UPDATE: security/qca-qt5
Simple update to the latest stable version. LibreSSL patch update from
Stefan Strogin (Gentoo). No dynamic export changes.
Feedback? OK?
Index: Makefile
===
RCS file: /cvs/ports/security/qca-qt5/Makefile,v
retrieving revision 1.7
diff -u -p -u -p -r1.7 Makefile
--- Makefile29 Jun 2020 05:07:55 - 1.7
+++ Makefile10 Sep 2020 04:59:42 -
@@ -2,7 +2,7 @@
# separate port for Qt5 because it's too different from Qt4 case
COMMENT = Qt Cryptographic Architecture
-V =2.3.0
+V =2.3.1
DISTNAME = qca-${V}
PKGNAME = qca-qt5-${V}
CATEGORIES = security
Index: distinfo
===
RCS file: /cvs/ports/security/qca-qt5/distinfo,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 distinfo
--- distinfo29 Jun 2020 05:07:55 - 1.3
+++ distinfo10 Sep 2020 04:59:42 -
@@ -1,2 +1,2 @@
-SHA256 (qca-2.3.0.tar.xz) = HWjvQaG2Hcl4a+uSOmiQKmJ2p3zO1eXqf/mF7xE5Mtc=
-SIZE (qca-2.3.0.tar.xz) = 729504
+SHA256 (qca-2.3.1.tar.xz) = wThREJq+/EYjNwmJ+uOnRb9rGss8KhOolYU5gj6XTks=
+SIZE (qca-2.3.1.tar.xz) = 725984
Index: patches/patch-plugins_qca-ossl_qca-ossl_cpp
===
RCS file:
/cvs/ports/security/qca-qt5/patches/patch-plugins_qca-ossl_qca-ossl_cpp,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 patch-plugins_qca-ossl_qca-ossl_cpp
--- patches/patch-plugins_qca-ossl_qca-ossl_cpp 29 Jun 2020 05:07:56 -
1.2
+++ patches/patch-plugins_qca-ossl_qca-ossl_cpp 10 Sep 2020 04:59:42 -
@@ -19,7 +19,7 @@ Index: plugins/qca-ossl/qca-ossl.cpp
using namespace QCA;
-@@ -1255,6 +1261,7 @@ class opensslPbkdf2Context : public KDFContext (public
+@@ -1262,6 +1268,7 @@ class opensslPbkdf2Context : public KDFContext (public
protected:
};
@@ -27,7 +27,7 @@ Index: plugins/qca-ossl/qca-ossl.cpp
class opensslHkdfContext : public HKDFContext
{
Q_OBJECT
-@@ -1284,6 +1291,7 @@ class opensslHkdfContext : public HKDFContext (public)
+@@ -1291,6 +1298,7 @@ class opensslHkdfContext : public HKDFContext (public)
return out;
}
};
@@ -35,7 +35,43 @@ Index: plugins/qca-ossl/qca-ossl.cpp
class opensslHMACContext : public MACContext
{
-@@ -7268,7 +7276,9 @@ class opensslProvider : public Provider (public)
+@@ -4990,7 +4998,11 @@ class MyTLSContext : public TLSContext (public)
+ case TLS::TLS_v1:
+ ctx = SSL_CTX_new(TLS_client_method());
+ SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
++#ifdef TLS1_3_VERSION
+ SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);
++#else
++ SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
++#endif
+ break;
+ case TLS::DTLS_v1:
+ default:
+@@ -5011,7 +5023,11 @@ class MyTLSContext : public TLSContext (public)
+ QStringList cipherList;
+ for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
+ const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk,
i);
++#ifndef LIBRESSL_VERSION_NUMBER
+ cipherList +=
QString::fromLatin1(SSL_CIPHER_standard_name(thisCipher));
++#else
++ cipherList +=
QString::fromLatin1(SSL_CIPHER_get_name(thisCipher));
++#endif
+ }
+ sk_SSL_CIPHER_free(sk);
+
+@@ -5404,7 +5420,11 @@ class MyTLSContext : public TLSContext (public)
+ sessInfo.version = TLS::TLS_v1;
+ }
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ sessInfo.cipherSuite =
QString::fromLatin1(SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl)));
++#else
++ sessInfo.cipherSuite =
QString::fromLatin1(SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)));
++#endif
+
+ sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl,
&(sessInfo.cipherBits));
+
+@@ -6751,7 +6771,9 @@ class opensslProvider : public Provider (public)
#endif
list += QStringLiteral("pbkdf1(sha1)");
list += QStringLiteral("pbkdf2(sha1)");
@@ -45,7 +81,7 @@ Index: plugins/qca-ossl/qca-ossl.cpp
list += QStringLiteral("pkey");
list += QStringLiteral("dlgroup");
list += QStringLiteral("rsa");
-@@ -7337,8 +7347,10 @@ class opensslProvider : public Provider (public)
+@@ -6820,8 +6842,10 @@ class opensslProvider : public Provider (public)
#endif
else if ( type == QLatin1String("pbkdf2(sha1)") )
return new opensslPbkdf2Context( this, type );
UPDATE: security/qca-qt5
Update qca-qt5 to 2.3.0
- Rmove useless botan patch. We have not activate the botan plugin.
- Sync LibreSSL patches from Stefan Strog
- Bump shared lib version, symbols were removed
Index: Makefile
===
RCS file: /cvs/ports/security/qca-qt5/Makefile,v
retrieving revision 1.6
diff -u -p -u -p -r1.6 Makefile
--- Makefile28 Nov 2019 17:44:07 - 1.6
+++ Makefile22 May 2020 09:40:06 -
@@ -2,12 +2,12 @@
# separate port for Qt5 because it's too different from Qt4 case
COMMENT = Qt Cryptographic Architecture
-V =2.2.1
+V =2.3.0
DISTNAME = qca-${V}
PKGNAME = qca-qt5-${V}
CATEGORIES = security
-SHARED_LIBS = qca-qt5 0.1
+SHARED_LIBS = qca-qt5 1.0
HOMEPAGE = https://userbase.kde.org/QCA
@@ -32,8 +32,7 @@ CONFIGURE_ARGS = -DCMAKE_INSTALL_PREFIX=
-DBUILD_PLUGINS="none" \
-DCMAKE_DISABLE_FIND_PACKAGE_Doxygen=ON \
-DQCA_SUFFIX=qt5 \
- -Dqca_CERTSTORE=/etc/ssl/cert.pem \
- -DQT4_BUILD=OFF
+ -Dqca_CERTSTORE=/etc/ssl/cert.pem
# Enable plugins (qca checks for "yes")
CONFIGURE_ARGS += -DWITH_ossl_PLUGIN=yes
Index: distinfo
===
RCS file: /cvs/ports/security/qca-qt5/distinfo,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 distinfo
--- distinfo28 Nov 2019 17:44:07 - 1.2
+++ distinfo22 May 2020 09:40:06 -
@@ -1,2 +1,2 @@
-SHA256 (qca-2.2.1.tar.xz) = 1xbS2OPtjZW72wYfAwgdfQMiBvdGowpNKdchlvUOewI=
-SIZE (qca-2.2.1.tar.xz) = 691676
+SHA256 (qca-2.3.0.tar.xz) = HWjvQaG2Hcl4a+uSOmiQKmJ2p3zO1eXqf/mF7xE5Mtc=
+SIZE (qca-2.3.0.tar.xz) = 729504
Index: patches/patch-plugins_qca-botan_CMakeLists_txt
===
RCS file: patches/patch-plugins_qca-botan_CMakeLists_txt
diff -N patches/patch-plugins_qca-botan_CMakeLists_txt
--- patches/patch-plugins_qca-botan_CMakeLists_txt 28 Nov 2019 17:44:07
- 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,15 +0,0 @@
-$OpenBSD: patch-plugins_qca-botan_CMakeLists_txt,v 1.1 2019/11/28 17:44:07
rsadowski Exp $
-
-Fix qca-botan linking.
-
-Index: plugins/qca-botan/CMakeLists.txt
plugins/qca-botan/CMakeLists.txt.orig
-+++ plugins/qca-botan/CMakeLists.txt
-@@ -16,6 +16,7 @@ if(BOTAN_FOUND)
- set_property(TARGET qca-botan PROPERTY SUFFIX ".dylib")
- endif()
-
-+ target_link_directories(qca-botan PRIVATE ${BOTAN_LIBRARY_DIRS})
- target_link_libraries(qca-botan ${QT_QTCORE_LIBRARY} ${QCA_LIB_NAME}
${BOTAN_LIBRARIES})
-
- if(NOT DEVELOPER_MODE)
Index: patches/patch-plugins_qca-ossl_ossl110-compat_h
===
RCS file: patches/patch-plugins_qca-ossl_ossl110-compat_h
diff -N patches/patch-plugins_qca-ossl_ossl110-compat_h
--- patches/patch-plugins_qca-ossl_ossl110-compat_h 28 Nov 2019 17:44:07
- 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,30 +0,0 @@
-$OpenBSD: patch-plugins_qca-ossl_ossl110-compat_h,v 1.1 2019/11/28 17:44:07
rsadowski Exp $
-
-LibreSSL 3.0.x support from Stefan Strogin
-
-Index: plugins/qca-ossl/ossl110-compat.h
plugins/qca-ossl/ossl110-compat.h.orig
-+++ plugins/qca-ossl/ossl110-compat.h
-@@ -205,22 +205,6 @@ static int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int
- return 1;
- }
-
--static int RSA_meth_set_sign(RSA_METHOD *meth, int (*sign) (int type, const
unsigned char *m,
--unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const
RSA *rsa))
--{
--if (!meth) return 0;
--meth->rsa_sign = sign;
--return 1;
--}
--
--static int RSA_meth_set_verify(RSA_METHOD *meth, int (*verify) (int dtype,
const unsigned char *m,
--unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen,
const RSA *rsa))
--{
--if (!meth) return 0;
--meth->rsa_verify = verify;
--return 1;
--}
--
- static int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
- {
- if (!meth) return 0;
Index: patches/patch-plugins_qca-ossl_qca-ossl_cpp
===
RCS file:
/cvs/ports/security/qca-qt5/patches/patch-plugins_qca-ossl_qca-ossl_cpp,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 patch-plugins_qca-ossl_qca-ossl_cpp
--- patches/patch-plugins_qca-ossl_qca-ossl_cpp 28 Nov 2019 17:44:07 -
1.1
+++ patches/patch-plugins_qca-ossl_qca-ossl_cpp 22 May 2020 09:40:06 -
@@ -5,36 +5,54 @@ LibreSSL 3.0.x support from Stefan Strog
Index: plugins/qca-ossl/qca-ossl.cpp
--- plugins/qca-ossl/qca-ossl.cpp.orig
+++ plugins/qca-ossl/qca-ossl.cpp
-@@ -62,12 +62,12 @@
- #endif
-
- // OpenSSL 1.1.0 compatibility macros
--#ifdef OSSL_110
-+#if defined(OSSL_110) && !defined(LIBRESSL_VERSION_NUMBER)
- #define M_ASN1_IA5STRING_new()
Re: UPDATE: security/qca-qt5
On Sun, Nov 10, 2019 at 11:07:51AM +0100, Landry Breuil wrote: > On Sun, Nov 10, 2019 at 10:37:40AM +0100, Rafael Sadowski wrote: > > Please find below a simple update to the latest stable version of QCA. > > LibreSSL patches from Gentoo developer Stefan Strogin from here: > > https://github.com/gentoo/libressl/commit/3e69b18db758fe808a7bcdf339504c80a84cb241 > > "Trusted source" -- tb@ > > > > I also added a patch from FreeBSD to fix linking botan. (Tested but botan > > is disabled for now). Other notable changes: > > > > - Only new exports added so bump minor. > > - Cleanup WANTLIB > > - Fix MASTER_SITE URL > > - Cleanup plugin configuration > > > > Tested with net/konversation and #freenode via SSL. > > blows for me - does it need a newer version of libressl ? > or requires openssl from ports ? builds much better once i correctly apply the patches. Now testbuilding qgis against it...
Re: UPDATE: security/qca-qt5
On Sun, Nov 10, 2019 at 10:37:40AM +0100, Rafael Sadowski wrote: > Please find below a simple update to the latest stable version of QCA. > LibreSSL patches from Gentoo developer Stefan Strogin from here: > https://github.com/gentoo/libressl/commit/3e69b18db758fe808a7bcdf339504c80a84cb241 > "Trusted source" -- tb@ > > I also added a patch from FreeBSD to fix linking botan. (Tested but botan > is disabled for now). Other notable changes: > > - Only new exports added so bump minor. > - Cleanup WANTLIB > - Fix MASTER_SITE URL > - Cleanup plugin configuration > > Tested with net/konversation and #freenode via SSL. blows for me - does it need a newer version of libressl ? or requires openssl from ports ? /usr/obj/ports/qca-qt5-2.2.1/bin/c++ -DHAVE_OPENSSL_AES_CCM -DHAVE_OPENSSL_AES_CTR -DHAVE_OPENSSL_AES_GCM -DQCA_SYSTEMSTORE_PATH=\"/etc/ssl/cert.pem\" -DQT_CORE_LIB -DQT_DISABLE_DEPRECATED_BEFORE=0 -DQT_NO_DEBUG -Dqca_ossl_EXPORTS -Iplugins/qca-ossl -I/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl -I/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/include/QtCrypto -I. -I/usr/local/include/X11/qt5/QtNetwork -isystem /usr/local/include/X11/qt5 -isystem /usr/local/include/X11/qt5/QtCore -isystem /usr/local/lib/qt5/./mkspecs/openbsd-clang -O2 -pipe -DNDEBUG -fPIC -fPIC -MD -MT plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o -MF plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o.d -o plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o -c /usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp /usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp:66:9: warning: 'M_ASN1_IA5STRING_new' macro redefined [-Wmacro-redefined] #define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new() ^ /usr/include/openssl/asn1.h:575:9: note: previous definition is here #define M_ASN1_IA5STRING_new ASN1_IA5STRING_new ^ /usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp:67:9: warning: 'RSA_F_RSA_EAY_PRIVATE_DECRYPT' macro redefined [-Wmacro-redefined] #define RSA_F_RSA_EAY_PRIVATE_DECRYPT RSA_F_RSA_OSSL_PRIVATE_DECRYPT ^ /usr/include/openssl/rsa.h:581:9: note: previous definition is here #define RSA_F_RSA_EAY_PRIVATE_DECRYPT101 ^ /usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp:71:10: fatal error: 'openssl/kdf.h' file not found #include
UPDATE: security/qca-qt5
Please find below a simple update to the latest stable version of QCA.
LibreSSL patches from Gentoo developer Stefan Strogin from here:
https://github.com/gentoo/libressl/commit/3e69b18db758fe808a7bcdf339504c80a84cb241
"Trusted source" -- tb@
I also added a patch from FreeBSD to fix linking botan. (Tested but botan
is disabled for now). Other notable changes:
- Only new exports added so bump minor.
- Cleanup WANTLIB
- Fix MASTER_SITE URL
- Cleanup plugin configuration
Tested with net/konversation and #freenode via SSL.
OK?
Index: Makefile
===
RCS file: /cvs/ports/security/qca-qt5/Makefile,v
retrieving revision 1.5
diff -u -p -u -p -r1.5 Makefile
--- Makefile12 Jul 2019 20:49:35 - 1.5
+++ Makefile10 Nov 2019 09:26:16 -
@@ -2,25 +2,22 @@
# separate port for Qt5 because it's too different from Qt4 case
COMMENT = Qt Cryptographic Architecture
-V =2.1.3
+V =2.2.1
DISTNAME = qca-${V}
PKGNAME = qca-qt5-${V}
CATEGORIES = security
-REVISION = 2
-SHARED_LIBS = qca-qt5 0.0
+SHARED_LIBS = qca-qt5 0.1
HOMEPAGE = https://userbase.kde.org/QCA
# LGPLv2.1
PERMIT_PACKAGE = Yes
-WANTLIB += Qt5Core c m pthread
-WANTLIB += ${COMPILER_LIBCXX}
-WANTLIB += crypto ssl
+WANTLIB += ${COMPILER_LIBCXX} Qt5Core c crypto m ssl
+MASTER_SITES = ${MASTER_SITE_KDE:=stable/qca/${V}/}
EXTRACT_SUFX = .tar.xz
-MASTER_SITES = ${MASTER_SITE_KDE:=stable/qca/${V}/src/}
MODULES = devel/cmake \
x11/qt5
@@ -32,10 +29,13 @@ CONFIGURE_ARGS =-DCMAKE_INSTALL_PREFIX=
-DQCA_MAN_INSTALL_DIR=${LOCALBASE}/man \
-DQCA_BINARY_INSTALL_DIR=${PREFIX}/bin \
-DQCA_FEATURE_INSTALL_DIR=${MODQT_LIBDIR}/mkspecs/features \
- -DBUILD_PLUGINS="ossl" \
- -DCMAKE_DISABLE_FIND_PACKAGE_Doxygen:Bool=ON \
+ -DBUILD_PLUGINS="none" \
+ -DCMAKE_DISABLE_FIND_PACKAGE_Doxygen=ON \
-DQCA_SUFFIX=qt5 \
-Dqca_CERTSTORE=/etc/ssl/cert.pem \
- -DQT4_BUILD:Bool=OFF
+ -DQT4_BUILD=OFF
+
+# Enable plugins (qca checks for "yes")
+CONFIGURE_ARGS += -DWITH_ossl_PLUGIN=yes
.include
Index: distinfo
===
RCS file: /cvs/ports/security/qca-qt5/distinfo,v
retrieving revision 1.1.1.1
diff -u -p -u -p -r1.1.1.1 distinfo
--- distinfo20 Jul 2017 18:34:41 - 1.1.1.1
+++ distinfo10 Nov 2019 09:26:16 -
@@ -1,2 +1,2 @@
-SHA256 (qca-2.1.3.tar.xz) = AD/YajJCEFegOxioFo21LilAl4+dteu7agiIL4qx41M=
-SIZE (qca-2.1.3.tar.xz) = 686340
+SHA256 (qca-2.2.1.tar.xz) = 1xbS2OPtjZW72wYfAwgdfQMiBvdGowpNKdchlvUOewI=
+SIZE (qca-2.2.1.tar.xz) = 691676
Index: patches/patch-plugins_qca-botan_CMakeLists_txt
===
RCS file: patches/patch-plugins_qca-botan_CMakeLists_txt
diff -N patches/patch-plugins_qca-botan_CMakeLists_txt
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-plugins_qca-botan_CMakeLists_txt 10 Nov 2019 09:26:16
-
@@ -0,0 +1,15 @@
+$OpenBSD$
+
+Fix qca-botan linking.
+
+Index: plugins/qca-botan/CMakeLists.txt
+--- plugins/qca-botan/CMakeLists.txt.orig
plugins/qca-botan/CMakeLists.txt
+@@ -16,6 +16,7 @@ if(BOTAN_FOUND)
+ set_property(TARGET qca-botan PROPERTY SUFFIX ".dylib")
+ endif()
+
++ target_link_directories(qca-botan PRIVATE ${BOTAN_LIBRARY_DIRS})
+ target_link_libraries(qca-botan ${QT_QTCORE_LIBRARY} ${QCA_LIB_NAME}
${BOTAN_LIBRARIES})
+
+ if(NOT DEVELOPER_MODE)
Index: patches/patch-plugins_qca-ossl_ossl110-compat_h
===
RCS file: patches/patch-plugins_qca-ossl_ossl110-compat_h
diff -N patches/patch-plugins_qca-ossl_ossl110-compat_h
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-plugins_qca-ossl_ossl110-compat_h 10 Nov 2019 09:26:16
-
@@ -0,0 +1,30 @@
+$OpenBSD$
+
+LibreSSL 3.0.x support from Stefan Strogin
+
+Index: plugins/qca-ossl/ossl110-compat.h
+--- plugins/qca-ossl/ossl110-compat.h.orig
plugins/qca-ossl/ossl110-compat.h
+@@ -205,22 +205,6 @@ static int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int
+ return 1;
+ }
+
+-static int RSA_meth_set_sign(RSA_METHOD *meth, int (*sign) (int type, const
unsigned char *m,
+-unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const
RSA *rsa))
+-{
+-if (!meth) return 0;
+-meth->rsa_sign = sign;
+-return 1;
+-}
+-
+-static int RSA_meth_set_verify(RSA_METHOD *meth, int (*verify) (int dtype,
const unsigned char *m,
+-unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen,
const RSA *rsa))
+-{
+-if (!meth) return 0;
+-meth->rsa_verify =
