* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/
@ 2023-06-13 3:27 orbea
0 siblings, 0 replies; 4+ messages in thread
From: orbea @ 2023-06-13 3:27 UTC (permalink / raw
To: gentoo-commits
commit: e4e6f57cf6b634a506908ae401ff9488368c3e92
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Tue Jun 13 03:26:42 2023 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Tue Jun 13 03:26:42 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=e4e6f57c
dev-qt/qtbase: drop unused patch
Signed-off-by: orbea <orbea <AT> riseup.net>
.../qtbase/files/qtbase-6.5.0-CVE-2023-33285.patch | 101 ---------------------
1 file changed, 101 deletions(-)
diff --git a/dev-qt/qtbase/files/qtbase-6.5.0-CVE-2023-33285.patch b/dev-qt/qtbase/files/qtbase-6.5.0-CVE-2023-33285.patch
deleted file mode 100644
index c982cce..0000000
--- a/dev-qt/qtbase/files/qtbase-6.5.0-CVE-2023-33285.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From a2dc11b37fd71f785c342c40549f54edfdd1a6f8 Mon Sep 17 00:00:00 2001
-From: Thiago Macieira <thiago.macieira@intel.com>
-Date: Thu, 11 May 2023 21:40:15 -0700
-Subject: [PATCH] QDnsLookup/Unix: make sure we don't overflow the buffer
-MIME-Version: 1.0
-Content-Type: text/plain; charset=utf8
-Content-Transfer-Encoding: 8bit
-
-The DNS Records are variable length and encode their size in 16 bits
-before the Record Data (RDATA). Ensure that both the RDATA and the
-Record header fields before it fall inside the buffer we have.
-
-Additionally reject any replies containing more than one query records.
-
-[ChangeLog][QtNetwork][QDnsLookup] Fixed a bug that could cause a buffer
-overflow in Unix systems while parsing corrupt, malicious, or truncated
-replies.
-
-Pick-to: 5.15 6.2 6.5.1
-Change-Id: I3e3bfef633af4130a03afffd175e4b9547654b95
-Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
-Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
-(cherry picked from commit 7dba2c87619d558a61a30eb30cc1d9c3fe6df94c)
-Reviewed-by: Daniel Smith <Daniel.Smith@qt.io>
----
- src/network/kernel/qdnslookup_unix.cpp | 31 +++++++++++++++++++++++++------
- 1 file changed, 25 insertions(+), 6 deletions(-)
-
-diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp
-index 8db79028f775..ad7bb51f67a5 100644
---- a/src/network/kernel/qdnslookup_unix.cpp
-+++ b/src/network/kernel/qdnslookup_unix.cpp
-@@ -193,7 +193,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
- // responseLength in case of error, we still can extract the
- // exact error code from the response.
- HEADER *header = (HEADER*)response;
-- const int answerCount = ntohs(header->ancount);
- switch (header->rcode) {
- case NOERROR:
- break;
-@@ -227,18 +226,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
- return;
- }
-
-- // Skip the query host, type (2 bytes) and class (2 bytes).
- char host[PACKETSZ], answer[PACKETSZ];
- unsigned char *p = response + sizeof(HEADER);
-- int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
-- if (status < 0) {
-+ int status;
-+
-+ if (ntohs(header->qdcount) == 1) {
-+ // Skip the query host, type (2 bytes) and class (2 bytes).
-+ status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
-+ if (status < 0) {
-+ reply->error = QDnsLookup::InvalidReplyError;
-+ reply->errorString = tr("Could not expand domain name");
-+ return;
-+ }
-+ if ((p - response) + status + 4 >= responseLength)
-+ header->qdcount = 0xffff; // invalid reply below
-+ else
-+ p += status + 4;
-+ }
-+ if (ntohs(header->qdcount) > 1) {
- reply->error = QDnsLookup::InvalidReplyError;
-- reply->errorString = tr("Could not expand domain name");
-+ reply->errorString = tr("Invalid reply received");
- return;
- }
-- p += status + 4;
-
- // Extract results.
-+ const int answerCount = ntohs(header->ancount);
- int answerIndex = 0;
- while ((p < response + responseLength) && (answerIndex < answerCount)) {
- status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
-@@ -250,6 +262,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
- const QString name = QUrl::fromAce(host);
-
- p += status;
-+
-+ if ((p - response) + 10 > responseLength) {
-+ // probably just a truncated reply, return what we have
-+ return;
-+ }
- const quint16 type = (p[0] << 8) | p[1];
- p += 2; // RR type
- p += 2; // RR class
-@@ -257,6 +274,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
- p += 4;
- const quint16 size = (p[0] << 8) | p[1];
- p += 2;
-+ if ((p - response) + size > responseLength)
-+ return; // truncated
-
- if (type == QDnsLookup::A) {
- if (size != 4) {
---
-2.16.3
-
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/
@ 2023-09-18 13:22 orbea
0 siblings, 0 replies; 4+ messages in thread
From: orbea @ 2023-09-18 13:22 UTC (permalink / raw
To: gentoo-commits
commit: 6d7b94863460b1e6dcfe04b8f02eb297af2a0b36
Author: Saki Xi <space_raccoon <AT> riseup <DOT> net>
AuthorDate: Mon Sep 18 12:57:00 2023 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Mon Sep 18 13:21:29 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=6d7b9486
dev-qt/qtbase: adding missing patch from ::gentoo
Signed-off-by: Saki Xi <space_raccoon <AT> riseup.net>
Closes: https://github.com/gentoo/libressl/pull/537
Signed-off-by: orbea <orbea <AT> riseup.net>
dev-qt/qtbase/files/qtbase-6.5.2-no-symlink-check.patch | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/dev-qt/qtbase/files/qtbase-6.5.2-no-symlink-check.patch b/dev-qt/qtbase/files/qtbase-6.5.2-no-symlink-check.patch
new file mode 100644
index 0000000..815fd39
--- /dev/null
+++ b/dev-qt/qtbase/files/qtbase-6.5.2-no-symlink-check.patch
@@ -0,0 +1,5 @@
+https://bugs.gentoo.org/914195
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -65 +64,0 @@
+-qt_internal_check_if_path_has_symlinks("${CMAKE_BINARY_DIR}")
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/
@ 2024-01-31 0:07 orbea
0 siblings, 0 replies; 4+ messages in thread
From: orbea @ 2024-01-31 0:07 UTC (permalink / raw
To: gentoo-commits
commit: 8e53b838302b4e80d06d8ef119a873c45cda2890
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Wed Jan 31 00:04:51 2024 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Wed Jan 31 00:04:51 2024 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=8e53b838
dev-qt/qtbase: sync ::gentoo
Signed-off-by: orbea <orbea <AT> riseup.net>
dev-qt/qtbase/files/qtbase-6.6.1-forkfd-childstack-size.patch | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/dev-qt/qtbase/files/qtbase-6.6.1-forkfd-childstack-size.patch b/dev-qt/qtbase/files/qtbase-6.6.1-forkfd-childstack-size.patch
index 6b0ff17..3b9df41 100644
--- a/dev-qt/qtbase/files/qtbase-6.6.1-forkfd-childstack-size.patch
+++ b/dev-qt/qtbase/files/qtbase-6.6.1-forkfd-childstack-size.patch
@@ -6,6 +6,10 @@ Former fix involved replacing 4096 by SIGSTKSZ but
bug #918664 shown that this may be insufficient so this
tries 32k instead.
+Update: after https://bugs.gentoo.org/923013 and a fixed
+sandbox been stabilized for some time, it should in theory
+be possible to drop this
+
https://bugs.gentoo.org/908809
https://bugs.gentoo.org/908816
https://bugs.gentoo.org/913493
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/
@ 2024-03-11 0:42 orbea
0 siblings, 0 replies; 4+ messages in thread
From: orbea @ 2024-03-11 0:42 UTC (permalink / raw
To: gentoo-commits
commit: f60f1ff00e3b2322b378ceb72beca019459c287b
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sun Mar 10 21:41:28 2024 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Mon Mar 11 00:29:25 2024 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=f60f1ff0
dev-qt/qtbase: update patch for libressl-3.9.0
Source:
https://github.com/openbsd/ports/blob/78d184603e64f0015ebe76b2db388b00c60c035e/x11/qt6/qtbase/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_cpp
https://github.com/openbsd/ports/blob/78d184603e64f0015ebe76b2db388b00c60c035e/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qsslsocket_openssl_symbols_p_h
https://github.com/openbsd/ports/blob/78d184603e64f0015ebe76b2db388b00c60c035e/x11/qt6/qtbase/patches/patch-src_plugins_tls_openssl_qx509_openssl_cpp
Signed-off-by: orbea <orbea <AT> riseup.net>
dev-qt/qtbase/files/qtbase-6.6.0-libressl.patch | 187 ++++++------------------
1 file changed, 47 insertions(+), 140 deletions(-)
diff --git a/dev-qt/qtbase/files/qtbase-6.6.0-libressl.patch b/dev-qt/qtbase/files/qtbase-6.6.0-libressl.patch
index 6c7f2c5..5531519 100644
--- a/dev-qt/qtbase/files/qtbase-6.6.0-libressl.patch
+++ b/dev-qt/qtbase/files/qtbase-6.6.0-libressl.patch
@@ -87,16 +87,14 @@ http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_ope
}
--- a/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
+++ b/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
-@@ -112,23 +112,37 @@ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return nullptr, return
- DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return)
+@@ -113,14 +113,25 @@ DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return)
DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return)
DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return)
-+#ifdef OPENSSL_NO_DEPRECATED_3_0
-+DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return)
DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return)
++#ifndef LIBRESSL_VERSION_NUMBER
DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return)
++#endif
DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return)
-+#endif // OPENSSL_NO_DEPRECATED_3_0
+#ifndef LIBRESSL_VERSION_NUMBER
DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return)
DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
@@ -115,21 +113,11 @@ http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_ope
DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
DEFINEFUNC2(qssloptions, SSL_CTX_set_options, SSL_CTX *ctx, ctx, qssloptions op, op, return 0, return)
using info_callback = void (*) (const SSL *ssl, int type, int val);
- DEFINEFUNC2(void, SSL_set_info_callback, SSL *ssl, ssl, info_callback cb, cb, return, return)
- DEFINEFUNC(const char *, SSL_alert_type_string, int value, value, return nullptr, return)
- DEFINEFUNC(const char *, SSL_alert_desc_string_long, int value, value, return nullptr, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return)
- DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return)
-+#endif // LIBRESSL_VERSION_NUMBER
- #ifdef TLS1_3_VERSION
- DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
- DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
-@@ -154,7 +168,11 @@ DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_ver
+@@ -154,7 +165,11 @@ DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_ver
DEFINEFUNC3(int, X509_STORE_set_ex_data, X509_STORE *a, a, int idx, idx, void *data, data, return 0, return)
DEFINEFUNC2(void *, X509_STORE_get_ex_data, X509_STORE *r, r, int idx, idx, return nullptr, return)
DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return nullptr, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
++#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG)
+#else
+DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG)
@@ -137,27 +125,7 @@ http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_ope
DEFINEFUNC3(int, CRYPTO_memcmp, const void * in_a, in_a, const void * in_b, in_b, size_t len, len, return 1, return);
DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return)
DEFINEFUNC(const char *, OpenSSL_version, int a, a, return nullptr, return)
-@@ -193,7 +211,9 @@ DEFINEFUNC5(int, OCSP_id_get0_info, ASN1_OCTET_STRING **piNameHash, piNameHash,
- ASN1_OCTET_STRING **piKeyHash, piKeyHash, ASN1_INTEGER **pserial, pserial, OCSP_CERTID *cid, cid,
- return 0, return)
- DEFINEFUNC2(OCSP_RESPONSE *, OCSP_response_create, int status, status, OCSP_BASICRESP *bs, bs, return nullptr, return)
-+#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
- DEFINEFUNC(const STACK_OF(X509) *, OCSP_resp_get0_certs, const OCSP_BASICRESP *bs, bs, return nullptr, return)
-+#endif
- DEFINEFUNC2(int, OCSP_id_cmp, OCSP_CERTID *a, a, OCSP_CERTID *b, b, return -1, return)
- DEFINEFUNC7(OCSP_SINGLERESP *, OCSP_basic_add1_status, OCSP_BASICRESP *r, r, OCSP_CERTID *c, c, int s, s,
- int re, re, ASN1_TIME *rt, rt, ASN1_TIME *t, t, ASN1_TIME *n, n, return nullptr, return)
-@@ -214,7 +234,9 @@ DEFINEFUNC(long, ASN1_INTEGER_get, ASN1_INTEGER *a, a, return 0, return)
- DEFINEFUNC2(int, ASN1_INTEGER_cmp, const ASN1_INTEGER *a, a, const ASN1_INTEGER *b, b, return 1, return)
- DEFINEFUNC(int, ASN1_STRING_length, ASN1_STRING *a, a, return 0, return)
- DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return)
-+#ifndef LIBRESSL_VERSION_NUMBER
- DEFINEFUNC2(int, ASN1_TIME_to_tm, const ASN1_TIME *s, s, struct tm *tm, tm, return 0, return)
-+#endif
- DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return)
- DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return)
- DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return nullptr, return)
-@@ -289,12 +311,14 @@ DEFINEFUNC3(int, SSL_CTX_use_certificate_file, SSL_CTX *a, a, const char *b, b,
+@@ -289,12 +304,14 @@ DEFINEFUNC3(int, SSL_CTX_use_certificate_file, SSL_CTX *a, a, const char *b, b,
DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a, EVP_PKEY *b, b, return -1, return)
DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return)
@@ -172,30 +140,33 @@ http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_ope
DEFINEFUNC(void, SSL_free, SSL *a, a, return, DUMMYARG)
DEFINEFUNC(STACK_OF(SSL_CIPHER) *, SSL_get_ciphers, const SSL *a, a, return nullptr, return)
DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return nullptr, return)
-@@ -853,9 +877,11 @@ bool q_resolveOpenSslSymbols()
- RESOLVEFUNC(EVP_CIPHER_CTX_reset)
+@@ -866,14 +883,25 @@ bool q_resolveOpenSslSymbols()
RESOLVEFUNC(AUTHORITY_INFO_ACCESS_free)
RESOLVEFUNC(EVP_PKEY_up_ref)
-+#ifdef OPENSSL_NO_DEPRECATED_3_0
RESOLVEFUNC(EVP_PKEY_CTX_new)
++#ifndef LIBRESSL_VERSION_NUMBER
RESOLVEFUNC(EVP_PKEY_param_check)
++#endif
RESOLVEFUNC(EVP_PKEY_CTX_free)
-+#endif // OPENSSL_NO_DEPRECATED_3_0
++#ifndef LIBRESSL_VERSION_NUMBER
RESOLVEFUNC(OPENSSL_sk_new_null)
RESOLVEFUNC(OPENSSL_sk_push)
RESOLVEFUNC(OPENSSL_sk_free)
-@@ -949,7 +975,9 @@ bool q_resolveOpenSslSymbols()
- RESOLVEFUNC(OCSP_check_validity)
- RESOLVEFUNC(OCSP_cert_to_id)
- RESOLVEFUNC(OCSP_id_get0_info)
-- RESOLVEFUNC(OCSP_resp_get0_certs)
-+#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
-+ RESOLVEFUNC(OCSP_resp_get0_certs)
+ RESOLVEFUNC(OPENSSL_sk_num)
+ RESOLVEFUNC(OPENSSL_sk_pop_free)
+ RESOLVEFUNC(OPENSSL_sk_value)
++#else
++ RESOLVEFUNC(sk_new_null)
++ RESOLVEFUNC(sk_push)
++ RESOLVEFUNC(sk_free)
++ RESOLVEFUNC(sk_num)
++ RESOLVEFUNC(sk_pop_free)
++ RESOLVEFUNC(sk_value)
+#endif
- RESOLVEFUNC(OCSP_basic_sign)
- RESOLVEFUNC(OCSP_response_create)
- RESOLVEFUNC(i2d_OCSP_RESPONSE)
-@@ -1044,12 +1072,14 @@ bool q_resolveOpenSslSymbols()
+ RESOLVEFUNC(SSL_CTX_set_options)
+ RESOLVEFUNC(SSL_set_info_callback)
+ RESOLVEFUNC(SSL_alert_type_string)
+@@ -1056,12 +1084,14 @@ bool q_resolveOpenSslSymbols()
RESOLVEFUNC(SSL_CTX_use_PrivateKey)
RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
RESOLVEFUNC(SSL_CTX_get_cert_store);
@@ -210,19 +181,9 @@ http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_ope
RESOLVEFUNC(SSL_accept)
RESOLVEFUNC(SSL_clear)
RESOLVEFUNC(SSL_connect)
-@@ -1109,7 +1139,9 @@ bool q_resolveOpenSslSymbols()
- RESOLVEFUNC(RSA_free)
-
- RESOLVEFUNC(DH_bits)
-+#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
- RESOLVEFUNC(DSA_bits)
-+#endif
- RESOLVEFUNC(RSA_bits)
-
- #ifndef OPENSSL_NO_EC
--- a/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h
+++ b/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h
-@@ -46,6 +46,13 @@ QT_BEGIN_NAMESPACE
+@@ -46,6 +46,12 @@ QT_BEGIN_NAMESPACE
#define DUMMYARG
@@ -230,25 +191,20 @@ http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_ope
+typedef _STACK STACK;
+typedef STACK OPENSSL_STACK;
+typedef void OPENSSL_INIT_SETTINGS;
-+typedef int (*X509_STORE_CTX_verify_cb)(int ok,X509_STORE_CTX *ctx);
+#endif
+
#if !defined QT_LINKED_OPENSSL
// **************** Shared declarations ******************
// ret func(arg)
-@@ -203,15 +210,32 @@ const BIO_METHOD *q_BIO_s_mem();
- void q_AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS *a);
- int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
+@@ -205,6 +211,7 @@ int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
int q_EVP_PKEY_up_ref(EVP_PKEY *a);
-+#ifdef OPENSSL_NO_DEPRECATED_3_0
EVP_PKEY_CTX *q_EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
void q_EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
-+#endif // OPENSSL_NO_DEPRECATED_3_0
- int q_EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
+#ifndef LIBRESSL_VERSION_NUMBER
+ int q_EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
int q_OPENSSL_sk_num(OPENSSL_STACK *a);
void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *));
- OPENSSL_STACK *q_OPENSSL_sk_new_null();
+@@ -212,6 +219,20 @@ OPENSSL_STACK *q_OPENSSL_sk_new_null();
void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data);
void q_OPENSSL_sk_free(OPENSSL_STACK *a);
void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b);
@@ -269,7 +225,7 @@ http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_ope
int q_SSL_session_reused(SSL *a);
qssloptions q_SSL_CTX_set_options(SSL_CTX *ctx, qssloptions op);
int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
-@@ -237,8 +261,14 @@ STACK_OF(X509) *q_X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
+@@ -237,8 +258,13 @@ STACK_OF(X509) *q_X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
# define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
@@ -280,11 +236,10 @@ http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_ope
+#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
+#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
+#endif // LIBRESSL_VERSION_NUMBER
-+
#define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
| OPENSSL_INIT_ADD_ALL_DIGESTS \
-@@ -423,12 +453,14 @@ int q_SSL_CTX_use_certificate_file(SSL_CTX *a, const char *b, int c);
+@@ -423,12 +449,14 @@ int q_SSL_CTX_use_certificate_file(SSL_CTX *a, const char *b, int c);
int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b);
int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
@@ -299,7 +254,7 @@ http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_ope
void q_SSL_free(SSL *a);
STACK_OF(SSL_CIPHER) *q_SSL_get_ciphers(const SSL *a);
const SSL_CIPHER *q_SSL_get_current_cipher(SSL *a);
-@@ -536,14 +568,26 @@ void q_PKCS12_free(PKCS12 *pkcs12);
+@@ -536,14 +564,26 @@ void q_PKCS12_free(PKCS12 *pkcs12);
#define q_BIO_get_mem_data(b, pp) (int)q_BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
#define q_BIO_pending(b) (int)q_BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
#define q_SSL_CTX_set_mode(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
@@ -326,23 +281,11 @@ http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_ope
#define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i))
#define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \
q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
-@@ -645,7 +689,11 @@ int q_OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *n
- int q_OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, ASN1_OCTET_STRING **pikeyHash,
- ASN1_INTEGER **pserial, OCSP_CERTID *cid);
-
-+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050000fL
-+#define q_OCSP_resp_get0_certs(bs) ((bs)->certs)
-+#else
- const STACK_OF(X509) *q_OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
-+#endif
- OCSP_CERTID *q_OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
- void q_OCSP_CERTID_free(OCSP_CERTID *cid);
- int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
-@@ -664,8 +712,13 @@ int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+@@ -664,8 +704,13 @@ int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
void *q_CRYPTO_malloc(size_t num, const char *file, int line);
#define q_OPENSSL_malloc(num) q_CRYPTO_malloc(num, "", 0)
-+#ifndef LIBRESSL_VERSION_NUMBER
++#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
void q_CRYPTO_free(void *str, const char *file, int line);
# define q_OPENSSL_free(addr) q_CRYPTO_free(addr, "", 0)
+#else
@@ -352,18 +295,6 @@ http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_ope
int q_CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len);
void q_SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val));
-@@ -729,7 +782,11 @@ int q_EVP_PKEY_set1_DH(EVP_PKEY *a, DH *b);
-
- int q_DH_bits(DH *dh);
- int q_RSA_bits(RSA *a);
-+#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x3050000fL)
-+#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p)
-+#else
- int q_DSA_bits(DSA *a);
-+#endif
-
- int q_EVP_PKEY_assign(EVP_PKEY *a, int b, void *r);
- int q_EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
--- a/src/plugins/tls/openssl/qtls_openssl.cpp
+++ b/src/plugins/tls/openssl/qtls_openssl.cpp
@@ -1438,13 +1438,13 @@ bool TlsCryptographOpenSSL::initSslContext()
@@ -384,63 +315,39 @@ http://cvsweb.openbsd.org/ports/x11/qt6/qtbase/patches/patch-src_plugins_tls_ope
--- a/src/plugins/tls/openssl/qx509_openssl.cpp
+++ b/src/plugins/tls/openssl/qx509_openssl.cpp
-@@ -64,7 +64,12 @@ QMultiMap<QByteArray, QString> mapFromX509Name(X509_NAME *name)
+@@ -64,7 +64,11 @@ QMultiMap<QByteArray, QString> mapFromX509Name(X509_NAME *name)
unsigned char *data = nullptr;
int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
info.insert(name, QString::fromUtf8((char*)data, size));
-- q_CRYPTO_free(data, nullptr, 0);
-+#if QT_CONFIG(opensslv11) && !defined(LIBRESSL_VERSION_NUMBER)
-+ q_CRYPTO_free(data, nullptr, 0);
++#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
+ q_CRYPTO_free(data, nullptr, 0);
+#else
-+ q_CRYPTO_free(data);
++ q_CRYPTO_free(data);
+#endif
-+
}
return info;
-@@ -75,11 +80,27 @@ QDateTime dateTimeFromASN1(const ASN1_TIME *aTime)
- QDateTime result;
- tm lTime;
-
-+#ifdef LIBRESSL_VERSION_NUMBER
-+ const char *data;
-+ size_t len;
-+ int type;
-+
-+ data = (const char*)ASN1_STRING_get0_data((const ASN1_STRING *)aTime);
-+ len = ASN1_STRING_length(aTime);
-+ type = ASN1_STRING_type(aTime);
-+
-+ if (ASN1_time_parse(data, len, &lTime, type) == type) {
-+ QDate resDate(lTime.tm_year + 1900, lTime.tm_mon + 1, lTime.tm_mday);
-+ QTime resTime(lTime.tm_hour, lTime.tm_min, lTime.tm_sec);
-+ result = QDateTime(resDate, resTime, Qt::UTC);
-+ }
-+#else
- if (q_ASN1_TIME_to_tm(aTime, &lTime)) {
- QDate resDate(lTime.tm_year + 1900, lTime.tm_mon + 1, lTime.tm_mday);
- QTime resTime(lTime.tm_hour, lTime.tm_min, lTime.tm_sec);
- result = QDateTime(resDate, resTime, QTimeZone::UTC);
- }
-+#endif
-
- return result;
- }
-@@ -190,7 +211,7 @@ QVariant x509UnknownExtensionToValue(X509_EXTENSION *ext)
+@@ -190,7 +194,11 @@ QVariant x509UnknownExtensionToValue(X509_EXTENSION *ext)
QVariantList list;
bool isMap = false;
-- for (int j = 0; j < q_SKM_sk_num(val); j++) {
++#if defined(LIBRESSL_VERSION_NUMBER)
+ for (int j = 0; j < q_SKM_sk_num(CONF_VALUE, val); j++) {
++#else
+ for (int j = 0; j < q_SKM_sk_num(val); j++) {
++#endif
CONF_VALUE *nval = q_SKM_sk_value(CONF_VALUE, val, j);
if (nval->name && nval->value) {
isMap = true;
-@@ -286,7 +307,7 @@ QVariant x509ExtensionToValue(X509_EXTENSION *ext)
+@@ -286,7 +294,11 @@ QVariant x509ExtensionToValue(X509_EXTENSION *ext)
if (!info)
return {};
QVariantMap result;
-- for (int i=0; i < q_SKM_sk_num(info); i++) {
++#if defined(LIBRESSL_VERSION_NUMBER)
+ for (int i=0; i < q_SKM_sk_num(ACCESS_DESCRIPTION, info); i++) {
++#else
+ for (int i=0; i < q_SKM_sk_num(info); i++) {
++#endif
ACCESS_DESCRIPTION *ad = q_SKM_sk_value(ACCESS_DESCRIPTION, info, i);
GENERAL_NAME *name = ad->location;
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-03-11 0:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-18 13:22 [gentoo-commits] repo/proj/libressl:master commit in: dev-qt/qtbase/files/ orbea
-- strict thread matches above, loose matches on Subject: below --
2024-03-11 0:42 orbea
2024-01-31 0:07 orbea
2023-06-13 3:27 orbea
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox