Index: net/qt4-network/Makefile =================================================================== --- net/qt4-network/Makefile +++ net/qt4-network/Makefile @@ -3,7 +3,7 @@ PORTNAME= network DISTVERSION= ${QT4_VERSION} -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= net ipv6 PKGNAMEPREFIX= qt4- @@ -13,9 +13,6 @@ LICENSE= GPLv3 LGPL21 LGPL3 GFDL LICENSE_COMB= dual -BROKEN_SSL= openssl-devel -BROKEN_SSL_REASON_openssl-devel= error: member access into incomplete type 'RSA' (aka 'rsa_st') - RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss USES= qmake:no_env qt-dist:4 ssl Index: net/qt4-network/files/patch-src_network_ssl_qsslcertificate.cpp =================================================================== --- /dev/null +++ net/qt4-network/files/patch-src_network_ssl_qsslcertificate.cpp @@ -0,0 +1,80 @@ +--- src/network/ssl/qsslcertificate.cpp.orig 2015-05-07 14:14:44 UTC ++++ src/network/ssl/qsslcertificate.cpp +@@ -260,8 +260,13 @@ QByteArray QSslCertificate::version() co + { + QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); + if (d->versionString.isEmpty() && d->x509) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ d->versionString = ++ QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1); ++#else + d->versionString = + QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1); ++#endif + + return d->versionString; + } +@@ -276,7 +281,11 @@ QByteArray QSslCertificate::serialNumber + { + QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); + if (d->serialNumberString.isEmpty() && d->x509) { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509); ++#else + ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber; ++#endif + // if we cannot convert to a long, just output the hexadecimal number + if (serialNumber->length > 4) { + QByteArray hexString; +@@ -489,19 +498,37 @@ QSslKey QSslCertificate::publicKey() con + QSslKey key; + + key.d->type = QSsl::PublicKey; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_PKEY *pkey = q_X509_get_pubkey(d->x509); ++#else + X509_PUBKEY *xkey = d->x509->cert_info->key; + EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey); ++#endif + Q_ASSERT(pkey); + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ int keyType = q_EVP_PKEY_type(q_EVP_PKEY_base_id(pkey)); ++ ++ if (keyType == EVP_PKEY_RSA) { ++#else + if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) { ++#endif + key.d->rsa = q_EVP_PKEY_get1_RSA(pkey); + key.d->algorithm = QSsl::Rsa; + key.d->isNull = false; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ } else if (keyType == EVP_PKEY_DSA) { ++#else + } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { ++#endif + key.d->dsa = q_EVP_PKEY_get1_DSA(pkey); + key.d->algorithm = QSsl::Dsa; + key.d->isNull = false; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ } else if (keyType == EVP_PKEY_DH) { ++#else + } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) { ++#endif + // DH unsupported + } else { + // error? +@@ -698,8 +725,13 @@ QSslCertificate QSslCertificatePrivate:: + if (!x509 || !QSslSocket::supportsSsl()) + return certificate; + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ const ASN1_TIME *nbef = q_X509_get0_notBefore(x509); ++ const ASN1_TIME *naft = q_X509_get0_notAfter(x509); ++#else + ASN1_TIME *nbef = q_X509_get_notBefore(x509); + ASN1_TIME *naft = q_X509_get_notAfter(x509); ++#endif + certificate.d->notValidBefore = q_getTimeFromASN1(nbef); + certificate.d->notValidAfter = q_getTimeFromASN1(naft); + certificate.d->null = false; Index: net/qt4-network/files/patch-src_network_ssl_qsslkey.cpp =================================================================== --- /dev/null +++ net/qt4-network/files/patch-src_network_ssl_qsslkey.cpp @@ -0,0 +1,16 @@ +--- src/network/ssl/qsslkey.cpp.orig 2015-05-07 14:14:44 UTC ++++ src/network/ssl/qsslkey.cpp +@@ -321,8 +321,13 @@ int QSslKey::length() const + { + if (d->isNull) + return -1; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++ return (d->algorithm == QSsl::Rsa) ++ ? q_RSA_bits(d->rsa) : q_DSA_bits(d->dsa); ++#else + return (d->algorithm == QSsl::Rsa) + ? q_BN_num_bits(d->rsa->n) : q_BN_num_bits(d->dsa->p); ++#endif + } + + /*! Index: net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp =================================================================== --- net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp +++ net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp @@ -1,8 +1,31 @@ * Make availability of SSLv3 in Qt4 same as in Qt5, i.e. not part of SecureProtocols * + --- src/network/ssl/qsslsocket_openssl.cpp.orig 2015-05-07 14:14:44 UTC +++ src/network/ssl/qsslsocket_openssl.cpp -@@ -267,9 +267,13 @@ init_context: +@@ -222,9 +222,12 @@ QSslCipher QSslSocketBackendPrivate::QSs + ciph.d->encryptionMethod = descriptionList.at(4).mid(4); + ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export")); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + ciph.d->bits = cipher->strength_bits; + ciph.d->supportedBits = cipher->alg_bits; +- ++#else ++ ciph.d->bits = q_SSL_CIPHER_get_bits(cipher, &ciph.d->supportedBits); ++#endif + } + return ciph; + } +@@ -260,16 +263,20 @@ bool QSslSocketBackendPrivate::initSslCo + init_context: + switch (configuration.protocol) { + case QSsl::SslV2: +-#ifndef OPENSSL_NO_SSL2 ++#if OPENSSL_VERSION_NUMBER <= 0x1010000L && !defined(OPENSSL_NO_SSL2) + ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); + #else + ctx = 0; // SSL 2 not supported by the system, but chosen deliberately -> error #endif break; case QSsl::SslV3: @@ -17,7 +40,7 @@ case QSsl::TlsV1SslV3: // SslV2 will be disabled below case QSsl::AnyProtocol: default: -@@ -297,8 +301,10 @@ init_context: +@@ -297,8 +304,10 @@ init_context: // Enable bug workarounds. long options; @@ -29,3 +52,31 @@ else options = SSL_OP_ALL; +@@ -363,7 +372,7 @@ init_context: + // + // See also: QSslContext::fromConfiguration() + if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) { +- q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle()); ++ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509 *)caCertificate.handle()); + } + } + +@@ -659,13 +668,11 @@ void QSslSocketPrivate::resetDefaultCiph + STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl); + for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) { + if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) { +- if (cipher->valid) { +- QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher); +- if (!ciph.isNull()) { +- if (!ciph.name().toLower().startsWith(QLatin1String("adh"))) +- ciphers << ciph; +- } +- } ++ QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher); ++ if (!ciph.isNull()) { ++ if (!ciph.name().toLower().startsWith(QLatin1String("adh"))) ++ ciphers << ciph; ++ } + } + } + Index: net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp =================================================================== --- net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp +++ net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp @@ -3,7 +3,32 @@ * --- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2015-05-07 14:14:44 UTC +++ src/network/ssl/qsslsocket_openssl_symbols.cpp -@@ -511,9 +511,9 @@ static QPair loadO +@@ -287,6 +287,24 @@ DEFINEFUNC(void, OPENSSL_add_all_algorit + DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return) + DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return) + ++// Obtained from Arch Linux, ++// https://git.archlinux.org/svntogit/packages.git/tree/trunk/qt4-openssl-1.1.patch?h=packages/qt4 ++DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *ctx, ctx, return 0, return) ++DEFINEFUNC(ASN1_INTEGER *, X509_get_serialNumber, X509 *x, x, return 0, return) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++DEFINEFUNC(int, EVP_PKEY_id, const EVP_PKEY *pkey, pkey, return 0, return) ++DEFINEFUNC(int, EVP_PKEY_base_id, const EVP_PKEY *pkey, pkey, return 0, return) ++DEFINEFUNC2(int, SSL_CIPHER_get_bits, const SSL_CIPHER *cipher, cipher, int *alg_bits, alg_bits, return 0, return) ++DEFINEFUNC2(long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, long options, options, return 0, return) ++DEFINEFUNC(long, X509_get_version, X509 *x, x, return 0, return) ++DEFINEFUNC(X509_PUBKEY *, X509_get_X509_PUBKEY, X509 *x, x, return 0, return) ++DEFINEFUNC(int, RSA_bits, const RSA *rsa, rsa, return 0, return) ++DEFINEFUNC(int, DSA_security_bits, const DSA *dsa, dsa, return 0, return) ++DEFINEFUNC(const ASN1_TIME *, X509_get0_notAfter, X509 *x, x, return 0, return) ++DEFINEFUNC(const ASN1_TIME *, X509_get0_notBefore, X509 *x, x, return 0, return) ++DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, BIGNUM **p, p, BIGNUM **q, q, BIGNUM **g, g, return, return) ++#endif ++ + #ifdef Q_OS_SYMBIAN + #define RESOLVEFUNC(func, ordinal, lib) \ + if (!(_q_##func = _q_PTR_##func(lib->resolve(#ordinal)))) \ +@@ -511,9 +529,9 @@ static QPair loadO libcrypto->setLoadHints(libcrypto->loadHints() | QLibrary::ImprovedSearchHeuristics); #elif defined(SHLIB_VERSION_NUMBER) // first attempt: the canonical name is libssl.so. @@ -15,7 +40,7 @@ libcrypto->setLoadHints(libcrypto->loadHints() | QLibrary::ImprovedSearchHeuristics); if (libcrypto->load() && libssl->load()) { // libssl.so. and libcrypto.so. found -@@ -525,8 +525,8 @@ static QPair loadO +@@ -525,8 +543,8 @@ static QPair loadO #endif // second attempt: find the development files libssl.so and libcrypto.so @@ -26,3 +51,30 @@ if (libcrypto->load() && libssl->load()) { // libssl.so.0 and libcrypto.so.0 found return pair; +@@ -871,6 +889,26 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(OPENSSL_add_all_algorithms_conf) + RESOLVEFUNC(SSL_CTX_load_verify_locations) + RESOLVEFUNC(SSLeay) ++ ++ // Obtained from Arch Linux, ++ // https://git.archlinux.org/svntogit/packages.git/tree/trunk/qt4-openssl-1.1.patch?h=packages/qt4 ++ RESOLVEFUNC(SSL_CTX_get_cert_store) ++ RESOLVEFUNC(X509_get_serialNumber) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ RESOLVEFUNC(SSL_CTX_ctrl) ++ RESOLVEFUNC(EVP_PKEY_id) ++ RESOLVEFUNC(EVP_PKEY_base_id) ++ RESOLVEFUNC(SSL_CIPHER_get_bits) ++ RESOLVEFUNC(SSL_CTX_set_options) ++ RESOLVEFUNC(X509_get_version) ++ RESOLVEFUNC(X509_get_X509_PUBKEY) ++ RESOLVEFUNC(RSA_bits) ++ RESOLVEFUNC(DSA_security_bits) ++ RESOLVEFUNC(DSA_get0_pqg) ++ RESOLVEFUNC(X509_get0_notAfter) ++ RESOLVEFUNC(X509_get0_notBefore) ++#endif ++ + #endif // Q_OS_SYMBIAN + symbolsResolved = true; + delete libs.first; Index: net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h =================================================================== --- /dev/null +++ net/qt4-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h @@ -0,0 +1,95 @@ +--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2015-05-07 14:14:44 UTC ++++ src/network/ssl/qsslsocket_openssl_symbols_p.h +@@ -218,6 +218,9 @@ void q_CRYPTO_set_locking_callback(void + void q_CRYPTO_set_id_callback(unsigned long (*a)()); + void q_CRYPTO_free(void *a); + void q_DSA_free(DSA *a); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++int q_DSA_bits(DSA *a); ++#endif + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + // 0.9.8 broke SC and BC by changing this function's signature. + X509 *q_d2i_X509(X509 **a, const unsigned char **b, long c); +@@ -227,12 +230,18 @@ X509 *q_d2i_X509(X509 **a, unsigned char + char *q_ERR_error_string(unsigned long a, char *b); + unsigned long q_ERR_get_error(); + const EVP_CIPHER *q_EVP_des_ede3_cbc(); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++const EVP_MD *q_EVP_sha1(); ++#endif + int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c); + int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b); + int q_EVP_PKEY_set1_DSA(EVP_PKEY *a, DSA *b); + void q_EVP_PKEY_free(EVP_PKEY *a); + RSA *q_EVP_PKEY_get1_RSA(EVP_PKEY *a); + DSA *q_EVP_PKEY_get1_DSA(EVP_PKEY *a); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++int q_EVP_PKEY_base_id(EVP_PKEY *a); ++#endif + int q_EVP_PKEY_type(int a); + EVP_PKEY *q_EVP_PKEY_new(); + int q_i2d_X509(X509 *a, unsigned char **b); +@@ -258,6 +267,9 @@ int q_PEM_write_bio_RSA_PUBKEY(BIO *a, R + void q_RAND_seed(const void *a, int b); + int q_RAND_status(); + void q_RSA_free(RSA *a); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++int q_RSA_bits(RSA *a); ++#endif + int q_sk_num(STACK *a); + void q_sk_pop_free(STACK *a, void (*b)(void *)); + #if OPENSSL_VERSION_NUMBER >= 0x10000000L +@@ -270,6 +282,9 @@ char * q_sk_value(STACK *a, int b); + int q_SSL_accept(SSL *a); + int q_SSL_clear(SSL *a); + char *q_SSL_CIPHER_description(SSL_CIPHER *a, char *b, int c); ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++int q_SSL_CIPHER_get_bits(SSL_CIPHER *a, int *b); ++#endif + int q_SSL_connect(SSL *a); + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + // 0.9.8 broke SC and BC by changing this function's signature. +@@ -293,6 +308,7 @@ int q_SSL_CTX_use_certificate_file(SSL_C + int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b); + int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b); + int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c); ++X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a); + void q_SSL_free(SSL *a); + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + // 0.9.8 broke SC and BC by changing this function's signature. +@@ -353,6 +369,9 @@ void *q_ASN1_dup(i2d_of_void *i2d, d2i_o + #else + X509 *q_X509_dup(X509 *a); + #endif ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++int q_X509_digest(const X509 *x509, const EVP_MD *type, unsigned char *md, unsigned int *len); ++#endif + ASN1_OBJECT *q_X509_EXTENSION_get_object(X509_EXTENSION *a); + void q_X509_free(X509 *a); + X509_EXTENSION *q_X509_get_ext(X509 *a, int b); +@@ -360,6 +379,13 @@ int q_X509_get_ext_count(X509 *a); + void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d); + X509_NAME *q_X509_get_issuer_name(X509 *a); + X509_NAME *q_X509_get_subject_name(X509 *a); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++long q_X509_get_version(X509 *a); ++ASN1_INTEGER *q_X509_get_serialNumber(X509 *a); ++EVP_PKEY *q_X509_get_pubkey(X509 *a); ++const ASN1_TIME *q_X509_get0_notBefore(X509 *a); ++const ASN1_TIME *q_X509_get0_notAfter(X509 *a); ++#endif + int q_X509_verify_cert(X509_STORE_CTX *ctx); + int q_X509_NAME_entry_count(X509_NAME *a); + X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b); +@@ -399,7 +425,11 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsign + PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\ + bp,(char *)x,enc,kstr,klen,cb,u) + #endif ++#if OPENSSL_VERSION_NUMBER <= 0x10100000L + #define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) ++#else ++unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); ++#endif + #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) + #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i) + #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st))