UPDATE: security/qca-qt5
Simple update to the latest stable version. LibreSSL patch update from Stefan Strogin (Gentoo). No dynamic export changes. Feedback? OK? Index: Makefile === RCS file: /cvs/ports/security/qca-qt5/Makefile,v retrieving revision 1.7 diff -u -p -u -p -r1.7 Makefile --- Makefile29 Jun 2020 05:07:55 - 1.7 +++ Makefile10 Sep 2020 04:59:42 - @@ -2,7 +2,7 @@ # separate port for Qt5 because it's too different from Qt4 case COMMENT = Qt Cryptographic Architecture -V =2.3.0 +V =2.3.1 DISTNAME = qca-${V} PKGNAME = qca-qt5-${V} CATEGORIES = security Index: distinfo === RCS file: /cvs/ports/security/qca-qt5/distinfo,v retrieving revision 1.3 diff -u -p -u -p -r1.3 distinfo --- distinfo29 Jun 2020 05:07:55 - 1.3 +++ distinfo10 Sep 2020 04:59:42 - @@ -1,2 +1,2 @@ -SHA256 (qca-2.3.0.tar.xz) = HWjvQaG2Hcl4a+uSOmiQKmJ2p3zO1eXqf/mF7xE5Mtc= -SIZE (qca-2.3.0.tar.xz) = 729504 +SHA256 (qca-2.3.1.tar.xz) = wThREJq+/EYjNwmJ+uOnRb9rGss8KhOolYU5gj6XTks= +SIZE (qca-2.3.1.tar.xz) = 725984 Index: patches/patch-plugins_qca-ossl_qca-ossl_cpp === RCS file: /cvs/ports/security/qca-qt5/patches/patch-plugins_qca-ossl_qca-ossl_cpp,v retrieving revision 1.2 diff -u -p -u -p -r1.2 patch-plugins_qca-ossl_qca-ossl_cpp --- patches/patch-plugins_qca-ossl_qca-ossl_cpp 29 Jun 2020 05:07:56 - 1.2 +++ patches/patch-plugins_qca-ossl_qca-ossl_cpp 10 Sep 2020 04:59:42 - @@ -19,7 +19,7 @@ Index: plugins/qca-ossl/qca-ossl.cpp using namespace QCA; -@@ -1255,6 +1261,7 @@ class opensslPbkdf2Context : public KDFContext (public +@@ -1262,6 +1268,7 @@ class opensslPbkdf2Context : public KDFContext (public protected: }; @@ -27,7 +27,7 @@ Index: plugins/qca-ossl/qca-ossl.cpp class opensslHkdfContext : public HKDFContext { Q_OBJECT -@@ -1284,6 +1291,7 @@ class opensslHkdfContext : public HKDFContext (public) +@@ -1291,6 +1298,7 @@ class opensslHkdfContext : public HKDFContext (public) return out; } }; @@ -35,7 +35,43 @@ Index: plugins/qca-ossl/qca-ossl.cpp class opensslHMACContext : public MACContext { -@@ -7268,7 +7276,9 @@ class opensslProvider : public Provider (public) +@@ -4990,7 +4998,11 @@ class MyTLSContext : public TLSContext (public) + case TLS::TLS_v1: + ctx = SSL_CTX_new(TLS_client_method()); + SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); ++#ifdef TLS1_3_VERSION + SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); ++#else ++ SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION); ++#endif + break; + case TLS::DTLS_v1: + default: +@@ -5011,7 +5023,11 @@ class MyTLSContext : public TLSContext (public) + QStringList cipherList; + for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) { + const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i); ++#ifndef LIBRESSL_VERSION_NUMBER + cipherList += QString::fromLatin1(SSL_CIPHER_standard_name(thisCipher)); ++#else ++ cipherList += QString::fromLatin1(SSL_CIPHER_get_name(thisCipher)); ++#endif + } + sk_SSL_CIPHER_free(sk); + +@@ -5404,7 +5420,11 @@ class MyTLSContext : public TLSContext (public) + sessInfo.version = TLS::TLS_v1; + } + ++#ifndef LIBRESSL_VERSION_NUMBER + sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl))); ++#else ++ sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_get_name(SSL_get_current_cipher(ssl))); ++#endif + + sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits)); + +@@ -6751,7 +6771,9 @@ class opensslProvider : public Provider (public) #endif list += QStringLiteral("pbkdf1(sha1)"); list += QStringLiteral("pbkdf2(sha1)"); @@ -45,7 +81,7 @@ Index: plugins/qca-ossl/qca-ossl.cpp list += QStringLiteral("pkey"); list += QStringLiteral("dlgroup"); list += QStringLiteral("rsa"); -@@ -7337,8 +7347,10 @@ class opensslProvider : public Provider (public) +@@ -6820,8 +6842,10 @@ class opensslProvider : public Provider (public) #endif else if ( type == QLatin1String("pbkdf2(sha1)") ) return new opensslPbkdf2Context( this, type );
UPDATE: security/qca-qt5
Update qca-qt5 to 2.3.0 - Rmove useless botan patch. We have not activate the botan plugin. - Sync LibreSSL patches from Stefan Strog - Bump shared lib version, symbols were removed Index: Makefile === RCS file: /cvs/ports/security/qca-qt5/Makefile,v retrieving revision 1.6 diff -u -p -u -p -r1.6 Makefile --- Makefile28 Nov 2019 17:44:07 - 1.6 +++ Makefile22 May 2020 09:40:06 - @@ -2,12 +2,12 @@ # separate port for Qt5 because it's too different from Qt4 case COMMENT = Qt Cryptographic Architecture -V =2.2.1 +V =2.3.0 DISTNAME = qca-${V} PKGNAME = qca-qt5-${V} CATEGORIES = security -SHARED_LIBS = qca-qt5 0.1 +SHARED_LIBS = qca-qt5 1.0 HOMEPAGE = https://userbase.kde.org/QCA @@ -32,8 +32,7 @@ CONFIGURE_ARGS = -DCMAKE_INSTALL_PREFIX= -DBUILD_PLUGINS="none" \ -DCMAKE_DISABLE_FIND_PACKAGE_Doxygen=ON \ -DQCA_SUFFIX=qt5 \ - -Dqca_CERTSTORE=/etc/ssl/cert.pem \ - -DQT4_BUILD=OFF + -Dqca_CERTSTORE=/etc/ssl/cert.pem # Enable plugins (qca checks for "yes") CONFIGURE_ARGS += -DWITH_ossl_PLUGIN=yes Index: distinfo === RCS file: /cvs/ports/security/qca-qt5/distinfo,v retrieving revision 1.2 diff -u -p -u -p -r1.2 distinfo --- distinfo28 Nov 2019 17:44:07 - 1.2 +++ distinfo22 May 2020 09:40:06 - @@ -1,2 +1,2 @@ -SHA256 (qca-2.2.1.tar.xz) = 1xbS2OPtjZW72wYfAwgdfQMiBvdGowpNKdchlvUOewI= -SIZE (qca-2.2.1.tar.xz) = 691676 +SHA256 (qca-2.3.0.tar.xz) = HWjvQaG2Hcl4a+uSOmiQKmJ2p3zO1eXqf/mF7xE5Mtc= +SIZE (qca-2.3.0.tar.xz) = 729504 Index: patches/patch-plugins_qca-botan_CMakeLists_txt === RCS file: patches/patch-plugins_qca-botan_CMakeLists_txt diff -N patches/patch-plugins_qca-botan_CMakeLists_txt --- patches/patch-plugins_qca-botan_CMakeLists_txt 28 Nov 2019 17:44:07 - 1.1 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,15 +0,0 @@ -$OpenBSD: patch-plugins_qca-botan_CMakeLists_txt,v 1.1 2019/11/28 17:44:07 rsadowski Exp $ - -Fix qca-botan linking. - -Index: plugins/qca-botan/CMakeLists.txt plugins/qca-botan/CMakeLists.txt.orig -+++ plugins/qca-botan/CMakeLists.txt -@@ -16,6 +16,7 @@ if(BOTAN_FOUND) - set_property(TARGET qca-botan PROPERTY SUFFIX ".dylib") - endif() - -+ target_link_directories(qca-botan PRIVATE ${BOTAN_LIBRARY_DIRS}) - target_link_libraries(qca-botan ${QT_QTCORE_LIBRARY} ${QCA_LIB_NAME} ${BOTAN_LIBRARIES}) - - if(NOT DEVELOPER_MODE) Index: patches/patch-plugins_qca-ossl_ossl110-compat_h === RCS file: patches/patch-plugins_qca-ossl_ossl110-compat_h diff -N patches/patch-plugins_qca-ossl_ossl110-compat_h --- patches/patch-plugins_qca-ossl_ossl110-compat_h 28 Nov 2019 17:44:07 - 1.1 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,30 +0,0 @@ -$OpenBSD: patch-plugins_qca-ossl_ossl110-compat_h,v 1.1 2019/11/28 17:44:07 rsadowski Exp $ - -LibreSSL 3.0.x support from Stefan Strogin - -Index: plugins/qca-ossl/ossl110-compat.h plugins/qca-ossl/ossl110-compat.h.orig -+++ plugins/qca-ossl/ossl110-compat.h -@@ -205,22 +205,6 @@ static int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int - return 1; - } - --static int RSA_meth_set_sign(RSA_METHOD *meth, int (*sign) (int type, const unsigned char *m, --unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa)) --{ --if (!meth) return 0; --meth->rsa_sign = sign; --return 1; --} -- --static int RSA_meth_set_verify(RSA_METHOD *meth, int (*verify) (int dtype, const unsigned char *m, --unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)) --{ --if (!meth) return 0; --meth->rsa_verify = verify; --return 1; --} -- - static int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) - { - if (!meth) return 0; Index: patches/patch-plugins_qca-ossl_qca-ossl_cpp === RCS file: /cvs/ports/security/qca-qt5/patches/patch-plugins_qca-ossl_qca-ossl_cpp,v retrieving revision 1.1 diff -u -p -u -p -r1.1 patch-plugins_qca-ossl_qca-ossl_cpp --- patches/patch-plugins_qca-ossl_qca-ossl_cpp 28 Nov 2019 17:44:07 - 1.1 +++ patches/patch-plugins_qca-ossl_qca-ossl_cpp 22 May 2020 09:40:06 - @@ -5,36 +5,54 @@ LibreSSL 3.0.x support from Stefan Strog Index: plugins/qca-ossl/qca-ossl.cpp --- plugins/qca-ossl/qca-ossl.cpp.orig +++ plugins/qca-ossl/qca-ossl.cpp -@@ -62,12 +62,12 @@ - #endif - - // OpenSSL 1.1.0 compatibility macros --#ifdef OSSL_110 -+#if defined(OSSL_110) && !defined(LIBRESSL_VERSION_NUMBER) - #define M_ASN1_IA5STRING_new()
Re: UPDATE: security/qca-qt5
On Sun, Nov 10, 2019 at 11:07:51AM +0100, Landry Breuil wrote: > On Sun, Nov 10, 2019 at 10:37:40AM +0100, Rafael Sadowski wrote: > > Please find below a simple update to the latest stable version of QCA. > > LibreSSL patches from Gentoo developer Stefan Strogin from here: > > https://github.com/gentoo/libressl/commit/3e69b18db758fe808a7bcdf339504c80a84cb241 > > "Trusted source" -- tb@ > > > > I also added a patch from FreeBSD to fix linking botan. (Tested but botan > > is disabled for now). Other notable changes: > > > > - Only new exports added so bump minor. > > - Cleanup WANTLIB > > - Fix MASTER_SITE URL > > - Cleanup plugin configuration > > > > Tested with net/konversation and #freenode via SSL. > > blows for me - does it need a newer version of libressl ? > or requires openssl from ports ? builds much better once i correctly apply the patches. Now testbuilding qgis against it...
Re: UPDATE: security/qca-qt5
On Sun, Nov 10, 2019 at 10:37:40AM +0100, Rafael Sadowski wrote: > Please find below a simple update to the latest stable version of QCA. > LibreSSL patches from Gentoo developer Stefan Strogin from here: > https://github.com/gentoo/libressl/commit/3e69b18db758fe808a7bcdf339504c80a84cb241 > "Trusted source" -- tb@ > > I also added a patch from FreeBSD to fix linking botan. (Tested but botan > is disabled for now). Other notable changes: > > - Only new exports added so bump minor. > - Cleanup WANTLIB > - Fix MASTER_SITE URL > - Cleanup plugin configuration > > Tested with net/konversation and #freenode via SSL. blows for me - does it need a newer version of libressl ? or requires openssl from ports ? /usr/obj/ports/qca-qt5-2.2.1/bin/c++ -DHAVE_OPENSSL_AES_CCM -DHAVE_OPENSSL_AES_CTR -DHAVE_OPENSSL_AES_GCM -DQCA_SYSTEMSTORE_PATH=\"/etc/ssl/cert.pem\" -DQT_CORE_LIB -DQT_DISABLE_DEPRECATED_BEFORE=0 -DQT_NO_DEBUG -Dqca_ossl_EXPORTS -Iplugins/qca-ossl -I/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl -I/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/include/QtCrypto -I. -I/usr/local/include/X11/qt5/QtNetwork -isystem /usr/local/include/X11/qt5 -isystem /usr/local/include/X11/qt5/QtCore -isystem /usr/local/lib/qt5/./mkspecs/openbsd-clang -O2 -pipe -DNDEBUG -fPIC -fPIC -MD -MT plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o -MF plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o.d -o plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o -c /usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp /usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp:66:9: warning: 'M_ASN1_IA5STRING_new' macro redefined [-Wmacro-redefined] #define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new() ^ /usr/include/openssl/asn1.h:575:9: note: previous definition is here #define M_ASN1_IA5STRING_new ASN1_IA5STRING_new ^ /usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp:67:9: warning: 'RSA_F_RSA_EAY_PRIVATE_DECRYPT' macro redefined [-Wmacro-redefined] #define RSA_F_RSA_EAY_PRIVATE_DECRYPT RSA_F_RSA_OSSL_PRIVATE_DECRYPT ^ /usr/include/openssl/rsa.h:581:9: note: previous definition is here #define RSA_F_RSA_EAY_PRIVATE_DECRYPT101 ^ /usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp:71:10: fatal error: 'openssl/kdf.h' file not found #include
UPDATE: security/qca-qt5
Please find below a simple update to the latest stable version of QCA. LibreSSL patches from Gentoo developer Stefan Strogin from here: https://github.com/gentoo/libressl/commit/3e69b18db758fe808a7bcdf339504c80a84cb241 "Trusted source" -- tb@ I also added a patch from FreeBSD to fix linking botan. (Tested but botan is disabled for now). Other notable changes: - Only new exports added so bump minor. - Cleanup WANTLIB - Fix MASTER_SITE URL - Cleanup plugin configuration Tested with net/konversation and #freenode via SSL. OK? Index: Makefile === RCS file: /cvs/ports/security/qca-qt5/Makefile,v retrieving revision 1.5 diff -u -p -u -p -r1.5 Makefile --- Makefile12 Jul 2019 20:49:35 - 1.5 +++ Makefile10 Nov 2019 09:26:16 - @@ -2,25 +2,22 @@ # separate port for Qt5 because it's too different from Qt4 case COMMENT = Qt Cryptographic Architecture -V =2.1.3 +V =2.2.1 DISTNAME = qca-${V} PKGNAME = qca-qt5-${V} CATEGORIES = security -REVISION = 2 -SHARED_LIBS = qca-qt5 0.0 +SHARED_LIBS = qca-qt5 0.1 HOMEPAGE = https://userbase.kde.org/QCA # LGPLv2.1 PERMIT_PACKAGE = Yes -WANTLIB += Qt5Core c m pthread -WANTLIB += ${COMPILER_LIBCXX} -WANTLIB += crypto ssl +WANTLIB += ${COMPILER_LIBCXX} Qt5Core c crypto m ssl +MASTER_SITES = ${MASTER_SITE_KDE:=stable/qca/${V}/} EXTRACT_SUFX = .tar.xz -MASTER_SITES = ${MASTER_SITE_KDE:=stable/qca/${V}/src/} MODULES = devel/cmake \ x11/qt5 @@ -32,10 +29,13 @@ CONFIGURE_ARGS =-DCMAKE_INSTALL_PREFIX= -DQCA_MAN_INSTALL_DIR=${LOCALBASE}/man \ -DQCA_BINARY_INSTALL_DIR=${PREFIX}/bin \ -DQCA_FEATURE_INSTALL_DIR=${MODQT_LIBDIR}/mkspecs/features \ - -DBUILD_PLUGINS="ossl" \ - -DCMAKE_DISABLE_FIND_PACKAGE_Doxygen:Bool=ON \ + -DBUILD_PLUGINS="none" \ + -DCMAKE_DISABLE_FIND_PACKAGE_Doxygen=ON \ -DQCA_SUFFIX=qt5 \ -Dqca_CERTSTORE=/etc/ssl/cert.pem \ - -DQT4_BUILD:Bool=OFF + -DQT4_BUILD=OFF + +# Enable plugins (qca checks for "yes") +CONFIGURE_ARGS += -DWITH_ossl_PLUGIN=yes .include Index: distinfo === RCS file: /cvs/ports/security/qca-qt5/distinfo,v retrieving revision 1.1.1.1 diff -u -p -u -p -r1.1.1.1 distinfo --- distinfo20 Jul 2017 18:34:41 - 1.1.1.1 +++ distinfo10 Nov 2019 09:26:16 - @@ -1,2 +1,2 @@ -SHA256 (qca-2.1.3.tar.xz) = AD/YajJCEFegOxioFo21LilAl4+dteu7agiIL4qx41M= -SIZE (qca-2.1.3.tar.xz) = 686340 +SHA256 (qca-2.2.1.tar.xz) = 1xbS2OPtjZW72wYfAwgdfQMiBvdGowpNKdchlvUOewI= +SIZE (qca-2.2.1.tar.xz) = 691676 Index: patches/patch-plugins_qca-botan_CMakeLists_txt === RCS file: patches/patch-plugins_qca-botan_CMakeLists_txt diff -N patches/patch-plugins_qca-botan_CMakeLists_txt --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-plugins_qca-botan_CMakeLists_txt 10 Nov 2019 09:26:16 - @@ -0,0 +1,15 @@ +$OpenBSD$ + +Fix qca-botan linking. + +Index: plugins/qca-botan/CMakeLists.txt +--- plugins/qca-botan/CMakeLists.txt.orig plugins/qca-botan/CMakeLists.txt +@@ -16,6 +16,7 @@ if(BOTAN_FOUND) + set_property(TARGET qca-botan PROPERTY SUFFIX ".dylib") + endif() + ++ target_link_directories(qca-botan PRIVATE ${BOTAN_LIBRARY_DIRS}) + target_link_libraries(qca-botan ${QT_QTCORE_LIBRARY} ${QCA_LIB_NAME} ${BOTAN_LIBRARIES}) + + if(NOT DEVELOPER_MODE) Index: patches/patch-plugins_qca-ossl_ossl110-compat_h === RCS file: patches/patch-plugins_qca-ossl_ossl110-compat_h diff -N patches/patch-plugins_qca-ossl_ossl110-compat_h --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-plugins_qca-ossl_ossl110-compat_h 10 Nov 2019 09:26:16 - @@ -0,0 +1,30 @@ +$OpenBSD$ + +LibreSSL 3.0.x support from Stefan Strogin + +Index: plugins/qca-ossl/ossl110-compat.h +--- plugins/qca-ossl/ossl110-compat.h.orig plugins/qca-ossl/ossl110-compat.h +@@ -205,22 +205,6 @@ static int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int + return 1; + } + +-static int RSA_meth_set_sign(RSA_METHOD *meth, int (*sign) (int type, const unsigned char *m, +-unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa)) +-{ +-if (!meth) return 0; +-meth->rsa_sign = sign; +-return 1; +-} +- +-static int RSA_meth_set_verify(RSA_METHOD *meth, int (*verify) (int dtype, const unsigned char *m, +-unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)) +-{ +-if (!meth) return 0; +-meth->rsa_verify =