UPDATE: security/qca-qt5

2020-09-11 Thread Rafael Sadowski
Simple update to the latest stable version. LibreSSL patch update from
Stefan Strogin (Gentoo). No dynamic export changes.

Feedback? OK?


Index: Makefile
===
RCS file: /cvs/ports/security/qca-qt5/Makefile,v
retrieving revision 1.7
diff -u -p -u -p -r1.7 Makefile
--- Makefile29 Jun 2020 05:07:55 -  1.7
+++ Makefile10 Sep 2020 04:59:42 -
@@ -2,7 +2,7 @@
 # separate port for Qt5 because it's too different from Qt4 case
 COMMENT =  Qt Cryptographic Architecture
 
-V =2.3.0
+V =2.3.1
 DISTNAME = qca-${V}
 PKGNAME =  qca-qt5-${V}
 CATEGORIES =   security
Index: distinfo
===
RCS file: /cvs/ports/security/qca-qt5/distinfo,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 distinfo
--- distinfo29 Jun 2020 05:07:55 -  1.3
+++ distinfo10 Sep 2020 04:59:42 -
@@ -1,2 +1,2 @@
-SHA256 (qca-2.3.0.tar.xz) = HWjvQaG2Hcl4a+uSOmiQKmJ2p3zO1eXqf/mF7xE5Mtc=
-SIZE (qca-2.3.0.tar.xz) = 729504
+SHA256 (qca-2.3.1.tar.xz) = wThREJq+/EYjNwmJ+uOnRb9rGss8KhOolYU5gj6XTks=
+SIZE (qca-2.3.1.tar.xz) = 725984
Index: patches/patch-plugins_qca-ossl_qca-ossl_cpp
===
RCS file: 
/cvs/ports/security/qca-qt5/patches/patch-plugins_qca-ossl_qca-ossl_cpp,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 patch-plugins_qca-ossl_qca-ossl_cpp
--- patches/patch-plugins_qca-ossl_qca-ossl_cpp 29 Jun 2020 05:07:56 -  
1.2
+++ patches/patch-plugins_qca-ossl_qca-ossl_cpp 10 Sep 2020 04:59:42 -
@@ -19,7 +19,7 @@ Index: plugins/qca-ossl/qca-ossl.cpp
  
  using namespace QCA;
  
-@@ -1255,6 +1261,7 @@ class opensslPbkdf2Context : public KDFContext (public
+@@ -1262,6 +1268,7 @@ class opensslPbkdf2Context : public KDFContext (public
  protected:
  };
  
@@ -27,7 +27,7 @@ Index: plugins/qca-ossl/qca-ossl.cpp
  class opensslHkdfContext : public HKDFContext
  {
  Q_OBJECT
-@@ -1284,6 +1291,7 @@ class opensslHkdfContext : public HKDFContext (public)
+@@ -1291,6 +1298,7 @@ class opensslHkdfContext : public HKDFContext (public)
return out;
}
  };
@@ -35,7 +35,43 @@ Index: plugins/qca-ossl/qca-ossl.cpp
  
  class opensslHMACContext : public MACContext
  {
-@@ -7268,7 +7276,9 @@ class opensslProvider : public Provider (public)
+@@ -4990,7 +4998,11 @@ class MyTLSContext : public TLSContext (public)
+   case TLS::TLS_v1:
+   ctx = SSL_CTX_new(TLS_client_method());
+   SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
++#ifdef TLS1_3_VERSION
+   SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);
++#else
++  SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
++#endif
+   break;
+   case TLS::DTLS_v1:
+   default:
+@@ -5011,7 +5023,11 @@ class MyTLSContext : public TLSContext (public)
+   QStringList cipherList;
+   for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
+   const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, 
i);
++#ifndef LIBRESSL_VERSION_NUMBER
+   cipherList += 
QString::fromLatin1(SSL_CIPHER_standard_name(thisCipher));
++#else
++  cipherList += 
QString::fromLatin1(SSL_CIPHER_get_name(thisCipher));
++#endif
+   }
+   sk_SSL_CIPHER_free(sk);
+ 
+@@ -5404,7 +5420,11 @@ class MyTLSContext : public TLSContext (public)
+   sessInfo.version = TLS::TLS_v1;
+   }
+ 
++#ifndef LIBRESSL_VERSION_NUMBER
+   sessInfo.cipherSuite = 
QString::fromLatin1(SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl)));
++#else
++  sessInfo.cipherSuite = 
QString::fromLatin1(SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)));
++#endif
+ 
+   sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, 
&(sessInfo.cipherBits));
+ 
+@@ -6751,7 +6771,9 @@ class opensslProvider : public Provider (public)
  #endif
list += QStringLiteral("pbkdf1(sha1)");
list += QStringLiteral("pbkdf2(sha1)");
@@ -45,7 +81,7 @@ Index: plugins/qca-ossl/qca-ossl.cpp
list += QStringLiteral("pkey");
list += QStringLiteral("dlgroup");
list += QStringLiteral("rsa");
-@@ -7337,8 +7347,10 @@ class opensslProvider : public Provider (public)
+@@ -6820,8 +6842,10 @@ class opensslProvider : public Provider (public)
  #endif
else if ( type == QLatin1String("pbkdf2(sha1)") )
return new opensslPbkdf2Context( this, type );



UPDATE: security/qca-qt5

2020-05-22 Thread Rafael Sadowski
Update qca-qt5 to 2.3.0

- Rmove useless botan patch. We have not activate the botan plugin.
- Sync LibreSSL patches from Stefan Strog
- Bump shared lib version, symbols were removed

Index: Makefile
===
RCS file: /cvs/ports/security/qca-qt5/Makefile,v
retrieving revision 1.6
diff -u -p -u -p -r1.6 Makefile
--- Makefile28 Nov 2019 17:44:07 -  1.6
+++ Makefile22 May 2020 09:40:06 -
@@ -2,12 +2,12 @@
 # separate port for Qt5 because it's too different from Qt4 case
 COMMENT =  Qt Cryptographic Architecture
 
-V =2.2.1
+V =2.3.0
 DISTNAME = qca-${V}
 PKGNAME =  qca-qt5-${V}
 CATEGORIES =   security
 
-SHARED_LIBS =  qca-qt5 0.1
+SHARED_LIBS =  qca-qt5 1.0
 
 HOMEPAGE = https://userbase.kde.org/QCA
 
@@ -32,8 +32,7 @@ CONFIGURE_ARGS =  -DCMAKE_INSTALL_PREFIX=
-DBUILD_PLUGINS="none" \
-DCMAKE_DISABLE_FIND_PACKAGE_Doxygen=ON \
-DQCA_SUFFIX=qt5 \
-   -Dqca_CERTSTORE=/etc/ssl/cert.pem \
-   -DQT4_BUILD=OFF
+   -Dqca_CERTSTORE=/etc/ssl/cert.pem
 
 # Enable plugins (qca checks for "yes")
 CONFIGURE_ARGS +=  -DWITH_ossl_PLUGIN=yes
Index: distinfo
===
RCS file: /cvs/ports/security/qca-qt5/distinfo,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 distinfo
--- distinfo28 Nov 2019 17:44:07 -  1.2
+++ distinfo22 May 2020 09:40:06 -
@@ -1,2 +1,2 @@
-SHA256 (qca-2.2.1.tar.xz) = 1xbS2OPtjZW72wYfAwgdfQMiBvdGowpNKdchlvUOewI=
-SIZE (qca-2.2.1.tar.xz) = 691676
+SHA256 (qca-2.3.0.tar.xz) = HWjvQaG2Hcl4a+uSOmiQKmJ2p3zO1eXqf/mF7xE5Mtc=
+SIZE (qca-2.3.0.tar.xz) = 729504
Index: patches/patch-plugins_qca-botan_CMakeLists_txt
===
RCS file: patches/patch-plugins_qca-botan_CMakeLists_txt
diff -N patches/patch-plugins_qca-botan_CMakeLists_txt
--- patches/patch-plugins_qca-botan_CMakeLists_txt  28 Nov 2019 17:44:07 
-  1.1
+++ /dev/null   1 Jan 1970 00:00:00 -
@@ -1,15 +0,0 @@
-$OpenBSD: patch-plugins_qca-botan_CMakeLists_txt,v 1.1 2019/11/28 17:44:07 
rsadowski Exp $
-
-Fix qca-botan linking.
-
-Index: plugins/qca-botan/CMakeLists.txt
 plugins/qca-botan/CMakeLists.txt.orig
-+++ plugins/qca-botan/CMakeLists.txt
-@@ -16,6 +16,7 @@ if(BOTAN_FOUND)
- set_property(TARGET qca-botan  PROPERTY SUFFIX ".dylib")
-   endif()
- 
-+  target_link_directories(qca-botan PRIVATE ${BOTAN_LIBRARY_DIRS})
-   target_link_libraries(qca-botan ${QT_QTCORE_LIBRARY} ${QCA_LIB_NAME} 
${BOTAN_LIBRARIES})
- 
-   if(NOT DEVELOPER_MODE)
Index: patches/patch-plugins_qca-ossl_ossl110-compat_h
===
RCS file: patches/patch-plugins_qca-ossl_ossl110-compat_h
diff -N patches/patch-plugins_qca-ossl_ossl110-compat_h
--- patches/patch-plugins_qca-ossl_ossl110-compat_h 28 Nov 2019 17:44:07 
-  1.1
+++ /dev/null   1 Jan 1970 00:00:00 -
@@ -1,30 +0,0 @@
-$OpenBSD: patch-plugins_qca-ossl_ossl110-compat_h,v 1.1 2019/11/28 17:44:07 
rsadowski Exp $
-
-LibreSSL 3.0.x support from Stefan Strogin 
-
-Index: plugins/qca-ossl/ossl110-compat.h
 plugins/qca-ossl/ossl110-compat.h.orig
-+++ plugins/qca-ossl/ossl110-compat.h
-@@ -205,22 +205,6 @@ static int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int 
- return 1;
- }
- 
--static int RSA_meth_set_sign(RSA_METHOD *meth, int (*sign) (int type, const 
unsigned char *m,
--unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const 
RSA *rsa))
--{
--if (!meth) return 0;
--meth->rsa_sign = sign;
--return 1;
--}
--
--static int RSA_meth_set_verify(RSA_METHOD *meth, int (*verify) (int dtype, 
const unsigned char *m,
--unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, 
const RSA *rsa))
--{
--if (!meth) return 0;
--meth->rsa_verify = verify;
--return 1;
--}
--
- static int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
- {
- if (!meth) return 0;
Index: patches/patch-plugins_qca-ossl_qca-ossl_cpp
===
RCS file: 
/cvs/ports/security/qca-qt5/patches/patch-plugins_qca-ossl_qca-ossl_cpp,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 patch-plugins_qca-ossl_qca-ossl_cpp
--- patches/patch-plugins_qca-ossl_qca-ossl_cpp 28 Nov 2019 17:44:07 -  
1.1
+++ patches/patch-plugins_qca-ossl_qca-ossl_cpp 22 May 2020 09:40:06 -
@@ -5,36 +5,54 @@ LibreSSL 3.0.x support from Stefan Strog
 Index: plugins/qca-ossl/qca-ossl.cpp
 --- plugins/qca-ossl/qca-ossl.cpp.orig
 +++ plugins/qca-ossl/qca-ossl.cpp
-@@ -62,12 +62,12 @@
- #endif
- 
- // OpenSSL 1.1.0 compatibility macros
--#ifdef OSSL_110
-+#if defined(OSSL_110) && !defined(LIBRESSL_VERSION_NUMBER)
- #define M_ASN1_IA5STRING_new() 

Re: UPDATE: security/qca-qt5

2019-11-10 Thread Landry Breuil
On Sun, Nov 10, 2019 at 11:07:51AM +0100, Landry Breuil wrote:
> On Sun, Nov 10, 2019 at 10:37:40AM +0100, Rafael Sadowski wrote:
> > Please find below a simple update to the latest stable version of QCA.
> > LibreSSL patches from Gentoo developer Stefan Strogin from here:
> > https://github.com/gentoo/libressl/commit/3e69b18db758fe808a7bcdf339504c80a84cb241
> > "Trusted source" -- tb@
> > 
> > I also added a patch from FreeBSD to fix linking botan. (Tested but botan
> > is disabled for now). Other notable changes:
> > 
> > - Only new exports added so bump minor.
> > - Cleanup WANTLIB
> > - Fix MASTER_SITE URL
> > - Cleanup plugin configuration
> > 
> > Tested with net/konversation and #freenode via SSL.
> 
> blows for me - does it need a newer version of libressl ?
> or requires openssl from ports ?

builds much better once i correctly apply the patches. Now testbuilding
qgis against it...



Re: UPDATE: security/qca-qt5

2019-11-10 Thread Landry Breuil
On Sun, Nov 10, 2019 at 10:37:40AM +0100, Rafael Sadowski wrote:
> Please find below a simple update to the latest stable version of QCA.
> LibreSSL patches from Gentoo developer Stefan Strogin from here:
> https://github.com/gentoo/libressl/commit/3e69b18db758fe808a7bcdf339504c80a84cb241
> "Trusted source" -- tb@
> 
> I also added a patch from FreeBSD to fix linking botan. (Tested but botan
> is disabled for now). Other notable changes:
> 
> - Only new exports added so bump minor.
> - Cleanup WANTLIB
> - Fix MASTER_SITE URL
> - Cleanup plugin configuration
> 
> Tested with net/konversation and #freenode via SSL.

blows for me - does it need a newer version of libressl ?
or requires openssl from ports ?

/usr/obj/ports/qca-qt5-2.2.1/bin/c++  -DHAVE_OPENSSL_AES_CCM 
-DHAVE_OPENSSL_AES_CTR -DHAVE_OPENSSL_AES_GCM 
-DQCA_SYSTEMSTORE_PATH=\"/etc/ssl/cert.pem\" -DQT_CORE_LIB 
-DQT_DISABLE_DEPRECATED_BEFORE=0 -DQT_NO_DEBUG -Dqca_ossl_EXPORTS 
-Iplugins/qca-ossl -I/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl 
-I/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/include/QtCrypto -I. 
-I/usr/local/include/X11/qt5/QtNetwork -isystem /usr/local/include/X11/qt5 
-isystem /usr/local/include/X11/qt5/QtCore -isystem 
/usr/local/lib/qt5/./mkspecs/openbsd-clang -O2 -pipe -DNDEBUG -fPIC   -fPIC -MD 
-MT plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o -MF 
plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o.d -o 
plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o -c 
/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp
/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp:66:9: 
warning: 'M_ASN1_IA5STRING_new' macro redefined [-Wmacro-redefined]
#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
^
/usr/include/openssl/asn1.h:575:9: note: previous definition is here
#define M_ASN1_IA5STRING_new ASN1_IA5STRING_new
^
/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp:67:9: 
warning: 'RSA_F_RSA_EAY_PRIVATE_DECRYPT' macro redefined [-Wmacro-redefined]
#define RSA_F_RSA_EAY_PRIVATE_DECRYPT RSA_F_RSA_OSSL_PRIVATE_DECRYPT
^
/usr/include/openssl/rsa.h:581:9: note: previous definition is here
#define RSA_F_RSA_EAY_PRIVATE_DECRYPT101
^
/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp:71:10: 
fatal error: 'openssl/kdf.h' file not found
#include 



UPDATE: security/qca-qt5

2019-11-10 Thread Rafael Sadowski
Please find below a simple update to the latest stable version of QCA.
LibreSSL patches from Gentoo developer Stefan Strogin from here:
https://github.com/gentoo/libressl/commit/3e69b18db758fe808a7bcdf339504c80a84cb241
"Trusted source" -- tb@

I also added a patch from FreeBSD to fix linking botan. (Tested but botan
is disabled for now). Other notable changes:

- Only new exports added so bump minor.
- Cleanup WANTLIB
- Fix MASTER_SITE URL
- Cleanup plugin configuration

Tested with net/konversation and #freenode via SSL.

OK?

Index: Makefile
===
RCS file: /cvs/ports/security/qca-qt5/Makefile,v
retrieving revision 1.5
diff -u -p -u -p -r1.5 Makefile
--- Makefile12 Jul 2019 20:49:35 -  1.5
+++ Makefile10 Nov 2019 09:26:16 -
@@ -2,25 +2,22 @@
 # separate port for Qt5 because it's too different from Qt4 case
 COMMENT =  Qt Cryptographic Architecture
 
-V =2.1.3
+V =2.2.1
 DISTNAME = qca-${V}
 PKGNAME =  qca-qt5-${V}
 CATEGORIES =   security
-REVISION = 2
 
-SHARED_LIBS =  qca-qt5 0.0
+SHARED_LIBS =  qca-qt5 0.1
 
 HOMEPAGE = https://userbase.kde.org/QCA
 
 # LGPLv2.1
 PERMIT_PACKAGE =   Yes
 
-WANTLIB += Qt5Core c m pthread
-WANTLIB += ${COMPILER_LIBCXX}
-WANTLIB += crypto ssl
+WANTLIB += ${COMPILER_LIBCXX} Qt5Core c crypto m ssl
 
+MASTER_SITES = ${MASTER_SITE_KDE:=stable/qca/${V}/}
 EXTRACT_SUFX = .tar.xz
-MASTER_SITES = ${MASTER_SITE_KDE:=stable/qca/${V}/src/}
 
 MODULES =  devel/cmake \
x11/qt5
@@ -32,10 +29,13 @@ CONFIGURE_ARGS =-DCMAKE_INSTALL_PREFIX=
-DQCA_MAN_INSTALL_DIR=${LOCALBASE}/man \
-DQCA_BINARY_INSTALL_DIR=${PREFIX}/bin \

-DQCA_FEATURE_INSTALL_DIR=${MODQT_LIBDIR}/mkspecs/features \
-   -DBUILD_PLUGINS="ossl" \
-   -DCMAKE_DISABLE_FIND_PACKAGE_Doxygen:Bool=ON \
+   -DBUILD_PLUGINS="none" \
+   -DCMAKE_DISABLE_FIND_PACKAGE_Doxygen=ON \
-DQCA_SUFFIX=qt5 \
-Dqca_CERTSTORE=/etc/ssl/cert.pem \
-   -DQT4_BUILD:Bool=OFF
+   -DQT4_BUILD=OFF
+
+# Enable plugins (qca checks for "yes")
+CONFIGURE_ARGS +=  -DWITH_ossl_PLUGIN=yes
 
 .include 
Index: distinfo
===
RCS file: /cvs/ports/security/qca-qt5/distinfo,v
retrieving revision 1.1.1.1
diff -u -p -u -p -r1.1.1.1 distinfo
--- distinfo20 Jul 2017 18:34:41 -  1.1.1.1
+++ distinfo10 Nov 2019 09:26:16 -
@@ -1,2 +1,2 @@
-SHA256 (qca-2.1.3.tar.xz) = AD/YajJCEFegOxioFo21LilAl4+dteu7agiIL4qx41M=
-SIZE (qca-2.1.3.tar.xz) = 686340
+SHA256 (qca-2.2.1.tar.xz) = 1xbS2OPtjZW72wYfAwgdfQMiBvdGowpNKdchlvUOewI=
+SIZE (qca-2.2.1.tar.xz) = 691676
Index: patches/patch-plugins_qca-botan_CMakeLists_txt
===
RCS file: patches/patch-plugins_qca-botan_CMakeLists_txt
diff -N patches/patch-plugins_qca-botan_CMakeLists_txt
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-plugins_qca-botan_CMakeLists_txt  10 Nov 2019 09:26:16 
-
@@ -0,0 +1,15 @@
+$OpenBSD$
+
+Fix qca-botan linking.
+
+Index: plugins/qca-botan/CMakeLists.txt
+--- plugins/qca-botan/CMakeLists.txt.orig
 plugins/qca-botan/CMakeLists.txt
+@@ -16,6 +16,7 @@ if(BOTAN_FOUND)
+ set_property(TARGET qca-botan  PROPERTY SUFFIX ".dylib")
+   endif()
+ 
++  target_link_directories(qca-botan PRIVATE ${BOTAN_LIBRARY_DIRS})
+   target_link_libraries(qca-botan ${QT_QTCORE_LIBRARY} ${QCA_LIB_NAME} 
${BOTAN_LIBRARIES})
+ 
+   if(NOT DEVELOPER_MODE)
Index: patches/patch-plugins_qca-ossl_ossl110-compat_h
===
RCS file: patches/patch-plugins_qca-ossl_ossl110-compat_h
diff -N patches/patch-plugins_qca-ossl_ossl110-compat_h
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-plugins_qca-ossl_ossl110-compat_h 10 Nov 2019 09:26:16 
-
@@ -0,0 +1,30 @@
+$OpenBSD$
+
+LibreSSL 3.0.x support from Stefan Strogin 
+
+Index: plugins/qca-ossl/ossl110-compat.h
+--- plugins/qca-ossl/ossl110-compat.h.orig
 plugins/qca-ossl/ossl110-compat.h
+@@ -205,22 +205,6 @@ static int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int 
+ return 1;
+ }
+ 
+-static int RSA_meth_set_sign(RSA_METHOD *meth, int (*sign) (int type, const 
unsigned char *m,
+-unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const 
RSA *rsa))
+-{
+-if (!meth) return 0;
+-meth->rsa_sign = sign;
+-return 1;
+-}
+-
+-static int RSA_meth_set_verify(RSA_METHOD *meth, int (*verify) (int dtype, 
const unsigned char *m,
+-unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, 
const RSA *rsa))
+-{
+-if (!meth) return 0;
+-meth->rsa_verify =