SSL_shutdown(ssl);
++ if (!q_SSL_in_init(ssl) && !systemOrSslErrorDetected) {
++ // We do not send a shutdown alert here. Just mark the session as
++ // resumable for qhttpnetworkconnection's "optimization", otherwise
++ // OpenSSL won't start a session resumption.
++ if (q_SSL_shutdown(ssl) != 1) {
++ // Some error may be queued, clear it.
++ const auto errors = getErrorsFromOpenSsl();
++ Q_UNUSED(errors);
++ }
++ }
+ q_SSL_free(ssl);
+ ssl = nullptr;
+ }
+@@ -1084,6 +1090,7 @@ void QSslSocketBackendPrivate::transmit()
+ case SSL_ERROR_SSL: // error in the SSL library
+ // we do not know exactly what the error is, nor whether we can recover from it,
+ // so just return to prevent an endless loop in the outer "while" statement
++ systemOrSslErrorDetected = true;
+ {
+ const ScopedBool bg(inSetAndEmitError, true);
+ setErrorAndEmit(QAbstractSocket::SslInternalError,
+@@ -1681,8 +1688,12 @@ bool QSslSocketBackendPrivate::checkOcspStatus()
+ void QSslSocketBackendPrivate::disconnectFromHost()
+ {
+ if (ssl) {
+- if (!shutdown) {
+- q_SSL_shutdown(ssl);
++ if (!shutdown && !q_SSL_in_init(ssl) && !systemOrSslErrorDetected) {
++ if (q_SSL_shutdown(ssl) != 1) {
++ // Some error may be queued, clear it.
++ const auto errors = getErrorsFromOpenSsl();
++ Q_UNUSED(errors);
++ }
+ shutdown = true;
+ transmit();
+ }
+diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
+index 0fe0899d4fd..b7193ad1807 100644
+--- a/src/network/ssl/qsslsocket_openssl11_symbols_p.h
++++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
+@@ -192,4 +192,11 @@ typedef int (*q_SSL_psk_use_session_cb_func_t)(SSL *, const EVP_MD *, const unsi
+ }
+ void q_SSL_set_psk_use_session_callback(SSL *s, q_SSL_psk_use_session_cb_func_t);
+
++#if OPENSSL_VERSION_NUMBER < 0x10101000L
++// What a mess!
++int q_SSL_in_init(SSL *s);
++#else
++int q_SSL_in_init(const SSL *s);
++#endif // 1.1.1 or 1.1.0
++
+ #endif
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+index 85029a6ff3f..d1bd84cf25f 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+@@ -160,6 +160,11 @@ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
+ DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
+ DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
+ DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
++#if OPENSSL_VERSION_NUMBER < 0x10101000L
++DEFINEFUNC(int, SSL_in_init, SSL *a, a, return 0, return)
++#else
++DEFINEFUNC(int, SSL_in_init, const SSL *a, a, return 0, return)
++#endif
+ #ifdef TLS1_3_VERSION
+ DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
+ DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
+@@ -242,6 +247,7 @@ DEFINEFUNC2(void, BIO_set_shutdown, BIO *a, a, int shut, shut, return, DUMMYARG)
+ // Functions below are either deprecated or removed in OpenSSL >= 1.1:
+
+ DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return nullptr, return)
++DEFINEFUNC(int, SSL_state, const SSL *a, a, return 0, return)
+
+ #ifdef SSLEAY_MACROS
+ DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return nullptr, return)
+@@ -971,6 +977,7 @@ bool q_resolveOpenSslSymbols()
+ #if QT_CONFIG(opensslv11)
+
+ RESOLVEFUNC(OPENSSL_init_ssl)
++ RESOLVEFUNC(SSL_in_init)
+ RESOLVEFUNC(OPENSSL_init_crypto)
+ RESOLVEFUNC(ASN1_STRING_get0_data)
+ RESOLVEFUNC(EVP_CIPHER_CTX_reset)
+@@ -1066,6 +1073,7 @@ bool q_resolveOpenSslSymbols()
+ #else // !opensslv11
+
+ RESOLVEFUNC(ASN1_STRING_data)
++ RESOLVEFUNC(SSL_state)
+
+ #ifdef SSLEAY_MACROS
+ RESOLVEFUNC(ASN1_dup)
+diff --git a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
+index f5626d5d164..92841017793 100644
+--- a/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
++++ b/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h
+@@ -121,6 +121,8 @@ SSL_CTX *q_SSL_CTX_new(const SSL_METHOD *a);
+
+ int q_SSL_library_init();
+ void q_SSL_load_error_strings();
++int q_SSL_state(const SSL *a);
++#define q_SSL_in_init(a) (q_SSL_state(a) & SSL_ST_INIT)
+
+ #if OPENSSL_VERSION_NUMBER >= 0x10001000L
+ int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
+index daa9be23f4a..350b1f1fc18 100644
+--- a/src/network/ssl/qsslsocket_p.h
++++ b/src/network/ssl/qsslsocket_p.h
+@@ -208,6 +208,7 @@ protected:
+ bool verifyErrorsHaveBeenIgnored();
+ bool paused;
+ bool flushTriggered;
++ bool systemOrSslErrorDetected = false;
+ QVector<QOcspResponse> ocspResponses;
+ };
+
+--
+2.16.3
diff --git a/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild b/dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild
similarity index 95%
rename from dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild
rename to dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild
index b470bcd..fec0386 100644
--- a/dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild
+++ b/dev-qt/qtnetwork/qtnetwork-5.14.2-r1.ebuild
@@ -32,6 +32,7 @@ RDEPEND="${DEPEND}
"
PATCHES=(
+ "${FILESDIR}/${P}-CVE-2020-13962.patch" # bug 727604, QTBUG-83450
"${FILESDIR}"/${PN}-5.12.1-libressl.patch
"${FILESDIR}"/${PN}-5.12.4-libressl.patch
)
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
@ 2021-01-27 22:31 Quentin Retornaz
0 siblings, 0 replies; 14+ messages in thread
From: Quentin Retornaz @ 2021-01-27 22:31 UTC (permalink / raw
To: gentoo-commits
commit: 21ac3653f78ef5484fd9e029e93de3e90889780a
Author: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
AuthorDate: Wed Jan 27 22:30:44 2021 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Wed Jan 27 22:30:44 2021 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=21ac3653
dev-qt/qtnetwork: revbump to 5.15.2-r1
Package-Manager: Portage-3.0.13, Repoman-3.0.2
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
dev-qt/qtnetwork/Manifest | 1 +
...work-5.15.2-QNetworkAccessManager-memleak.patch | 41 +++++++++++
dev-qt/qtnetwork/qtnetwork-5.15.2-r1.ebuild | 82 ++++++++++++++++++++++
3 files changed, 124 insertions(+)
diff --git a/dev-qt/qtnetwork/Manifest b/dev-qt/qtnetwork/Manifest
index 8d47df5..c298c0a 100644
--- a/dev-qt/qtnetwork/Manifest
+++ b/dev-qt/qtnetwork/Manifest
@@ -1 +1,2 @@
+DIST qtbase-5.15.2-gcc11.patch.xz 1208 BLAKE2B a2e5764b723adda991eca5b84cf8e15437a4832febd12e3c93cdc394931af666e17c01e229e9be7e0efc446a955cc26388c0f93cadfcabd93cc6b6f03bb41eb0 SHA512 da3a41ea5d9573a029946d26b26d51d6dce9c8b91db6d78ca71d8343d3ceb5010d21750dcb45abb663e227b5f068985ff4ed51da07efd17c64cc8dd5aef8f3e4
DIST qtbase-everywhere-src-5.15.2.tar.xz 50179672 BLAKE2B 0e4bdaab43cf59664bde89f87ea260c39acc2ef866d8629d41d9c326cab0ab68bcd943c86a472ae74bc9fb0b7ad50795ccb66275bb6b77d1fcf0a38b5662cb42 SHA512 a549bfaf867d746ff744ab224eb65ac1bdcdac7e8457dfa379941b2b225a90442fcfc1e1175b9afb1f169468f8130b7ab917c67be67156520a4bfb5c92d304f9
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.2-QNetworkAccessManager-memleak.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-QNetworkAccessManager-memleak.patch
new file mode 100644
index 0000000..be2c1f6
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-QNetworkAccessManager-memleak.patch
@@ -0,0 +1,41 @@
+From 0807f16eb407eaf8a5b34b67602d0a97778d945d Mon Sep 17 00:00:00 2001
+From: =?utf8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
+Date: Fri, 6 Nov 2020 12:51:42 +0100
+Subject: [PATCH] QNAM: Work around QObject finicky orphan cleanup details
+
+Details described in a comment.
+
+Task-number: QTBUG-88063
+Change-Id: I763ecfedf518de97615e04a8eaae0fe1fd784f52
+Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
+(cherry picked from commit 1c6d6cbb62c5e93cbcad2d740c3b0ed01095618c)
+Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
+---
+ src/network/access/qnetworkreplyhttpimpl.cpp | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/network/access/qnetworkreplyhttpimpl.cpp b/src/network/access/qnetworkreplyhttpimpl.cpp
+index 21916f53f15..727c1a0316d 100644
+--- a/src/network/access/qnetworkreplyhttpimpl.cpp
++++ b/src/network/access/qnetworkreplyhttpimpl.cpp
+@@ -808,7 +808,17 @@ void QNetworkReplyHttpImplPrivate::postRequest(const QNetworkRequest &newHttpReq
+
+ // For the synchronous HTTP, this is the normal way the delegate gets deleted
+ // For the asynchronous HTTP this is a safety measure, the delegate deletes itself when HTTP is finished
+- QObject::connect(thread, SIGNAL(finished()), delegate, SLOT(deleteLater()));
++ QMetaObject::Connection threadFinishedConnection =
++ QObject::connect(thread, SIGNAL(finished()), delegate, SLOT(deleteLater()));
++
++ // QTBUG-88063: When 'delegate' is deleted the connection will be added to 'thread''s orphaned
++ // connections list. This orphaned list will be cleaned up next time 'thread' emits a signal,
++ // unfortunately that's the finished signal. It leads to a soft-leak so we do this to disconnect
++ // it on deletion so that it cleans up the orphan immediately.
++ QObject::connect(delegate, &QObject::destroyed, delegate, [threadFinishedConnection]() {
++ if (bool(threadFinishedConnection))
++ QObject::disconnect(threadFinishedConnection);
++ });
+
+ // Set the properties it needs
+ delegate->httpRequest = httpRequest;
+--
+2.16.3
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.2-r1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.2-r1.ebuild
new file mode 100644
index 0000000..cc9144c
--- /dev/null
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.2-r1.ebuild
@@ -0,0 +1,82 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="Network abstraction library for the Qt5 framework"
+SRC_URI+=" https://dev.gentoo.org/~asturm/distfiles/qtbase-${PV}-gcc11.patch.xz"
+
+if [[ ${QT5_BUILD_TYPE} == release ]]; then
+ KEYWORDS="amd64 arm arm64 ~hppa ppc ppc64 ~sparc x86"
+fi
+
+IUSE="bindist connman gssapi libressl libproxy networkmanager sctp +ssl"
+
+DEPEND="
+ ~dev-qt/qtcore-${PV}:5=
+ sys-libs/zlib:=
+ connman? ( ~dev-qt/qtdbus-${PV} )
+ gssapi? ( virtual/krb5 )
+ libproxy? ( net-libs/libproxy )
+ networkmanager? ( ~dev-qt/qtdbus-${PV} )
+ sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
+ ssl? (
+ !libressl? ( >=dev-libs/openssl-1.1.1:0=[bindist=] )
+ libressl? ( dev-libs/libressl:0= )
+ )
+"
+RDEPEND="${DEPEND}
+ connman? ( net-misc/connman )
+ networkmanager? ( net-misc/networkmanager )
+"
+
+QT5_TARGET_SUBDIRS=(
+ src/network
+ src/plugins/bearer/generic
+)
+
+QT5_GENTOO_CONFIG=(
+ libproxy:libproxy:
+ ssl::SSL
+ ssl::OPENSSL
+ ssl:openssl-linked:LINKED_OPENSSL
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :network
+)
+
+PATCHES=(
+ "${FILESDIR}"/${P}-QNetworkAccessManager-memleak.patch # QTBUG-88063
+ "${FILESDIR}"/${PN}-5.15.2-libressl.patch # Bug 562050, not upstreamable
+ "${WORKDIR}"/qtbase-${PV}-gcc11.patch # bug 752012
+)
+
+pkg_setup() {
+ use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
+ use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
+}
+
+src_configure() {
+ local myconf=(
+ $(usex connman -dbus-linked '')
+ $(usex gssapi -feature-gssapi -no-feature-gssapi)
+ $(qt_use libproxy)
+ $(usex networkmanager -dbus-linked '')
+ $(qt_use sctp)
+ $(usex ssl -openssl-linked '')
+ )
+ qt5-build_src_configure
+}
+
+src_install() {
+ qt5-build_src_install
+ # workaround for bug 652650
+ if use ssl; then
+ sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
+ -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
+ fi
+}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
@ 2021-10-02 22:09 Quentin Retornaz
0 siblings, 0 replies; 14+ messages in thread
From: Quentin Retornaz @ 2021-10-02 22:09 UTC (permalink / raw
To: gentoo-commits
commit: 1bf4c9c19e5ebe39c9c93248517450221a73c056
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sat Oct 2 01:34:03 2021 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Sat Oct 2 22:08:44 2021 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=1bf4c9c1
dev-qt/qtnetwork: Updated for 5.15.2-r11
Signed-off-by: orbea <orbea <AT> riseup.net>
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
.../files/qtnetwork-5.15.2-r11-libressl.patch | 407 +++++++++++++++++++++
dev-qt/qtnetwork/qtnetwork-5.15.2-r11.ebuild | 80 ++++
2 files changed, 487 insertions(+)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.2-r11-libressl.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-r11-libressl.patch
new file mode 100644
index 0000000..97e7f15
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-r11-libressl.patch
@@ -0,0 +1,407 @@
+From 89e6ffbf5e2febb9cedaf9e533fbcca9da398a2d Mon Sep 17 00:00:00 2001
+From: Stefan Strogin <steils@gentoo.org>
+Date: Sat, 28 Nov 2020 06:12:22 +0200
+Subject: [PATCH] QSslSocket: add LibreSSL support
+
+Upstream-Status: Inappropriate
+[Upstream is not willing to accept any patches for LibreSSL support]
+Signed-off-by: Stefan Strogin <steils@gentoo.org>
+Signed-off-by: orbea <orbea@riseup.net>
+---
+ src/network/ssl/qsslcertificate_openssl.cpp | 2 +-
+ src/network/ssl/qsslcontext_openssl.cpp | 27 ++++++++---
+ src/network/ssl/qsslcontext_openssl_p.h | 7 +++
+ src/network/ssl/qsslsocket_openssl.cpp | 2 +-
+ .../ssl/qsslsocket_openssl_symbols.cpp | 31 +++++++++++++
+ .../ssl/qsslsocket_openssl_symbols_p.h | 45 +++++++++++++++++++
+ 6 files changed, 107 insertions(+), 7 deletions(-)
+
+diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp
+index ca9d61cc..19774432 100644
+--- a/src/network/ssl/qsslcertificate_openssl.cpp
++++ b/src/network/ssl/qsslcertificate_openssl.cpp
+@@ -661,7 +661,7 @@ static QMultiMap<QByteArray, QString> _q_mapFromX509Name(X509_NAME *name)
+ unsigned char *data = nullptr;
+ int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
+ info.insert(name, QString::fromUtf8((char*)data, size));
+-#if QT_CONFIG(opensslv11)
++#if QT_CONFIG(opensslv11) && !defined(LIBRESSL_VERSION_NUMBER)
+ q_CRYPTO_free(data, nullptr, 0);
+ #else
+ q_CRYPTO_free(data);
+diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp
+index c9f202f5..4963474c 100644
+--- a/src/network/ssl/qsslcontext_openssl.cpp
++++ b/src/network/ssl/qsslcontext_openssl.cpp
+@@ -77,9 +77,9 @@ extern "C" int q_verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
+ }
+ #endif // dtls
+
+-#ifdef TLS1_3_VERSION
++#if defined(TLS1_3_VERSION) && !defined(LIBRESSL_VERSION_NUMBER)
+ extern "C" int q_ssl_sess_set_new_cb(SSL *context, SSL_SESSION *session);
+-#endif // TLS1_3_VERSION
++#endif // TLS1_3_VERSION && LIBRESSL_VERSION_NUMBER
+
+ // Defined in qsslsocket.cpp
+ QList<QSslCipher> q_getDefaultDtlsCiphers();
+@@ -351,9 +351,11 @@ init_context:
+ return;
+ }
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ // A nasty hacked OpenSSL using a level that will make our auto-tests fail:
+ if (q_SSL_CTX_get_security_level(sslContext->ctx) > 1 && *forceSecurityLevel())
+ q_SSL_CTX_set_security_level(sslContext->ctx, 1);
++#endif // LIBRESSL_VERSION_NUMBER
+
+ const long anyVersion =
+ #if QT_CONFIG(dtls)
+@@ -408,16 +410,28 @@ init_context:
+ maxVersion = DTLS1_VERSION;
+ break;
+ case QSsl::DtlsV1_0OrLater:
++#ifdef DTLS_MAX_VERSION
+ minVersion = DTLS1_VERSION;
+ maxVersion = DTLS_MAX_VERSION;
++#else
++ Q_UNREACHABLE();
++#endif // DTLS_MAX_VERSION
+ break;
+ case QSsl::DtlsV1_2:
++#ifdef DTLS1_2_VERSION
+ minVersion = DTLS1_2_VERSION;
+ maxVersion = DTLS1_2_VERSION;
++#else
++ Q_UNREACHABLE();
++#endif // DTLS1_2_VERSION
+ break;
+ case QSsl::DtlsV1_2OrLater:
++#if defined(DTLS1_2_VERSION) && defined(DTLS_MAX_VERSION)
+ minVersion = DTLS1_2_VERSION;
+ maxVersion = DTLS_MAX_VERSION;
++#else
++ Q_UNREACHABLE();
++#endif // DTLS1_2_VERSION && DTLS_MAX_VERSION
+ break;
+ case QSsl::TlsV1_3OrLater:
+ #ifdef TLS1_3_VERSION
+@@ -627,14 +641,14 @@ init_context:
+ q_X509Callback);
+ }
+
+-#ifdef TLS1_3_VERSION
++#if defined(TLS1_3_VERSION) && !defined(LIBRESSL_VERSION_NUMBER)
+ // NewSessionTicket callback:
+ if (mode == QSslSocket::SslClientMode && !isDtls) {
+ q_SSL_CTX_sess_set_new_cb(sslContext->ctx, q_ssl_sess_set_new_cb);
+ q_SSL_CTX_set_session_cache_mode(sslContext->ctx, SSL_SESS_CACHE_CLIENT);
+ }
+
+-#endif // TLS1_3_VERSION
++#endif // TLS1_3_VERSION && LIBRESSL_VERSION_NUMBER
+
+ #if QT_CONFIG(dtls)
+ // DTLS cookies:
+@@ -722,6 +736,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext)
+ }
+ #endif // ocsp
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ QSharedPointer<SSL_CONF_CTX> cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free);
+ if (cctx) {
+ q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx);
+@@ -768,7 +783,9 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext)
+ sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_finish() failed"));
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+- } else {
++ } else
++#endif // LIBRESSL_VERSION_NUMBER
++ {
+ sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_CTX_new() failed"));
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+diff --git a/src/network/ssl/qsslcontext_openssl_p.h b/src/network/ssl/qsslcontext_openssl_p.h
+index 70cb97aa..01a61cf5 100644
+--- a/src/network/ssl/qsslcontext_openssl_p.h
++++ b/src/network/ssl/qsslcontext_openssl_p.h
+@@ -61,6 +61,13 @@
+
+ QT_BEGIN_NAMESPACE
+
++#ifndef DTLS_ANY_VERSION
++#define DTLS_ANY_VERSION 0x1FFFF
++#endif
++#ifndef TLS_ANY_VERSION
++#define TLS_ANY_VERSION 0x10000
++#endif
++
+ #ifndef QT_NO_SSL
+
+ class QSslContextPrivate;
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index af47dbf9..f4381efa 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -653,7 +653,7 @@ bool QSslSocketBackendPrivate::initSslContext()
+ else if (mode == QSslSocket::SslServerMode)
+ q_SSL_set_psk_server_callback(ssl, &q_ssl_psk_server_callback);
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101006L
++#if OPENSSL_VERSION_NUMBER >= 0x10101006L && !defined(LIBRESSL_VERSION_NUMBER)
+ // Set the client callback for TLSv1.3 PSK
+ if (mode == QSslSocket::SslClientMode
+ && QSslSocket::sslLibraryBuildVersionNumber() >= 0x10101006L) {
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+index ed80fc14..6941b4db 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+@@ -145,11 +145,14 @@ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return nullptr, return
+ DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return)
+ DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return)
+ DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return)
++#ifdef OPENSSL_NO_DEPRECATED_3_0
+ DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return)
+ DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return)
+ DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return)
++#endif // OPENSSL_NO_DEPRECATED_3_0
+ DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return)
+ DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return)
+ DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return)
+ DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
+@@ -157,10 +160,20 @@ DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return null
+ DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG)
+ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
+ DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
++#else
++DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return)
++DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
++DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return)
++DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG)
++DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG)
++DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return nullptr, return)
++#endif // LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
+ DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return)
+ DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return)
++#endif // LIBRESSL_VERSION_NUMBER
+ #ifdef TLS1_3_VERSION
+ DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
+ DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
+@@ -184,7 +197,11 @@ DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_ver
+ DEFINEFUNC3(int, X509_STORE_set_ex_data, X509_STORE *a, a, int idx, idx, void *data, data, return 0, return)
+ DEFINEFUNC2(void *, X509_STORE_get_ex_data, X509_STORE *r, r, int idx, idx, return nullptr, return)
+ DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return nullptr, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG)
++#else
++DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG)
++#endif
+ DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return)
+ DEFINEFUNC(const char *, OpenSSL_version, int a, a, return nullptr, return)
+ DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return)
+@@ -224,7 +241,9 @@ DEFINEFUNC5(int, OCSP_id_get0_info, ASN1_OCTET_STRING **piNameHash, piNameHash,
+ ASN1_OCTET_STRING **piKeyHash, piKeyHash, ASN1_INTEGER **pserial, pserial, OCSP_CERTID *cid, cid,
+ return 0, return)
+ DEFINEFUNC2(OCSP_RESPONSE *, OCSP_response_create, int status, status, OCSP_BASICRESP *bs, bs, return nullptr, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(const STACK_OF(X509) *, OCSP_resp_get0_certs, const OCSP_BASICRESP *bs, bs, return nullptr, return)
++#endif
+ DEFINEFUNC2(int, OCSP_id_cmp, OCSP_CERTID *a, a, OCSP_CERTID *b, b, return -1, return)
+ DEFINEFUNC7(OCSP_SINGLERESP *, OCSP_basic_add1_status, OCSP_BASICRESP *r, r, OCSP_CERTID *c, c, int s, s,
+ int re, re, ASN1_TIME *rt, rt, ASN1_TIME *t, t, ASN1_TIME *n, n, return nullptr, return)
+@@ -356,12 +375,14 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a, EVP_PKEY *b, b, return -
+ DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return)
+ DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
+ DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return);
+ DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return);
+ DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return);
+ DEFINEFUNC2(unsigned int, SSL_CONF_CTX_set_flags, SSL_CONF_CTX *a, a, unsigned int b, b, return 0, return);
+ DEFINEFUNC(int, SSL_CONF_CTX_finish, SSL_CONF_CTX *a, a, return 0, return);
+ DEFINEFUNC3(int, SSL_CONF_cmd, SSL_CONF_CTX *a, a, const char *b, b, const char *c, c, return 0, return);
++#endif
+ DEFINEFUNC(void, SSL_free, SSL *a, a, return, DUMMYARG)
+ DEFINEFUNC(STACK_OF(SSL_CIPHER) *, SSL_get_ciphers, const SSL *a, a, return nullptr, return)
+ DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return nullptr, return)
+@@ -845,17 +866,21 @@ bool q_resolveOpenSslSymbols()
+ RESOLVEFUNC(ASN1_STRING_get0_data)
+ RESOLVEFUNC(EVP_CIPHER_CTX_reset)
+ RESOLVEFUNC(EVP_PKEY_up_ref)
++#ifdef OPENSSL_NO_DEPRECATED_3_0
+ RESOLVEFUNC(EVP_PKEY_CTX_new)
+ RESOLVEFUNC(EVP_PKEY_param_check)
+ RESOLVEFUNC(EVP_PKEY_CTX_free)
++#endif // OPENSSL_NO_DEPRECATED_3_0
+ RESOLVEFUNC(EVP_PKEY_base_id)
+ RESOLVEFUNC(RSA_bits)
++#ifndef LIBRESSL_VERSION_NUMBER
+ RESOLVEFUNC(OPENSSL_sk_new_null)
+ RESOLVEFUNC(OPENSSL_sk_push)
+ RESOLVEFUNC(OPENSSL_sk_free)
+ RESOLVEFUNC(OPENSSL_sk_num)
+ RESOLVEFUNC(OPENSSL_sk_pop_free)
+ RESOLVEFUNC(OPENSSL_sk_value)
++#endif
+ RESOLVEFUNC(DH_get0_pqg)
+ RESOLVEFUNC(SSL_CTX_set_options)
+ RESOLVEFUNC(SSL_CTX_get_security_level)
+@@ -898,7 +923,9 @@ bool q_resolveOpenSslSymbols()
+
+ RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
+ RESOLVEFUNC(DH_bits)
++#ifndef LIBRESSL_VERSION_NUMBER
+ RESOLVEFUNC(DSA_bits)
++#endif
+
+ #if QT_CONFIG(dtls)
+ RESOLVEFUNC(DTLSv1_listen)
+@@ -928,7 +955,9 @@ bool q_resolveOpenSslSymbols()
+ RESOLVEFUNC(OCSP_check_validity)
+ RESOLVEFUNC(OCSP_cert_to_id)
+ RESOLVEFUNC(OCSP_id_get0_info)
++#ifndef LIBRESSL_VERSION_NUMBER
+ RESOLVEFUNC(OCSP_resp_get0_certs)
++#endif
+ RESOLVEFUNC(OCSP_basic_sign)
+ RESOLVEFUNC(OCSP_response_create)
+ RESOLVEFUNC(i2d_OCSP_RESPONSE)
+@@ -1058,12 +1087,14 @@ bool q_resolveOpenSslSymbols()
+ RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
+ RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
+ RESOLVEFUNC(SSL_CTX_get_cert_store);
++#ifndef LIBRESSL_VERSION_NUMBER
+ RESOLVEFUNC(SSL_CONF_CTX_new);
+ RESOLVEFUNC(SSL_CONF_CTX_free);
+ RESOLVEFUNC(SSL_CONF_CTX_set_ssl_ctx);
+ RESOLVEFUNC(SSL_CONF_CTX_set_flags);
+ RESOLVEFUNC(SSL_CONF_CTX_finish);
+ RESOLVEFUNC(SSL_CONF_cmd);
++#endif
+ RESOLVEFUNC(SSL_accept)
+ RESOLVEFUNC(SSL_clear)
+ RESOLVEFUNC(SSL_connect)
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+index c46afcf5..42a31119 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
++++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+@@ -80,6 +80,13 @@ QT_BEGIN_NAMESPACE
+
+ #define DUMMYARG
+
++#ifdef LIBRESSL_VERSION_NUMBER
++typedef _STACK STACK;
++typedef STACK OPENSSL_STACK;
++typedef void OPENSSL_INIT_SETTINGS;
++typedef int (*X509_STORE_CTX_verify_cb)(int ok,X509_STORE_CTX *ctx);
++#endif
++
+ #if !defined QT_LINKED_OPENSSL
+ // **************** Shared declarations ******************
+ // ret func(arg)
+@@ -230,20 +237,43 @@ const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x);
+ Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a);
+ Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem();
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ int q_DSA_bits(DSA *a);
++#else
++#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p)
++#endif
+ int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
+ Q_AUTOTEST_EXPORT int q_EVP_PKEY_up_ref(EVP_PKEY *a);
++#ifdef OPENSSL_NO_DEPRECATED_3_0
+ EVP_PKEY_CTX *q_EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+ void q_EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+ int q_EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
++#endif // OPENSSL_NO_DEPRECATED_3_0
+ int q_EVP_PKEY_base_id(EVP_PKEY *a);
+ int q_RSA_bits(RSA *a);
++
++#ifndef LIBRESSL_VERSION_NUMBER
+ Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a);
+ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *));
+ Q_AUTOTEST_EXPORT OPENSSL_STACK *q_OPENSSL_sk_new_null();
+ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data);
+ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK *a);
+ Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b);
++#else // LIBRESSL_VERSION_NUMBER
++int q_sk_num(STACK *a);
++#define q_OPENSSL_sk_num(a) q_sk_num(a)
++void q_sk_pop_free(STACK *a, void (*b)(void *));
++#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b)
++STACK *q_sk_new_null();
++#define q_OPENSSL_sk_new_null() q_sk_new_null()
++void q_sk_push(STACK *st, void *data);
++#define q_OPENSSL_sk_push(st, data) q_sk_push(st, data)
++void q_sk_free(STACK *a);
++#define q_OPENSSL_sk_free q_sk_free
++void *q_sk_value(STACK *a, int b);
++#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b)
++#endif // LIBRESSL_VERSION_NUMBER
++
+ int q_SSL_session_reused(SSL *a);
+ unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
+ int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+@@ -269,8 +299,13 @@ int q_DH_bits(DH *dh);
+ # define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st)
+ #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i)
++#else
++#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
++#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
++#endif // LIBRESSL_VERSION_NUMBER
+
+ #define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+ | OPENSSL_INIT_ADD_ALL_DIGESTS \
+@@ -279,7 +314,11 @@ int q_DH_bits(DH *dh);
+ | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+
+ int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
++#ifndef LIBRESSL_VERSION_NUMBER
+ void q_CRYPTO_free(void *str, const char *file, int line);
++#else
++void q_CRYPTO_free(void *a);
++#endif
+
+ long q_OpenSSL_version_num();
+ const char *q_OpenSSL_version(int type);
+@@ -497,12 +536,14 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b);
+ int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b);
+ int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
+ X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
++#ifndef LIBRESSL_VERSION_NUMBER
+ SSL_CONF_CTX *q_SSL_CONF_CTX_new();
+ void q_SSL_CONF_CTX_free(SSL_CONF_CTX *a);
+ void q_SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *a, SSL_CTX *b);
+ unsigned int q_SSL_CONF_CTX_set_flags(SSL_CONF_CTX *a, unsigned int b);
+ int q_SSL_CONF_CTX_finish(SSL_CONF_CTX *a);
+ int q_SSL_CONF_cmd(SSL_CONF_CTX *a, const char *b, const char *c);
++#endif
+ void q_SSL_free(SSL *a);
+ STACK_OF(SSL_CIPHER) *q_SSL_get_ciphers(const SSL *a);
+ const SSL_CIPHER *q_SSL_get_current_cipher(SSL *a);
+@@ -728,7 +769,11 @@ int q_OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *n
+ int q_OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, ASN1_OCTET_STRING **pikeyHash,
+ ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ const STACK_OF(X509) *q_OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
++#else
++#define q_OCSP_resp_get0_certs(bs) ((bs)->certs)
++#endif
+ Q_AUTOTEST_EXPORT OCSP_CERTID *q_OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
+ Q_AUTOTEST_EXPORT void q_OCSP_CERTID_free(OCSP_CERTID *cid);
+ int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+--
+2.32.0
+
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.2-r11.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.2-r11.ebuild
new file mode 100644
index 0000000..df5b465
--- /dev/null
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.2-r11.ebuild
@@ -0,0 +1,80 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+KDE_ORG_COMMIT=a4f9e56975fa6ab4a1f63a9b34a4d77b1cfe4acd
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="Network abstraction library for the Qt5 framework"
+
+if [[ ${QT5_BUILD_TYPE} == release ]]; then
+ KEYWORDS="amd64 arm arm64 ~hppa ~ppc ~ppc64 ~riscv ~sparc x86"
+fi
+
+IUSE="bindist connman dtls gssapi libproxy networkmanager sctp +ssl"
+REQUIRED_USE="!dtls"
+
+DEPEND="
+ =dev-qt/qtcore-${QT5_PV}*:5=
+ sys-libs/zlib:=
+ connman? ( =dev-qt/qtdbus-${QT5_PV}* )
+ gssapi? ( virtual/krb5 )
+ libproxy? ( net-libs/libproxy )
+ networkmanager? ( =dev-qt/qtdbus-${QT5_PV}* )
+ sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
+ ssl? ( >=dev-libs/openssl-1.1.1:0=[bindist(-)=] )
+"
+RDEPEND="${DEPEND}
+ connman? ( net-misc/connman )
+ networkmanager? ( net-misc/networkmanager )
+"
+
+QT5_TARGET_SUBDIRS=(
+ src/network
+ src/plugins/bearer/generic
+)
+
+QT5_GENTOO_CONFIG=(
+ libproxy:libproxy:
+ ssl::SSL
+ ssl::OPENSSL
+ ssl:openssl-linked:LINKED_OPENSSL
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :network
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-5.15.2-r11-libressl.patch # Bug 562050, not upstreamable
+)
+
+pkg_setup() {
+ use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
+ use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
+}
+
+src_configure() {
+ local myconf=(
+ $(usev connman -dbus-linked)
+ $(qt_use gssapi feature-gssapi)
+ $(qt_use libproxy)
+ $(usev networkmanager -dbus-linked)
+ $(qt_use sctp)
+ $(qt_use dtls)
+ $(usev ssl -openssl-linked)
+ )
+ qt5-build_src_configure
+}
+
+src_install() {
+ qt5-build_src_install
+
+ # workaround for bug 652650
+ if use ssl; then
+ sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
+ -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
+ fi
+}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
@ 2021-10-02 22:19 Quentin Retornaz
0 siblings, 0 replies; 14+ messages in thread
From: Quentin Retornaz @ 2021-10-02 22:19 UTC (permalink / raw
To: gentoo-commits
commit: 62a9ab00ac1109a43fcba3ad46acb3fdcbdde080
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sat Oct 2 01:34:03 2021 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Sat Oct 2 22:17:52 2021 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=62a9ab00
dev-qt/qtnetwork: Updated for 5.15.2-r11
Signed-off-by: orbea <orbea <AT> riseup.net>
Closes: https://github.com/gentoo/libressl/pull/354
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
dev-qt/qtnetwork/Manifest | 1 +
.../files/qtnetwork-5.15.2-r11-libressl.patch | 407 +++++++++++++++++++++
dev-qt/qtnetwork/qtnetwork-5.15.2-r11.ebuild | 80 ++++
3 files changed, 488 insertions(+)
diff --git a/dev-qt/qtnetwork/Manifest b/dev-qt/qtnetwork/Manifest
index c298c0a..c69b3ee 100644
--- a/dev-qt/qtnetwork/Manifest
+++ b/dev-qt/qtnetwork/Manifest
@@ -1,2 +1,3 @@
+DIST qtbase-5.15.2-a4f9e569.tar.gz 67964648 BLAKE2B 2be7351221c46846ef37308a0238aa4a39369da63fe5c3be5e142ff700c80e125821c06b43c9e4e949bd9f285222a60888303aef956c9b427a9a6c8ee3bc6b1a SHA512 b4be8132a1d7119fd9728f7bf2d72cdd27d2092e7f178a1f15707204f5ffade7ce505c897fd658bb19274bdd6238b2eb16f7fcfedff2567877dc3458b4091388
DIST qtbase-5.15.2-gcc11.patch.xz 1208 BLAKE2B a2e5764b723adda991eca5b84cf8e15437a4832febd12e3c93cdc394931af666e17c01e229e9be7e0efc446a955cc26388c0f93cadfcabd93cc6b6f03bb41eb0 SHA512 da3a41ea5d9573a029946d26b26d51d6dce9c8b91db6d78ca71d8343d3ceb5010d21750dcb45abb663e227b5f068985ff4ed51da07efd17c64cc8dd5aef8f3e4
DIST qtbase-everywhere-src-5.15.2.tar.xz 50179672 BLAKE2B 0e4bdaab43cf59664bde89f87ea260c39acc2ef866d8629d41d9c326cab0ab68bcd943c86a472ae74bc9fb0b7ad50795ccb66275bb6b77d1fcf0a38b5662cb42 SHA512 a549bfaf867d746ff744ab224eb65ac1bdcdac7e8457dfa379941b2b225a90442fcfc1e1175b9afb1f169468f8130b7ab917c67be67156520a4bfb5c92d304f9
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.2-r11-libressl.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-r11-libressl.patch
new file mode 100644
index 0000000..97e7f15
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-r11-libressl.patch
@@ -0,0 +1,407 @@
+From 89e6ffbf5e2febb9cedaf9e533fbcca9da398a2d Mon Sep 17 00:00:00 2001
+From: Stefan Strogin <steils@gentoo.org>
+Date: Sat, 28 Nov 2020 06:12:22 +0200
+Subject: [PATCH] QSslSocket: add LibreSSL support
+
+Upstream-Status: Inappropriate
+[Upstream is not willing to accept any patches for LibreSSL support]
+Signed-off-by: Stefan Strogin <steils@gentoo.org>
+Signed-off-by: orbea <orbea@riseup.net>
+---
+ src/network/ssl/qsslcertificate_openssl.cpp | 2 +-
+ src/network/ssl/qsslcontext_openssl.cpp | 27 ++++++++---
+ src/network/ssl/qsslcontext_openssl_p.h | 7 +++
+ src/network/ssl/qsslsocket_openssl.cpp | 2 +-
+ .../ssl/qsslsocket_openssl_symbols.cpp | 31 +++++++++++++
+ .../ssl/qsslsocket_openssl_symbols_p.h | 45 +++++++++++++++++++
+ 6 files changed, 107 insertions(+), 7 deletions(-)
+
+diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp
+index ca9d61cc..19774432 100644
+--- a/src/network/ssl/qsslcertificate_openssl.cpp
++++ b/src/network/ssl/qsslcertificate_openssl.cpp
+@@ -661,7 +661,7 @@ static QMultiMap<QByteArray, QString> _q_mapFromX509Name(X509_NAME *name)
+ unsigned char *data = nullptr;
+ int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
+ info.insert(name, QString::fromUtf8((char*)data, size));
+-#if QT_CONFIG(opensslv11)
++#if QT_CONFIG(opensslv11) && !defined(LIBRESSL_VERSION_NUMBER)
+ q_CRYPTO_free(data, nullptr, 0);
+ #else
+ q_CRYPTO_free(data);
+diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp
+index c9f202f5..4963474c 100644
+--- a/src/network/ssl/qsslcontext_openssl.cpp
++++ b/src/network/ssl/qsslcontext_openssl.cpp
+@@ -77,9 +77,9 @@ extern "C" int q_verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
+ }
+ #endif // dtls
+
+-#ifdef TLS1_3_VERSION
++#if defined(TLS1_3_VERSION) && !defined(LIBRESSL_VERSION_NUMBER)
+ extern "C" int q_ssl_sess_set_new_cb(SSL *context, SSL_SESSION *session);
+-#endif // TLS1_3_VERSION
++#endif // TLS1_3_VERSION && LIBRESSL_VERSION_NUMBER
+
+ // Defined in qsslsocket.cpp
+ QList<QSslCipher> q_getDefaultDtlsCiphers();
+@@ -351,9 +351,11 @@ init_context:
+ return;
+ }
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ // A nasty hacked OpenSSL using a level that will make our auto-tests fail:
+ if (q_SSL_CTX_get_security_level(sslContext->ctx) > 1 && *forceSecurityLevel())
+ q_SSL_CTX_set_security_level(sslContext->ctx, 1);
++#endif // LIBRESSL_VERSION_NUMBER
+
+ const long anyVersion =
+ #if QT_CONFIG(dtls)
+@@ -408,16 +410,28 @@ init_context:
+ maxVersion = DTLS1_VERSION;
+ break;
+ case QSsl::DtlsV1_0OrLater:
++#ifdef DTLS_MAX_VERSION
+ minVersion = DTLS1_VERSION;
+ maxVersion = DTLS_MAX_VERSION;
++#else
++ Q_UNREACHABLE();
++#endif // DTLS_MAX_VERSION
+ break;
+ case QSsl::DtlsV1_2:
++#ifdef DTLS1_2_VERSION
+ minVersion = DTLS1_2_VERSION;
+ maxVersion = DTLS1_2_VERSION;
++#else
++ Q_UNREACHABLE();
++#endif // DTLS1_2_VERSION
+ break;
+ case QSsl::DtlsV1_2OrLater:
++#if defined(DTLS1_2_VERSION) && defined(DTLS_MAX_VERSION)
+ minVersion = DTLS1_2_VERSION;
+ maxVersion = DTLS_MAX_VERSION;
++#else
++ Q_UNREACHABLE();
++#endif // DTLS1_2_VERSION && DTLS_MAX_VERSION
+ break;
+ case QSsl::TlsV1_3OrLater:
+ #ifdef TLS1_3_VERSION
+@@ -627,14 +641,14 @@ init_context:
+ q_X509Callback);
+ }
+
+-#ifdef TLS1_3_VERSION
++#if defined(TLS1_3_VERSION) && !defined(LIBRESSL_VERSION_NUMBER)
+ // NewSessionTicket callback:
+ if (mode == QSslSocket::SslClientMode && !isDtls) {
+ q_SSL_CTX_sess_set_new_cb(sslContext->ctx, q_ssl_sess_set_new_cb);
+ q_SSL_CTX_set_session_cache_mode(sslContext->ctx, SSL_SESS_CACHE_CLIENT);
+ }
+
+-#endif // TLS1_3_VERSION
++#endif // TLS1_3_VERSION && LIBRESSL_VERSION_NUMBER
+
+ #if QT_CONFIG(dtls)
+ // DTLS cookies:
+@@ -722,6 +736,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext)
+ }
+ #endif // ocsp
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ QSharedPointer<SSL_CONF_CTX> cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free);
+ if (cctx) {
+ q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx);
+@@ -768,7 +783,9 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext)
+ sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_finish() failed"));
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+- } else {
++ } else
++#endif // LIBRESSL_VERSION_NUMBER
++ {
+ sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_CTX_new() failed"));
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+diff --git a/src/network/ssl/qsslcontext_openssl_p.h b/src/network/ssl/qsslcontext_openssl_p.h
+index 70cb97aa..01a61cf5 100644
+--- a/src/network/ssl/qsslcontext_openssl_p.h
++++ b/src/network/ssl/qsslcontext_openssl_p.h
+@@ -61,6 +61,13 @@
+
+ QT_BEGIN_NAMESPACE
+
++#ifndef DTLS_ANY_VERSION
++#define DTLS_ANY_VERSION 0x1FFFF
++#endif
++#ifndef TLS_ANY_VERSION
++#define TLS_ANY_VERSION 0x10000
++#endif
++
+ #ifndef QT_NO_SSL
+
+ class QSslContextPrivate;
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index af47dbf9..f4381efa 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -653,7 +653,7 @@ bool QSslSocketBackendPrivate::initSslContext()
+ else if (mode == QSslSocket::SslServerMode)
+ q_SSL_set_psk_server_callback(ssl, &q_ssl_psk_server_callback);
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101006L
++#if OPENSSL_VERSION_NUMBER >= 0x10101006L && !defined(LIBRESSL_VERSION_NUMBER)
+ // Set the client callback for TLSv1.3 PSK
+ if (mode == QSslSocket::SslClientMode
+ && QSslSocket::sslLibraryBuildVersionNumber() >= 0x10101006L) {
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+index ed80fc14..6941b4db 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+@@ -145,11 +145,14 @@ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return nullptr, return
+ DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return)
+ DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return)
+ DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return)
++#ifdef OPENSSL_NO_DEPRECATED_3_0
+ DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return)
+ DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return)
+ DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return)
++#endif // OPENSSL_NO_DEPRECATED_3_0
+ DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return)
+ DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return)
+ DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return)
+ DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
+@@ -157,10 +160,20 @@ DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return null
+ DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG)
+ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
+ DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
++#else
++DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return)
++DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
++DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return)
++DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG)
++DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG)
++DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return nullptr, return)
++#endif // LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
+ DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return)
+ DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return)
++#endif // LIBRESSL_VERSION_NUMBER
+ #ifdef TLS1_3_VERSION
+ DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
+ DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
+@@ -184,7 +197,11 @@ DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_ver
+ DEFINEFUNC3(int, X509_STORE_set_ex_data, X509_STORE *a, a, int idx, idx, void *data, data, return 0, return)
+ DEFINEFUNC2(void *, X509_STORE_get_ex_data, X509_STORE *r, r, int idx, idx, return nullptr, return)
+ DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return nullptr, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG)
++#else
++DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG)
++#endif
+ DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return)
+ DEFINEFUNC(const char *, OpenSSL_version, int a, a, return nullptr, return)
+ DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return)
+@@ -224,7 +241,9 @@ DEFINEFUNC5(int, OCSP_id_get0_info, ASN1_OCTET_STRING **piNameHash, piNameHash,
+ ASN1_OCTET_STRING **piKeyHash, piKeyHash, ASN1_INTEGER **pserial, pserial, OCSP_CERTID *cid, cid,
+ return 0, return)
+ DEFINEFUNC2(OCSP_RESPONSE *, OCSP_response_create, int status, status, OCSP_BASICRESP *bs, bs, return nullptr, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(const STACK_OF(X509) *, OCSP_resp_get0_certs, const OCSP_BASICRESP *bs, bs, return nullptr, return)
++#endif
+ DEFINEFUNC2(int, OCSP_id_cmp, OCSP_CERTID *a, a, OCSP_CERTID *b, b, return -1, return)
+ DEFINEFUNC7(OCSP_SINGLERESP *, OCSP_basic_add1_status, OCSP_BASICRESP *r, r, OCSP_CERTID *c, c, int s, s,
+ int re, re, ASN1_TIME *rt, rt, ASN1_TIME *t, t, ASN1_TIME *n, n, return nullptr, return)
+@@ -356,12 +375,14 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a, EVP_PKEY *b, b, return -
+ DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return)
+ DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
+ DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return);
+ DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return);
+ DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return);
+ DEFINEFUNC2(unsigned int, SSL_CONF_CTX_set_flags, SSL_CONF_CTX *a, a, unsigned int b, b, return 0, return);
+ DEFINEFUNC(int, SSL_CONF_CTX_finish, SSL_CONF_CTX *a, a, return 0, return);
+ DEFINEFUNC3(int, SSL_CONF_cmd, SSL_CONF_CTX *a, a, const char *b, b, const char *c, c, return 0, return);
++#endif
+ DEFINEFUNC(void, SSL_free, SSL *a, a, return, DUMMYARG)
+ DEFINEFUNC(STACK_OF(SSL_CIPHER) *, SSL_get_ciphers, const SSL *a, a, return nullptr, return)
+ DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return nullptr, return)
+@@ -845,17 +866,21 @@ bool q_resolveOpenSslSymbols()
+ RESOLVEFUNC(ASN1_STRING_get0_data)
+ RESOLVEFUNC(EVP_CIPHER_CTX_reset)
+ RESOLVEFUNC(EVP_PKEY_up_ref)
++#ifdef OPENSSL_NO_DEPRECATED_3_0
+ RESOLVEFUNC(EVP_PKEY_CTX_new)
+ RESOLVEFUNC(EVP_PKEY_param_check)
+ RESOLVEFUNC(EVP_PKEY_CTX_free)
++#endif // OPENSSL_NO_DEPRECATED_3_0
+ RESOLVEFUNC(EVP_PKEY_base_id)
+ RESOLVEFUNC(RSA_bits)
++#ifndef LIBRESSL_VERSION_NUMBER
+ RESOLVEFUNC(OPENSSL_sk_new_null)
+ RESOLVEFUNC(OPENSSL_sk_push)
+ RESOLVEFUNC(OPENSSL_sk_free)
+ RESOLVEFUNC(OPENSSL_sk_num)
+ RESOLVEFUNC(OPENSSL_sk_pop_free)
+ RESOLVEFUNC(OPENSSL_sk_value)
++#endif
+ RESOLVEFUNC(DH_get0_pqg)
+ RESOLVEFUNC(SSL_CTX_set_options)
+ RESOLVEFUNC(SSL_CTX_get_security_level)
+@@ -898,7 +923,9 @@ bool q_resolveOpenSslSymbols()
+
+ RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
+ RESOLVEFUNC(DH_bits)
++#ifndef LIBRESSL_VERSION_NUMBER
+ RESOLVEFUNC(DSA_bits)
++#endif
+
+ #if QT_CONFIG(dtls)
+ RESOLVEFUNC(DTLSv1_listen)
+@@ -928,7 +955,9 @@ bool q_resolveOpenSslSymbols()
+ RESOLVEFUNC(OCSP_check_validity)
+ RESOLVEFUNC(OCSP_cert_to_id)
+ RESOLVEFUNC(OCSP_id_get0_info)
++#ifndef LIBRESSL_VERSION_NUMBER
+ RESOLVEFUNC(OCSP_resp_get0_certs)
++#endif
+ RESOLVEFUNC(OCSP_basic_sign)
+ RESOLVEFUNC(OCSP_response_create)
+ RESOLVEFUNC(i2d_OCSP_RESPONSE)
+@@ -1058,12 +1087,14 @@ bool q_resolveOpenSslSymbols()
+ RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
+ RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
+ RESOLVEFUNC(SSL_CTX_get_cert_store);
++#ifndef LIBRESSL_VERSION_NUMBER
+ RESOLVEFUNC(SSL_CONF_CTX_new);
+ RESOLVEFUNC(SSL_CONF_CTX_free);
+ RESOLVEFUNC(SSL_CONF_CTX_set_ssl_ctx);
+ RESOLVEFUNC(SSL_CONF_CTX_set_flags);
+ RESOLVEFUNC(SSL_CONF_CTX_finish);
+ RESOLVEFUNC(SSL_CONF_cmd);
++#endif
+ RESOLVEFUNC(SSL_accept)
+ RESOLVEFUNC(SSL_clear)
+ RESOLVEFUNC(SSL_connect)
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+index c46afcf5..42a31119 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
++++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+@@ -80,6 +80,13 @@ QT_BEGIN_NAMESPACE
+
+ #define DUMMYARG
+
++#ifdef LIBRESSL_VERSION_NUMBER
++typedef _STACK STACK;
++typedef STACK OPENSSL_STACK;
++typedef void OPENSSL_INIT_SETTINGS;
++typedef int (*X509_STORE_CTX_verify_cb)(int ok,X509_STORE_CTX *ctx);
++#endif
++
+ #if !defined QT_LINKED_OPENSSL
+ // **************** Shared declarations ******************
+ // ret func(arg)
+@@ -230,20 +237,43 @@ const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x);
+ Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a);
+ Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem();
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ int q_DSA_bits(DSA *a);
++#else
++#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p)
++#endif
+ int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
+ Q_AUTOTEST_EXPORT int q_EVP_PKEY_up_ref(EVP_PKEY *a);
++#ifdef OPENSSL_NO_DEPRECATED_3_0
+ EVP_PKEY_CTX *q_EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+ void q_EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+ int q_EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
++#endif // OPENSSL_NO_DEPRECATED_3_0
+ int q_EVP_PKEY_base_id(EVP_PKEY *a);
+ int q_RSA_bits(RSA *a);
++
++#ifndef LIBRESSL_VERSION_NUMBER
+ Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a);
+ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *));
+ Q_AUTOTEST_EXPORT OPENSSL_STACK *q_OPENSSL_sk_new_null();
+ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data);
+ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK *a);
+ Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b);
++#else // LIBRESSL_VERSION_NUMBER
++int q_sk_num(STACK *a);
++#define q_OPENSSL_sk_num(a) q_sk_num(a)
++void q_sk_pop_free(STACK *a, void (*b)(void *));
++#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b)
++STACK *q_sk_new_null();
++#define q_OPENSSL_sk_new_null() q_sk_new_null()
++void q_sk_push(STACK *st, void *data);
++#define q_OPENSSL_sk_push(st, data) q_sk_push(st, data)
++void q_sk_free(STACK *a);
++#define q_OPENSSL_sk_free q_sk_free
++void *q_sk_value(STACK *a, int b);
++#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b)
++#endif // LIBRESSL_VERSION_NUMBER
++
+ int q_SSL_session_reused(SSL *a);
+ unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
+ int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+@@ -269,8 +299,13 @@ int q_DH_bits(DH *dh);
+ # define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st)
+ #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i)
++#else
++#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
++#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
++#endif // LIBRESSL_VERSION_NUMBER
+
+ #define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+ | OPENSSL_INIT_ADD_ALL_DIGESTS \
+@@ -279,7 +314,11 @@ int q_DH_bits(DH *dh);
+ | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+
+ int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
++#ifndef LIBRESSL_VERSION_NUMBER
+ void q_CRYPTO_free(void *str, const char *file, int line);
++#else
++void q_CRYPTO_free(void *a);
++#endif
+
+ long q_OpenSSL_version_num();
+ const char *q_OpenSSL_version(int type);
+@@ -497,12 +536,14 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b);
+ int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b);
+ int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
+ X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
++#ifndef LIBRESSL_VERSION_NUMBER
+ SSL_CONF_CTX *q_SSL_CONF_CTX_new();
+ void q_SSL_CONF_CTX_free(SSL_CONF_CTX *a);
+ void q_SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *a, SSL_CTX *b);
+ unsigned int q_SSL_CONF_CTX_set_flags(SSL_CONF_CTX *a, unsigned int b);
+ int q_SSL_CONF_CTX_finish(SSL_CONF_CTX *a);
+ int q_SSL_CONF_cmd(SSL_CONF_CTX *a, const char *b, const char *c);
++#endif
+ void q_SSL_free(SSL *a);
+ STACK_OF(SSL_CIPHER) *q_SSL_get_ciphers(const SSL *a);
+ const SSL_CIPHER *q_SSL_get_current_cipher(SSL *a);
+@@ -728,7 +769,11 @@ int q_OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *n
+ int q_OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, ASN1_OCTET_STRING **pikeyHash,
+ ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ const STACK_OF(X509) *q_OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
++#else
++#define q_OCSP_resp_get0_certs(bs) ((bs)->certs)
++#endif
+ Q_AUTOTEST_EXPORT OCSP_CERTID *q_OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
+ Q_AUTOTEST_EXPORT void q_OCSP_CERTID_free(OCSP_CERTID *cid);
+ int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+--
+2.32.0
+
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.2-r11.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.2-r11.ebuild
new file mode 100644
index 0000000..df5b465
--- /dev/null
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.2-r11.ebuild
@@ -0,0 +1,80 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+KDE_ORG_COMMIT=a4f9e56975fa6ab4a1f63a9b34a4d77b1cfe4acd
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="Network abstraction library for the Qt5 framework"
+
+if [[ ${QT5_BUILD_TYPE} == release ]]; then
+ KEYWORDS="amd64 arm arm64 ~hppa ~ppc ~ppc64 ~riscv ~sparc x86"
+fi
+
+IUSE="bindist connman dtls gssapi libproxy networkmanager sctp +ssl"
+REQUIRED_USE="!dtls"
+
+DEPEND="
+ =dev-qt/qtcore-${QT5_PV}*:5=
+ sys-libs/zlib:=
+ connman? ( =dev-qt/qtdbus-${QT5_PV}* )
+ gssapi? ( virtual/krb5 )
+ libproxy? ( net-libs/libproxy )
+ networkmanager? ( =dev-qt/qtdbus-${QT5_PV}* )
+ sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
+ ssl? ( >=dev-libs/openssl-1.1.1:0=[bindist(-)=] )
+"
+RDEPEND="${DEPEND}
+ connman? ( net-misc/connman )
+ networkmanager? ( net-misc/networkmanager )
+"
+
+QT5_TARGET_SUBDIRS=(
+ src/network
+ src/plugins/bearer/generic
+)
+
+QT5_GENTOO_CONFIG=(
+ libproxy:libproxy:
+ ssl::SSL
+ ssl::OPENSSL
+ ssl:openssl-linked:LINKED_OPENSSL
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :network
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-5.15.2-r11-libressl.patch # Bug 562050, not upstreamable
+)
+
+pkg_setup() {
+ use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
+ use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
+}
+
+src_configure() {
+ local myconf=(
+ $(usev connman -dbus-linked)
+ $(qt_use gssapi feature-gssapi)
+ $(qt_use libproxy)
+ $(usev networkmanager -dbus-linked)
+ $(qt_use sctp)
+ $(qt_use dtls)
+ $(usev ssl -openssl-linked)
+ )
+ qt5-build_src_configure
+}
+
+src_install() {
+ qt5-build_src_install
+
+ # workaround for bug 652650
+ if use ssl; then
+ sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
+ -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
+ fi
+}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
@ 2021-11-06 18:16 Quentin Retornaz
0 siblings, 0 replies; 14+ messages in thread
From: Quentin Retornaz @ 2021-11-06 18:16 UTC (permalink / raw
To: gentoo-commits
commit: 8b83aca60b827f17b3e56b24f1c6807443fb57a4
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Wed Nov 3 17:09:10 2021 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Sat Nov 6 18:15:50 2021 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=8b83aca6
dev-qt/qtnetwork: Update keywords + remove old version
Signed-off-by: orbea <orbea <AT> riseup.net>
Closes: https://github.com/gentoo/libressl/pull/363
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
dev-qt/qtnetwork/Manifest | 2 -
...work-5.15.2-QNetworkAccessManager-memleak.patch | 41 ---
.../files/qtnetwork-5.15.2-libressl.patch | 377 ---------------------
dev-qt/qtnetwork/qtnetwork-5.15.2-r11.ebuild | 2 +-
dev-qt/qtnetwork/qtnetwork-5.15.2-r2.ebuild | 80 -----
5 files changed, 1 insertion(+), 501 deletions(-)
diff --git a/dev-qt/qtnetwork/Manifest b/dev-qt/qtnetwork/Manifest
index c69b3ee..4b89203 100644
--- a/dev-qt/qtnetwork/Manifest
+++ b/dev-qt/qtnetwork/Manifest
@@ -1,3 +1 @@
DIST qtbase-5.15.2-a4f9e569.tar.gz 67964648 BLAKE2B 2be7351221c46846ef37308a0238aa4a39369da63fe5c3be5e142ff700c80e125821c06b43c9e4e949bd9f285222a60888303aef956c9b427a9a6c8ee3bc6b1a SHA512 b4be8132a1d7119fd9728f7bf2d72cdd27d2092e7f178a1f15707204f5ffade7ce505c897fd658bb19274bdd6238b2eb16f7fcfedff2567877dc3458b4091388
-DIST qtbase-5.15.2-gcc11.patch.xz 1208 BLAKE2B a2e5764b723adda991eca5b84cf8e15437a4832febd12e3c93cdc394931af666e17c01e229e9be7e0efc446a955cc26388c0f93cadfcabd93cc6b6f03bb41eb0 SHA512 da3a41ea5d9573a029946d26b26d51d6dce9c8b91db6d78ca71d8343d3ceb5010d21750dcb45abb663e227b5f068985ff4ed51da07efd17c64cc8dd5aef8f3e4
-DIST qtbase-everywhere-src-5.15.2.tar.xz 50179672 BLAKE2B 0e4bdaab43cf59664bde89f87ea260c39acc2ef866d8629d41d9c326cab0ab68bcd943c86a472ae74bc9fb0b7ad50795ccb66275bb6b77d1fcf0a38b5662cb42 SHA512 a549bfaf867d746ff744ab224eb65ac1bdcdac7e8457dfa379941b2b225a90442fcfc1e1175b9afb1f169468f8130b7ab917c67be67156520a4bfb5c92d304f9
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.2-QNetworkAccessManager-memleak.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-QNetworkAccessManager-memleak.patch
deleted file mode 100644
index be2c1f6..0000000
--- a/dev-qt/qtnetwork/files/qtnetwork-5.15.2-QNetworkAccessManager-memleak.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0807f16eb407eaf8a5b34b67602d0a97778d945d Mon Sep 17 00:00:00 2001
-From: =?utf8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
-Date: Fri, 6 Nov 2020 12:51:42 +0100
-Subject: [PATCH] QNAM: Work around QObject finicky orphan cleanup details
-
-Details described in a comment.
-
-Task-number: QTBUG-88063
-Change-Id: I763ecfedf518de97615e04a8eaae0fe1fd784f52
-Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
-(cherry picked from commit 1c6d6cbb62c5e93cbcad2d740c3b0ed01095618c)
-Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
----
- src/network/access/qnetworkreplyhttpimpl.cpp | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/src/network/access/qnetworkreplyhttpimpl.cpp b/src/network/access/qnetworkreplyhttpimpl.cpp
-index 21916f53f15..727c1a0316d 100644
---- a/src/network/access/qnetworkreplyhttpimpl.cpp
-+++ b/src/network/access/qnetworkreplyhttpimpl.cpp
-@@ -808,7 +808,17 @@ void QNetworkReplyHttpImplPrivate::postRequest(const QNetworkRequest &newHttpReq
-
- // For the synchronous HTTP, this is the normal way the delegate gets deleted
- // For the asynchronous HTTP this is a safety measure, the delegate deletes itself when HTTP is finished
-- QObject::connect(thread, SIGNAL(finished()), delegate, SLOT(deleteLater()));
-+ QMetaObject::Connection threadFinishedConnection =
-+ QObject::connect(thread, SIGNAL(finished()), delegate, SLOT(deleteLater()));
-+
-+ // QTBUG-88063: When 'delegate' is deleted the connection will be added to 'thread''s orphaned
-+ // connections list. This orphaned list will be cleaned up next time 'thread' emits a signal,
-+ // unfortunately that's the finished signal. It leads to a soft-leak so we do this to disconnect
-+ // it on deletion so that it cleans up the orphan immediately.
-+ QObject::connect(delegate, &QObject::destroyed, delegate, [threadFinishedConnection]() {
-+ if (bool(threadFinishedConnection))
-+ QObject::disconnect(threadFinishedConnection);
-+ });
-
- // Set the properties it needs
- delegate->httpRequest = httpRequest;
---
-2.16.3
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.2-libressl.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.2-libressl.patch
deleted file mode 100644
index f7fe32f..0000000
--- a/dev-qt/qtnetwork/files/qtnetwork-5.15.2-libressl.patch
+++ /dev/null
@@ -1,377 +0,0 @@
-From 07a00f9c6d87f1fa5360cfb8f086670f3fa5bd3f Mon Sep 17 00:00:00 2001
-From: Stefan Strogin <steils@gentoo.org>
-Date: Sat, 28 Nov 2020 06:12:22 +0200
-Subject: [PATCH] QSslSocket: add LibreSSL support
-
-Upstream-Status: Inappropriate
-[Upstream is not willing to accept any patches for LibreSSL support]
-Signed-off-by: Stefan Strogin <steils@gentoo.org>
----
- src/network/ssl/qsslcertificate_openssl.cpp | 2 +-
- src/network/ssl/qsslcontext_openssl.cpp | 19 +++++++-
- src/network/ssl/qsslcontext_openssl_p.h | 7 +++
- src/network/ssl/qsslsocket_openssl.cpp | 2 +-
- .../ssl/qsslsocket_openssl_symbols.cpp | 31 +++++++++++++
- .../ssl/qsslsocket_openssl_symbols_p.h | 45 +++++++++++++++++++
- 6 files changed, 103 insertions(+), 3 deletions(-)
-
-diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp
-index ca9d61cc..19774432 100644
---- a/src/network/ssl/qsslcertificate_openssl.cpp
-+++ b/src/network/ssl/qsslcertificate_openssl.cpp
-@@ -661,7 +661,7 @@ static QMultiMap<QByteArray, QString> _q_mapFromX509Name(X509_NAME *name)
- unsigned char *data = nullptr;
- int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
- info.insert(name, QString::fromUtf8((char*)data, size));
--#if QT_CONFIG(opensslv11)
-+#if QT_CONFIG(opensslv11) && !defined(LIBRESSL_VERSION_NUMBER)
- q_CRYPTO_free(data, nullptr, 0);
- #else
- q_CRYPTO_free(data);
-diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp
-index c9f202f5..d3626cab 100644
---- a/src/network/ssl/qsslcontext_openssl.cpp
-+++ b/src/network/ssl/qsslcontext_openssl.cpp
-@@ -351,9 +351,11 @@ init_context:
- return;
- }
-
-+#ifndef LIBRESSL_VERSION_NUMBER
- // A nasty hacked OpenSSL using a level that will make our auto-tests fail:
- if (q_SSL_CTX_get_security_level(sslContext->ctx) > 1 && *forceSecurityLevel())
- q_SSL_CTX_set_security_level(sslContext->ctx, 1);
-+#endif // LIBRESSL_VERSION_NUMBER
-
- const long anyVersion =
- #if QT_CONFIG(dtls)
-@@ -408,16 +410,28 @@ init_context:
- maxVersion = DTLS1_VERSION;
- break;
- case QSsl::DtlsV1_0OrLater:
-+#ifdef DTLS_MAX_VERSION
- minVersion = DTLS1_VERSION;
- maxVersion = DTLS_MAX_VERSION;
-+#else
-+ Q_UNREACHABLE();
-+#endif // DTLS_MAX_VERSION
- break;
- case QSsl::DtlsV1_2:
-+#ifdef DTLS1_2_VERSION
- minVersion = DTLS1_2_VERSION;
- maxVersion = DTLS1_2_VERSION;
-+#else
-+ Q_UNREACHABLE();
-+#endif // DTLS1_2_VERSION
- break;
- case QSsl::DtlsV1_2OrLater:
-+#if defined(DTLS1_2_VERSION) && defined(DTLS_MAX_VERSION)
- minVersion = DTLS1_2_VERSION;
- maxVersion = DTLS_MAX_VERSION;
-+#else
-+ Q_UNREACHABLE();
-+#endif // DTLS1_2_VERSION && DTLS_MAX_VERSION
- break;
- case QSsl::TlsV1_3OrLater:
- #ifdef TLS1_3_VERSION
-@@ -722,6 +736,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext)
- }
- #endif // ocsp
-
-+#ifndef LIBRESSL_VERSION_NUMBER
- QSharedPointer<SSL_CONF_CTX> cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free);
- if (cctx) {
- q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx);
-@@ -768,7 +783,9 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext)
- sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_finish() failed"));
- sslContext->errorCode = QSslError::UnspecifiedError;
- }
-- } else {
-+ } else
-+#endif // LIBRESSL_VERSION_NUMBER
-+ {
- sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_CTX_new() failed"));
- sslContext->errorCode = QSslError::UnspecifiedError;
- }
-diff --git a/src/network/ssl/qsslcontext_openssl_p.h b/src/network/ssl/qsslcontext_openssl_p.h
-index 70cb97aa..01a61cf5 100644
---- a/src/network/ssl/qsslcontext_openssl_p.h
-+++ b/src/network/ssl/qsslcontext_openssl_p.h
-@@ -61,6 +61,13 @@
-
- QT_BEGIN_NAMESPACE
-
-+#ifndef DTLS_ANY_VERSION
-+#define DTLS_ANY_VERSION 0x1FFFF
-+#endif
-+#ifndef TLS_ANY_VERSION
-+#define TLS_ANY_VERSION 0x10000
-+#endif
-+
- #ifndef QT_NO_SSL
-
- class QSslContextPrivate;
-diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
-index 277037e5..f599498d 100644
---- a/src/network/ssl/qsslsocket_openssl.cpp
-+++ b/src/network/ssl/qsslsocket_openssl.cpp
-@@ -653,7 +653,7 @@ bool QSslSocketBackendPrivate::initSslContext()
- else if (mode == QSslSocket::SslServerMode)
- q_SSL_set_psk_server_callback(ssl, &q_ssl_psk_server_callback);
-
--#if OPENSSL_VERSION_NUMBER >= 0x10101006L
-+#if OPENSSL_VERSION_NUMBER >= 0x10101006L && !defined(LIBRESSL_VERSION_NUMBER)
- // Set the client callback for TLSv1.3 PSK
- if (mode == QSslSocket::SslClientMode
- && QSslSocket::sslLibraryBuildVersionNumber() >= 0x10101006L) {
-diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
-index ed80fc14..6941b4db 100644
---- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
-+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
-@@ -145,11 +145,14 @@ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return nullptr, return
- DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return)
- DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return)
- DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return)
-+#ifdef OPENSSL_NO_DEPRECATED_3_0
- DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return)
- DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return)
- DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return)
-+#endif // OPENSSL_NO_DEPRECATED_3_0
- DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return)
- DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return)
- DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return)
- DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
-@@ -157,10 +160,20 @@ DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return null
- DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG)
- DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
- DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
-+#else
-+DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return)
-+DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
-+DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return)
-+DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG)
-+DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG)
-+DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return nullptr, return)
-+#endif // LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
- DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return)
- DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return)
-+#endif // LIBRESSL_VERSION_NUMBER
- #ifdef TLS1_3_VERSION
- DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
- DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
-@@ -184,7 +197,11 @@ DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_ver
- DEFINEFUNC3(int, X509_STORE_set_ex_data, X509_STORE *a, a, int idx, idx, void *data, data, return 0, return)
- DEFINEFUNC2(void *, X509_STORE_get_ex_data, X509_STORE *r, r, int idx, idx, return nullptr, return)
- DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return nullptr, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG)
-+#else
-+DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG)
-+#endif
- DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return)
- DEFINEFUNC(const char *, OpenSSL_version, int a, a, return nullptr, return)
- DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return)
-@@ -224,7 +241,9 @@ DEFINEFUNC5(int, OCSP_id_get0_info, ASN1_OCTET_STRING **piNameHash, piNameHash,
- ASN1_OCTET_STRING **piKeyHash, piKeyHash, ASN1_INTEGER **pserial, pserial, OCSP_CERTID *cid, cid,
- return 0, return)
- DEFINEFUNC2(OCSP_RESPONSE *, OCSP_response_create, int status, status, OCSP_BASICRESP *bs, bs, return nullptr, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(const STACK_OF(X509) *, OCSP_resp_get0_certs, const OCSP_BASICRESP *bs, bs, return nullptr, return)
-+#endif
- DEFINEFUNC2(int, OCSP_id_cmp, OCSP_CERTID *a, a, OCSP_CERTID *b, b, return -1, return)
- DEFINEFUNC7(OCSP_SINGLERESP *, OCSP_basic_add1_status, OCSP_BASICRESP *r, r, OCSP_CERTID *c, c, int s, s,
- int re, re, ASN1_TIME *rt, rt, ASN1_TIME *t, t, ASN1_TIME *n, n, return nullptr, return)
-@@ -356,12 +375,14 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a, EVP_PKEY *b, b, return -
- DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return)
- DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
- DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return);
- DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return);
- DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return);
- DEFINEFUNC2(unsigned int, SSL_CONF_CTX_set_flags, SSL_CONF_CTX *a, a, unsigned int b, b, return 0, return);
- DEFINEFUNC(int, SSL_CONF_CTX_finish, SSL_CONF_CTX *a, a, return 0, return);
- DEFINEFUNC3(int, SSL_CONF_cmd, SSL_CONF_CTX *a, a, const char *b, b, const char *c, c, return 0, return);
-+#endif
- DEFINEFUNC(void, SSL_free, SSL *a, a, return, DUMMYARG)
- DEFINEFUNC(STACK_OF(SSL_CIPHER) *, SSL_get_ciphers, const SSL *a, a, return nullptr, return)
- DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return nullptr, return)
-@@ -845,17 +866,21 @@ bool q_resolveOpenSslSymbols()
- RESOLVEFUNC(ASN1_STRING_get0_data)
- RESOLVEFUNC(EVP_CIPHER_CTX_reset)
- RESOLVEFUNC(EVP_PKEY_up_ref)
-+#ifdef OPENSSL_NO_DEPRECATED_3_0
- RESOLVEFUNC(EVP_PKEY_CTX_new)
- RESOLVEFUNC(EVP_PKEY_param_check)
- RESOLVEFUNC(EVP_PKEY_CTX_free)
-+#endif // OPENSSL_NO_DEPRECATED_3_0
- RESOLVEFUNC(EVP_PKEY_base_id)
- RESOLVEFUNC(RSA_bits)
-+#ifndef LIBRESSL_VERSION_NUMBER
- RESOLVEFUNC(OPENSSL_sk_new_null)
- RESOLVEFUNC(OPENSSL_sk_push)
- RESOLVEFUNC(OPENSSL_sk_free)
- RESOLVEFUNC(OPENSSL_sk_num)
- RESOLVEFUNC(OPENSSL_sk_pop_free)
- RESOLVEFUNC(OPENSSL_sk_value)
-+#endif
- RESOLVEFUNC(DH_get0_pqg)
- RESOLVEFUNC(SSL_CTX_set_options)
- RESOLVEFUNC(SSL_CTX_get_security_level)
-@@ -898,7 +923,9 @@ bool q_resolveOpenSslSymbols()
-
- RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
- RESOLVEFUNC(DH_bits)
-+#ifndef LIBRESSL_VERSION_NUMBER
- RESOLVEFUNC(DSA_bits)
-+#endif
-
- #if QT_CONFIG(dtls)
- RESOLVEFUNC(DTLSv1_listen)
-@@ -928,7 +955,9 @@ bool q_resolveOpenSslSymbols()
- RESOLVEFUNC(OCSP_check_validity)
- RESOLVEFUNC(OCSP_cert_to_id)
- RESOLVEFUNC(OCSP_id_get0_info)
-+#ifndef LIBRESSL_VERSION_NUMBER
- RESOLVEFUNC(OCSP_resp_get0_certs)
-+#endif
- RESOLVEFUNC(OCSP_basic_sign)
- RESOLVEFUNC(OCSP_response_create)
- RESOLVEFUNC(i2d_OCSP_RESPONSE)
-@@ -1058,12 +1087,14 @@ bool q_resolveOpenSslSymbols()
- RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
- RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
- RESOLVEFUNC(SSL_CTX_get_cert_store);
-+#ifndef LIBRESSL_VERSION_NUMBER
- RESOLVEFUNC(SSL_CONF_CTX_new);
- RESOLVEFUNC(SSL_CONF_CTX_free);
- RESOLVEFUNC(SSL_CONF_CTX_set_ssl_ctx);
- RESOLVEFUNC(SSL_CONF_CTX_set_flags);
- RESOLVEFUNC(SSL_CONF_CTX_finish);
- RESOLVEFUNC(SSL_CONF_cmd);
-+#endif
- RESOLVEFUNC(SSL_accept)
- RESOLVEFUNC(SSL_clear)
- RESOLVEFUNC(SSL_connect)
-diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
-index c46afcf5..42a31119 100644
---- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
-+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
-@@ -80,6 +80,13 @@ QT_BEGIN_NAMESPACE
-
- #define DUMMYARG
-
-+#ifdef LIBRESSL_VERSION_NUMBER
-+typedef _STACK STACK;
-+typedef STACK OPENSSL_STACK;
-+typedef void OPENSSL_INIT_SETTINGS;
-+typedef int (*X509_STORE_CTX_verify_cb)(int ok,X509_STORE_CTX *ctx);
-+#endif
-+
- #if !defined QT_LINKED_OPENSSL
- // **************** Shared declarations ******************
- // ret func(arg)
-@@ -230,20 +237,43 @@ const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x);
- Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a);
- Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem();
-
-+#ifndef LIBRESSL_VERSION_NUMBER
- int q_DSA_bits(DSA *a);
-+#else
-+#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p)
-+#endif
- int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
- Q_AUTOTEST_EXPORT int q_EVP_PKEY_up_ref(EVP_PKEY *a);
-+#ifdef OPENSSL_NO_DEPRECATED_3_0
- EVP_PKEY_CTX *q_EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
- void q_EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
- int q_EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
-+#endif // OPENSSL_NO_DEPRECATED_3_0
- int q_EVP_PKEY_base_id(EVP_PKEY *a);
- int q_RSA_bits(RSA *a);
-+
-+#ifndef LIBRESSL_VERSION_NUMBER
- Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a);
- Q_AUTOTEST_EXPORT void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *));
- Q_AUTOTEST_EXPORT OPENSSL_STACK *q_OPENSSL_sk_new_null();
- Q_AUTOTEST_EXPORT void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data);
- Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK *a);
- Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b);
-+#else // LIBRESSL_VERSION_NUMBER
-+int q_sk_num(STACK *a);
-+#define q_OPENSSL_sk_num(a) q_sk_num(a)
-+void q_sk_pop_free(STACK *a, void (*b)(void *));
-+#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b)
-+STACK *q_sk_new_null();
-+#define q_OPENSSL_sk_new_null() q_sk_new_null()
-+void q_sk_push(STACK *st, void *data);
-+#define q_OPENSSL_sk_push(st, data) q_sk_push(st, data)
-+void q_sk_free(STACK *a);
-+#define q_OPENSSL_sk_free q_sk_free
-+void *q_sk_value(STACK *a, int b);
-+#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b)
-+#endif // LIBRESSL_VERSION_NUMBER
-+
- int q_SSL_session_reused(SSL *a);
- unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
- int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
-@@ -269,8 +299,13 @@ int q_DH_bits(DH *dh);
- # define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
-
-+#ifndef LIBRESSL_VERSION_NUMBER
- #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st)
- #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i)
-+#else
-+#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
-+#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
-+#endif // LIBRESSL_VERSION_NUMBER
-
- #define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
- | OPENSSL_INIT_ADD_ALL_DIGESTS \
-@@ -279,7 +314,11 @@ int q_DH_bits(DH *dh);
- | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
-
- int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
-+#ifndef LIBRESSL_VERSION_NUMBER
- void q_CRYPTO_free(void *str, const char *file, int line);
-+#else
-+void q_CRYPTO_free(void *a);
-+#endif
-
- long q_OpenSSL_version_num();
- const char *q_OpenSSL_version(int type);
-@@ -497,12 +536,14 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b);
- int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b);
- int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
- X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
-+#ifndef LIBRESSL_VERSION_NUMBER
- SSL_CONF_CTX *q_SSL_CONF_CTX_new();
- void q_SSL_CONF_CTX_free(SSL_CONF_CTX *a);
- void q_SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *a, SSL_CTX *b);
- unsigned int q_SSL_CONF_CTX_set_flags(SSL_CONF_CTX *a, unsigned int b);
- int q_SSL_CONF_CTX_finish(SSL_CONF_CTX *a);
- int q_SSL_CONF_cmd(SSL_CONF_CTX *a, const char *b, const char *c);
-+#endif
- void q_SSL_free(SSL *a);
- STACK_OF(SSL_CIPHER) *q_SSL_get_ciphers(const SSL *a);
- const SSL_CIPHER *q_SSL_get_current_cipher(SSL *a);
-@@ -728,7 +769,11 @@ int q_OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *n
- int q_OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, ASN1_OCTET_STRING **pikeyHash,
- ASN1_INTEGER **pserial, OCSP_CERTID *cid);
-
-+#ifndef LIBRESSL_VERSION_NUMBER
- const STACK_OF(X509) *q_OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
-+#else
-+#define q_OCSP_resp_get0_certs(bs) ((bs)->certs)
-+#endif
- Q_AUTOTEST_EXPORT OCSP_CERTID *q_OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
- Q_AUTOTEST_EXPORT void q_OCSP_CERTID_free(OCSP_CERTID *cid);
- int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
---
-2.29.2
-
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.2-r11.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.2-r11.ebuild
index df5b465..463019c 100644
--- a/dev-qt/qtnetwork/qtnetwork-5.15.2-r11.ebuild
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.2-r11.ebuild
@@ -10,7 +10,7 @@ inherit qt5-build
DESCRIPTION="Network abstraction library for the Qt5 framework"
if [[ ${QT5_BUILD_TYPE} == release ]]; then
- KEYWORDS="amd64 arm arm64 ~hppa ~ppc ~ppc64 ~riscv ~sparc x86"
+ KEYWORDS="amd64 arm arm64 ~hppa ppc ppc64 ~riscv ~sparc x86"
fi
IUSE="bindist connman dtls gssapi libproxy networkmanager sctp +ssl"
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.2-r2.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.2-r2.ebuild
deleted file mode 100644
index ce01f17..0000000
--- a/dev-qt/qtnetwork/qtnetwork-5.15.2-r2.ebuild
+++ /dev/null
@@ -1,80 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-QT5_MODULE="qtbase"
-inherit qt5-build
-
-DESCRIPTION="Network abstraction library for the Qt5 framework"
-SRC_URI+=" https://dev.gentoo.org/~asturm/distfiles/qtbase-${PV}-gcc11.patch.xz"
-
-if [[ ${QT5_BUILD_TYPE} == release ]]; then
- KEYWORDS="amd64 arm arm64 ~hppa ppc ppc64 ~sparc x86"
-fi
-
-IUSE="bindist connman dtls gssapi libproxy networkmanager sctp +ssl"
-
-DEPEND="
- ~dev-qt/qtcore-${PV}:5=
- sys-libs/zlib:=
- connman? ( ~dev-qt/qtdbus-${PV} )
- gssapi? ( virtual/krb5 )
- libproxy? ( net-libs/libproxy )
- networkmanager? ( ~dev-qt/qtdbus-${PV} )
- sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
- ssl? ( >=dev-libs/openssl-1.1.1:0=[bindist=] )
-"
-RDEPEND="${DEPEND}
- connman? ( net-misc/connman )
- networkmanager? ( net-misc/networkmanager )
-"
-
-QT5_TARGET_SUBDIRS=(
- src/network
- src/plugins/bearer/generic
-)
-
-QT5_GENTOO_CONFIG=(
- libproxy:libproxy:
- ssl::SSL
- ssl::OPENSSL
- ssl:openssl-linked:LINKED_OPENSSL
-)
-
-QT5_GENTOO_PRIVATE_CONFIG=(
- :network
-)
-
-PATCHES=(
- "${FILESDIR}"/${P}-QNetworkAccessManager-memleak.patch # QTBUG-88063
- "${FILESDIR}"/${PN}-5.15.2-libressl.patch # Bug 562050, not upstreamable
- "${WORKDIR}"/qtbase-${PV}-gcc11.patch # bug 752012
-)
-
-pkg_setup() {
- use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
- use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
-}
-
-src_configure() {
- local myconf=(
- $(usex connman -dbus-linked '')
- $(usex gssapi -feature-gssapi -no-feature-gssapi)
- $(qt_use libproxy)
- $(usex networkmanager -dbus-linked '')
- $(qt_use sctp)
- $(qt_use dtls)
- $(usex ssl -openssl-linked '')
- )
- qt5-build_src_configure
-}
-
-src_install() {
- qt5-build_src_install
- # workaround for bug 652650
- if use ssl; then
- sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
- -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
- fi
-}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
@ 2022-06-26 2:24 Quentin Retornaz
0 siblings, 0 replies; 14+ messages in thread
From: Quentin Retornaz @ 2022-06-26 2:24 UTC (permalink / raw
To: gentoo-commits
commit: e847d659a4ae7ad35ef8cd1798d406ba4896fdcb
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Tue Jun 21 16:08:34 2022 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Sun Jun 26 02:23:38 2022 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=e847d659
dev-qt/qtnetwork: Added 5.15.5
The patch conflict can be solved by removing one chunk from the patch.
Signed-off-by: orbea <orbea <AT> riseup.net>
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
dev-qt/qtnetwork/Manifest | 3 +
.../files/qtnetwork-5.15.5-libressl.patch | 355 +++++++++++++++++++++
dev-qt/qtnetwork/qtnetwork-5.15.5.ebuild | 79 +++++
3 files changed, 437 insertions(+)
diff --git a/dev-qt/qtnetwork/Manifest b/dev-qt/qtnetwork/Manifest
index 876cb88..899868d 100644
--- a/dev-qt/qtnetwork/Manifest
+++ b/dev-qt/qtnetwork/Manifest
@@ -1,4 +1,7 @@
+DIST qtbase-5.15-gentoo-patchset-1.tar.xz 4204 BLAKE2B 1399eb6f4c776d370e1837351a72b604440658a3a2d1bd0c725b9ef149b09d236347f5f4b37f652c33310048a0a7df54e24453b404dc45507fd4f7c5fdf144cd SHA512 c857fc746bacb047321cdb762f3c7c48ce2a0d24045a9e708edd38532568dbbc74e9e971425a72a3c2a5ca0662b3e6333831f6c1b7746525b99d46000b63111f
DIST qtbase-5.15.3-gentoo-kde-1.tar.xz 337032 BLAKE2B a5a3ff6c6002e386d15dd3122faec8e09fba19df12db59a6cdff1f04b7cc9919cf5cc30f4ae936ee3cb29cf110e714bb727929330ced292b699472367adfef4c SHA512 042743816f3c08dc3313be76da31e206c37dd7dc5b2604b36ef4be18ad66a89d9d29a61f9cccaa169665f742f7fbfb60822189e8cab0d23f3d4efe293a79f78c
DIST qtbase-5.15.4-gentoo-kde-1.tar.xz 507288 BLAKE2B a22d3745d3c690e29f7726cc464e3721777768e6e4f937e84ee2d2e14a13bcf7724e0c30b2cf4277c9ac7dadc1078545e14fb5459fbc3acc7259fb3e39e2f417 SHA512 a52bdf189e4c0fe341c2db0a5923a3600503d8eaa0c3693923a02a0ab4fa6dfc1beb21067f4723fcf2e4d7c71e39a496bf34e109e1e1c8c42922ff53f6712373
+DIST qtbase-5.15.5-gentoo-kde-1.tar.xz 520224 BLAKE2B 48807bc79cede557b114786ee072d8d94545f4ada3d96aa4fe04dbf79a356dc6c17d9299014ed70aa10296346c30c7512fb7d9f88ee4b301e9a54a241363be8b SHA512 ab9f27d506d7aa1a9339ba52d51daffb4c6f9abb5d858fd728ef2110528bc0f2ae101b4e2e7c344836b42e4aafa2c5a4ab5c5fa37465e692cce500c0f3347fa7
DIST qtbase-everywhere-opensource-src-5.15.3.tar.xz 50204364 BLAKE2B 9c011e8d6033e340a1d7be6bd9100a05d55638cfd53f647752853382574b6c444668eae36bf88cfedde0e7c0e00ecb1f91d025fc59c23be5438ba0ef91a5246c SHA512 01723eff5116a1d7d136fa32d2aee2691b227a241dbc160953ee72a8c0f3bc7ab771c17434629cabef419983ef43bb38aa6956ddcc09c9a82e116a50073b0079
DIST qtbase-everywhere-opensource-src-5.15.4.tar.xz 50225468 BLAKE2B 3525126791ca168ea4227bc58bef0202f4cec68396c958b0e7f09e7b41ca9d70bbcf0e78b5e7997bc3e4a59e889128f93964b5d0a9db7d012403581cff3dc30b SHA512 91a1d95c2891939ae55134e8897cbc423142bd8eda954a1e65bb563b0932ed9e2da34db374fd86858b4a819e8abe824a967b31f4fb316528ec8aaf15016c6ad3
+DIST qtbase-everywhere-opensource-src-5.15.5.tar.xz 50247388 BLAKE2B e9bbfe8e73e6f25ccadeef722818b5aeb82d1f136bec21fcbc3b26bf76044b38f25c7268010c648e1161e9b61013b8b775f17b9fdcfdd70402bdfbf70bf7f9d5 SHA512 ce80eedc88abbd5a200bacc10a8e94adc1ef2122ac220715ba084adf1e32d67f2dc66168503de5fb5b5a6ab15f7a75ca23dc9956aed12ead994a8ffa6291ef87
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.5-libressl.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.5-libressl.patch
new file mode 100644
index 0000000..f41df00
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.5-libressl.patch
@@ -0,0 +1,355 @@
+From bd917c12865c773b882f45a8ed66735e39b4f013 Mon Sep 17 00:00:00 2001
+From: Stefan Strogin <steils@gentoo.org>
+Date: Sat, 28 Nov 2020 06:12:22 +0200
+Subject: [PATCH] QSslSocket: add LibreSSL support
+
+Upstream-Status: Inappropriate
+[Upstream is not willing to accept any patches for LibreSSL support]
+Signed-off-by: Stefan Strogin <steils@gentoo.org>
+Signed-off-by: orbea <orbea@riseup.net>
+---
+ src/network/ssl/qsslcertificate_openssl.cpp | 2 +-
+ src/network/ssl/qsslcontext_openssl.cpp | 15 ++++--
+ src/network/ssl/qsslcontext_openssl_p.h | 7 +++
+ src/network/ssl/qsslsocket_openssl.cpp | 2 +-
+ .../ssl/qsslsocket_openssl_symbols.cpp | 29 ++++++++++++
+ .../ssl/qsslsocket_openssl_symbols_p.h | 42 ++++++++++++++++++-
+ 6 files changed, 89 insertions(+), 8 deletions(-)
+
+diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp
+index 5022b899..73be1cf2 100644
+--- a/src/network/ssl/qsslcertificate_openssl.cpp
++++ b/src/network/ssl/qsslcertificate_openssl.cpp
+@@ -691,7 +691,7 @@ static QMultiMap<QByteArray, QString> _q_mapFromX509Name(X509_NAME *name)
+ unsigned char *data = nullptr;
+ int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
+ info.insert(name, QString::fromUtf8((char*)data, size));
+-#if QT_CONFIG(opensslv11)
++#if QT_CONFIG(opensslv11) && !defined(LIBRESSL_VERSION_NUMBER)
+ q_CRYPTO_free(data, nullptr, 0);
+ #else
+ q_CRYPTO_free(data);
+diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp
+index d0a428c2..319cfc00 100644
+--- a/src/network/ssl/qsslcontext_openssl.cpp
++++ b/src/network/ssl/qsslcontext_openssl.cpp
+@@ -77,9 +77,9 @@ extern "C" int q_verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
+ }
+ #endif // dtls
+
+-#ifdef TLS1_3_VERSION
++#if defined(TLS1_3_VERSION) && !defined(LIBRESSL_VERSION_NUMBER)
+ extern "C" int q_ssl_sess_set_new_cb(SSL *context, SSL_SESSION *session);
+-#endif // TLS1_3_VERSION
++#endif // TLS1_3_VERSION && LIBRESSL_VERSION_NUMBER
+
+ // Defined in qsslsocket.cpp
+ QList<QSslCipher> q_getDefaultDtlsCiphers();
+@@ -351,9 +351,11 @@ init_context:
+ return;
+ }
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ // A nasty hacked OpenSSL using a level that will make our auto-tests fail:
+ if (q_SSL_CTX_get_security_level(sslContext->ctx) > 1 && *forceSecurityLevel())
+ q_SSL_CTX_set_security_level(sslContext->ctx, 1);
++#endif // LIBRESSL_VERSION_NUMBER
+
+ const long anyVersion =
+ #if QT_CONFIG(dtls)
+@@ -627,14 +629,14 @@ init_context:
+ q_X509Callback);
+ }
+
+-#ifdef TLS1_3_VERSION
++#if defined(TLS1_3_VERSION) && !defined(LIBRESSL_VERSION_NUMBER)
+ // NewSessionTicket callback:
+ if (mode == QSslSocket::SslClientMode && !isDtls) {
+ q_SSL_CTX_sess_set_new_cb(sslContext->ctx, q_ssl_sess_set_new_cb);
+ q_SSL_CTX_set_session_cache_mode(sslContext->ctx, SSL_SESS_CACHE_CLIENT);
+ }
+
+-#endif // TLS1_3_VERSION
++#endif // TLS1_3_VERSION && LIBRESSL_VERSION_NUMBER
+
+ #if QT_CONFIG(dtls)
+ // DTLS cookies:
+@@ -722,6 +724,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext)
+ }
+ #endif // ocsp
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ QSharedPointer<SSL_CONF_CTX> cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free);
+ if (cctx) {
+ q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx);
+@@ -768,7 +771,9 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext)
+ sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_finish() failed"));
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+- } else {
++ } else
++#endif // LIBRESSL_VERSION_NUMBER
++ {
+ sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_CTX_new() failed"));
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+diff --git a/src/network/ssl/qsslcontext_openssl_p.h b/src/network/ssl/qsslcontext_openssl_p.h
+index 70cb97aa..01a61cf5 100644
+--- a/src/network/ssl/qsslcontext_openssl_p.h
++++ b/src/network/ssl/qsslcontext_openssl_p.h
+@@ -61,6 +61,13 @@
+
+ QT_BEGIN_NAMESPACE
+
++#ifndef DTLS_ANY_VERSION
++#define DTLS_ANY_VERSION 0x1FFFF
++#endif
++#ifndef TLS_ANY_VERSION
++#define TLS_ANY_VERSION 0x10000
++#endif
++
+ #ifndef QT_NO_SSL
+
+ class QSslContextPrivate;
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index af47dbf9..f4381efa 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -653,7 +653,7 @@ bool QSslSocketBackendPrivate::initSslContext()
+ else if (mode == QSslSocket::SslServerMode)
+ q_SSL_set_psk_server_callback(ssl, &q_ssl_psk_server_callback);
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101006L
++#if OPENSSL_VERSION_NUMBER >= 0x10101006L && !defined(LIBRESSL_VERSION_NUMBER)
+ // Set the client callback for TLSv1.3 PSK
+ if (mode == QSslSocket::SslClientMode
+ && QSslSocket::sslLibraryBuildVersionNumber() >= 0x10101006L) {
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+index 0f48e498..0b47ccde 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+@@ -145,10 +145,15 @@ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return nullptr, return
+ DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return)
+ DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return)
+ DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return)
++#ifdef OPENSSL_NO_DEPRECATED_3_0
+ DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return)
+ DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return)
+ DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return)
++#endif // OPENSSL_NO_DEPRECATED_3_0
+ DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return)
++#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
+ DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return)
++#endif
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return)
+ DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
+@@ -156,10 +159,20 @@ DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return null
+ DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG)
+ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
+ DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
++#else
++DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return)
++DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
++DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return)
++DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG)
++DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG)
++DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return nullptr, return)
++#endif // LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
+ DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return)
+ DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return)
++#endif // LIBRESSL_VERSION_NUMBER
+ #ifdef TLS1_3_VERSION
+ DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
+ DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
+@@ -183,7 +196,11 @@ DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_ver
+ DEFINEFUNC3(int, X509_STORE_set_ex_data, X509_STORE *a, a, int idx, idx, void *data, data, return 0, return)
+ DEFINEFUNC2(void *, X509_STORE_get_ex_data, X509_STORE *r, r, int idx, idx, return nullptr, return)
+ DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return nullptr, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG)
++#else
++DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG)
++#endif
+ DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return)
+ DEFINEFUNC(const char *, OpenSSL_version, int a, a, return nullptr, return)
+ DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return)
+@@ -223,7 +240,9 @@ DEFINEFUNC5(int, OCSP_id_get0_info, ASN1_OCTET_STRING **piNameHash, piNameHash,
+ ASN1_OCTET_STRING **piKeyHash, piKeyHash, ASN1_INTEGER **pserial, pserial, OCSP_CERTID *cid, cid,
+ return 0, return)
+ DEFINEFUNC2(OCSP_RESPONSE *, OCSP_response_create, int status, status, OCSP_BASICRESP *bs, bs, return nullptr, return)
++#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
+ DEFINEFUNC(const STACK_OF(X509) *, OCSP_resp_get0_certs, const OCSP_BASICRESP *bs, bs, return nullptr, return)
++#endif
+ DEFINEFUNC2(int, OCSP_id_cmp, OCSP_CERTID *a, a, OCSP_CERTID *b, b, return -1, return)
+ DEFINEFUNC7(OCSP_SINGLERESP *, OCSP_basic_add1_status, OCSP_BASICRESP *r, r, OCSP_CERTID *c, c, int s, s,
+ int re, re, ASN1_TIME *rt, rt, ASN1_TIME *t, t, ASN1_TIME *n, n, return nullptr, return)
+@@ -355,12 +374,14 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a, EVP_PKEY *b, b, return -
+ DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return)
+ DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
+ DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return)
++#ifndef LIBRESSL_VERSION_NUMBER
+ DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return);
+ DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return);
+ DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return);
+ DEFINEFUNC2(unsigned int, SSL_CONF_CTX_set_flags, SSL_CONF_CTX *a, a, unsigned int b, b, return 0, return);
+ DEFINEFUNC(int, SSL_CONF_CTX_finish, SSL_CONF_CTX *a, a, return 0, return);
+ DEFINEFUNC3(int, SSL_CONF_cmd, SSL_CONF_CTX *a, a, const char *b, b, const char *c, c, return 0, return);
++#endif
+ DEFINEFUNC(void, SSL_free, SSL *a, a, return, DUMMYARG)
+ DEFINEFUNC(STACK_OF(SSL_CIPHER) *, SSL_get_ciphers, const SSL *a, a, return nullptr, return)
+ DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return nullptr, return)
+@@ -850,9 +871,11 @@ bool q_resolveOpenSslSymbols()
+ RESOLVEFUNC(ASN1_STRING_get0_data)
+ RESOLVEFUNC(EVP_CIPHER_CTX_reset)
+ RESOLVEFUNC(EVP_PKEY_up_ref)
++#ifdef OPENSSL_NO_DEPRECATED_3_0
+ RESOLVEFUNC(EVP_PKEY_CTX_new)
+ RESOLVEFUNC(EVP_PKEY_param_check)
+ RESOLVEFUNC(EVP_PKEY_CTX_free)
++#endif // OPENSSL_NO_DEPRECATED_3_0
+ RESOLVEFUNC(RSA_bits)
+ RESOLVEFUNC(OPENSSL_sk_new_null)
+ RESOLVEFUNC(OPENSSL_sk_push)
+@@ -902,7 +925,9 @@ bool q_resolveOpenSslSymbols()
+
+ RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
+ RESOLVEFUNC(DH_bits)
++#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
+ RESOLVEFUNC(DSA_bits)
++#endif
+
+ #if QT_CONFIG(dtls)
+ RESOLVEFUNC(DTLSv1_listen)
+@@ -932,7 +957,9 @@ bool q_resolveOpenSslSymbols()
+ RESOLVEFUNC(OCSP_check_validity)
+ RESOLVEFUNC(OCSP_cert_to_id)
+ RESOLVEFUNC(OCSP_id_get0_info)
++#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
+ RESOLVEFUNC(OCSP_resp_get0_certs)
++#endif
+ RESOLVEFUNC(OCSP_basic_sign)
+ RESOLVEFUNC(OCSP_response_create)
+ RESOLVEFUNC(i2d_OCSP_RESPONSE)
+@@ -1062,12 +1089,14 @@ bool q_resolveOpenSslSymbols()
+ RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
+ RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
+ RESOLVEFUNC(SSL_CTX_get_cert_store);
++#ifndef LIBRESSL_VERSION_NUMBER
+ RESOLVEFUNC(SSL_CONF_CTX_new);
+ RESOLVEFUNC(SSL_CONF_CTX_free);
+ RESOLVEFUNC(SSL_CONF_CTX_set_ssl_ctx);
+ RESOLVEFUNC(SSL_CONF_CTX_set_flags);
+ RESOLVEFUNC(SSL_CONF_CTX_finish);
+ RESOLVEFUNC(SSL_CONF_cmd);
++#endif
+ RESOLVEFUNC(SSL_accept)
+ RESOLVEFUNC(SSL_clear)
+ RESOLVEFUNC(SSL_connect)
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+index b36d0bc1..99412bf2 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
++++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+@@ -80,6 +80,13 @@ QT_BEGIN_NAMESPACE
+
+ #define DUMMYARG
+
++#ifdef LIBRESSL_VERSION_NUMBER
++typedef _STACK STACK;
++typedef STACK OPENSSL_STACK;
++typedef void OPENSSL_INIT_SETTINGS;
++typedef int (*X509_STORE_CTX_verify_cb)(int ok,X509_STORE_CTX *ctx);
++#endif
++
+ #if !defined QT_LINKED_OPENSSL
+ // **************** Shared declarations ******************
+ // ret func(arg)
+@@ -230,19 +237,42 @@ const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x);
+ Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a);
+ Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem();
+
+-int q_DSA_bits(DSA *a);
++#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x3050000fL)
++#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p)
++#else
++int q_DSA_bits(DSA *a);
++#endif
+ int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
+ Q_AUTOTEST_EXPORT int q_EVP_PKEY_up_ref(EVP_PKEY *a);
++#ifdef OPENSSL_NO_DEPRECATED_3_0
+ EVP_PKEY_CTX *q_EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+ void q_EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
++#endif // OPENSSL_NO_DEPRECATED_3_0
+ int q_EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
+ int q_RSA_bits(RSA *a);
++
++#ifndef LIBRESSL_VERSION_NUMBER
+ Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a);
+ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *));
+ Q_AUTOTEST_EXPORT OPENSSL_STACK *q_OPENSSL_sk_new_null();
+ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data);
+ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK *a);
+ Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b);
++#else // LIBRESSL_VERSION_NUMBER
++int q_sk_num(STACK *a);
++#define q_OPENSSL_sk_num(a) q_sk_num(a)
++void q_sk_pop_free(STACK *a, void (*b)(void *));
++#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b)
++STACK *q_sk_new_null();
++#define q_OPENSSL_sk_new_null() q_sk_new_null()
++void q_sk_push(STACK *st, void *data);
++#define q_OPENSSL_sk_push(st, data) q_sk_push(st, data)
++void q_sk_free(STACK *a);
++#define q_OPENSSL_sk_free q_sk_free
++void *q_sk_value(STACK *a, int b);
++#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b)
++#endif // LIBRESSL_VERSION_NUMBER
++
+ int q_SSL_session_reused(SSL *a);
+ unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
+ int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+@@ -278,7 +313,11 @@ int q_DH_bits(DH *dh);
+ | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+
+ int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
++#ifndef LIBRESSL_VERSION_NUMBER
+ void q_CRYPTO_free(void *str, const char *file, int line);
++#else
++void q_CRYPTO_free(void *a);
++#endif
+
+ long q_OpenSSL_version_num();
+ const char *q_OpenSSL_version(int type);
+@@ -496,12 +535,14 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b);
+ int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b);
+ int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
+ X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
++#ifndef LIBRESSL_VERSION_NUMBER
+ SSL_CONF_CTX *q_SSL_CONF_CTX_new();
+ void q_SSL_CONF_CTX_free(SSL_CONF_CTX *a);
+ void q_SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *a, SSL_CTX *b);
+ unsigned int q_SSL_CONF_CTX_set_flags(SSL_CONF_CTX *a, unsigned int b);
+ int q_SSL_CONF_CTX_finish(SSL_CONF_CTX *a);
+ int q_SSL_CONF_cmd(SSL_CONF_CTX *a, const char *b, const char *c);
++#endif
+ void q_SSL_free(SSL *a);
+ STACK_OF(SSL_CIPHER) *q_SSL_get_ciphers(const SSL *a);
+ const SSL_CIPHER *q_SSL_get_current_cipher(SSL *a);
+@@ -723,7 +764,11 @@ int q_OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *n
+ int q_OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, ASN1_OCTET_STRING **pikeyHash,
+ ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050000fL
++# define q_OCSP_resp_get0_certs(bs) ((bs)->certs)
++#else
+ const STACK_OF(X509) *q_OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
++#endif
+ Q_AUTOTEST_EXPORT OCSP_CERTID *q_OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
+ Q_AUTOTEST_EXPORT void q_OCSP_CERTID_free(OCSP_CERTID *cid);
+ int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+--
+2.34.1
+
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.5.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.5.ebuild
new file mode 100644
index 0000000..38a7c38
--- /dev/null
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.5.ebuild
@@ -0,0 +1,79 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+QT5_KDEPATCHSET_REV=1
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="Network abstraction library for the Qt5 framework"
+
+if [[ ${QT5_BUILD_TYPE} == release ]]; then
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+IUSE="connman gssapi libproxy networkmanager sctp +ssl"
+
+DEPEND="
+ =dev-qt/qtcore-${QT5_PV}*:5=
+ sys-libs/zlib:=
+ connman? ( =dev-qt/qtdbus-${QT5_PV}* )
+ gssapi? ( virtual/krb5 )
+ libproxy? ( net-libs/libproxy )
+ networkmanager? ( =dev-qt/qtdbus-${QT5_PV}* )
+ sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
+ ssl? ( >=dev-libs/openssl-1.1.1:0= )
+"
+RDEPEND="${DEPEND}
+ connman? ( net-misc/connman )
+ networkmanager? ( net-misc/networkmanager )
+"
+
+QT5_TARGET_SUBDIRS=(
+ src/network
+ src/plugins/bearer/generic
+)
+
+QT5_GENTOO_CONFIG=(
+ libproxy:libproxy:
+ ssl::SSL
+ ssl::OPENSSL
+ ssl:openssl-linked:LINKED_OPENSSL
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :network
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-5.15.5-libressl.patch # Bug 562050, not upstreamable
+)
+
+pkg_setup() {
+ use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
+ use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
+}
+
+src_configure() {
+ local myconf=(
+ $(usev connman -dbus-linked)
+ $(qt_use gssapi feature-gssapi)
+ $(qt_use libproxy)
+ $(usev networkmanager -dbus-linked)
+ $(qt_use sctp)
+ $(usev ssl -openssl-linked)
+ -no-dtls # Required for libressl
+ )
+ qt5-build_src_configure
+}
+
+src_install() {
+ qt5-build_src_install
+
+ # workaround for bug 652650
+ if use ssl; then
+ sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
+ -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
+ fi
+}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
@ 2023-01-14 23:23 Quentin Retornaz
0 siblings, 0 replies; 14+ messages in thread
From: Quentin Retornaz @ 2023-01-14 23:23 UTC (permalink / raw
To: gentoo-commits
commit: 59d5267c9f2cf5496182321738071309c5498c87
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Tue Jan 10 21:32:03 2023 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Sat Jan 14 23:22:15 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=59d5267c
dev-qt/qtnetwork: Add 5.15.8-r1 + Remove 5.15.5
Signed-off-by: orbea <orbea <AT> riseup.net>
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
dev-qt/qtnetwork/Manifest | 6 +-
.../files/qtnetwork-5.15.5-libressl.patch | 355 ---------------------
...rk-5.15.5.ebuild => qtnetwork-5.15.8-r1.ebuild} | 14 +-
3 files changed, 10 insertions(+), 365 deletions(-)
diff --git a/dev-qt/qtnetwork/Manifest b/dev-qt/qtnetwork/Manifest
index fa3592d..ea0504c 100644
--- a/dev-qt/qtnetwork/Manifest
+++ b/dev-qt/qtnetwork/Manifest
@@ -1,6 +1,6 @@
-DIST qtbase-5.15-gentoo-patchset-1.tar.xz 4204 BLAKE2B 1399eb6f4c776d370e1837351a72b604440658a3a2d1bd0c725b9ef149b09d236347f5f4b37f652c33310048a0a7df54e24453b404dc45507fd4f7c5fdf144cd SHA512 c857fc746bacb047321cdb762f3c7c48ce2a0d24045a9e708edd38532568dbbc74e9e971425a72a3c2a5ca0662b3e6333831f6c1b7746525b99d46000b63111f
DIST qtbase-5.15-gentoo-patchset-2.tar.xz 3844 BLAKE2B 6dcb69398cf8a6b1be737e8c7bf1041529c4e704ca892cef10ba3bc5ce435c903607b64e981cf8aa12c785b3e423aa1d52bce1f67ec1bd8dbb1421dfb6f62700 SHA512 b7fd7e17bcab2f9803c7bfc0473082ee4640299c23ce8da943ef80ed181e880ebc9157bcebde28077e80e6f907aa14a59c42416b3e32f49baebd54fbe5a37497
-DIST qtbase-5.15.5-gentoo-kde-1.tar.xz 520224 BLAKE2B 48807bc79cede557b114786ee072d8d94545f4ada3d96aa4fe04dbf79a356dc6c17d9299014ed70aa10296346c30c7512fb7d9f88ee4b301e9a54a241363be8b SHA512 ab9f27d506d7aa1a9339ba52d51daffb4c6f9abb5d858fd728ef2110528bc0f2ae101b4e2e7c344836b42e4aafa2c5a4ab5c5fa37465e692cce500c0f3347fa7
+DIST qtbase-5.15-gentoo-patchset-3.tar.xz 3856 BLAKE2B 0752426f9bc2dfa1ab2bc246b29f5d00305df05175a7801d7d5eddacfa46fcb605d9a317547edc01d3ef339f6effc2fcee7549cb7aecced37f0098166c70dbe2 SHA512 2515bea53232e76ca3e40bdaf1dd52fdf452052a2f40002ee91360d1fcceea3c5c2f5a8d2a3bfc0f9c2bacd61460a632c5b351accd73fd37b64985593219148e
DIST qtbase-5.15.7-gentoo-kde-1.tar.xz 798056 BLAKE2B 3c7fefa65ab6de25c2c82261ad0f1371e32acd4bd4b3303f20a5ebf36d19690df94290d102c65e4941a6c51a5d5f2db0253bafca5ac85cf480f7434405cb2671 SHA512 20ab17220489009c98d7f783a02614507e157974c7cb16f47d50d3954ccd1cd065562effc393df6e07c9ba6ad8ccd4e6b3f0bf5b5b890183b8631b8b570bf064
-DIST qtbase-everywhere-opensource-src-5.15.5.tar.xz 50247388 BLAKE2B e9bbfe8e73e6f25ccadeef722818b5aeb82d1f136bec21fcbc3b26bf76044b38f25c7268010c648e1161e9b61013b8b775f17b9fdcfdd70402bdfbf70bf7f9d5 SHA512 ce80eedc88abbd5a200bacc10a8e94adc1ef2122ac220715ba084adf1e32d67f2dc66168503de5fb5b5a6ab15f7a75ca23dc9956aed12ead994a8ffa6291ef87
+DIST qtbase-5.15.8-gentoo-kde-2.tar.xz 784544 BLAKE2B d4f16e14d940660ec28b138e17ac9342657775e31797013e6ad59de51c9ebfec2effe03375581eea5666648a1de7b38219adc34062c7d3f339a3cce1347ad2d7 SHA512 3d8693ecaf98aff084dc9a2af6dce4566d272aa223b2bbd1c9f348a8a0d03055ac1129e9f39054f0d58b738dad482e1aacb1c3016bc86807f2238297e7d61cef
DIST qtbase-everywhere-opensource-src-5.15.7.tar.xz 50260196 BLAKE2B 69029a910af0e3bfe742b5870334406e03274b0677ef47f9c7c10f730ff031bae49bd21a686497215505b19a183ca395c275d8afefaaa903125297f8e693bb4d SHA512 316de71fba1d5dd91354155dcd0f77e1ce2a798f8296a8699a795ea5e86ad10b6e233299775a92e23328290f3e041240585947e89ee7bd39eb464c5f0ffec343
+DIST qtbase-everywhere-opensource-src-5.15.8.tar.xz 50259432 BLAKE2B cb1b790a384a5cad9a95fdc448e275d48a68c6ee2addf08b40f9963cc5762fd7ab15852dea8392dc76da39f1565c1e23ddb5875c280f0177e802082f4b4f7f2b SHA512 29e8877bafdbc908072209f1b27a5040b022e2b71f17f4ab4cecd570adeae21597f9af7f1d38758760f3cb30376eeb15c5f066bf02c6e9a9e3a4d07f967046ce
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.5-libressl.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.5-libressl.patch
deleted file mode 100644
index f41df00..0000000
--- a/dev-qt/qtnetwork/files/qtnetwork-5.15.5-libressl.patch
+++ /dev/null
@@ -1,355 +0,0 @@
-From bd917c12865c773b882f45a8ed66735e39b4f013 Mon Sep 17 00:00:00 2001
-From: Stefan Strogin <steils@gentoo.org>
-Date: Sat, 28 Nov 2020 06:12:22 +0200
-Subject: [PATCH] QSslSocket: add LibreSSL support
-
-Upstream-Status: Inappropriate
-[Upstream is not willing to accept any patches for LibreSSL support]
-Signed-off-by: Stefan Strogin <steils@gentoo.org>
-Signed-off-by: orbea <orbea@riseup.net>
----
- src/network/ssl/qsslcertificate_openssl.cpp | 2 +-
- src/network/ssl/qsslcontext_openssl.cpp | 15 ++++--
- src/network/ssl/qsslcontext_openssl_p.h | 7 +++
- src/network/ssl/qsslsocket_openssl.cpp | 2 +-
- .../ssl/qsslsocket_openssl_symbols.cpp | 29 ++++++++++++
- .../ssl/qsslsocket_openssl_symbols_p.h | 42 ++++++++++++++++++-
- 6 files changed, 89 insertions(+), 8 deletions(-)
-
-diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp
-index 5022b899..73be1cf2 100644
---- a/src/network/ssl/qsslcertificate_openssl.cpp
-+++ b/src/network/ssl/qsslcertificate_openssl.cpp
-@@ -691,7 +691,7 @@ static QMultiMap<QByteArray, QString> _q_mapFromX509Name(X509_NAME *name)
- unsigned char *data = nullptr;
- int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
- info.insert(name, QString::fromUtf8((char*)data, size));
--#if QT_CONFIG(opensslv11)
-+#if QT_CONFIG(opensslv11) && !defined(LIBRESSL_VERSION_NUMBER)
- q_CRYPTO_free(data, nullptr, 0);
- #else
- q_CRYPTO_free(data);
-diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp
-index d0a428c2..319cfc00 100644
---- a/src/network/ssl/qsslcontext_openssl.cpp
-+++ b/src/network/ssl/qsslcontext_openssl.cpp
-@@ -77,9 +77,9 @@ extern "C" int q_verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
- }
- #endif // dtls
-
--#ifdef TLS1_3_VERSION
-+#if defined(TLS1_3_VERSION) && !defined(LIBRESSL_VERSION_NUMBER)
- extern "C" int q_ssl_sess_set_new_cb(SSL *context, SSL_SESSION *session);
--#endif // TLS1_3_VERSION
-+#endif // TLS1_3_VERSION && LIBRESSL_VERSION_NUMBER
-
- // Defined in qsslsocket.cpp
- QList<QSslCipher> q_getDefaultDtlsCiphers();
-@@ -351,9 +351,11 @@ init_context:
- return;
- }
-
-+#ifndef LIBRESSL_VERSION_NUMBER
- // A nasty hacked OpenSSL using a level that will make our auto-tests fail:
- if (q_SSL_CTX_get_security_level(sslContext->ctx) > 1 && *forceSecurityLevel())
- q_SSL_CTX_set_security_level(sslContext->ctx, 1);
-+#endif // LIBRESSL_VERSION_NUMBER
-
- const long anyVersion =
- #if QT_CONFIG(dtls)
-@@ -627,14 +629,14 @@ init_context:
- q_X509Callback);
- }
-
--#ifdef TLS1_3_VERSION
-+#if defined(TLS1_3_VERSION) && !defined(LIBRESSL_VERSION_NUMBER)
- // NewSessionTicket callback:
- if (mode == QSslSocket::SslClientMode && !isDtls) {
- q_SSL_CTX_sess_set_new_cb(sslContext->ctx, q_ssl_sess_set_new_cb);
- q_SSL_CTX_set_session_cache_mode(sslContext->ctx, SSL_SESS_CACHE_CLIENT);
- }
-
--#endif // TLS1_3_VERSION
-+#endif // TLS1_3_VERSION && LIBRESSL_VERSION_NUMBER
-
- #if QT_CONFIG(dtls)
- // DTLS cookies:
-@@ -722,6 +724,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext)
- }
- #endif // ocsp
-
-+#ifndef LIBRESSL_VERSION_NUMBER
- QSharedPointer<SSL_CONF_CTX> cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free);
- if (cctx) {
- q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx);
-@@ -768,7 +771,9 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext)
- sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_finish() failed"));
- sslContext->errorCode = QSslError::UnspecifiedError;
- }
-- } else {
-+ } else
-+#endif // LIBRESSL_VERSION_NUMBER
-+ {
- sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_CTX_new() failed"));
- sslContext->errorCode = QSslError::UnspecifiedError;
- }
-diff --git a/src/network/ssl/qsslcontext_openssl_p.h b/src/network/ssl/qsslcontext_openssl_p.h
-index 70cb97aa..01a61cf5 100644
---- a/src/network/ssl/qsslcontext_openssl_p.h
-+++ b/src/network/ssl/qsslcontext_openssl_p.h
-@@ -61,6 +61,13 @@
-
- QT_BEGIN_NAMESPACE
-
-+#ifndef DTLS_ANY_VERSION
-+#define DTLS_ANY_VERSION 0x1FFFF
-+#endif
-+#ifndef TLS_ANY_VERSION
-+#define TLS_ANY_VERSION 0x10000
-+#endif
-+
- #ifndef QT_NO_SSL
-
- class QSslContextPrivate;
-diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
-index af47dbf9..f4381efa 100644
---- a/src/network/ssl/qsslsocket_openssl.cpp
-+++ b/src/network/ssl/qsslsocket_openssl.cpp
-@@ -653,7 +653,7 @@ bool QSslSocketBackendPrivate::initSslContext()
- else if (mode == QSslSocket::SslServerMode)
- q_SSL_set_psk_server_callback(ssl, &q_ssl_psk_server_callback);
-
--#if OPENSSL_VERSION_NUMBER >= 0x10101006L
-+#if OPENSSL_VERSION_NUMBER >= 0x10101006L && !defined(LIBRESSL_VERSION_NUMBER)
- // Set the client callback for TLSv1.3 PSK
- if (mode == QSslSocket::SslClientMode
- && QSslSocket::sslLibraryBuildVersionNumber() >= 0x10101006L) {
-diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
-index 0f48e498..0b47ccde 100644
---- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
-+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
-@@ -145,10 +145,15 @@ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return nullptr, return
- DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return)
- DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return)
- DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return)
-+#ifdef OPENSSL_NO_DEPRECATED_3_0
- DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return)
- DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return)
- DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return)
-+#endif // OPENSSL_NO_DEPRECATED_3_0
- DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return)
-+#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
- DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return)
-+#endif
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return)
- DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
-@@ -156,10 +159,20 @@ DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return null
- DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG)
- DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
- DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
-+#else
-+DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return)
-+DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
-+DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return)
-+DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG)
-+DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG)
-+DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return nullptr, return)
-+#endif // LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
- DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return)
- DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return)
-+#endif // LIBRESSL_VERSION_NUMBER
- #ifdef TLS1_3_VERSION
- DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
- DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
-@@ -183,7 +196,11 @@ DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_ver
- DEFINEFUNC3(int, X509_STORE_set_ex_data, X509_STORE *a, a, int idx, idx, void *data, data, return 0, return)
- DEFINEFUNC2(void *, X509_STORE_get_ex_data, X509_STORE *r, r, int idx, idx, return nullptr, return)
- DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return nullptr, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG)
-+#else
-+DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG)
-+#endif
- DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return)
- DEFINEFUNC(const char *, OpenSSL_version, int a, a, return nullptr, return)
- DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return)
-@@ -223,7 +240,9 @@ DEFINEFUNC5(int, OCSP_id_get0_info, ASN1_OCTET_STRING **piNameHash, piNameHash,
- ASN1_OCTET_STRING **piKeyHash, piKeyHash, ASN1_INTEGER **pserial, pserial, OCSP_CERTID *cid, cid,
- return 0, return)
- DEFINEFUNC2(OCSP_RESPONSE *, OCSP_response_create, int status, status, OCSP_BASICRESP *bs, bs, return nullptr, return)
-+#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
- DEFINEFUNC(const STACK_OF(X509) *, OCSP_resp_get0_certs, const OCSP_BASICRESP *bs, bs, return nullptr, return)
-+#endif
- DEFINEFUNC2(int, OCSP_id_cmp, OCSP_CERTID *a, a, OCSP_CERTID *b, b, return -1, return)
- DEFINEFUNC7(OCSP_SINGLERESP *, OCSP_basic_add1_status, OCSP_BASICRESP *r, r, OCSP_CERTID *c, c, int s, s,
- int re, re, ASN1_TIME *rt, rt, ASN1_TIME *t, t, ASN1_TIME *n, n, return nullptr, return)
-@@ -355,12 +374,14 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a, EVP_PKEY *b, b, return -
- DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return)
- DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
- DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return);
- DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return);
- DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return);
- DEFINEFUNC2(unsigned int, SSL_CONF_CTX_set_flags, SSL_CONF_CTX *a, a, unsigned int b, b, return 0, return);
- DEFINEFUNC(int, SSL_CONF_CTX_finish, SSL_CONF_CTX *a, a, return 0, return);
- DEFINEFUNC3(int, SSL_CONF_cmd, SSL_CONF_CTX *a, a, const char *b, b, const char *c, c, return 0, return);
-+#endif
- DEFINEFUNC(void, SSL_free, SSL *a, a, return, DUMMYARG)
- DEFINEFUNC(STACK_OF(SSL_CIPHER) *, SSL_get_ciphers, const SSL *a, a, return nullptr, return)
- DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return nullptr, return)
-@@ -850,9 +871,11 @@ bool q_resolveOpenSslSymbols()
- RESOLVEFUNC(ASN1_STRING_get0_data)
- RESOLVEFUNC(EVP_CIPHER_CTX_reset)
- RESOLVEFUNC(EVP_PKEY_up_ref)
-+#ifdef OPENSSL_NO_DEPRECATED_3_0
- RESOLVEFUNC(EVP_PKEY_CTX_new)
- RESOLVEFUNC(EVP_PKEY_param_check)
- RESOLVEFUNC(EVP_PKEY_CTX_free)
-+#endif // OPENSSL_NO_DEPRECATED_3_0
- RESOLVEFUNC(RSA_bits)
- RESOLVEFUNC(OPENSSL_sk_new_null)
- RESOLVEFUNC(OPENSSL_sk_push)
-@@ -902,7 +925,9 @@ bool q_resolveOpenSslSymbols()
-
- RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
- RESOLVEFUNC(DH_bits)
-+#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
- RESOLVEFUNC(DSA_bits)
-+#endif
-
- #if QT_CONFIG(dtls)
- RESOLVEFUNC(DTLSv1_listen)
-@@ -932,7 +957,9 @@ bool q_resolveOpenSslSymbols()
- RESOLVEFUNC(OCSP_check_validity)
- RESOLVEFUNC(OCSP_cert_to_id)
- RESOLVEFUNC(OCSP_id_get0_info)
-+#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
- RESOLVEFUNC(OCSP_resp_get0_certs)
-+#endif
- RESOLVEFUNC(OCSP_basic_sign)
- RESOLVEFUNC(OCSP_response_create)
- RESOLVEFUNC(i2d_OCSP_RESPONSE)
-@@ -1062,12 +1089,14 @@ bool q_resolveOpenSslSymbols()
- RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
- RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
- RESOLVEFUNC(SSL_CTX_get_cert_store);
-+#ifndef LIBRESSL_VERSION_NUMBER
- RESOLVEFUNC(SSL_CONF_CTX_new);
- RESOLVEFUNC(SSL_CONF_CTX_free);
- RESOLVEFUNC(SSL_CONF_CTX_set_ssl_ctx);
- RESOLVEFUNC(SSL_CONF_CTX_set_flags);
- RESOLVEFUNC(SSL_CONF_CTX_finish);
- RESOLVEFUNC(SSL_CONF_cmd);
-+#endif
- RESOLVEFUNC(SSL_accept)
- RESOLVEFUNC(SSL_clear)
- RESOLVEFUNC(SSL_connect)
-diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
-index b36d0bc1..99412bf2 100644
---- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
-+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
-@@ -80,6 +80,13 @@ QT_BEGIN_NAMESPACE
-
- #define DUMMYARG
-
-+#ifdef LIBRESSL_VERSION_NUMBER
-+typedef _STACK STACK;
-+typedef STACK OPENSSL_STACK;
-+typedef void OPENSSL_INIT_SETTINGS;
-+typedef int (*X509_STORE_CTX_verify_cb)(int ok,X509_STORE_CTX *ctx);
-+#endif
-+
- #if !defined QT_LINKED_OPENSSL
- // **************** Shared declarations ******************
- // ret func(arg)
-@@ -230,19 +237,42 @@ const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x);
- Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a);
- Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem();
-
--int q_DSA_bits(DSA *a);
-+#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x3050000fL)
-+#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p)
-+#else
-+int q_DSA_bits(DSA *a);
-+#endif
- int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
- Q_AUTOTEST_EXPORT int q_EVP_PKEY_up_ref(EVP_PKEY *a);
-+#ifdef OPENSSL_NO_DEPRECATED_3_0
- EVP_PKEY_CTX *q_EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
- void q_EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
-+#endif // OPENSSL_NO_DEPRECATED_3_0
- int q_EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
- int q_RSA_bits(RSA *a);
-+
-+#ifndef LIBRESSL_VERSION_NUMBER
- Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a);
- Q_AUTOTEST_EXPORT void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *));
- Q_AUTOTEST_EXPORT OPENSSL_STACK *q_OPENSSL_sk_new_null();
- Q_AUTOTEST_EXPORT void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data);
- Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK *a);
- Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b);
-+#else // LIBRESSL_VERSION_NUMBER
-+int q_sk_num(STACK *a);
-+#define q_OPENSSL_sk_num(a) q_sk_num(a)
-+void q_sk_pop_free(STACK *a, void (*b)(void *));
-+#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b)
-+STACK *q_sk_new_null();
-+#define q_OPENSSL_sk_new_null() q_sk_new_null()
-+void q_sk_push(STACK *st, void *data);
-+#define q_OPENSSL_sk_push(st, data) q_sk_push(st, data)
-+void q_sk_free(STACK *a);
-+#define q_OPENSSL_sk_free q_sk_free
-+void *q_sk_value(STACK *a, int b);
-+#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b)
-+#endif // LIBRESSL_VERSION_NUMBER
-+
- int q_SSL_session_reused(SSL *a);
- unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
- int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
-@@ -278,7 +313,11 @@ int q_DH_bits(DH *dh);
- | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
-
- int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
-+#ifndef LIBRESSL_VERSION_NUMBER
- void q_CRYPTO_free(void *str, const char *file, int line);
-+#else
-+void q_CRYPTO_free(void *a);
-+#endif
-
- long q_OpenSSL_version_num();
- const char *q_OpenSSL_version(int type);
-@@ -496,12 +535,14 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b);
- int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b);
- int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
- X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
-+#ifndef LIBRESSL_VERSION_NUMBER
- SSL_CONF_CTX *q_SSL_CONF_CTX_new();
- void q_SSL_CONF_CTX_free(SSL_CONF_CTX *a);
- void q_SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *a, SSL_CTX *b);
- unsigned int q_SSL_CONF_CTX_set_flags(SSL_CONF_CTX *a, unsigned int b);
- int q_SSL_CONF_CTX_finish(SSL_CONF_CTX *a);
- int q_SSL_CONF_cmd(SSL_CONF_CTX *a, const char *b, const char *c);
-+#endif
- void q_SSL_free(SSL *a);
- STACK_OF(SSL_CIPHER) *q_SSL_get_ciphers(const SSL *a);
- const SSL_CIPHER *q_SSL_get_current_cipher(SSL *a);
-@@ -723,7 +764,11 @@ int q_OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *n
- int q_OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, ASN1_OCTET_STRING **pikeyHash,
- ASN1_INTEGER **pserial, OCSP_CERTID *cid);
-
-+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050000fL
-+# define q_OCSP_resp_get0_certs(bs) ((bs)->certs)
-+#else
- const STACK_OF(X509) *q_OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
-+#endif
- Q_AUTOTEST_EXPORT OCSP_CERTID *q_OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
- Q_AUTOTEST_EXPORT void q_OCSP_CERTID_free(OCSP_CERTID *cid);
- int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
---
-2.34.1
-
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.5.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.8-r1.ebuild
similarity index 86%
rename from dev-qt/qtnetwork/qtnetwork-5.15.5.ebuild
rename to dev-qt/qtnetwork/qtnetwork-5.15.8-r1.ebuild
index 2d5e3c7..6fcaf01 100644
--- a/dev-qt/qtnetwork/qtnetwork-5.15.5.ebuild
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.8-r1.ebuild
@@ -1,18 +1,18 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
-QT5_KDEPATCHSET_REV=1
+if [[ ${PV} != *9999* ]]; then
+ QT5_KDEPATCHSET_REV=2
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
QT5_MODULE="qtbase"
inherit qt5-build
DESCRIPTION="Network abstraction library for the Qt5 framework"
-if [[ ${QT5_BUILD_TYPE} == release ]]; then
- KEYWORDS="amd64 arm arm64 ~hppa ~loong ppc ppc64 ~riscv ~sparc x86"
-fi
-
IUSE="connman gssapi libproxy networkmanager sctp +ssl"
DEPEND="
@@ -47,7 +47,7 @@ QT5_GENTOO_PRIVATE_CONFIG=(
)
PATCHES=(
- "${FILESDIR}"/${PN}-5.15.5-libressl.patch # Bug 562050, not upstreamable
+ "${FILESDIR}"/${PN}-5.15.7-libressl.patch # Bug 562050, not upstreamable
)
pkg_setup() {
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
@ 2023-05-23 13:16 orbea
0 siblings, 0 replies; 14+ messages in thread
From: orbea @ 2023-05-23 13:16 UTC (permalink / raw
To: gentoo-commits
commit: fd08623964c090cad242486403def6de0554685c
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Tue May 23 13:15:05 2023 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Tue May 23 13:15:05 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=fd086239
dev-qt/qtnetwork: add 5.15.9-r1
Signed-off-by: orbea <orbea <AT> riseup.net>
....15.9-QDnsLookup-dont-overflow-the-buffer.patch | 103 +++++++++++++++++++++
dev-qt/qtnetwork/qtnetwork-5.15.9-r1.ebuild | 80 ++++++++++++++++
2 files changed, 183 insertions(+)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch
new file mode 100644
index 0000000..433dc67
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch
@@ -0,0 +1,103 @@
+From 2103f2487f709dd9546c503820d9ad509e9a63b3 Mon Sep 17 00:00:00 2001
+From: Thiago Macieira <thiago.macieira@intel.com>
+Date: Thu, 11 May 2023 21:40:15 -0700
+Subject: [PATCH] QDnsLookup/Unix: make sure we don't overflow the buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The DNS Records are variable length and encode their size in 16 bits
+before the Record Data (RDATA). Ensure that both the RDATA and the
+Record header fields before it fall inside the buffer we have.
+
+Additionally reject any replies containing more than one query records.
+
+[ChangeLog][QtNetwork][QDnsLookup] Fixed a bug that could cause a buffer
+overflow in Unix systems while parsing corrupt, malicious, or truncated
+replies.
+
+Pick-to: 5.15 6.2 6.5 6.5.1
+Change-Id: I3e3bfef633af4130a03afffd175e4b9547654b95
+Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
+Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
+(cherry picked from commit 7dba2c87619d558a61a30eb30cc1d9c3fe6df94c)
+
+* asturmlechner 2023-05-18: Resolve conflict with dev branch commit
+ 68b625901f9eb7c34e3d7aa302e1c0a454d3190b
+---
+ src/network/kernel/qdnslookup_unix.cpp | 31 +++++++++++++++++++++-----
+ 1 file changed, 25 insertions(+), 6 deletions(-)
+
+diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp
+index 12b40fc35dd..99e999d436c 100644
+--- a/src/network/kernel/qdnslookup_unix.cpp
++++ b/src/network/kernel/qdnslookup_unix.cpp
+@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+ // responseLength in case of error, we still can extract the
+ // exact error code from the response.
+ HEADER *header = (HEADER*)response;
+- const int answerCount = ntohs(header->ancount);
+ switch (header->rcode) {
+ case NOERROR:
+ break;
+@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+ return;
+ }
+
+- // Skip the query host, type (2 bytes) and class (2 bytes).
+ char host[PACKETSZ], answer[PACKETSZ];
+ unsigned char *p = response + sizeof(HEADER);
+- int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
+- if (status < 0) {
++ int status;
++
++ if (ntohs(header->qdcount) == 1) {
++ // Skip the query host, type (2 bytes) and class (2 bytes).
++ status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
++ if (status < 0) {
++ reply->error = QDnsLookup::InvalidReplyError;
++ reply->errorString = tr("Could not expand domain name");
++ return;
++ }
++ if ((p - response) + status + 4 >= responseLength)
++ header->qdcount = 0xffff; // invalid reply below
++ else
++ p += status + 4;
++ }
++ if (ntohs(header->qdcount) > 1) {
+ reply->error = QDnsLookup::InvalidReplyError;
+- reply->errorString = tr("Could not expand domain name");
++ reply->errorString = tr("Invalid reply received");
+ return;
+ }
+- p += status + 4;
+
+ // Extract results.
++ const int answerCount = ntohs(header->ancount);
+ int answerIndex = 0;
+ while ((p < response + responseLength) && (answerIndex < answerCount)) {
+ status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
+@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+ const QString name = QUrl::fromAce(host);
+
+ p += status;
++
++ if ((p - response) + 10 > responseLength) {
++ // probably just a truncated reply, return what we have
++ return;
++ }
+ const quint16 type = (p[0] << 8) | p[1];
+ p += 2; // RR type
+ p += 2; // RR class
+@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+ p += 4;
+ const quint16 size = (p[0] << 8) | p[1];
+ p += 2;
++ if ((p - response) + size > responseLength)
++ return; // truncated
+
+ if (type == QDnsLookup::A) {
+ if (size != 4) {
+--
+GitLab
+
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.9-r1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.9-r1.ebuild
new file mode 100644
index 0000000..3e96f6c
--- /dev/null
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.9-r1.ebuild
@@ -0,0 +1,80 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+if [[ ${PV} != *9999* ]]; then
+ QT5_KDEPATCHSET_REV=1
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="Network abstraction library for the Qt5 framework"
+
+IUSE="connman gssapi libproxy networkmanager sctp +ssl"
+
+DEPEND="
+ =dev-qt/qtcore-${QT5_PV}*:5=
+ sys-libs/zlib:=
+ connman? ( =dev-qt/qtdbus-${QT5_PV}* )
+ gssapi? ( virtual/krb5 )
+ libproxy? ( net-libs/libproxy )
+ networkmanager? ( =dev-qt/qtdbus-${QT5_PV}* )
+ sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
+ ssl? ( >=dev-libs/openssl-1.1.1:0= )
+"
+RDEPEND="${DEPEND}
+ connman? ( net-misc/connman )
+ networkmanager? ( net-misc/networkmanager )
+"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-5.15.7-libressl.patch # Bug 562050, not upstreamable
+ "${FILESDIR}/${P}-QDnsLookup-dont-overflow-the-buffer.patch"
+)
+
+QT5_TARGET_SUBDIRS=(
+ src/network
+ src/plugins/bearer/generic
+)
+
+QT5_GENTOO_CONFIG=(
+ libproxy:libproxy:
+ ssl::SSL
+ ssl::OPENSSL
+ ssl:openssl-linked:LINKED_OPENSSL
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :network
+)
+
+pkg_setup() {
+ use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
+ use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
+}
+
+src_configure() {
+ local myconf=(
+ $(usev connman -dbus-linked)
+ $(qt_use gssapi feature-gssapi)
+ $(qt_use libproxy)
+ $(usev networkmanager -dbus-linked)
+ $(qt_use sctp)
+ $(usev ssl -openssl-linked)
+ -no-dtls # Required for libressl
+ )
+ qt5-build_src_configure
+}
+
+src_install() {
+ qt5-build_src_install
+
+ # workaround for bug 652650
+ if use ssl; then
+ sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
+ -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
+ fi
+}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
@ 2023-05-24 18:06 orbea
0 siblings, 0 replies; 14+ messages in thread
From: orbea @ 2023-05-24 18:06 UTC (permalink / raw
To: gentoo-commits
commit: 6e0c7e3a9d7ecbb28cfd62c7fef56f9a4aea5fd1
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Wed May 24 17:38:43 2023 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Wed May 24 17:38:43 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=6e0c7e3a
dev-qt/qtnetwork: add 5.15.9-r2
Signed-off-by: orbea <orbea <AT> riseup.net>
.../files/qtnetwork-5.15.9-CVE-2023-32762.patch | 39 ++++++++++++++++++++++
...5.15.9-r1.ebuild => qtnetwork-5.15.9-r2.ebuild} | 3 +-
2 files changed, 41 insertions(+), 1 deletion(-)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch
new file mode 100644
index 0000000..7509414
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch
@@ -0,0 +1,39 @@
+From a196623892558623e467f20b67edb78794252a09 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
+Date: Fri, 5 May 2023 11:07:26 +0200
+Subject: [PATCH] Hsts: match header names case insensitively (CVE-2023-32762)
+
+Header field names are always considered to be case-insensitive.
+
+Pick-to: 6.5 6.5.1 6.2 5.15
+Fixes: QTBUG-113392
+Change-Id: Ifb4def4bb7f2ac070416cdc76581a769f1e52b43
+Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
+Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
+Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
+(cherry picked from commit 1b736a815be0222f4b24289cf17575fc15707305)
+
+* asturmlechner 2023-05-23: Upstream backport to 5.15 taken from
+ https://www.qt.io/blog/security-advisory-qt-network
+---
+ src/network/access/qhsts.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp
+index 0cef0ad3dc..be7ef7ff58 100644
+--- a/src/network/access/qhsts.cpp
++++ b/src/network/access/qhsts.cpp
+@@ -364,8 +364,8 @@ quoted-pair = "\" CHAR
+ bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers)
+ {
+ for (const auto &h : headers) {
+- // We use '==' since header name was already 'trimmed' for us:
+- if (h.first == "Strict-Transport-Security") {
++ // We compare directly because header name was already 'trimmed' for us:
++ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
+ header = h.second;
+ // RFC6797, 8.1:
+ //
+--
+2.40.1
+
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.9-r1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild
similarity index 94%
rename from dev-qt/qtnetwork/qtnetwork-5.15.9-r1.ebuild
rename to dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild
index 3e96f6c..45eeceb 100644
--- a/dev-qt/qtnetwork/qtnetwork-5.15.9-r1.ebuild
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild
@@ -31,8 +31,9 @@ RDEPEND="${DEPEND}
"
PATCHES=(
- "${FILESDIR}"/${PN}-5.15.7-libressl.patch # Bug 562050, not upstreamable
+ "${FILESDIR}/${PN}-5.15.7-libressl.patch" #562050
"${FILESDIR}/${P}-QDnsLookup-dont-overflow-the-buffer.patch"
+ "${FILESDIR}/${P}-CVE-2023-32762.patch"
)
QT5_TARGET_SUBDIRS=(
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
@ 2023-07-14 19:29 orbea
0 siblings, 0 replies; 14+ messages in thread
From: orbea @ 2023-07-14 19:29 UTC (permalink / raw
To: gentoo-commits
commit: 24dbb3eb248fb8f93f21a29ba6aee72c26106cfb
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Fri Jul 14 19:26:07 2023 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Fri Jul 14 19:26:07 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=24dbb3eb
dev-qt/qtnetwork: drop 5.15.9, 5.15.9-r2, 5.15.9-r3
Signed-off-by: orbea <orbea <AT> riseup.net>
dev-qt/qtnetwork/Manifest | 2 -
.../files/qtnetwork-5.15.9-CVE-2023-32762.patch | 39 -------
.../files/qtnetwork-5.15.9-CVE-2023-34410.patch | 113 ---------------------
....15.9-QDnsLookup-dont-overflow-the-buffer.patch | 103 -------------------
.../qtnetwork-5.15.9-libproxy-0.5-pkgconfig.patch | 32 ------
dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild | 82 ---------------
dev-qt/qtnetwork/qtnetwork-5.15.9-r3.ebuild | 83 ---------------
dev-qt/qtnetwork/qtnetwork-5.15.9.ebuild | 79 --------------
8 files changed, 533 deletions(-)
diff --git a/dev-qt/qtnetwork/Manifest b/dev-qt/qtnetwork/Manifest
index 667878e..68ae69f 100644
--- a/dev-qt/qtnetwork/Manifest
+++ b/dev-qt/qtnetwork/Manifest
@@ -1,5 +1,3 @@
DIST qtbase-5.15-gentoo-patchset-4.tar.xz 4884 BLAKE2B ef1f11ea63084b834e19a9bd4c4a146e0d47f10e6c1f540a23db64ba6b0d42f46d63f54f93587deae9ac528f6824fa0e88177fe109a53aaee7d8328d49e364cd SHA512 1ae6630cef6bead9187aaaf7c420566b2c1f946bfa22cb983c52267c098e9b1c7b82c99204cbd3eed5eb6ebde0359726e260fd449618802735af465ca39f0a1d
DIST qtbase-5.15.10-gentoo-kde-1.tar.xz 725208 BLAKE2B 14e82b0f26d0e0de47e9e3c4c54dd6649f983b9468c9f5790fb206a823a77ef22fc02546e39ff0ba68aa589ba811629bb4c4615223af9e8bec7c7b96ae13bef6 SHA512 efc93c451577f6389ffd58690ce2e1a2d2f3b85072cb8d542c5db0ddee2b60e80f2f937fb815a63db9973cc88ef35f8adc47a5ec98c2ec0b01ac5320ac635a5b
-DIST qtbase-5.15.9-gentoo-kde-1.tar.xz 748840 BLAKE2B 6601efaba2bd9f64edec9ab24a562b2850fe85e088acb2913a06a4a97f82fea015ae9cf20908e5044a0170a2f837cf94a67ac6e870da8ea6e7603057b5683c1a SHA512 60e6c338136affc936c776c129fd2d6620f5e36db8ded32970d59e953bf843786a6deea6cb529488dbd58dfc7c8ea9e71580026fdda8b364596f095e8e9b7791
DIST qtbase-everywhere-opensource-src-5.15.10.tar.xz 50422688 BLAKE2B 2a625296967bef17d491a3ec8fbb4a3beaf00180a2cda728e485f796c801241798bd85dd06d57ca9fef26c591fe9910a2fcb83a67bbc17640b7393d280b9ce53 SHA512 94ac739d76dd9fff54cde46e818fee6c6763f8b207b759108455febff84c9dfeb48ea7807451d7248cbfd8af24c2a1263c34dcbd2be055136e39325e32725eef
-DIST qtbase-everywhere-opensource-src-5.15.9.tar.xz 50389220 BLAKE2B b1692f5907b7a262a8cad33d45935d76f72f2fb78b970b57fba76ef9f6789d1d7a435278a450ff1f3556c0846fa8dd8295707ead6adf21af6cd17fbe7f0d82f8 SHA512 2da78ea043c03fa4ff7c6a39c41a5d1b30af06248764e6f5eef3fe4aeb3f3d20e302fa7c5827112c89b6bc7c5c0c292454d127f9d7bb0d2031175f0f2c937ed3
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch
deleted file mode 100644
index 7509414..0000000
--- a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-32762.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From a196623892558623e467f20b67edb78794252a09 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
-Date: Fri, 5 May 2023 11:07:26 +0200
-Subject: [PATCH] Hsts: match header names case insensitively (CVE-2023-32762)
-
-Header field names are always considered to be case-insensitive.
-
-Pick-to: 6.5 6.5.1 6.2 5.15
-Fixes: QTBUG-113392
-Change-Id: Ifb4def4bb7f2ac070416cdc76581a769f1e52b43
-Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
-Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
-Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
-(cherry picked from commit 1b736a815be0222f4b24289cf17575fc15707305)
-
-* asturmlechner 2023-05-23: Upstream backport to 5.15 taken from
- https://www.qt.io/blog/security-advisory-qt-network
----
- src/network/access/qhsts.cpp | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp
-index 0cef0ad3dc..be7ef7ff58 100644
---- a/src/network/access/qhsts.cpp
-+++ b/src/network/access/qhsts.cpp
-@@ -364,8 +364,8 @@ quoted-pair = "\" CHAR
- bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers)
- {
- for (const auto &h : headers) {
-- // We use '==' since header name was already 'trimmed' for us:
-- if (h.first == "Strict-Transport-Security") {
-+ // We compare directly because header name was already 'trimmed' for us:
-+ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
- header = h.second;
- // RFC6797, 8.1:
- //
---
-2.40.1
-
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-34410.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-34410.patch
deleted file mode 100644
index 3c91452..0000000
--- a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-CVE-2023-34410.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From 51a3c8d7b8140f0bf6912d14a58bcd0092b868a1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
-Date: Wed, 10 May 2023 16:43:41 +0200
-Subject: [PATCH 1/2] Schannel: Reject certificate not signed by a configured
- CA certificate
-
-Not entirely clear why, but when building the certificate chain for a
-peer the system certificate store is searched for root certificates.
-General expectation is that after calling
-`sslConfiguration.setCaCertificates()` the system certificates will
-not be taken into consideration.
-
-To work around this behavior, we do a manual check that the root of the
-chain is part of the configured CA certificates.
-
-Pick-to: 6.5 6.2 5.15
-Change-Id: I03666a4d9b0eac39ae97e150b4743120611a11b3
-Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
-Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
-(cherry picked from commit ada2c573c1a25f8d96577734968fe317ddfa292a)
----
- src/network/ssl/qsslsocket_schannel.cpp | 22 ++++++++++++++++++++++
- 1 file changed, 22 insertions(+)
-
-diff --git a/src/network/ssl/qsslsocket_schannel.cpp b/src/network/ssl/qsslsocket_schannel.cpp
-index c956ce3c2b..d1b23af29b 100644
---- a/src/network/ssl/qsslsocket_schannel.cpp
-+++ b/src/network/ssl/qsslsocket_schannel.cpp
-@@ -1880,6 +1880,28 @@ bool QSslSocketBackendPrivate::verifyCertContext(CERT_CONTEXT *certContext)
- if (configuration.peerVerifyDepth > 0 && DWORD(configuration.peerVerifyDepth) < verifyDepth)
- verifyDepth = DWORD(configuration.peerVerifyDepth);
-
-+ const auto &caCertificates = q->sslConfiguration().caCertificates();
-+
-+ if (!rootCertOnDemandLoadingAllowed()
-+ && !(chain->TrustStatus.dwErrorStatus & CERT_TRUST_IS_PARTIAL_CHAIN)
-+ && (q->peerVerifyMode() == QSslSocket::VerifyPeer
-+ || (isClient && q->peerVerifyMode() == QSslSocket::AutoVerifyPeer))) {
-+ // When verifying a peer Windows "helpfully" builds a chain that
-+ // may include roots from the system store. But we don't want that if
-+ // the user has set their own CA certificates.
-+ // Since Windows claims this is not a partial chain the root is included
-+ // and we have to check that it is one of our configured CAs.
-+ CERT_CHAIN_ELEMENT *element = chain->rgpElement[chain->cElement - 1];
-+ QSslCertificate certificate = getCertificateFromChainElement(element);
-+ if (!caCertificates.contains(certificate)) {
-+ auto error = QSslError(QSslError::CertificateUntrusted, certificate);
-+ sslErrors += error;
-+ emit q->peerVerifyError(error);
-+ if (q->state() != QAbstractSocket::ConnectedState)
-+ return false;
-+ }
-+ }
-+
- for (DWORD i = 0; i < verifyDepth; i++) {
- CERT_CHAIN_ELEMENT *element = chain->rgpElement[i];
- QSslCertificate certificate = getCertificateFromChainElement(element);
---
-2.41.0
-
-
-From a933f89e1f69b97ccb9d1e5f82d9a619c02afcd2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
-Date: Thu, 25 May 2023 14:40:29 +0200
-Subject: [PATCH 2/2] Ssl: Copy the on-demand cert loading bool from default
- config
-
-Otherwise individual sockets will still load system certificates when
-a chain doesn't match against the configured CA certificates.
-That's not intended behavior, since specifically setting the CA
-certificates means you don't want the system certificates to be used.
-
-Follow-up to/amends ada2c573c1a25f8d96577734968fe317ddfa292a
-
-This is potentially a breaking change because now, if you ever add a
-CA to the default config, it will disable loading system certificates
-on demand for all sockets. And the only way to re-enable it is to
-create a null-QSslConfiguration and set it as the new default.
-
-Pick-to: 6.5 6.2 5.15
-Change-Id: Ic3b2ab125c0cdd58ad654af1cb36173960ce2d1e
-Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
-(cherry picked from commit 57ba6260c0801055b7188fdaa1818b940590f5f1)
----
- src/network/ssl/qsslsocket.cpp | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
-index 5bb6e7ee4a..2a0b3a4f1d 100644
---- a/src/network/ssl/qsslsocket.cpp
-+++ b/src/network/ssl/qsslsocket.cpp
-@@ -2221,6 +2221,10 @@ QSslSocketPrivate::QSslSocketPrivate()
- , flushTriggered(false)
- {
- QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
-+ // If the global configuration doesn't allow root certificates to be loaded
-+ // on demand then we have to disable it for this socket as well.
-+ if (!configuration.allowRootCertOnDemandLoading)
-+ allowRootCertOnDemandLoading = false;
- }
-
- /*!
-@@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
- ptr->sessionProtocol = global->sessionProtocol;
- ptr->ciphers = global->ciphers;
- ptr->caCertificates = global->caCertificates;
-+ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
- ptr->protocol = global->protocol;
- ptr->peerVerifyMode = global->peerVerifyMode;
- ptr->peerVerifyDepth = global->peerVerifyDepth;
---
-2.41.0
-
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch
deleted file mode 100644
index 433dc67..0000000
--- a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-QDnsLookup-dont-overflow-the-buffer.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From 2103f2487f709dd9546c503820d9ad509e9a63b3 Mon Sep 17 00:00:00 2001
-From: Thiago Macieira <thiago.macieira@intel.com>
-Date: Thu, 11 May 2023 21:40:15 -0700
-Subject: [PATCH] QDnsLookup/Unix: make sure we don't overflow the buffer
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The DNS Records are variable length and encode their size in 16 bits
-before the Record Data (RDATA). Ensure that both the RDATA and the
-Record header fields before it fall inside the buffer we have.
-
-Additionally reject any replies containing more than one query records.
-
-[ChangeLog][QtNetwork][QDnsLookup] Fixed a bug that could cause a buffer
-overflow in Unix systems while parsing corrupt, malicious, or truncated
-replies.
-
-Pick-to: 5.15 6.2 6.5 6.5.1
-Change-Id: I3e3bfef633af4130a03afffd175e4b9547654b95
-Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
-Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
-(cherry picked from commit 7dba2c87619d558a61a30eb30cc1d9c3fe6df94c)
-
-* asturmlechner 2023-05-18: Resolve conflict with dev branch commit
- 68b625901f9eb7c34e3d7aa302e1c0a454d3190b
----
- src/network/kernel/qdnslookup_unix.cpp | 31 +++++++++++++++++++++-----
- 1 file changed, 25 insertions(+), 6 deletions(-)
-
-diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp
-index 12b40fc35dd..99e999d436c 100644
---- a/src/network/kernel/qdnslookup_unix.cpp
-+++ b/src/network/kernel/qdnslookup_unix.cpp
-@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
- // responseLength in case of error, we still can extract the
- // exact error code from the response.
- HEADER *header = (HEADER*)response;
-- const int answerCount = ntohs(header->ancount);
- switch (header->rcode) {
- case NOERROR:
- break;
-@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
- return;
- }
-
-- // Skip the query host, type (2 bytes) and class (2 bytes).
- char host[PACKETSZ], answer[PACKETSZ];
- unsigned char *p = response + sizeof(HEADER);
-- int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
-- if (status < 0) {
-+ int status;
-+
-+ if (ntohs(header->qdcount) == 1) {
-+ // Skip the query host, type (2 bytes) and class (2 bytes).
-+ status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
-+ if (status < 0) {
-+ reply->error = QDnsLookup::InvalidReplyError;
-+ reply->errorString = tr("Could not expand domain name");
-+ return;
-+ }
-+ if ((p - response) + status + 4 >= responseLength)
-+ header->qdcount = 0xffff; // invalid reply below
-+ else
-+ p += status + 4;
-+ }
-+ if (ntohs(header->qdcount) > 1) {
- reply->error = QDnsLookup::InvalidReplyError;
-- reply->errorString = tr("Could not expand domain name");
-+ reply->errorString = tr("Invalid reply received");
- return;
- }
-- p += status + 4;
-
- // Extract results.
-+ const int answerCount = ntohs(header->ancount);
- int answerIndex = 0;
- while ((p < response + responseLength) && (answerIndex < answerCount)) {
- status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
-@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
- const QString name = QUrl::fromAce(host);
-
- p += status;
-+
-+ if ((p - response) + 10 > responseLength) {
-+ // probably just a truncated reply, return what we have
-+ return;
-+ }
- const quint16 type = (p[0] << 8) | p[1];
- p += 2; // RR type
- p += 2; // RR class
-@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
- p += 4;
- const quint16 size = (p[0] << 8) | p[1];
- p += 2;
-+ if ((p - response) + size > responseLength)
-+ return; // truncated
-
- if (type == QDnsLookup::A) {
- if (size != 4) {
---
-GitLab
-
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-libproxy-0.5-pkgconfig.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.9-libproxy-0.5-pkgconfig.patch
deleted file mode 100644
index d245531..0000000
--- a/dev-qt/qtnetwork/files/qtnetwork-5.15.9-libproxy-0.5-pkgconfig.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From df809fd0b505b61d718fe1dc7fe19a79f9336cd9 Mon Sep 17 00:00:00 2001
-From: Andreas Sturmlechner <asturm@gentoo.org>
-Date: Wed, 24 May 2023 20:21:33 +0200
-Subject: [PATCH] Use pkgconfig in order to find libproxy configuration
-
->=libproxy-0.5 moved proxy.h into a non-default include search path.
-
-See also:
-https://github.com/libproxy/libproxy/issues/226#issuecomment-1557064225
-https://bugs.gentoo.org/906879
-
-Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
----
- src/network/configure.json | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/network/configure.json b/src/network/configure.json
-index 271ff164ac..ffba2d1eea 100644
---- a/src/network/configure.json
-+++ b/src/network/configure.json
-@@ -53,7 +53,7 @@
- },
- "headers": "proxy.h",
- "sources": [
-- "-lproxy"
-+ { "type": "pkgConfig", "args": "libproxy-1.0" }
- ]
- },
- "openssl_headers": {
---
-2.40.1
-
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild
deleted file mode 100644
index 2e9886e..0000000
--- a/dev-qt/qtnetwork/qtnetwork-5.15.9-r2.ebuild
+++ /dev/null
@@ -1,82 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-if [[ ${PV} != *9999* ]]; then
- QT5_KDEPATCHSET_REV=1
- KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc x86"
-fi
-
-QT5_MODULE="qtbase"
-inherit qt5-build
-
-DESCRIPTION="Network abstraction library for the Qt5 framework"
-
-IUSE="connman gssapi libproxy networkmanager sctp +ssl"
-
-DEPEND="
- =dev-qt/qtcore-${QT5_PV}*:5=
- sys-libs/zlib:=
- connman? ( =dev-qt/qtdbus-${QT5_PV}* )
- gssapi? ( virtual/krb5 )
- libproxy? ( net-libs/libproxy )
- networkmanager? ( =dev-qt/qtdbus-${QT5_PV}* )
- sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
- ssl? ( >=dev-libs/openssl-1.1.1:0= )
-"
-RDEPEND="${DEPEND}
- connman? ( net-misc/connman )
- networkmanager? ( net-misc/networkmanager )
-"
-
-PATCHES=(
- "${FILESDIR}/${PN}-5.15.7-libressl.patch" #562050
- "${FILESDIR}/${P}-QDnsLookup-dont-overflow-the-buffer.patch"
- "${FILESDIR}/${P}-CVE-2023-32762.patch"
- "${FILESDIR}/${P}-libproxy-0.5-pkgconfig.patch"
-)
-
-QT5_TARGET_SUBDIRS=(
- src/network
- src/plugins/bearer/generic
-)
-
-QT5_GENTOO_CONFIG=(
- libproxy:libproxy:
- ssl::SSL
- ssl::OPENSSL
- ssl:openssl-linked:LINKED_OPENSSL
-)
-
-QT5_GENTOO_PRIVATE_CONFIG=(
- :network
-)
-
-pkg_setup() {
- use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
- use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
-}
-
-src_configure() {
- local myconf=(
- $(usev connman -dbus-linked)
- $(qt_use gssapi feature-gssapi)
- $(qt_use libproxy)
- $(usev networkmanager -dbus-linked)
- $(qt_use sctp)
- $(usev ssl -openssl-linked)
- -no-dtls # Required for libressl
- )
- qt5-build_src_configure
-}
-
-src_install() {
- qt5-build_src_install
-
- # workaround for bug 652650
- if use ssl; then
- sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
- -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
- fi
-}
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.9-r3.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.9-r3.ebuild
deleted file mode 100644
index a166a59..0000000
--- a/dev-qt/qtnetwork/qtnetwork-5.15.9-r3.ebuild
+++ /dev/null
@@ -1,83 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-if [[ ${PV} != *9999* ]]; then
- QT5_KDEPATCHSET_REV=1
- KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
-fi
-
-QT5_MODULE="qtbase"
-inherit qt5-build
-
-DESCRIPTION="Network abstraction library for the Qt5 framework"
-
-IUSE="connman gssapi libproxy networkmanager sctp +ssl"
-
-DEPEND="
- =dev-qt/qtcore-${QT5_PV}*:5=
- sys-libs/zlib:=
- connman? ( =dev-qt/qtdbus-${QT5_PV}* )
- gssapi? ( virtual/krb5 )
- libproxy? ( net-libs/libproxy )
- networkmanager? ( =dev-qt/qtdbus-${QT5_PV}* )
- sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
- ssl? ( >=dev-libs/openssl-1.1.1:0= )
-"
-RDEPEND="${DEPEND}
- connman? ( net-misc/connman )
- networkmanager? ( net-misc/networkmanager )
-"
-
-PATCHES=(
- "${FILESDIR}/${PN}-5.15.7-libressl.patch" #562050
- "${FILESDIR}/${P}-QDnsLookup-dont-overflow-the-buffer.patch"
- "${FILESDIR}/${P}-CVE-2023-32762.patch"
- "${FILESDIR}/${P}-libproxy-0.5-pkgconfig.patch"
- "${FILESDIR}/${P}-CVE-2023-34410.patch"
-)
-
-QT5_TARGET_SUBDIRS=(
- src/network
- src/plugins/bearer/generic
-)
-
-QT5_GENTOO_CONFIG=(
- libproxy:libproxy:
- ssl::SSL
- ssl::OPENSSL
- ssl:openssl-linked:LINKED_OPENSSL
-)
-
-QT5_GENTOO_PRIVATE_CONFIG=(
- :network
-)
-
-pkg_setup() {
- use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
- use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
-}
-
-src_configure() {
- local myconf=(
- $(usev connman -dbus-linked)
- $(qt_use gssapi feature-gssapi)
- $(qt_use libproxy)
- $(usev networkmanager -dbus-linked)
- $(qt_use sctp)
- $(usev ssl -openssl-linked)
- -no-dtls # Required for libressl
- )
- qt5-build_src_configure
-}
-
-src_install() {
- qt5-build_src_install
-
- # workaround for bug 652650
- if use ssl; then
- sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
- -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
- fi
-}
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.9.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.9.ebuild
deleted file mode 100644
index c28e00c..0000000
--- a/dev-qt/qtnetwork/qtnetwork-5.15.9.ebuild
+++ /dev/null
@@ -1,79 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-if [[ ${PV} != *9999* ]]; then
- QT5_KDEPATCHSET_REV=1
- KEYWORDS="amd64 arm arm64 ~hppa ~loong ppc ppc64 ~riscv ~sparc x86"
-fi
-
-QT5_MODULE="qtbase"
-inherit qt5-build
-
-DESCRIPTION="Network abstraction library for the Qt5 framework"
-
-IUSE="connman gssapi libproxy networkmanager sctp +ssl"
-
-DEPEND="
- =dev-qt/qtcore-${QT5_PV}*:5=
- sys-libs/zlib:=
- connman? ( =dev-qt/qtdbus-${QT5_PV}* )
- gssapi? ( virtual/krb5 )
- libproxy? ( net-libs/libproxy )
- networkmanager? ( =dev-qt/qtdbus-${QT5_PV}* )
- sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
- ssl? ( >=dev-libs/openssl-1.1.1:0= )
-"
-RDEPEND="${DEPEND}
- connman? ( net-misc/connman )
- networkmanager? ( net-misc/networkmanager )
-"
-
-QT5_TARGET_SUBDIRS=(
- src/network
- src/plugins/bearer/generic
-)
-
-QT5_GENTOO_CONFIG=(
- libproxy:libproxy:
- ssl::SSL
- ssl::OPENSSL
- ssl:openssl-linked:LINKED_OPENSSL
-)
-
-QT5_GENTOO_PRIVATE_CONFIG=(
- :network
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-5.15.7-libressl.patch # Bug 562050, not upstreamable
-)
-
-pkg_setup() {
- use connman && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/connman)
- use networkmanager && QT5_TARGET_SUBDIRS+=(src/plugins/bearer/networkmanager)
-}
-
-src_configure() {
- local myconf=(
- $(usev connman -dbus-linked)
- $(qt_use gssapi feature-gssapi)
- $(qt_use libproxy)
- $(usev networkmanager -dbus-linked)
- $(qt_use sctp)
- $(usev ssl -openssl-linked)
- -no-dtls # Required for libressl
- )
- qt5-build_src_configure
-}
-
-src_install() {
- qt5-build_src_install
-
- # workaround for bug 652650
- if use ssl; then
- sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
- -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
- fi
-}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
@ 2024-06-28 21:14 orbea
0 siblings, 0 replies; 14+ messages in thread
From: orbea @ 2024-06-28 21:14 UTC (permalink / raw
To: gentoo-commits
commit: bd0f603a55233290f3f91860a8df4c8fdf207cc7
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Fri Jun 28 18:59:51 2024 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Fri Jun 28 19:01:52 2024 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=bd0f603a
dev-qt/qtnetwork: drop 5.15.13
Signed-off-by: orbea <orbea <AT> riseup.net>
dev-qt/qtnetwork/Manifest | 3 -
...etwork-5.15.10-ssl-upgr-default-DH-params.patch | 101 ---------------------
dev-qt/qtnetwork/qtnetwork-5.15.13.ebuild | 67 --------------
3 files changed, 171 deletions(-)
diff --git a/dev-qt/qtnetwork/Manifest b/dev-qt/qtnetwork/Manifest
index 351fedb..93ac206 100644
--- a/dev-qt/qtnetwork/Manifest
+++ b/dev-qt/qtnetwork/Manifest
@@ -1,6 +1,3 @@
-DIST qtbase-5.15-gentoo-patchset-5.tar.xz 9116 BLAKE2B b6318fc7c3ccdbfe85d56797ffaa3b275ce3f324731caca5efb497494837ca00c020494e9f811c0d5e9a460a4d70f16291c637409e7ad72325a36bc55e113c8c SHA512 f0343bf475a86f3f73b98b166ee48b1c5c9200aac9212ad977befe05679d0c351167618b16ae958e6403f33eecdc465b26a0df5d0b83d5d57a8c85ddb8a41c9b
DIST qtbase-5.15-gentoo-patchset-6.tar.xz 8288 BLAKE2B ad9695a528345dd3b8e9ce72b7bdfe8f744f16685a567bbc7862ba6c28e5a426260cb0b73e2573cb3a6f16f1785786898ffb44c90f5d75354b97e5756c7573db SHA512 97bc4d5375e1750a5578439ff320ee2e5e929df1dafe56b4e86f2de8ad26c91dc4002e45ad75d9f936347d49b9f54c0c42f8fc2cb7dfd4f54bf08a210b3bc720
-DIST qtbase-5.15.13-gentoo-kde-1.tar.xz 331952 BLAKE2B 6fb7314f03e99d8d2f5e8486ea805164f7e42a14c29a46519bae200364ad3798d26fd09bbd9381030b816f0a68c45d98581a76b80ca3fff8ae4c0121c77fc6ae SHA512 2c049f451eaa4a5087bb39283a66e7bbef89b9e3235ae930c48a405aeaaa999e863857c5074de6ad282708c756b8acab40fbb68f2a4a8b45ef7ade72b12bb98d
DIST qtbase-5.15.14-gentoo-kde-1.tar.xz 329640 BLAKE2B 5bd2d84f48874267a3328bf04e764f327bc8b3d574f8715fe02c4691e1ea8b2c0218ab66d55031e805d151be99956c5dfce304cac72b1edd371e2c447292e1e8 SHA512 37a7479c0fd0160fedd087f6da221484d47585f082f33f59118a75f9fa7a2e0969b9e9ed1b1234821dc6ffe55c07d22d20dc2ea4d2ee1dbd061f57bb4bf7f518
-DIST qtbase-everywhere-opensource-src-5.15.13.tar.xz 50862768 BLAKE2B d96d4d6b11aae3c471d5f24ed1030004394dfb89d399d5cddc868f39d0a4851a75ed0d59fdc79ef354c21a354eae0f23df1cfb8c30290d5c080b5fad507ce29a SHA512 565632646b04eed525530a50f1228dd1aa3b8f1318485fa7cf6ad96eabdc2208ed1522b3fc174bd4797b7d51edff18ea1f91a82dd701379407b880f1dd0d16ef
DIST qtbase-everywhere-opensource-src-5.15.14.tar.xz 50887988 BLAKE2B 292814ff8b9030766ce9941f4f13af56425f385543ff41cecd5d86b0a562fd220c8d9126fc36cfa0eab96440a64ec6a497306e00a59d388d13d34c8ea10a9633 SHA512 1280e7da926ff0c888dc3455ebeb73708bf8e44a3fe77ecf015e902608d75d7304639271dedba63635f959411452cd2b64a6f9166365a3aa3440656c00120272
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch
deleted file mode 100644
index 94f1325..0000000
--- a/dev-qt/qtnetwork/files/qtnetwork-5.15.10-ssl-upgr-default-DH-params.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From 05406c3f5f516d3148254c8294e8883c28a2c95a Mon Sep 17 00:00:00 2001
-From: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
-Date: Wed, 21 Jun 2023 13:30:35 +0200
-Subject: [PATCH] SSL: upgrade the default DH parameters
-
-We have been using as default DH parameters the 1024-bit MODP group.
-This is now considered insecure, and applications should use the
-2048-bit at a minimum [1]. This commit therefore replaces the parameters
-with the 2048-bit MODP group from [2].
-
-To double check the data, use openssl asn1parse to verify that the prime
-matches. For instance:
-
-1) put the encoded string in a `encoded.txt` file (c&p from the source,
- removing the double quotes)
-2) put the hexadecimal value of the 2048-bit group in a `reference.txt`
- file (c&p from [2])
-3) compare the output of openssl asn1parse with the reference. For
- instance like this:
-
- $ diff <(openssl asn1parse < encoded.txt | grep -m 1 INTEGER | perl -pe 's/.*://; s/\n//') <(perl -0777 -pe 's/\s//g' reference.txt) && echo OK
- OK
-
-[1] https://datatracker.ietf.org/doc/html/rfc8247#section-2.4
-[2] https://datatracker.ietf.org/doc/html/rfc3526#section-3
-
-[ChangeLog][QtNetwork][QSslDiffieHellmanParameters] The default
-Diffie-Hellman parameters are now using the 2048-bit MODP group from
-RFC 3526.
-
-Pick-to: 6.6 6.5 6.2 5.15
-Change-Id: I47133cd78ba0e954b8f93a3da09fa2c760c9f7a8
-Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
-(cherry picked from commit 3ec24e329c9ef6802786a37f30ddd8982e903480)
----
- src/network/ssl/qsslconfiguration.cpp | 12 ++++++++++--
- src/network/ssl/qssldiffiehellmanparameters.cpp | 13 +++++++------
- 2 files changed, 17 insertions(+), 8 deletions(-)
-
-diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
-index f5ce02807f..84a9187334 100644
---- a/src/network/ssl/qsslconfiguration.cpp
-+++ b/src/network/ssl/qsslconfiguration.cpp
-@@ -929,7 +929,11 @@ void QSslConfiguration::setPreSharedKeyIdentityHint(const QByteArray &hint)
- Retrieves the current set of Diffie-Hellman parameters.
-
- If no Diffie-Hellman parameters have been set, the QSslConfiguration object
-- defaults to using the 1024-bit MODP group from RFC 2409.
-+ defaults to using the 2048-bit MODP group from RFC 3526.
-+
-+ \note The default parameters may change in future Qt versions.
-+ Please check the documentation of the \e{exact Qt version} that you
-+ are using in order to know what defaults that version uses.
- */
- QSslDiffieHellmanParameters QSslConfiguration::diffieHellmanParameters() const
- {
-@@ -943,7 +947,11 @@ QSslDiffieHellmanParameters QSslConfiguration::diffieHellmanParameters() const
- a server to \a dhparams.
-
- If no Diffie-Hellman parameters have been set, the QSslConfiguration object
-- defaults to using the 1024-bit MODP group from RFC 2409.
-+ defaults to using the 2048-bit MODP group from RFC 3526.
-+
-+ \note The default parameters may change in future Qt versions.
-+ Please check the documentation of the \e{exact Qt version} that you
-+ are using in order to know what defaults that version uses.
- */
- void QSslConfiguration::setDiffieHellmanParameters(const QSslDiffieHellmanParameters &dhparams)
- {
-diff --git a/src/network/ssl/qssldiffiehellmanparameters.cpp b/src/network/ssl/qssldiffiehellmanparameters.cpp
-index 7807afaa30..7c2505a0be 100644
---- a/src/network/ssl/qssldiffiehellmanparameters.cpp
-+++ b/src/network/ssl/qssldiffiehellmanparameters.cpp
-@@ -68,17 +68,18 @@
-
- QT_BEGIN_NAMESPACE
-
--// The 1024-bit MODP group from RFC 2459 (Second Oakley Group)
-+// The 2048-bit MODP group from RFC 3526
- Q_AUTOTEST_EXPORT const char *qssl_dhparams_default_base64 =
-- "MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR"
-- "Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL"
-- "/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC";
-+ "MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmO"
-+ "NATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjftawv/XLb0Brft7jhr"
-+ "+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXTmmkWP6j9JM9fg2VdI9yjrZYc"
-+ "YvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhghfDKQXkYuNs474553LBgOhgObJ4Oi7Aei"
-+ "j7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==";
-
- /*!
- Returns the default QSslDiffieHellmanParameters used by QSslSocket.
-
-- This is currently the 1024-bit MODP group from RFC 2459, also
-- known as the Second Oakley Group.
-+ This is currently the 2048-bit MODP group from RFC 3526.
- */
- QSslDiffieHellmanParameters QSslDiffieHellmanParameters::defaultParameters()
- {
---
-2.41.0
-
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.13.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.13.ebuild
deleted file mode 100644
index d4da090..0000000
--- a/dev-qt/qtnetwork/qtnetwork-5.15.13.ebuild
+++ /dev/null
@@ -1,67 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-if [[ ${PV} != *9999* ]]; then
- QT5_KDEPATCHSET_REV=1
- KEYWORDS="amd64 arm arm64 ~hppa ~loong ppc ppc64 ~riscv ~sparc x86"
-fi
-
-QT5_MODULE="qtbase"
-inherit qt5-build
-
-DESCRIPTION="Network abstraction library for the Qt5 framework"
-
-IUSE="gssapi libproxy sctp +ssl"
-
-DEPEND="
- =dev-qt/qtcore-${QT5_PV}*:5=
- sys-libs/zlib:=
- gssapi? ( virtual/krb5 )
- libproxy? ( net-libs/libproxy )
- sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
- ssl? ( >=dev-libs/openssl-1.1.1:0= )
-"
-RDEPEND="${DEPEND}"
-
-QT5_TARGET_SUBDIRS=(
- src/network
- src/plugins/bearer/generic
-)
-
-QT5_GENTOO_CONFIG=(
- libproxy:libproxy:
- ssl::SSL
- ssl::OPENSSL
- ssl:openssl-linked:LINKED_OPENSSL
-)
-
-QT5_GENTOO_PRIVATE_CONFIG=(
- :network
-)
-
-PATCHES=(
- "${FILESDIR}/${PN}-5.15.7-libressl.patch" #562050
-)
-
-src_configure() {
- local myconf=(
- $(qt_use gssapi feature-gssapi)
- $(qt_use libproxy)
- $(qt_use sctp)
- $(usev ssl -openssl-linked)
- -no-dtls # Required for libressl
- )
- qt5-build_src_configure
-}
-
-src_install() {
- qt5-build_src_install
-
- # workaround for bug 652650
- if use ssl; then
- sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
- -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
- fi
-}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/
@ 2024-07-19 3:40 orbea
0 siblings, 0 replies; 14+ messages in thread
From: orbea @ 2024-07-19 3:40 UTC (permalink / raw
To: gentoo-commits
commit: 44a0bae1c517799f21a49912413dcf48044ad6dc
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Fri Jul 19 02:45:18 2024 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Fri Jul 19 02:45:18 2024 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=44a0bae1
dev-qt/qtnetwork: add 5.15.14-r1
Signed-off-by: orbea <orbea <AT> riseup.net>
.../files/qtnetwork-5.15.14-CVE-2024-39936.patch | 178 +++++++++++++++++++++
dev-qt/qtnetwork/qtnetwork-5.15.14-r1.ebuild | 68 ++++++++
2 files changed, 246 insertions(+)
diff --git a/dev-qt/qtnetwork/files/qtnetwork-5.15.14-CVE-2024-39936.patch b/dev-qt/qtnetwork/files/qtnetwork-5.15.14-CVE-2024-39936.patch
new file mode 100644
index 0000000..c4445b2
--- /dev/null
+++ b/dev-qt/qtnetwork/files/qtnetwork-5.15.14-CVE-2024-39936.patch
@@ -0,0 +1,178 @@
+From 9f9a56d750caff8b4459e7e9bf82f1f4d725f72f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
+Date: Tue, 25 Jun 2024 17:09:35 +0200
+Subject: [PATCH] HTTP2: Delay any communication until encrypted() can be
+ responded to
+
+We have the encrypted() signal that lets users do extra checks on the
+established connection. It is emitted as BlockingQueued, so the HTTP
+thread stalls until it is done emitting. Users can potentially call
+abort() on the QNetworkReply at that point, which is passed as a Queued
+call back to the HTTP thread. That means that any currently queued
+signal emission will be processed before the abort() call is processed.
+
+In the case of HTTP2 it is a little special since it is multiplexed and
+the code is built to start requests as they are available. This means
+that, while the code worked fine for HTTP1, since one connection only
+has one request, it is not working for HTTP2, since we try to send more
+requests in-between the encrypted() signal and the abort() call.
+
+This patch changes the code to delay any communication until the
+encrypted() signal has been emitted and processed, for HTTP2 only.
+It's done by adding a few booleans, both to know that we have to return
+early and so we can keep track of what events arose and what we need to
+resume once enough time has passed that any abort() call must have been
+processed.
+
+Fixes: QTBUG-126610
+Pick-to: 6.8 6.7 6.5 6.2 5.15 5.12
+Change-Id: Ic25a600c278203256e35f541026f34a8783235ae
+Reviewed-by: Marc Mutz <marc.mutz@qt.io>
+Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
+(cherry picked from commit b1e75376cc3adfc7da5502a277dfe9711f3e0536)
+(but really taken from upstream CVE-2024-39936-qtbase-5.15.patch)
+---
+ src/network/access/qhttp2protocolhandler.cpp | 6 +--
+ .../access/qhttpnetworkconnectionchannel.cpp | 46 ++++++++++++++++++-
+ .../access/qhttpnetworkconnectionchannel_p.h | 6 +++
+ 3 files changed, 53 insertions(+), 5 deletions(-)
+
+diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp
+index ead88d781ae..926f3134a0e 100644
+--- a/src/network/access/qhttp2protocolhandler.cpp
++++ b/src/network/access/qhttp2protocolhandler.cpp
+@@ -375,12 +375,12 @@ bool QHttp2ProtocolHandler::sendRequest()
+ }
+ }
+
+- if (!prefaceSent && !sendClientPreface())
+- return false;
+-
+ if (!requests.size())
+ return true;
+
++ if (!prefaceSent && !sendClientPreface())
++ return false;
++
+ m_channel->state = QHttpNetworkConnectionChannel::WritingState;
+ // Check what was promised/pushed, maybe we do not have to send a request
+ // and have a response already?
+diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp
+index 7620ca16470..13f9630c658 100644
+--- a/src/network/access/qhttpnetworkconnectionchannel.cpp
++++ b/src/network/access/qhttpnetworkconnectionchannel.cpp
+@@ -255,6 +255,10 @@ void QHttpNetworkConnectionChannel::abort()
+ bool QHttpNetworkConnectionChannel::sendRequest()
+ {
+ Q_ASSERT(!protocolHandler.isNull());
++ if (waitingForPotentialAbort) {
++ needInvokeSendRequest = true;
++ return false; // this return value is unused
++ }
+ return protocolHandler->sendRequest();
+ }
+
+@@ -267,21 +271,28 @@ bool QHttpNetworkConnectionChannel::sendRequest()
+ void QHttpNetworkConnectionChannel::sendRequestDelayed()
+ {
+ QMetaObject::invokeMethod(this, [this] {
+- Q_ASSERT(!protocolHandler.isNull());
+ if (reply)
+- protocolHandler->sendRequest();
++ sendRequest();
+ }, Qt::ConnectionType::QueuedConnection);
+ }
+
+ void QHttpNetworkConnectionChannel::_q_receiveReply()
+ {
+ Q_ASSERT(!protocolHandler.isNull());
++ if (waitingForPotentialAbort) {
++ needInvokeReceiveReply = true;
++ return;
++ }
+ protocolHandler->_q_receiveReply();
+ }
+
+ void QHttpNetworkConnectionChannel::_q_readyRead()
+ {
+ Q_ASSERT(!protocolHandler.isNull());
++ if (waitingForPotentialAbort) {
++ needInvokeReadyRead = true;
++ return;
++ }
+ protocolHandler->_q_readyRead();
+ }
+
+@@ -1289,7 +1300,18 @@ void QHttpNetworkConnectionChannel::_q_encrypted()
+ // Similar to HTTP/1.1 counterpart below:
+ const auto &pairs = spdyRequestsToSend.values(); // (request, reply)
+ const auto &pair = pairs.first();
++ waitingForPotentialAbort = true;
+ emit pair.second->encrypted();
++
++ // We don't send or handle any received data until any effects from
++ // emitting encrypted() have been processed. This is necessary
++ // because the user may have called abort(). We may also abort the
++ // whole connection if the request has been aborted and there is
++ // no more requests to send.
++ QMetaObject::invokeMethod(this,
++ &QHttpNetworkConnectionChannel::checkAndResumeCommunication,
++ Qt::QueuedConnection);
++
+ // In case our peer has sent us its settings (window size, max concurrent streams etc.)
+ // let's give _q_receiveReply a chance to read them first ('invokeMethod', QueuedConnection).
+ QMetaObject::invokeMethod(connection, "_q_startNextRequest", Qt::QueuedConnection);
+@@ -1307,6 +1329,26 @@ void QHttpNetworkConnectionChannel::_q_encrypted()
+ }
+ }
+
++void QHttpNetworkConnectionChannel::checkAndResumeCommunication()
++{
++ Q_ASSERT(connection->connectionType() > QHttpNetworkConnection::ConnectionTypeHTTP);
++
++ // Because HTTP/2 requires that we send a SETTINGS frame as the first thing we do, and respond
++ // to a SETTINGS frame with an ACK, we need to delay any handling until we can ensure that any
++ // effects from emitting encrypted() have been processed.
++ // This function is called after encrypted() was emitted, so check for changes.
++
++ if (!reply && spdyRequestsToSend.isEmpty())
++ abort();
++ waitingForPotentialAbort = false;
++ if (needInvokeReadyRead)
++ _q_readyRead();
++ if (needInvokeReceiveReply)
++ _q_receiveReply();
++ if (needInvokeSendRequest)
++ sendRequest();
++}
++
+ void QHttpNetworkConnectionChannel::requeueSpdyRequests()
+ {
+ QList<HttpMessagePair> spdyPairs = spdyRequestsToSend.values();
+diff --git a/src/network/access/qhttpnetworkconnectionchannel_p.h b/src/network/access/qhttpnetworkconnectionchannel_p.h
+index d8ac3979d19..eac44464926 100644
+--- a/src/network/access/qhttpnetworkconnectionchannel_p.h
++++ b/src/network/access/qhttpnetworkconnectionchannel_p.h
+@@ -107,6 +107,10 @@ public:
+ QAbstractSocket *socket;
+ bool ssl;
+ bool isInitialized;
++ bool waitingForPotentialAbort = false;
++ bool needInvokeReceiveReply = false;
++ bool needInvokeReadyRead = false;
++ bool needInvokeSendRequest = false;
+ ChannelState state;
+ QHttpNetworkRequest request; // current request, only used for HTTP
+ QHttpNetworkReply *reply; // current reply for this request, only used for HTTP
+@@ -187,6 +191,8 @@ public:
+ void closeAndResendCurrentRequest();
+ void resendCurrentRequest();
+
++ void checkAndResumeCommunication();
++
+ bool isSocketBusy() const;
+ bool isSocketWriting() const;
+ bool isSocketWaiting() const;
+--
+2.45.2
+
diff --git a/dev-qt/qtnetwork/qtnetwork-5.15.14-r1.ebuild b/dev-qt/qtnetwork/qtnetwork-5.15.14-r1.ebuild
new file mode 100644
index 0000000..57b4c7b
--- /dev/null
+++ b/dev-qt/qtnetwork/qtnetwork-5.15.14-r1.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+if [[ ${PV} != *9999* ]]; then
+ QT5_KDEPATCHSET_REV=1
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+QT5_MODULE="qtbase"
+inherit qt5-build
+
+DESCRIPTION="Network abstraction library for the Qt5 framework"
+
+IUSE="gssapi libproxy sctp +ssl"
+
+DEPEND="
+ =dev-qt/qtcore-${QT5_PV}*:5=
+ sys-libs/zlib:=
+ gssapi? ( virtual/krb5 )
+ libproxy? ( net-libs/libproxy )
+ sctp? ( kernel_linux? ( net-misc/lksctp-tools ) )
+ ssl? ( >=dev-libs/openssl-1.1.1:0= )
+"
+RDEPEND="${DEPEND}"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-5.15.7-libressl.patch" #562050
+ "${FILESDIR}/${P}-CVE-2024-39936.patch" # bug 935869
+)
+
+QT5_TARGET_SUBDIRS=(
+ src/network
+ src/plugins/bearer/generic
+)
+
+QT5_GENTOO_CONFIG=(
+ libproxy:libproxy:
+ ssl::SSL
+ ssl::OPENSSL
+ ssl:openssl-linked:LINKED_OPENSSL
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+ :network
+)
+
+src_configure() {
+ local myconf=(
+ $(qt_use gssapi feature-gssapi)
+ $(qt_use libproxy)
+ $(qt_use sctp)
+ $(usev ssl -openssl-linked)
+ -no-dtls # Required for libressl
+ )
+ qt5-build_src_configure
+}
+
+src_install() {
+ qt5-build_src_install
+
+ # workaround for bug 652650
+ if use ssl; then
+ sed -e "/^#define QT_LINKED_OPENSSL/s/$/ true/" \
+ -i "${D}${QT5_HEADERDIR}"/Gentoo/${PN}-qconfig.h || die
+ fi
+}
^ permalink raw reply related [flat|nested] 14+ messages in thread
end of thread, other threads:[~2024-07-19 3:40 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-23 13:16 [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtnetwork/, dev-qt/qtnetwork/files/ orbea
-- strict thread matches above, loose matches on Subject: below --
2024-07-19 3:40 orbea
2024-06-28 21:14 orbea
2023-07-14 19:29 orbea
2023-05-24 18:06 orbea
2023-01-14 23:23 Quentin Retornaz
2022-06-26 2:24 Quentin Retornaz
2021-11-06 18:16 Quentin Retornaz
2021-10-02 22:19 Quentin Retornaz
2021-10-02 22:09 Quentin Retornaz
2021-01-27 22:31 Quentin Retornaz
2020-07-16 7:58 Stefan Strogin
2019-07-20 0:19 Stefan Strogin
2019-07-20 0:19 Stefan Strogin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox