Sunday, May 02, 2021

qt4: prepare for upcoming libssl bump

In an upcoming libssl bump we're going to make SSL_CTX and SSL_CIPHER
opaque. This needs some adjustment in a number of ports that reach
inside these structs. The diff below adds two accessors
(SSL_CTX_get_cert_store() and SSL_CIPHER_get_bits()) from libssl to
QtNetwork. So this is a minor bump for QtNetwork and the two remaining
libraries linking against it.

The patch for qsslsocket_openssl.cpp uses these accessors and exploits
the fact that cipher->valid is always true in libssl.

I was unsure whether -debug and -examples need a REVISION bump, so I
bumped them to be on the safe side.

This builds on -current and will continue building after the libssl
bump, so I'd like to get this in now.

Index: Makefile
===================================================================
RCS file: /cvs/ports/x11/qt4/Makefile,v
retrieving revision 1.165
diff -u -p -r1.165 Makefile
--- Makefile 26 Jan 2021 18:29:01 -0000 1.165
+++ Makefile 2 May 2021 17:06:24 -0000
@@ -23,24 +23,24 @@ PKGNAME-main = qt4-${PKGVERSION}
PKGNAME-debug = qt4-debug-${PKGVERSION}
FULLPKGNAME-html = qt4-html-${PKGVERSION}
FULLPKGPATH-html = ${BASE_PKGPATH},-html
-REVISION-main = 24
+REVISION-main = 25
REVISION-mysql = 8
REVISION-postgresql = 7
REVISION-sqlite2 = 7
REVISION-tds = 7
-REVISION-debug = 5
-REVISION-examples = 10
+REVISION-debug = 6
+REVISION-examples = 11
REVISION-html = 4

# XXX qmake include parser is bogus
DPB_PROPERTIES = parallel nojunk

-SHARED_LIBS = Qt3Support 10.0 \
+SHARED_LIBS = Qt3Support 10.1 \
QtCore 10.0 \
QtDesigner 8.0 \
QtDesignerComponents 8.0 \
QtGui 11.0 \
- QtNetwork 12.0 \
+ QtNetwork 12.1 \
QtSql 9.0 \
QtXml 9.0 \
QtSvg 8.0 \
@@ -48,7 +48,7 @@ SHARED_LIBS = Qt3Support 10.0 \
QtDBus 4.0 \
QtScript 3.0 \
QtCLucene 2.0 \
- QtHelp 3.0 \
+ QtHelp 3.1 \
QtScriptTools 1.0

VERSION = 4.8.7
Index: patches/patch-src_network_ssl_qsslsocket_openssl_cpp
===================================================================
RCS file: /cvs/ports/x11/qt4/patches/patch-src_network_ssl_qsslsocket_openssl_cpp,v
retrieving revision 1.4
diff -u -p -r1.4 patch-src_network_ssl_qsslsocket_openssl_cpp
--- patches/patch-src_network_ssl_qsslsocket_openssl_cpp 6 Jan 2016 17:17:32 -0000 1.4
+++ patches/patch-src_network_ssl_qsslsocket_openssl_cpp 2 May 2021 13:21:18 -0000
@@ -1,13 +1,28 @@
$OpenBSD: patch-src_network_ssl_qsslsocket_openssl_cpp,v 1.4 2016/01/06 17:17:32 zhuk Exp $
-1. Disable SSLv3 by default.
-2. TLSv1_*_method() are TLSv1.0-only, so default to SSLv23_*_method(), which is
+
+1.,3.,4. Use accessors to access members of the SSL_CIPHER and SSL_CTX structs.
+2. Disable SSLv3 by default.
+2a. TLSv1_*_method() are TLSv1.0-only, so default to SSLv23_*_method(), which is
actually TLSv1.* nowadays.
-2a. Make QSsl::TlsV1 also use SSLv23_*_method(), noone in good mind would
+2b. Make QSsl::TlsV1 also use SSLv23_*_method(), noone in good mind would
want to run TLSv1.0-only connections, and too many developers fail
same way due to bad naming.
---- src/network/ssl/qsslsocket_openssl.cpp.orig Thu May 7 17:14:44 2015
-+++ src/network/ssl/qsslsocket_openssl.cpp Wed Jan 6 20:10:23 2016
-@@ -267,16 +267,18 @@ init_context:
+
+Index: src/network/ssl/qsslsocket_openssl.cpp
+--- src/network/ssl/qsslsocket_openssl.cpp.orig
++++ src/network/ssl/qsslsocket_openssl.cpp
+@@ -222,9 +222,7 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_S
+ ciph.d->encryptionMethod = descriptionList.at(4).mid(4);
+ ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export"));
+
+- ciph.d->bits = cipher->strength_bits;
+- ciph.d->supportedBits = cipher->alg_bits;
+-
++ ciph.d->bits = q_SSL_CIPHER_get_bits(cipher, &ciph.d->supportedBits);
+ }
+ return ciph;
+ }
+@@ -267,17 +265,19 @@ init_context:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)